MS DRM Version 2 - Cracked

As the title says: Microsoft Digital Rights Management Version 2 has been cracked. The Register has the story, including a link to a downloadable zip file which contains source code, explanation and a small DOS utility. Grab it while you can. You can also read the explanation directly here, and you can also find it with Google.

Well, of course

[TechnoVooDooDaddy (470187)]

in the immortal words of someone who's name escapes me:

"Information wants to be free."

There's a lot of bored but bright minds out there, and putting mountains up in their way just BEGS them to be climbed. As the old adage goes, Why do people climb mountains? well, there's actually 2 reasons, 1) because they're there.. 2) they're in the way of where you're trying to go..

*yawn* nice try MS, better luck next time eh?

What I don't get is why not use some proven technologies to get this done right? secure key-based encryption, rotating key servers, etc?

The obligatory correction

[invalid_user (253723)]

It's Stewart Brand, and it's one of the most abused quote of our time.
[anu.edu.au]
http://www.anu.edu.au/people/Roger.Clarke/II/IWt bF .html

Re: Well, of course

[Desco (46185)]

M$ DRM already cracked... What's really funny is there's not much media available that takes full advantage of this medium for it to make a lick of a difference.

Thus continueth the cycle:
1. A few people pirate software/music.
2. Corperations get pissed at piracy.
3. Corperation spends millions on development of an anti-piracy scheme.
4. Corperation has to raise prices to compensate.
5. Scheme gets cracked within DAYS of release.
6. More people pirate because prices are higher.
7. Goto 1.

Information doesn't *want* to be anything

[mblase (200735)]

The notion that "information wants to be free" is a rather interesting case study of anthropomorphism gone horribly wrong. Information doesn't want anything. Truth, the facts, raw data, none of them want anything. They're just sentences, numbers, claims, opinions, ideas. Unless you're willing to extend the definition of a meme to the extreme, they're hardly capable of even Darwinian ambition.

But people often want information -- want it to be free, or secure, or copyrighted, or burned, or locked away for the greater good. People want the latest news, the biased studies, the most accurate statistics. They want each other's secrets, their inventions, their inspirations, their dirty laundry . They want to be the first in the know, the winner in the argument, the smartest in the class. They want to be told what to think, to make others think like themselves, and to be the first with a new idea.

People in the Western world are conditioned to believe that with a little applied brain power, they can be anything they want. So they insist that information should be free, despite omnipresent evidence to the contrary. They ignore the fact that library books cost ten cents per day late, that a reliable Internet connection costs fifteen dollars a month, and that university tuition costs four thousand dollars a year.

Knowledge is power. The right kind of information is all that's needed to upend governments, bankrupt companies, exile citizens, and execute prisoners. It can turn a housewife into a millionaire, a CEO into an inmate, and a celebrity into a punch line. A poor man will kill for money, but a rich man will kill for secrecy. The patent office is filled with millions upon millions of facts which are worth anywhere from pennies to princedoms to the right people.

Information doesn't want to be anything. Information just is, which makes it an asset, which makes it vulnerable to the economic laws of supply and demand. So if your information is about Linux, it's probably worth nothing at all, save your reputation as a programmer. But if your information is about, say, Microsoft Office... in that case, it's worth whatever Bill Gates can get you to pay.

But I *like* the pathetic fallacy!

[Nindalf (526257)]

I don't consider the pathetic fallacy (describing a phenomenon as if the objects involved were humans acting it out) to be a fallacy at all, but a useful metaphorical device.

"Water seeks its level." - no, sufficient quantities of water tend to be arranged by the force of gravity over time such that its open surface is roughly equidistant from the center of gravity

"Opposite electrical charges are attracted to each other." - no, there is a force on any two objects of opposite electrical charge each toward the other

"Information wants to be free." - no, it is difficult for one party to limit the distribution of information to only those parties it approves of

The common quotes are shorter and more digestable, literal truth is not relevant compared to effective communication.

On the other hand, the literal expressions are more likely to be left alone by those who don't understand them.

When will they learn?!?

[SealBeater (143912)]

Its not like ANY protection scheme that I can think off hasn't been broken. So far, it looks like nothing will ever not be broken.

Corps: 0, Hackers:...shit, I lost count.

SealBeater

Re:When will they learn?!?

[Slak (40625)]

As Thomas Jefferson said, "The price of Copy Protection Schemes is eternal vigilence and endless lawsuits."

Regards,
Slak

to no end

[Rinikusu (28164)]

You know, the antics of the music industry (and the kind of thing that MS is kowtowing to with their DRM scheme) really pisses me off, but also convinces me that there will eventually come something to replace them both.

But, know what? It's their property. If they want to fuck up their distribution channels, fuck em. I can do without "so-called" modern music anyway. I go see live bands locally, get lit, and have a great time and I didn't need to buy a fucking copy-protected by the DMCA CD or cassette or anything. These guys are out there trying to make a living, maybe you should check em out. And if you catch them after the show, you might can convince them that they should distribute their songs on CD's for cheap and ask them (ask them) about how they feel about MP3's and music-sharing in general. Of course, they might not agree with you (or myself), but they have that *right* to do so.

So, I encourage, nay I *challenge* each and every one of you who would boycott MS or the RIAA to pick up a local newspaper and see what's going on in y our town this weekend. Chances are, there's a band or two actually worth checking out, and hey, it's not like you're going to meet chicks sitting behind your monitor.

Oh, and on-topic: Rock on Beale! I'm encouraged to see that grassroots hactivism coming alive! :) (hacker used in "coder" definition) Keep up the good work and keep fighting the good fight.

Re:to no end

[Anonymous Coward]

But, know what? It's their property.

No it's not. That's the whole point - US copyright does not create property rights. The actions of the copyright holders in shifting the terminology of the debate to the language of property rights means they've already almost won. After all, who agrees with stealing? But if they don't own it (and they don't - you paid for it), it ain't stealing...

Re:to no end

[sydb (176695)]

So, I encourage, nay I *challenge* each and every one of you who would boycott MS or the RIAA to pick up a local newspaper and see what's going on in y our town this weekend. Chances are, there's a band or two actually worth checking out, and hey, it's not like you're going to meet chicks sitting behind your monitor.

Chicks, take this as a warning: stay home this weekend.

Re:to no end

[unitron (5733)]

How surprising that you were unable to develop a meaningful relationship with a young lady WHILE SCREAMING BACK AND FORTH IN ORDER TO BE HEARD OVER THE MUSIC.

Good news

[aurorascope (466416)]

This is good news. Why? XP is just about to be shipped into retail stores. MSFT can't really do much about it now unless they release some Windows update - which is unlikely to catch 56k'ers attention much.

Here's the article just in case you can't reach it

[Anonymous Coward]

MS digital rights management scheme cracked
By Thomas C Greene in Washington
Posted: 19/10/2001 at 09:19 GMT

An anonymous coder named 'Beale Screamer' claims to have broken the Version-2 Microsoft digital rights management (DRM) scheme, and has produced the source code and a DOS utility to un-protect .WMA audio files.

The author's zipped file contains a lengthy description of the MS DRM weaknesses, a philosophical tract explaining why he thinks it necessary to crack, the source code, and the command-line utility.

The alias Beale Screamer, incidentally, derives from the lines of 'Howard Beale' in the movie 'Network', we're told. "Just yell to the publishers 'I'm mad as hell, and I'm not going to take this anymore!'"

The motive here is said to be an assertion of fair use and a check against the abuse of copyright for purposes of consumer extortion.

A DRM scheme "used to give the consumer more possibilities than existed before," Screamer tells us. "I think the idea of limited time, full-length previews, or time-limited Internet-based rentals is excellent. If DRM was only used for this, in order to give us more options than we previously had, I would not have taken the effort to break the scheme. What is bad is the use of DRM to restrict the traditional form of music sale. When I buy a piece of music (not rent it, and not preview it), I expect (and demand!) my traditional fair use rights to the material. I should be able to take that content, copy it onto all my computers at home, my laptop, my portable MP3 player....basically anything I use to listen to the music that I have purchased."

Well said; a tremendous amount of thought and effort has obviously gone into all this, and we have to wonder who this crusader is. A university connection seems all but certain. We've got a few feelers out, and hope very much that he'll submit to an interview soon.

Be careful out there!

[CProgrammer98 (240351)]

This from the "readme" that comes with the zip:

Not only can MS revoke the certs used, it looks like they can also screw your system if you use tricks like this....

WARNING!!!!! I have just learned that the new Microsoft Media Player EULA includes a clause that says they can *automatically* modify the software on your system, without any confirmation from you required! In other words, they can disable your software, or force an upgrade so that FreeMe won't work, just because they feel like it. Be careful out there!

Re:Be careful out there!

[fermi's ghost (215002)]

Zone Alarm just told me that Windows Media Player is tring to ping my default gateway.

Now WHY would it want to do that? Is it part of a security scheme?

If it tell ZoneAlarm to not allow Internet access to WMP, am I in violation of DMCA? Is ZoneAlarm a circumvention tool?

Re:Be careful out there!

[JCCyC (179760)]

Is there a Scientology Microsoft connection? Their tactics seem awful similar sometimes.

Believe it or not, yes there is! Take a look at this e-mail I got. Fell free to check the sources:

<old Inbox digging>
>> Well, personally I did stay away from Windows 2000 not because of product
>> activation keys, but because I do not and will not support dangerous
>> organizations like Scientology, and cannot entrust a system which
>> includes their Diskeeper disk maintenance software with any sensitive data.
>>
> WHAAAAAT???? Scientology makes software included in Windows?????

Yes, they do, unfortunately.

> Where did you get that information from?

Well, this has been in the technical press in Europe for months in 1999 and 2000 and it was part of a boycott campaign against Windows 2000 for this very reason. These are not rumours, but proven facts.

Major parts of the disk maintenance software in Microsofts Windows 2000 are written by Executive Software, a software company led by and heavily influenced by very "high" Scientologists. They even talk (or talked - I havent visited them recently) about this on their web-site.

Offical German government and church authorities asked Microsoft to remove this code or open it up so that it could be checked for possibly included malware, but Microsoft refused to do this and just said they could not understand the problem and that this would be a form of religious discrimination...

Meanwhile Microsoft has published patch instructions (at least here in Germany) how to remove this component from Windows 2000, but I am afraid I can no longer trust them.

PS. If you speak German, I suggest to check ct magazine at www.heise.de. They have backlogs of all their articles available, and you should be able to find the issue discussed in all details and with names, dates, and cites in there. Otherwise, a search engine like www.google.com might help to point you to similar info in English.
</old Inbox digging>

Shocking!

[Smuffe (152444)]

A Microsoft security hole?
Anonymous M$ exec1: We're hacked? Again?
M$ techie: No, we're not hacked. The MDRM v2 is hacked. We... (is interrupted)
Anonymous M$ exec2: We're hacked! Didn't the hacker read our last bulletin on that? It's wrong to post exploits we don't know about. It's almost against the law! Or rather, it should be!
Anonymous M$ exec1:Good idea. I'll give our lawyers a call! I'm sure its in the DCMA somewhere. Thats why we invented it, remember?

/Smuffe

Re:Shocking!

[cybercuzco (100904)]

I'm sure its in the DCMA somewhere. Thats why we invented it, remember?

microsoft didnt invent the DMCA, that would have actually required INNOVATION. The music and movie industries invented it, MS is just embracing and extending.

Wow this guy is great....

[Johnno74 (252399)]

... He's got a real pair of clangers for doing this and releasing it! I really hope he stays anonymous.

He's done a very thourough job of reverse-engineering too. Read his README file, very interesting... some quotes:

"One very important effect of this scheme is that Microsoft fully controls who gets to write modules that interact with the basic Microsoft media modules. Without a certified public key (and the corresponding private key) it is impossible to write a compatible DLL that interfaces with their code. Since Microsoft controls the issuing of certified public keys, they also have complete control over who is allowed to make compatible and competing products. Microsoft's reputation for being generous to competitors is well-known, so this effectively gives Microsoft a technically guaranteed monopoly power."

And his 'Messages' at the bottom:

"Microsoft: You guys have put together a pretty good piece of software. Really. The only real technical flaw is that licenses can't be examined for their restrictions once they are obtained. My real beef is with the media publishers' use of this software, not the technology itself. However, it's easy to see where software bloat and inefficiency comes from when this code is examined: every main DLL has a separate copy of the elliptic curve and other basic crypto routines, and parameters passed back and forth between modules are encrypted giving unnecessary overhead, not to mention all the checks of the code integrity, checks for a debugger running, code encryption and decryption. Perhaps you felt this was necessary for the "security through obscurity" aspect, but I've got to tell you that this really doesn't make a bit of difference. Make lean and mean code, because the obscurity doesn't work as well as you think it does.

Justice Department: Maybe this should really be addressed to the state officials, since it looks like the current U.S. administration doesn't care too much about monopoly powers being abused. But for whoever is interested, there is a very serious anti-competitive measure in this software. In particular, for various modules of the software to be used, you must supply a certified public key for communication. Guess who controls the certification of public keys? Microsoft. So if someone wants to make a competing product, which integrates well with the Windows OS, you will need to get Microsoft's permission and obtain a certificate from them. I don't know what their policy is on this, so don't know if this power will be abused or not. However, it has the potential for being a weapon Microsoft can use to knock out any competition to their products."

Well said.

I agree, very impressive!

[BLKMGK (34057)]

Read it all - Microsoft used SHA-1, Eliptical Curve Encryption, a bastardized version of Base64 encoding, and I think even the kitchen sink to try and keep this from being reversed. They encrypted the comms between DLLs (!) to prevent anyone from being able to get anything from the calls going back and forth must have added a ton of overhead with all of this encryption. They even move the location of the key pairs on each machine that this junk is installed upon in order to prevent the keys from being easily extracted. Kripes, Microsoft went so far as to build in the capability to REVOKE the keys if they were ever published - this hack must be killing them :-)

All of that would've worked except that the code that actually USES the keys has to know where they're located and THAT code's location is static (lol). The author simply used THAT code to pull the keys for the decryption - I love it. I'll bet some poor schmuck MSFT techie is smacking his head going "Dammit!" right about now.

I'm not sure how Microsoft could've stopped this - obviously their bulletproof EULA didn't work (lol). At some point in the code something has to know how to pull the needed keys and I cannot imagine how they would've been able to shift the code that does the calling in every copy of Windows - something has to be static somewhere or at least the code to find the location does :-)

Since Microsoft used code to detect debuggers I have to wonder how he did this - hacked the debugger too? Hack the code to stop the detection of the debugger? Or decompile the code in some fashion and step through it? (shiver)

If this was the creation of a single individual or even a team it's damned impressive! I hope that The Reg gets it's wish for some sort of an interview granted and that this person or team of persons releases more insightful cracks. This was pretty sweet IMO, my hat's off to this effort!

Just like deCSS

[teraflop user (58792)]

This is just like the deCSS hack - a good piece of work exposing a flawed implementation of a rights management scheme.

However, at the moment two little differences are apparent:

1. This doesn't allow you to decode .wma files on Linux - the decoder still requires the MS dll to get the keys out for you.

2. The author has remained anonymous! No DMCA prosecutions here, assuming she has covered her tracks properly.

It could be . . .

[hawk (1151)]

> Don't worry. Some people, for whatever reason, use the male form all
> the time.

Several years ago, I took a class from Halmos (Yes, *that* Halmos, though I did
n't realize who he was at the time. It set in years later when a graduate class
stopped cold at a mention of taking his class).

Anyway, in the middle of his first lecture, he suddenly went on a detour about l
anguage, adjectives, and the like. He noted that some languages have the male a
nd female gender, some have male, female, and neutral, and that some have a pron
oun for uknown gender. And I quote rather directly, "English is one of those la
nguages. The pronoun is 'he'. So you will excuse me if I do not say 'he or she
'."

He then proceed mid-sentence on set theory.

In the enlish language, "he" does not imply gender unless the context shows othe
rwise. It is used for both the male and unknown pronoun. "She," on the other h
and, does indicate gender.

So for those of you wondering why some of us always use "he" in the unknown or g
eneral case, it could very well be because we're speaking English, rather than e
ngaging in an Orwellian campaign to change the way people think by modifying the
language.

hawk

Digital Rights Management?

[zarathustra93 (164244)]

When are MS, Sony and others going to learn that any sort of system like this will be broken? They should take a tip from the gaming industry.

I was excited to get a sony mp3 player as a gift last year. Until I realized that it used a proprietary format, atrac3. It will only allow me to load a particular piece of music 4 times. I've even loaded the music I make on it, but I am still subjected to this limitation. HELLO, it's my music, I made it,I own the copyright.

Digital Rights Management is there only to help support the massive amount of proffit that the recording industry is used to making. Well, I have a message for these people: The days of the $20 CD are long gone. Charge a fair amount of money for your product, and people will buy it. If you continue sticking it to the customer, they will break your systems and get it for free. Evolve or die. It's that simple.

http://www.assasins.net

A mirror for the zip

[Mik!tAAt (217976)]

Here's a mirror [student.oulu.fi] to the .zip file. Hope it helps.

Fair use: a birth right?

[Rob Kaper (5960)]

During a (anti-)DMCA presentation at school, the smartest question I got was
the following: is fair use a birth right or simply a result of the sale
contract?

If it's the latter, there's nothing we can do but informing people and
refusing to buy products with fscked up sale contracts (limiting fair use).

Maybe fair use is nothing more than a tradition and something we've grown
used to. And not "right", by all means. Is the limitation in copyright
(which it is) written in the books of law?

Re:Fair use: a birth right?

[firewort (180062)]

Much of fair use comes from 17 USC 107:

Sec. 107. Limitations on exclusive rights: Fair use

Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -

(1) the purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in
relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or
value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.

The rest of fair use comes from tradition. What is codified here, we need to fight to protect. What rights we assert from tradition, we need to fight harder to codify.

Re:Fair use: a birth right?

[tdye (308813)]

Fair use is part of the copyright law itself. Its intention is to prevent people from having to pay to excerpt from works for educational or other purposes, and it's been interpreted to also include what's known as 'time-shifting'. Basically, you can record a broadcast or make oa copy of a work so that you can read, watch, or listen to it later. You can even share it with your friends, i.e. you can give/loan your ST:TNG tapes to a friend without having to pay Paramount. You can't sell them, however, or profit in any way from the exchange (or broadcast or whatever).

The problems began when someone figured out how to share a copyrighted work with 16 million people at once... the fair use section of the copyright law makes no mention of scale, because it never occurred to anyone that you might be able to saturate the market with unlimited perfect copies while also charging $0.00 per copy.

Of course it's not only possible, but easy and convenient. The root problem is, copyright enforcement and fair use of digital material are now mutually exclusive concepts. It's no longer possible to have both.

So to answer your question, it's part of the law itself, and could conceivably be amended, repealed or restricted with new legislation. The holder of a copyright binds himself to the fair use doctrine when he applies for the copyright, not the purchaser when he agrees to an EULA or buys a work. 'Fair use' is not a right enumerated in the Constitution, though some may argue (convincingly IMHO) that perhaps it ought to be.

Not that useful

[CProgrammer98 (240351)]

This ONLY applies to version 2. The vast majority of protected fiels are protected with version 1. This code DOES NOT crack version 1 files, so it's not a good deal of use yet. I suspect that by the time v2 is in wide use, MS will have done something to stop this (see my other post about how MS can modify your software if you break the EULA)

Of course, Linux users don't even have to worry about this.

How this could be useful

[eulevik (258261)]

Lots of people encode with WMA, reformat their machines or whatever and have lost their keys.

Would it be possible for someone to use this work to create a fix for these people?

Nice timing

[CaseyB (1105)]

including a link to a downloadable zip file which contains source code, explanation and a small DOS utility.

What a wonderfully timed response to Microsoft's recent complaint about releasing sample code [slashdot.org]!

RTFPPINZ !

[kc0dby (522118)]

PPINZ you ask? Philosophy Paper In The Zip. Pretty good read, if you ask me. An Excerpt- Making a copy of an item doesn't in any way remove that item from the original possessor, so "theft" is clearly an inaccurate terminology. However, the publishers' insistence on using that word, and the public's acceptance of it, means that a much more negative light is cast on an action that, while wrong, is nowhere near the severity of a true "theft." After reading this I feel I owe the world an apology. Dear World. I am profoundly sorry for 'stealing' all that music. I am not a selfish person, but apparently I am an ignorant one. Here, all this time I thought I was copying all that music, not moving it. And to think, all those songs I have on my hard drive are no longer held by the publishers and radio stations. I was beginning to wonder if the worlds tastes were suddenly changing, as all I heard were boy bands and implanted teenage girls on the radio. Now, I come to find, that I am the reason for this trend. All the good songs are on my hard drive, and this is all the publishers had left. They even went to the extent of "manufacturing" artists to compensate for all those I have stolen from them. For this as well, I apologize. I know this music sucks, and nobody should have to listen to it, but in my ignorance I thought the old standbys would remain, even if I downloaded them. And to think of the moral implications of downloading the music of deceased artists. Never again will these songs be heard! I will be burning all of these songs to CDR and mailing them to the RIAA, so that we may have the beautiful music of our culture again. Sorry O-town, I have a feeling you'll be the first to go.

DRM is dangerously counterproductive.

[Nindalf (526257)]

To me, fair use rights aren't a big concern. If you can see it or hear it, you can get an adequate sample for fair use with a cheap camera or audio recorder. You don't need perfect digital video samples to make your point for a review.

The larger issue here is this desperate attempt to cling to a ridiculously outdated and inefficient method of securing profit in return for desirable intellectual production.

Put in simple terms, DRM hurts our economy. Very, very badly.

Economic growth comes from improvements of efficiency, clearing out the dead wood and finding a use for it elsewhere. Following the analogy, DRM is better systems of stakes and cables holding the dead wood from being carted off.

There is a whole ridiculous, unproductive structure built around milking every penny out of copyrighted works. This is justified essentially by accusing every citizen of the stupidest kind of miserliness, unwilling to give a dime to make they're favorite movie studio make another next year, but willing to pay a dollar as long as you don't let them into the theater otherwise.

Yes, there are people out there like that, but I don't believe they're the majority for a second!

The tools [buskpay.com] are out there, and could be supported and working everywhere in weeks if people want them to be. Don't like the details of that system? Propose another. It's not rocket science: donation doesn't need real-time verification, so it's an easy problem, as long as we agree on some system.

Once people get in the habit of freely parting with their pocket change for things that they'd gladly pay much more for, copyright will be a ridiculous anachronism, and we can finally get on with reaping the benefits of the information age.

The music industry is overvalued

[maddogsparky (202296)]

The whole industry was created to satisfy a market: the desire to pay for quality music. When that market was established, very few had the ability to promote, record, manufacture and distribute music. Large companies grew up to fill that niche, where economies of scale made music available to the masses.

The problem is that the major premises have gone away. The internet allows easy promotion and distribution. The cost of decent caliber recording equipment has come down and many independent sound studios exist that cater to home-town artists. MP3s and Ogg Vorbis reduces the manufacturing requirements to a computer and compression software. If a CD is requested, the cost to burn a CD is less than a couple of dollars, including the shipping.

The music industry as we have known it is based on premises that no longer are based in real world technical or logistical limitations. They realize that the only way to continue their existance is to artificially constrain access to their product. If they do not, they will continue to lose potential business to the artists who choose to publish themselves and to the businesses who cater to them.

The US constitution grants patents and copyrights to promote science and the useful arts. If they are using copyright law to limit the spread of good music by closing down distribution and manufacturing channels that are more efficient than their own methods, then they are doing so illegaly. I don't see how it is possible to promote a useful art by constraining its difusion.

Re:DRM is dangerously counterproductive.

[Tackhead (54550)]

> As for your claims that "DRM hurts our economy...very badly", well I have to basically leave that since you provide no evidence - just faith - that the absence of DRM would HELP the economy. I can't see how preventing people from illegally distributing and copying music and software they don't own can possibly HELP the economy.

Really? Consider this:

Suppose I produce $50,000 worth of code in a year. My employer hands me a fat check. After taxes and living expenses, I have about $10,000.

Scenario 1: I purchase 588 compact discs (at $17 each, for $10,000) of RIAA-approved content.

• Some artists get $600 to spend on tax, living expenses, guitars, and syntheziers.
• The music seller gets about $2500 or so. He buys food with it.
• A CD pressing factory gets about $1000. They buy fancy chemicals and mastering equipment with it.
• Hilary Rosen and her friends get about $4100 to spend on hookers and booze Congresscritters, to pass more laws to restrict my freedom.

Scenario 2: I download the music "for free".

• A premium USENET provider gets $500 to buy servers and fat pipes with.
• My ISP gets $500 to buy servers and fat pipes with.
• 588 CDs is about 700 hours of music, and at 192kbps. A CD-R pressing factory gets about $50 for a spindle of 200 quality CD-Rs. (one for originals, one for backups)
• A hard drive manufacturer gets $250 for a 100G drive.
• I drop about $1000 on hardware - mostly wiring and cabling and speakers - and wire my entire house for sound. When my friends can hear any song they want, in any room of the house they want, any time they want, they ph33r me, and want to do the same themselves.
• Oh, shit, I still have $7700 left!
• ...$7100 when I'm paying $600 through Fairtunes.
• In the pretense of evening this out, I decide I'm willing to operate under the same economic handicap that Hilary Rosen has, so I drop the $4100 to EFF and let them buy Congresscritters instead.
• Even after this, I still have $3000 of capital left over to invest in an IPO - the direct funding of new ideas and businesses.

Now... explain to me again why paying $17 per CD is good for overall economic growth?

Microsoft's advanced crytpography techniques..

[FeatherBoa (469218)]

are exposed in Beale Screamer's Technical Details document enclosed in the Zip:

Microsoft has decided to use the non-alphanumeric character '*'
instead of '/', and '!' instead of '+' in some places, and in other
places they replace '/' with '@' and '!' with '%'. This means that
any software dealing with these strings cannot use a standard Base64
decoder, but must use a custom-build decoder.

Another Addition to the Collection

[derrickh (157646)]

I'll put this in the same folder as DeCSS. I wonder how much money it cost to develop MSdrm? All that cash...wasted.Buahahahaha

D

Copyright Regulation

[javilon (99157)]

I really like the quote he/she makes on the Philosophy paper:

"One final quote from Vaidhyanathan, this time talking directly about
the DMCA:

This law has one major provision that upends more than 200 years
of democratic copyright law. It forbids the "cracking" of
electronic gates that protect works - even those portions of works
that might be in the public domain or subject to fair use. It puts
the power to regulate copying in the hands of engineers and the
companies that employ them.
"

As it happens, this is an "autoemployed" engineer using the power that the U.S.A. laws have given engineers to regulate the use of this copirighted material, in this case allowing access to it :-)

Ironic...

What's all the fuss about?

[WildBeast (189336)]

I cracked the thing the first time I used it. I don't know about other versions but with Windows Media Player 8, the first time you start copying a CD to WMA it'll ask you if you want to use the Digital Rights Management and explains what the whole thing is. I simply answered NO.

Sometimes you people are too complicated.

Zip file mirror

[Bonker (243350)]

Register is handling its slasdotting with grace... but not perfectly. Here's a mirror of the zipfile. It contains an EXE and several C src files.

http://www.furinkan.net/mirror/657.zip [furinkan.net]

MSDRM sounds like the work of...

[Kamel Jockey (409856)]

This kid we had interning with us for a few months. Said using MS Visual C++'s built in RSA encyrption schemes was "too hard" so he thought he could go and write "something better" in 3 hours. :)

I'm just gonna stick with Windows 98 First Edition for now hehehehe

You idiots! Why did you do this /NOW/?

[Telek (410366)]

Let me ask one question...

You have a DRM technology that is OBVIOUSLY crackable (as all are), and a stupid industry that has just decided that they should use this technology, but hasn't yet implemented it in many places yet.

Do you:

A) crack it NOW and therefore allow the industry to quickly switch to a "better" scheme because it's not implemented yet
-or-
B) wait until it's in use everywhere and THEN crack it once it's too late for them to switch back?

What do you think would have happened if CSS was cracked after the first 2 DVDs were released? They would have changed the scheme really quickly.

HAVE PATIENCE. WAIT until THEY CANNOT SWITCH BACK, and then hack to your hearts desire.

Argh. This just puts more ammo in the pockets of the industries to give us MORE RESTRICTIONS instead of a stupid scheme that doesn't really hamper things a lot and can be cracked AFTER they commit.

Argh. Sorry needed to vent.

Well I tried it..

[blowdart (31458)]

Well as I'm working on stuff based around the MS DRM platform right now (look just shut up ok?), I was interested to see if it would work. From the comments here it looks like no-one tried it yet.

Guess what. It doesn't work. At all. I generated a whole bunch of protected files, with varying license rules, and it couldn't work with any of them.

Still, the technical documentation was a nice read.

It's bound to be cracked at some stage, this just isn't it. Even microsoft themselves say that there are ways to get around it, unfuck for example.

Slashdot could have been first with the story:

[ssimpson (133662)]

But:

* 2001-10-18 23:08:39 Microsoft Digital Rights Management broken? (articles,news) (rejected)

Yeah, I'm the person who spotted this on sci.crypt and got it mirrored on www.cryptome.org.

If Slashdot would have published my story last night then they'd have been breaking the news rather than chasing after the register. Sigh.

Re:Nice

[Chainsaw (2302)]

There are other countries other than the States, if you haven't noticed yet. Several of them, like Sweden, doesn't even make software algorithms patentable. So, if this was made outside the US, it might be perfectly legal.

Re:Nice

[firewort (180062)]

Except, as Dmitry Sklyarov learnt, if you write something outside the US, but it's available to those inside the US, and you travel to the US-- you'll be nabbed in a heartbeat.

plan your vacations carefully, until we get that law struck from the books.

Re:Nice

[32xts (163190)]

Until Sweden finds itself wanting more McDonalds and Brittany Spears CDs.

They have Meatballs & Abba, why would they want the alternatives?

Re:Nice

[Anonymous Coward]

>I hate to say it, but it's illegal according to the DCMA, to reverse engineer and distribute the code. But,
>since I don't give a fuck about the DCMA, I'll be downloading too.

In the US, yes... the Reg resides in the UK and the EU "Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs" states the following:

Article 6 Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs...

By putting it on its own server Reg is pretty much trolling Microsofts legal department. Way to go!

JK

Re:Slashdotted already

[Dr_Cheeks (110261)]

What the hell, here's the zip, though since I've only paid for the cheapest hosting option don't be too surprised if it gets /.ed fairly quickly too. I can't be bothered mirroring the story, but pretty much all it says is that it's been released and the Reg like it.

Get the zip at http://www.club-foot.co.uk/booty/657.zip [club-foot.co.uk] (90-ish Kb download).

Re:irresponsible

[Dimensio (311070)]

You have a good point about the suggestion to grab the DRM cracking utilities [iglou.com], though I disagree with your sentiments that violating MicroSoft's copyright is somehow justifiable. Microsoft's engineers worked hard to create an effective system for helping large corporations control their copyrights and here some anonymous hacker has broken [iglou.com] all of their hard work and rendered the fruits of their money and efforts worthless, all in a single package [iglou.com] that you can download here [iglou.com]. Slashdotters, you should be ashamed that you are being encouraged to download this file [iglou.com] and HeUnique should be ashamed for suggesting that people grab this file [iglou.com].

Cries of "fair use" do not render valid laws and copyrights obsolete. Just because DRM is easily circumvented [iglou.com] is no excuse to ignore Microsoft's intellectual property [iglou.com].

Not, it won't

[Sycraft-fu (314770)]

The thing is that before a peice of software can be used, music be listened to, etc it MUST be decrypted. You can have all the stong crypto you like, it has to be in an unencrypted format before it's usable. Ok well this means that all the components necessary to decrypt it and make it usable must be included. You can mess around and obfuscate all you like, in the end your software still has to be able to decrypt the program so it can be run, and that means the hackers can trace through your code and find out what you are doing and how to do it themselves.

This is how all the SafeDisc unwrappers and the like work. They get all their info from the very files SafeDisc uses, extracts the necessary info, and then unwraps the .exe and gives it to you. The only difference between it and the real SafeDisc is that SafeDisc unwraps the program to memory and runs ut each time, these crackers unwrap it and write it to disc, so you can use it whenever you like without copyprotection.

The reason why encryption is normally secure is it assumes two trusted parites. If I send something encrypted to you, it is assumed that you have the necessary means to decrypt it and that is what I want you to do. For example suppose you and I regularly encrypt our stuff with a semetric encryption algroithm like Blowfish. We both have a key that we use to talk to eachother. We both know this key, but nobody else does. In that way we can lock the data so that only we are able to unlock it. Well this only works because I WANT you to be able to decrypt the data. Well with copy protection the idea is they DON'T want you to be able to see the data, so they encrypt it. Problem is, your processor needs it decrypted. That means they HAVE to give you the key to decrypt it. They can hide it and obfuscate it, but it has to be there, otherwise it doesn't do any good. Well, that means you can find it, and use it to unlock the data they sent you.