Security of the C64 App

The Commodore 64 Emulator (C64) for the iPhone and iPod Touch uses Security Checks in the v1.1.11 Release.

I’ve done allot of poking around and discovered several points of interest all of which I plan to explore. So this is just really a mention of the security.

An SHA 1 Hash file is generated for various files and then checked to make sure its equal to the content being loaded.

Base64 is also used for some encoding/decoding:

[GameZipExtracter initWithBase64Data:andBase64Signature:]

With SHA1 known for being weak I don’t think it will be to hard too find a fix.

[InfoViewController setWebView:]+[NSData(MBBase64) dataWithBase64EncodedString:]-[NSData(MBBase64) base64Encoding]+[SecuredDictionaryStorage sharedInstance]-[SecuredDictionaryStorage fetchStatus:]-[SecuredDictionaryStorage baseDictionary]-[SecuredDictionaryStorage buildDictForPassword:]-[SecuredDictionaryStorage buildSearchQuery]-[SecuredDictionaryStorage fetchDictionary]-[SecuredDictionaryStorage createKeychainValue:]-[SecuredDictionaryStorage clearKeychain]-[SecuredDictionaryStorage dataFromDictionary:]-[SecuredDictionaryStorage dictionaryFromData:]-[SecuredDictionaryStorage clearSecuredDictionary]-[SecuredDictionaryStorage updateKeychainValue:]-[SecuredDictionaryStorage fetchKeychainValue]-[SecuredDictionaryStorage setObject:forKey:]-[SecuredDictionaryStorage removeObjectForKey:]-[SecuredDictionaryStorage objectForKey:]-[SecuredDictionaryStorage securedDictionary]

[GamePack currentGame]-[GamePack gameInfoList]-[GamePack setGameInfoList:]-[GameInfo initWithDictionary:]-[GameInfo isEqual:]-[GameInfo hash]-[GameInfo compare:]-[GameInfo initWithContentsOfGameInfoFile:isBundlePath]

to be continued….

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s