The Cellar - View Single Post

russotto · 11-07-2001, 01:37 PM

http://www.directionsonmicrosoft.com...xgnpt_illo.htm

Now, looking at it from the viewpoint of the hacker: How can I get unprotected digital output?

First, best, and most obvious: I can modify Windows Media Player not to add the noise. If there are integrity checks to prevent modification of Windows Media Player, I disable them. I may need to disable several layers of checking, but once it is done it is done. Then I can anonymously distribute my modification. The problem with this method is it's probably the one they've gone to the greatest lengths to prevent.

Second: I can sign my own components. Sure, I don't have Microsoft's private key. But chances are there's room for several public keys in the OS... and chances are some of them are unused (can you say "NSAKEY") and I can substitute my own public key for which I have a private key. Then I can anonymously distribute my signed component and my method for installing the key.

Third: I can determine the characteristics of the noise and remove it myself.

Fourth: I can modify the sound card firmware to ignore the "disable digital output" flag.

Fifth: I can arrange to modify one of the signed components in memory AFTER its integrity has been checked.

Sixth: I can modify the "DRM Component" to ignore signatures. This is probably another well-protected path, however.

There's probably other methods that I can't think of off the top of my head (plus the analog path).

11-07-2001, 01:37 PM	#7
russotto Professor Join Date: Jan 2001 Posts: 1,788	Let us examine the opportunities for fun... http://www.directionsonmicrosoft.com...xgnpt_illo.htm Now, looking at it from the viewpoint of the hacker: How can I get unprotected digital output? First, best, and most obvious: I can modify Windows Media Player not to add the noise. If there are integrity checks to prevent modification of Windows Media Player, I disable them. I may need to disable several layers of checking, but once it is done it is done. Then I can anonymously distribute my modification. The problem with this method is it's probably the one they've gone to the greatest lengths to prevent. Second: I can sign my own components. Sure, I don't have Microsoft's private key. But chances are there's room for several public keys in the OS... and chances are some of them are unused (can you say "NSAKEY") and I can substitute my own public key for which I have a private key. Then I can anonymously distribute my signed component and my method for installing the key. Third: I can determine the characteristics of the noise and remove it myself. Fourth: I can modify the sound card firmware to ignore the "disable digital output" flag. Fifth: I can arrange to modify one of the signed components in memory AFTER its integrity has been checked. Sixth: I can modify the "DRM Component" to ignore signatures. This is probably another well-protected path, however. There's probably other methods that I can't think of off the top of my head (plus the analog path).