Re: Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)

[Security Explorations <contact () security-explorations com>]

Hello All,

In my previous post, I shamefully confused two root keys (WMRMECC256
and ECC256MSBCertRootIssuer) while decribing the issue pertaining to
one of them.

The key exploited in the attack is called ECC256MSBCertRootIssuer Key
(not the WMRMECC256) and is identified by the following public
component:

86 4D 61 CF F2 25 6E 42 2C 56 8B 3C 28 00 1C FB
3E 15 27 65 85 84 BA 05 21 B7 9B 18 28 D9 36 DE
1D 82 6A 8F C3 E6 E7 FA 7A 90 D5 CA 29 46 F1 F6
4A 2E FB 9F 5D CF FE 7E 43 4E B4 42 93 FA C5 AB

This doesn't change much with respect to the described attack and
regarding reliance on shared root keys. There are just two such keys,
not one.
This is now both corrected and explained in a more detail at:

https://security-explorations.com/microsoft-warbird-pmp.html

Apologies for the confusion and error.

Thank you.

Best Regards,
Adam Gowdiak

----------------------------------
Security Explorations -
AG Security Research Lab
https://security-explorations.com
----------------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/