|
#1
|
|||
|
|||
Microsoft PlayReady Developer / Warbird Libraries Leak
On June 11, 2024, a Microsoft engineer accidentally posted a 771MB file on a public forum, leaking over 260 internal files related to Microsoft PlayReady. This leak includes Warbird configuration, obfuscation code, and static libraries with symbolic information, enough to reverse engineer the PlayReady system. Despite removing the forum post, Microsoft has yet to fully address the leak.
For more details, you can read the original communication from Security Explorations: Security Explorations Original Communication Additional resources and downloads: - Detailed Analysis and Report - Reverse engineered code for Microsoft's Warbird on GitHub - Download Link for leaked files - Download Link for warbird.pdb for warbird.dll Last edited by nulli; 06-29-2024 at 21:01. |
The Following 5 Users Say Thank You to nulli For This Useful Post: | ||
jump (06-28-2024), sendersu (06-28-2024), WhoCares (06-28-2024), Windoze (07-01-2024), wx69wx2023 (07-01-2024) |
#2
|
||||
|
||||
search for "ice_repro.zip", another link:
https://www.xn--ijanec-9jb.org/dir/?C=M&O=D public pdb still available from MS: "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\symchk.exe" -v warbird.dll
__________________
AKA Solomon/blowfish. Last edited by WhoCares; 06-28-2024 at 13:12. |
The Following 3 Users Say Thank You to WhoCares For This Useful Post: | ||
#3
|
|||
|
|||
June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:
- WarBird configurations - WarBird libraries for code obfuscation functionality - Libraries with symbolic information related to PlayReady Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process. Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information. Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active. File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab File listing: https://pastebin.com/raw/i65qfd2z Download: B0cde770200a945109437927ba3fe4d67638537352993712632_ICE_REPRO.zip |
#4
|
|||
|
|||
Quote:
Quote:
|
The Following User Says Thank You to th3tuga For This Useful Post: | ||
niculaita (10-02-2024) |
#5
|
|||
|
|||
Hi. Can you share a bit more how did you test the POC of Security Explorations?
|
Tags |
dataleak, drm, microsoft, playready, warbird |
Thread Tools | |
Display Modes | |
|
|