I have recently been reading about the DRM measures on commercial bluray disks,
ID: 661270 • Letter: I
Question
I have recently been reading about the DRM measures on commercial bluray disks, in particular BD+. It seems that this technology involves Java software running in a virtual machine, with full access to physical hardware and the ability to run native code. This appears to be the case for standalone bluray players, but what about if I watch a bluray disc on my Windows PC (e.g. with Cyberlink PowerDVD). Does the software on the bluray get full administrator access to my system? This seems like a horrible security risk (I would never like to run anything Java-based as root). Can anyone tell me more about how BD+ protection works, in particular when watching on computers? What are the security implications?
Explanation / Answer
I believe your mixing several separated technologies together. First BD-J => this is a special subset of "java" which is used for the menu's and interactive elements, it runs inside its own VM-container and does NOTHING on the host without the player software (so it works with the same permissions as your player or lower... meaning your user or none at all) source:Wikipedia article BD-J
BD+ is a a virtual machine embedded in players. it is NOT JAVA based at all. It can verify a players footprint against a list of allowed fingerprints (this does not really apply to PC's) and it facilitates the decryption of some "corrupted" data from a hidden secret encrypted location on the disc.
the way it can "run code" is through so called "TRAPS" this is hard to write code for, or even utilise for arbitrary code injection. all though not impossible.
The way for example VLC utilise DB+ is through running the VM in its own Library container it in no way runs with root permissions it just yieldds the enrypted blueray information for playback. source:Wikipedia article BD+