Please create an account to participate in the Slashdot moderation system


Forgot your password?
Music Media Security

Newest Audio CD DRM Proves Ineffective 703

The Importance of writes "As noted previously, a couple of weeks ago BMG released a new CD by Anthony Hamilton that included DRM. Slashdot readers speculated that the system wouldn't work. Now there is a report proving it doesn't work by Alex Halderman, a graduate student at Princeton's computer science department and the author of an earlier, definitive report (PDF, HTML version) on first generation CD copy protection. Famed computer scientist Ed Felten asks: "Is this the end of the road for CD copy protection?" His answer? "It ought to be.""
This discussion has been archived. No new comments can be posted.

Newest Audio CD DRM Proves Ineffective

Comments Filter:
  • by Anonymous Coward on Monday October 06, 2003 @03:03PM (#7146616)
    Start with a Windows 2000/XP system with empty CD drives. Be sure to reboot the computer first to ensure MediaMax is not running.

    1. Click the Start button and select Control Panel from the Start Menu.
    2. Double-click on the System control panel icon.
    3. Select the Hardware tab and click the Device Manager button.
    4. Configure Device Manager by clicking "Show hidden devices" and "Devices by connection," both from the View menu.
    5. Insert the Anthony Hamilton CD into the computer and allow the SunnComm software to start. Observe that the SbcpHid device driver is added to the Device Manager list when MediaMax runs for the first time.

    At this point you can attempt to copy tracks from the CD with applications like MusicMatch Jukebox or Windows Media Player. Copies made while the driver is active will sound badly garbled, as in this 9-second clip [10].

    Next, follow these additional steps to disable MediaMax:

    1. Select the SbcpHid driver from the Device Manager list and click "Properties" from the Action Menu.
    2. Click the Driver tab and click the Stop button to disable the driver.

    With the driver stopped, you can verify that the same applications copy every track successfully.

    And oh, yeah, this work is a blatant DMCA violation.
  • It wont matter (Score:5, Insightful)

    by Honest Man ( 539717 ) on Monday October 06, 2003 @03:05PM (#7146637)
    As long as I have an audio-in port on my sound card and an external player, drm is a waste of their time and money.
  • Huh (Score:3, Funny)

    by Sir Haxalot ( 693401 ) on Monday October 06, 2003 @03:05PM (#7146638)
    "Is this the end of the road for CD copy protection?" His answer? "It ought to be.""
    Yeah and 64k should be enough for anyone.
  • by DrEldarion ( 114072 ) <[moc.liamg] [ta] [0791uhcsm]> on Monday October 06, 2003 @03:06PM (#7146643)
    Who wants to make a little bet?

    I have $10 on him being contacted by RIAA lawyers with DMCA references by the end of the day. Any takers?

    -- Dr. Eldarion --
  • by joeldg ( 518249 ) on Monday October 06, 2003 @03:06PM (#7146651) Homepage
    they never saw *that* coming did they?


    It is amazing that anyone was even worried about this..

    however, if microsoft gets in the bios and disables the shift key... "they don't need a shift key" you can bluescreen on boot and probably get around it by pressing the windows key.

  • Report (Score:5, Funny)

    by mopslik ( 688435 ) on Monday October 06, 2003 @03:07PM (#7146662)

    Now there is a report proving it doesn't work

    No doubt written with a Sharpie pen.

  • I hope we see more DRM like this. Who would have thought turning off autorun would be a DMCA violation?
  • by HeelToe ( 615905 ) on Monday October 06, 2003 @03:09PM (#7146681) Homepage
    We better all watch out - our shift keys are quickly becoming a means to thwarting an access control device. Using them is flirting with arrest!
  • by DrEldarion ( 114072 ) <[moc.liamg] [ta] [0791uhcsm]> on Monday October 06, 2003 @03:09PM (#7146682)
    Apparently this text is on the back of the CD:


    Enhanced! Since when does taking functionality away from something mean you're enhancing it?

    -- Dr. Eldarion --
  • by 16K Ram Pack ( 690082 ) <tim,almond&gmail,com> on Monday October 06, 2003 @03:09PM (#7146683) Homepage
    It's perhaps time for me to call the police to report an infringement of the Computer Misuse Act.

    No audio CD should be installing *ANYTHING* on my PC, unless I'm aware of it at first.

  • END?? (Score:4, Funny)

    by awfwal ( 596968 ) on Monday October 06, 2003 @03:09PM (#7146690) Homepage
    "Is this the end of the road for CD copy protection?" The industry is stupid, greedy and desperate. I'm going with 'no'.
  • by Dimensio ( 311070 ) <darkstar@ig[ ].com ['lou' in gap]> on Monday October 06, 2003 @03:10PM (#7146692)
    The DRM feature works in tandemw ith the DMCA. Alex Halderman can expect to find himself relocated to a federal prison soon. I bet that he won't be writing about the weakness of DRM systems anymore.

    See, DRM does work when you make it illegal to point out where it is weak.
  • You don't have to do all the stuff the article lists, just hold down the left shift key when the disk load. Then, do not double click the drive at all, or it will also autorun (if you want to take a peek, use "Explore"). It also sounds like there's no protection at all in Linux.
    • From the article:

      Windows users who haven't disabled autorun can suspend it when they play a SunnComm-protected disc by holding down the shift key for a few seconds while inserting the CD. They can then copy the data normally.
    • If the DRM prog runs only on Windows, and you happen to own a Mac or Linux box, is that against DMCA? If so, expect some sh** to hit the fan. Either M$ is going to make a deal with RIAA and then sue Apple for making computers at all or some Linux or Mac owner is going to get more than a little pissed and finally give DMCA a real run for its money. Oh, well. A guy can dream, anyway.
  • CD DRM is impossible (Score:3, Interesting)

    by LostCluster ( 625375 ) on Monday October 06, 2003 @03:11PM (#7146714)
    If you try to do DRM on a Compact Disc, it is never going to work.

    If you ever think you succeeded, you've failed anyway because you violated the standards that define a Compact Disc... you've got a CD-like piece of plastic that just might play in some CD players, but you will not have a CD.
  • Shift key
    Disable device driver
    Show hidden devices
    blah blah blah
    • Merely noise to the average user. They'll put the CD in, it plays. They attempt to burn a copy, it comes out like crap.

      "Hey...I guess we can't do this."

      How many people do you know who are still stymied by DVD/VCR Macrovision copy"protection"?
      • by Xzzy ( 111297 ) <> on Monday October 06, 2003 @03:23PM (#7146863) Homepage
        > "Hey...I guess we can't do this."

        then: "I wonder if I can download the song off kazaa"

        At which point he spends about 30 seconds searching for the song, which some more technologically clued in person has kindly made available.

        Users don't grok shift keys and drivers and EULA's. They do grok kazaa however.
      • Sure, that's true. But does that deter copying? All it does it drive them to Kazaa to download it from the 20% of us that are clue-full.

        All it deters is the average joe ripping it to their hard drive. (Which by the way is legal). Anyone willing to download it from kazaa, probably will anyway. Thus whether or not they could rip it themselves, seem moot.

  • by Kevinv ( 21462 ) <> on Monday October 06, 2003 @03:12PM (#7146727) Homepage
    So they rely on the autorun setting on cd's to load the device driver for them? that's pretty stupid -- on windows it's enabled by default (typical) but most companies disable it because it's a security risk.

    The Mac got hit pretty hard with an autorun virus that ended up shipping on many cd's. As a result many Mac users disabled this in OS 9, and I believe OS X has it disabled by default.

    This might be effective on most windows home computers whose owners don't change the default setting, but I'm wondering how long before that driver gets infected with a virus....
  • by mrtroy ( 640746 ) on Monday October 06, 2003 @03:12PM (#7146729)
    BMG are geniuses (genii? :P)

    Follow this pseudo-proof

    Step 1: Release a CD by Anthony Hamilton

    Step 2: Put new copy protection on it

    Step 3: Nobody copies the cd "illegally"

    Step 4: QED. The copy protection works
  • by *weasel ( 174362 ) on Monday October 06, 2003 @03:13PM (#7146733)
    It loads a custom device driver via 'autorun' when you stick the CD in.

    So if you hold shift, disable autorun, or run an OS that doesn't do autorun, the CD might as well have no copy protection whatsoever.

    This is about as effective as putting a sticker on the front that says 'Pretty please do not attempt to extract data from this CD on your computer'.

    I wonder how much money this company got for their incredibly secure DRM system...
    • by NanoGator ( 522640 ) on Monday October 06, 2003 @03:33PM (#7146979) Homepage Journal
      "This is about as effective as putting a sticker on the front that says 'Pretty please do not attempt to extract data from this CD on your computer'."

      Gotta wonder, why hasn't the RIAA tried putting little "Do's and Dont's" pamphlet in CDs? I mean, seriously, the RIAA has done *nothing* to educate people about what's legal and what isn't. This is why people are appearing in court with a surprised expression on their faces. If the RIAA, ages ago, had insisted that record labels put little pamphlets in their CD's saying "please don't copy and give to a friend", then their stance would be a little easier to handle.

      The RIAA says their problems are because everybody's a thief, I say the RIAA's problems are a direct result of their own ignorance. At least the movie industry is smart enough to put a list of don't on every movie. Interestingly enough, there aren't as many DVD rips out there.
  • similar methods (Score:2, Interesting)

    by 514x0r ( 691137 )
    i used to work for a company where they would limit internet access by hiding the address bar in IE. it proved about as effective as this seems.
  • All you have to do is own a tape/cd/etc audio recorder that has a "line in", and voila, take the line out/speaker out from your computer, run a cable, and presto! you can defeat any drm package for a currently existing computer, unless the computer is hard-wired to not have "line out" or "speaker out" (not likely)
  • pick one (Score:5, Interesting)

    by Anonymous Custard ( 587661 ) on Monday October 06, 2003 @03:15PM (#7146769) Homepage Journal
    1.2. Your rights to use the Digital Content are conditioned on your ownership of a license to use and possession of the original Compact Disc (CD) media and are terminated in the event you no longer own or possess the original CD media. (This apparently prohibits using copied tracks as backups in case the original disc is lost, stolen, or destroyed.)

    So if the CD fails to remain usable through normal wear and tear, does that put the publisher in breach of contract? They've effectively granted me a license that they are going to renege on should the physical media degrade.

    They've got to make up their minds! Is it a physical good, or a digital good? Did I buy a license and the CD was just a nice way for them to fulfill their promise that I'm licensed to use the content? Did I buy a plastic disc (for $15) which I'm free to do with as I please?
    • One of my more common-sense arguments about copy protection is that you can either restrict copying or charge for replacement media, but not both. As we know, CDs will not last forever, no matter how gingerly treated. So either let us back it up, or give us a replacement if it breaks.

      This is one reason why software copy protection never worked. People who didn't want to pirate software still wanted a program to defeat it so they could make a backup.
    Several recent news reports (AFP [1], Washington Post [2], USA Today [3], AP [4], Arizona Republic [5], LA Times [6], CNet News [7]) describe a new copy-prevention method that has been applied to an album by Anthony Hamilton released by BMG on September 23. This system, called MediaMax CD3, was created by SunnComm Technologies, the producers of the first-generation copy-prevention system MediaCloQ. Discs manufactured with SunnComm's new technique include two versions of the music, each protec
  • by aws4y ( 648874 ) on Monday October 06, 2003 @03:16PM (#7146776) Homepage Journal
    A couple of dozen security and cryptography expersts vs thousands of talented hackers and ameture tinkerers. I am not nocking the guys who made this protection but they and there bosses have to understand that they are going to push this rock up a hill for all eternity. Maybe thats there goal: 1. create a DRM scheme 2. Sell it to RIAA dolts 3. DRM broken day it comes out???? 4. Profit
  • ...a new CD by Anthony Hamilton ...Now there is a report proving it doesn't work by Alex Halderman...

    Right, dont think we dont see through your shenanigans, mr. hamilton. Changing around a few letters in your name wont disguise your real identity..we're on to you!
  • It will never work (Score:4, Insightful)

    by HornyBastard ( 666805 ) on Monday October 06, 2003 @03:18PM (#7146816)
    The bastards will never learn.
    There will never be any copy protection scheme that will work.
    If you can listen to it, you can copy it by just connecting the output to the input for another device.

    Unless they make it so that nobody can listen to it, copy protection is an exersise in futility.
  • by stratjakt ( 596332 ) on Monday October 06, 2003 @03:22PM (#7146843) Journal
    It's not supposed to be uncrackable. I know it's crackable, you know it's crackable, they sure as hell know it's crackable. Just like any other protection mechanism on anything from a PC CDROM to the XBOX.

    What it's supposed to do is limit casual piracy. Make it tougher for the average slob to make a copy with the EZ-CD Copier that shipped with his Dell and give it to his buddies. That's it. Most folks would just give up if it didnt work the first time they tried, they aren't going to jump through any hoops, scribble on it with a sharpie, open up a hex editor, solder a mod-chip into their player, run a distributed cracking engine to decode it, whatever. It sure as hell has nothing to do with preventing some geek from leaking it on the 'net.

    That's a *large* chunk of the sales they actually lose. Bob Magoo who gets a copy from his buddy Turd Ferguson because he's too lazy or cheap to run down to Wal-Mart and get his own.

    So just friggin relax already, and dont be so proud of yourself that you figured out how to "hack" the technical equivalent of the safety pin that keeps a babies diaper in place.

    • What it's supposed to do is limit casual piracy. Make it tougher for the average slob to make a copy with the EZ-CD Copier that shipped with his Dell and give it to his buddies. That's it. Most folks would just give up if it didnt work the first time they tried, they aren't going to jump through any hoops, scribble on it with a sharpie, open up a hex editor, solder a mod-chip into their player, run a distributed cracking engine to decode it, whatever. It sure as hell has nothing to do with preventing some g
  • Bundling Extras (Score:5, Informative)

    by floppy ears ( 470810 ) on Monday October 06, 2003 @03:22PM (#7146853) Homepage
    I believe anti-copy CD technologies will prove unfruitful, and will therefore eventually be abandoned by record companies. There firms may take a cue from the movie industry and increase the value of CDs by bundling interesting bonus features rather than restrictive copy-control software.

    An interesting New York Times article today about exactly this can be found here []. The article even mentions a band that includes a PlayStation 2 game on a DVD with their CD. Which just goes to show that CD prices have absolutely no relationship with marginal costs.
  • I find it hilarious that they did this on a CD by someone who no one has ever heard of. 2 reasons. 1. If they were to do it to a big name person that someone actually listened to, odds are sooner or later the thing would muck up some little 13 year old's computer. You'd have the whole suing a 12 year old fiasco all over again. 2. If they were to do this with someone that people actually listened to, they would HAVE to realize that it would have been about 5 minutes until every 13 year old (whose compu
  • by Kaboom13 ( 235759 ) < minus punct> on Monday October 06, 2003 @03:24PM (#7146878)
    Or, forget all this crap, and dont even bother holding down the shift key. Do what I've been doing for years, and disable autorun period right after you install windows. Heres how to do it in XP Pro(shamelessly stolen from the first site google gave me):
    To Disable CD autoplay, completely, in Windows XP Pro

    1) Click Start, Run and enter GPEDIT.MSC

    2) Go to Computer Configuration, Administrative Templates, System.

    3) Locate the entry for Turn autoplay off and modify it as you desire.

    Turns out Microsoft has been shipping a circumvention device all these years. Anyone who lets a cd run whatever it pleases is a fool anyway.
  • by AtariAmarok ( 451306 ) on Monday October 06, 2003 @03:26PM (#7146905)
    I hope this is not off topic, but could you help me with an audio cassette that I have? I bought it at the store, and it won't play on any player. It is the self-titled release by the band "Head Cleaner". Instead of music, I get a couple of minutes of loss hiss. Is this some sort of cassette tape DRM problem?
  • "Newest tautology proven correct."

    "DRM still useless."

    "Music companies still don't get it."

    "Consumers still buy stuff."

    It's a good article and definitely worth a read just to understand how incredibly unsophisticated the people implementing this DRM stuff actually. Anyone with a passing interest in how computers actually work could have defeated this piece of shit.

    What scares me is that the media companies probably did field testing and found that 98% of Joe Public was unable to defeat the DRM measures
  • by zapp ( 201236 ) on Monday October 06, 2003 @03:28PM (#7146929)
    MagnaTune []

    I believe they were mentioned a little while ago, but they're the
    "We're a record company, but we're not evil" people.

    Seriously. Asside from a few artists I absolutely love, I have started getting my music fix from and magnatune. If you're gonna listen to them though, please do help them out financially. It takes a lot of bandwidth to stream mp3s.
  • that I can make a copy for myself and so, in order not to loose that right, I excersize it on a daily basis. Any media that I aquire, I make a copy.

    If you do not exercise your rights you will loose them (or at least not know when they were lost).
  • ...which provides incredible security.

    It's just a standard lock, but, you see, the thing is, you leave it unlocked, and it comes with a hook for you to hang the key next to the door, and a placard that says "To enter, insert key in lock and turn key counterclockwise."
  • by Sancho ( 17056 ) on Monday October 06, 2003 @03:30PM (#7146957) Homepage
    Reading over the article, I have a few unanswered questions that almost make me want to pick up the CD just to see for myself:

    1) Does the software ask your permission to install the device driver that mungs your ripped tracks? Note that there are two pieces of software on the CD: one that uses a device driver to prevent a CD ripper from getting a copy of the track onto the computer, and another that controls the DRM on the WMA files. The author didn't use the latter because it required accepting a EULA, but the former he obviously was able to test. Thus I suspect that it doesn't ask you, however it's possible that it does but doesn't require acceptance of a EULA. I doubt that, however.

    2) Are the tracks rippable in Linux? Obviously the WMA wouldn't be, as they require software to handle the DRM. But without the drivers, the tracks on the CD appear to be rippable in Windows, and thus I assume, also in Linux or any other OS that doesn't run Windows code.

    3) If (2) is true, then how long until Linux is considered to be circumvention software?

    4) Does the EULA include a provision preventing you from bypassing the device driver?
  • We already know you can't have your cake (playable on standard CD players) and eat it (uncopyable).

    The questions are:
    Will consumers realize the difference between CDs and non standard discs?
    Will the media, and ultimately the RIAA, realize any such attempt is guaranteed to fail uness the hardware can be fully controlled?

    What does it take for these people to realize it's a losing battle?

    Once again the wagon of DRM has been rammed off the road by the candletruck of innovation.
  • by serutan ( 259622 ) <snoopdoug.geekazon@com> on Monday October 06, 2003 @03:35PM (#7146994) Homepage
    More gasping and thrashing as the death throes of the recording industry continue... These inept attempts of the desperately greedy and self-important to maintain their obsolete roles are somewhere between amusing and pathetic.

    Too bad they aren't as endearing as the penniless former aristocrats who were more or less kept as pets by the wealthy after World War One swept away most of the European monarchies. Watch for them in any old B&W movie that features millionaires and mansions. There's always a Count or a Baron or a Duchess at the dinner table. In a few years, after the recording industry is gone, maybe every fashionable Silcon Valley party will include a Geffen or a Rosen.
  • I have a friend that converts Albums (you know those plastic discs with the groove in them?) to digital.

    He filters out pop and hiss to come up with his own masters that sound even better than the digital remasters you buy in the stores.

    That, my friends, is why these attempts with copyright infringing DRM software will never work.

    Yes, DRM *IS* copyright infringing. It blocks me from my right to make legal copies. It is they who are breaking the laws not I. ... as long as I do not share the results...
  • John Q Public (Score:3, Insightful)

    by Nucleon500 ( 628631 ) <> on Monday October 06, 2003 @03:45PM (#7147117) Homepage
    John goes to the store, buys his Comin' from Where I'm From CD, gets home, opens it, listens to it on his old stereo. He finally gets around to ripping it to put it on his portable player (older, so no WMA), and it doesn't work. He tries the audio player again, it's fine. Computer again, it doesn't work. By now it's been thirty days, and besides, the CD's open; there's no hope of returning it. What does he do?

    P2P. He asks his friends, they set him up with a client. He has some respect for copyright, but his practical interest takes over, and he grabs the album off P2P. But now he has a client installed, so he's only three clicks and a sacrifice of morals (against a company that just screwed him) away from further downloading.

    The moral of the story? DRM limitations fuel P2P. This story depends on a portable player that doesn't do WMA, but there are many other inconveniences. What if he doesn't use Windows or Mac (that's me)? What if he's an audiophile who can hear the difference between WMA and FLAC?

    Besides, the article says you can burn the tracks a limited number of times. That's right, without any circumvention at all, the DRM is totally ineffective! I haven't checked, but I'm willing to bet the music is all over the P2P networks. DRM is completely worthless: if there were any competition (there isn't), the idea would have died years ago.

  • Legal liability? (Score:3, Interesting)

    by El ( 94934 ) on Monday October 06, 2003 @03:53PM (#7147201)
    Doesn't installing a driver on my system without my permission constitute "hacking", thus making BMC terrorists under the Patriot Act?
  • by Trurl's Machine ( 651488 ) on Monday October 06, 2003 @03:57PM (#7147251) Journal
    Like many iPod users, I actually buy much more music than I did previously. New listening device creates new spaces for listening music and thus increases demand. However, I am not rich enough to buy EVERYTHING I want to listen - usually when I enter a store, 4-5 albums catch my interest, but I can afford to walk out only with 2-3 of them. Obviously, I avoid CD's with stickers like "this CD is copy protected". I know the protection is probably easy to bypass, but why should I bother? I just choose the 2-3 albums without the protection. And here's a weird thing - whenever I put back a "copy protected" CD on the store shelf (carrying in my basket the non-protected ones) echo brings me the sounds of a gunshot and a voice shouting "ouch! my foot!" somewhere in the distance.
  • by El ( 94934 ) on Monday October 06, 2003 @04:02PM (#7147306)
    Apparently, they are trying to force me to throw out all my MP3 players and buy new ones that support WMA?!? (Presumably because the DRM is better for WMA.) And this is how they're protecting my "fair use" rights to space-shift the music I've bought and paid for?

    Show of hands: How many of you were so pissed off by this that your first thought was "I'm going to immediately RIP this CD and share it with the world!" Could it be possible that BMG's strategy may backfire, and make the tracks even more widely available?

  • What did you do? (Score:3, Informative)

    by neoThoth ( 125081 ) on Monday October 06, 2003 @04:42PM (#7147694) Homepage
    Well apparently some "new sources" have revealed some information.. probobly some slashdotters..
    The page now shows this "Several sources brought a flaw in this paper to my attention. I'm presently revising it to reflect this new information. -- J A Halderman"
  • by Art Tatum ( 6890 ) on Monday October 06, 2003 @08:39PM (#7149541)
    Who the hell is Anthony Hamilton?

Slowly and surely the unix crept up on the Nintendo user ...