This was sent to me by some friends and I thought it was amusing. Many years ago, I co-authored a very interesting article on Windows NT that details the weakness of Windows NT security so I know a little bit ;) about security.
It's been a while since I tinkered with encryption stuff but it seems to me that based on the description set forth by viodentia, he/she did not and does not need any access to the source code as Microsoft alleges in their federal lawsuit. In my opinion, it is totally not necessary to see the source code to execute this hack.
For those of you who are real software and crypto geeks, you know that the explanation makes perfect sense and leads one to suspect the allegations of source code theft. But then again, this is merely my opinion.
Another opinion, Microsoft does not need a patch, they need a full overhaul of the DRM architecture if they want to fix this very elegant hack.
To poke a little fun, I am featuring two very cool shirts from Defective By Design. Click on the designs to buy the shirts.
By the way, here' s the explanation by viodentia:
"This new version uses a new extraction approach, courtesy of c0redump.
The method no longer requires the selection of a DRM protected file,
and should retrieve all ECC keys at once.
FairUse4WM has been my own creation, and has never involved Microsoft source code. I link with Microsoft's static libraries provided with the compiler and various platform SDK files.
Thanks for Rjamorim for graciously hosting in Brazil.
Viodentia's further explanation in doom9.org shows he/she knows his/her stuff...
Each time you re-individualize, the DLL sends "escrowed" key information to Microsoft's servers which decrypts it and re-encrypts it inside this secondary key table. These are all the keys for previous individualizations.
The <Keys> tag is encrypted with AES in Counter mode using the displayed key. To decrypt, create a 16-byte BIG-ENDIAN counter (that is, 16 bytes of 0, next would be 15-bytes of 0's and one 1 byte, and so forth). Encrypt that with the AES key. XOR the output with the next 16-bytes from the tag.
Once decrypted, the Keys tag holds a XML document which in turn has both the old ECC keys (which v1.3 happily extracts for you), and some RSA keys - the RSA keys are apparently new for v11, and I don't know what they're for.
By the way, if one looks at the individualization process in Wireshark, it's conceivable that future individualizations can be handled with the assistence of Microsoft's own servers."
To appreciate the technology behind the hack, you'll have to trace the thread at: http://forum.doom9.org/showthread.php?t=114916
Last opinion, Microsoft can fix it but to claim someone stole the source code to execute the hack leads me to believe that some marketing person talked to the legal guys. The techies would not allege this given the explanation by viodentia.