Slashdot Mirror

← Back to Stories (view on slashdot.org)

French Hackers Break SDMI

Posted by Hemos on from the join-with-the-gang dept.

jonathan_ingram writes: "Two French hackers have reportedly broken SDMI. Various other groups participating in the SDMI challenge have claimed to have accomplished this already. However, this group has decided to publish their results, available at their site. The site includes a detailed technical report, together with the history and background of SDMI, and the SDMI challenge." Ah, what a seemingly good idea SDMI was for the media companies - now I fully expect to see a story "Newborn infant cracks SDMI, burps up on RIAA".

14 of 112 comments (clear)

  1. Re:counterproductive by kyz · · Score: 3

    All this means is that the music industry will replace SDMI with something more secure. The fact that it was broken *now* is a positive thing for them as they don't have to worry about supporting hardware that doesn't yet exist.

    Duh. You forget rule number one of security through obscurity - IT ISN'T SECURE. Even using the strongest, least crackable encryption method, or most stealthy watermarking will fail, as the SDMI devices will need to reveal their secret key in their execution flow. The secret can't be hidden in software, decades of 16 year old crackers have shown companies that. Only tamper-proof hardware can hide it, and even then the electrical engineers will have a go at opening up the hardware.

    It's only possible to be 'secret' by demanding that an SDMI device contact some more secure device via the 'net. But even then the messages sent back and forth can be logged and replayed to fool the SDMI device.

    I purport that the next SDMI scheme will be broken. And the one after that. And the one after that, etc. The only secure way to do it is to actually keep a secret, and to do that is just not possible. Public key encryption works by never revealing the private key. Only a human with locks on the doors can do that, an automated device stands no chance of keeping a key private.

    --
    Does my bum look big in this?
  2. Gutter boy. by TheFlu · · Score: 3

    When I first read the headline, I actually thought it said French Hookers Break SDMI.

    --

    --It's Pimptastic!--

  3. Re:On more time... by JPS · · Score: 4
    I've asked this several times before, but have yet to see a satisfactory answer: why does it have to be that we can break this?

    Well, noone knows the answer, but there are a few points (among others) which makes the existence of robust watermarks in the near future rather improbable.

    • They are supposed to be inaudible, so compression algorithms will hit them where it hurts.
    • Most people don't care soooo much about quality of music being slightly degraded, so the watermark should be even more robust than the song itself (in some sense).
    • When detector are available, you will be able to make of LOT of trials and errors, and you will be able to do them step by step, has the SDMI requires that the songs stop after 15 seconds if a mark is detected, no matter where you start in the song.
    • Finally, to the best of my knowledge, there is currently no "public key" watermarking method available, in the sense that you will need to protect some sort of secret with a tamper-resistant device or obfuscated code.


    But well, it is also possible that there is a breakthrough in watermarking research in some time...

    Julien Stern
  4. Re:counterproductive by barleyguy · · Score: 3

    We as humans are naturally born with freewill and free thought. If you "create" a poem, and you want to keep it to yourself, don't tell anyone about it. If you tell someone, then it goes from your mouth to their ears, and forms thoughts in their head. Those thoughts are theirs, not yours. When they tell someone else the poem, it is an exchange between that person and the person they are telling. You no longer have anything to do with it.
    That's the problem with intellectual property. You are claiming ownership on someone elses THOUGHTS. That's what intellectual means.
    Rules only exist by an agreement between the "ruler" and the "follower". Governments exist based on the assumption that we somehow gave up our freewill by mutual agreement, in exchange for "protection". In reality, if we do not wish for this protection, we should be able to make a mutual agreement to forego leadership.
    So really, you don't own anyone else's thoughts, regardless of whether you gave them the idea to think them. And the natural state of the world is freewill, not leadership that you choose not to follow.

    But anyhow...

    --
    --- "So THAT's what an invisible barrier looks like!" - Time Bandits
  5. Re:One thing that most people don't realize by Platinum+Dragon · · Score: 5

    Now suddenly you can stick a CD in your drive and a $0.60 CD-R in your burner, hit dupe and you have a 100% copy.

    Not to mention, you can purchase a Phillips CD recorder, promoted in ads that encourage people to make copies of their CDs.

    Lest we forget, VHS did not kill the movie industry, cassette tapes did not kill the music industry, and it appears CD-R, the upcoming DVD-R formats, and compression formats like MP3 still won't kill the music and movie industries. As you mention, MP3s don't sound as good as CDs. DivX-encoded movies don't look as good as DVDs. So the business about "perfect digital copies" being traded over the Internet will continue to be fantasyland until most people have cable/DSL or better (much better).

    It seems out of paranoia, the media giants are willing to push overly cumbersome digital formats on people that do nothing to preserve an individual's ability to use their own legally-purchased bits as they wish, outside of making copies and selling or giving away those. Like the Divx pay-per-view DVD format before, these technologies will be soundly rejected by technophiles and early adopters as overbearing. Ultimately, so-called "anti-piracy" actions will prove counterproductive, as users will run into just as much trouble, if not more, using the digital "secure" formats, than the pirates these techs are supposed to stop. Stuff like "Why can't I have this song on both my computer and my portable MP3 player?" Stuff like (if CPRM is forced into the ATA spec) "Excuse me, but why can't I send these songs I produced to my friends?"

    Big Business really needs to think about how many customers it is willing to inconvenience and turn away to knock out casual copying, instead of going after the hard-core pirates who make hundreds of copies of CDs. As the head of a Canadian media association once said to a class I was in, perhaps the industry will have to learn to live with casual copying, go after the full-blown mass pirates, and just encourage people to purchase full-quality, legal copies because it's the Right Thing To Do.

    --

    Someday, you're going to die. Get over it.
  6. The immutable laws of complexity... by Anonymous Coward · · Score: 3

    ...the more complex a security system, the less
    likey that:

    1 - it will be implmented
    2 - it will be implemented correctly
    3 - it will work the satisfaction of those who
    seek its' protection

    Read what Bruce S. has to say in Secrets and Lies
    about complex security systems that rely on crypto

    And finally, remember this:

    mp3 is out there... soon oge-vorbus...
    the ripping will occure at the play back device

    So, until shmuck intl. corps. start subsasizing
    the masses by forcing some sort of weird-assed
    copy-protected-enabled play back device to be
    placed infront of every speaker in the world
    (sorta' like Sony's brain-dead copy-protection-enabled LCD screen), the entire
    exercise is one large corporate circle jerk.

    ...too bad corporate porn doesn't get me off.
    Unfortuantly, it's just kinda' funny (in a sick
    way) and awkward to watch... kinda' like a
    rhinoceros attempting to mate with a porcupine.

    Copy Protected Music:

    Just another corporate auto-erotic fantacy that
    will results in the fatality of the music
    industry.

  7. On more time... by evanbd · · Score: 4
    I've asked this several times before, but have yet to see a satisfactory answer: why does it have to be that we can break this? I will readily agree that you can break DVD-style encryption if there is a software player to take apart. Tamper-proof hardware is different, but I won't worry about that for now. But my point is, this is watermarks, not encryption.

    Watermarks and encryption are two very different things

    Watermarks attempt to identify different copies by embedded sounds. I see no theoretical reasons these sounds can't be irrevocably embedded. I happen to believe that the hackers will continue to win, but not because they by definition must be able to eventually, as with software based encryption (DVD, and I believe CPRM). So does anyone have a reason that it will be broken, other than a belief that the hackers are sufficiently good and the RIAA/MPAA sufficiently not? Is there any "proof" that it can be done, as there is for the fact that you can "simply" copy/paste the software DVD player's code to read the MPEG2 stream? anyone? please?

    I also think we need a better way for developers to communicate anonymously and securely so that this stuff can be broken without as much worry about the DMCA, etc.

  8. It isn't an anti-stealing law though... by Svartalf · · Score: 4

    It's a content control law. It allows the content providers the ability to control all aspects of the content, taking away your fair-use rights.

    No more making copies of stuff to play in the car, keeping your originals safe at home- something you can do by law otherwise.

    No more taping of shows to watch at a later time.

    No more copying of pieces of the content for use within other things. You can't take a snippet or even a still from a movie to show in a review or a research paper- unless you've got permission from the content provider first.

    No more control over the content that you produce- they're insisting on every recording device have anti-copy systems in place such that you can't copy even your own content that you've got rights to by law. No way to duplicate it either since the DMCA takes away all rights in that regard.

    All of these things are rights that have been taken away by the DMCA and copy protection systems.

    Stealing I've no problem with- unless it's something they're stealing from me...

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
  9. American researchers run into DMCA trouble by Apotsy · · Score: 5

    A recent article in the NY Times talks about how the researchers from Princeton and Rice are having to work out the legality of publishing their results, due to potential problems with the DMCA.

    --
    Free Hans!
  10. Re:counterproductive by clare-ents · · Score: 4

    The goal of cracking encryption technologies is to demonstrate that content control will not and can not work, all the control mechanisms will do is irritate people.

    It's also a fight against the content providers who wish to dictate when, where and on what their content can be playered.
    It's a fight to preserve fair use rights -
    the right to quote from the work,
    the right to resell the work,
    the right to review the content,
    the right to fast forward through the adverts, the right to buy a film from a different country,
    the right not to have to purchase one copy per player,
    the right to build your own player,
    the right to play and duplicate your own content,
    the right to watch without informing the company.

    --
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
  11. Re:Won't this software be illegal in the US? by clare-ents · · Score: 3

    I think the point is, the DMCA says not that

    'If you steal my car then you go to prison'

    but

    'If you know how to steal my car then you go to prison'

    Possessing a device that can do an illegal thing become a crime in itself, even if the device may have a legal and useful purpose - e.g. a cracked DVD player that allows you to fast forward through the copyright notice - IANAL but I believe that's still legal.

    --
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
  12. Re:One thing that most people don't realize by Black+Parrot · · Score: 5

    > The goal that the media industries have isn't eliminating ALL piracy, it's eliminating mainstream piracy.

    But the funny thing is, they end up eliminating casual piracy and barring exercise of Home Recording Act rights, and meanwhile the professional pirates keep selling piles of counterfeit DVDs.

    I don't know what the media industries think they're trying to do, but they damn sure aren't eliminating "mainstream" piracy.

    --

    --
    Sheesh, evil *and* a jerk. -- Jade
  13. Re:counterproductive by Fervent · · Score: 3
    Huh?

    If I create something (a poem for example) and I don't want you to have it, how is this "freely shareable"? It's within the definition of intellectual property.

    Let's say I sell you that poem, but tell you I don't want it copied all over the place. That's part of the deal. What right do you have to tell me you can? It's my poem!

    The problem is there's these rules that noone wants to follow. If you don't like them, TOUGH.

    --

    - I don't care if they globalize against free speech. All my best free thoughts are done in my head.

  14. DMCA by wiredog · · Score: 3

    Remember, these guys are in France, so not subject to the DMCA. Of course, I thought the same was true of Norway...

    --

    Best Slashdot Co