Slashdot Mirror
French Hackers Break SDMI
jonathan_ingram writes: "Two French hackers have
reportedly
broken SDMI. Various other groups participating in the SDMI challenge have claimed to have accomplished this already. However, this group has decided to publish their results, available at
their site.
The site includes a detailed technical report, together with the history and background of SDMI, and the SDMI challenge." Ah, what a seemingly good idea SDMI was for the media companies - now I fully expect to see a story "Newborn infant cracks SDMI, burps up on RIAA".
All this means is that the music industry will replace SDMI with something more secure. The fact that it was broken *now* is a positive thing for them as they don't have to worry about supporting hardware that doesn't yet exist.
Duh. You forget rule number one of security through obscurity - IT ISN'T SECURE. Even using the strongest, least crackable encryption method, or most stealthy watermarking will fail, as the SDMI devices will need to reveal their secret key in their execution flow. The secret can't be hidden in software, decades of 16 year old crackers have shown companies that. Only tamper-proof hardware can hide it, and even then the electrical engineers will have a go at opening up the hardware.
It's only possible to be 'secret' by demanding that an SDMI device contact some more secure device via the 'net. But even then the messages sent back and forth can be logged and replayed to fool the SDMI device.
I purport that the next SDMI scheme will be broken. And the one after that. And the one after that, etc. The only secure way to do it is to actually keep a secret, and to do that is just not possible. Public key encryption works by never revealing the private key. Only a human with locks on the doors can do that, an automated device stands no chance of keeping a key private.
Does my bum look big in this?
When I first read the headline, I actually thought it said French Hookers Break SDMI.
--It's Pimptastic!--
There will a a proliferation of indie bands. Tastes will no longer be so bland, and we will get better variety. There is absolutely nothing -- morally, ethically or commercially -- wrong with such a development.
It think it has been pointed out to death that it is the recording companies who are resistant to change who will have to suffer. On the whole, the rest of society will be better off.
Murder is not larceny, running over a cat is not bank fraud, and removing the mattress tag is nowhere near as fun as bigamy.
Copyright infringment, however, is stealing. It has a different name, but the idea is the same. I'm not going by webseter's dictonary, though, but I am using common sense. The copywrited works are not given to you, rather, you are simply given the privledge of using them, as long as you agree to do so in certain permitted ways. Violating this agreement and acting as if you own the work and all rights therein is, at the core, the same thing as stealing. You aren't depriving them of anything physical, but you are challenging the idea of their ownership of their creations.
In all, maybe slightly different at most, but certainly far similar than any inflammatory analogies that I've seen in the past.
-Space for rent
Well, noone knows the answer, but there are a few points (among others) which makes the existence of robust watermarks in the near future rather improbable.
But well, it is also possible that there is a breakthrough in watermarking research in some time...
Julien Stern
The article in the above link tells us that the RIAA wanted something which is technologically impossible, but refused to listen to the techs. They needed a watermarking system, and they want it now.
I think the great thing about these French guys actually publishing their work is actually putting the genie out of the bottle. SDMI tried to prevent that in the agreement of the contest - one was not allowed to publish the hack methods or results and they'll likely enforce this by law. Fortunately, we here in Europe are concious of the fact that US does not apply here - forgetting this is a mistake which US corporates have made before (i.e. DeCSS).
Bizar technology?
The AC made a point in appealing to the evilness of stealing - that it deprives the rightful owner of something he has a natural right to. Clearly, for a wholly digital work, this does not apply.
Saying that the owner is free to impose arbitary restrictions on someone else's freedom is the crux of the issue. Do you think copyright owners can and should have such powers? As an example, may I ask for your first born son in return for using my software? I think common sense says you should not. So by your own common sense, you must admit that one has limits on the powers of copyright owners.
What is the limit? The limit of free use, for example?
Remember, these guys are in France, so not subject to the DMCA
Dosnt the Byrne(sp?) Convention assure that Copyright & Patents from member countries must support the Copyright & Patents of other countries - would this be a 'copyright' law? Could the Byrne convention force the planet under US Corporate Rule? (just as it has Americans).
We as humans are naturally born with freewill and free thought. If you "create" a poem, and you want to keep it to yourself, don't tell anyone about it. If you tell someone, then it goes from your mouth to their ears, and forms thoughts in their head. Those thoughts are theirs, not yours. When they tell someone else the poem, it is an exchange between that person and the person they are telling. You no longer have anything to do with it.
That's the problem with intellectual property. You are claiming ownership on someone elses THOUGHTS. That's what intellectual means.
Rules only exist by an agreement between the "ruler" and the "follower". Governments exist based on the assumption that we somehow gave up our freewill by mutual agreement, in exchange for "protection". In reality, if we do not wish for this protection, we should be able to make a mutual agreement to forego leadership.
So really, you don't own anyone else's thoughts, regardless of whether you gave them the idea to think them. And the natural state of the world is freewill, not leadership that you choose not to follow.
But anyhow...
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
well, actually, I haven't seen their French acronymn, but SDMI might be read as being Si Dommage' Mais d'Interesse (So Damaged But of Interest).
Heck, maybe that's why they hacked it - it practically shouted out "Salut, Dommage'-Moi, Intellectuels!"
--- Will in Seattle - What are you doing to fight the War?
...or is it just to get free movies?
Or is it to gain the ability to play with movies.
My friends and I have parties. We bring turntables and a DJ mixer, and spin & scratch records. We have a lot of fun manipulating commercial audio works to make our own works in real time.
DeCSS is the underlying technology that will allow people to "play with" DVD video content in ways that are analogous to the way that DJs play with vinyl and CD audio content.
Just as many people in the recording industry would prefer that "sampling" be made illegal and physically impossible, the motion picture industry wants to make access to the bits on a DVD illegal and physically impossible.
That's what's important about DeCSS. It creates new possibilities that no one has even thought of yet.
The hell with "free movies." That's a bottom dweller argument. You don't need DeCSS to copy movies. You need DeCSS to manipulate movies and use them as raw material. 10 years from now, we'll look back and realize that that's what this was really about. The ability to interact with commercial video, as opposed to sit on the couch and passively watch it.
Julien Stern is a PhD student in cryptology at the Laboratoire de recherche en informatique, Orsay
Julien Boeuf is a masters student in multimedia, images and sound at the Ecole nationale supérieure des télécommunications, Paris
Yeah, I fully expect to see toddlers cracking SDMI any minute now. And possibly some pissed off French hackers turning up at Hemos's house to have a word :)
not_cub
q='echo "q=$s$q$s;s=$b$s;b=$b$b;$q"';s=\';b=\\;echo "q=$s$q$s;s=$b$s;b=$b$b;$q"
Now suddenly you can stick a CD in your drive and a $0.60 CD-R in your burner, hit dupe and you have a 100% copy.
Not to mention, you can purchase a Phillips CD recorder, promoted in ads that encourage people to make copies of their CDs.
Lest we forget, VHS did not kill the movie industry, cassette tapes did not kill the music industry, and it appears CD-R, the upcoming DVD-R formats, and compression formats like MP3 still won't kill the music and movie industries. As you mention, MP3s don't sound as good as CDs. DivX-encoded movies don't look as good as DVDs. So the business about "perfect digital copies" being traded over the Internet will continue to be fantasyland until most people have cable/DSL or better (much better).
It seems out of paranoia, the media giants are willing to push overly cumbersome digital formats on people that do nothing to preserve an individual's ability to use their own legally-purchased bits as they wish, outside of making copies and selling or giving away those. Like the Divx pay-per-view DVD format before, these technologies will be soundly rejected by technophiles and early adopters as overbearing. Ultimately, so-called "anti-piracy" actions will prove counterproductive, as users will run into just as much trouble, if not more, using the digital "secure" formats, than the pirates these techs are supposed to stop. Stuff like "Why can't I have this song on both my computer and my portable MP3 player?" Stuff like (if CPRM is forced into the ATA spec) "Excuse me, but why can't I send these songs I produced to my friends?"
Big Business really needs to think about how many customers it is willing to inconvenience and turn away to knock out casual copying, instead of going after the hard-core pirates who make hundreds of copies of CDs. As the head of a Canadian media association once said to a class I was in, perhaps the industry will have to learn to live with casual copying, go after the full-blown mass pirates, and just encourage people to purchase full-quality, legal copies because it's the Right Thing To Do.
Someday, you're going to die. Get over it.
Ha-hA go away or I will be forced to taunt you a second time!
We are french hackers, why do you think we have this outrageous accent?!
E.
www.randomdrivel.com -- All that is NOT fit to link to
Build Your Own PVR/HTPC news, reviews, &
Nice argument, my friend. One of the most intelligent I've ever seen on Slashdot.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
I guess that the other question is: Is the city-state of Hollywood going to ask for them to be extradited?
`ø,,ø!
Free Software: Like love, it grows best when given away.
All this means is that the music industry will replace SDMI with something more secure. The fact that it was broken *now* is a positive thing for them as they don't have to worry about supporting hardware that doesn't yet exist.
If DeCSS had been written before any DVD players were on the market then they would have *serious* encryption & no one would be writing free decoding software. The guys who broke SDMI should have stayed quiet until the hardware had been around for a year or so, as it is they have shot themselves (and you) in the foot.
...the more complex a security system, the less
likey that:
1 - it will be implmented
2 - it will be implemented correctly
3 - it will work the satisfaction of those who
seek its' protection
Read what Bruce S. has to say in Secrets and Lies
about complex security systems that rely on crypto
And finally, remember this:
mp3 is out there... soon oge-vorbus...
the ripping will occure at the play back device
So, until shmuck intl. corps. start subsasizing
the masses by forcing some sort of weird-assed
copy-protected-enabled play back device to be
placed infront of every speaker in the world
(sorta' like Sony's brain-dead copy-protection-enabled LCD screen), the entire
exercise is one large corporate circle jerk.
...too bad corporate porn doesn't get me off.
Unfortuantly, it's just kinda' funny (in a sick
way) and awkward to watch... kinda' like a
rhinoceros attempting to mate with a porcupine.
Copy Protected Music:
Just another corporate auto-erotic fantacy that
will results in the fatality of the music
industry.
> now I fully expect to see a story "Newborn infant cracks SDMI, burps up on RIAA".
Beware of this ambiguously sounding sentence.
I am French but I feel smarter than an US baby.
And BTW Americans did invent SDMI so, please, either explain your idea a clear way or don't write it.
--
Trolling using another account since 2005.
Watermarks and encryption are two very different things
Watermarks attempt to identify different copies by embedded sounds. I see no theoretical reasons these sounds can't be irrevocably embedded. I happen to believe that the hackers will continue to win, but not because they by definition must be able to eventually, as with software based encryption (DVD, and I believe CPRM). So does anyone have a reason that it will be broken, other than a belief that the hackers are sufficiently good and the RIAA/MPAA sufficiently not? Is there any "proof" that it can be done, as there is for the fact that you can "simply" copy/paste the software DVD player's code to read the MPEG2 stream? anyone? please?
I also think we need a better way for developers to communicate anonymously and securely so that this stuff can be broken without as much worry about the DMCA, etc.
It's a content control law. It allows the content providers the ability to control all aspects of the content, taking away your fair-use rights.
No more making copies of stuff to play in the car, keeping your originals safe at home- something you can do by law otherwise.
No more taping of shows to watch at a later time.
No more copying of pieces of the content for use within other things. You can't take a snippet or even a still from a movie to show in a review or a research paper- unless you've got permission from the content provider first.
No more control over the content that you produce- they're insisting on every recording device have anti-copy systems in place such that you can't copy even your own content that you've got rights to by law. No way to duplicate it either since the DMCA takes away all rights in that regard.
All of these things are rights that have been taken away by the DMCA and copy protection systems.
Stealing I've no problem with- unless it's something they're stealing from me...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
...Controlling stealing I've no problem with- unless they steal something from me to achieve it...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
It should also be noted that our newly created song is much closer from the original than the marked version. Consequently, we cannot have any quality problems, and testing the quality of the final result is not required.
So removing the watermark improves the audio quality. High End audiophiles will thus want watermark-removers to clean up the signal. There's a legitimate use for this.
I looked at what the guys think the algorithm is... and if they're right, it's one of the stupidest algorithm I've ever seen.
Opus: the Swiss army knife of audio codec
Why do you think most people listen to radio? Because most people are lazy.
... it's a result of the limitations of the medium.
Because one comes attached to their car. Because it's free. Because they don't have to carry around anything to listen to the radio. Most people use radio as background noise, to alleviate boredom, not because they have a specific body of music that they want to listen to. That's not how radio works. That doesn't make radio listeners lazy though
The _want_ to have music preselected for them.
You'll note that the recording industry, when they provided congress with the draft legislation that became the webcasting laws, made it essentially impossible for a webcaster to allow listeners to select their own music. (You have to get permission from each individual copyright holder to do that.) The lack of an ability for a radio listener to preselect is where the industry's power to promote their music comes from. If users could select what music they wanted to hear on the radio, then the recording industry would be powerless to impose new music on the airwaves. People would listen to what they wanted to, instead of what the RIAA wanted them to.
What if you could type in your desired playlist into your radio, and hear it, along with commercials, news reports, and weather reports. You'd be happy, because you'd hear the songs you like. The radio station would be happy, because you'd be listening to their commercials. The record companies would be very unhappy, because they don't get to pound the new Brittany Spears song into your brain.
That's why they made it illegal. Not because people want to have music preselected for them, but because people put up with it because they have no choice, and the recording industry is hell bent on keeping things that way.
- John
I cant see any reason why having a key longer than the message would hinder cracking the encryption.
Quite simply you have to brute-force and try all possible keys (admittedly if u dont know the length of the key then it's trickier)
Quantum Cryptography does seem to be the solution but it's not exactly in a real usable form just now.
A recent article in the NY Times talks about how the researchers from Princeton and Rice are having to work out the legality of publishing their results, due to potential problems with the DMCA.
Free Hans!
Yes I am a pawn for big business. I am controlled by the man like a puppet. Just wanted to get that out of the way.
Anyways the thing is this : The goal that the media industries have isn't eliminating ALL piracy, it's eliminating mainstream piracy. For instance there are cassette decks everywhere but most of us still dutifully pay $12 for a CD when we could dupe it off a friend. Why? Convenience, added to the fact that quality is degraded on a tape. Going back to even when the industry was primarily cassette tapes though the same thing held true in that most people would rather buy the real cassette as dubbing a copy of worthwhile quality meant buying a Chromium Oxide cassette tape (itself like $4) then using a high end cassette desk that you've kept very clean and calibrated...it was hardly worth the effort unless you had far too much time on your hands. Again there were lots of people busily duping everything they can find with their custom label collection, but they remained small enough to not be a considerable threat.
But then along comes CDs : Now suddenly you can stick a CD in your drive and a $0.60 CD-R in your burner, hit dupe and you have a 100% copy. Put that with some good transparency labels and you can actually have a professional looking copy that doesn't make you look like a cheap thief. The same thing is a concern for the movie industry with DVD's : What happens when people can make digital copies of DVDs? Back in the day you COULD hook two VCRs together and dupe a copy but again what you'd end up with would be of lesser quality. The majority of consumers think : "Bah it's only $17...I'll just buy the fuggin' thing.". If on the other hand they could easily make a 100% copy and they knew all their friends were...that would bother them. The majority of consumer piracy isn't so much pure theft rather than people not wanting to feel like a sucker (which of course they aren't, but when all their friends are busy duping everything it's hard not to get caught up in it).
I've babbled quite a bit there but the point is this : If you have to degrade the quality of an SDMI song (i.e. a "brute force" attack) then that will keep it on the fringe as most consumers would rather pay the chump change and get the "Real thing" than have reduced quality. It is obvious that there are ways to get around SDMI (i.e. take an audio out and redigitize), but the point of the SDMI is that if it's perceptable then their mission has been accomplished.
On a similar note MP3s are shit. They sound like crap. On top of that the majority of people ripping seem to have absolutely no idea what they're doing and somehow manage to record in the sound of a new mail notification, or suddenly the tone will change abruptly mid-song, etc. If I was the music industry I would be pushing this sort of thing out like CRAZY. i.e. I'd have hundreds of Napster "servers" out there serving up slightly munged songs. People tend to give up and just go buy it. Just like in Warez channels where mysteriously that game you spent 3 days downloading has one ZIP missing, or one's corrupt, etc. They're doing their jobs perfectly.
Totally irrelevant : For all the kiddies writing their whitepapers proclaiming that we're at the dawn of a new world where IP and copyrights are invalid because they can copied : As I mentioned we had cassette tapes in the early 80s. This isn't new. This is the same old shit history just keeps repeating itself. I had Commodore 64 friends who had walls of pirated software. I had buddies who had the big briefcases full of duped cassettes. I had friends who had walls of VHS copies. For anyone who's foolish to proclaim that this is a profound new world, you're obviously too young to realize it's the same battle taking different forms.
I think the point is, the DMCA says not that
'If you steal my car then you go to prison'
but
'If you know how to steal my car then you go to prison'
Possessing a device that can do an illegal thing become a crime in itself, even if the device may have a legal and useful purpose - e.g. a cracked DVD player that allows you to fast forward through the copyright notice - IANAL but I believe that's still legal.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
Remember, these guys are in France, so not subject to the DMCA. Of course, I thought the same was true of Norway...
Best Slashdot Co