[wdmaudiodev] Re: Capturing protected audio using MS Detours

• From: Matthew van Eerde <Matthew.van.Eerde@xxxxxxxxxxxxx>
• To: ambrish dantrey <a4ambrish@xxxxxxxxx>, "wdmaudiodev@xxxxxxxxxxxxx" <wdmaudiodev@xxxxxxxxxxxxx>
• Date: Wed, 4 Sep 2013 20:10:55 +0000

> I can easily inject detoured functions into PowerDVD process

Try it and see. I don't think you can, at least not easily.

From: ambrish dantrey [mailto:a4ambrish@xxxxxxxxx]
Sent: Wednesday, September 4, 2013 1:07 PM
To: wdmaudiodev@xxxxxxxxxxxxx; Matthew van Eerde
Subject: Re: [wdmaudiodev] Re: Capturing protected audio using MS Detours

Thanks Matthew for your answer.

What does control of player mean here?
Let me give you an example. If I had a bluray disk with protected audio data, I 
can't directly read it since data is encrypted. Only some trusted playback 
applications (e.g. Cyberlink PowerDVD) have keys to decrypt it.

These playback applications use DRM calls to make sure there is a trusted audio 
driver to handle protected data. Once DRM calls succeed they start sending data 
over to driver through GetBuffer() and ReleaseBuffer() calls. The assumption is 
that once DRM calls succeed, it is safe to hand over decrypted data to OS (and 
driver).

However, I can easily inject detoured functions into PowerDVD process and 
capture the decrypted data. I don't need source code of player or any other 
authentication.
Doesn't this represent a hole in DRM pipeline?
Thanks and regards,
Ambrish

On Wed, Sep 4, 2013 at 10:10 PM, Matthew van Eerde 
<Matthew.van.Eerde@xxxxxxxxxxxxx<mailto:Matthew.van.Eerde@xxxxxxxxxxxxx>> wrote:
Sure, you can do that, but at that point you're already on the other side of 
the airtight hatchway. If you have control of the player, you don't need 
detours at all; you can just read the data directly from the source.

From: wdmaudiodev-bounce@xxxxxxxxxxxxx<mailto:wdmaudiodev-bounce@xxxxxxxxxxxxx> 
[mailto:wdmaudiodev-bounce@xxxxxxxxxxxxx<mailto:wdmaudiodev-bounce@xxxxxxxxxxxxx>]
 On Behalf Of ambrish dantrey
Sent: Wednesday, September 4, 2013 9:35 AM
To: wdmaudiodev@xxxxxxxxxxxxx<mailto:wdmaudiodev@xxxxxxxxxxxxx>
Subject: [wdmaudiodev] Capturing protected audio using MS Detours

I just did a POC which captures audio data using MS detours. All I did was to 
detour GetBuffer() and ReleaseBuffer() calls and dump audio data in a file. I 
have tested it out and it seem to be working fine.
I was wondering how this POC will behave with protected content (HBR audio data 
usually available with BDs). Will it be able to capture protected data?

I have no intention of capturing protected content. It's just that I don't see 
anything preventing someone from ripping protected audio content using MS 
detours and was wondering if Microsoft puts in some sort of checks to prevent 
it. (e.g. restriction on protected audio playback if detour.dll is loaded in 
process).
Thanks and regards,
Ambrish

• References:
  • [wdmaudiodev] Capturing protected audio using MS Detours
    • From: ambrish dantrey
  • [wdmaudiodev] Re: Capturing protected audio using MS Detours
    • From: Matthew van Eerde
  • [wdmaudiodev] Re: Capturing protected audio using MS Detours
    • From: ambrish dantrey

Other related posts:

• » [wdmaudiodev] Capturing protected audio using MS Detours- ambrish dantrey
• » [wdmaudiodev] Re: Capturing protected audio using MS Detours- Matthew van Eerde
• » [wdmaudiodev] Re: Capturing protected audio using MS Detours- Etienne Dechamps
• » [wdmaudiodev] Re: Capturing protected audio using MS Detours- ambrish dantrey
• » [wdmaudiodev] Re: Capturing protected audio using MS Detours - Matthew van Eerde

1. Home
2. wdmaudiodev
3. Archive
4. 09-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---