Windows Vista Content Protection
nes...@wigner.berkeley.edu
Slides by Peter Gutmann, University of Auckland
<Selected Quotes>
-----------------------------------------------------------------------------
1. What it is:
Vista DRM is outgrowth of XP, Palladium efforts.
Attempt to turn a general-purpose PC into a sealed audio/video jukebox
"This would turn the PC into a record player as far as music is
concerned" (Microsoft Research News)
How it works: The entire data stream from DVD/CD/internet/Blu-ray etc
to output device (speakers, monitor etc) must not be accessible to
user. Any "User Accessible Channel" (UAC) must carry only encrypted
data. Any software handling the data stream must be under control of
Vista (with no user access).
CPU is not powerful enough to handle all required
encryption/decryption, thus, graphics, sound cards must have hardware
decryption built in.
They must also contain undocumented functionality so driver can check
that it’s the real thing and not an emulator (HFS)
Drivers must be signed, API takes place over Secure Sockets Layer to
prevent circumvention of DRM
In Windows Vista the application is a remote control for the Media
Interoperability Gateway (MIG) environment---Protected-playback code
and data are safeguarded by specialised security mechanisms
---------------------------------------------------------------------
2. Problems:
"The PC industry is committed to providing content protection
on the PC, but nothing comes for free. These costs are
passed on to the consumer" (ATI)
"It is recommended that a graphics manufacturer go beyond the strict
letter of the specification and provide additional content-protection
features, because this demonstrates their strong intent to protect
premium content" (Microsoft)
Since you can’t write technical specs for an impossible task, the
best you can do is require that participants show appropriate
dedication to the cause.
"We’ve taken on more legal costs in copyright protection in the
last six to eight months than we have in any previous
engagement. Each legal contract sets a new precedent, and
each new one builds on the previous one" (ATI)
"By any standard, Vista’s new DRM capabilities hardly qualify as a
selling point; after all, it’s hard to sing the praises of technology
designed to make life harder for its users" (Matt McKenzie,
Computerworld)
In the case of audio, much of the protection will have to come from
turning off various audio outputs
Result: Premium content → premium silence: Vista prevents your HD
audio interface from playing (premium) HD audio!
Protected audio content is definitely protected. You can’t play
DRM-protected content over S/PDIF because that would give
you a zero-degradation copy that you can do whatever you
like with (Matthew van Eerde, MSDN)
The “disable S/PDIF” behavior is UNCHANGED from Windows XP […] If
you don’t like DRM, don’t use it [DRM] (Larry Osterman, MSDN)
As for video:
"This feature [standard video output] is no longer supported due to
the new Protected Video Path Output Content Protection (PVP-OPM) in
Windows Vista" (nVidia driver documentation)
So, you can no longer use these features even for personal
(unprotected) video (eg home movies)
HDCP doesn't work: "None of the AGP or PCI-E graphics cards that you
can buy today support HDCP […] If you’ve just spent $1000 on a pair
of Radeon X1900 XT graphics cards expecting to be able to playback
HD-DVD or Blu-Ray movies at 1920×1080 resolution in the future, you’
ve just wasted your money […] If you just spent $1500 on a pair of
7800GTX 512MB GPUs expecting to be able to play 1920×1080 HD-DVD or
Blu-Ray movies in the future, you’ve just wasted your money" (“The
Great HDCP Fiasco”, firingsquad.com)
Decreased Playback Quality: Vista specs require that any premium
content sent to unprotected high-quality outputs must be degraded
---STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH (“display quality too
good”)
, probably the most bizarre status code ever defined
Microsoft’s definition of a high-quality output: 800×600
Absolute minimum requirements for Windows Vista Basic: 800×600
Result: Absolutely everything supported by Vista needs to have content
degraded
The internal workings of the graphics chip must be kept secret,
such that a hacker building an emulator could not find out the
required information
Driver Problems:
ATI resorted to fudging the Vista certification for their (then)
top-of-the-line X1950 graphics cards---When they finally shipped Vista
drivers, they were found to crash the OS on some systems
"I was hit by a BSOD right after the login screen loads [...]
Guess what I had to do to get Windows Vista to boot up in
normal mode without facing another BSOD? Remove the ATI
Radeon X1950 GT and replace it with a non-ATI card"
("ATI's Vista Killing Driver”, techarp.com)
Audio/visual synchronisation became an issue during playback and,
laughably, the driver would force a BSOD when entering full-screen
mode (hexus.net)
nVidia did the same...
Large companies like Dell and Gateway held back on shipping Vista
upgrades because they couldn’t get drivers---In April, Dell resorted
to bringing back XP for home users ---Microsoft had to release a
pseudo-service pack, SP2c, simply to extend the pool of XP product
keys for users who were concerned about moving to Vista
Vista introduces a weird SBU level of protection, the protected
user-mode process
Users are prevented from:
a. Getting/setting detailed process info
b. Changing process ACLs
c. Injecting threads (CreateRemoteThread)
d. Accessing process memory (Read/WriteProcessMemory)
e. Performing control functions on process memory
(VirtualAllocEx, VirtualProtextEx, VirtualQueryEx)
f. Duplicating handles in processes (DuplicateHandle)
g. Performing thread impersonation (for client/server tasks)
h. Getting/setting detailed thread info
"Admin" becomes ordinary user for many purposes.
Content-protection specs have an obsession with user accessible buses
(UABs)
Drivers must distinguish between a device on the motherboard (no UAB)
and one elsewhere (UAB)
Content can’t be provided across a UAB without encryption
Vista drivers and/or HW vendors are required to implement
Maxwell’s daemon
With the advent of HDMI, an interesting PC ecosystem adjustment will
happen. Graphics manufacturers will need to get into the audio
business (Microsoft innovates in the hardware field)
To provide Vista-approved security-related functionality, you need to
get well-known security experts like MGM, 20th Century-Fox, and Disney
to sign off on it
"Gives a whole new meaning to “Mickey-Mouse security”This increases
motherboard design costs, increases lead times, and reduces OEM
configuration flexibility. This cost is passed on to purchasers of
multimedia PCs and may delay availability of high-performance
platforms" (ATI)
Additional CPU Consumption:
a. Content-related communications (i.e. function calls) have
to be run over an SSL-style protocol
b. Drivers are required to poll underlying hardware every
30ms to ensure that everything appears kosher
c. A mass of assorted drivers has to wake up thirty times a second
just to ensure that… nothing happens
d. Further device-specific polling also takes place---
Vista checks tilt bits on each frame of video displayed
This may explain the multiple reports of video and/or audio
playback stuttering
Coming soon to Slashdot: “Windows Vista causes global warming!”
Result: A $100 bargain-basement card outperforms a $1000
top-of-the-line card for HD content playback
-------------------------------------------------------------------
3. Analysis
Possible Microsoft Thinking
Consumers are locked in Competitors are locked out
"How do I put all these companies in a position where, regardless of
what they see is in their best interest, they have to adopt your
technology? I realized that a major part of my job was to figure out
how to use technology control to create economic force, or leverage,
such that money and business flowed in Microsoft’s direction" (Alex
St.John, father of DirectX)
Frog boiling 101
a. Currently (relatively) few Vista systems deployed, little
premium content available
b. Consumers have little choice but to buy Vista, but they
don’t notice much
c. Vista starts to become more widespread
d. Out-of-support XP is such a malware target that it’s no
longer usable
e. More premium content appears
f. Even this term is misleading: In a few years everything will
be “premium”
g. Content is “commercial content generally, independent of
resolution” (Microsoft)
h. Eventually everything is “premium” → everything is protected
i. By then it’s too late…
At this point Microsoft controls the distribution channel
Like Apple, they can dictate terms back to content producers
Play by our rules or we’ll shut down your distribution channel
There is No Escape
Hardware vendors have to drink the Cool-Aid
There is no requirement to sign the [content-protection] license; but
without a certificate, no premium content will be passed to the driver
Since Windows is the primary market for PC hardware, every vendor will
have to build this stuff into their products
Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD,
OS X, Solaris (on x86), or anything else, Vista’s requirements will
make your hardware more expensive, less reliable, more difficult to
program, and more difficult to support
This affects everyone, not just Vista users
---------------------------------------------------------------------
4. Why Did They Do It?
For the MS marketers, HBO, PPV movies were the holy grail
This lead to more and more lawyer-driven requirements being
added
The main technical problem to overcome was the inability of the PC to
control set-top boxesime
Solution: Move the set-top box into the PC
"Hey, our set-top box now has a fully-featured OS, an Internet
connection, a …"
HP can make a nice profit replacing a $50 Chinese-made player with a
$1000 Media-Center PC
Fears of Tivo-style lawsuits (30-second ad skip) paralysed the Media
Center group
You can’t remove commercials in content that you don’t control and
can’t copy
-------------------------------------------------------------------------------------
</Quote>
http://www.cypherpunks.to/~peter/vista.pdf
Recently DFS told us that we could not work at Microsoft even if we
wanted to, because we were too stupid and they would not hire us.
Personally, I would not want to work for Microsoft. I did work in
industry for several years, and I was always proud of the work I did.
I'd feel like I had to wash my hands after touching this Vista stuff.
And many others feel the same way. The attitude of the engineers who
have to work on Vista compliant devices and drivers comes through
clearly. No wonder Google has been scooping the best brains away from
Microsoft.
Hadron
> Threat modelling the attempt to seal an open architecture
>
> Slides by Peter Gutmann, University of Auckland
"Peter Gutmann" eh? Sounds like .... Nah. Can't be.
>
> <Selected Quotes>
> -----------------------------------------------------------------------------
> 1. What it is:
A thoroughly debunked load of crap pedalled around by none other than Mr
CBFalconer who makes COLA advocates seem to be the shoulders on which
Einstein climbed upon.
Roy Schestowitz
> Threat modelling the attempt to seal an open architecture
>
> Slides by Peter Gutmann, University of Auckland
The poor man has a smear campaign against him because he tells the inconvenient
truth Microsoft and Hollywood are so desperate to hide.
Speaking of witch-hunting researchers:
How Apple orchestrated web attack on researchers
,----[ Quote ]
| Apple is a mega corporation that nearly smashed the reputation of
| two individuals with bogus claims of fraud. It didn't matter
| that they weren't the ones pulling the trigger because they
| were pulling all the strings.
`----
http://blogs.zdnet.com/Ou/?p=451
And Microsoft has its history as well
,----[ Quote ]
| It also was strange to see just how many resources are aligned
| against me when I write a story about Microsoft.
|
| there were close to a dozen other people involved...Some transcribed
| the interviews I conducted; others kept notes on my every utterance
| for clues about what questions I might ask next and ultimately what my
| story would say; others briefed executives with questions I had asked
| and suggested good answers.
`----
http://blog.wired.com/business/2007/03/enough_about_me.html
--
~~ Best of wishes
Roy S. Schestowitz | Linux: mint and self-contained 'out of the box'
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 133 total, 1 running, 131 sleeping, 0 stopped, 1 zombie
http://iuron.com - knowledge engine, not a search engine
Mark Kent
> ____/ nes...@wigner.berkeley.edu on Monday 07 January 2008 17:05 : \____
>
>> Threat modelling the attempt to seal an open architecture
>>
>> Slides by Peter Gutmann, University of Auckland
>
> The poor man has a smear campaign against him because he tells the inconvenient
> truth Microsoft and Hollywood are so desperate to hide.
>
Once upon a time, Academics were respected and protected. Where, when
and how did this go wrong? Have we no protection at all from corporate
interests and manipulation of government?
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| My (new) blog: http://www.thereisnomagic.org |
Roy Schestowitz
> Roy Schestowitz <newsg...@schestowitz.com> espoused:
>> ____/ nes...@wigner.berkeley.edu on Monday 07 January 2008 17:05 : \____
>>
>>> Threat modelling the attempt to seal an open architecture
>>>
>>> Slides by Peter Gutmann, University of Auckland
>>
>> The poor man has a smear campaign against him because he tells the
>> inconvenient truth Microsoft and Hollywood are so desperate to hide.
>>
>
> Once upon a time, Academics were respected and protected. Where, when
> and how did this go wrong? Have we no protection at all from corporate
> interests and manipulation of government?
Remember that academic Microsoft hired some months ago to spread smears about
the GPLv3? That's how bad it is.
I didn't post this one to COLA because it's a personal site (the trolls would
attack me if I posted links to original content of mine), but watch this one
about French universities and Microsoft:
http://boycottnovell.com/2007/12/27/microsoft-europe-influence/
--
~~ Best of wishes
Roy S. Schestowitz | "Spam enchanted evening..."
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 146 total, 1 running, 144 sleeping, 0 stopped, 1 zombie
Roger Wilco
<nes...@wigner.berkeley.edu> wrote in message
news:c8e61abb-e9c4-4ca4...@f47g2000hsd.googlegroups.com...
Figures that pirates like you would be worried about this.
--
Posted via a free Usenet account from http://www.teranews.com
AZ Nomad
><nes...@wigner.berkeley.edu> wrote in message
>news:c8e61abb-e9c4-4ca4...@f47g2000hsd.googlegroups.com...
>Figures that pirates like you would be worried about this.
About what, you fucking idiot, are you talking about? You snipped it all away.
Peter Köhlmann
>
> <nes...@wigner.berkeley.edu> wrote in message
> news:c8e61abb-e9c4-4ca4...@f47g2000hsd.googlegroups.com...
>
> Figures that pirates like you would be worried about this.
>
Translation: You did not understand what was written
--
Just out of curiosity does this actually mean something or have some
of the few remaining bits of your brain just evaporated?
The Ghost In The Machine
<wi...@gmail.com>
wrote
on Mon, 7 Jan 2008 19:17:10 -0500
<4782b554$0$26049$8826...@free.teranews.com>:
>
> <nes...@wigner.berkeley.edu> wrote in message
> news:c8e61abb-e9c4-4ca4...@f47g2000hsd.googlegroups.com...
>
> Figures that pirates like you would be worried about this.
>
DRM abusers should certainly be worried. However, the
vast majority of us are unlikely to abuse DRM; we merely
want to use it. DRM puts us in the interesting position
of having to prove our innocence before doing something.
While this may be the only way to proceed from an
electronic standpoint (otherwise one could withdraw
millions of dollars from someone's account and then skip
town!), it's not exactly friendly given the US's notions
of freedom.
--
#191, ewi...@earthlink.net
Windows Vista. Because it's time to refresh your hardware. Trust us.
![[H]omer's profile photo](http://lh3.googleusercontent.com/a-/ALV-UjWMQWyYwHeIwxhG3nGUeGWmLQD0R8TeZrvdWDiv5-2S_z3rHg=s40-c)
[H]omer
> DRM abusers should certainly be worried. However, the vast majority
> of us are unlikely to abuse DRM; we merely want to use it.
Personally, I don't. I'd rather abuse DRM the same way it wants to abuse
me, by ignoring it. AFAIAC DRM is little more than an incompatible
format, and a broken one at that. Just using DRM encumbered content at
all is an admission of guilt, IMHO, since it supports the allegation
that one is a criminal who must be restrained and monitored. Well I
don't need a probation officer, thank you very much. If only the same
effort was dedicated to bringing *real* criminals like Microsoft, the
RIAA and the MPAA to justice, the world would be a very different place
indeed.
--
K.
http://slated.org
.----
| "[Microsoft] are willing to lose money for years and years just to
| make sure that you don't make any money, either." - Bob Cringely.
| - http://blog.businessofsoftware.org/2007/07/cringely-the-un.html
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.23.8-63.fc8
05:36:30 up 19 days, 3:12, 5 users, load average: 0.05, 0.14, 0.45
chrisv
>Figures that
*plonk*