Hello All,
There is an architectural / design issue of PlayReady, which can be
successfully exploited to gain access to license server by arbitrary
clients. The problem has its origin in flat certificate namespace /
reliance on a single root key in PlayReady along no auth at license
server end by default (deemed as no bug by Microsoft).
PlayReady client certificates encountered in Windows 10 / 11 and
CANAL+ STB device environments share a common feature. They are all
digitally signed by the so called WMRMECC256 Key identified by the
following public component:
    C8 B6 AF 16 EE 94 1A AD AA 53 89 B4 AF 2C 10 E3
    56 BE 42 AF 17 5E F3 FA CE 93 25 4E 7B 0B 3D 9B
    98 2B 27 B5 CB 23 41 32 6E 56 AA 85 7D BF D5 C6
    34 CE 2C F9 EA 74 FC A8 F2 AF 59 57 EF EE A5 62
Such an approach implicates the following:
- all PlayReady license servers deployed across different content
providers need to embed private key of WMRMECC256 Key for client
identity verification purposes. Compromise of one provider can
potentially impact other providers too,
- client identities originating from different environments are to be
successfully validated by PlayReady license server as long as the
client identity certificate chain is signed by WMRMECC256 Key.
We exploited the above flat certificate namespace / reliance on a
single root key in PlayReady in the context of CANAL+ environment.
On Aug 12, 2024, the compromised STB certificate used by us to
demonstrate the possibility of a massive piracy in CANAL+ environment
has been finally revoked.
Compromised device certificate revocation hasn't addressed the core of
the issue though (no client auth at PlayReady license server end). It
took us less than an hour to change the code of our POC (PlayReady
Toolkit) in order to make it work again, successfully obtain licenses
for content and download arbitrary movies from CANAL+ VOD library, all
regardless of the certificate revocation.
We imported the identity file generated for Windows 10 PlayReady
client to it (some arbitrary identity from May 2024) along private
signing and encryption keys corresponding to it and obtained through
attacks #3 and #4 (complete client identity compromise).
The end result was a fully functional POC and Windows PlayReady client
working in what one would assume to be an isolated PlayReady
environment of CANAL+ set-top-boxes. Microsoft PlayReady license
server successfully accepted and processed identity certificate chain
with obfuscated keys and leaf certs specific to Windows environment.
Such an operation of PlayReady license server makes any certificate
revocations to be rather irrelevant (vide hundreds of millions of
identities associated with Windows PlayReady clients).
Thank you.
Best Regards,
Adam Gowdiak
----------------------------------
Security Explorations -
AG Security Research Lab
https://security-explorations.com
----------------------------------