PlayReady and DRM - The Ugly Truth

Chat with other TGB members about whatever is on your mind.
Post Reply
Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

PlayReady and DRM - The Ugly Truth

#1

Post by Starflare5 » Mon Nov 10, 2014 10:56 am

Hey guys,

I figured out something real ugly about MS PlayReady and DRM that could be actually causing the unable to update issues - It records the machine ID to the boot sector of the hard drive. If you had the hard drive in another machine and had it reimaged in that machine, and you place the drive in it's destination machine, PlayReady components will not update. The only and best workarounds are to make sure that the hard drive, first of all, is completely blank with no volumes or partitions (unallocated) and to do a fresh install, recovery, or reimage in the system that the drive is going to be in. You can even clone a drive from another system in the destination system as long as that destination system is the system that the freshly unallocated drive is going to be put into. After this and only this will playready components update smoothly because, now, the boot sector ID and machine IDs match.

If cloning or reimaging, simply follow the instructions for deleting the HDS and cache files, and use the reset DRM tool before updating components and all will go fine.

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#2

Post by Crash2009 » Mon Nov 10, 2014 1:11 pm

I have often wondered if the machine ID is stored on a chip in the motherboard. Let's just say that the motherboard failed, and at risk was 3 years of movies that were tied, as part of the DRM scheme, to the machine ID.

Any hardware experts out there?

If this is truly the case, what would it take to remove the chip from the MB and re-install on the new MB?

cwinfield

Posts: 575
Joined: Tue Feb 12, 2013 1:14 am
Location: Monroe, NC

HTPC Specs: Show details

#3

Post by cwinfield » Mon Nov 10, 2014 1:27 pm

It can't be. I've replaced motherboards without playready problems.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#4

Post by Starflare5 » Tue Nov 11, 2014 12:27 am

Ok,

Here's the key thing you have to look at. First of all, if the motherboard is the same exact type of board, playready will be fine, however, let's say you have to completely replace a systemboard, including the brand, but, it has a similar chipset to the old. Windows itself may load just fine, however, if you try to run protected TV content, you'll be asked to update playready, at which, given the board is different, but, the MBR on the HDD still contains the info from the old systemboard, playready will fail.

1. The best practice you can do at this point is first create a backup image of the drive partition to another drive. Most hdd companies give the software to do this for free which is a version of Acronis True Image for free.

2. Before you create this image, you might want to delete the HDS files and cleandrm before hand to save the trouble of doing it later. You may also uninstall playready at this point only if you wish as an extra precaution.
Deleting the registry entries at this point is not necessary due to the fact that when the hard drive is attached to a new systemboard, Windows automatically updates and re-writes those entries.

3. Make sure the HDD is attached to the systemboard you are going to use.

4. After you create the image, you can use the Acronis software to create bootable media in the form of a CD or flash drive. Go ahead and do so, then, reboot to the bootable media.

5. Use the Add New Disc and initialization options to delete all partitions and the partition table from the drive and to create an new MBR.

6. Now, use the Recovery options to go and grab the backup image you just created and reload onto the HDD with the new machine matching MBR.

7. Once complete, remove the removable media and reboot.

8. Now update playready and the operation will complete successfully.

Workaround tips:

1. The Acronis bootable media does contain drivers to connect to network drives and NAS devices.

2. If you must recover or clone the drive in a system or motherboard other than the destination system or motherboard, that destination drive MUST NOT BOOT in that system and MUST BOOT in the destination system and/or motherboard ONLY. Otherwise, you run into the same playready issue and must start over with deleting the partitions and making the destination drive unallocated once again.

3. Also , if you must do this, you may use the Windows Disk Management to delete partitions and un-allocate the drive, or the Acronis software.

I hope this helps many.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#5

Post by Starflare5 » Tue Nov 11, 2014 1:45 am

Also, I wanted to add, if you must clone or reimage the drive in another system other than the destination system or motherboard, do not use the Windows Disk Management utility to create partitions. Use the Acronis utility instead, or, it will also create the partitions automatically when you recover or clone to the destination drive. The utility also doesn't create that annoying system reserved partition if you want to completely reinstall the OS instead.

cwinfield

Posts: 575
Joined: Tue Feb 12, 2013 1:14 am
Location: Monroe, NC

HTPC Specs: Show details

#6

Post by cwinfield » Tue Nov 11, 2014 2:05 am

What about UEFI bios & GUID Partition Table . They don't use MBR.

jec6613

Posts: 72
Joined: Thu Oct 30, 2014 8:45 pm
Location:

HTPC Specs: Show details

#7

Post by jec6613 » Tue Nov 11, 2014 2:50 am

This has to do with the system crypto keys. It's a function of the machine SID, the ATA controller (effectively the motherboard), and the UUID of the motherboard (if present), and the partition ID, and is re-calculated in any number of circumstances, but is initially set at OS install.

In an enterprise environment, at least, there's a UUID stored on the motherboard, which so long as it remains unchanged you may change out every other piece of hardware, including the motherboard, or re-home the HDD into a different model machine provided you have the proper ATA drivers to boot it, and so long as the UUID does not change, no other crypto keys (including PlayReady) will change. One of several reasons I tend to use enterprise grade hardware when possible.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#8

Post by Starflare5 » Tue Nov 11, 2014 11:47 pm

jec6613 is correct,

A few final steps you can actually take if the issue persist after following the above instructions is a simple one due to all UUIDS being reset:

1. Stop the Windows Media Center Receiver Service.

2. Delete the DRM and playready HDS and Cache files once again if present.

3. Delete the registry entries for both DRM and playready.

4. Reboot the system.

5. Open Media Center, select Settings then General. Under Automatic Download Options, select "Download Now."

6. Wait Approximately 5 to 10 minutes, then reboot system once again.

7. Go back to Settings, and this time Select TV and then TV Signal. The option to Update Playready should be gone.

8. Check your channels.

I hope all these instructions help.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#9

Post by Starflare5 » Mon Dec 01, 2014 2:12 am

In this, I thought I'd list a few helpful conditions and why caution should be taken and how to work around them:

The key reason PlayReady Update fails - Machine ID and WMDRM IDs in registry do not match stored MBR DRM ID or MBR DRM ID is missing or damaged. This is the most common reason for the failure.

The best workaround possible for this is:

1. Windows is best to delete the rest - Use Windows Administrative Tools > Computer Management > Disk Management on another computer to delete the volume from the target drive. If you want, you may create a new simple volume and format, but do not install an OS or go any further with that drive unless it is back in it's intended system.

2. Restore from your backup image of the OS, but, DO NOT RESTORE THE MBR. A new one must be created.

3. If you have it enabled, turn off or stop Windows Media Sharing Service.

4. Uninstall Playready and delete the data from the DRM registry key and delete the playready registry key, but, do not delete the DRM registry key. On 64 bit versions of Windows, the DRM key is under HKLM\SOFTWARE\Wow6432Node\Microsoft

5. Delete all data from C:\Program Data\Microsoft\Windows\DRM folder and go back one folder to Microsoft and delete the Playready folder, and, under the ehome folder, delete the indiv*.hds file and the cache folder.

6. Restart Windows to rebuild new DRM MBR info.

7. Install and update playready from Windows Media Center.

8. Once PlayReady has been confirmed as working, create a new complete image backup to restore to in the event an issue happens again in the future.

I have 4 systems in my home all running Windows Media Center off of a Ceton InfiniTV 6 and have learned exactly how to resolve the entire issue on my own and have had all the possible scenarios. All listed here worked in one system or another one way or another, but, it is never the same between different systems for some reason.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#10

Post by Starflare5 » Fri Dec 12, 2014 1:54 am

Hey there,

I seriously want to delete this topic completely and start over because, I have all the information now on what is needed, and some of it negates, or, corrects what I've previously posted.

First of all, the Ugly and what Microsoft doesn't tell you:

If your system states that it wants to update PlayReady after the first, initial PlayReady update when you first set up Media Center was successful, then, PlayReady (and/or Windows DRM) may have crashed or the following conditions may have happened or are corrupt:

- Drive Signature changed or corrupted: This is the actual key that Windows DRM uses to determine if the content is on the system or drive it was originally stored or created on.

- Drive MBR changed or corrupted: We all know that if an MBR is corrupted, Windows will tell us one way or another. This is actually one of them. If the MBR does not match the MBR information stored in Windows DRM in anyway, shape, or form, this will set off PlayReady update. (If you use a bootloader, install it from the beginning or immediately after installing Windows before the Windows DRM registry key is written).

- Windows Media Digital Rights Management scheme has changed or updated: This is one that happens usually once a year around every October. This is also an indicator that your tuner's firmware may need to be updated to match the new scheme.

- A false positive may corrupt DRM: This is the oddest one I've experienced, but, this could be due to using an Ethernet Tuner (Ceton InfiniTV6 ETH). Essentially, what happens, is that Windows Media Center did not fully connect to the tuner (no spinning ring at Media Center startup), and, therefore states that there are no tuners available. For this, I need to make this clear: DO NOT REMOVE AND REDISCOVER OR REINSTALL TUNERS FOR WINDOWS MEDIA CENTER. If you rediscover or reinstall, it may corrupt Windows DRM and set off PlayReady Update to fail.

If PlayReady Update fails on the first, initial install and run of Windows Media Center, then the HDD was not sufficiently wiped and/or cleaned for the Windows installation and old DRM information is still in the MBR.

Secondly, The Bad and what you may have to do to correct the mess:

In most cases, once your system states that it wants to update PlayReady, and/or it fails on the initial install, there might be very little you can do to recover from it with the OS as it is.

- For you gamers out there, to put it into perspective, think of PlayReady as a game that can crash at any given time for a number of reasons like Fallout 3 or Fallout - New Vegas for which this has taught us to save, or backup often.

- Do not always trust Windows Restore or Windows System Protection: On all of my systems, I have this disabled. Not only for the reasons that it does not always work and space, but, also for the reasons, that, if you hit a virus on the internet at which your anti-virus cannot catch, it gets stored in your Windows Restore repository. In the case of PlayReady, if the drive signature or MBR has been changed or corrupted, this, will not help you and may even make the situation worse.

- Wipe all and wipe it good: You may have to completely, not only wipe your hard drive in a government wipe, but also, delete all volumes or partitions prior to reinstallation or restore/recovery.

- You may have to prepare your drive using another computer if reinstalling OS: To make sure you get to utilize all of your hard drive space for a reinstallation, you may have to use the Windows Computer Management Drive Management to create a new volume on the drive by using another computer. You may have to purchase a SATA or IDE to USB drive connector from ebay to do this for which they are actually really inexpensive. Just remember not to assign it a drive letter and that the MBR does not get created until an OS is installed.

And Thirdly, The Good, and what can be done:

In most cases, these are the only and best ways to recover from a possible PlayReady crash and ways to prevent a crash:


- Do not install tuner or initialize DRM unless you are ready to run Windows Media Center Live TV setup on a fresh install: Once you run any Windows Media Interface for the first time, enable media sharing, or install the tuner, it may initialize the Windows DRM key in registry located at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DRM for Windows 64 bit users or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM for Windows 32 bit users. It is suggested, that before this key gets filled out, make sure that you are actually ready to run tuner setup. PlayReady requires fresh data in this key before it can update correctly upon initial setup.

- A false positive situation is easily resolvable: Verify that you get a spinning ring at Windows Media Center startup that indicates tuner connection and initialization. In the case of Ceton InfiniTV6 ETH on a fresh install, initial Windows Media Center Setup may only allow you to access 4 tuners at that time , which, with this device, causes a false positive of tuners connected (spinning ring), but no tuners available. This is the ONLY case, where it is allowed to use the diagnostic utility to remove and then rediscover tuners and re-run Windows Media Center Live TV Setup. If the issue of no spinning ring or no tuners available happen after this point, and, If you have a diagnostic utility for your tuner, verify that all appears to be connected and working good. If it appears not, wait, or, restart media center and/or reboot the system and check again.

- If all is good, back up, and back up often: I cannot stress enough how imperative it is that a good backup be created of the HDD to restore from in the event a future PlayReady crash happens. It has saved me many, many times.

- Suggested backup solution is Acronis True Image 2013: I suggest this solution because it can store a complete image of your hard drive and even compresses the file at which the image is stored to roughly 1/3rd the size of your data. This also stores the MBR and Drive signature in the backup, plus, provides tools to clone a hard drive, or, do a government DOD (3 pass) wipe and partition deletion on your hard drive before you restore from back up. This even provides incremental backup and a better backup than system restore, and, the backups can go to an external drive or network drive. The recovery CD image even has networking drivers. The best places to get it for free is actually the manufacturer of your hard drive's website. For Seagate, go to http://www.seagate.com/support/downloads/discwizard/ ,and/or, for Western Digital, got to http://support.wdc.com/product/download ... dc_lang=en. If you want to download the actual, original version, you can see if you can order it from Acronis, or, torrent it and follow the installation instructions. Remember to create the recovery CD and recovery ISO.

- Remember all things when recovering: When restoring or recovering to a previous time when all things were good, remember to check and restore drive signature as well as MBR.

- Upgrades actually do not affect PlayReady: Contrary to popular belief and what's posted on the Microsoft website, you can actually upgrade, and even, change most of your hardware without affecting PlayReady. Just remember these tips:

- For system board, verify that it has a same brand similar or newer chipset. Older or different brand may set off PlayReady Update.
- For video card, same as for motherboard, however, also must have the same amount of memory, or, a larger amount of memory. Older chipset or less video memory may set off PlayReady Update.
- For memory, verify that it is of same speed or higher as other memory installed. Installing slower memory, or removing memory may set off PlayReady Update.
- For HDD, verify that it is the same size, speed, or larger and/or faster as the previous primary OS HDD, and, you may clone the old HDD to the new or replacement HDD without issue. A smaller, slower HDD may also may set off PlayReady Update and drive brand actually does not matter.
- Any other hardware can be changed and not cause an issue, even the tuner itself.

- Check Windows Update and Tuner Firmware: Around October or November, every year, Microsoft may update the Windows Media Digital Rights Management scheme to meet compliance of current Digital Rights Management Guidelines. This is also the best time to check for a firmware update for your tuner to also meet those guidelines, even beta firmware if available.

- When recovering to a replacement HDD after HDD failure: Provided that you created a backup using the previously mentioned tools, you can actually restore a backup image to a replacement or new drive without messing up PlayReady. Just remember to always restore drive signature which is exactly what is done in drive cloning as well, however, in recovery, if the replacement drive is larger, you may have to manually set the replacement drive's partition size.

Anyway, these are the best tips I can give to help with this issue as I have 4 systems that have been through it.

Starflare5.

Starflare5

Posts: 18
Joined: Mon Nov 10, 2014 10:41 am
Location:

HTPC Specs: Show details

#11

Post by Starflare5 » Fri Jan 09, 2015 11:18 pm

Special rules for Ethernet Tuners (Ceton InfiniTV and Silicon Dust HomeRun).

1. On a new install of windows, absolutely do not join or create a home group before installing the tuner software or drivers. Doing this will write to the DRM registry key due to media sharing and may cause playready to fail.
2. After freshly installing the tuner drivers/software and after a fresh reboot, run the Media Center tuner setup. Verify that there is a connection to the tuner by the long spinning ring during the second Media Center Initial setup screen. In the case of InfiniTV6, sometimes, upon first install, Media Center may only allow you to set up only 4 tuners. After this setup is complete, you must attempt to tune a channel, even if it states to you that there is no signal. This actively syncs Windows Media Center and DRM with the tuner.
3. After attempting this, stop and close media center, then, open the tuner diagnostic software and select devices, clear the tuner configuration, and then, discover tuners. Re-run Media Center TV Tuner set up from Tasks and it will find all 6.

Big Important Rule: Playready should never ask to update again after initial setup. If playready ever asks to update again after the tuner works successfully, DO NOT UPDATE IT. Check your network connections and you may need to reboot your HTPC and routers or switches as well as the tuner itself to get them to re-sync.

Note: Belkin Routers are known for notoriously causing issues with the Ceton InfiniTV 6. The best routers to use with this device are Netgear.

I just thought I'd add this section, thank you.

sailracer

Posts: 26
Joined: Tue Dec 18, 2012 10:09 pm
Location:

HTPC Specs: Show details

#12

Post by sailracer » Mon Jan 12, 2015 8:33 pm

Hi Starflare,

Thanks for the very informative post. I'm in the process of updating my OS drive from a 1TB HDD to a 240GB SSD and am having a little trouble. Would you mind answering a couple of questions?

I offloaded enough secondary files from the 1TB drive to get the OS and important files down to ~120GB and then cloned that drive onto the 240GB SSD. I can boot into Windows 7 from the SSD now, but when I tried to tune live TV from my Ethernet connected HD Homerun Prime it said no signal. I didn't try watching any DRM protected recordings I have, but after reading this thread and others I am going to go try that tonight. When I switched back to the HDD, everything worked fine.

What do I need to do get the tuner to work? I am hesitant to experiment because I don't want to mess up the DRM stuff.

Thanks!

sailracer

Posts: 26
Joined: Tue Dec 18, 2012 10:09 pm
Location:

HTPC Specs: Show details

#13

Post by sailracer » Tue Jan 13, 2015 12:32 am

sailracer wrote:
What do I need to do get the tuner to work? I am hesitant to experiment because I don't want to mess up the DRM stuff.

Thanks!
I think I have answered my own question. I ran the rescue disk created by the clone utility and checked off all the items related to MBR restoration, disk ID, etc. and after rebooting everything worked perfectly. The tuners worked and recorded copy protected material still played.

robnitro

Posts: 35
Joined: Thu May 03, 2012 10:13 pm
Location:

HTPC Specs: Show details

#14

Post by robnitro » Mon Sep 12, 2016 6:26 am

FYI this technique was a hail mary for me and did not work.
What worked for me was to delete bad/weird certificates from the store. But be careful, here's a post with a screenshot of what I currently have.

http://www.thegreenbutton.tv/forums/vie ... 65#p110465

Paul Anderegg

Posts: 166
Joined: Sat Apr 21, 2012 4:39 am
Location:

HTPC Specs: Show details

#15

Post by Paul Anderegg » Thu Jul 19, 2018 2:09 am

I am preparing to use Acronis to switch from an NVME to normal SATA drive in my Windows 7 MCE, in order to have additional and easier recovery options while dealing with DRM delicate resets. My tuner keeps disconnecting from Media Center, so want to try resetting Media Center, in place Windows 7 install etc, but in order to recover in Windows 7 without weird custom building and injecting NVME drivers, I want to just use the old school SATA tools.

What is the best way to go from NVME to SATA with Acronis...just full backup, then restore to dissimilar hardware and DRM is happy? Will a remove MCE and add MCE in Windows break old DRM? Will a system image from the NVME restored to the SATA break old DRM?

I have had an easy time swapping CU's and video cards, even tuners in this PC, without any DRM problems for the last three years. Crossing fingers!

Paul

Sammy2

Posts: 1708
Joined: Fri Aug 24, 2012 7:35 pm
Location:

HTPC Specs: Show details

#16

Post by Sammy2 » Mon Jul 23, 2018 5:47 pm

Paul Anderegg wrote:I am preparing to use Acronis to switch from an NVME to normal SATA drive in my Windows 7 MCE, in order to have additional and easier recovery options while dealing with DRM delicate resets. My tuner keeps disconnecting from Media Center, so want to try resetting Media Center, in place Windows 7 install etc, but in order to recover in Windows 7 without weird custom building and injecting NVME drivers, I want to just use the old school SATA tools.

What is the best way to go from NVME to SATA with Acronis...just full backup, then restore to dissimilar hardware and DRM is happy? Will a remove MCE and add MCE in Windows break old DRM? Will a system image from the NVME restored to the SATA break old DRM?

I have had an easy time swapping CU's and video cards, even tuners in this PC, without any DRM problems for the last three years. Crossing fingers!

Paul
Probably not the same but I went from a spinner to an SSD and then upgraded that SSD to a larger one with Samsung Magician and never lost access to DRM recordings through WMC. I should note that the recordings were on a separate drive too.

Post Reply