Slashdot Mirror
Vista DRM Cracked by Security Researcher
An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though."
If only there was some EFFin' organization that provided such a service. I don't know what the EFF we'll do now. I guess we are all pretty EFF'd.
Mark says that it's possible. He also says enough that someone else as "skilled in the art" as he is can probably figure out what he did.
And what he did, if I understand correctly, is have some of his own code run as kernel without it being in a "test signed" driver. That seems to be the essense of his approach. Once you figure out how to do that, you can basically do anything, and Microsoft can't stop you.
Freedom to tinker: http://www.freedom-to-tinker.com/
From the about page it says:
He [Alex] is currently studying at Concordia University in Montreal, Canada"
So does the DMCA apply?
If it didn't have some FUD right in the summary.
'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft..
No. It doesn't. It does it for specific DRM content.
These restrictions only apply to DRM content, such as HD DVD or Blu-ray. User's standard unprotected content will not be faced with these restrictions.
http://en.wikipedia.org/wiki/Protected_Video_Path
Administrators can turn PatchGuard off at boot time. He didn't break it.
There's no way to turn off PatchGuard off, only Driver Signing, which watermarks your desktop and disables PMP. Ways to break Patchguard 2.0 were published recently by "Skywing" on uninformed.org
You havent tested this. I could care less if your driver is loaded.
Not using a driver, RTFM.
Microsoft knows that 3rd party driver certificates are going to be stolen/compromised. Microsoft hasn't even provided a method to reject unsigned drivers yet (per MSDN it will be in Vista SP1).
Which is why this isn't using a stolen/3rd party driver or unsigned driver, nor actually loading a driver.
Did you happen to hook one of the kernel functions PatchGuard is monitoring? Try to patch CI.DLL and see what happens. You can disable driver signing. You cannot disable PatchGuard.
There's about a dozen ways to disable PatchGuard, and I was able to patch CI.DLL, disable PatchGuard, as well as turn off code signing. I don't want to sound condescending, but you don't seem to know what you're talking about, or you're being deliberately misleading with your PatchGuard comment.
I'm not saying that you can't bypass Microsofts DRM restrictions. I just don't think you have and the burden of proof is on you.
I'm not going to commit legal suicide by proving it. The point of my blog entry was never to say I broke DRM, but that I've found a way which can break it, which people are free to explore on their own.
I have an NDA with Microsoft already. But this was done through independent research which isn't covered.
And what's even more funny, in the last paragraph on his page:
"He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep."