Slashdot Mirror
Newest Audio CD DRM Proves Ineffective
The Importance of writes "As noted previously, a couple of weeks ago BMG released a new CD by Anthony Hamilton that included DRM. Slashdot readers speculated that the system wouldn't work. Now there is a report proving it doesn't work by Alex Halderman, a graduate student at Princeton's computer science department and the author of an earlier, definitive report (PDF, HTML version) on first generation CD copy protection. Famed computer scientist Ed Felten asks: "Is this the end of the road for CD copy protection?" His answer? "It ought to be.""
Start with a Windows 2000/XP system with empty CD drives. Be sure to reboot the computer first to ensure MediaMax is not running.
1. Click the Start button and select Control Panel from the Start Menu.
2. Double-click on the System control panel icon.
3. Select the Hardware tab and click the Device Manager button.
4. Configure Device Manager by clicking "Show hidden devices" and "Devices by connection," both from the View menu.
5. Insert the Anthony Hamilton CD into the computer and allow the SunnComm software to start. Observe that the SbcpHid device driver is added to the Device Manager list when MediaMax runs for the first time.
At this point you can attempt to copy tracks from the CD with applications like MusicMatch Jukebox or Windows Media Player. Copies made while the driver is active will sound badly garbled, as in this 9-second clip [10].
Next, follow these additional steps to disable MediaMax:
1. Select the SbcpHid driver from the Device Manager list and click "Properties" from the Action Menu.
2. Click the Driver tab and click the Stop button to disable the driver.
With the driver stopped, you can verify that the same applications copy every track successfully.
And oh, yeah, this work is a blatant DMCA violation.
As long as I have an audio-in port on my sound card and an external player, drm is a waste of their time and money.
"Is this the end of the road for CD copy protection?" His answer? "It ought to be.""
Yeah and 64k should be enough for anyone.
I have over 70 freaks, do you?
Who wants to make a little bet?
I have $10 on him being contacted by RIAA lawyers with DMCA references by the end of the day. Any takers?
-- Dr. Eldarion --
they never saw *that* coming did they?
sheesh..
It is amazing that anyone was even worried about this..
however, if microsoft gets in the bios and disables the shift key... "they don't need a shift key" you can bluescreen on boot and probably get around it by pressing the windows key.
anime+manga together at last.. in real time.
Now there is a report proving it doesn't work
No doubt written with a Sharpie pen.
I hope we see more DRM like this. Who would have thought turning off autorun would be a DMCA violation?
We better all watch out - our shift keys are quickly becoming a means to thwarting an access control device. Using them is flirting with arrest!
Apparently this text is on the back of the CD:
THIS CD IS ENHANCED WITH MEDIAMAX SOFTWARE
Enhanced! Since when does taking functionality away from something mean you're enhancing it?
-- Dr. Eldarion --
No audio CD should be installing *ANYTHING* on my PC, unless I'm aware of it at first.
"Is this the end of the road for CD copy protection?" The industry is stupid, greedy and desperate. I'm going with 'no'.
The DRM feature works in tandemw ith the DMCA. Alex Halderman can expect to find himself relocated to a federal prison soon. I bet that he won't be writing about the weakness of DRM systems anymore.
See, DRM does work when you make it illegal to point out where it is weak.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
If you try to do DRM on a Compact Disc, it is never going to work.
If you ever think you succeeded, you've failed anyway because you violated the standards that define a Compact Disc... you've got a CD-like piece of plastic that just might play in some CD players, but you will not have a CD.
So they rely on the autorun setting on cd's to load the device driver for them? that's pretty stupid -- on windows it's enabled by default (typical) but most companies disable it because it's a security risk.
The Mac got hit pretty hard with an autorun virus that ended up shipping on many cd's. As a result many Mac users disabled this in OS 9, and I believe OS X has it disabled by default.
This might be effective on most windows home computers whose owners don't change the default setting, but I'm wondering how long before that driver gets infected with a virus....
BMG are geniuses (genii? :P)
Follow this pseudo-proof
Step 1: Release a CD by Anthony Hamilton
Step 2: Put new copy protection on it
Step 3: Nobody copies the cd "illegally"
Step 4: QED. The copy protection works
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
It loads a custom device driver via 'autorun' when you stick the CD in.
So if you hold shift, disable autorun, or run an OS that doesn't do autorun, the CD might as well have no copy protection whatsoever.
This is about as effective as putting a sticker on the front that says 'Pretty please do not attempt to extract data from this CD on your computer'.
I wonder how much money this company got for their incredibly secure DRM system...
// "Can't clowns and pirates just -try- to get along?"
i used to work for a company where they would limit internet access by hiding the address bar in IE. it proved about as effective as this seems.
!(^((ri)|(mp))aa$)
Merely noise to the average user. They'll put the CD in, it plays. They attempt to burn a copy, it comes out like crap.
"Hey...I guess we can't do this."
How many people do you know who are still stymied by DVD/VCR Macrovision copy"protection"?
All you have to do is own a tape/cd/etc audio recorder that has a "line in", and voila, take the line out/speaker out from your computer, run a cable, and presto! you can defeat any drm package for a currently existing computer, unless the computer is hard-wired to not have "line out" or "speaker out" (not likely)
stuff |
1.2. Your rights to use the Digital Content are conditioned on your ownership of a license to use and possession of the original Compact Disc (CD) media and are terminated in the event you no longer own or possess the original CD media. (This apparently prohibits using copied tracks as backups in case the original disc is lost, stolen, or destroyed.)
So if the CD fails to remain usable through normal wear and tear, does that put the publisher in breach of contract? They've effectively granted me a license that they are going to renege on should the physical media degrade.
They've got to make up their minds! Is it a physical good, or a digital good? Did I buy a license and the CD was just a nice way for them to fulfill their promise that I'm licensed to use the content? Did I buy a plastic disc (for $15) which I'm free to do with as I please?
$8.95/mo web hosting
1. INTRODUCTION
Several recent news reports (AFP [1], Washington Post [2], USA Today [3], AP [4], Arizona Republic [5], LA Times [6], CNet News [7]) describe a new copy-prevention method that has been applied to an album by Anthony Hamilton released by BMG on September 23. This system, called MediaMax CD3, was created by SunnComm Technologies, the producers of the first-generation copy-prevention system MediaCloQ. Discs manufactured with SunnComm's new technique include two versions of the music, each protected in a different way. One set of songs are CD audio tracks that play in standard CD players but are supposed to be difficult for computers to copy. The second set are compressed, encrypted Windows Media files that employ digital rights management (DRM) to restrict how they are used. Music producers hope that the combination of these technologies will help reduce illegal copying while still allowing legitimate customers to play songs on their PCs, but this can only be achieved if both components are secure.
In this report, I explain how MediaMax functions, analyze the weaknesses of its design, and discuss its implications for the debate about CD copy protection and the problem of copyright infringement. I find that although SunnComm has gone to great lengths to respond to criticisms of earlier systems, MediaMax still prohibits many uses of the recording that are allowed under law. At the same time, the system's protections are so weak that they are unlikely to cause any significant reduction in copying.
2. PHYSICAL DESCRIPTION
I bought the recording Comin' From Where I'm From by Anthony Hamilton (Arista Records/BMG) from Amazon.com and received it on September 25. The disc contains twelve tracks for approximately 52 minutes of listening time.
The album cover has a sticker with this message:
This CD is protected against unauthorized duplication. It is designed to play on standard playback devices and an appropriately configured computer (see system requirements on back). If you have questions or concerns visit www.sunncomm.com/support/bmg.
The hyperlink points to a FAQ that explains that the audio tracks are protected against copying and provides solutions for common problems accessing the disc's DRM-controlled content.
The following text is printed at the bottom of the back cover:
THIS CD IS ENHANCED WITH MEDIAMAX SOFTWARE. Windows Compatible Instructions: Insert disc into CD-ROM drive. Software will automatically install. If it doesn't, click on "LaunchCd.exe." MacOS Instructions: Insert disc into CD-ROM drive. Click on "Start." Usage of the CD on your computer requires your acceptance of the End User License Agreement and installation of specific software contained on the CD. Windows System Requirements: Windows 98/2000/XP, Internet Explorer 5.5 or later, Windows Media Player 7.1 or compatible player. Mac System Requirements: Mac OSX 10.1, Power Mac G3/G4, iMac, eMac, Powerbook G3/G4, iBook with 128 Mb of RAM, Windows Media Player for Mac OSX, Internet Explorer 5.2, Monitor capable of displaying 800x600 screen resolution & 256 colors (64K colors recommended), 12x or faster multi-session-enabled CD-ROM drive, Flash Player 6. Digital files on this CD will also play on portable devices supporting secure WMA files. Certain computers may not be able to access the enhanced portion of this disc. None of the manufacturers, developers, or distributor make any representation or warranty, or assumes any responsibility, with respect to the enhanced portion of this disc.
The "Compact Disc Digital Audio" logo is absent from the printed jacket and the face of the disc, but it is embossed in the plastic on the inside of the jewel case. The CD itself bears the warning: "This disc is protected against unauthorized duplication."
3. THE ANTI-COPY SYSTEM
One component of the MediaMax system is designed to make it difficult to extract CD audio tracks as unprotected audio files using a PC. Thwarting extraction would prevent users from copying the CD or upload
A couple of dozen security and cryptography expersts vs thousands of talented hackers and ameture tinkerers. I am not nocking the guys who made this protection but they and there bosses have to understand that they are going to push this rock up a hill for all eternity. Maybe thats there goal: 1. create a DRM scheme 2. Sell it to RIAA dolts 3. DRM broken day it comes out???? 4. Profit
Did Glenn Beck rape and kill a girl in 1990? gb1990.com
and raise you 3 Britany Spears Singles, plus an N'Sync CD. It's a bit risk, but I'm willing to take it!
The bastards will never learn.
There will never be any copy protection scheme that will work.
If you can listen to it, you can copy it by just connecting the output to the input for another device.
Unless they make it so that nobody can listen to it, copy protection is an exersise in futility.
Death has been proven to be 99% fatal in lab rats.
It's not supposed to be uncrackable. I know it's crackable, you know it's crackable, they sure as hell know it's crackable. Just like any other protection mechanism on anything from a PC CDROM to the XBOX.
What it's supposed to do is limit casual piracy. Make it tougher for the average slob to make a copy with the EZ-CD Copier that shipped with his Dell and give it to his buddies. That's it. Most folks would just give up if it didnt work the first time they tried, they aren't going to jump through any hoops, scribble on it with a sharpie, open up a hex editor, solder a mod-chip into their player, run a distributed cracking engine to decode it, whatever. It sure as hell has nothing to do with preventing some geek from leaking it on the 'net.
That's a *large* chunk of the sales they actually lose. Bob Magoo who gets a copy from his buddy Turd Ferguson because he's too lazy or cheap to run down to Wal-Mart and get his own.
So just friggin relax already, and dont be so proud of yourself that you figured out how to "hack" the technical equivalent of the safety pin that keeps a babies diaper in place.
I don't need no instructions to know how to rock!!!!
I believe anti-copy CD technologies will prove unfruitful, and will therefore eventually be abandoned by record companies. There firms may take a cue from the movie industry and increase the value of CDs by bundling interesting bonus features rather than restrictive copy-control software.
An interesting New York Times article today about exactly this can be found here. The article even mentions a band that includes a PlayStation 2 game on a DVD with their CD. Which just goes to show that CD prices have absolutely no relationship with marginal costs.
"If I could live to be several hundred
I could take a walk and really wander, really wonder."
> "Hey...I guess we can't do this."
then: "I wonder if I can download the song off kazaa"
At which point he spends about 30 seconds searching for the song, which some more technologically clued in person has kindly made available.
Users don't grok shift keys and drivers and EULA's. They do grok kazaa however.
I find it hilarious that they did this on a CD by someone who no one has ever heard of. 2 reasons. 1. If they were to do it to a big name person that someone actually listened to, odds are sooner or later the thing would muck up some little 13 year old's computer. You'd have the whole suing a 12 year old fiasco all over again. 2. If they were to do this with someone that people actually listened to, they would HAVE to realize that it would have been about 5 minutes until every 13 year old (whose computers weren't mucked up in situation one) knew how to circumvent copy protection and no longer grows up in a world just accepting that the RIAA owns them. Hmmmm...Not that the RIAA doesn't own them, but that's another story altogether...
Or, forget all this crap, and dont even bother holding down the shift key. Do what I've been doing for years, and disable autorun period right after you install windows. Heres how to do it in XP Pro(shamelessly stolen from the first site google gave me):
To Disable CD autoplay, completely, in Windows XP Pro
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for Turn autoplay off and modify it as you desire.
Turns out Microsoft has been shipping a circumvention device all these years. Anyone who lets a cd run whatever it pleases is a fool anyway.
I hope this is not off topic, but could you help me with an audio cassette that I have? I bought it at the store, and it won't play on any player. It is the self-titled release by the band "Head Cleaner". Instead of music, I get a couple of minutes of loss hiss. Is this some sort of cassette tape DRM problem?
Don't blame Durga. I voted for Centauri.
MagnaTune
I believe they were mentioned a little while ago, but they're the
"We're a record company, but we're not evil" people.
Seriously. Asside from a few artists I absolutely love, I have started getting my music fix from mp3.com and magnatune. If you're gonna listen to them though, please do help them out financially. It takes a lot of bandwidth to stream mp3s.
no comment
Reading over the article, I have a few unanswered questions that almost make me want to pick up the CD just to see for myself:
1) Does the software ask your permission to install the device driver that mungs your ripped tracks? Note that there are two pieces of software on the CD: one that uses a device driver to prevent a CD ripper from getting a copy of the track onto the computer, and another that controls the DRM on the WMA files. The author didn't use the latter because it required accepting a EULA, but the former he obviously was able to test. Thus I suspect that it doesn't ask you, however it's possible that it does but doesn't require acceptance of a EULA. I doubt that, however.
2) Are the tracks rippable in Linux? Obviously the WMA wouldn't be, as they require software to handle the DRM. But without the drivers, the tracks on the CD appear to be rippable in Windows, and thus I assume, also in Linux or any other OS that doesn't run Windows code.
3) If (2) is true, then how long until Linux is considered to be circumvention software?
4) Does the EULA include a provision preventing you from bypassing the device driver?
More gasping and thrashing as the death throes of the recording industry continue... These inept attempts of the desperately greedy and self-important to maintain their obsolete roles are somewhere between amusing and pathetic.
Too bad they aren't as endearing as the penniless former aristocrats who were more or less kept as pets by the wealthy after World War One swept away most of the European monarchies. Watch for them in any old B&W movie that features millionaires and mansions. There's always a Count or a Baron or a Duchess at the dinner table. In a few years, after the recording industry is gone, maybe every fashionable Silcon Valley party will include a Geffen or a Rosen.
I rip every disc I attain (none in the past two years for boycott reasons) to secure my fair use right to a backup.
Even under the bullshit of the DMCA, one has the right to reverse engineer or bypass copy protection schemes to excersize his fair use rights.
The exception of course, occurs when one is a minor in a foreign nation that has extradition agreements to the USA.
You can't judge a book by the way it wears its hair.
you used capital letters, dmca violator1111, you are going to jail1111
P2P. He asks his friends, they set him up with a client. He has some respect for copyright, but his practical interest takes over, and he grabs the album off P2P. But now he has a client installed, so he's only three clicks and a sacrifice of morals (against a company that just screwed him) away from further downloading.
The moral of the story? DRM limitations fuel P2P. This story depends on a portable player that doesn't do WMA, but there are many other inconveniences. What if he doesn't use Windows or Mac (that's me)? What if he's an audiophile who can hear the difference between WMA and FLAC?
Besides, the article says you can burn the tracks a limited number of times. That's right, without any circumvention at all, the DRM is totally ineffective! I haven't checked, but I'm willing to bet the music is all over the P2P networks. DRM is completely worthless: if there were any competition (there isn't), the idea would have died years ago.
Litigious bastards
This is what gets me: they already seem to have recognized the autorun vulnerability. How do I know? Because they're asking me to take steps to install their CD-breaking system in the event that the software doesn't automatically start! They might as well say,
I was going to put a sig here, but I had already submitted the message.
Does this mean that anything that is NOT Windows is a DMCA violation?
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Doesn't installing a driver on my system without my permission constitute "hacking", thus making BMC terrorists under the Patriot Act?
"Freedom means freedom for everybody" -- Dick Cheney
Like many iPod users, I actually buy much more music than I did previously. New listening device creates new spaces for listening music and thus increases demand. However, I am not rich enough to buy EVERYTHING I want to listen - usually when I enter a store, 4-5 albums catch my interest, but I can afford to walk out only with 2-3 of them. Obviously, I avoid CD's with stickers like "this CD is copy protected". I know the protection is probably easy to bypass, but why should I bother? I just choose the 2-3 albums without the protection. And here's a weird thing - whenever I put back a "copy protected" CD on the store shelf (carrying in my basket the non-protected ones) echo brings me the sounds of a gunshot and a voice shouting "ouch! my foot!" somewhere in the distance.
What I find interesting is part of the article's description of the CD:
The "Compact Disc Digital Audio" logo is absent from the printed jacket and the face of the disc.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Exactly - it's my opinion that if a media product is broken by DRM restrictions, the products protected by the DRM become less valuable, and therefore, people will be less, not more, likely to seek out a legal method of acquisition. The music file trading underground won't be ended until proper unencumbered mp3's are made available legally for a small cost.
Show of hands: How many of you were so pissed off by this that your first thought was "I'm going to immediately RIP this CD and share it with the world!" Could it be possible that BMG's strategy may backfire, and make the tracks even more widely available?
"Freedom means freedom for everybody" -- Dick Cheney
Excuse me, am I missing something here ?
But if you can play a CD in a CD-Player, then surely you could connect the Line-Out to Line-In of the PC sound card and use a sound app (such as Cool Edit) to record.
You could ALWAYS do that.
-573417h F16h73r
Copies made while the driver is active will sound badly garbled, as in this 9-second clip [10].
That's not garbled, that's the Aphex Twin mix!
Or under iMac:
1). Insert CD into drive
2). Take iMac into tech support, so they can "extract" the cd that is now jammed in your computer.
An Autorun will be effective against the vast majority of Windows and Mac users.
This doesn't matter. Who cares if you lock out all those people that aren't technically savvy enough to really use their computers to begin with? These people probably couldn't figure out how to even get on Kazaa anyway.
If you can't even lock out those who know well enough to use the shift key, or to simply disable auto-run to begin with (as the author rightly points out many people have already done), then there is absolutely no hope of keeping this music off of file-sharing networks, or out of black-market pirate CD rings. All this is doing is locking out people who don't need to be locked out, and keeping the music easily accessible to those who (in the record industry's eyes) do need to be locked out. It is therefore completely ineffective and arguably counterproductive.
In fact, it's no better than the pen trick on the old schemes. I mean, if you didn't read Slashdot or CDfreaks or whatever, you'd have had no idea that that worked either. The average consumer probably still knows nothing of the pen trick. But the fact that people who generally do a lot of copying did find out about it made that copy protection method completely useless to the record labels. The whole point is to stop people from copying (and sharing), not to punish those who just want to listen to their CD's (much as it seems otherwise so much of the time).
About the only good thing I could see coming out of this (for the record industry) is a conditioning among average consumers to begin to accept DRM. Over a long period of time, that may change prevailing attitudes among the public. But it won't stop people from copying that want to copy and know anything at all about PC's, which has to be the end goal of all this in the minds of the RIAA and their cohorts.
Well apparently some "new sources" have revealed some information.. probobly some slashdotters..
The page now shows this "Several sources brought a flaw in this paper to my attention. I'm presently revising it to reflect this new information. -- J A Halderman"
for offering advice on how to circumvent this copyright protection scheme.
The real "Libtards" are the Libertarians!
While I like your argument, I can't agree with it.
What's the first thing a non-tech savvy user is going to do when confronted with a DRM scheme? They go online and find the workaround. Then, suddenly, you have a slightly more educated user.
Hell, did I know how to write DE-CSS software? Nope, but when I couldn't play my DVDs using linux, I went online and solved that problem in a matter of minutes.
I hate laws that try to stifle the free flow of information. End the end, a lot more than just the information gets squashed -- fair use, privacy, freedom of speech, etc.
Who the hell is Anthony Hamilton?
Having just read all the posts in this thread, and gone back to the beginning, I see that italicised line from the abstract as the most important. The next generation of copy-protected discs will need a different workaround, but ultimately the recording companies are going to have to think hard about their approach.
Look, dont get me wrong, Im not a fan of copy protection. In fact, whenever I buy a PC game and notice that there is no copyprotection on there I get 'warm fuzzies' for the company that made it. Seriously, its a big plus for me. I applaud 'maturity' in this.
But given that the recording industry thinks it needs to copyprotect, then this way is a LOT better than those !@# systems that actually damage the audio and produce a disc that you cant (legally, and logically) call a Compact Disk.
Case in point:
- a CD with one of the previous copyprotection schemes on it is the equivalent of a CD scratched to the utmost limit. One tiny extra scratch (never drop it, you hear!) and those CDs would become either unplayable or audibly damaged. Every damage protection system the CD standard was originally designed with is defeated, even with an undamaged CD.
- Said CD will only be playable by the graces of good built-in error protection. And even then the result is an approximation of the 'original' audio.
- The CD wont play in 'finnicky' players. PC-player based devices (like mp3cd players), car stereos etc...
At least with this system you dont get something intrinsically damaged.
if we have an established right to do something (namely copy the cd for backup/personal use)
We never had a right. Instead, we had (and have) a partial defense. Fair use (17 USC 107) is a defense, home copying of computer programs (17 USC 117) is a defense, and home copying of sound recordings (17 USC 1008) is a defense. Where do you see some affirmative "right" in any of the three sections I linked to? All I see is "not an infringement." An act can be "not an infringement" but still a prohibited "circumvention."
Will I retire or break 10K?
Copied straight from MS:
Make sure that the AutoPlay feature is enabled in the registry:
Click Start, and then click Run.
Type regedit, and then click OK.
In Registry Editor, locate the following registry key:
In the right pane, go to step g if the value for Autorun is 1.
If the value for Autorun is 0, right-click Autorun, and then click Modify.
In the Edit DWORD Value dialog box, type 1 under Value data, and then click OK.
A value of 0xb5 in the following registry key turns off the AutoRun feature for CDs:
You must set the hexadecimal value to 91 to enable
the AutoRun feature.
On the File menu, click Exit.
Just do the reverse to turn it off. :-)
You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.