Concordia Student Subverts MS Vista DRM
2007-01-30 06:15:20.536359file under: security
Concordia University student Alex Ionescu Subverts Microsoft's Windows Vista DRM (Digital Rights Management). DRM has been (and is) a big bone of contention for advocates of freedom-of-use of computers and the content on computers. This news comes the day before Windows Vista official world-wide launch.
The full story is available on Alex's blog. One gem of a paragraph is this one:
The great thing about the code I've written is that it does NOT use test signing mode and it does NOT load an unsigned driver into the system. Therefore, to any A/V application running, the system seems totally safe -- when in fact, it's not. Now, because I'm still booting with a special flag, it's possible for Microsoft to patch the PMP and have it report that this flag is set, thereby disabling premium content. However, beause I already have kernel-mode code running at this point, I can disable this flag in memory, and PMP will never know that it was enabled. Again, Microsoft could fight this by caching the value, or obfuscating it somewhere inside PMP's kernel-mode code, but as long as it's in kernel-mode, and I've got code in kernel-mode, I can patch it.
More information about DRM and how it affects your computer is available here (The interesting stuff is from Peter Gutmann) here(also with Peter Gutmann), and here.