Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista DRM Cracked by Security Researcher

Posted by ScuttleMonkey on from the only-a-matter-of-time dept.

An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."

10 of 379 comments (clear)

  1. Re:Pro Bono Security Attorneys by dafragsta · · Score: 5, Informative

    If only there was some EFFin' organization that provided such a service. I don't know what the EFF we'll do now. I guess we are all pretty EFF'd.

  2. Seems that the cat is already out of the bag... by rewt66 · · Score: 5, Informative

    Mark says that it's possible. He also says enough that someone else as "skilled in the art" as he is can probably figure out what he did.

    And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.

  3. Re:1st thing is to get a good lawyer by BSAtHome · · Score: 5, Informative

    Freedom to tinker: http://www.freedom-to-tinker.com/

  4. Re:1st thing is to get a good lawyer by yo_tuco · · Score: 5, Informative

    From the about page it says:

    He [Alex] is currently studying at Concordia University in Montreal, Canada"

    So does the DMCA apply?

  5. Misleading story by NullProg · · Score: 3, Informative

    This is a Blog entry, not an Article or News story. From the Blog...

    1). It doesn't work out of the Box.
    That being said, it turns out the code I've written does not work out of the box on a Vista RTM system.

    2). It uses a method provided by Microsoft.
    As part of the Protected Media Path, (PMP), Windows Vista sets up a number of requirements for A/V software and drivers in order to ensure it complies with the demandes of the media companies.

    3). It hasn't been tested.
    Although used on its own, this POC doesn't do anything or go anywhere near the PMP (I don't even have Protected Media, HDMI, HD-DVD, nor do I know where PMP lives or how someone can intercept decrypted steams),

    4). Author is more afraid of the DMCA than of violating Microsofts EULA terms.
    a particularly nasty group of lawyers could still somehow associate the DMCA to it, so I'm not going to take any chances.

    This isn't a story. Its pre-mature speculation.
    Enjoy,

    --
    It's just the normal noises in here.
    1. Re:Misleading story by Alex_Ionescu · · Score: 5, Informative

      You havent tested this. I could care less if your driver is loaded.

      Not using a driver, RTFM.

      Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).

      Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.

      Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.

      There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.

      I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.

      I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.

    2. Re:Misleading story by Alex_Ionescu · · Score: 4, Informative

      I have an NDA with Microsoft already. But this was done through independent research which isn't covered.

  6. Wouldn't Be A Slashdot Article by nwoolls · · Score: 4, Informative

    If it didn't have some FUD right in the summary.

    'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..

    No. It doesn't. It does it for specific DRM content.

    These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.

    http://en.wikipedia.org/wiki/Protected_Video_Path

  7. Re:He didn't "Break" PatchGuard by Alex_Ionescu · · Score: 5, Informative

    Administrators can turn PatchGuard off at boot time. He didn't break it.

    There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org

  8. Re:1st thing is to get a good lawyer by Ghost_3k · · Score: 5, Informative

    And what's even more funny, in the last paragraph on his page:
    "He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."