Vista DRM Cracked by Security Researcher 379
An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."
Re:Pro Bono Security Attorneys (Score:5, Informative)
Seems that the cat is already out of the bag... (Score:5, Informative)
And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.
Re:1st thing is to get a good lawyer (Score:5, Informative)
Re:1st thing is to get a good lawyer (Score:5, Informative)
He [Alex] is currently studying at Concordia University in Montreal, Canada"
So does the DMCA apply?
Re:Norwegians, I'm ashamed of you (Score:1, Informative)
except Alex is Canadian
Re:Moving to Redmond? (Score:1, Informative)
Knowing MS, they'll probably find out the specific methods he used (plus other unrelated skills/techniques) during the interview process and eventually tell him he wasn't MS material.
Oh yeah, and then they'll sue him too. Of course, to get the interview he had to sign a NDA and can't do anything in response.
Honestly, I wouldn't be the least bit surprised if it happened like that.
Re:1st thing is to get a good lawyer (Score:3, Informative)
Credit where credit is due, and all that.
Misleading story (Score:3, Informative)
1). It doesn't work out of the Box.
That being said, it turns out the code I've written does not work out of the box on a Vista RTM system.
2). It uses a method provided by Microsoft.
As part of the Protected Media Path, (PMP), Windows Vista sets up a number of requirements for A/V software and drivers in order to ensure it complies with the demandes of the media companies.
3). It hasn't been tested.
Although used on its own, this POC doesn't do anything or go anywhere near the PMP (I don't even have Protected Media, HDMI, HD-DVD, nor do I know where PMP lives or how someone can intercept decrypted steams),
4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.
a particularly nasty group of lawyers could still somehow associate the DMCA to it, so I'm not going to take any chances.
This isn't a story. Its pre-mature speculation.
Enjoy,
romanian (Score:2, Informative)
Wouldn't Be A Slashdot Article (Score:4, Informative)
'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..
No. It doesn't. It does it for specific DRM content.
These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.
http://en.wikipedia.org/wiki/Protected_Video_Path [wikipedia.org]
Re:He didn't "Break" PatchGuard (Score:5, Informative)
There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org
Re:Misleading story (Score:5, Informative)
Not using a driver, RTFM.
Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).
Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.
Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.
There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.
I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.
I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.
Re:Norwegians, I'm ashamed of you (Score:2, Informative)
If you want to refer to all members of North America you say "North America", and "The Americas" for both the entire landmass (North, South, and Central America).
By using "Canadian", "American", "Mexican", and "North American", we can avoid all of the confusion.
Pretty much everyone on the planet means USAian when they say "American", so why fight?
Plus, when USAians say "America" they generally mean themselves, forgetting that anyone else lives on this continent and takes credit for anything anyone up here does, do it does our ego good to be specific
Re:Misleading story (Score:5, Informative)
Re:1st thing is to get a good lawyer (Score:5, Informative)
"He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."
Re:It's all in the details. (Score:3, Informative)
I knew some AC would say this, so I should have just preemptively explained it.
If the sentence were "Don't use the same word three times in the same sentence", then you would be correct. However, the sentence is "Grammar tip", which is a fragment. The second part is an appositive, relating to "tip." The colon is the giveaway.
See? AC's don't always know everything.
Re:Misleading story (Score:1, Informative)
i don't know what you think russinovich has done to equal or best that (document an undocumented ntdll call or two? wow awesome), but i've not seen anything nearly as impressive.
Re:Norwegians, I'm ashamed of you (Score:1, Informative)