Microsoft PlayReady toolkit - codes release
2024-5-6 16:52:19 Author: seclists.org(查看原文) 阅读量:6 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: Security Explorations <contact () security-explorations com>
Date: Mon, 6 May 2024 10:52:07 +0200

Hello All,

We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest files inspection,
- combination of content fragments into single, ready to play or
distribute, plaintext movie file,
- watermarking detection / checks,
- CDN auth bypass,
- license crawling,
- automatic content security check for Canal+ environment.

Please, note that due to “not fixed” status (Microsoft didn't revoke
group cert and Canal+ didn't implement auth checks for license server
among others) the following has been removed from the public package:
- crypto secrets such as STB private keys, PlayReady private group
key, Canal+ client SSL certificates, CDN / VOD secrets,
- STB PlayReady binary
- reverse engineering API traces
- functionality pertaining to VOD purchases / orders (online and SMS
based, affecting users' billing)

As such, the toolkit is not "functional / ready to use" (the codes
cannot be used for the piracy of Canal+ VOD content without the
missing secrets).
Yet, we hope the released codes help both security researchers
interested in PayTV / content security along content providers gain a
more in-depth understanding of Microsoft PlayReady technology
operation and its limitations. We hope it helps others avoid some
mistakes too.

Thank you.

Best Regards,
Adam Gowdiak

----------------------------------
Security Explorations -
AG Security Research Lab
https://security-explorations.com
----------------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • Microsoft PlayReady toolkit - codes release Security Explorations (May 06)

文章来源: https://seclists.org/fulldisclosure/2024/May/2
如有侵权请联系:admin#unsafe.sh