how to break microsoft rights management serviceshowtobreak microsoft rights management services|...
TRANSCRIPT
![Page 1: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/1.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 1
Bildquelle: http://www.google.com/about/datacenters/gallery/#/tech/12
How to Break MicrosoftRights Management Services
Workshop on Offensive Technology
Christian Mainka, Paul Rösler,Jörg Schwenk and Martin Grothe
![Page 2: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/2.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 2
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion
![Page 3: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/3.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 3
• Going to talk about Enterprise Rights Management (ERM)
• Consumer version: Digital Rights Management (DRM)– Music, movies, e-books
• ERM goal: protect (digital) company assets
• Useful for different scenarios
Motivation
![Page 4: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/4.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 4
Motivation
![Page 5: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/5.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 5
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion
![Page 6: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/6.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 6
Microsoft RMS - Intro
![Page 7: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/7.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 7
Microsoft RMS - High Level
• Set specific rights for a person and/or group via e-mailaddr.
• Use sym. and asym. cryptography– AES content encryption– PKI (RSA)– Licenses
• Use license (UL)• Publishing license (PL)
![Page 8: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/8.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 8
Microsoft RMSPKI
• RootCerthasseparatePrivK• SLChasseparatePrivK
• SPChasseparatePrivK
• SLCissignedwithRootPrivK
• RACPubK andencryptedRACPrivK aresignedbySLCPrivK
• SPCisself-signed
• CLCPubK andencryptedCLCPrivK aresignedbySLCPrivK
![Page 9: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/9.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 9
Microsoft RMSCreate File
• PLcontentencryptedwithSLCPubK
• PLsignedwithauthorCLCPrivK
• AuthorCLCsignedwithSLCPrivK
![Page 10: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/10.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 10
Microsoft RMSCreate File
Demonstration
![Page 11: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/11.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 11
Microsoft RMSConsume File
![Page 12: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/12.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 12
Microsoft RMSAttacks
• Responsible disclosed in april 2016• Case number MSRC 33210• We used:– C++– RMS SDK 2.1
• Attack requirements:– View access right– C++ Redistributable 2015– That is all J
![Page 13: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/13.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 13
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion
![Page 14: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/14.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 14
Bildquelle: http://www.google.com/about/datacenters/gallery/#/tech/12
Microsoft RMSDisARMS #1
![Page 15: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/15.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 15
Microsoft RMSDisARMS #1
Demonstration
![Page 16: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/16.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 16
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion
![Page 17: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/17.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 17
Bildquelle: http://www.google.com/about/datacenters/gallery/#/tech/12
DisARMS #2modification
![Page 18: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/18.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 18
DisARMS #2modification
Demonstration
![Page 19: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/19.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 19
Microsoft Response
From:[email protected]
“...Thetypeofattack youpresent fallsinthecategoryofpolicyenforcementlimitations.Policyenforcementcapabilities,suchastheabilitytoprevent printingormodifyingcon-tent towhichtheuserhaslegitimateaccess,arenotguaranteedbycryptography orotherhardtechnicalmeans...”
![Page 20: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/20.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 20
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion
![Page 21: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/21.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 21
Conclusion
• RMS is used by important companies and ministry
• AD RMS, Azure RMS, etc. are not secure• DisARMS #1 can not be prevented (look DRM)
– Just make it not that simple• DisARMS #2 can be prevented (see paper)
• Microsoft seems to has no interest in fixing the attacks
![Page 22: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/22.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 22
Questions?Email:[email protected]
Email:[email protected]:@CheariX
CodeonGithub:RUB-NDS/MS-RMS-Attacks
FurtherInfos:web-in-security.blogspot.de
Sponsored by GermanMinistry for Educationand Research
![Page 23: How to Break Microsoft Rights Management ServicesHOWTOBREAK MICROSOFT RIGHTS MANAGEMENT SERVICES| WOOT | 08.08.2016 21 Conclusion • RMS is used by important companies and ministry](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec9cb71ef49976c6804f722/html5/thumbnails/23.jpg)
HOW TO BREAK MICROSOFT RIGHTS MANAGEMENT SERVICES | WOOT | 08.08.2016 23
Agenda
Motivation
MicrosoftRMS
DisARMS Attack#1(unprotect)
DisARMSAttack #2
(modifcation)
Conclusion