Alex and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here next week. Until then, we’ll post drafts of a few sections here. We have two reasons for this: we hope the postings will be interesting in themselves, and we hope your comments will help us improve the paper.
Today’s section is part of the technical core of the paper.
Please note that this is a draft and should not be formally quoted or cited. The final version of our entire paper will be posted here when it is ready.
Unauthorized Deactivation Attacks
As described previously, active protection methods rely on installing and running software components that interfere when ordinary software tries to access the disc. If an adversary can remove or deactivate the active protection software, then the DRM scheme will fail to prevent arbitrary use or ripping of the music on the disc. In this section we discuss such deactivation attacks.
One attack strategy is to manually deactivate or uninstall the active protection software. This can be done by using standard system administration tools, which are designed to find, characterize, and control the programs installed on a machine. This attack is very difficult to stop if the user has system administrator privileges on the machine.
Deactivating MediaMax
The MediaMax active protection software is simple to deactivate since it is comprised of a single device driver with a consistent service name, sbcphid. The driver can be removed by using the Windows command sc delete sbcphid to stop the driver, and then removing the sbcphid.sys file containing the driver code. Once the driver is deactivated, MediaMax-protected albums can be accessed as if they were unprotected.
Defenses Against Deactivation
To counter these deactivation attacks, a vendor might try to use technical tricks to evade detection and frustrate removal of the active protection software. The best example of this kind of defense is the rootkit-like behavior of XCP, famously discovered by Mark Russinovich [citation], as described earlier.
When XCP installs its active protection software, it also installs a second program—the rootkit—that hides the software’s presence. Specifically, it conceals any file, process, or registry key with a name that begins with the prefix $sys$. The result is that XCP’s main installation directory, and most of its registry keys, and almost all of its individual files and processes are made invisible to normal programs and administration tools.
The rootkit is installed as a kernel-level driver named $sys$aries and set to automatically load early in the boot process. When the rootkit starts, it hooks several Windows system calls by modifying the system service dispatch table, the kernel’s KeServiceDescriptorTable structure. This structure is an array of pointers to the kernel functions that implement basic system calls. The rootkit changes five of these addresses so that they point to functions within the rootkit. When an application invokes one of these patched system calls, it is handled by the rootkit instead of the original function in the kernel. The rootkit calls the real kernel function with the same parameters and filters the results before returning them to the application.
The system calls intercepted by the rootkit are:
- NtQueryDirectoryFile – This function is used to list the contents of a directory; the rootkit version filters out directory entries that begin with $sys$, rendering such files and directories invisible to applications.
- NtCreateFile – This call is used for creating and opening files. The rootkit version returns an invalid filename error when programs attempt to open existing files with names starting with $sys$, protecting XCP’s files from reading or writing by other programs.
- NtQuerySystemInformation – One use of this function is to obtain a list of running processes. The rootkit filters out any processes with names prefixed by $sys$, making them invisible to other applications.
- NtEnumerateKey – This function returns a list of the subkeys of a registry key. The rootkit filters the results to remove subkeys with names starting with $sys$. Note that it does not conceal individual fields within the registry (“values” in Windows parlance) with names starting with $sys$.
- NtOpenKey – This function opens a registry key for reading or modifying. The rootkit intercepts this function call but does not alter its behavior. Its authors may have intended to restrict access to hidden registry keys in the same way that the hooked NtQueryDirectoryFile call restricts access to hidden files, but for some reason they did not ship a working implementation of this behavior.
The rootkit begins each intercepted function by checking the name of the calling process. If the process’s name begins with $sys$, the rootkit returns the results of the real kernel function without alteration. This allows XCP’s own processes to bypass the rootkit’s filters for a complete view of the system.
The XCP rootkit increases users’ vulnerability to many kinds of attacks because it can be used to hide arbitrary software, not just XCP. The rootkit is indiscriminate about what it conceals—any files, registry keys, or processes with names beginning in $sys$ will be hidden. Spyware and malware authors can leverage this functionality on systems where the rootkit is installed. This saves attackers the trouble of installing their own rootkits, but more importantly, it gives them access to a rootkit in situations where they would not be able to install one themselves because of the system’s security policies.
Only kernel-level processes are allowed to patch the Windows system service dispatch table, and only privileged users—normally, members of the Administrators or Power Users groups—are allowed to install such processes. (XCP iteslf requires these privileges to install.) Malicious code executed by an unprivileged user wouldn’t normally be allowed to install a rootkit that intercepted system calls in the kernel. However, if the XCP rootkit is installed, its cloaking behavior applies to all users regardless of their security privileges. Unprivileged malware can adopt the $sys$ prefix to become invisible to both privileged and unprivileged users. This privilege escalation attack has already been exploited by at least two Trojan horses discovered in the wild [citations].
Another privilege escalation attack facilitated by the XCP rootkit allows an unprivileged application to crash the system. Russinovich demonstrated this problem using an automated testing program he created called NTCRASH2 [citation]. This utility makes repeated system calls with randomly generated invalid parameters. The original Windows kernel functions handle invalid inputs correctly and the system remains stable, but with the XCP rootkit installed, certain invalid inputs result in a system crash.
We investigated the specific circumstances when these crashes occur. The rootkit’s implementation of NtCreateFile can cause a crash if it is passed an invalid pointer as its ObjectAttribute argument, or if it is passed a valid ObjectAttributes structure that points to a ObjectName structure with an invalid Buffer pointer. We do not believe that an attacker could exploit these flaws to execute code; however, they do allow an unprivileged user to bring the system to a halt. As Russinovich and other have pointed out, these problem illustrates the security danger of installing software in secret. Users experiencing system instability due to these rootkit bugs would have great difficulty diganosing the problem, since they likely would be unaware of the rootkit’s presence.
Deactivating XCP
Deactivating XCP’s active protection software is more complicated because it is comprised of a number of processes that are more deeply entagled in the system configuration, and because these files are hidden by the XCP rootkit. Deactivation can be accomplished by a three-step procedure.
The first step is to deactivate and remove the rootkit. This is the same procedure used to deactivate MediaMax. The only change is that the driver’s name is aries.sys. Disabling the rootkit and then rebooting the system exposes the previously hidden files, registry entries, and processes (ones with names prefixed with $sys).
The second step is to edit the system registry to remove references to XCP’s filter drivers and CoDeviceInstallers. XCP uses the Windows filter driver facility to intercept commands to the CD drives and IDE bus. If these filter drivers are not removed, the CD and IDE device drivers will fail to initialize after the program files for the filter drivers are deleted. This can cause the CD drives to malfunction, or, worse, cause the system to fail to boot because the IDE device driver is disabled. XCP’s filter drivers can be neutralized by editing the
Windows Registry to remove any reference to a driver named $sys$cor from any registry entries named UpperDrivers or LowerDrivers. The CoDeviceInstallers can be neutralized by removing any lines containing $sys$caj from any list of CoDeviceInstallers.
The third step is to delete the XCP services and remove the XCP program files. Services named $sys$lim, $sys$oct, cd_proxy, $sys$drmserver, and $sys$cor can be deactivated using the sc delete command, and then files named crater.sys, lim.sys, oct.sys, $sys$cor.sys, $sys$caj.dll, and $sys$upgtool.exe can be deleted. After the system is rebooted, the two remaining files, named CDProxyServ.exe and $sys$DRMServer.exe can be removed.
After performing these steps, XCP will now deactivated, and only the passive protection on XCP CDs will continue to be in force. Of course, these steps could easily be automated, creating a point-and-click tool for removing XCP.
CD DRM as Spyware
Tactics like the rootkit function, and the engineering of programs so that removal attempts can system instabilty, iare often used by spyware programs. That active DRM systems would be drawn to the same tactics as spyware should come as no surprise, as the two have the same goal: to prevent a user from removing unwanted software. In both cases, the user wants to remove the software (if he can find it) because the software provides no value to the user and can only harm him.
These tactics harm users, primarily by undermining users’ ability to manage their computers. If users lose track of which programs are running on their computers, they lose the opportunity to remove or patch programs that are malfunction and to remove unneeded programs. Maintaining a secure configuration is difficult already, and spyware tactics make it even more difficult. Though it is not surprising that spyware tactics would have attraction for DRM designers, it was a bit surprising that mass-market DRM vendors chose to use those tactics despite the risk of harming users. If only one vendor had chosen to use such tactics, we could write it off as an aberration. But two vendors made that choice, which is probably not a coincidence.
We suspect that the explanation may lie in the DRM vendors’ platform building strategy, which relies on keeping the software installed on as many computers as possible, coupled with the risk tolerance of DRM startup companies. The vendors may not have realized the extent of damage they could be causing, but they must have known that they were doing some harm. Our hypothesis is that the vendors allowed the lure of platform building to override the risk to users.
Authorized Uninstallers
Once users began to complain about the spyware-like behavior of the XCP and MediaMax software, the vendors offered access to uninstallers that would remove their software from users’ systems. Uninstallers had been available previously, but they were very difficult to obtain. For example, to get the original XCP uninstaller, a user had to fill out an online form involving some personal information, then wait a few days for a reply email, then fill out another online form and install some software, then wait a few days for yet another email, and then finally click a URL in the last email. We can think of no explanation for the complexity of this procedure, other than a desire to deter users from uninstalling the software.
The uninstallers, when a user did succeed in getting one of them, did not behave like ordinary software uninstallers. Normally an uninstaller is a standalone program that the user runs, either by double-clicking it or by using a system-provided user interface to designate the program to be removed. One advantage of ordinary uninstallers is that they can be acquired and used by any user who has the software.
The first XCP uninstaller did not work this way. Instead, the uninstaller was customized for each user, so that it would work only for a limited time and only on the computer on which the user had filled out the second form. This meant, for example, that if a user uninstalled the XCP software but it got reinstalled later—as might happen if the user inserted an XCP-bearing CD—the user could not use the same uninstaller again but would have to go through the entire process again to request a new one.
Customizing the uninstaller in this way is more difficult for the vendor and increases customer support costs, compared to a more traditional uninstaller, so a rational vendor would not do it unless there was some benefit. Most likely, the benefit is to the vendor’s platform building strategy, which takes a step backward every time a user uninstalls the vendor’s software. Customizing the uninstaller allows the vendor to contol who receives the uninstaller and to change the terms under which it is delivered in the future.
As user complaints mounted, Sony-BMG announced that unrestricted uninstallers for both XCP and MediaMax would be made available to all users from the vendors’ web sites. Both vendors chose to make these uninstallers available as ActiveX controls accessed via a web site.
By an unfortunate coincidence, both uninstallers turned out to open the same serious vulnerability on any computer where they were used.
MediaMax Uninstaller Vulnerability
The MediaMax uninstaller employed a proprietary ActiveX control called AxWebRemove.ocx created and signed by MediaMax author SunnComm. When users visited the MediaMax uninstaller web page, Internet Explorer prompted them to install the control. Then the web page invoked one of the control’s methods to uninstall MediaMax. This method, Remove, took two parameters: key, and validate_url. The key parameter was a single-use code provided by MediaMax technical support, and the validate_url parameter specified a web page that would validate the key and deliver executable code to perform the actual uninstallation.
When Remove is called from the web page, is issues an HTTP GET request to the provided url to validate the key. If it is valid, the server responds with the message true, {uninstall_url, where uninstall_url is the URL of a DLL file containing code to uninstall MediaMax. The control retries this DLL file from the Internet and saves it to a temporary location, then calls a function in the DLL named ECF7() to perform the uninstallation. If the function returns sucess, the control issues a second HTTP GET request to validate_url to report that the uninstall was sucessful and that the single-use key should be retired.
This design is vulnerable because the control accepts an arbitrary validate_url parameter and does not check that the DLL specified by the key validation server is authentic. The ActiveX control is not itself removed during the uninstallation process, so its methods can be invoked later by any web page without further browser security warnings. A attacker can create a web page that invokes the Remove method and provides a validate_url pointing to a page under the attacker’s control. This page can return an uninstall_url pointing to a DLL created by the attacker. When the MediaMax control executes the uninstall function in this file, arbitrary attacker code will execute on the user’s machine.
XCP Uninstaller Vulnerability
The XCP uninstaller contains the same design flaw and is only slightly more difficult to exploit. XCP’s ActiveX-based uninstaller invokes a proprietary ActiveX control named CodeSupport.ocx. (Early versions of XCP’s rootkit removal patch utilized the same control.) Usually this control is installed when users perform the second step in the three-step XCP uninstall process. In this step, the user is prompted to explain why they are requesting to uninstall XCP. The user’s response is sent to an XCP server along with a pseudorandom code generated by the ActiveX control. The same code is written to the system registry. Eventually the user receives an email with a link to another web page that uses the ActiveX control to remove XCP, but only after verifying that the code sent with the request matches the code in the local system registry. This check ensures that the uninstaller is only used on the machine from which the uninstallation request was made. As a consequence of this design, the control may be present on a user’s system even if she never performed the step in the uninstallation process where XCP is removed.
Matti Nikki first noted that the XCP ActiveX control contains some suspiciously-named methods, including InstallUpdate(url), Uninstall(url), and RebootMachine() [citation]. He demonstrated that the control remained installed after the XCP uninstallation was complete, and that its methods (including one that restarted the computer) were scriptable from any web page without further browser security warnings.
We found that the InstallUpdate and Uninstall methods have an even more serious flaw. Each takes as an argument a URL pointing to a specially formatted archive that contains updater or uninstaller code and data files. When these methods are invoked, the archive is retrieved from the provided URL and stored in a temporary location. For the InstallUpdate() method, the ActiveX control extract from the archive a file named InstallLite.dll and calls a function in this DLL named InstallXCP().
Like the MediaMax ActiveX control, the XCP control does not validate the download URL or the downloaded archive. The only barrier to using the control to execute arbitrary code is the proprietary format of the archive file. We determined the format by disassembling the control. The archive file consists of several blocks of gzip-compressed data, each storing a seperate file and preceded with a short header. At the end of the archive, a catalog structure lists metadata for each of the blocks, including a 32-bit CRC. The control verifies this CRC before executing code from the DLL.
With knowledge of this file format, we constructed an archive containing sample (benign) exploit code. The most difficult detail was the CRC, which is computed with an apparently proprietary algorithm that proved tedious to reverse engineer. We saved the trouble by having the ActiveX control compute the CRC for us. The control checks the CRC by computing a CRC for the file data in the archive and verifying that it matches the CRC specified in the archive catalog. We inserted a break point where the comparison occurs and ran the control on an archive containing code we prepared. We then took the CRC computed by the control and placed it in the archive catalog. Thus modified, the archive passed the CRC check and the ActiveX control executed our code. (This illustrated why digital signatures, rather than CRCs, must be used to validate code from untrusted sources.)
This procedure would allow a malicious web site to execute arbitrary code on the user’s machine. Like the MediaMax uninstaller flaw, it is especially dangerous because users who have completed the uninstallation may not be aware that they are still vulnerable.
Obviously, these vulnerabilities could have been prevented by careful design and programming. But they would not have been possible at all if not for the decision to deliver the uninstallers via this ActiveX method rather than using an ordinary download. We conjecture that the vendors chose to use ActiveX in this way because they wanted to retain the ability to rewrite, modify, or cancel the uninstaller later, and that this desire was driven at least in part by the vendors’ platform building strategy.
Summary of Deactivation Attacks
When all is said and done, there is little a CD DRM vendor can do to stop users from deactivating active protection software. A user can do this via ordinary security and system administration tools; attempts by the vendor to interfere with these tools are harmful and will trigger a strong backlash from users. In practice, vendors will probably have to provide some kind of uninstaller – users will insist on it, and some users will need it to deal with the bugs and incompatibilities that crop up occasionally in any complex software. Once an uninstaller is released, users will be able use it to remove the DRM software. Ultimately, determined users will be able to keep CD DRM software off their machines.
Leave a Reply