I'm doing some research about how Silverlight protects AES keys.
Here is the scenario: There is a smooth stream live encrypted channel service. When i log in to the service and tune the channel, silverlight makes a request to Playready Server to get the key for decrypt channel. I can see this traffic with Fiddler. Here is an example of response:
< AcquireLicenseResponse xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols"> < AcquireLicenseResult>< Response> xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols/messages">< LicenseResponse xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols">< Version>1< /Version>< Licenses>< License>WE1SAAAAAAM/6X5HwA4LSn0j/310MwSKAAMAAQAAASQAAgAEAAAAKAACADYAAAAgAAAAOQAAABjYJ2Z4psK+RI+ICK4lWwGnAAMAAgAAADIAAAANAAAACgABAAEAMgAAAAwAAAANAAEANAAAAAoAlgAAADMAAAAKAAEAAwAJAAAApgABAAoAAACetP60ZllhUkqarGroOJD6fwABAAMAgOxOMdl6Sp6BZzA71EWt/XZSwwfYdViGXft7WPQeM5y77rKFTKLXvCbUna87O7IG2uw8/ArYY6Q/HxdewsYSTFHMni+VBM5FIjM9fhvfSX8/YDNyF2A7h1rxWtNSAikxKe/7rCQF3CLUzQsLXedyace89/S5O6sS5xgNhI/zNGdyAAEACwAAABwAAQAQqY9kZb/xLmZO3v1Pmp3/gg==< /License>< /Licenses>< /LicenseResponse>< /Response>< /AcquireLicenseResult>< /AcquireLicenseResponse>
For this tag the Microsoft documentation says it is a Base64 encoded string (but the string cannot be decoded with standard decoders).
I also try to write a Silverlight application that decodes this string with the Silverlight decode function, still cannot be decoded.
I want to find some detail, how does Silverlight protect these keys?
There are some projects about finding AES keys from memory dumps. In a master's thesis it is written that they found AES keys with the aeskeyfind program from a virtual machine memory dump. I tried the same but it failed.
Another project in GitHub says that it can find AES keys in a process. I tried it too (with the process id of the browser and plugin) but it failed too.
So is it impossible to find the key Silverlight got from PlayReady and if it is how Silverlight protects the AES keys?
