Vista DRM Cracked by Security Researcher

An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."

Re:Pro Bono Security Attorneys

[dafragsta]

If only there was some EFFin' organization that provided such a service. I don't know what the EFF we'll do now. I guess we are all pretty EFF'd.

Seems that the cat is already out of the bag...

[rewt66]

Mark says that it's possible. He also says enough that someone else as "skilled in the art" as he is can probably figure out what he did.

And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.

Re:1st thing is to get a good lawyer

[BSAtHome]

Freedom to tinker: http://www.freedom-to-tinker.com/ [freedom-to-tinker.com]

Re:1st thing is to get a good lawyer

[yo_tuco]

From the about page [alex-ionescu.com] it says:

He [Alex] is currently studying at Concordia University in Montreal, Canada"

So does the DMCA apply?

Re:Norwegians, I'm ashamed of you

[Anonymous Coward]

Someone in America cracked this first.

except Alex is Canadian

Re:Moving to Redmond?

[Anonymous Coward]

Sounds like somebody will soon get a juicy job offer from Microsoft to tighten up the system...

No way!
Knowing MS, they'll probably find out the specific methods he used (plus other unrelated skills/techniques) during the interview process and eventually tell him he wasn't MS material.
Oh yeah, and then they'll sue him too. Of course, to get the interview he had to sign a NDA and can't do anything in response.

Honestly, I wouldn't be the least bit surprised if it happened like that.

Re:1st thing is to get a good lawyer

[Jabrwock]

A Conservative government here in Canada turns us into a mere appendage of the US Government, compliant to their will most of the time.

I'm all for bashing the Conservatives, but that Arar thing happened under the Liberal party's watch...

Credit where credit is due, and all that.

Misleading story

[NullProg]

This is a Blog entry, not an Article or News story. From the Blog...

1). It doesn't work out of the Box.
That being said, it turns out the code I've written does not work out of the box on a Vista RTM system.

2). It uses a method provided by Microsoft.
As part of the Protected Media Path, (PMP), Windows Vista sets up a number of requirements for A/V software and drivers in order to ensure it complies with the demandes of the media companies.

3). It hasn't been tested.
Although used on its own, this POC doesn't do anything or go anywhere near the PMP (I don't even have Protected Media, HDMI, HD-DVD, nor do I know where PMP lives or how someone can intercept decrypted steams),

4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.
a particularly nasty group of lawyers could still somehow associate the DMCA to it, so I'm not going to take any chances.

This isn't a story. Its pre-mature speculation.
Enjoy,

romanian

[mbaudis]

actually, his first name, too. but that argument makes google a 50% russian company.

Wouldn't Be A Slashdot Article

[nwoolls]

If it didn't have some FUD right in the summary.

'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..

No. It doesn't. It does it for specific DRM content.

These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.

http://en.wikipedia.org/wiki/Protected_Video_Path [wikipedia.org]

Re:He didn't "Break" PatchGuard

[Alex_Ionescu]

Administrators can turn PatchGuard off at boot time. He didn't break it.

There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org

Re:Misleading story

[Alex_Ionescu]

You havent tested this. I could care less if your driver is loaded.

Not using a driver, RTFM.

Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).

Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.

Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.

There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.

I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.

I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.

Re:Norwegians, I'm ashamed of you

[Anonymous Coward]

Here in Canada, we are so used to people using "America" to mean the United States of America that we refer to ourselves as Canadians and reserve the use of "America" and "American's" to mean the USA and its residents. By people I mean Canadians, US Americans, and others.

If you want to refer to all members of North America you say "North America", and "The Americas" for both the entire landmass (North, South, and Central America).

By using "Canadian", "American", "Mexican", and "North American", we can avoid all of the confusion.

Pretty much everyone on the planet means USAian when they say "American", so why fight?

Plus, when USAians say "America" they generally mean themselves, forgetting that anyone else lives on this continent and takes credit for anything anyone up here does, do it does our ego good to be specific ;)

Re:Misleading story

[Alex_Ionescu]

I have an NDA with Microsoft already. But this was done through independent research which isn't covered.

Re:1st thing is to get a good lawyer

[Ghost_3k]

And what's even more funny, in the last paragraph on his page:
"He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."

Re:It's all in the details.

[mattwarden]

No... it's not.

I knew some AC would say this, so I should have just preemptively explained it.

If the sentence were "Don't use the same word three times in the same sentence", then you would be correct. However, the sentence is "Grammar tip", which is a fragment. The second part is an appositive, relating to "tip." The colon is the giveaway.

See? AC's don't always know everything.

Re:Misleading story

[Anonymous Coward]

you know, it wouldn't have taken very long for you to browse through the reactos svn, and see that alex is responsible for writing almost the ENTIRE hal and the lions share of the kernel. it's now at the point that many native win32 binary drivers successfully load and drive hardware on top of that hal/kernel, which is an incredible achievement.

i don't know what you think russinovich has done to equal or best that (document an undocumented ntdll call or two? wow awesome), but i've not seen anything nearly as impressive.

Re:Norwegians, I'm ashamed of you

[Anonymous Coward]

I usually go with "Californian" to describe my nationality. I've even gone as far as to put that on my disembarcation form and haven't run into any problems. Most foreigners know at least the large US states (only people in here in the US are ignorant of world geography). As an added bonus, I tend to get treated better since people in other countries pretty much blame the red states for the US's obnoxiousness.