How to bypass Protected User Mode Audio (PUMA) and Secure Audio Path

any ANONYMOUS forum user · #1 10-14-2009, 02:26 AM

Is it possible to bypass Secure Audio Path?

Quote:

All personal computer operating systems are vulnerable to attacks that seek to replace device drivers. For example, a digital media file is vulnerable to interception on the way to the sound driver after the file has been decrypted and downloaded from the DRM system to a media player. With the release of Secure Audio Path technology in Microsoft Windows Millennium Edition and Windows XP, the data path inside the operating system is protected during transfer from the media player to the sound card. This reduces attacks that are based on false plug-ins because these components only have access to encrypted data. A certified Microsoft component verifies that all downstream components (including the sound card driver) are also certified. It does not decrypt the data stream if it detects unauthorized or compromised components in the execution path.

And is it possible to bypass Protected User Mode Audio (PUMA)?

Quote:

Windows Vista introduced Protected User Mode Audio (PUMA), the user-mode audio engine in the Protected Environment (PE) that provides a safer environment for audio processing and rendering. It allows only the acceptable audio outputs to be enabled and ensures that the outputs are disabled reliably. PUMA has been updated for Windows 7.

The audio stack in certain Microsoft products supports DRM by implementing the usage rules that govern playback of the audio content. To play the protected content, the underlying audio driver must be a trusted driver; that is, the driver must be logo-certified for DRMLevel 1300.

The Protected Environment in which DRM content is played contains the media components that play DRM content, so the application only needs to provide remote control (Play, Rewind, Pause, and so on), rather than having to handle unprotected content data. The Protected Environment also provides all the necessary support for Microsoft-approved ("signed") third-party software modules to be added. It provides a “wall” against outside copying, where within the walls, content can be processed without making the content available to unapproved software.

In order to prevent users from copying DRM content, Windows Vista provides process isolation and continually monitors what kernel-mode software is loaded. If an unverified component is detected, then Vista will stop playing DRM content, rather than risk having the content copied. The Protected Environment is implemented completely in software, so software-based attacks such as patching the Windows kernel are possible.