DRM Security Systems – Code Cracks, Key Issues & Flaws
DRM system cracks: DRM security software & hardware solutions
This page contains information on security issues, vulnerabilities, flaws, hacks and cracks in DRM (Digital Rights Management) software systems and hardware product solutions.
- DRM cracks for Windows Media, Apple FairPlay, AACS and CSS – BBC Guide to DRM cracking systems.
- PDF security cracks and flaws – PDF Security Issues.
Reports appear stating that Adobe DRM, in its eBook software “Digital Editions”, monitors user behavior, tracks usage and location, and then sends the data over the Internet unencrypted.
Cloud DRM – File Sharing Services
Despite the hype of using cloud document services like Dropbox, Google Drive, and Onedrive to store and share documents securely, they all have one common flaw – attackers can access user’s files without requiring a password. All of these services rely on a password token which once obtained (say through a common phishing attack or a drive-by exploit) can be used indefinately – even if a user changes their password they cannot lock the attacker out.
The popular Firefox browser now comes with DRM support by default, but since the technology is proprietary to Adobe it can’t be monitored or controlled in an appropriate manner. Thus, it’s wrapped in a “sandbox” inside Firefox so as to, hopefully, not interfere with the rest of the browser.
Two companies are offering pirated apps free of Apple’s DRM and iTunes. Both InstaSign and Zeusmos are applications that allow you to install cracked applications on your iDevice without jailbreaking.
It’s now possible to remove the DRM from epub ebooks bought in Apple’s iBooks store. ‘Brahms’ has recently released a new version, 3.3, of his Requiem software, which has been able to remove DRM from music and videos bought in the iTunes Music Store for a long time. This new version can also remove the DRM from Apple’s epub format ebooks.
Apple’s DRM has been readily broken for the iPhone, iPod and iPad, and Mac App Store with support for jailbroken devices and an increased availability of cracked apps across the Web.
Intel Copy Protection
Unprotected debugging functionality in Intel’s CPU enables attackers to expose root encryption keys for Platform Trust Technology (PPT) and Enhanced Privacy ID (EPID). The vulnerability activates test or debug logic at runtime, allowing an unauthenticated attacker to escalate privileges through physical access.
Attackers can extract root encryption key to gain access to and copy DRM-protected digital content such as eBooks, and bypass BitLocker and trusted platform modules (TPM) security protection to circumvent code-signing restrictions and run compromised firmware in the Intel Management Engine.
German researchers have cracked Intel’s encryption protocol using a man-in-the-middle attack, capturing the encrypted data streams, decrypting them using a $200 piece of hardware, and then sending the decrypted output to another device.
Intel have had their DRM system for high definition video content cracked. A hacker has released a master key which renders the DRM protection unusable since it allows anyone to create their own source and sink keys to unprotect content.
Scripts have been released that can remove the DRM from a number of ebook formats, including the new Kindle KPR format, Nook, Mobipocket, eReader (the really old format), Epub, and PDF. The Kindle KPR format is a PDF file wrapped in a different file format.
SnowBreeze is a jailbreak app for the iPhone that also enables users to open and read DRM protected ibooks using the ibooks app without purchasing them.
The Calibre ebook management system has had its DRM cracked by allowing plug-ins to be loaded to circumvent the DRM. It is well published that the use of plug-ins are insecure so you have to wonder why they have been allowed to load in the first place.
The DRM crack enables ebooks published in Amazon’s proprietary format to be displayed on competing readers without any DRM controls.
The Barnes & Noble Desktop Reader application (BDReader) uses a modified Adobe Adept scheme, and stores decryption keys in plain text in a sqlite database, thus proving to be an easy attack.
Windows Phone 7 DRM cracked hours after its release
Microsoft has been the latest victim of an attack on their DRM for Windows Phone 7. App piracy however has been a mounting problem on smartphones, even with copy protection in place. Android has been affected so badly by piracy that developers have argued that it’s impossible to sell paid apps on Google’s OS due both to a lack of effective protection and the ease of developing cracks.
Microsoft’s DRM Library (msnetobj.dll) is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow. Users can be attacked when they visit a malicious web site enabling code to be run that takes control of your computer.
This paper analyses the true cost of DRM when employed at the OS level to protect content. It covers the effectiveness of DRM when applied to protect video and audio content.
Windows Vista DRM cracked
The crack allows protected video and audio content to be played without any DRM enforcement.
The program, entitled FairUse4WM (Fair Use for Windows Media) requires that the user already owns media files that have been purchased before it will make them DRM free.
The DRM crack was made possible due to the licensing system’s use of Java code. A number of products can decompile and disassemble Java code, making it an easy target for reverse engineering. After decompiling the code, cracking the licensing system is as simple as finding the file that references Google’s licensing service and changing it to include a different set of instructions.
Ubisoft DRM system cracked within 24 hours
The hack removes the DRM entirely and was issued in response to user backlash over having to be permanently connected to the Internet to play a game.
The Zune DRM Stripper/FairUse Commander lets you remove DRM from one file or a batch of files.
DVD & Blu-ray DRM
HD DVD and Blu-ray DRM scheme cracked
The AACS (Advanced Access Content System) is a DRM system that replaced the weak Content Scrambling System, but less than a week after release it has been cracked.
Blu-Ray DRM cracked
The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of HD DVD discs. The hack sidesteps rather than defeats the AACS encryption. The approach relies on obtaining a particular movie’s unique “key” and can’t therefore be trivially replicated to rip content across all titles encoded via a particular format, as tools like DVD Decryptor make easy with standard DVD titles.