MS DRM Version 2 - Cracked

As the title says: Microsoft Digital Rights Management Version 2 has been cracked. The Register has the story, including a link to a downloadable zip file which contains source code, explanation and a small DOS utility. Grab it while you can. You can also read the explanation directly here, and you can also find it with Google.

When will they learn?!?

[SealBeater]

Its not like ANY protection scheme that I can think off hasn't been broken. So far, it looks like nothing will ever not be broken.

Corps: 0, Hackers:...shit, I lost count.

SealBeater

to no end

[Rinikusu]

You know, the antics of the music industry (and the kind of thing that MS is kowtowing to with their DRM scheme) really pisses me off, but also convinces me that there will eventually come something to replace them both.

But, know what? It's their property. If they want to fuck up their distribution channels, fuck em. I can do without "so-called" modern music anyway. I go see live bands locally, get lit, and have a great time and I didn't need to buy a fucking copy-protected by the DMCA CD or cassette or anything. These guys are out there trying to make a living, maybe you should check em out. And if you catch them after the show, you might can convince them that they should distribute their songs on CD's for cheap and ask them (ask them) about how they feel about MP3's and music-sharing in general. Of course, they might not agree with you (or myself), but they have that *right* to do so.

So, I encourage, nay I *challenge* each and every one of you who would boycott MS or the RIAA to pick up a local newspaper and see what's going on in y our town this weekend. Chances are, there's a band or two actually worth checking out, and hey, it's not like you're going to meet chicks sitting behind your monitor.

Oh, and on-topic: Rock on Beale! I'm encouraged to see that grassroots hactivism coming alive! :) (hacker used in "coder" definition) Keep up the good work and keep fighting the good fight.

Re:to no end

But, know what? It's their property.

No it's not. That's the whole point - US copyright does not create property rights. The actions of the copyright holders in shifting the terminology of the debate to the language of property rights means they've already almost won. After all, who agrees with stealing? But if they don't own it (and they don't - you paid for it), it ain't stealing...

Digital Rights Management?

[zarathustra93]

When are MS, Sony and others going to learn that any sort of system like this will be broken? They should take a tip from the gaming industry.

I was excited to get a sony mp3 player as a gift last year. Until I realized that it used a proprietary format, atrac3. It will only allow me to load a particular piece of music 4 times. I've even loaded the music I make on it, but I am still subjected to this limitation. HELLO, it's my music, I made it,I own the copyright.

Digital Rights Management is there only to help support the massive amount of proffit that the recording industry is used to making. Well, I have a message for these people: The days of the $20 CD are long gone. Charge a fair amount of money for your product, and people will buy it. If you continue sticking it to the customer, they will break your systems and get it for free. Evolve or die. It's that simple.

http://www.assasins.net

Fair use: a birth right?

[Rob+Kaper]

During a (anti-)DMCA presentation at school, the smartest question I got was
the following: is fair use a birth right or simply a result of the sale
contract?

If it's the latter, there's nothing we can do but informing people and
refusing to buy products with fscked up sale contracts (limiting fair use).

Maybe fair use is nothing more than a tradition and something we've grown
used to. And not "right", by all means. Is the limitation in copyright
(which it is) written in the books of law?

But I *like* the pathetic fallacy!

[Nindalf]

I don't consider the pathetic fallacy (describing a phenomenon as if the objects involved were humans acting it out) to be a fallacy at all, but a useful metaphorical device.

"Water seeks its level." - no, sufficient quantities of water tend to be arranged by the force of gravity over time such that its open surface is roughly equidistant from the center of gravity

"Opposite electrical charges are attracted to each other." - no, there is a force on any two objects of opposite electrical charge each toward the other

"Information wants to be free." - no, it is difficult for one party to limit the distribution of information to only those parties it approves of

The common quotes are shorter and more digestable, literal truth is not relevant compared to effective communication.

On the other hand, the literal expressions are more likely to be left alone by those who don't understand them.

You idiots! Why did you do this /NOW/?

[Telek]

Let me ask one question...

You have a DRM technology that is OBVIOUSLY crackable (as all are), and a stupid industry that has just decided that they should use this technology, but hasn't yet implemented it in many places yet.

Do you:

A) crack it NOW and therefore allow the industry to quickly switch to a "better" scheme because it's not implemented yet
-or-
B) wait until it's in use everywhere and THEN crack it once it's too late for them to switch back?

What do you think would have happened if CSS was cracked after the first 2 DVDs were released? They would have changed the scheme really quickly.

HAVE PATIENCE. WAIT until THEY CANNOT SWITCH BACK, and then hack to your hearts desire.

Argh. This just puts more ammo in the pockets of the industries to give us MORE RESTRICTIONS instead of a stupid scheme that doesn't really hamper things a lot and can be cracked AFTER they commit.

Argh. Sorry needed to vent.

I agree, very impressive!

[BLKMGK]

Read it all - Microsoft used SHA-1, Eliptical Curve Encryption, a bastardized version of Base64 encoding, and I think even the kitchen sink to try and keep this from being reversed. They encrypted the comms between DLLs (!) to prevent anyone from being able to get anything from the calls going back and forth must have added a ton of overhead with all of this encryption. They even move the location of the key pairs on each machine that this junk is installed upon in order to prevent the keys from being easily extracted. Kripes, Microsoft went so far as to build in the capability to REVOKE the keys if they were ever published - this hack must be killing them :-)

All of that would've worked except that the code that actually USES the keys has to know where they're located and THAT code's location is static (lol). The author simply used THAT code to pull the keys for the decryption - I love it. I'll bet some poor schmuck MSFT techie is smacking his head going "Dammit!" right about now.

I'm not sure how Microsoft could've stopped this - obviously their bulletproof EULA didn't work (lol). At some point in the code something has to know how to pull the needed keys and I cannot imagine how they would've been able to shift the code that does the calling in every copy of Windows - something has to be static somewhere or at least the code to find the location does :-)

Since Microsoft used code to detect debuggers I have to wonder how he did this - hacked the debugger too? Hack the code to stop the detection of the debugger? Or decompile the code in some fashion and step through it? (shiver)

If this was the creation of a single individual or even a team it's damned impressive! I hope that The Reg gets it's wish for some sort of an interview granted and that this person or team of persons releases more insightful cracks. This was pretty sweet IMO, my hat's off to this effort!