CD Copy Stopper

CTho9305 writes "Technology Review has an article about a new CD and DVD copy protection system by Doc-Witness, where the disc itself has a smart card on it. The card checks if a request is valid, and then returns a key to decrypt the contents of the disc. It apparently works with standard drives."

I bet $20...

[swaic]

Saying it will be defeated within 30 days. Any takers. Also, $25 saying it will be by a Russian.

Re:I bet $20...

[st0rmshad0w]

Heh.

More like within 30 minutes. And it'll be a high school kid.

Re:I bet $20...

[heathm]

Well that would be a stupid bet.

A few years ago I worked for a smart card company and we thought about doing this very thing. We realized very quickly, however, that the key securely stored on the smart card has to get passed out of the smart card and into software to be useable. Once the key is in software, it is vulnerable and can be hacked to decrypt the contents of the CD.

If everything were done in hardware and the key was transferred securely through hardware it would be much more difficult to hack the key, but who cares? After passing the key securely from the smart card to the decryption hardware, the hardware has to put out a stream of unencrypted data to make the content actually usable and the data can be recorded AFTER being unencrypted. What if the hardware outputs the data in analog format? Big deal. It's a high quality stream so we record it again and digitize it and we really haven't lost that much quality wise.

Adding a smart card to a CD or DVD doesn't really make it more secure. It just makes us jump through more hoops.

Of course, this whole post is probably illegal anyway due to the DMCA. I would post anonymously but the karma is worth time in prison and $1/2 million fine.

Re:I bet $20...

[evilpenguin]

As the poster pointed out, at some point it goes to your eyes and ears. This is the so-called "analog hole." You can capture the output at this point and re-digitize it. Sure, there is some tiny loss of quality, but you now have an unencrypted data stream you can reproduce indefinitely.

I'm just waiting for the day when someone tries to pass legislation that require chips in our heads where every time we think about a movie, our debit card is automatically charged.

Perfect control, protection of intellectual property rights. Surely economic interests are more important than the commons of ideas?

Read Lawrence Lessig: "Code and Other Laws of Cyberspace" and "The Future of Ideas: The Fate of the Commons in a Connected World." Be concerned.

what?

[supernova87a]

How can this possibly be claimed to work with standard drives?

Our dvd players read the optical stream from the disc, and then decode it video out. What is this chip supposed to do -- decrypt on the fly and send a new optical pattern to the read head? I don't think so.

I think someone is trying to push a new kind of dvd drive that requires the discs to have smart cards...

Re:what?

[gargle]

"What is this chip supposed to do -- decrypt on the fly and send a new optical pattern to the read head? I don't think so. "

Well, yes apparently:

The technology works by turning an ordinary CD drive into a smart-card reader. A photodetector at the edge of the CD turns the drive's laser light into electrical pulses, which travel to the embedded smart card and request the key. If the card deems the request legitimate, it returns the key as an electronic signal that an onboard light-emitting diode converts into light and beams back to the drive.

Re:what?

[Biolo]

You're thinking too linearly. This can't work on audio CD's, but I imagine they are just aiming at
data CD's (and DVD's coming soon if you believe them).

There will be a piece of authentication code in the installer (or whatever). This will be responsible for interacting with the smartcard to send it that initial information pulse. It will then ask the drive to re-read the "smartcard area" of the disk until it gets a response (decryption key), and will use that to decrypt the rest of the disk. Since DVD drives can run code also they will be able to use this same scheme there.

'course all the Warez'ers will have to do is replace the initial installer code once they've accessed the drypt key, so I give new titles a week after they are released before there are cracked versions going about.

One worrying question - are they getting all the power for the smartcard from that laser pulse? Really? Probably means a battery, so your CD or DVD now has an even more limited lifetime. Tinker with the battery size and Hollywood now has a way to program in obsolescence into that new DVD, forcing you to buy a new copy!

They're Destroying It

[KelsoLundeen]

Maybe it's just me, but does it dawn on no one -- at least no one at the RIAA and perhaps the MPAA (Jack "Maddog ... Grrrrrrr!" Valenti in particular) that they (and by "they" I mean the RIAA and the MPAA) are slowly destroying the promise (so-called, of course) of digital technology?

All this stuff -- from half-assed watermarking, to government-sanctioned hack attacks on 14 year-old Kazaa users, threatening to throw them in federal high security lockups -- all this stuff is destroying what it's attempting to preserve.

Re:They're Destroying It

[Colz+Grigor]

Would that it were so...

Remember that the 14-year-old Kazaa users tend to still be significantly more intelligent than the average population.

Anyone below average scares the crap out of me and, by definition, that's 50% of everyone.

With Microsoft and Dell making computers that any idiot could buy and use (Jeez... just take a look at Dell's spokesperson!), we'll actually have at least half the population buying these copy-protected CDs without thinking twice about Fair Use.

So much for voting with out wallets. We're going to actually have to vote with our votes during every upcoming election. Our best course of action is to educate those that are educable and motivate them to cast their votes every time they have a chance.

It's society's own apathy that's going to wind up allowing ..AA to kill digital content.

::Colz Grigor

Re:They're Destroying It

[Arcturax]

More like they are doing all they can to stop the inevitable. Their business model fails with today's technology and they know it and are doing whatever they can to squeeze what little they still can from it. Instead of embracing the technology and working the problem of making a new buisiness model around it, they are thrashing to and fro as they slowly die, doing anything to extend their life a little longer.

Case in point... last weekend I was at Conglomeration (nice mid sized sci-fi con held near Lousiville) and attended a panel by the directors of the home made movie "Rock and Roll Starship". I brought up computer technology and he told me that since the advent of things like iMovie and companies like Adobe and Apple making what was once high end movie software cheap enough for the masses, that the number of people who are interested in starting their own independant movie making groups has skyrocketed. He said that anymore, movie making is going more and more independant and it is only a matter of time before Hollywood loses control to groups of kids who are able to make their own films and put them up on the internet or burn them to DVD and sell them at cons.

True, the flashiest looking stuff will always come from big budget Hollywood, but independant film makers are going to catch up enough to make some stuff which looks pretty nice on their own. That and some of the independant stuff is pretty damn good story wise, better so than a lot of Hollywood fluff.

In fact, I was able to see a rough cut of their second movie and comment on it, to influence the final version, which was very cool! Their first movie came out in 1997, had shaky camera work, Dr. Who like special effects and the sound was a bit buzzy.

This next one, though a rough cut, already looked a lot better. The sound hadn't been cleaned up yet and there were only a few "test" effects, but from what there was in there the new movie will look as professional as something that Hollywood might put out.

Times are changing and you will see more and more of this as time goes on. Hollywood had better prepare itself, because the computer is going to bring on the age of the independant film, and nothing they do is going to stop it.

Didn't you read!?!?

It is impracticable to crack since it is hardware based

See! Uncrackable! Just like that CSS thingy!

Craziness!

[case_igl]

I have the kids that run around my house. They wake up, eat breakfast, and then go outside and collect all manner of nasty goo on their little fingers.

Then they come in for lunch, "play" computer, and muck up CDs. I'm not talking about my really important stuff that is snuggled away - I'm talking about the games they are alloyed to play...God forbid they get their hands on Warcraft 3!

I always make burnt copies of CDs for the kids to use, so that when they roll over it with the toy car and crack it I can just make a new one.

I know piracy is a problem for the industry, but it just sickens me at how legitimate fair use gets slaughtered for people like me!

And forget the "I won't be buying any of THESE CDs line" -- that only works until Toy Story 17 comes out on DVD....

Case

key management

[russcoon]

How quickly they forget:

If you are forced to distribute the secret in an insecure way, the game's over. Better yet. it only takes one read to copy the data.

I guess it's a nice idea that just misses the point.

this is fantastic

[GoatPigSheep]

(sarcasm)
YES! This is great news!

Thanks to this new technology, the price of CD's should plummet, as it will be impossible to rip them!

Finally, they have solved the problem of piracy and can now lower the price of CD's since they will not be 'losing money' anymore (a slow economy doesn't count)
(/sarcasm)
Yeah, right. I bet those greedy pigs will raise the price of cd's even more citing the need to produce 'anti-theft technology'

Re:We've been over this...

[Dark+Nexus]

I believe the intent for this is more for software than music or video.

Consider this the logical evolution of the hardware dongle that 3DS Max once did, and possibly still does.

Re:Oh boy:: me not worried, it won't work

[gerf]

It is impracticable to crack since it is hardware based and is based on dynamic protection

Sorry to say, but hardware has been 'cracked' and hacked before, and will be done again.

At some point in your computer, the signal must be decoded for regular use. All someone has to do, is find this signal, and use that to copy a CD or DVD (DVD burners are getting out more and more...). I'm sorry, but i really don't think that this, or any technology in general, is going to work perfectly, to a consumer's satisfaction. Problems::

1. As has happened so many times, the media screws up on Average Joe consumer.

2. Those who want to copy/crack/hack it, will. They can't stop it.

Old hardware, like quad-speed CD-roms and the like, won't work. Hardware varies, from year to year, from manufacturer to manufacturer, from country to country, from pc to car audio. Things will not work for someone, and people don't like that. It's just bad karma man!

Re:Comparison to WinXP copy protection

[Erasmus+Darwin]

"Granted, one won't be able to just "copy the disc", but cracked ISOs can still be theoretically distributed."

Sure. But remember that copy protection doesn't have to completely prevent copying to be effective. Instead, it merely has to make the legal purchase more attractive than the copyright infriged copy, at least to some consumers.

In this case, it sounds like each and every DVD would have to be cracked by someone with a good deal of skill and possibly some special equipment. Compare that to "cracking" CDs, where you can get pre-made tools that handle all the effort of ripping CDs, encoding them as mp3s, and even naming the files to match the CD info.

Is this the copy-proofing technology........

[Ride-My-Rocket]

.... that is able to outmaneuver my Sharpie pen?

No hardware changes needed? Really?

[Anonymous+Canard]

It seems pretty disingenuous to me for them to claim that their technology is compatible with current hardware. Where hardware and firmware are sold as a single entity, I read that expecting to find some sort of protection system that would interact with current firmware, but they clearly need a trusted client on the device to interact with the smart card since they have to rely on that software not giving away the decrypt key. In other words, these may play on the current mechanical hardware, but they certainly won't play on current CD or DVD players without first getting a firmware upgrade. In all this isn't much different from shipping a separate smart card and CD-ROM.

At least I can't see any way to trust a client once it has been transferred to the general purpose computing platform; at that point the software is open to inspection and its secrets won't remain hidden very long.

Cost of media vs. "cost" of piracy

[dcavanaugh]

I guess this is where we find out if piracy has any real cost associated with it. If piracy really does cause the massive losses that RIAA says it does, then it would be worth their while to try a media-based solution, even if it raises their cost. The retail price of CDs is set by what the market will bear, not by the cost of production. If I can buy a blank for 25 cents, I know the music industry is getting a better deal in bulk.

If RIAA members still want to get $18 per CD and this hardware/media hybrid protects the ability to do that, then they will absorb the cost. On the other hand, if piracy "problem" is merely a smoke screen to attack low-cost/online/non-RIAA distribution, then this technology is dead-on-arrival. Time will tell.

I don't buy it.

[BeBoxer]

A photodetector at the edge of the CD turns the drive's laser light into electrical pulses, which travel to the embedded smart card and request the key.

I suppose it's conceivable that this might be possible with a CD-RW drive. But with a regular CD-ROM drive? I think that's bullshit, plain and simple. It's not like there is any command for sending data to the laser of a read-only drive. Do they send the request in morse code by turning the drive off and on again?

I think this is just more snake oil being peddled by folks who know the can make an easy buck off of nervous media executives. My guess is, it'll work fine during the dog and pony sales presentation, it'll cause endless support headaches for paying customers, and be trivially bypassed by the warez folks.

I swear, I don't know where they finds the folks who sign on to these deals. Have a problem with piracy? Make your product less attractive than the warez version by saddling it with a bunch of flakey 'copy protection' technology. That'll help your market share!

That it deems appropriate?

[dinotrac]

Hmmm.

Suppose we presume that this magic card really, really works.
Assume it is the fly, cats-pajamas, Golly-Gee-Whiz-Neato, super deluxe, smokin', king of the hill, rad copy protection of all time.
So perfect it gets canonized in Rome.

So ---
It determines what it considers to be legitimate requests?

How does it tell the difference between a completely legal archive copy and an illegal copy?

How does it know the difference between a completely legal archive copy (a right protected by federal law, BTW) of an archive copy made because the original disk was destroyed?

How does it know the difference between an illegal installation on another computer and a legal installation on an upgraded computer? A legal installation on another computer that replaces the first one?

Is this smart card also a legal scholar, familiar with fair use exceptions?

Unlike many here, I believe in intellectual property rights and have no problem protecting them.

I have a big problem, however, with protecting intellectual property rights by taking away my rights and those of everybody else.

Store owners aren't allowed to protect against robbery by shooting everyone who looks like they might steal something. IP owners shouldn't be able to protect against theft by infringing on the legitimate rights of their potential customers.

Re:Company claims unbreakable copy protection.

[Tackhead]

> Company claims unbreakable copy protection.
>Film at 11.

Crack at 10:30.

Quite right, and possibly a Good Thing

[bbqBrain]

Yes, the mfr. tech page only mentions "CD-ROM/DVD-ROM media". And, if this is the case, I have no problem with it. IMO, companies/people who produce software for pay have the right to collect money for its use. With that said, I do not support (with my pocketbook) commercial software, with the rare exception of a game I really want.

I think something like OpSecure could prove to have a positive effect on Free software. Consider that, as publishers find more effective ways to prevent license violation and unfettered copying/distribution of their wares, many PC users will be forced to make a decision that they have not in the past: 1) Pay for a legitimate copy of a given title, or 2) Use a Free (or free) alternative. Consider how many people today buy one copy of MS Office and install it on several machines or share it with friends and family. If the license enforcement becomes difficult to circumvent, a three-machine Office purchase will suddenly skyrocket from a few hundred to over a thousand dollars--more than the cost of a new PC! This opens the door for low-cost (StarOffice) and no-cost (OpenOffice, KOffice, Gnome Office) alternatives to establish a foothold in the market.

The end result? I guess that depends on the big guys' response. MS, for instance, might dramtically reduce prices for its Office suite, which also has short-term benefits for the public. This may not be sustainable, though. The funny part is this: unlike Wal-Mart, which moves into town and sells (concrete) goods at cut-rate prices until the competition disappears, there is no way to run the competitors out of business when they give their (intangible) goods away for free. How long can MS' Office division remain profitable in this scenario?

To sum up my rambling, improved software license enforcement could, in a delicious display of irony, promote Free software adoption.

Well the truth is

[dnoyeb]

The truth of security is that its inversly proportional to the number of people with a desire to circumvent it.

It will NEVER work in any form for the music industry. For the software industry its just a matter of how popular your software is...

that reminds me..

[gimpboy]

I swear, I don't know where they finds the folks who sign on to these deals. Have a problem with piracy? Make your product less attractive than the warez version by saddling it with a bunch of flakey 'copy protection' technology. That'll help your market share!

i had friends who used a program, 3d studio i believe, which used to rquire a hardware dongle. this wasnt really a problem, except they had about 2 or 3 other software packages which required the dongle. finally they started installing the warez versions-even though they had legally purchased the software. it was just easier to deal with the warez version than the big tumor of dongles hanging off the back of their computers.

Silly, silly, silly.

[CrystalFalcon]

Ok, so for all intents and purposes, this is a dongle. It's an active piece of the CD that contains hardware that can be used for challenge/response mechanisms used for copy protection.

Has anybody ever heard of cracks for dongle-protected software? (insert roaring laughter here).

Silly fools. Marketing anything as "uncrackable" is going to shoot you in the foot. This is no more secure than SafeDisc, it just requires a patch to the binaries (don't check that disc) and you're good to go.

If a computer can read it, it can be cracked.

Re:Attractive?

[ranulf]

It amazes me that some people still think that a bigger font makes it more believeable.

I always wondered why /. was only tolerable with the largest possible font setting.