Skip to content
RealinfoSec.net

RealinfoSec.net

InfoSec News, Cybersecurity Awareness

  • Home
  • InfoSec News
    • Data Breach News
    • Latest Vulnerabilities
  • What Is InfoSec
  • CyberSecurity Newsletter
  • Cyber Academy
  • Cyber Help Desk
  • Cyber Knowledge Base
  • Contact Us
    • Contribute
  • My Bookmarks
  • Subscribers
    • Knowledge Quizzes
    • Register
  • Login
    • Password Reset
  • Register
  • Privacy Policy
    • Legal
  • Toggle search form
Microsoft

Microsoft PlayReady security research

Posted on 12 December 202212 December 2022 By RiSec.Mitch No Comments on Microsoft PlayReady security research

Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.

Security Explorations conducted security analysis of Microsoft Play
Ready content protection technology in the environment of CANAL+ SAT
TV provider. As a result, complete access to movie assets and content
keys available in CANAL+ VOD library could be gained with the use of a
fake client device identity.

Below, a summary of discovered issues is given:
1) weak security of CANAL+ STB (unpatched 3 years old vulnerabilities)
made it possible to acquire STB PlayReady private group ECC key (its
plaintext value),
2) PlayReady license server did not check whether the client device
identity used in a certificate chain corresponded to the valid
subscriber (fake MAC and SERIAL values could be used for license
requests),
3) PlayReady license server did not verify whether client device had
access to target content (any VOD content / collection could be
accessed, this includes paid content that was available though 48h
rentals only or collections of movies from channels to which the
subscriber didn’t have access to),
4) PlayReady license server was not synced with Content Delivery
Network (CDN), as such access to content could be made outside of the
granted license period (outside of the rental period, etc.),
5) there has been no key rotation observed (same, static content keys
were returned by the PlayReady license server for given content),
6) PlayReady protected content was not watermarked (same content was
returned for requests corresponding to different client identities),
7) PlayReady license server could be crawled in an automatic fashion
for content keys,
8) there has been no detection and blacklisting observed as a response
to invalid / malicious license requests  (some triggered license
server exceptions),
9) PlayReady certificate chain in use by target STB device didn’t have
any time / expiration attribute.

PlayReady security model relies on the security of the link between
client device and a license server. As such, a compromised client
device can implicate compromise of the security of content.

This security model should take into account such a compromise. As
such, reversing PlayReady operation should be more challenging too.
Acquiring PlainReady client secrets such as group keys should not be
straightforward either.

Unfortunately, this was not the case for CANAL+ STB devices as:
1) multiple symbol names were left in a PlayReady binary (Linux ELF file),
2) the binary didn't contain any reverse engineering countermeasures
such as code obfuscation, etc.
3) PlayReady functionality was implemented at the application layer.
This implicated no need to break security of the kernel or HW chip
(PlayReady compromise from user level application). This made runtime
hooking and tracing PlayRedy operation easy.

It was interesting to find out that instead of the usual code and
symbols obfuscation, Microsoft likely decided to build DRM strength on
the strength of ECC crypto and associated math in general (my
impression). They tweaked standard NIST P-256 ECC curve parameters and
conducted whole computations in an affine space (it is called a "MOD"
space in binary).

The ECC curve parameters were embedded in a binary in a non-standard
way (affine transformation to MOD space). All calculations were
conducted with respect to that transformation too (and with certain
optimizations such as Montgomery ladder). Yet, this hasn't been an
obstacle as long as fundamentals of ECC cryptography were acquired.

The crucial weak point was the P256 symbol and subroutine verifying
whether a given point is on curve. This subroutine indirectly leaked
curve parameters (and type).

The ECC formula for NIST P-256 curve is the following:

Y^2 = X^3 + A*x + B

This formula can be used to check whether a given point (X,Y) lies on ECC curve.

For points transformed to the MOD space

Y = y*F
X = x*F

This yields the following:

(y*F)^2 = (x*F)^3 + A*x + B

y^2 * F^2 = x ^3 * F^3 + A*x + B // multiplying by the F^-1 (inverse)

y^2 * F^2 * F^-1 = x ^3 * F^3 * F^-1 + A*x*F^-1 + B*F^-1

y^2 * F^2 * F^-1 = x ^3 * F^3 * F^-1 + (A*F^-1)*x + B*F^-1

which yields the curve parameters used for points transformed to MOD space:

real_a=(A*F^-1)
real_b=B*F^-1

While the private group key and group certificates were embedded in
PlayReady binary in an encrypted form (possible to decrypt with the
use of device root key), their plaintext content could be retrieved in
runtime with the help of user level API too (access to encrypted file
system through symbols exposed by a shared library).

In Jul 2022, I contacted Microsoft and offered to share the results of
my research with the company. To me it looked like a bug at license
server end, but Microsoft closed the case on the basis "this is not a
server-side compromise".

As a result of Microsoft evaluation and multiple communication
problems during report handling process (mails not reaching MS,
automated MSRC system not showing MS responses in the message chat,
advice to contact "breach" team while this should be MS job to forward
any relevant information to proper team such as PlayReady), I decided
not to get into further discussion with Microsoft and did not explain
in particular that server side compromise did not matter for the given
case as Microsoft Play Ready license server was verified to provide
license (and content keys) to any content (not authorized, not rented,
not paid, etc.), it was not synced with CDN and had no watermarking in
place.

I tried to reach out to CANAL+ instead, but without much success.
CANAL+ company was clearly not interested to talk to me over this (no
responses to e-mails and/or requests to establish an official
communication channel for the reporting, discussion and
vulnerabilities disclosure purposes).

Although Microsoft evaluated the issue as no bug in PlayReady, the
overall attack exposes both a significant PlayReady limitation and a
fault at CANAL+ end (no server side auth checks, no watermarking in
place, no license server syncing with CDN, etc.). The demonstrated
technique might potentially constitute a significant risk for content
providers as compromise of a single device or presence of the
unpatched device is sufficient for a large scale, distributed piracy
of a high premium content coming from CANAL+, HBO, FOX, WARNER, etc.
(18K+ assets in CANAL+ VOD library).

Microsoft is aware of that and points out that Microsoft Azure Media
Services (AMS) are free of the above limitations. What I am not sure
is whether Microsoft PlayReady licensees are.

According to Microsoft, PlayReady Server SDK has several hundred
service provider licensees. They should implement security features
missing in PlayReady such as authentication, authorization,
watermarking, etc. on their own in order to avoid the situation
encountered in CANAL+ environment.

As such, there is clearly the value in releasing details of the
research, so that others can either learn, evaluate or prepare for the
risks of the demonstrated content theft whenever PlayReady client
compromise occurs.

Microsoft agreed with the above (on the value of disclosure), but
preferred that the issue got released when STB fixes are in place.

As there is no bug claimed at Microsoft end, the STB issues have been
known for 3 years and CANAL+ hasn’t reached out to me over the topic
of disclosure (last contact with the company in late Aug 2022), I see
no reason to wait with the release of technical details.

More information regarding Microsoft, CANAL+ and Sygnal anti-piracy
organizations response along sample demo movies illustrating POC
operation can be found at the following pages:

https://security-explorations.com/mspr_cplus_info.html

Brief technical details in a form of a README.md file can be
downloaded from this location:

https://security-explorations.com/mspr_cplus_details.html

Thank you.

Best Regards,
Adam Gowdiak

----------------------------------
Security Explorations -
AG Security Research Lab
https://security-explorations.com
----------------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

From: Security Explorations <contact () security-explorations com>
Date: Sat, 10 Dec 2022 12:23:11 +0100

Recommended:  What is the difference between Cybersecurity & Information Security

Suggest an edit to this article

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark

Please login to bookmark

Social Comments Box
  • About
  • Latest Posts
RiSec.Mitch
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
  • Google Open-Source Vulnerability Scanning Tool - 18 January 2023
  • Polymorphic Malware Produced by ChatGPT - 18 January 2023
  • Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors - 8 January 2023
Share the word, let's increase Cybersecurity Awareness as we know it

No related articles.

InfoSec News, Trending Tags:infosec, microsoft, Playready, reblogg, research

Post navigation

Previous Post: The Top Hacks and Breaches of 2022, Ranked
Next Post: Experts developed a method to bypass multiple companies’ web application firewalls (WAF)

Related Posts

what is ransomware What Is Ransomware and How Does It Work? Cybersecurity Academy
log4j exploit Most Organizations Still Vulnerable To Year-Old Log4j Vulnerability InfoSec News
Trojan Trojanized dnSpy App Drops Malware Cocktail On Researchers, Developers InfoSec News
cybersecurity news UK: Government finalises new cybersecurity regulations for telecoms providers Data Security
How to Protect your Public Data with Open Source Intelligence Sensitive UK police data leaked by ‘Russian hackers’ – media Data Breach News
3760350 blackfriday generic promothumb3 1 InfoSec Black Friday Deals 2020 Trending

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RiSec Captcha 4 + 3 =

AbuseIPDB Contributor Badge

Follow Our Socials:

Latest InfoSec News

Data Breach News InfoSec News

JD Sports: Cyber Attack affects 10 million customers

RiSec.n0tst3
30 January 2023 0
what is infosec
Cybersecurity Academy

InfoSec – A Newbie Guide – InfoSecurity

RiSec.n0tst3
25 January 2023 0
google
Cybersecurity Academy How to

Google Open-Source Vulnerability Scanning Tool

RiSec.Mitch
18 January 2023 0
InfoSec News

Polymorphic Malware Produced by ChatGPT

RiSec.Mitch
18 January 2023 0
russia
InfoSec News

Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors

RiSec.Mitch
8 January 2023 0
latest cybersecurity news
InfoSec News

Dridex Banking Malware Targets MacOS users with a new delivery method

RiSec.Mitch
8 January 2023 0
ransomware
InfoSec News

Microsoft Discloses Methods Employed by 4 Ransomware Families Aiming at macOS

RiSec.Mitch
8 January 2023 0
InfoSec News

$8 billion in cryptocurrency withdrawals strike US bank Silvergate

RiSec.Mitch
8 January 2023 0

Featured Posts

cve-2022-38970
Data Security Featured How to InfoSec News Vulnerabilities

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

RiSec.n0tst3
28 August 2022 6
Data Security Featured InfoSec News

Hacking Campaign Steals 10,000 Login Credentials From 130 Different Organizations

RiSec.n0tst3
27 August 2022 0
DDoS
Featured InfoSec News

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

RiSec.n0tst3
19 August 2022 1
Security researcher contacted me
Cybersecurity Academy Featured How to

A Security Researcher Contacted Me – What should I do?

RiSec.n0tst3
30 June 2022 0
google chrome
Featured InfoSec News

Google Chrome extensions can be easily fingerprinted to track you online

RiSec.n0tst3
19 June 2022 0
MFA
Cybersecurity Academy Data Security Featured

3 Steps To Better Account Security

RiSec.n0tst3
21 February 2022 0
hardening vps security
Cybersecurity Academy Featured

HARDEN YOUR VPS: Steps to Hardening your VPS Security

RiSec.n0tst3
10 January 2022 2

Share the joy

Copyright © 2022 RealinfoSec.net. CyberSecurity News & Awareness. All Trademarks, Logos And Brand Names Are The Property Of Their Respective Owners

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu