Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Vista DRM Cracked by Security Researcher

Posted by ScuttleMonkey on Mon Jan 29, 2007 02:16 PM
from the only-a-matter-of-time dept.
Operating Systems Software Windows Security
An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."
+ -
story

Related Stories

[+] Vista Protected Processes Bypassed 221 comments
Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Vista DRM Cracked by Security Researcher 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • very fitting (Score:5, Funny)

    by Anonymous Coward on Monday January 29 2007, @02:19PM (#17803342)

    called 'Protected Media Path' (PMP)
    I can guess how that's pronounced...

  • 1st thing is to get a good lawyer (Score:3, Funny)

    by Punko (784684) on Monday January 29 2007, @02:20PM (#17803356)
    As fast as you can

    • Re:1st thing is to get a good lawyer (Score:5, Informative)

      by BSAtHome (455370) on Monday January 29 2007, @02:32PM (#17803564)
      Freedom to tinker: http://www.freedom-to-tinker.com/ [freedom-to-tinker.com]

    • Re:1st thing is to get a good lawyer (Score:5, Informative)

      by yo_tuco (795102) on Monday January 29 2007, @02:32PM (#17803568)
      From the about page [alex-ionescu.com] it says:

      He [Alex] is currently studying at Concordia University in Montreal, Canada"

      So does the DMCA apply?
    • Well, he's already probably a bit screwed.

      Here's the problem: there's virtually no way to get in trouble, if you just release an exploit anonymously. (By definition, if it's truly anonymous, they can't catch you; there are lots of ways to basically ensure your anonymity today.) Where you start to get in trouble is when you want to release an exploit that's going to ruin somebody's day and take credit for it.

      This comes up with regards to other, less-politically-sensitive bugs. When you step forward and take credit for something that you've released, you're basically holding up a big "come and get me!" sign. It's a lot easier to sling mud at a person, than it is at some anonymous entity on the Internet.

      It's really taking credit that burns people, not releasing the bug/hack/exploit. It would have been trivial for this guy to release his code, anonymously or even pseudonymously, and keep it firewalled from his real-world identity. If he had done that, there might have been some attempts to uncover who he really was, but I doubt anyone would try that hard -- it's harder to go after someone that's anonymous, than an actual person. With a person, you have something to put in your mind under 'enemy,' that you just don't have with some vaporous person or persons on the Internet. Being anonymous diffuses a lot of the hatred, because it's harder to hate someone that might not exist. By standing up and taking credit, you're accepting everything.

      Personally, if I were to discover something like this, there's no way I'd publicly admit it. I live a happy enough life without becoming some sort of hacker/security icon; the downsides of becoming the next Dimitry Sklyarov seem far greater than the possible benefits. Release the code somewhere in public, maybe signed with a private key that you have stashed away (so, decades down the line, you'd be able to claim it, if you wanted to and if the statute of limitations had run out), and only communicate via Usenet dead-drops and anonymous remailers. The tools to remain completely hidden are all there -- heck, you could probably do interviews in Wired under a psuedonym, the only absolute would be keeping the Clark-Kent-esque secret of your true identity hidden, and I'm not sure if some people would be able to swallow their pride enough to do that.

  • Pro Bono Security Attorneys (Score:4, Interesting)

    by adambha (1048538) on Monday January 29 2007, @02:20PM (#17803358) Homepage
    How about a team of pro bono attorneys who are willing to defend (fight?) cases like this in which a researcher simply wants to share his/her findings? Sort of like a non-profit organization.

  • Moving to Redmond? (Score:3, Interesting)

    by Anonymous Coward on Monday January 29 2007, @02:21PM (#17803364)
    Sounds like somebody will soon get a juicy job offer from Microsoft to tighten up the system...

    • Re:Moving to Redmond? (Score:4, Funny)

      by Anonymous Coward on Monday January 29 2007, @02:59PM (#17803916)
      From Alex's website -

      "He is currently studying at Concordia University in Montreal, Canada, and is in his first year of obtaining a bachelor's degree in Software Engineering. He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."

      Uh oh.

    • Re:Moving to Redmond? (Score:4, Interesting)

      by arivanov (12034) on Monday January 29 2007, @03:41PM (#17804484) Homepage
      Yup. There is a word for this in the industry. It used to be called a BUGTRAQ gadfly though nowdays it should be called a "Full Disclosure Gadfly".

      You make enough stink on a non-moderated list like FD with the sole purpose to get hired and you get hired. There are pimps that follow FD, BUGTRAQ and the like for "fresh talent".

  • It's all in the details. (Score:4, Funny)

    by FuturePastNow (836765) on Monday January 29 2007, @02:21PM (#17803378)

    ...could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details...
    Grammar tip: don't use the same word three times in one sentence.

  • I have a brilliant crack of the Vista DRM too... (Score:5, Funny)

    by Anonymous Coward on Monday January 29 2007, @02:23PM (#17803404)
    ... but there is no space in the margin of this comment to write it.

  • In future news... (Score:4, Funny)

    by $RANDOMLUSER (804576) on Monday January 29 2007, @02:23PM (#17803406)
    "Vista DRM cracked by anybody with the desire to do so".

  • Post the details on MySpace (Score:5, Funny)

    by DBCubix (1027232) on Monday January 29 2007, @02:24PM (#17803436)
    and then ask Network Solutions to suspend their domain. It works on GoDaddy domains.

  • He won't need to ... (Score:5, Insightful)

    by Midnight Thunder (17205) on Monday January 29 2007, @02:29PM (#17803506) Homepage Journal
    Now that people know it is possible, I am sure it is only a matter of time before others across the globe attempt to find the weakness. Some of these people won't even be affected by USA law, unless they decide to visit or transit through the country.

    • Re:He won't need to ... (Score:5, Interesting)

      by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday January 29 2007, @02:59PM (#17803932) Homepage Journal

      Some of these people won't even be affected by USA law, unless they decide to visit or transit through the country.

      One wonders if the harassment of people who are not breaking US law in their own jurisdiction when they come to the US will have a chilling effect on technology in the USA. Certainly, some very smart people would be very stupid to visit here...

  • Seems that the cat is already out of the bag... (Score:5, Informative)

    by rewt66 (738525) on Monday January 29 2007, @02:29PM (#17803510)
    Mark says that it's possible. He also says enough that someone else as "skilled in the art" as he is can probably figure out what he did.

    And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.

  • Alex is also re-implementing the win32 kernel (Score:5, Interesting)

    by Anonymous Coward on Monday January 29 2007, @02:29PM (#17803512)
    Alex Ionescu is the main kernel/HAL developer for the GPL'ed ReactOS project (www.reactos.org), which is aiming for an OS that is fully binary AND driver-compatible with Windows XP/Vista. If you look through the work he's done in the ReactOS SVN (developer name 'ion'), I have no doubts that he's fully capable of analyzing and defeating any kernel-level protections in Vista.

    Although ReactOS can share a lot of work with the WINE project for the win32 userland, it could still use any developers that are familiar with win32 development and would like to see a truly free operating system capable of using windows drivers/software.

  • Why bother even having DRM? (Score:4, Insightful)

    by 8127972 (73495) on Monday January 29 2007, @02:30PM (#17803536)
    After all, it's only going to get cracked sooner or later. So there is no point is there?

    • Re:Why bother even having DRM? (Score:5, Insightful)

      by i kan reed (749298) on Monday January 29 2007, @02:43PM (#17803726)
      Not for the pirates, no... It's generally beleived that DRM is to screw those who actually pay for things into paying for them more than once.

    • Re:Why bother even having DRM? (Score:4, Insightful)

      by happyemoticon (543015) on Monday January 29 2007, @02:52PM (#17803818) Homepage

      The goal is not to make a secure system. The idea of securing a system from its owner (who has physical access) while maintaining usability is absurd and approaches impossiblity. They just want to make a system which 99.9% of users cannot crack, make it so that the crack cannot be generalized across different systems, and prosecute the remaining 0.1%.

      Really, the only way to defeat DRM is to prove to companies that they will make more money without DRM than with, or, failing that, make the preceding true via strikes and public awareness.

  • Is it illegal for me to have someone check safety? (Score:4, Interesting)

    by Anonymous Coward on Monday January 29 2007, @02:34PM (#17803596)
    If I drive a car, or heck use a toaster. Isn't it legal for me to give the product to a mechanic or someone versed in the art to check whether it's safe or not?

    So if I use windows .. I need to know if the DRM or digital signing is crap. I don't want spyware to be fakely "digitally signed" and run on my system. If the DRM is crap why would anyone release anything with it? Why are software companies able to prevent or hinder research into the security of their products and announcements to the public w.r.t their safety?

  • Crushing of Freedom of Speech (Score:4, Insightful)

    by resistant (221968) on Monday January 29 2007, @02:39PM (#17803664) Homepage Journal

    Yes, I know it's been said very many times before, but I'm moved to say it again. It's simply obscene that runaway copyright law provisions should be used to casually stomp on this kind of freedom of speech, especially in the U.S.A., where allegedly there is a First Amendment guaranteeing freedom of speech. I would very much like to see a full-out legal confrontation between these terroristic laws as they stand, and the Constitution. The alleged and artificial "right" of the smirking lawyers at commercial companies to keep their nasty little secrets does not in any sense abrogate the innate, natural right of the people to talk to each other about any damn thing they want, particularly complex subjects, and in any way they wish, including via carrier pigeons and Morse code, let alone in plain English (or whatever language) on the Web.

    It's really a shame that other countries such as Sweden actually surpass the U.S.A. in this area.

    Frankly, this pisses me off enough that I'm very strongly tempted once my finances improve enough for the expensive legalities, to spit in the eyes of these jerkoffs with a direct, blunt and extremely widespread explanation (possibly on a Russian server to further annoy and frustrate them) of whatever it is that they absolutely are frantic to not have explained, along with the text of the Constitution with the First Amendment highlighted in red. I think a well-crafted attack on this crap would gather quite a lot of support, moral and otherwise.

  • Honest question (Score:4, Interesting)

    by jiggerdot (976328) on Monday January 29 2007, @02:40PM (#17803674) Homepage
    Since the DRM in Vista is so inextricably tied in to the OS, then ANY hack which allows you to run stuff at kernel level will, by definition, be able to break the DRM. Which begs the question: could Sony's next rootkit be a violation of the DMCA, instead of just a huge pain in the ass?

  • Norwegians, I'm ashamed of you (Score:5, Funny)

    by Weaselmancer (533834) on Monday January 29 2007, @02:47PM (#17803764)

    Someone in America cracked this first.

  • Details? (Score:5, Funny)

    by Jotii (932365) on Monday January 29 2007, @03:08PM (#17804056) Homepage

    he claims to be currently looking into the details of safely releasing his details
    Can anyone explain more in detail?

  • Obligatory attempt at poor humor... (Score:5, Funny)

    by E-Lad (1262) on Monday January 29 2007, @03:17PM (#17804190) Homepage

    "It's time to un-PMP ze audio"

  • Wouldn't Be A Slashdot Article (Score:4, Informative)

    by nwoolls (520606) on Monday January 29 2007, @03:38PM (#17804434)
    If it didn't have some FUD right in the summary.

    'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..

    No. It doesn't. It does it for specific DRM content.

    These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.

    http://en.wikipedia.org/wiki/Protected_Video_Path [wikipedia.org]

    • Re:Misleading story (Score:5, Interesting)

      by Alex_Ionescu (199153) on Monday January 29 2007, @03:26PM (#17804272) Homepage
      1). It doesn't work out of the Box.

      Yes, it requires a reboot, which is why it's only useful for bypassing DRM, not for open source apps (which will have to bother the user to reboot).

      2). It uses a method provided by Microsoft.

      Erm, no, PMP is provided by Microsoft. This method bypasses it.

      3). It hasn't been tested.

      It works fine, the actual PMP-disabling code hasn't been tested because I don't want to touch that. But my code ran in kernel-mode, which means it's possible. Read up a bit on computer architecture and you'll see that as long as you have access to the kernel, you're God on the machine (Apart from hypervisor machines and/or additional hardware -- which PMP doesn't currently employ).

      4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.

      Author is a student and doesn't want to be sued out of existence because this method could be used to "circumvent a technological measure primarly destined for copyright protection".

        • Re:Misleading story (Score:5, Informative)

          by Alex_Ionescu (199153) on Monday January 29 2007, @04:18PM (#17804936) Homepage
          You havent tested this. I could care less if your driver is loaded.

          Not using a driver, RTFM.

          Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).

          Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.

          Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.

          There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.

          I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.

          I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.

    • Re:He didn't "Break" PatchGuard (Score:5, Informative)

      by Alex_Ionescu (199153) on Monday January 29 2007, @04:13PM (#17804876) Homepage
      Administrators can turn PatchGuard off at boot time. He didn't break it.

      There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.