MS DRM Version 2 - Cracked

As the title says: Microsoft Digital Rights Management Version 2 has been cracked. The Register has the story, including a link to a downloadable zip file which contains source code, explanation and a small DOS utility. Grab it while you can. You can also read the explanation directly here, and you can also find it with Google.

Re:Nice

[Chainsaw]

There are other countries other than the States, if you haven't noticed yet. Several of them, like Sweden, doesn't even make software algorithms patentable. So, if this was made outside the US, it might be perfectly legal.

The obligatory correction

[invalid_user]

It's Stewart Brand, and it's one of the most abused quote of our time.
[anu.edu.au]
http://www.anu.edu.au/people/Roger.Clarke/II/IWt bF .html

A mirror for the zip

[Mik!tAAt]

Here's a mirror [student.oulu.fi] to the .zip file. Hope it helps.

Not that useful

[CProgrammer98]

This ONLY applies to version 2. The vast majority of protected fiels are protected with version 1. This code DOES NOT crack version 1 files, so it's not a good deal of use yet. I suspect that by the time v2 is in wide use, MS will have done something to stop this (see my other post about how MS can modify your software if you break the EULA)

Of course, Linux users don't even have to worry about this.

Re:Nice

[Anonymous Coward]

>I hate to say it, but it's illegal according to the DCMA, to reverse engineer and distribute the code. But,
>since I don't give a fuck about the DCMA, I'll be downloading too.

In the US, yes... the Reg resides in the UK and the EU "Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs" states the following:

Article 6 Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs...

By putting it on its own server Reg is pretty much trolling Microsofts legal department. Way to go!

JK

Microsoft's advanced crytpography techniques..

[FeatherBoa]

are exposed in Beale Screamer's Technical Details document enclosed in the Zip:

Microsoft has decided to use the non-alphanumeric character '*'
instead of '/', and '!' instead of '+' in some places, and in other
places they replace '/' with '@' and '!' with '%'. This means that
any software dealing with these strings cannot use a standard Base64
decoder, but must use a custom-build decoder.

Re:Fair use: a birth right?

[firewort]

Much of fair use comes from 17 USC 107:

Sec. 107. Limitations on exclusive rights: Fair use

Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -

(1) the purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in
relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or
value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.

The rest of fair use comes from tradition. What is codified here, we need to fight to protect. What rights we assert from tradition, we need to fight harder to codify.

Another zip mirror

[shut_up_man]

Since the reg seems pretty clogged, here's a copy of the zip [h-filter.net].

shut up man

Zip file mirror

[Bonker]

Register is handling its slasdotting with grace... but not perfectly. Here's a mirror of the zipfile. It contains an EXE and several C src files.

http://www.furinkan.net/mirror/657.zip [furinkan.net]

Another mirror

[rbb]

I've got a mirror up and running containing both the The Register article and the zip file [rc6.org].

rc6.org mirror [rc6.org]

Re:Microsoft's advanced crytpography techniques..

[Anonymous Coward]

The reason is because it's a lot easier to pass "*" and "!" on a URL Query String than it is to pass "+" and "/" which have to be encoded.

Microsoft provide the replacement Base64 functions for doing this.

Not, it won't

[Sycraft-fu]

The thing is that before a peice of software can be used, music be listened to, etc it MUST be decrypted. You can have all the stong crypto you like, it has to be in an unencrypted format before it's usable. Ok well this means that all the components necessary to decrypt it and make it usable must be included. You can mess around and obfuscate all you like, in the end your software still has to be able to decrypt the program so it can be run, and that means the hackers can trace through your code and find out what you are doing and how to do it themselves.

This is how all the SafeDisc unwrappers and the like work. They get all their info from the very files SafeDisc uses, extracts the necessary info, and then unwraps the .exe and gives it to you. The only difference between it and the real SafeDisc is that SafeDisc unwraps the program to memory and runs ut each time, these crackers unwrap it and write it to disc, so you can use it whenever you like without copyprotection.

The reason why encryption is normally secure is it assumes two trusted parites. If I send something encrypted to you, it is assumed that you have the necessary means to decrypt it and that is what I want you to do. For example suppose you and I regularly encrypt our stuff with a semetric encryption algroithm like Blowfish. We both have a key that we use to talk to eachother. We both know this key, but nobody else does. In that way we can lock the data so that only we are able to unlock it. Well this only works because I WANT you to be able to decrypt the data. Well with copy protection the idea is they DON'T want you to be able to see the data, so they encrypt it. Problem is, your processor needs it decrypted. That means they HAVE to give you the key to decrypt it. They can hide it and obfuscate it, but it has to be there, otherwise it doesn't do any good. Well, that means you can find it, and use it to unlock the data they sent you.

Re:Next up - guy thrown in jail

[jc42]

He/she may end up in jail, but probably not for
cracking the "security". Lots of lawyers have
already commented that the DMCA doesn't actually
outlaw writing or using such code. What it makes
illegal is publicising the fact that you've broken
the encryption. What's illegal is telling the
world that a corporate product is shoddy and
doesn't do the job that it's advertised to do.

Various commentators have pointed this out in the
stories about Dmitry Sklyarov. His crime wasn't
cracking the protection code; what he did illegal
was telling the world that the code was breakable.

It's OK to know that a company is selling shoddy
products; it's just illegal to tell other marks,
uh, I mean customers, about the shoddiness.

This distinction may be a bit too subtle for your
typical media person, I suppose.

Australian Mirror of De-DRM tool "FreeMe"

[Now15]

Enjoy! [whirlpool.net.au]

http://whirlpool.net.au/mirror/freeme.zip

Simon

Another mirror

[dtype]

In the spirit of "make sure it says online", I've made yet one more mirror at http://dtype.org/available/657.zip [dtype.org].

FTP mirror

[danaris]

I'm not sure just how well it's going to work, but I've put up a copy of the zipfile [dyndns.org] on my own FTP server. My server seems to works some of the time...hope this helps people who can't get through.

Dan Aris

Re:Fair use: a birth right?

[jms]

Actually, fair use comes from the First Amendment. The concept of fair use was judicially created, and recognized long before it was codified when the copyright laws were rewritten in 1976.

Let me explain.

Copyright places a restriction on speech -- specifically, the right to repeat and build upon other people's speech. However, the First Amendment, passed after the original Constitution, outlaws the suppression of speech. It is a general principle of law that if a new law is passed that contradicts an older law, then that new law is considered to have superceeded or struck down the old law.

So, the courts were faced with a dilemma. Either the First Amendment had outlawed the granting of copyrights, or some interpretation needed to be found that would allow the two to coexist. This led to the concept of "fair use" -- which essentially restricts copyright holders to controlling commercial use of their works. This is consistant with the doctrine that commercial speech may be less protected then expressive or non-commercial speech.

So fair use serves a very important Constitutional role -- it is the doctrine that allows copyright to coexist with the First Amendment. It is NOT merely a statutory grant.