Slashdot Mirror
CD Copy Stopper
CTho9305 writes "Technology Review has an article about a new CD and DVD copy protection system by Doc-Witness, where the disc itself has a smart card on it. The card checks if a request is valid, and then returns a key to decrypt the contents of the disc. It apparently works with standard drives."
let's count how many posts say "the crackers will have this fixed in X days."
I don't understand where my ability to make backups for myself has gone. That's part of my right as an OWNER of a piece of software. I am ALLOWED to make a backup for myself.
With this, if the disc goes to crap or the "smart card" goes to shit what am I going to do? Can I call up Doc-Witness and say, "hey, send me my money so I can get a new CD?"
It looks like this is for software packages.
The installer communicates with the smart card to get permission and the decryption key needed to finish the install. So, reverse engineer the installer and run one legitimate install to capture the decryption key and you can make as many installs as you want.
It's a little more secure if the disk has to be in a drive to run the final software, and it expects to communicate with the smart card to authenticate authorization to run.
"What is this chip supposed to do -- decrypt on the fly and send a new optical pattern to the read head? I don't think so. "
Well, yes apparently:
The technology works by turning an ordinary CD drive into a smart-card reader. A photodetector at the edge of the CD turns the drive's laser light into electrical pulses, which travel to the embedded smart card and request the key. If the card deems the request legitimate, it returns the key as an electronic signal that an onboard light-emitting diode converts into light and beams back to the drive.
No, that wouldn't work. The data on the CD is encrypted. The disc decrypts itself if it passes security checks. It would presumably keep track of the systems that it has been installed on, and refuse to decrypt itself if you violate the EULA.
The glaringly obvious hole, that I see, anyway, is that you could stick it into a valid system, and then copy the contents. It would decrypt the files to give you, the authenticated user, access to the data. Then you could crack and burn. The only thing I see this preventing is 1-to-1 copies, like CloneCD does.
The roots of education are bitter, but the fruit is sweet.
--Aristotle
It's actually pretty trivial to do with a standard cd drive.
Read block N -- It's all zeros. (State is currently cleared.)
Read block M -- laser light is detected, state is now set for next X seconds.
Re-Read block N -- It's now all ones.
Simple. With low-powered electronics, it could be powered off the reading laser-light...
Of course, from a practical perspective, Y% of all cdrom players won't read the artificial material quite right. A lot of legitimate purchasers will get screwed. And everyone will just download the latest cracked versions off the net, cause who wants to spend 10 minutes trying to validate that you are a "correct" user. Particularly when the software crashes every five minutes...
Those who fail to learn from history are doomed to repeat it. 20 years ago, back in the Apple II days, they were changing tracks while reading/writing to create a spiral pattern. Temperature shifts, and minor differences in component quality during the manufacturing process, really fucked that up. Everyone wound up using the cracked versions, because there was no acceptable alternative.
Here we go again...
Well that would be a stupid bet.
A few years ago I worked for a smart card company and we thought about doing this very thing. We realized very quickly, however, that the key securely stored on the smart card has to get passed out of the smart card and into software to be useable. Once the key is in software, it is vulnerable and can be hacked to decrypt the contents of the CD.
If everything were done in hardware and the key was transferred securely through hardware it would be much more difficult to hack the key, but who cares? After passing the key securely from the smart card to the decryption hardware, the hardware has to put out a stream of unencrypted data to make the content actually usable and the data can be recorded AFTER being unencrypted. What if the hardware outputs the data in analog format? Big deal. It's a high quality stream so we record it again and digitize it and we really haven't lost that much quality wise.
Adding a smart card to a CD or DVD doesn't really make it more secure. It just makes us jump through more hoops.
Of course, this whole post is probably illegal anyway due to the DMCA. I would post anonymously but the karma is worth time in prison and $1/2 million fine.
And then there was the crack for the dongle... which similated dongle present on a virtual serial port... and allowed the program to run as normal. From what I read of this article... the content is on the CD as per normal, albeit in a form of encrypted format, and is then decrypted by the key on the card. Despite all the fancy theory (in which the decoded picks up a pulsed "wake up" signal and beams back the decoder as a standard light signal), so long as one can simulate the decoded, one can read the data. So, once somebody cracks the code (hopefully standardized, but otherwise by perhaps analysing the data between an encoded copy and the original CD)... an app to simulate the process, and protection becomes moot. As a personal side note, copying is still illegal, I don't support it as a general rule. If you get the warez and it enough to play it through or keep it, why not shell out a few bucks for something that's worth it? (whatever happened to shareware, like in the good ol Doom Ep1 days). Anyhow, that's my spiel... flamers ahoy! Can I get my silicon chips in Salt&Vinegar or dill - Phorm