Microsoft PlayReady – complete client identity compromise

Read Time:23 Second

Posted by Security Explorations on May 09

Hello All,

We have come up with two attack scenarios that make it possible to
extract private ECC keys used by a PlayReady client (Windows SW DRM
scenario) for the communication with a license server and identity
purposes.

More specifically, we successfully demonstrated the extraction of the
following keys:
– private signing key used to digitally sign license requests issued
by PlayReady client,
– private encryption key used to decrypt license…

Read More