October 20, 2018

CD DRM: Attacks on Installation

Alex and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here later in the week. Until then, we’ll post drafts of a few sections here. We have two reasons for this: we hope the postings will be interesting in themselves, and we hope your comments will help us improve the paper.

Today’s section is part of the technical core of the paper.

Please note that this is a draft and should not be formally quoted or cited. The final version of our entire paper will be posted here when it is ready

Attacks on Installation

Active protection measures cannot begin to operate until the DRM software is installed on the user’s system. In this section we consider attacks that either prevent installation of the DRM software, or try to capture music files from the disc in the interval after the disc has been inserted but before the DRM software is installed on the computer.

Autorun

Both XCP and MediaMax relies on the autorun feature of Windows. Whenever removable media, such as a floppy disc or CD, is inserted into a Windows PC (and autorun is enabled), Windows looks on the disc for a file called autorun.ini; if a file with that name is found, Windows executes commands found in it. Autorun allows a disc to pop up a splash screen or simple menu, for example to offer to install software found on the disc. However, the autorun mechanism will run any program that the disc specifies.

Other popular operating systems, including MacOS and Linux, do not have an autorun feature, so this mechanism does not work on these other systems. XCP ships only Windows code and so has no effect on other operating systems. MediaMax ships with both Windows and MacOS code on the CD, but only the Windows code can autorun. The MacOS code relies on the user to double-click an installer on the CD, which few users will do.

Current versions of Windows ship with autorun enabled by default, but the user can choose to disable it. Many security experts advise users to disable autorun, to protect against disc-borne malware. If autorun is disabled, the XCP or MediaMax active protection software will not load or run.

Even if autorun is enabled, the user can block autorun for a particular disc by holding down the Shift key while inserting the disc. This will prevent the active protection software from running.

Even without disabling autorun, a user can prevent the active protection software from loading by covering up the portion of the disc on which it is stored. Both XCP and MediaMax discs contain two sessions, with the first session containing the music files and the second session containing DRM content, including the active protection
software and the autorun command file. The first session begins at the center of the disc and extends outward; the second session is near the outer edge of the disc.

By covering the outer edge of the disc, the user can cover up the second session’s files, effectively converting the disc back to an ordinary single-session disc. The edge of the disc can be covered with nontransparent material such as masking tape, or by writing over it with a felt-tip marker. Exactly how much of the disc to cover can be determined by iteratively covering more and more until the disc’s behavior changes, or by visually inspecting the disc to look for a difference in appearance of the disc’s surface which is often visible at the boundary between the two sessions.

Temporary Protection

Even if the copy protection software is allowed to autorun, there is a period of time, between when a protected disc is inserted and when the active protection software is installed, when the music is vulnerable to copying. It would be possible to have the discs immediately and automatically install the active protection software, minimizing this window of vulnerability, but legal and ethical requirements should preclude this option. Installing software without first obtaining the user’s consent appears to be illegal in the U.S. under the Computer Fraud and Abuse Act (CFAA) as well as various state anti-spyware laws [citation].

Software vendors conventionally obtain the user’s consent to installation of their software by displaying an End User License Agreement (EULA) and asking the user to agree to it. Only after the user agrees to the EULA is the software installed. The EULA informs the user, in theory at least, of the general scope and purpose of the
software being installed, and the user has the option to withhold consent by declining the EULA, in which case no software is installed. As we will see below, the DRM vendors do not always follow this procedure.

If the discs didn’t use any other protection measures, the music would be vulnerable to copying while the installer waited for the user to accept or reject the EULA. Users could just ignore the installer’s EULA window and switch tasks to a CD ripping or copying application. Both XCP and MediaMax employ temporary protection mechanisms to
protect the music during this time.

XCP Temporary Protection

The first time an XCP-protected disc is inserted into a Windows machine, the Windows autorun feature launches the XCP installer, the file go.exe located in the contents folder on the CD. The installer displays a license agreement and prompts the user to accept or decline it. If the user accepts the agreement, the installer installs the XCP active protection software onto the machine; if the user declines, the installer ejects the CD and exits.

While the EULA is being displayed, the XCP installer continuously monitors the list of processes running on the system. It compares the image name of each process to a blacklist of nearly 200 ripping and copying applications hard coded into the go.exe program. If one or more blacklisted applications are running, the installer replaces the EULA display with a warning (shown at right [in the paper version, but not here]) indicating that the applications need to be closed in order for the installation to continue. It also initiates a 30-second countdown timer; if the any of the applications are still running when the countdown reaches zero, the installer ejects the CD and quits. [Footnote: Similar application blacklisting techniques have been used in other security contexts. The client software for World of Warcraft, a massively multiplayer online role playing game, checks running applications against a regularly updated blacklist of programs used to cheat. [citation]]

This technique might prevent some unsophisticated users from copying the disc while the installer is running, but it can be bypassed with a number of widely known techniques. For instance, users might kill the installer process (using the Windows Task Manager) before it could eject the CD, or they might use a ripping or copying application that locks the CD tray, preventing the installer from ejecting the disc.

The greatest limitation of the XCP temporary protection system is the blacklist. Users might find ripping or copying applications that are not on the list, or they might use a blacklisted application but rename its executable file to prevent the installer from recognizing it. Since there is no mechanism for updating the blacklist on existing CDs, they will gradually become easier to rip and copy as new applications not on the blacklist come into widespread use. Application developers may also adapt their software to the blacklisting technique by randomizing their process image names or taking other measures to avoid detection. [Footnote: An extreme extension of this would be to adopt rootkit-like techniques to conceal the copying application’s presence, just as XCP hides its active protection software.]

MediaMax Temporary Protection

The MediaMax system employs a different—and highly controversial, if not illegal—temporary protection measure. It defends the music while the installer is running by installing, and at least temporarily activating, the active protection software before displaying the EULA. The software is installed without obtaining consent, and it remains installed (and in some cases, permanently active) even if the user explicitly denies consent by declining the license agreement. This practice is uncomfortably close to the behavior of spyware and
may be illegal.

Prior to license acceptance, both MediaMax version 3 and version 5 discs install the active protection driver. (At this writing, version 5 is the current version. To our knowledge, there was no version 4.) The driver file sbcphid.sys is copied to the Windows drivers directory, configured as a service in the registry, and launched. Initially, the driver’s startup type is set to “Manual,” so it will not re-launch the next time the computer boots; however, it remains running until the computer is shut down and remains installed permanently. Albums that use MediaMax version 5 additionally install components of the MediaMax player software before displaying a license agreement—almost 12 megabytes of programs and data that are stored in %programfiles%Common FilesSunnComm Shared. These files are not removed if the EULA is declined.

Even more troublingly, under some common circumstances the MediaMax installer will permanently activate the active protection software (by setting its startup type to “Auto,” which causes it to be launched every time the computer boots). This behavior is related to a mechanism in the installer apparently intended to upgrade the active protection software if an older version is already installed. Under the following scenarios, it is triggered even if the user previously declined the EULA:

  • The user inserted a CD-3 (older version of MediaMax) album, then sometime later inserts an MM-5 (current version of MediaMax at this writing) album.
  • The user inserted an MM-5 album, then sometime later inserts a CD-3 album.
  • The user inserted an MM-5 album, reboots, then sometime later inserts the same album or another MM-5 album.

These steps do not have to take place in a single session. They can happen over a period of weeks or months, as users purchase new albums.

We can think of two possible explanations for this behavior. Perhaps the vendor, SunnComm, did not test these scenarios to determine what their software did, and so did not realize that they were activating the software without consent. Or perhaps they did know what would happen in these cases and deliberately chose these behaviors. Either possibility is troubling, indicating either a badly deficient design and testing procedure or a deliberate decision to install software after the user denied permission to do so.

Even if poor testing is the explanation for activating the software without consent, it is clear that SunnComm deliberately chose to install the MediaMax software code on the user’s system even if the user did not consent. These decisions are difficult to reconcile with the ethical and legal requirements on software companies. But they are easy to reconcile with the vendor’s platform building strategy, which rewards the vendor for placing its software on as many computers as possible.

Even the activation of temporary protection software before the user consents to anything raises troubling ethical questions. It is hard to argue that the user has consented to loading and running software merely by the act of inserting the disc. Most users do not expect the insertion of a compact disc to load software, and although many (but not all) of the affected discs did contain a statement about protection software being on the discs, the statements generally were confusingly worded, were written in tiny print, and did not say explicitly that software would install or run immediately upon insertion of the disc. Some in the record industry argue that the industry’s need to block potential infringement justifies the short-term execution of the temporary protection software on every user’s computer. We think this issue deserves more ethical and legal debate.

Passive Protection

Another way to prevent copying before active protection software is installed is to use passive protection measures. Passive protection exploits subtle differences between the way computers read CDs and the way ordinary CD players do. By changing the layout of data on the CD, it is sometimes possible to confuse computers without affecting ordinary players. In practice, the distinction between computers and CD players is less precise. Older generations of CD copy protection, which relied entirely on passive protection, proved easy to copy in some computers and impossible to play on some CD players [citation]. Furthermore, computer hardware and software has tended to get better at reading the passive protected CDs over time as it became more robust to all manner of damaged or poorly formatted discs. For these reasons, more recent CD DRM schemes rely mainly on active protection.

XCP uses a mild variety of passive protection as an added layer of security against ripping and copying. This form of passive protection exploits a quirk in the way Windows handle multisession CDs. When CD burners came to market in the early 1990s, the multisession CD format was introduced to allow data to be appended to partially recorded discs. (This was especially desirable at a time when recordable CD media cost tens of dollars per disc.) Each time data is added to the disc, it is written as an independent series of tracks called a session. Multi-session compatible CD drives see all the sessions, but ordinary CD players, which generally do not support the multisession format, recognize only the first session.

Some commercial discs use a variant of the multisession format to combine CD audio and computer accessible on a single CD. These discs adhere to the Blue Book [citation] or “stamped multisession” format. According to the Blue Book specification, stamped multisession discs must contain two sessions: a first session with 1–99 CD audio tracks, and a second session with one data track. The Windows CD audio driver contains special support for Blue Book discs. It presents the CD to playing and ripping applications as if it was a normal audio CD. Windows treats other multisession discs as data-only CDs.

XCP discs deviate from the Blue Book format by adding a second data track in the second session. This causes Windows to treat the disc as a regular multisession data CD, so the primary data track is mounted as a file system, but the audio tracks are invisible to player and ripper applications that use the Windows audio CD driver. This includes Windows Media Player, iTunes, and most other widely used applications.

Using a specialized procedure, it is possible to create discs with this flavor of passive protection with standard CD burning hardware and software [citation].

Limitations

This variety of passive protection provides only limited resistance to ripping and copying. There are a number of well-known methods for defeating it. Advanced ripping and copying applications avoid the Windows CD audio driver altogether and issue MMC commands [citation] directly to the drive. This allows programs such as Nero [citation] and Exact Audio Copy [citation] to recognize and read all the audio tracks. Non-Windows platforms, including Mac and Linux systems, read multisession CD more robustly and don’t suffer from the limitation that causes ripping problems on Windows. The felt-tip marker trick can also defeat this kind of passive protection, as noted above.

CD DRM: Unauthorized Deactivation Attacks

Alex and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here next week. Until then, we’ll post drafts of a few sections here. We have two reasons for this: we hope the postings will be interesting in themselves, and we hope your comments will help us improve the paper.

Today’s section is part of the technical core of the paper.

Please note that this is a draft and should not be formally quoted or cited. The final version of our entire paper will be posted here when it is ready.

Unauthorized Deactivation Attacks

As described previously, active protection methods rely on installing and running software components that interfere when ordinary software tries to access the disc. If an adversary can remove or deactivate the active protection software, then the DRM scheme will fail to prevent arbitrary use or ripping of the music on the disc. In this section we discuss such deactivation attacks.

One attack strategy is to manually deactivate or uninstall the active protection software. This can be done by using standard system administration tools, which are designed to find, characterize, and control the programs installed on a machine. This attack is very difficult to stop if the user has system administrator privileges on the machine.

Deactivating MediaMax

The MediaMax active protection software is simple to deactivate since it is comprised of a single device driver with a consistent service name, sbcphid. The driver can be removed by using the Windows command sc delete sbcphid to stop the driver, and then removing the sbcphid.sys file containing the driver code. Once the driver is deactivated, MediaMax-protected albums can be accessed as if they were unprotected.

Defenses Against Deactivation

To counter these deactivation attacks, a vendor might try to use technical tricks to evade detection and frustrate removal of the active protection software. The best example of this kind of defense is the rootkit-like behavior of XCP, famously discovered by Mark Russinovich [citation], as described earlier.

When XCP installs its active protection software, it also installs a second program—the rootkit—that hides the software’s presence. Specifically, it conceals any file, process, or registry key with a name that begins with the prefix $sys$. The result is that XCP’s main installation directory, and most of its registry keys, and almost all of its individual files and processes are made invisible to normal programs and administration tools.

The rootkit is installed as a kernel-level driver named $sys$aries and set to automatically load early in the boot process. When the rootkit starts, it hooks several Windows system calls by modifying the system service dispatch table, the kernel’s KeServiceDescriptorTable structure. This structure is an array of pointers to the kernel functions that implement basic system calls. The rootkit changes five of these addresses so that they point to functions within the rootkit. When an application invokes one of these patched system calls, it is handled by the rootkit instead of the original function in the kernel. The rootkit calls the real kernel function with the same parameters and filters the results before returning them to the application.

The system calls intercepted by the rootkit are:

  • NtQueryDirectoryFile – This function is used to list the contents of a directory; the rootkit version filters out directory entries that begin with $sys$, rendering such files and directories invisible to applications.
  • NtCreateFile – This call is used for creating and opening files. The rootkit version returns an invalid filename error when programs attempt to open existing files with names starting with $sys$, protecting XCP’s files from reading or writing by other programs.
  • NtQuerySystemInformation – One use of this function is to obtain a list of running processes. The rootkit filters out any processes with names prefixed by $sys$, making them invisible to other applications.
  • NtEnumerateKey – This function returns a list of the subkeys of a registry key. The rootkit filters the results to remove subkeys with names starting with $sys$. Note that it does not conceal individual fields within the registry (“values” in Windows parlance) with names starting with $sys$.
  • NtOpenKey – This function opens a registry key for reading or modifying. The rootkit intercepts this function call but does not alter its behavior. Its authors may have intended to restrict access to hidden registry keys in the same way that the hooked NtQueryDirectoryFile call restricts access to hidden files, but for some reason they did not ship a working implementation of this behavior.

The rootkit begins each intercepted function by checking the name of the calling process. If the process’s name begins with $sys$, the rootkit returns the results of the real kernel function without alteration. This allows XCP’s own processes to bypass the rootkit’s filters for a complete view of the system.

The XCP rootkit increases users’ vulnerability to many kinds of attacks because it can be used to hide arbitrary software, not just XCP. The rootkit is indiscriminate about what it conceals—any files, registry keys, or processes with names beginning in $sys$ will be hidden. Spyware and malware authors can leverage this functionality on systems where the rootkit is installed. This saves attackers the trouble of installing their own rootkits, but more importantly, it gives them access to a rootkit in situations where they would not be able to install one themselves because of the system’s security policies.

Only kernel-level processes are allowed to patch the Windows system service dispatch table, and only privileged users—normally, members of the Administrators or Power Users groups—are allowed to install such processes. (XCP iteslf requires these privileges to install.) Malicious code executed by an unprivileged user wouldn’t normally be allowed to install a rootkit that intercepted system calls in the kernel. However, if the XCP rootkit is installed, its cloaking behavior applies to all users regardless of their security privileges. Unprivileged malware can adopt the $sys$ prefix to become invisible to both privileged and unprivileged users. This privilege escalation attack has already been exploited by at least two Trojan horses discovered in the wild [citations].

Another privilege escalation attack facilitated by the XCP rootkit allows an unprivileged application to crash the system. Russinovich demonstrated this problem using an automated testing program he created called NTCRASH2 [citation]. This utility makes repeated system calls with randomly generated invalid parameters. The original Windows kernel functions handle invalid inputs correctly and the system remains stable, but with the XCP rootkit installed, certain invalid inputs result in a system crash.

We investigated the specific circumstances when these crashes occur. The rootkit’s implementation of NtCreateFile can cause a crash if it is passed an invalid pointer as its ObjectAttribute argument, or if it is passed a valid ObjectAttributes structure that points to a ObjectName structure with an invalid Buffer pointer. We do not believe that an attacker could exploit these flaws to execute code; however, they do allow an unprivileged user to bring the system to a halt. As Russinovich and other have pointed out, these problem illustrates the security danger of installing software in secret. Users experiencing system instability due to these rootkit bugs would have great difficulty diganosing the problem, since they likely would be unaware of the rootkit’s presence.

Deactivating XCP

Deactivating XCP’s active protection software is more complicated because it is comprised of a number of processes that are more deeply entagled in the system configuration, and because these files are hidden by the XCP rootkit. Deactivation can be accomplished by a three-step procedure.

The first step is to deactivate and remove the rootkit. This is the same procedure used to deactivate MediaMax. The only change is that the driver’s name is aries.sys. Disabling the rootkit and then rebooting the system exposes the previously hidden files, registry entries, and processes (ones with names prefixed with $sys).

The second step is to edit the system registry to remove references to XCP’s filter drivers and CoDeviceInstallers. XCP uses the Windows filter driver facility to intercept commands to the CD drives and IDE bus. If these filter drivers are not removed, the CD and IDE device drivers will fail to initialize after the program files for the filter drivers are deleted. This can cause the CD drives to malfunction, or, worse, cause the system to fail to boot because the IDE device driver is disabled. XCP’s filter drivers can be neutralized by editing the
Windows Registry to remove any reference to a driver named $sys$cor from any registry entries named UpperDrivers or LowerDrivers. The CoDeviceInstallers can be neutralized by removing any lines containing $sys$caj from any list of CoDeviceInstallers.

The third step is to delete the XCP services and remove the XCP program files. Services named $sys$lim, $sys$oct, cd_proxy, $sys$drmserver, and $sys$cor can be deactivated using the sc delete command, and then files named crater.sys, lim.sys, oct.sys, $sys$cor.sys, $sys$caj.dll, and $sys$upgtool.exe can be deleted. After the system is rebooted, the two remaining files, named CDProxyServ.exe and $sys$DRMServer.exe can be removed.

After performing these steps, XCP will now deactivated, and only the passive protection on XCP CDs will continue to be in force. Of course, these steps could easily be automated, creating a point-and-click tool for removing XCP.

CD DRM as Spyware

Tactics like the rootkit function, and the engineering of programs so that removal attempts can system instabilty, iare often used by spyware programs. That active DRM systems would be drawn to the same tactics as spyware should come as no surprise, as the two have the same goal: to prevent a user from removing unwanted software. In both cases, the user wants to remove the software (if he can find it) because the software provides no value to the user and can only harm him.

These tactics harm users, primarily by undermining users’ ability to manage their computers. If users lose track of which programs are running on their computers, they lose the opportunity to remove or patch programs that are malfunction and to remove unneeded programs. Maintaining a secure configuration is difficult already, and spyware tactics make it even more difficult. Though it is not surprising that spyware tactics would have attraction for DRM designers, it was a bit surprising that mass-market DRM vendors chose to use those tactics despite the risk of harming users. If only one vendor had chosen to use such tactics, we could write it off as an aberration. But two vendors made that choice, which is probably not a coincidence.

We suspect that the explanation may lie in the DRM vendors’ platform building strategy, which relies on keeping the software installed on as many computers as possible, coupled with the risk tolerance of DRM startup companies. The vendors may not have realized the extent of damage they could be causing, but they must have known that they were doing some harm. Our hypothesis is that the vendors allowed the lure of platform building to override the risk to users.

Authorized Uninstallers

Once users began to complain about the spyware-like behavior of the XCP and MediaMax software, the vendors offered access to uninstallers that would remove their software from users’ systems. Uninstallers had been available previously, but they were very difficult to obtain. For example, to get the original XCP uninstaller, a user had to fill out an online form involving some personal information, then wait a few days for a reply email, then fill out another online form and install some software, then wait a few days for yet another email, and then finally click a URL in the last email. We can think of no explanation for the complexity of this procedure, other than a desire to deter users from uninstalling the software.

The uninstallers, when a user did succeed in getting one of them, did not behave like ordinary software uninstallers. Normally an uninstaller is a standalone program that the user runs, either by double-clicking it or by using a system-provided user interface to designate the program to be removed. One advantage of ordinary uninstallers is that they can be acquired and used by any user who has the software.

The first XCP uninstaller did not work this way. Instead, the uninstaller was customized for each user, so that it would work only for a limited time and only on the computer on which the user had filled out the second form. This meant, for example, that if a user uninstalled the XCP software but it got reinstalled later—as might happen if the user inserted an XCP-bearing CD—the user could not use the same uninstaller again but would have to go through the entire process again to request a new one.

Customizing the uninstaller in this way is more difficult for the vendor and increases customer support costs, compared to a more traditional uninstaller, so a rational vendor would not do it unless there was some benefit. Most likely, the benefit is to the vendor’s platform building strategy, which takes a step backward every time a user uninstalls the vendor’s software. Customizing the uninstaller allows the vendor to contol who receives the uninstaller and to change the terms under which it is delivered in the future.

As user complaints mounted, Sony-BMG announced that unrestricted uninstallers for both XCP and MediaMax would be made available to all users from the vendors’ web sites. Both vendors chose to make these uninstallers available as ActiveX controls accessed via a web site.

By an unfortunate coincidence, both uninstallers turned out to open the same serious vulnerability on any computer where they were used.

MediaMax Uninstaller Vulnerability

The MediaMax uninstaller employed a proprietary ActiveX control called AxWebRemove.ocx created and signed by MediaMax author SunnComm. When users visited the MediaMax uninstaller web page, Internet Explorer prompted them to install the control. Then the web page invoked one of the control’s methods to uninstall MediaMax. This method, Remove, took two parameters: key, and validate_url. The key parameter was a single-use code provided by MediaMax technical support, and the validate_url parameter specified a web page that would validate the key and deliver executable code to perform the actual uninstallation.

When Remove is called from the web page, is issues an HTTP GET request to the provided url to validate the key. If it is valid, the server responds with the message true, {uninstall_url, where uninstall_url is the URL of a DLL file containing code to uninstall MediaMax. The control retries this DLL file from the Internet and saves it to a temporary location, then calls a function in the DLL named ECF7() to perform the uninstallation. If the function returns sucess, the control issues a second HTTP GET request to validate_url to report that the uninstall was sucessful and that the single-use key should be retired.

This design is vulnerable because the control accepts an arbitrary validate_url parameter and does not check that the DLL specified by the key validation server is authentic. The ActiveX control is not itself removed during the uninstallation process, so its methods can be invoked later by any web page without further browser security warnings. A attacker can create a web page that invokes the Remove method and provides a validate_url pointing to a page under the attacker’s control. This page can return an uninstall_url pointing to a DLL created by the attacker. When the MediaMax control executes the uninstall function in this file, arbitrary attacker code will execute on the user’s machine.

XCP Uninstaller Vulnerability

The XCP uninstaller contains the same design flaw and is only slightly more difficult to exploit. XCP’s ActiveX-based uninstaller invokes a proprietary ActiveX control named CodeSupport.ocx. (Early versions of XCP’s rootkit removal patch utilized the same control.) Usually this control is installed when users perform the second step in the three-step XCP uninstall process. In this step, the user is prompted to explain why they are requesting to uninstall XCP. The user’s response is sent to an XCP server along with a pseudorandom code generated by the ActiveX control. The same code is written to the system registry. Eventually the user receives an email with a link to another web page that uses the ActiveX control to remove XCP, but only after verifying that the code sent with the request matches the code in the local system registry. This check ensures that the uninstaller is only used on the machine from which the uninstallation request was made. As a consequence of this design, the control may be present on a user’s system even if she never performed the step in the uninstallation process where XCP is removed.

Matti Nikki first noted that the XCP ActiveX control contains some suspiciously-named methods, including InstallUpdate(url), Uninstall(url), and RebootMachine() [citation]. He demonstrated that the control remained installed after the XCP uninstallation was complete, and that its methods (including one that restarted the computer) were scriptable from any web page without further browser security warnings.

We found that the InstallUpdate and Uninstall methods have an even more serious flaw. Each takes as an argument a URL pointing to a specially formatted archive that contains updater or uninstaller code and data files. When these methods are invoked, the archive is retrieved from the provided URL and stored in a temporary location. For the InstallUpdate() method, the ActiveX control extract from the archive a file named InstallLite.dll and calls a function in this DLL named InstallXCP().

Like the MediaMax ActiveX control, the XCP control does not validate the download URL or the downloaded archive. The only barrier to using the control to execute arbitrary code is the proprietary format of the archive file. We determined the format by disassembling the control. The archive file consists of several blocks of gzip-compressed data, each storing a seperate file and preceded with a short header. At the end of the archive, a catalog structure lists metadata for each of the blocks, including a 32-bit CRC. The control verifies this CRC before executing code from the DLL.

With knowledge of this file format, we constructed an archive containing sample (benign) exploit code. The most difficult detail was the CRC, which is computed with an apparently proprietary algorithm that proved tedious to reverse engineer. We saved the trouble by having the ActiveX control compute the CRC for us. The control checks the CRC by computing a CRC for the file data in the archive and verifying that it matches the CRC specified in the archive catalog. We inserted a break point where the comparison occurs and ran the control on an archive containing code we prepared. We then took the CRC computed by the control and placed it in the archive catalog. Thus modified, the archive passed the CRC check and the ActiveX control executed our code. (This illustrated why digital signatures, rather than CRCs, must be used to validate code from untrusted sources.)

This procedure would allow a malicious web site to execute arbitrary code on the user’s machine. Like the MediaMax uninstaller flaw, it is especially dangerous because users who have completed the uninstallation may not be aware that they are still vulnerable.

Obviously, these vulnerabilities could have been prevented by careful design and programming. But they would not have been possible at all if not for the decision to deliver the uninstallers via this ActiveX method rather than using an ordinary download. We conjecture that the vendors chose to use ActiveX in this way because they wanted to retain the ability to rewrite, modify, or cancel the uninstaller later, and that this desire was driven at least in part by the vendors’ platform building strategy.

Summary of Deactivation Attacks

When all is said and done, there is little a CD DRM vendor can do to stop users from deactivating active protection software. A user can do this via ordinary security and system administration tools; attempts by the vendor to interfere with these tools are harmful and will trigger a strong backlash from users. In practice, vendors will probably have to provide some kind of uninstaller – users will insist on it, and some users will need it to deal with the bugs and incompatibilities that crop up occasionally in any complex software. Once an uninstaller is released, users will be able use it to remove the DRM software. Ultimately, determined users will be able to keep CD DRM software off their machines.

CD DRM: Compatibility and Software Updates

Alex and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here next week. Until then, we’ll post drafts of a few sections here. We have two reasons for this: we hope the postings will be interesting in themselves, and we hope your comments will help us improve the paper.

Today’s section will be (in the final paper) the last part of the technical core of the paper. Readers of the final paper will have seen the rest of our technical analysis by this point. Blog readers haven’t seen it all yet – stay tuned.

Please note that this is a draft and should not be formally quoted or cited. The final version of our entire paper will be posted here when it is ready.

Compatibility and Software Updates

Compared to other media on which software is distributed, compact discs have a very long life. Many compact discs will still be inserted into computers and other players twenty years or more after they are first bought. If a particular version of (say) active protection software is burned onto a new CD, that software version may well try to install and run itself decades after it was first developed.

The same is not true of conventional software, even when it ships on a CD-ROM. Very few if any of today’s Windows XP CDs will be inserted into computers in 2026; but CDs containing today’s CD DRM software will be. Accordingly, CD DRM software faces a much more serious issue of compatibility with future systems.

The future compatibility problem has two distinct aspects: safety, or how to avoid incompatibilities that cause crashes or malfunction of other software, and efficacy, or how to ensure that the desired anti-copying features remain effective.

Protecting Safety by Deactivating Old Software

Safety is the easier attribute to protect, and in most respects the more important. One way to protect safety is to design the DRM software so that it is likely to be inert and harmless on future systems. Both XCP and MediaMax do this by relying on the Windows Autorun feature, which is unlikely to be supported in future Windows versions for security reasons. If, say, the upcoming Windows Vista does not support Autorun (or supports it but disables it by default), then XCP and MediaMax will have no effect on Vista systems. Perhaps the use of Autorun by XCP and MediaMax was a deliberate design decision to ensure safety; but we suspect that it was a side-effect of a design choice that was expedient for other reasons.

Another way to protect safety is to build a sunset date into the software, and to program the software to be as inert as possible once the sunset date is reached. Building in a sunset after (say) three years would protect against many safety problems; and it would have little effect on the record label’s business model, as we would expect nearly all revenue from monetizing new uses of the music to have been extracted within the first three years after the disc is pressed. If a customer is ever going to pay for iPod downloading, she is likely to do so within the first three years after the CD is pressed.

Updating the Software

Like any software vendor, a DRM vendor can issue new verions of its products. A new version can be shipped on newly pressed CDs, but existing CDs cannot be modified retroactively.

Instead, the vendor can offer updates, which can be delivered either by download or on new CDs. Downloads can occur immediately, but only on machines that are connected to the Internet. CD delivery can potentially reach more machines, but is slower and less certain.

Either mode of distribution can be used straightforwardly if the user wants to cooperate. Users will generally cooperate with updates that only provide safety on new systems, or that otherwise increase the software’s value to the user. But updates that merely retain the efficacy of the software’s usage restriction mechanisms will not be welcomed by users.

Users have many ways to block the downloading or installation of updates. They can write-protect the software’s code, so that it cannot be updated. They can configure the system to block network connections to the vendor’s servers. They can use standard security tools, such as personal firewalls, to stop the downloads. System security tools are often well suited for such a task, being programmed to block unwanted network connections, downloads, and code installation. If a current security tool does not block updates of CD DRM software, the tool vendor has an incentive to make future versions do so.

A DRM vendor who wants to offer efficacy-related updates, recognizing that users will not want those updates, has two options. The vendor can offer updates and hope that many users will not bother to block them. From the record label’s standpoint, prolonging the system’s efficacy for some users is better than nothing. Alternatively, the vendor can try to force users to accept updates.

Forcing Updates

If a user can block updates of the DRM software on his machine, the vendor’s best strategy for forcing an update is somehow to convince the user that the update is in his best interest. This can be done by making a non-updated system painful to use.

If we rule out dangerous and almost certainly illegal approaches such as logic bombs that destroy a noncompliant user’s files or hold his computer hostage, the vendor’s best option is to make the DRM software block all access to protected CDs until the user updates the software. The software might check periodically with some server on the Internet, which would produce some kind of cryptographic assertion saying which versions are allowed to continue operating without an update, as of some date time. If the software on the user’s system noticed that no recent certificate existed that allowed its own version to keep operating, it would go into a locked down mode that blocked all
access to protected discs but allowed software updates. The user would then have to update to a new version in order to get access to his protected CDs.

This approach could force updates on some users and thereby prolong the efficacy of the DRM for those users. However, it also has several drawbacks. If the computer is not connected to the Internet, the software will eventually lock down the user’s music because it cannot see any certificates that allow it to continue. (The software could continue working if it can’t see the Internet, but that would allow users to block updates indefinitely by configuring their systems to stop the DRM software from making network connections.) A bug in the software could cause it to lock itself down irreversibly, perhaps by accident. The software could lock itself down if the vendor’s Internet site is shut down, for example if the vendor goes bankrupt.

Locking down the music, or forcing a restrictive software update, can also be counterproductive, by giving the user a reason to defeat or remove the DRM software. (Users could also defeat the timeout mechanism by misleading the DRM software about the date and time, but we expect that most users with the inclination to do that would choose instead to remove the DRM software altogether.) The software is more likely to remain on the user’s system if it does not behave annoyingly. Automatic update can reduce the DRM system’s efficacy if it just drives users to remove the DRM software. From the user’s standpoint, every software update is a security risk, because it might carry hostile or buggy code.

Given the difficulties associated with forced updates, and the user backlash it likely would have triggered, we are not surprised that neither XCP nor MediaMax chose to use forced updates.