Vista DRM Cracked by Security Researcher

An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."

Re:Pro Bono Security Attorneys

[eviloverlordx]

How about a team of pro bono attorneys who are willing to defend (fight?) cases like this in which a researcher simply wants to share his/her findings? Sort of like a non-profit organization.

We can watch as MS' legal team steps on them like a bug. Not that MS would be in the right, only they would have the most might.

He won't need to ...

[Midnight Thunder]

Now that people know it is possible, I am sure it is only a matter of time before others across the globe attempt to find the weakness. Some of these people won't even be affected by USA law, unless they decide to visit or transit through the country.

Why bother even having DRM?

[8127972]

After all, it's only going to get cracked sooner or later. So there is no point is there?

Re:It's all in the details.

[Anonymous Coward]

Grammar tip: don't use the same word three times in one sentence.

This is not a grammatical mistake. The sentence was a perfectly grammatical English sentence. It is a mistake in style though.

Re:1st thing is to get a good lawyer

[compro01]

So does the DMCA apply?

that depends, does he travel to or through the US?

Crushing of Freedom of Speech

[resistant]

Yes, I know it's been said very many times before, but I'm moved to say it again. It's simply obscene that runaway copyright law provisions should be used to casually stomp on this kind of freedom of speech, especially in the U.S.A., where allegedly there is a First Amendment guaranteeing freedom of speech. I would very much like to see a full-out legal confrontation between these terroristic laws as they stand, and the Constitution. The alleged and artificial "right" of the smirking lawyers at commercial companies to keep their nasty little secrets does not in any sense abrogate the innate, natural right of the people to talk to each other about any damn thing they want, particularly complex subjects, and in any way they wish, including via carrier pigeons and Morse code, let alone in plain English (or whatever language) on the Web.

It's really a shame that other countries such as Sweden actually surpass the U.S.A. in this area.

Frankly, this pisses me off enough that I'm very strongly tempted once my finances improve enough for the expensive legalities, to spit in the eyes of these jerkoffs with a direct, blunt and extremely widespread explanation (possibly on a Russian server to further annoy and frustrate them) of whatever it is that they absolutely are frantic to not have explained, along with the text of the Constitution with the First Amendment highlighted in red. I think a well-crafted attack on this crap would gather quite a lot of support, moral and otherwise.

Re:Why bother even having DRM?

[i kan reed]

Not for the pirates, no... It's generally beleived that DRM is to screw those who actually pay for things into paying for them more than once.

Re: It's a shame

[Alwin Henseler]

It's a shame that things have come to a point where developers/security researchers have to worry about releasing findings like this, perhaps *even* when they are not under US law.

Re:Why bother even having DRM?

[happyemoticon]

The goal is not to make a secure system. The idea of securing a system from its owner (who has physical access) while maintaining usability is absurd and approaches impossiblity. They just want to make a system which 99.9% of users cannot crack, make it so that the crack cannot be generalized across different systems, and prosecute the remaining 0.1%.

Really, the only way to defeat DRM is to prove to companies that they will make more money without DRM than with, or, failing that, make the preceding true via strikes and public awareness.

1st is to realize credit is overrated.

[Kadin2048]

Well, he's already probably a bit screwed.

Here's the problem: there's virtually no way to get in trouble, if you just release an exploit anonymously. (By definition, if it's truly anonymous, they can't catch you; there are lots of ways to basically ensure your anonymity today.) Where you start to get in trouble is when you want to release an exploit that's going to ruin somebody's day and take credit for it.

This comes up with regards to other, less-politically-sensitive bugs. When you step forward and take credit for something that you've released, you're basically holding up a big "come and get me!" sign. It's a lot easier to sling mud at a person, than it is at some anonymous entity on the Internet.

It's really taking credit that burns people, not releasing the bug/hack/exploit. It would have been trivial for this guy to release his code, anonymously or even pseudonymously, and keep it firewalled from his real-world identity. If he had done that, there might have been some attempts to uncover who he really was, but I doubt anyone would try that hard -- it's harder to go after someone that's anonymous, than an actual person. With a person, you have something to put in your mind under 'enemy,' that you just don't have with some vaporous person or persons on the Internet. Being anonymous diffuses a lot of the hatred, because it's harder to hate someone that might not exist. By standing up and taking credit, you're accepting everything.

Personally, if I were to discover something like this, there's no way I'd publicly admit it. I live a happy enough life without becoming some sort of hacker/security icon; the downsides of becoming the next Dimitry Sklyarov seem far greater than the possible benefits. Release the code somewhere in public, maybe signed with a private key that you have stashed away (so, decades down the line, you'd be able to claim it, if you wanted to and if the statute of limitations had run out), and only communicate via Usenet dead-drops and anonymous remailers. The tools to remain completely hidden are all there -- heck, you could probably do interviews in Wired under a psuedonym, the only absolute would be keeping the Clark-Kent-esque secret of your true identity hidden, and I'm not sure if some people would be able to swallow their pride enough to do that.

Re:Fight the power!

[LiquidCoooled]

Suppose I *did* pay for Vista.
Suppose my current hardware is fast enough and has enough resources to run even the most demanding of applications.
Suppose my current monitor can handle the resolutions required.
Suppose I did have a hd-dvd drive and some movies.

Imagine how pissed I would be if I couldn't watch them at native resolution because according to Microsoft I had the wrong connector.

I want an Operating system, not a restricted system.

DRM is overcome as a community, not individually

[alohatiger]

Even if Vista were perfect and beyond any cracks/hacks, the DRM on the media will be defeated on other platforms. The content will then spread without DRM. Somebody in Hong Kong or Vietnam will make a standalone Blu-Ray/HD-DVD player that rips directly to open formats, and that will be that.

All the effort MS is putting into this will not make the studios happy, and will not make the customers happy. I think they made a bad choice.

Sometimes . . .

[Hamoohead]

. . . the only incentive one needs to complete a task is the knowledge that it has been, and can be done. It doesn't much matter if he releases his code. TFA has enough info for anyone savvy enough to duplicate his work. Once it's out of the bottle, it'll be like WGA all over again. Another cat . . . another mouse . . . another cat . . . But perhaps the knowledge that Windows ultimate "security" DRM is, indeed, insecure will turn out to be the mouse that roared.

"Draconian"

[Overly Critical Guy]

Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details

Enough with the word "draconian." Without copyright law, the GPL wouldn't have a leg to stand on. The copyright system is just fine--you should be attacking Microsoft and Microsoft alone, for they have the right to do this, but we have the right as consumers to reject it. That's how it works.

Re:What with

[Anonymous Brave Guy]

Unfortunately, general public does not really know/care about DRM...

They haven't done up to this point, because it hasn't generally interfered with everyday use for most consumers.

That could change almost overnight if people who spent a lot of money on funky new HD-DVD or Blu-Ray movies find they can't watch them at full quality, or if people's portable media players start dying and they can't transfer their extensive music libraries to another player.

Sony's rootkit only affected a relatively small proportion of the consumer base, and still, look at the sh*tstorm that caused. One big PR disaster on the sort of scale we could be looking at here, and the entire DRM concept is toast forever in that market, with the first big name player to make Freedom To Choose their marketing campaign scoring a fortune.

"... bypassed ... Vista ..."

[LoudMusic]

Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista ...

I figured that out too. Seems there are plenty of products on the market already that help with the problem. OS X, Ubuntu, Amiga, Solaris, Zeta, ... hell, even XP.

No one ever said we have to upgrade to Vista.

Re:"Draconian"

[gstoddart]

Enough with the word "draconian." Without copyright law, the GPL wouldn't have a leg to stand on.

Copyright law is fine. That much is true.

The DMCA, however, is draconian since it basically trumps existing copyright law, strips out fair use provisions, and gives content owners huge amounts of power to bully, close down, or otherwise make life miserable for anyone they feel like. Sending an ISP that you think someone is violating your copyright is often enough to get a domain pulled. In this case, releasing an exploit will bring you afoul of the DMCA, even though you've not actually violated copyright -- you've just identified a way to possibly circumvent digital protections.

We're not disputing Copyright (well, most of us), just what the new rules granted by the DMCA seem to do. 'Cause it's pretty evil.

Cheers

Re:1st thing is to get a good lawyer

[Anonymous Coward]

I am sure that my govt will happily deport him if the **AA asks them to. We seem to bend over backwards for the US at this point, and for the **AA in particular, just look at the politician they bought recently up here.

The RIAA & MPAA are not 'the US'. Nor do they act in the interests of the US. They are music & movie industry groups dominated by large soulless multinational corporations (Sony, BMG, Universal, Disney, Philips, etc.). These corporations are not any more American than they are Japanese, British, or German. And they have *AA-like front groups in other countries, such as CRIA in Canada.

So the problem is not that the US is forcing Canada to do something. The problem is that Canada is following the US's example in bowing to the wishes of these corporations. The RIAA and CRIA are just the instruments through the corporations lobby the government and harass the common people.

The RIAA is not the root problem. If it disbanded tomorrow, this would solve nothing, because Disney, Sony, etc. would continue as before.

Re:What a revelation!

[Sunburnt]

Hey, it's not my fault you can't understand a simple sarcastic analogy. Vista's DRM limits the capabilities of a media file in a misguided attempt to increase security. A governor limits the capabilities of a car, and using it to deter theft would be just as stupid as using Vista-style DRM. The only relevance of the governor to the analogy is in representing a performance limitation.

"If you really want to do something about it, just go find the guy who made the original comment and smack him on the back of the head. Extra points if you knock his brains out of his mouth."

Hey, you can't knock someone's brains out of their mouth! Like you'd say, "Most people have no fucking idea what is going on inside their body, and if they do have an idea, they have no idea how it's actually put together."

Oh wait, you weren't trying to make a point about anatomy, you were just expressing yourself through (childish) language. I guess it is easy to misunderstand someone's language if you're too busy trying to be arrogant. Tell me, is it difficult going through life with your head so far up your ass?

Re:1st thing is to get a good lawyer

[amRadioHed]

To be fair, the US still has elections and yet that doesn't prevent us from having shitty politicians.

Re:Misleading story

[Alex_Ionescu]

What decent programmer hasn't hooked the windows kernel to bend it to thier needs?

"Programmers" like that are anything but decent if they release such code in the market. They're the ones responsible for 90% of the BSODs we see and the system instability that plagued NT due to crappy drivers. They're the reason I think Patchguard is a good idea, in some ways.

Note that I have nothing against people who experimented with the kernel and used hooking for learning and experimenting, just don't ship out a product like that.