You are on page 1of 42

Steal this Movie

Automatically Bypassing DRM Protection in Streaming Media Services


Ruoyu Fish Wang12, Yan Shoshitaishvili1,

Christopher Kruegel1, Giovanni Vigna1


1 2

UC Santa Barbara

Tsinghua Unversity

Digital Rights Management

2013/8/23

Usenix Security 2013

How DRM works


DRM Mechanisms
Encrypted Information Flow
Demultiplexing

Encrypted Media Stream

Decrypt

Decrypted Media Stream

Decode

Playback

Raw Frames

2013/8/23

Usenix Security 2013

DRM bypasses
What for?

Solution-specific
DeCSS - DVD Jon Despotify HDCP master key leaking

Analog loophole
2013/8/23 Usenix Security 2013 4

How DRM works


Encrypted Information Flow
Demultiplexing

MovieStealer DRM Mechanisms

Encrypted Media Stream

Decrypt

Decrypted Media Stream

Solutionspecific attacks

Decode

Playback

Raw Frames

Analog loophole 2
2013/8/23 Usenix Security 2013

Analog loophole 1
5

Automatic attacking

2013/8/23

Usenix Security 2013

Challenges
Complexity

Performance

Generality

2013/8/23

Usenix Security 2013

Intuitions
Encrypted Buffer Decrypted Buffer

Decryption

Final goal: Identify the decrypted stream and dump it!


2013/8/23 Usenix Security 2013 8

Overview
MovieStealer design & optimizations Experimental results Countermeasures Ethics and legality

2013/8/23

Usenix Security 2013

MovieStealer Design

2013/8/23

Usenix Security 2013

10

Approach overview
Goal: find the decrypted stream!

Loop detection Buffer detection

Data-paths
Statistical analysis Dumping & rebuilding
2013/8/23 Usenix Security 2013 11

Approach overview
Goal: find the decrypted stream!

Loop detection
Buffer detection Data-paths Statistical analysis Dumping & rebuilding
2013/8/23 Usenix Security 2013 12

Loop detection (1)


Based on LoopProf*
BasicBlock B BasicBlock C BasicBlock D BasicBlock B BasicBlock C BasicBlock D BasicBlock A
*LoopProf: Dynamic Techniques for Loop Detection and Profiling, T Moseley, et al.
2013/8/23 Usenix Security 2013 13

BasicBlock B BasicBlock C BasicBlock D

Loop detection (2)


Handling unrolled loops
BasicBlock B BasicBlock C BasicBlock D
BBLs accessing the same buffer with similar patterns

BasicBlock E Unrolled

2013/8/23

Usenix Security 2013

14

Loop and call-path


void crypto_loop(const char *key, void *in, void *out, int len); void encrypt() { crypto_loop("key", dec, enc, len); } void decrypt() { crypto_loop("key", enc, dec, len); }

2013/8/23

Usenix Security 2013

15

Approach review
Goal: find the decrypted stream!

Loop detection
Buffer detection Data-paths Statistical analysis Dumping & rebuilding
2013/8/23 Usenix Security 2013 16

Buffer detection
Reason about buffers based on access patterns
Consecutive bytes Inconsecutive blocks
0x1000 Original buffer 0x1000 0x1000

Composite buffer 0x1004


0x1008 0x100c 0x1010

Original buffer
Original buffer Original buffer Original buffer Original buffer

0x1004
0x1008 Composite buffer 0x100c 0x1010 Original buffer Original buffer 0x1018
Usenix Security 2013

0x1004
0x1008 0x100c 0x1010 Composite buffer

0x1014
0x1018
2013/8/23

0x1014

0x1014
Composite buffer 0x1018
17

Approach review
Goal: find the decrypted stream!

Loop detection
Buffer detection Data-paths Statistical analysis Dumping & rebuilding
2013/8/23 Usenix Security 2013 18

Data-paths
Buffer_in A Buffer_in B

Identify paths through a loop which modify the input data to output data
A sensible data-path, find it!

Loop

Buffer_out

2013/8/23

Usenix Security 2013

19

Approach review
Goal: find the decrypted stream!

Loop detection
Randomness

Buffer detection Data-paths Statistical analysis Dumping & rebuilding


2013/8/23 Usenix Security 2013

In 100

Out

80
60

40
20

0
L1 L2 L3 L4 L5 L6 L7 L8 L9

20

Statistical analysis (1)


Cipher-text indistinguishability
Basic requirement for secure cryptosystems

Entropy should be pretty high, as data is from Internet

2013/8/23

Usenix Security 2013

21

Statistical analysis (2)


Input
Stage Entropy Download Decrypt Randomness Entropy Randomness

Output

Decode

2013/8/23

Usenix Security 2013

22

Approach review
Goal: find the decrypted stream!

Loop detection
Buffer detection Data-paths Statistical analysis Dumping & rebuilding
2013/8/23 Usenix Security 2013 23

Dumping and reconstruction

* Intentionally omitted
2013/8/23 Usenix Security 2013 24

Workflow
Start playing the video
Make MovieStealer begin analysis Wait for a few minutes

Harvest
2013/8/23 Usenix Security 2013 25

MovieStealer Optimizations

2013/8/23

Usenix Security 2013

26

Problem of the basic approach


Too much overhead!

Wont sniff enough data Media players dont function normally Some media players check the performance Might get caught by checking systems of DRM
2013/8/23 Usenix Security 2013 27

Optimizations
Goal: minimize overheads! Improved loop selection Efficient loop analysis On-Demand instrumentation Execution frequency Instruction analysis Bandwidth filtering Copying optimizations Callstack key
2013/8/23

on_enter callstack_key ^= func_addr on_exit callstack_key ^= func_addr


28

Usenix Security 2013

Callstack key
void crypto_loop(const char *key, void *in, void *out, int len); void encrypt() { crypto_loop("key", dec, enc, len); } void decrypt() { crypto_loop("key", enc, dec, len); } on_enter callstack_key ^= func_addr on_exit callstack_key ^= func_addr
2013/8/23 Usenix Security 2013 29

Experimental Results

2013/8/23

Usenix Security 2013

30

Implementation
Dynamic binary instrumentation (DBI)
Intel PIN framework

Under Windows 7 32-bit Testing


A common workstation

2013/8/23

Usenix Security 2013

31

Evaluation
GnuPG for testing optimizations
Three DRM platforms
Microsoft PlayReady (Netflix) Adobe RTMPE (Hulu and Amazon Video) Spotify's music protection

2013/8/23

Usenix Security 2013

32

Results - GPG
Optimizations
Only execution frequency Only bandwidth filtering Only instruction analysis

Loops Instrumented
40 35 10

Seconds Elapsed
3480 (112x) 180 (5.8x) 49 (1.58x)

All but callstack key


All enabled
4000 3500 3000 2500 2000 1500 1000 500 0

6
7
3480

47 (1.51x)
31

Seconds Elapsed

31 All enabled

2013/8/23

47 All but callstack key

180 49 Only instruction Only bandwidth analysis Usenix Security filtering 2013

Only execution frequency

33

Results - DRM
Platform Netflix Hulu Amazon Video Spotify Protection Dynamic code Packing and self-checking

Loops Instrumented
2274 1529 1258 2305

Loops Traced
58 46 35 224

Buffers Identified
80 14 6 60

Seconds Elapsed*
110 281 146 536

* seconds elapsed before MovieStealer breaks the DRM protection


2013/8/23 Usenix Security 2013 34

Countermeasures

2013/8/23

Usenix Security 2013

35

Countermeasures
Attack the instrumentation
Anti-debugging

Attack the loop detection


VMing those loops

Attack the buffer detection


Non-consecutive buffer layouts

Anti-piracy
Watermarking

2013/8/23

Usenix Security 2013

36

Ethics and Legality

2013/8/23

Usenix Security 2013

37

Ethics
Responsible disclosure
Contacted Microsoft, Spotify, Adobe, Amazon, Netflix, and Hulu Microsoft, Spotify, and Adobe responded
Tested MovieStealer Confirmed DRM bypass Provided comments and encouraged publication

Some details omitted (e.g. reconstruction) No tool/source release

2013/8/23

Usenix Security 2013

38

Legality
We believe this work to be legal under DMCA
Consulted with UC counsel and the EFF Thank you all

2013/8/23

Usenix Security 2013

39

Acknowledgement
Thanks for support from Microsoft, Adobe, and Spotify Thanks Kevin Borgolte, Yanick Fratantonio, Christian Kreibich, and Thorsten Holz for presentation advice

2013/8/23

Usenix Security 2013

40

Contact info
Send us an email fish@cs.ucsb.edu, yans@cs.ucsb.edu, chris@cs.ucsb.edu, vigna@cs.ucsb.edu

2013/8/23

Usenix Security 2013

41

Question time
Questions?

2013/8/23

Usenix Security 2013

42

You might also like