Quote:
Originally Posted by arnezami
In other words: it will be relavily easy to extract a Processing Key from a future Software Player. Its harder to get the (given) Device Key used. But its much harder to extract all 253 Device Keys from a player: thats because most of them are not used and can therefore not be found in memory (and even if found there is no way to check their validity).
|
Once an attacker gets the first Device Key that belongs to his player Device Key set, it is not so hard to get the rest.
MKB is signed by LA, so it can not be faked on disk. However, MKB can be faked on memory: player loads MKB, an appropiate breakpoint freezes player, attacker modify MKB at his pleasure, and player starts to run again (after breakpoint). So attacker gets a player running with a fake MKB.
That way attacker can get the 253 keys.
Checking validity is not strictly necessary (note attacker can not publish them: if he does so the whole set will be revoked). Attacker can check validity for the first (given) Device Key. For the rest validity will be checked if attacker needs to use them.