Breaking the Chain
googleprojectzero.blogspot.com"The Win32k filter is already used in Edge, however at the moment only Microsoft can use it as the executable signature is checked before allowing the filter to be enabled."
I find this disturbing and anti-competitive. Microsoft is clearly giving Edge an edge here (pun intended).
Is the "edge" the same advantage chrome has on a chromebook? semi-serious question.
Is it just me, or does it seem trivial to MitM this HDCP API by just faking out the certificate chain, then faking out the method return values?
> Fortunately this doesn’t compromise the security guarantees of the original API because of the way Microsoft designed it. To prevent a MitM attack against the API calls (i.e. you hook the API and return the answer the caller expects, such as HDCP is enabled) the call is secured between the caller and graphics driver using a X.509 certificate chain returned during initialization.
You know what I'm waiting for? When game manufacturers start to require HDCP. The outrage of the youtube gamer kiddies (I personally dislike them all, but hey, they got enough influence) when they can't stream their stuff any more is going to be priceless and maybe enough to finally burn down the HDCP/DRM towers.
Or when someone develops a malware that exploits vulnerabilities in the x.509 code. I mean, if it's proper x.509, it's a hellhole of vulnerabilities - because either the crypto developers had to use common, often-flawed code like OpenSSL or develop their own.
It might just be that I hang out with more indie games; but I can't really see that happening. My sense is that the gaming industry has come to realize view the youtubers/twitchers as a form of free advertisement. Heck, a lot of game companies are giving their product away to streamers with a sufficient audience. Some even have built in twitch integration.
I suspect we will see a divergence between "gamy" games and story based games; with the latter being harsher of streamers.
Windows has it's own crypto api, I'm pretty sure the drivers would use that.
And why would game companies want to kill streaming? It's free advertising, not to mention that they all probably dream of making the next dota.
> And why would game companies want to kill streaming?
Never underestimate the power of human greed. Apple (with iTunes) has proved that the availability of unprotected content doesn't hurt the bottom line, and when I go into a store today and buy a physical CD-ROM it more often than not lacks any copy protection. And this has been the situation for years.
Meanwhile, the movie industry is soundly asleep at the wheel and its execs don't recognize that the consumer demands (near-instant access, no copy protection, no unskippable FBI warnings, no unskippable teasers, and no freaking region lock) have greatly diverged from their offerings. Or they do recognize, but cannot change their existing contracts or whatever - in this case the entire industry deserves a burn-to-the-ground event, because the situation ain't going to be fixed otherwise.
And for the game companies: there are already companies taking down "let's play" videos. Need for "absolute control", I guess. And they still haven't stopped putting retarded DRM (including what basically amounts to rootkits, in the form of anti-cheat stuff) into their games.
> Meanwhile, the movie industry is soundly asleep at the wheel and its execs don't recognize that the consumer demands (near-instant access, no copy protection, no unskippable FBI warnings, no unskippable teasers, and no freaking region lock) have greatly diverged from their offerings.
Are you implying that people still use DVDs or Blu-rays?
If you are, I got genuinely curious, because in Brazil at least, I'm quite certain they got nearly extinct. Here, is Netflix, cable (or satellite), online "channels" as HBO-Go or torrent.
Based on that, it appears to me that consumer demands already won.
Walmart has a huge selection. People buy them. Even the local grocery chain has all the new releases. People stay renting at the Redbox, too. I don't know what the absolute numbers are on the industry but plenty of people like them.
Streaming solved one of gaming's core problem of letting people demo software without harming sales. That's a major benefit for effectively zero cost. So sure, there are always plenty of dumb companies out there, but the major players are not clueless.
I can only hope. DRM (digital restrictions management) is defective by design.
How would you get a key pair and certificate signed by Microsoft? The root certificate for this system is fixed so you can't just use your own.
That must have been a hell of a workload. Thanks for this.
There are three pieces that left me shivering:
> After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash.
WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.
> though I’ll admit something about sending binary blobs to a graphics driver gives me the chills.
What a joke that DRM crap is. Hasn't been sending crap to graphics drivers been a cause of a boatload of exploits, and they're still doing so?
> The stability issues are likely down to interactions with third party code (such as AV) which inject their own code into Chrome processes.
LOLOLOLOL. For what is this even needed, given that AV software usually has kernel-level code anyway? Also, why on earth do AV vendors think they can mess around with third-party software?
The only ones who get clogged up with the inevitable bug reports are software devs who don't test their own software across all possible AV solutions - I doubt any company except Apple, Microsoft, Google's Android and Chrome divisions and Adobe actually have the install base for doing such tests "in the wild" like Chrome did.
> WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.
I understood this to mean that James' Adobe contact doesn't have access to their DRM code, not that Adobe as a company doesn't.
That's exactly it. The contact had flash source but they get the DRM code shipped as a binary library so never see the source of it. A lot of companies, MS, Google, Adobe compartmentalise their drm team, effectively at the behest of the media companies as its all smoke and mirrors anyway. trying to protect things like encryption keys and the like. Typically therefore the binaries are also obfuscated heavily.
So tomorrow Microsoft ships an update for Windows that causes a runtime function to call an additional Win32k function and suddenly Chrome crashes?
This seems somewhat impossible to maintain.
They've had similar problems with Windows 10 updates and other security measures. Yes, it's a headache.