MS DRM Version 2 - Cracked

As the title says: Microsoft Digital Rights Management Version 2 has been cracked. The Register has the story, including a link to a downloadable zip file which contains source code, explanation and a small DOS utility. Grab it while you can. You can also read the explanation directly here, and you can also find it with Google.

No more secrets

[smnolde]

The more Microsoft makes it's own crypto, the higher the chances the crypto will be cracked.

Re:Well, of course

[joel_archer]

in the immortal words of someone who's name escapes me:

"Information wants to be free."

Here's the article just in case you can't reach it

MS digital rights management scheme cracked
By Thomas C Greene in Washington
Posted: 19/10/2001 at 09:19 GMT

An anonymous coder named 'Beale Screamer' claims to have broken the Version-2 Microsoft digital rights management (DRM) scheme, and has produced the source code and a DOS utility to un-protect .WMA audio files.

The author's zipped file contains a lengthy description of the MS DRM weaknesses, a philosophical tract explaining why he thinks it necessary to crack, the source code, and the command-line utility.

The alias Beale Screamer, incidentally, derives from the lines of 'Howard Beale' in the movie 'Network', we're told. "Just yell to the publishers 'I'm mad as hell, and I'm not going to take this anymore!'"

The motive here is said to be an assertion of fair use and a check against the abuse of copyright for purposes of consumer extortion.

A DRM scheme "used to give the consumer more possibilities than existed before," Screamer tells us. "I think the idea of limited time, full-length previews, or time-limited Internet-based rentals is excellent. If DRM was only used for this, in order to give us more options than we previously had, I would not have taken the effort to break the scheme. What is bad is the use of DRM to restrict the traditional form of music sale. When I buy a piece of music (not rent it, and not preview it), I expect (and demand!) my traditional fair use rights to the material. I should be able to take that content, copy it onto all my computers at home, my laptop, my portable MP3 player....basically anything I use to listen to the music that I have purchased."

Well said; a tremendous amount of thought and effort has obviously gone into all this, and we have to wonder who this crusader is. A university connection seems all but certain. We've got a few feelers out, and hope very much that he'll submit to an interview soon.

Wow this guy is great....

[Johnno74]

... He's got a real pair of clangers for doing this and releasing it! I really hope he stays anonymous.

He's done a very thourough job of reverse-engineering too. Read his README file, very interesting... some quotes:

"One very important effect of this scheme is that Microsoft fully controls who gets to write modules that interact with the basic Microsoft media modules. Without a certified public key (and the corresponding private key) it is impossible to write a compatible DLL that interfaces with their code. Since Microsoft controls the issuing of certified public keys, they also have complete control over who is allowed to make compatible and competing products. Microsoft's reputation for being generous to competitors is well-known, so this effectively gives Microsoft a technically guaranteed monopoly power."

And his 'Messages' at the bottom:

"Microsoft: You guys have put together a pretty good piece of software. Really. The only real technical flaw is that licenses can't be examined for their restrictions once they are obtained. My real beef is with the media publishers' use of this software, not the technology itself. However, it's easy to see where software bloat and inefficiency comes from when this code is examined: every main DLL has a separate copy of the elliptic curve and other basic crypto routines, and parameters passed back and forth between modules are encrypted giving unnecessary overhead, not to mention all the checks of the code integrity, checks for a debugger running, code encryption and decryption. Perhaps you felt this was necessary for the "security through obscurity" aspect, but I've got to tell you that this really doesn't make a bit of difference. Make lean and mean code, because the obscurity doesn't work as well as you think it does.

Justice Department: Maybe this should really be addressed to the state officials, since it looks like the current U.S. administration doesn't care too much about monopoly powers being abused. But for whoever is interested, there is a very serious anti-competitive measure in this software. In particular, for various modules of the software to be used, you must supply a certified public key for communication. Guess who controls the certification of public keys? Microsoft. So if someone wants to make a competing product, which integrates well with the Windows OS, you will need to get Microsoft's permission and obtain a certificate from them. I don't know what their policy is on this, so don't know if this power will be abused or not. However, it has the potential for being a weapon Microsoft can use to knock out any competition to their products."

Well said.

Hackers! You are condemned!

When you decide to surrender, approach
Microsoft forces with your hands in
the air. Sling your keyboard across your
back muzzle towards the ground. Remove
your ethernet cable and expel any disks.
Doing this is your only chance of survival.

Re:Slashdotted already

[Saint+Aardvark]

Beautiful! Many thanks. I am now blessing your hard drive...

Re:Shocking!

[Anders+H�ckersten]

Anonymous M$ exec1: What happen?
M$ techie: Someone hack us up MDRM.
We get e-mail.
Anonymous M$ exec1: What?
M$ techie: Outlook turn on.
Anonymous M$ exec1: It's you!
Hackers: How are your gentlemen!!
All your media are belong to us.
You are on the way to bankrupcy.
Anonymous M$ exec1: What you say??
Hackers: You have no chance to survive make your time. Ha ha ha ha....