Felix Stalder on Sat, 20 Oct 2001 12:01:18 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Microsoft's Digital Rights Management Scheme Broken


[A digital rights management system basically allows a publisher to control
what users can do with their content, ie. if they can copy it, how long
they can access it, etc. It lies at the heart of any attempt to fully
control digital content and is a key component of the technological basis
to implement the new, extended copyright laws. The below document details
how Microsoft's code was broken. It also gives an explanation why the
author felt it necessary to do publish the program and the source code.
It's most certainly a violation of the DMCA and is likely to be prosecuted
if they can find out who the author is. This is some serious hacktivism.
see also http://www.theregister.co.uk/content/4/22354.html. Felix]


Microsoft's Digital Rights Management Scheme - Technical Details
http://jya.com/ms-drm.htm
By "Beale Screamer"

This document describes version 2 of the Microsoft Digital Rights
Management (MS-DRM), as applied to audio (.wma files).  The sources for
this material are varied, and some of the information might be slightly
incomplete; however, the fundamental ideas are solid and easily verified. 
There is no attempt at describing the older version 1 of DRM.  While
version 1 is widely used (probably more widely than version 2!), and the
scheme is somewhat simpler, the purpose of this is to describe the latest
technology and not necessarily allow all existing systems to be broken. 
The ideas described here are also implemented in the software originally
distributed with this document (but as an independent piece, so the
software may or may not be available from where you have obtained this
document), so a real implementation can be examined.  Not all of the
information here is needed in order to write the software that removes the
encryption, but some of the more interesting points surrounding the MS-DRM
scheme and software are given even if not necessary.  Also note that no
code is included in this document, either real code or pseudo-code.  All
that's in this document is a straight mathematical discussion, which should
be fully protected under the 1st Amendment to the U.S. Constitution.  I
have no doubt that the corporate entities that this document offends will
attempt to suppress it, but I don't think any argument they make could hold
up to Constitutional scrutiny.

[for full explantion go to http://jya.com/ms-drm.htm ]

MESSAGES:

I have included messages below for specific groups of people.

Users: Please respect the uses I have intended this software for. I want to
make a point with this software, and if you use it for purposes of
violating copyrights, the message stands a very good chance of getting
lost. Also, Microsoft is obviously going to release patches to their media
player in order to get around the exploit in my software -- I think you'll
be safe it you refuse to upgrade from your current version of the Windows
Media Player (but see the warning above about "forced upgrades"). Unless
they want to sacrifice backward compatibility, you will at least be able to
work with your current (legally obtained) media files for the near future.

Microsoft: You guys have put together a pretty good piece of software.
Really. The only real technical flaw is that licenses can't be examined for
their restrictions once they are obtained. My real beef is with the media
publishers' use of this software, not the technology itself. However, it's
easy to see where software bloat and inefficiency comes from when this code
is examined: every main DLL has a separate copy of the elliptic curve and
other basic crypto routines, and parameters passed back and forth between
modules are encrypted giving unnecessary overhead, not to mention all the
checks of the code integrity, checks for a debugger running, code
encryption and decryption. Perhaps you felt this was necessary for the
"security through obscurity" aspect, but I've got to tell you that this
really doesn't make a bit of difference. Make lean and mean code, because
the obscurity doesn't work as well as you think it does.

Also read the message below to the Justice Department!

Justice Department: Maybe this should really be addressed to the state
officials, since it looks like the current U.S. administration doesn't care
too much about monopoly powers being abused. But for whoever is interested,
there is a very serious anti-competitive measure in this software. In
particular, for various modules of the software to be used, you must supply
a certified public key for communication. Guess who controls the
certification of public keys? Microsoft. So if someone wants to make a
competing product, which integrates well with the Windows OS, you will need
to get Microsoft's permission and obtain a certificate from them. I don't
know what their policy is on this, so don't know if this power will be
abused or not. However, it has the potential for being a weapon Microsoft
can use to knock out any competition to their products.

Artists: Don't fear new distribution methods -- embrace them. Technology is
providing you the means to get your art directly to consumers, avoiding the
big record companies. They want a piece of the action for YOUR creativity,
and you don't need to let them in on it any more. Your fans will treat you
nicely, unless you treat your fans poorly (take note of that Lars). Bo
Diddley didn't have anything to fear from his fans, but a lot to fear from
Leonard Chess. Think about that.

Publishers: Give us more options, not fewer. If you try to take away our
current rights, and dictate to us what we may or may not do, you're going
to get a lot of resistance. You better find a way to play nicely soon,
because technology is making it possible for artists to make do without you
at all. Try getting some progressive thinkers into management -- current
people don't seem to be able to cope with the new environment that is
emerging.

--------------------++-----
Les faits sont faits.
http://felix.openflows.org

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net