Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft PlayReady Cryptography Weakness

There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.

Packet Storm
#mac#microsoft#amazon#git#pdf
Hello All,There is yet another attack possible against Protected Media Pathprocess beyond the one involving two global XOR keys [1]. The newattack may also result in the extraction of a plaintext content keyvalue.The attack has its origin in a white-box crypto [2] implementation.More specifically, one can devise plaintext content key from white-boxcrypto data structures of which goal is to make such a reconstructiondifficult / not possible. This alone breaks one of the main securityobjective of white-box cryptography which is to protect the secret key(unbreakability) [3].Contrary to the initial (XOR key) attack, the white-box crypto attackis not limited to the given narrow time window (white-box datastructures need to be present for the time of a movie decryption /playback). Fixing it might require a completely new approach /implementation (current one is obviously flawed).In that context, white-box crypto attack seems to be more severe thanthe XOR key one.Additionally, a cryptographic check proving that extracted key valuescorrespond to real keys has been conducted for Canal+ Online, Netflix,HBO Max, Amazon Prime Video and Sky Showtime.The check relies on a digital cryptographic signature verification.Such a signature is appended at the end of each license issued byPlayReady license server.The crypto check works as following:- plaintext value of a digital signature key encrypted through ECC isextracted from a Protected Media Path process- the extracted signature key is used to calculate the AES-CMAC valueof a binary licence XMR blob- the calculated signature value is checked against the signatureappended at the end of the issued license- correct AES-CMAC value implicates correct signature key (and correctcontent key)The above mechanism is also used by Microsoft to verify thecorrectness of decrypted content keys received from a license server.It relies on the fact that signature key is part of the same encryptedlicense blob as content key. Thus, successful extraction of asignature key implicates successful extraction of a content key.In the context of no confirmation / denial [4] from the platformsindicated above as being affected, the crypto check should constitutesufficient proof to support that claim alone.Thank you.Best Regards,Adam Gowdiak----------------------------------Security Explorations -AG Security Research Labhttps://security-explorations.com----------------------------------References:[1] Microsoft Warbird and PMP security research    https://security-explorations.com/microsoft-warbird-pmp.html[2] White-box cryptography, Wikipedia    https://en.wikipedia.org/wiki/White-box_cryptography[3] White-Box Security Notions for Symmetric Encryption Schemes    https://eprint.iacr.org/2013/523.pdf[4] Microsoft DRM Hack Could Allow Movie Downloads From PopularStreaming Services    https://www.securityweek.com/microsoft-drm-hacking-could-allow-movie-downloads-from-popular-streaming-services/

Packet Storm: Latest News

Pyload Remote Code Execution