Vista Launch: Vista DRM cracked

A security researcher has found a means of bypassing the means Windows Vista uses to secure video and audio content protected by digital rights management (DRM).

Writing in a blog post, Alex Ionescu said that he had written code that meant that users of the new operating systems could play back HD-DVDs on "uncertified" computers.

The code was meant to be a workaround for the 64-bit Driver Signing/PatchGuard part of the new OS. But Ionescu found that instead it effectively bypassed the Protected Media Path (PMP) Vista uses to comply with demands from media companies to protect content from being played back in hardware not certified for use with DRM-enabled data.

Ionescu said that one of these features, which has been heavily criticised as being the actual reason behind driver signing, is that "some premium content may be unavailable" if test signing mode is used.

"Originally, I assumed that this meant that the kernel would set some sort of variable, but this didn't make sense: once your unsigned driver could load, it could disable this check," said Ionescu. "After reading the PMP documentation however, it seems to me that the "feature" explained is more likely the cause of this warning on premium content."

He said that the feature is there to notify media applications that there are unsigned drivers on the system, as well as provide a list of unsigned drivers. Application can either refuse to play content, or it can scan for known anti-DRM drivers which might be attempting to hook onto the unencrypted stream. "This leads me to believe that it's up to applications, not the OS, to enforce this DRM check," said Ionescu.

As his code does not use test signing mode and doesn't load an unsigned driver onto the system any application using PMP is tricked into thinking the system is safe when it isn't.

Ionescu said that Microsoft could issue a patch to fix the problem but this patch could be bypassed using a similar method.

He added that he has not released the code to others as it could be looked upon as an anti-DRM tool and "definitely a DMCA violation".

"I'd really love to release this tool to the public though, so I will look into my options - perhaps emphasizing the research aspect of it and crippling the binary would be a safe way," he said.

Email to a friend

Print this page