Microsoft Warbird and PMP

In a result of its research investigation efforts, Security Explorations, a research lab of AG Security Research company, conducted security analysis of Microsoft Warbird and Protected Media Path technologies.

Microsoft Protected Media Path (PMP) is a set of technologies of which goal is to enforce security of content (security of PlayReady DRM) in a Windows OS environment (Wikipedia).

In Windows OS, Protected Media Path is implemented both in kernel and user space. It relies on crypto, code integrity, auth checks, whitebox crypto and code obfuscation.

Microsoft Warbird is a compiler technology from Microsoft of which goal is to make reverse engineering (such as static and dynamic analysis) of code components comprising certain Windows OS components hard. More specifically, the goal is to make it hard to extract secrets pertaining to code implementation in an untrusted (under attacker's control) environment.

As a result of the research several deficiencies have been discovered in various PMP components, which could be exploited to gain access to plaintext content keys guarded by PlayReady (Windows 10 / Windows 11 environment and SW DRM case).

Leave a Comment