After DeCSS, DVD Jon Releases DeDRMS

An anonymous reader writes "Jon Lech Johansen, who reverse engineered FairPlay back in January, and wrote the decryption code that was later used by an anonymous developer to create the playfair utility, has released a similar utility: DeDRMS. It's only 230 lines. T-shirts anyone?"

Curious how he wrote it in C#.

[brunes69]

Not that I have anything against C#, I actually find it quite nice, just stuck me as odd that someone would write a cracking toolin it. These things are traditionally written in C ( for speed ).... like DeCSS was.

Re:Curious how he wrote it in C#.

[Rikus]

I'm guessing it will be rewriten by plenty of people in various different languages. C, perl, python... fortran77?
I don't even have a C# compiler.

Re:Curious how he wrote it in C#.

[harlows_monkeys]

These things are traditionally written in C ( for speed )

You are assuming that C# is slow. That is not a good assumption.

Re:Curious how he wrote it in C#.

[sosume]

Since this code is easily converted to c++ (or VB) using one of the various tools available, this won't gain much or any speed under .NET.

BTW he *could* have included some comments ;)

Re:Curious how he wrote it in C#.

[Deraj+DeZine]

Maybe Microsoft sponsored his efforts to screw over Apple?

Re:Curious how he wrote it in C#.

You are implying it is. That is not a good implication.

Re:Curious how he wrote it in C#.

I was able to access the README before the server went down:

Compiling:

* With MonoDevelop [1]: Open DeDRMS.cmbx and click F8.
* With mcs [2]: mcs -out:DeDRMS.exe *.cs
* With csc [3]: csc /out:DeDRMS.exe *.cs

[1] http://www.monodevelop.org
[2] http://www.go-mono.com
[3] http://msdn.microsoft.com/netframework/technologyi nfo/howtoget/

Usage:

* DeDRMS.exe file.m4p

Notes:

DeDRMS requires that you already have the user key file(s) for
your files. The user key file(s) can be generated by playing
your files with the VideoLAN Client [1][2].

DeDRMS does not remove the UserID, name and email address.
The purpose of DeDRMS is to enable Fair Use, not facilitate
copyright infringement.

[1] http://www.videolan.org/vlc/
[2] http://wiki.videolan.org/tiki-read_article.php?art icleId=5

Re:Curious how he wrote it in C#.

Things like that were traditionally written in C because it's easy to manipulate memory and pointers, which is useful for making things like encryption/decryption easier to write.

Re:Curious how he wrote it in C#.

[Sam+H]

Using C# makes sense to me. It provides Rijndael and MD5 in System.Security.Cryptography out of the box. These cypher and hash algorithms are at the core of the DRMS encryption scheme. The same code in C would either use obscure libraries or 1000 extra lines of code.

Re:Curious how he wrote it in C#.

[t_pet422]

I don't even have a C# compiler.

Install the .NET Framework (run Windows Update). It will install one at %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe
You can compile this with csc /out:DrDRMS.exe *.cs

Re:Curious how he wrote it in C#.

[lambent]

That's the same exact thing. Those crypto functions are included in C# as either extra libraries or 1000 extra lines of code.

It's not magical, or fundamentally different in any way.

Re:Curious how he wrote it in C#.

No, the libraries are not "extra" -- it's impossible to get .NET without them. In fact .NET itself relies on the crypto stuff.

Re:Curious how he wrote it in C#.

I don't think my Slackware came with Windows Update. Where can I download it?

Re:Curious how he wrote it in C#.

[omicronish]

Install the .NET Framework (run Windows Update). It will install one at %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe You can compile this with csc /out:DrDRMS.exe *.cs

And if you're on Linux, you can download Mono and compile with mcs DeDRMS.cs.

Re:Curious how he wrote it in C#.

[solid]

I don't know about that, but I have in fact done testing and C# is slower at almost everything when compared to C/C++ and it gets really bad at the high end.

I don't know what 'benchmarks' you used to come up with that conclusion. There was a previous /. post about programming language benchmarks and the study's results are nicely tabulated.

In this study, C# came in 2nd place overall among many common programming languages, after VC++. It even destroyed gcc C in trig calculations, though, got slaughtered by gcc C's 'double' math tests.

Even with that said, the difference in speed between C# and VC++ for DeDRMS decryption on a reasonably new computer would be so small that the time taken to port the code from C# to any other language would be better spend picking you nose.

Re:Curious how he wrote it in C#.

I think mono is available from fink (or in the process of being made available).

There is also rotor from Microsoft, which is supposed to compile under MacOS X.

Re:Curious how he wrote it in C#.

[Cthefuture]

Thanks for the link. I always like to look at what other people have tried. However, I highly doubt those results. Besides, C++ still came out on top.. eh?

For one thing they don't really test anything useful as the tests are just tight loops of very basic math stuff. His C code doesn't even compile with the VC++ compiler because he's using C99 syntax (Microsoft's compiler is not C99 compliant). And even when I fixed those problems there where a lot of warnings due to questionable variable usage. The C++ version isn't even written in C++, I wonder why there are even two separate files. Not a good start and makes me seriously question this programmers abilities.

Just a quick glance at the code suggests at least the trig benchmarks are more a test of the standard math library rather than the language. C# is going to use the same version as C/C++.

His timing methods are also questionable. Using CPU time can be highly inaccurate. It's much better to use the high precision timing functions.

I will need to take a more detailed look and do some testing of my own to see if these results are valid. Off the top of my head I will say there seems to be something screwy going on because I've never seen properly written code run faster in C#. It's just not possible. C and C++ are so close to the hardware that when written properly it is near impossible to make it faster without going to assembly. The best C# can hope for is something close to C/C++, but never better.

I'll make another post if I get time to take a more detailed look but I'm not optimistic about these tests being worth anything. Try the Language Shootout (or the win32 version) benchmarks for broader benchmarks where a lot of them have actually been looked at by programmers that know what they are doing. If you know what you are doing then you might want to really try them, don't just go by the results on the pages because some of them are skewed because the run times are way too short to be meaningful.

Again, I ask you to design a vector class in C# that uses the same or less memory than C++ and performs the same or better. It's not even close to possible.

Written in C#

[sweet+cunny+muffin]

Wow. This is written in C#. I wonder if we can get .NET banned now that we can prove it's used for illegal purposes :)

Re:Written in C#

How is it pronounced? I always thought the # meant rap, as in C#

Re:Written in C#

[ryepup]

Cause banning the tool would stop it. Really.

Re:Written in C#

[mrpuffypants]

I actually like the irony of a Microsoft pushed technology being used to kill an Apple-pushed technology THEN getting GPL'd!

Re:Written in C#

[RPoet]

# is the "hash" symbol. C#, while written out as "C Hash", is pronounced "Cash", reflecting the reason Microsoft invented it.

[This notice inserted to assist the humor impaired: This post may contain attempts at humor.]

[ObKarmaProtection: "Well, this will probably send my karma to hell, but ..."]

Re:Written in C#

[ikkonoishi]

Think music notation

Thus c# = c sharp

Re:Written in C#

[satanami69]

I thought it was just a quick way to write c++++, since the # looks like four +'s in a square.

Re:Written in C#

[Lemmy+Caution]

You know, of the people I know who have for love or money had to work with C#, exactly zero of them have complaints about it. According to all accounts I've heard, it's a well-thought out language that's easy to work in.

D may be the next iteration, but let's give props where props are due.

Re:Written in C#

[shrykk]

Heheheh. Someone in UF described it as "C Shudder"

Re:Written in C#

[tempest303]

let's give props where props are due.

You mean to the Java folks, then?

buh-dum ching! Thank you, I'll be here all weekend! Try the buffet!

That said, C# does seem cool... basically Java++. Now if only MS would make a legally binding document saying they won't sue the Mono guys... :-P

Re:Written in C#

[jrockway]

I've never used C#. It's M$-sponsored, and I don't really like M$. I know that Java is less Free, but I really like the language. I feel that it's very clean and well-deisgned. The default API is also well thought out and I really enjoy using it. Just because I like Java, though, doesn't mean you have to like it :)

I also like the fact that pretty much anyone can run my program. If this weren't the case, then Windows users would be pretty much out of luck if they wanted my program. I'm not going to port it.

I'm sure C# people think the same about Mono. It's "cross-platform". "It's great that Linux users can run my program", I'm sure they think. They weren't going to port it to Linux either ;)

Oh well, when there are choices, there will be arguments about an individual's choice. It's better this way, I suppose.

Re:Written in C#

[km790816]

Unlike the reason Sun created Java, which was to increase love and understanding in the world and had nothing to do with turning a profic...and the reason IBM is pushing Linux...because they think it spawns a world of open friendship, not because they make a mountain of cash consulting.

Evil Microsoft, trying to make money. How dare they!

I can't believe these comments still get modded as funny.

DeDRMS

[gnu-generation-one]

"In practice, the goal of maximizing publication regardless of the cost to freedom is supported by widespread rhetoric which asserts that public copying is illegitimate, unfair, and intrinsically wrong. For instance, the publishers call people who copy "pirates," a smear term designed to equate sharing information with your neighbor with attacking a ship. (This smear term was formerly used by authors to describe publishers who found lawful ways to publish unauthorized editions; its modern use by the publishers is almost the reverse.) This rhetoric directly rejects the Constitutional basis for copyright, but presents itself as representing the unquestioned tradition of the American legal system.

The "pirate" rhetoric is typically accepted because it blankets the media so that few people realize that it is radical. It is effective because if copying by the public is fundamentally illegitimate, we can never object to the publishers' demand that we surrender our freedom to do so. In other words, when the public is challenged to show why publishers should not receive some additional power, the most important reason of all -- "We want to copy" -- is disqualified in advance.

This leaves no way to argue against increasing copyright power except using side issues. Hence opposition to stronger copyright powers today almost exclusively cites side issues, and never dares cite the freedom to distribute copies as a legitimate public value."

Misinterpreting Copyright

Re:DeDRMS

[moonbender]

Originally, the actual authors complained about publishers distributing their work lawfully. Nowadays, the publishers (and not the actual authors, who have sold away their copyright) complain about other people who illegaly distribute their work. Thus, it is almost the reverse.
Although I agree that your argument is correct, too - however, the legal owner isn't necessarily the rightful owner: some people will say that selling away copyrights shouldn't be possible, and certainly not rightful.

Re:DeDRMS

[Saeger]

I expect to be paid for that work or for the information, with real currency.

Then in the future you better make sure that you get paid upfront for the scarce (and sometimes NOT so scarce) WORK of creation, since you can't depend on artificial scarcity enforcement without a global police state.

If you've previously earned some goodwill/respect/whuffie, I'm much more open to funding your future efforts, and even *gasp* paying for that effort indirectly by volunteering to buy a non-scarce token copy of your OLD WORK.

--

This just in!

[mrpuffypants]

Real, Inc.'s Realplayer now natively plays back iTMS purchases! It's Magic!

Oh dear

[Realistic_Dragon]

Perhaps for his next trick he will stand outside RIAA/MPAA headquaters holding a 6 foot neon sign that says SUE ME AGAIN!

I hope that eventually someone incorporates this code into a iTunes client for Linux, as it would be nice to be able to buy music from iTMS but I have no desire to buy a Mac.

Re:Oh dear

[spektr]

Perhaps for his next trick he will stand outside RIAA/MPAA headquaters holding a 6 foot neon sign that says SUE ME AGAIN!

The RIAA manager will recognize him as a loyal customer and give him a friendly nod before he goes to work...

Looks like his webserver was written in C#!

[TheBurningDog]

seriously however... anybody have a mirror of the code?

Re:Looks like his webserver was written in C#!

I was fortunate enough to load the page during the 1 minute that the server stayed up.

Now let's see how long my little mirror stays up!

http://fire.prohosting.com/xonerate/dedrms.txt

Re:Looks like his webserver was written in C#!

Stupid junk filter doesn't let me post this. Why oh why? Code after filler...

In the beginning God created the heaven and the earth.
2 And the earth was without form, and void; and darkness was upon the face of the deep. And the Spirit of God moved upon the face of the waters.
3 And God said, Let there be light: and there was light.
4 And God saw the light, that it was good: and God divided the light from the darkness.
5 And God called the light Day, and the darkness he called Night. And the evening and the morning were the first day.
6 And God said, Let there be a firmament in the midst of the waters, and let it divide the waters from the waters.
7 And God made the firmament, and divided the waters which were under the firmament from the waters which were above the firmament: and it was so.
8 And God called the firmament Heaven. And the evening and the morning were the second day.
9 And God said, Let the waters under the heaven be gathered together unto one place, and let the dry land appear: and it was so.
10 And God called the dry land Earth; and the gathering together of the waters called he Seas: and God saw that it was good.
11 And God said, Let the earth bring forth grass, the herb yielding seed, and the fruit tree yielding fruit after his kind, whose seed is in itself, upon the earth: and it was so.
12 And the earth brought forth grass, and herb yielding seed after his kind, and the tree yielding fruit, whose seed was in itself, after his kind: and God saw that it was good.
13 And the evening and the morning were the third day.
14 And God said, Let there be lights in the firmament of the heaven to divide the day from the night; and let them be for signs, and for seasons, and for days, and years:
15 And let them be for lights in the firmament of the heaven to give light upon the earth: and it was so.
16 And God made two great lights; the greater light to rule the day, and the lesser light to rule the night: he made the stars also.
17 And God set them in the firmament of the heaven to give light upon the earth,
18 And to rule over the day and over the night, and to divide the light from the darkness: and God saw that it was good.
19 And the evening and the morning were the fourth day.
20 And God said, Let the waters bring forth abundantly the moving creature that hath life, and fowl that may fly above the earth in the open firmament of heaven.
21 And God created great whales, and every living creature that moveth, which the waters brought forth abundantly, after their kind, and every winged fowl after his kind: and God saw that it was good.
22 And God blessed them, saying, Be fruitful, and multiply, and fill the waters in the seas, and let fowl multiply in the earth.
23 And the evening and the morning were the fifth day.
24 And God said, Let the earth bring forth the living creature after his kind, cattle, and creeping thing, and beast of the earth after his kind: and it was so.
25 And God made the beast of the earth after his kind, and cattle after their kind, and every thing that creepeth upon the earth after his kind: and God saw that it was good.
26 And God said, Let us make man in our image, after our likeness: and let them have dominion over the fish of the sea, and over the fowl of the air, and over the cattle, and over all the earth, and over every creeping thing that creepeth upon the earth.
27 So God created man in his own image, in the image of God created he him; male and female created he them.
28 And God blessed them, and God said unto them, Be fruitful, and multiply, and replenish the earth, and subdue it: and have dominion over the fish of the sea, and over the fowl of the air, and over every living thing that moveth upon the earth.
29 And God said, Behold, I have given you every herb bearing seed, which is upon the face of all the earth, and every tree, in the which is the fruit of a tree yielding seed; to you it shall be for meat.
30 And to every beast of the earth, and

T-shirts anyone?

[Big+Nothing]

Lawsuits anyone?

Source code, ideas, communication

[JoshuaDFranklin]

I am sure this will trigger another round of lawsuits, hopefully with the net effect of more education of the public and legal community as to the nature of source code as speech (that is, a method of communication).

This code shows with more simplicity than ever before how the FairPlay DRM scheme works. This can be used by programmers to add support for applications (i.e., GStreamer) to play encrypted files with a key produced from an iTunes username/password. It can be used by researchers to see any weaknesses in FairPlay and develop better methods. Unfortunately it can also be used by those who want to destroy the iTunes Music Service.

Interestingly, I believe the ideas could also be used to create files encrypted with a particular iTunes login, though perhaps I'm misunderstanding the scheme.

Re:Source code, ideas, communication

[Deraj+DeZine]

it can also be used by those who want to destroy the iTunes Music Service.

eg. Microsoft.

DeDRMS?

[capz+loc]

What does DVD-Jon have against Dr. Richard M. Stallman? Is this the utility that reverses changes made by RMS-Lint?

Re:Ummm....wow

[isny]

I could do it in one really long line of C. Without comments.

Host it on Freenet?

Let's host this program on Freenet, it is a project that make's the best use for what Freenet was made for.

Re:Host it on Freenet?

[RPoet]

You know, instead of saying "we" should do it, you could have just done it. It's very easy. So I did it for you.

CHK@XTn8vik~xxqsIJzLcDFUlPQqrw4NAwI,griuDFoqruNU 09 1-2Qj8Ew/DeDRMS.cs

(Watch out for the space inserted by the slashdot code, remove it)

Dilbert has something to say on this very subject:

[Realistic_Dragon]

http://dilbert.com/comics/dilbert/archive/images/d ilbert2004042261455.jpg

A somewhat odd view... does anyone know which big music firm United Media (the Dilbert owners) is affiliated with?

blah

For the junk filer:
jhsvjklhajskdvhakjsdhvalkjsdhkajdhfasd hsfvhasdhvf asdf asdf asdf asdf sdf asdhvashdvasdf asdf asd sdf coipx vxjzlk sdhvaasd fasd fadfg fiobvxcoizv jcxoixz jxzc sdhvaf cmdrtaco sucks akljdkls asd asd fvx sdhvas gh hh hhf dd sdf sf sd
hdvash jk k fgh jgdvvcbbn cv c dhvc c vb fg hdrghdfg fg dg df g dsf
ashdva sdfgsgewrr benrtnrt er er revr dv shdva aioajdoi jfasdioj v;xjf kldasjkl;vasj sdhva sjkdfsdkvn alkn lkan alksnsdflk nsfnvlad dhvahsdva aisovaiouvoivoiua ioua auao iuasi us shdva asivoa jvhbusa ui hiuahsiuhfsa ha ahsdjkfahkdj lfhalksjdfhalk askjda
vhasdvhasdjhvaksjdhva a kjas lkjdakljf svhasdhvaskjhvlaskjdvhas a kljs djklakslj af
asvhajkshvjkshas dhasdjvkhasdv akjdfjadf asds s d fsd fsad fads asdfas asdf asdf sdfs vxcvxcvzxcvx ss dfsdxvc dfa bioub oiu zklxcvx nsm,m,fns,m
sdfas ikj oixj movnxmcvnxcvo sdoifjs dfsddafgdfg kamlxcvbjio zkcnvzlk nxclk xcivx as df sdf asdf asd vi xoizjvzcvn socso s asd addfsdfahtgh fghdfgh df gd d

using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;

class M4PStream
{
private Rijndael alg;

private BinaryReader br;
private BinaryWriter bw;
private byte [] sbuffer;

private string AtomDRMS = "drms";
private string AtomMP4A = "mp4a";
private string AtomSINF = "sinf";
private string AtomUSER = "user";
private string AtomKEY = "key ";
private string AtomIVIV = "iviv";
private string AtomNAME = "name";
private string AtomPRIV = "priv";
private string AtomSTSZ = "stsz";
private string AtomMDAT = "mdat";

public M4PStream( FileStream fs )
{
br = new BinaryReader( fs );
bw = new BinaryWriter( fs );
sbuffer = br.ReadBytes( Convert.ToInt32( fs.Length ) );

alg = Rijndael.Create();
alg.Mode = CipherMode.CBC;
alg.Padding = PaddingMode.None;
}

byte [] NetToHost( byte [] Input, int Pos, int Count )
{
if( BitConverter.IsLittleEndian )
{
for( int i = 0; i < Count; i++ )
{
Array.Reverse( Input, Pos + (i * 4), 4 );
}
}

return Input;
}

int GetAtomPos( string Atom )
{
byte [] Bytes = Encoding.ASCII.GetBytes( Atom );

for( int i = 0; i < (sbuffer.Length - 3); i++ )
{
if( sbuffer[ i + 0 ] == Bytes[ 0 ] &&
sbuffer[ i + 1 ] == Bytes[ 1 ] &&
sbuffer[ i + 2 ] == Bytes[ 2 ] &&
sbuffer[ i + 3 ] == Bytes[ 3 ] )
{
return i;
}
}

throw new Exception( String.Format( "Atom '{0}' not found", Atom ) );
}

uint GetAtomSize( int Pos )
{
byte [] Bytes = new byte[ 4 ];
Buffer.BlockCopy( sbuffer, Pos - 4, Bytes, 0, 4 );
return BitConverter.ToUInt32( NetToHost( Bytes, 0, 1 ), 0 );
}

byte [] GetAtomData( int Pos, bool bNetToHost )
{
uint Size;
byte [] Bytes;

Size = GetAtomSize( Pos );
Bytes = new byte[ Size - 8 ];
Buffer.BlockCopy( sbuffer, Pos + 4, Bytes, 0, Bytes.Length );

return bNetToHost ? NetToHost( Bytes, 0, Bytes.Length / 4 ) : Bytes;
}

public void Decrypt( byte [] CipherText, int Offset, int Count,
byte [] Key, byte [] IV )
{
MemoryStream ms = new MemoryStream();

ICryptoTransform ct = alg.CreateDecryptor( Key, IV );
CryptoStream cs = new CryptoStream( ms, ct, CryptoStreamMode.Write );
cs.Write( CipherText, Offset, (Count / 16) * 16 );
cs.Close();

ms.ToArray().CopyTo( CipherText, Offset );
}

public byte [] GetUserKey( uint UserID, uint KeyID )
{
byte [] UserKey;
BinaryReader bruk;

string strHome =
Environment.GetFolderPath( Environment.SpecialFolder.ApplicationData );
bool bUnix = Environment.OSVersion.ToString().IndexOf( "Unix" ) != -1;
string strFile = String.Format( "{0}{1}{

Re:blah

[Geoffreyerffoeg]

You forgot an important part, which may have also gotten you past the lameness filter:

/*****
* DeDRMS.cs: DeDRMS 0.1
****
* Copyright (C) 2004 Jon Lech Johansen <jon-vl@nanocrew.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public license as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
****/

nothing to see here folks:

[ejaw5]

Drms = ~0.707(D)

Re:nothing to see here folks:

[base3]

Therefore: D=sqrt((Integ -inf -> inf [D^2])/(2*inf)) ;)

But that would make a lousy filename in just about any operating system :).

What will the Dairy Farmers Think?

[andersen]

What will the dairy farmers of the world think when they discover their Dairy Records Management System has been compromised? I will never drink milk ever again!!!

I'm obviously not understanding something here..

[Sarth]

DVD Jon, of obvious fame, is hailed as a hero for letting your average Joe (or Jon), go out to their local store, and buy a DVD and play it on their linux boxen, right?

I can sorta understand that, as far as I know, DVDs don't state at the time of purchase that you have to have X or Y, just that you have to have the disc. Fine.

So, when you buy something from the iTMS, it STATES that you have to have X or Y. It clearly states the restrictions that you agree to. This is not a hard concept, so why is it felt that a technological solution is required to 'fix' it?

Something that just struck me... DVD Jon isn't in the Americas, but iTMS isn't selling to those outside (maybe Canada, I'd have to check). So ... what part of this equation am I missing?

Inevitable

[ajs318]

If you attempt the impossible -- and make no mistake, copy-prevention is physically impossible, not just difficult -- then you will fail. You might be able to fool people into thinking you have succeeded, for a short while; but, sooner or later, your lies will catch up with you. All copy-prevention technology is pure snake oil, and can never work. It will always be defeated. Once a single CPT-free version has been created, then every penny anyone ever invested in that particular copy-prevention technology is wasted.

Re:Dilbert has something to say on this very subje

[CylanR77]

Who says that "Dilbert" has sold out? You? Just because the strip portrays a view of downloading content that you find disagreeable, doesn't mean that the RIAA's got Scott Adams in their pocket.

It could just be that the man believes that you ought to pay for what you use for entertainment, if the creator of that entertainment wants payment.

Re:Ummm....wow

[RPoet]

I didn't expect it to be written in C#.

NOBODY expects it to be written in C#!! Its chief weapon is surprise ... surprise and fear ... fear and surprise ... Its two weapons are fear and surprise ... and ruthless efficiency ... Its three weapons are fear, surprise, and ruthless efficiency ... and an almost fanatical devotion to Redmond ... Its four ... no ... Amongst its weapons ... Amongst its weaponry ... are such elements as fear, surprise ... I'll try posting some other time.

pretty cool...

[cybin]

this is pretty cool, and a technical achievement... but why bother stripping the DRM from your m4p files? just make a functional iTunes clone that doesn't care about the DRM :)

or maybe i'm wrong... is it up to the player software to enforce the DRM? i thought i read somewhere that the iPod just ignores it...

Re:pretty cool...

[The+Fanta+Menace]

Maybe if Apple had made an iTunes for Linux, it might have been a while longer before things like this popped up. Look at Real: it took several years before anyone bothered making another player for their files on Linux, since they already provided one.

Speaking of which, did anyone actually reverse engineer Real's format, or does mplayer just use their shared libraries?

Re:pretty cool...

[TravisWatkins]

No, it's not up to the player to enforce the DRM. When you purchase a song from iTunes you are given the DRM'ed file, an md5 hash of the file, and two keys. Not sure what the other key is for, but one is the encryption key. You put that with the song and you get a DRM free song. Thats exactly what this does. PS - Reverse engineering the iTMS is fun!

Re:Dilbert has something to say on this very subje

[the_mad_poster]

You know, I saw that this morning, and I thought it was actually a pretty good wrap up (well, for what a comic can do anyway) of several of the main positions in the debate.

First, there are all the people who go snag copies of music because they're too a) lazy, b) stupid, c) cheap, or d) all of the above to either go buy a copy or just not buy it at all (don't give me shit: you think it costs too much or has too much filler, blah blah blah... don't buy the fucking thing, don't be a little baby about it). Then, there's the theiving nature of all the execs in the industry ripping off the artists. There's also the problem of overproduction, and the mentality of major artists that they have to make money but no, no... they're still doing it for the art.. really.

I thought it was a very good bit of satire, all around.

Neat

[dtfinch]

The code looks so simple, as though .Net did all the work for him. Does this make .Net illegal under the DMCA?

Re:I'm obviously not understanding something here.

I think that basically what you're missing is that 'they' can't tell you what you can and can't do with their products after you purchase them.

Replace 'they' with any manufacturer.

I could buy an apple that said "not for use as food." And I could then proceed to eat that apple - they have no say in what I do with it. If, for some reason, I should injure myself by eating that apple, they warned me and wouldn't be held liable. That's it. Laws come into play when I throw that apple and kill someone with it. Or try to sell it, claiming it is a pair.

Now, the argument here is that it is illegal to decrypt the 'protections' a company puts on their music. And it is here where it gets smelly realy, really quickly.

Sure, it might be the law, but it is written to be a pretty shitty law. (DMCA, etc). No, that's not an excuse to break the law, but it is one to cause sympathy for someone who does. There are very legitimate reasons for breaking the DRM on these files. There are also very illegitimate ones. Piracy comes to mind. You know, real piracy. Not some 14 year old girl that wants to give her friend some songs, but the people who mass produce and sell these songs on the black market.

The black market being, by the way, about every outdoor market I've been to in Asia or South America.

And you're right. DVD Jon shouldn't fall under any US laws. But the RIAA et al. will surely find a way to change that. Bastards.

Re:I'm obviously not understanding something here.

[Slack3r78]

I don't see the point you're trying to make. DVDs may not explicitly state that you have to do X or Y, but with CSS encryption combined with the DMCA, they might as well.

I think DVD Jon's being totally consistent here - if you pay to listen/watch/whatever something, you should have the right to do so on whatever platform or medium you choose, and not be limited by some artificial restriction imposed on you by the media companies.

So now people with Linux boxes can play their legit iTMS songs on their Linux boxes. Personally, I'm not bothered by this. There are other, easier ways for people to pirate music if they really have their heart set to it, so opening up a way for people to use something they've paid for in a way they see fit, while it may technically violate the license, is nothing I see worth getting up in arms over.

Let me get this straight...

[asscroft]

This same guy wrote DeCSS, FairPlay and DeCRMS....

wow. what a brilliant ballsy sun of a bitch.

Slashdotted... Here's a mirror of the code

[sailor420]

http://hrothgar.mine.nu/dedrms.txt

A temporary mirror to the code. It wont be up more than a week, so dont bookmark it.

Re:C#, Mono, and making it do something

I can't really help you with the problems with installing the mono client... but this is what I did (with my win2k box)

www.go-mono.com -> c# compiler -> downloads page

get the file mono-0.31-win32-1.exe

run it, click okay a couple times...

get a copy of the code....

mcs DeDRMS.cs

and you have an exe that's command-driven.

command is : DeDrms.exe myfile.m4p

The above post contains no code.

[MillionthMonkey]

I might expose myself to legal liability under the DMCA if I were to use my +2 karma bonus to publicly point out that a copy of the DeDRMS code may be found buried in the parent AC post (currently at 0, and NOT posted by myself) that I am replying to. The DMCA would expressly forbid such a reply informing others of the existence of such a post.

Therefore, I wish to state emphatically that the parent contains no C# whatsoever and should not be moderated up as Informative, cut, pasted, compiled, or disseminated.

Re:The above post contains no code.

[MillionthMonkey]

If pointers to info are 'illegal' (*cough*2600*cough), then I would also like to state that you cannot buy weed at the park. If pointers to pointers are safe, then I would like to say that it's safe to dereference my friend Joey for the same pointer to the park.

Ah, but if you recall, 2600 was enjoined by the court from providing hypertext links to DeCSS, although they were still allowed to publish the URLs themselves because of First Amendment concerns. (You had to cut and paste them into the address field yourself- no HREFs.)

I, on the other hand, can't get rid of the hypertext link underneath my post that says "Parent".

Re:Dilbert has something to say on this very subje

[damiangerous]

Exactly. There was a strip along the same lines a while back. Wally said something like "everything should be available free on the internet and creators should make their money from tips." Someone, I don't remember who, replied, "Great idea, we should try that with engineers."

Get it now

[Nom+du+Keyboard]

Remember W.A.S.T.E.
Remember PlayFair
Remember the bitTorrent sites

If you want it, get it now.

Interesting how this news comes out on a Sunday, when the lawyers should all be out at play.

Why do you need speed for a cracking Util?

[autopr0n]

I mean, really. Why do you need much speed in anything other then a 3d game or some high-end server stuff that's going to be running constantly (like a web server or database).

Not to mention C isn't much faster then C# and java for most tasks these days.

Re:Why do you need speed for a cracking Util?

I mean, really. Why do you need much speed in anything other then a 3d game or some high-end server stuff that's going to be running constantly (like a web server or database).

It's specifically this kind of attitude that makes me have to run a 3ghz pentium4 overclocked with 2 gigs of ram... just to run a word processor. Programming has gotten SO lazy these days. Just imagine if most code was ASM optimized just how BLAZING fast your systems would really be. But no. I like waiting.

Re:Why do you need speed for a cracking Util?

Just imagine how much our software would would actually do if everyone wrote in hand optimized ASM. Say goodbye to handy things like instant messaging and video players - we'd still be trying to get basic email clients and such to work. Sorry, but programmer time is much more valuable than a few bucks for hardware upgrades.

Re:Why do you need speed for a cracking Util?

[GnuVince]

Fast is not always good. There are applications you can upgrade, add code, etc. while it's running! The reason why we use so-called slower languages (because languages aren't slow per-se; implementations are fast or slow) is because they often allow us to do much more complex things much more easily. Try to code a regular expression in Assembly, you're still gonna be at it in 2 years. Computers evolve and we now demand more from them, and if it costs a little CPU time, well so be it.

And if you're so smart and good and not lazy, go ahead and write the Assembly version of this program. Now, make sure it can work on all platforms you can get .NET or Mono on (this means Windows, Linux, Mac, Sparcs, x86s, motorollas, alphas, etc.), otherwise it's not as useful.

If you want someone that seems to agree with you, read recent interviews of Chuck Moore. Even the guy who wrote C doesn't use it anymore; Dennis Ritchie uses Aleph.

Re:Why do you need speed for a cracking Util?

[Doppler00]

Wrong! If everything was written in asmembly the resulting code would be such a mess, it's likely that it would run several magnitudes slower than something written in Java. 99% of the time, slowdowns are a result of poor algorithms, NOT compiler types.

DeDMCA

[Esion+Modnar]

Now that would be even way cooler than DeDRMS. Followed by DeRIAA, DeMPAA, and DeSCO.

Would pay money for all of those.

Not really a cracking tool...

[ThePyro]

This tool seems to require that you already have your key stored in a file somewhere. This code just uses that key along with .NET's built-in cryptographic services to decrypt the data and write it back to the file. Seems like getting your hands on the key in the first place would be the hard part...

Re:Not really a cracking tool...

[Chester+K]

This code just uses that key along with .NET's built-in cryptographic services to decrypt the data and write it back to the file. Seems like getting your hands on the key in the first place would be the hard part...

VLC will extract your user key and save it into your home directory when you use it to try to play a FairPlay-protected file from an authorized system.

Re:C#, Mono, and making it do something

[cduffy]

Re installing Mono on Linux, you might do well to use the GARNOME packages; that way, you're building everything from source to be installed under its own prefix, and thus avoiding dependency hell.

CODE MIRROR HERE

[blixel]

Enjoy

SharpDevelop

[renelicious]

This is a little offtopic, but since its written in C#, for those of you what don't have Visual Studio and don't want to mess with the command line tools (or don't have Mono on Linux) SharpDevelop is a great C# development product. Its GPL. Again a little of topic, but its always good to pimp your favorite software.

Yes, there's also a Linux version.

If Apple were smart...

[goMac2500]

They'd make iTunes work under WINE. As a side note I am sick and tired of people complaining that Apple does not let iTunes Music Store songs work under other media players. They do. Any media player can play iTunes Store music using the QuickTime API. All you have to do is write a plugin to interface with QuickTime. I wrote a QuickTime based media player a few years ago. Guess what? I started it up today and it played iTunes Music Store songs just fine. NO modifications. Its my own media player, yet it plays DRM'd music fine, no special un-DRMing.

Inevitable? So what? Who cares?

[werdna]

make no mistake, copy-prevention is physically impossible, not just difficult

This is like observing that perfect algorithmic encryption, other than a one-time pad is impossible. So what? Who cares? Of course, I can't create a lock-and-key on my house that will keep all thieves out, all the time. So what? Who cares?

Whether or not my door can be physically manufactured to bar you forever from entry, makes it not one whit more legal for you to do so. All locks are rated, not in terms of their binary perfection, but rather in terms of the time and cost to defeat them. So what? Who cares?

You might be able to fool people into thinking you have succeeded, for a short while; but, sooner or later, your lies will catch up with you.

I suppose there are folks who are naive to think they live behind perfect locks. So what? Who cares? Where is the lie? What does it matter that technological solutions can be defeated? They are helpful, and substantially helpful to keep generally honest people honest, and stupid people (who represent most users) out. Smarter, less honest people, can of course get in any time. So what? Who cares?

For those smarter, less honest people, we have laws. Some will be smart enough to circumvent all of them and go free. Most will not.

Security is not a question of binary perfection. It is a question of doing as well as you may. Likewise with digital rights management.

There has always been piracy of musical content. Always. Some good, some bad. So what, who cares?

Just like DeCSS, playfair will be available to the less honest, smarter of us, or rebuilt by those who understand how it works. Those who think that this fact is useful have missed the point. These facts do not help our cause. To the contrary, it only helps those who insist that technology regulation, such as DMCA is required, and prevents the repeal of very bad laws.

Darn, I wish the smarter and less honest of us were just a little bit smarter about the ways of the world. For the smarter, honorable and ideologically motivated of us, such as Mr. J., we should excoriate, not praise, this sort of thing.

Our problem is that our arguments prove too much -- we demonstrate the "necessity" of the DMCAs, certainly to the satisfaction of the governments who will enforce them. The problem is NOT that there exists DRM, the problem is that the DRM is implemented and legally enforced in a manner that limits the scope of good new technology. It is that problem that WE, the technologists will have to solve -- hard or impossible it may be -- because the RIAA and MPAA certainly have no incentive to do so.

Re:Nice achivement, and in python, but..

[arcanumas]

NO, wait untill he shows up in court.

Judge: You again!?
Jon: Uhm, yeah.. sorry...
Judge: I guess the DVD people just won't leave you alone..
Jon: No, it's Apple's DRM now.
Judge: Damn you kid!!

What this does

[EvilGrin666]

For those of you that don't know. It removes the protection from a .m4p file (Downloaded with iTunes) . So basically you end up with a Vanilla AAC file.

Re:What this does

[Jon+Abbott]

So basically you end up with a Vanilla AAC file.

As long as I don't end up with a Vanilla Ice file, I'll be fine.

Trouble installing .NET Framework

[Ziktar]

Where's the RPM for "Windows Update" again?

Re:Trouble installing .NET Framework

[wasabii]

www.go-mono.com

Let me tell you about my tent.

[Weaselmancer]

Reminds me of a story. Let me tell you about my tent.

I like going to SCA events. While we're there, we camp. And that means having all of our expensive gear in our tents, all our food, and our booze. Some of our gear can run in the thousands of dollars.

At my favorite event, we camp near the edge of the camp. And idiots from the local village sneak over the fence and rip us off every so often.

So I made a tent with a locking door. I built a yurt, and built into the frame a full sized, 1/2" thick, wood and iron reinforced door. With a working brass good-enough-for-your-house lock.

And while camping one year, a neighbor made fun of me for my efforts. "There's no way that would keep a determined criminal out," he said. It was still a canvas tent, albeit with a wood lattice frame. You could cut a hole through the canvas and break the lattices, easy. The door was too thin, you could kick it down. The lock could be defeated.

And I explained to him that the point was not to be burglar proof, just more burglar resistant than my neighbors.

At that moment, he was enlightened.

Weaselmancer

This is how to compile it for FREE

[$exyNerdie]

Follow the steps to compile and run it:
(1) Get the source code (at your own risk) and save it as DeDRMS.cs
(2) Download and Install the NET Framework SDK for FREE (reqiures Windows 2000, Windows Server 2003 or Windows XP).
(3) Use the included compiler csc.exe to compile the source code into executable code. Use this on command line (dos prompt) C:>csc DeDRMS.cs OR C:>csc.exe DeDRMS.cs
(4) It will create DeDRMS.exe in the same folder where you saved DeDRMS.cs.
(5) Profit or Jail??

Or for those of you on a Linux box

[dethl]

1. Get and compile Mono (emerge mono for those of you with Gentoo). 2. In the command line, type: mcs DeDRMS.cs 3. Then type: mono DeDRMS.exe There ya go!

Re:Or for those of you on a Linux box

[GiMP]

Or with debian:

apt-get install mono binfmt-support
mcs DeDRMS.cs ./DeDRMS.exe

Binary available here!

Compiled Binary for Windows 2000/NT/XP
http://userwww.sfsu.edu/~astern/DeDRMS .exe
7.00 KB

C# Source
http://userwww.sfsu.edu/~astern/DeDRMS.cs
7.21 KB

Andrew
astern at s f s u dot edu

Why C# can outperform C/C++

[ca1v1n]

Remember that research that found that emulating the underlying hardware with a sufficiently intelligent userland dynamic profiler was usually faster than running directly on the underlying hardware? The dynamic profiler can optimize like no compiler will ever be able to do with static analysis. It's a similar principle to what Transmeta does with their x86 emulation. Modern Just-In-Time Compilers use dynamic profiling to accelerate things, and they're getting quite good. It's certainly quite possible to design a C# vector class that's both more memory and processor efficient in most cases than C++. Here's how:

1) Record in the virtual machine/JIT every time a vector gets resized.
2) Based on the pattern of resizing, speculatively allocate for new vectors/resizes as much memory as they'll ever need, or at least as much as they'll need any time soon.
3) When you guess wrong about a speculative allocation, adjust your speculation.

C++ doubles the amount of space allocated for a vector (or queue, or list, or stack, or dequeue, or binary heap, etc) whenever a resize exceeds the amount already allocated, unless you know enough to tell it to do otherwise. This keeps the amortized cost of increasing size by one constant. C++ doesn't benefit from profiling like C# does because there's no virtual machine that can change what binary code is actually sent to the processor. You could hack vector profiling together yourself, but it would be slow. Of course, this doesn't really help C# if you're never resizing your vectors, but that doesn't mean C# can't do better than C, even if C++ will have it beat. If you've ever done much benchmarking of the C++ STL, you know that it's usually faster than otherwise identical code written with arrays, which shouldn't be possible, since the array access code can be done fairly easily in assembly without virtual function table lookups and such, but nonetheless is quite real.

The trick to this whole scheme is doing the speculation quickly and accurately. We may not be to the point yet where JIT code reliably outperforms statically compiled code in less space, but there are an army of extraordinarily intelligent grad students out there writing dissertations on the topic, and I assure you they'll make it happen.

Re:Why C# can outperform C/C++

[Cthefuture]

It's certainly quite possible to design a C# vector class that's both more memory and processor efficient in most cases than C++. Here's how:

You mean you've implemented this in C#? Or are you saying what you could do?

Sorry but there's no way to do it in the current C# implementation. You can't even get access to the memory allocators. There is no C# data structure that can tightly pack data in memory while still being dynamic. The best you can do is an array of struct's which is about as efficient as C/C++ but is absolutely not dynamic without causing a ton of overhead (eg. there is no realloc in C#).

If you can do it in C# then show me some code.

C++ doubles the amount of space allocated for a vector (or queue, or list, or stack, or dequeue, or binary heap, etc) whenever a resize exceeds the amount already allocated, unless you know enough to tell it to do otherwise.

You're talking about the default vector allocator. STL is extremely dynamic, you do not have to use to the default allocator if you don't want you. You can be extremely flexible here for whatever you need and design anything you want.

If you've ever done much benchmarking of the C++ STL, you know that it's usually faster than otherwise identical code written with arrays, which shouldn't be possible, since the array access code can be done fairly easily in assembly without virtual function table lookups and such, but nonetheless is quite real.

Actually, I have, and you're wrong. So me an example and I'll show you why your array code is slower than the C++ version.

Virtual function lookups?! Do you even know how the STL is designed or how C++ works? Now I'm not sure why I bothered with the rest of what I wrote above.

You're naive

[achurch]

By saying Apple's DRM is good, you're falling right into the content companies' "trap" (scare quotes because I'm not convinced it was intentional, though the result is still the same). This is the same way many bad laws get passed: proponents of the bad law propose a law that's several times worse, wait for the backlash, then "fall back" to what they wanted to push through in the first place--and most people will agree that it's an improvement and let it go.

Distribution of copyrighted material is already illegal. DRM can always be circumvented. People will probably be willing to pay reasonable prices for songs online if they're guaranteed quality and the freedom to do what they want with the file, though I'll grant that payment methods are still a mostly unresolved issue. Hence there's no need for DRM, and even DRM as "fair" as Apple's is an improper infringement on users' rights. (Unless you believe content really belongs to the creators rather than to the culture--but that's not the stance the Framers took.)

I'm reminded of an old saying I heard about negotiation tactics: "If you want Australia, ask for the world and give away five continents."

Re:You're naive

[acamas]

I doubt, that there will ever be music without DRM legally available. File sharing makes it in my opinion too "dangerous" for the music industry. Maybe (and I hope that, too) we'll see something like free or "donation music" (in a greater amount than today), but the majority of successfull songs will probably simply stay paid.

This procedure you're talking about, where a bad law gets passed because a worse one was proposed is in my opinion simply called "compromise" and hence something very important in politics. The fact, that there could be a "worse" DRM comes from the music industry. The users (me too!) don't want any DRM. In this situation, there would be no legal digital music available.

But having FairPlay there's a compromise: The majority of users (obviously not the people here, but millions of songs have been sold up to now) and the majority of music labels/artists (e.g. not Metallica) are content (not glad) with it. And at least it works.

Sorry, but saying, that copyrighted material is illegal is not correct (at least not for Germany). Is there a law prohibiting copyright? The only thing we have in Germany is the users' right to make a backup copy. This is possible with FairPlay.

Just to make my point clear: I'm not at all a friend of DRM. I'm glad about DeCSS to watch movies using linux. I patched my DVD drive to free it from its region code restrictions. But regarding FairPlay: if you think, that it's not the best solution, it's in my opinion still a step to the right direction! Noone stops you implementing a fairer solution, if you can manage to bring the users and the music industry together. But please do not torpedo this first step.

What a load of tosh.

[jotaeleemeese]

Computer code is the way we request that a computer performs a task.

We don't do it in plain English (or Spanish, Russian, Mongolian or whatever) because we lack the technology (still) to do so.

If in the future it is possible to program a computer or any other machine with a normal conversation then how the hell are all the ridiculous copyright and patent laws are going to be applied?

As things stand computer languages are a necessary nuisance to allow people express in a succint and understandable manner their own ideas about how ro solve problems.

This is perhaps one of the purest forms of speech, which should be mantained unecumbered of patents and covered by fair copyright laws.

What worries me most

[BlackHawk-666]

is that over the course of my natural life I will have more than 3 PCs, and this technology is only licensing me to have it on 3 PCs. That means that some 6-9 years down the line (I change PC every 2-3 years) I will have used my DRM encrusted music on all 3 PC's that I am licensed to use and will need some way to authenticate it to the next one.

Now, project yourself forward 20 years. Will these same profit chasing record companies be willing to provide infrastructure to allow you to move your DRM encrusted music from PC to PC throughout the rest of your exepcted life, and that of your descendants who will inhereit this media? Sure, they'll be happily putting out more music, but are they protecting your previous investments? In the year 2039 when I should be just about ready to breathe my last breathe will I be able to hear all my old favorite albums or will I cark it listening to gangster rap on the radio because my rightfully paid for music isn't authorised for use on my new funky media player.

This DRM stuff is OK for playing todays tunes, but I worry about the longevity of the media.