zlacker

[parent] [thread] 6 comments
1. jabban+(OP)[view] [source] 2023-07-21 19:04:41
It's signed?

Sure you can fake the results of an attestation in your fork, but your fork would be using your own key to sign the response, a key that the site can reject.

replies(1): >>freeon+Jq
2. freeon+Jq[view] [source] 2023-07-21 21:04:25
>>jabban+(OP)
Ah, we’ll also have to extract the key from chrome. It’s no worse than WideVine.
replies(4): >>jabban+2u >>gray_-+SH >>jaunty+K21 >>rezona+lh1
◧◩
3. jabban+2u[view] [source] [discussion] 2023-07-21 21:18:41
>>freeon+Jq
Has that been extracted already? I have to admit I'm behind on the current state of browser DRM...

Also I wonder if in the future this would require attestation of the entire chain: secure UEFI validated by key burned in CPU, validates secure boot os that prevents "hacking tools", which validates secure Chrome, which attests secure websites...

Truly royally screwed at that point...

replies(1): >>charci+QJ
◧◩
4. gray_-+SH[view] [source] [discussion] 2023-07-21 22:25:17
>>freeon+Jq
There is no key in chrome, the signing is done via a 3rd party server.
◧◩◪
5. charci+QJ[view] [source] [discussion] 2023-07-21 22:35:49
>>jabban+2u
The current state of DRM is that you have to find a hardware vulnerability in order to extract a certificate. With this you can now decrypt DRM content, but you have to be careful not to get that key blacklisted.
◧◩
6. jaunty+K21[view] [source] [discussion] 2023-07-22 00:55:56
>>freeon+Jq
I don't believe any of the HD widevine keys have been revealed.

I would practically guess the keys that did get revealed were deliberately leaked, low stake keys, that keep people still willing use to use widevine platforms at low res without being angry.

◧◩
7. rezona+lh1[view] [source] [discussion] 2023-07-22 03:35:38
>>freeon+Jq
No, you'll need to extract the TPM secureboot keys from Microsoft headquarters. Good luck with that
[go to top]