Breaking the Chain (opens in new tab)

(googleprojectzero.blogspot.com)

101 pointszerognowl9y ago17 comments

17 comments

"The Win32k filter is already used in Edge, however at the moment only Microsoft can use it as the executable signature is checked before allowing the filter to be enabled."

I find this disturbing and anti-competitive. Microsoft is clearly giving Edge an edge here (pun intended).

divbit9y ago

Is the "edge" the same advantage chrome has on a chromebook? semi-serious question.

mmastrac9y ago

Is it just me, or does it seem trivial to MitM this HDCP API by just faking out the certificate chain, then faking out the method return values?

> Fortunately this doesn’t compromise the security guarantees of the original API because of the way Microsoft designed it. To prevent a MitM attack against the API calls (i.e. you hook the API and return the answer the caller expects, such as HDCP is enabled) the call is secured between the caller and graphics driver using a X.509 certificate chain returned during initialization.

mschuster919y ago

You know what I'm waiting for? When game manufacturers start to require HDCP. The outrage of the youtube gamer kiddies (I personally dislike them all, but hey, they got enough influence) when they can't stream their stuff any more is going to be priceless and maybe enough to finally burn down the HDCP/DRM towers.

Or when someone develops a malware that exploits vulnerabilities in the x.509 code. I mean, if it's proper x.509, it's a hellhole of vulnerabilities - because either the crypto developers had to use common, often-flawed code like OpenSSL or develop their own.

gizmo6869y ago

It might just be that I hang out with more indie games; but I can't really see that happening. My sense is that the gaming industry has come to realize view the youtubers/twitchers as a form of free advertisement. Heck, a lot of game companies are giving their product away to streamers with a sufficient audience. Some even have built in twitch integration.

I suspect we will see a divergence between "gamy" games and story based games; with the latter being harsher of streamers.

219y ago

Windows has it's own crypto api, I'm pretty sure the drivers would use that.

And why would game companies want to kill streaming? It's free advertising, not to mention that they all probably dream of making the next dota.

1 more reply

mjevans9y ago

I can only hope. DRM (digital restrictions management) is defective by design.

tinus_hn9y ago

How would you get a key pair and certificate signed by Microsoft? The root certificate for this system is fixed so you can't just use your own.

mschuster919y ago

That must have been a hell of a workload. Thanks for this.

There are three pieces that left me shivering:

> After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash.

WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

> though I’ll admit something about sending binary blobs to a graphics driver gives me the chills.

What a joke that DRM crap is. Hasn't been sending crap to graphics drivers been a cause of a boatload of exploits, and they're still doing so?

> The stability issues are likely down to interactions with third party code (such as AV) which inject their own code into Chrome processes.

LOLOLOLOL. For what is this even needed, given that AV software usually has kernel-level code anyway? Also, why on earth do AV vendors think they can mess around with third-party software?

The only ones who get clogged up with the inevitable bug reports are software devs who don't test their own software across all possible AV solutions - I doubt any company except Apple, Microsoft, Google's Android and Chrome divisions and Adobe actually have the install base for doing such tests "in the wild" like Chrome did.

ajdlinux9y ago

> WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

I understood this to mean that James' Adobe contact doesn't have access to their DRM code, not that Adobe as a company doesn't.

tiraniddo9y ago

That's exactly it. The contact had flash source but they get the DRM code shipped as a binary library so never see the source of it. A lot of companies, MS, Google, Adobe compartmentalise their drm team, effectively at the behest of the media companies as its all smoke and mirrors anyway. trying to protect things like encryption keys and the like. Typically therefore the binaries are also obfuscated heavily.

revelation9y ago

So tomorrow Microsoft ships an update for Windows that causes a runtime function to call an additional Win32k function and suddenly Chrome crashes?

This seems somewhat impossible to maintain.

gcp9y ago

They've had similar problems with Windows 10 updates and other security measures. Yes, it's a headache.

j / k navigate · click thread line to collapse

17 comments

amaks9y ago

"The Win32k filter is already used in Edge, however at the moment only Microsoft can use it as the executable signature is checked before allowing the filter to be enabled."

I find this disturbing and anti-competitive. Microsoft is clearly giving Edge an edge here (pun intended).

divbit9y ago

Is the "edge" the same advantage chrome has on a chromebook? semi-serious question.

mmastrac9y ago

Is it just me, or does it seem trivial to MitM this HDCP API by just faking out the certificate chain, then faking out the method return values?

mschuster919y ago

gizmo6869y ago

I suspect we will see a divergence between "gamy" games and story based games; with the latter being harsher of streamers.

219y ago

Windows has it's own crypto api, I'm pretty sure the drivers would use that.

And why would game companies want to kill streaming? It's free advertising, not to mention that they all probably dream of making the next dota.

1 more reply

mjevans9y ago

I can only hope. DRM (digital restrictions management) is defective by design.

tinus_hn9y ago

How would you get a key pair and certificate signed by Microsoft? The root certificate for this system is fixed so you can't just use your own.

mschuster919y ago

That must have been a hell of a workload. Thanks for this.

There are three pieces that left me shivering:

> After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash.

WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

> though I’ll admit something about sending binary blobs to a graphics driver gives me the chills.

What a joke that DRM crap is. Hasn't been sending crap to graphics drivers been a cause of a boatload of exploits, and they're still doing so?

> The stability issues are likely down to interactions with third party code (such as AV) which inject their own code into Chrome processes.

LOLOLOLOL. For what is this even needed, given that AV software usually has kernel-level code anyway? Also, why on earth do AV vendors think they can mess around with third-party software?

ajdlinux9y ago

> WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

I understood this to mean that James' Adobe contact doesn't have access to their DRM code, not that Adobe as a company doesn't.

tiraniddo9y ago

revelation9y ago

So tomorrow Microsoft ships an update for Windows that causes a runtime function to call an additional Win32k function and suddenly Chrome crashes?

This seems somewhat impossible to maintain.

gcp9y ago

They've had similar problems with Windows 10 updates and other security measures. Yes, it's a headache.

j / k navigate · click thread line to collapse