Windows Vista DRM cracked!

30 January 2007

Technically, Microsoft Windows Vista hasn't even been released yet and the DRM system has been cracked. DRM, the so-called Digital Rights Management system that the MPAA and RIAA are blackmailing hardware and software vendors into supporting so that they can control what you watch or listen to, how, when, and for how long uses strong crypto to encrypt media files and control who and what can access them. In Vista, it's called PMP, the Protected Media Path, and reaches all the way down to the level of the hardware drivers. In theory, if all of the drivers on the system carry digital signatures from Microsoft, the PMP subsystem will allow 'premium content' to be played back within the limits set by the original producer of the file; if there are unsigned ('untrusted') drivers in use, the media playback system might decide to lock out that content, on the off chance that it's actually detected software that can intercept and decrypt the DRM'd content. The thing is, it seems to be the application that decides whether or not to play back the file, not the drivers on the system, not PMP, and not the Windows kernel. Or at least, that's what the architecture suggests given its behaviour. Therefore, anything in the layers underneath the application can send the app false information to make it think that it's on a trusted machine. This method doesn't use an unsigned device driver, nor does it require that the OS be kicked into test signing mode (where untrusted signatures may be applied to code for the purposes of testing and debugging). Unfortunately, Alex Ionescu hasn't released the code that'll do this, fearing that Microsoft will go after him with the DMCA (just because you aren't a US citizen doesn't mean that they won't and can't - just ask DeCSS author Jon Johansen, whom the MPAA attacked in 2000 even though he's from Norway).