Security Explorations has discovered two attack scenarios that allow for the extraction of private ECC keys used by a PlayReady client for communication with a license server and identity purposes. This includes extracting private signing and encryption keys, which can lead to mimicking a PlayReady client outside of a Protected Media Path environment. This ultimate compromise of a PlayReady client on Windows highlights potential vulnerabilities in the PlayReady security system. The content emphasizes the importance of constantly increasing security measures to protect against reverse engineering and compromises. This revelation serves as a reminder of the challenges in securing PlayReady content protection on software and client side.
https://seclists.org/fulldisclosure/2024/May/5