Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

A cost analysis of Vista content protection

Posted Dec 27, 2006 23:52 UTC (Wed) by csamuel (✭ supporter ✭, #2624)
In reply to: A cost analysis of Vista content protection by i3839
Parent article: A cost analysis of Vista content protection

My understanding was that the stated aim of the exercise is to stop
someone writing software that poses as video hardware to an existing
driver because the hardware & driver do a DH key exchange and the driver
encrypts the "premium" content with the exchanged keys.

Thus if your software was able to masquerade as a plug in video card and
did the DH exchange with the driver you would then be able to decrypt
the "premium" content yourself.

(Log in to post comments)

Posted Dec 28, 2006 15:33 UTC (Thu) by i3839 (guest, #31386) [Link]

Diffie-Hellman doesn't protect against man-in-the-middle attacks, so some form of authentication would be still needed. And for that there needs to be keys both in hardware and the driver.

The key in the driver could be replaced with any key the attacker wants, and then the authentication would seem to succeed and unencrypted content would be received by the fake videocard. I don't believe they're so stupid to bet on this...

But maybe they do, as it appears that the driver needs to do checks, and checks can be bypassed, so what the hell are they thinking? If the driver needs to do any checks then the system is broken by design.

A cost analysis of Vista content protection

Posted Jan 23, 2007 10:43 UTC (Tue) by i3839 (guest, #31386) [Link]

It seems they were indeed so stupid as this, both Blueray and HD-DVD are cracked because the encryption keys can be fished out of ram. Pathetic.