Slashdot Mirror
Napster Has Been Cracked
Sabathius writes "Users have found a way to skirt copy protection on Napster Inc's portable music subscription service just days after its high-profile launch, potentially letting them make CDs with hundreds of thousands of songs for free...""
So long as the audio comes out speakers at some point you will always be able to grab the analog signal and re-encode it to whatever format you want... this isn't some breakthrough... It's called recording the analog output...
---
Programming is like sex... Make one mistake and support it the rest of your life.
Oh this has been explained for a while: http://marv.kordix.com/archives/000400.html
All that is happening is that people are grabbing the actual output of the song, and dropping it into a wav file. This will ALWAYS happen with any kind of copy protection. If you let users actually hear (music) or see (movies/tv) the content, there will always be a way to get it. At the absolute worst, people can just set up a tape recorder and grab it from that.
Regardless, the point is that it is STILL ILLEGAL to abuse. Until you can get people to stop breaking the law voluntarily (via fair pricing and good business practices), all media/content companies will have to keep playing this game. What they need to realize is that they are always going to lose.
"The DRM (digital rights management) is intact. Basically, people are just recording off a sound card. This is nothing new and people could do this with any legitimate service if they want to use a sound card," she said.
"This kind of attack has been around for a long time and it's just because of our higher profile that it has sparked such interest," she said.
But isn't this the point? All it takes a little software tool and suddenly everyone can do it. You can't just "ignore" attacks - because the attackers certainly wont.
Simon.
Sticking something on the output of the media player that saves a copy of the bits is not a crack.
To be fair, this is a far more crude hack than Hymn.
Hymn (the iTunes DRM remover) keeps the encoded data encoded, simply removes the copy protection, wheras this takes the decompressed audio, writes it as a wav file to the disk. As a result, if you want to encode it to save space, say, WMA, or ogg or MP3, you're losing more information (I suppose you could also go with FLAC, but that's a lot of space for a mediocre bitrate WMA version anyway).
All in all, I'd say wait for a better way of bypassing the DRM before you hog up to the Napster smorgasboard.
"If we let things terrify us, life will not be worth living."
- Seneca
Isn't this just a plugin to WinAmp the grabs the output stream from napsters software going to the sound card and "records" it? As far as I can tell you would still have to manually name/tag the files unless your happy with generic names. Also, a five minute song will take five minutes to capture. OPh and it captures as an uncompressed wav so you would need to convert it to your prefered format.
So what's the point? The main thing of Napster is that you can legally download songs off the internet. Circumventing copyright protection schemes is illegal, at least here in Finland. So why not download the songs illegally in the first place? Of course there's the RIAA-factor but if you don't share, is there a problem as getting caught propably isn't that likely.
I've never heard of anyone actually using Napster.
Do such people really exist?
I see this as a matter of time. Sure - I could route the stuff through Winamp - but is that worth my $15 a month? The reason I'd pay to download music (apart from supporting artists, etc) is to save time. I could download it from Kazaa - but with all the polluted files - I'd just as soon pay my $1 a song or $15 a month or whatever and save myself the effort of sorting through the files.
good administration (remember the "A" in "MBA"?) requires understanding how to meld the ideal (scamming --er-- making lots of money from your suckers --er-- clients/consumers) w/ the real (in this context, the fact that digital anything is infinitely reproducible w/ infinitessimal cost).
when you forget that and start thinking that the "M" stands for "marketing", you lose. your loss may be immediate or it may be drawn out, but in the end that is not where you want to be. sure, a few years in $lopping it up in the trough before it all goes to shit is a worthy aspiration -- if that's what you believe, fine.
if technical people (those more rooted in reality than you) tell you it's not going to fly, do everyone a favor and listen to them. maybe you will stop being such pompous jackasses w/ a little practice.
..."we're powerless to stop it".
Don't think it isn't being worked on, just not by Napster. You can read more about Secure Audio Path here. Of course, the next step is a simple loopback-cable to another sound card (your input will be disabled while doing secure playback). The next step is to add a broadcast flag to the signal, only to have people circumvent it. Then they'll go for Secure Digital speakers. Then people will record with a high-fidelity microphone. And some time after they ban A/D converters, we will win (or the digital society we've made will collapse, whichever comes first).
Kjella
Live today, because you never know what tomorrow brings
Well, depending on how you look at it. They are 1:1 digital copies of the same wav output that'd go to your speakers. If the WMA format was open, you could probably (with a lot of effort) create a "reverse engineer" encoder which would reconstruct the original compressed file, sans DRM.
You can do this will *all* DRM media, nothing new here - It's only because it's Napster (woohoooo) that people think it's revolutionary. It isn't.
Actually, no. The big news here is because it is a subscription service. I.e. you take a temporary copy, and make it a permanent one. It has a completely different impact on the business model than say Hymn and the iTMS.
Live today, because you never know what tomorrow brings
No, it quite certainly is still illegal to abuse. A subscription to Napster gives you the legal right to use the songs you want for as long as you pay a subscription to Napster. You are not paying for the song; you are paying for the right to RENT the song.
http://www.napster.com/terms.html
Even if it was illegal, dont try to pretend that it still wouldnt be IMMORAL. Does it really matter if your country doesn't have specific laws keeping you from doing this?
Does the artist of the song get paid? No? Well, arent you kind of screwing him/her over? I think the answer is clear.
"The bottom line is that people are always going to find a way to get around the system...
True that. I can hear it, i can copy it. I can see it, i can copy it. It takes one person to copy it, millions can get it. Period.
Sample this!
From the article...
"A spokeswoman for Napster said that such endeavours were nothing new and the company was not too concerned.
'The DRM (digital rights management) is intact. Basically, people are just recording off a sound card. This is nothing new and people could do this with any legitimate service if they want to use a sound card,' she said.
"This kind of attack has been around for a long time and it's just because of our higher profile that it has sparked such interest," she said."
As all Slashdot readers know, truly effective DRM is damn near impossible. It's all cosmetic fluff to convince the copyright holders that their rights are being protected. The people who are willing to pay are given a chance to pay, and the people who want to ride for free are going to continue that practice. The size of the paying vs. non-paying community is determined more by price than by DRM. I think the online music industry is still squandering most of the revenue that might be achieved with lower pricing. Drop the price to $5/month and my music budget increases from $0 to $60 per year. Until that time, I am satisfied with music I bought years ago plus what I hear on the radio.
Notice how some of the biggest players in the DRM industry are the companies with the most feeble security products. In essense, DRM is the final frontier for security technology that is not good enough for any other purpose; a virtual "dumping ground" for code.
Sure enough, the DRM industry is helping the music industry -- just not in the way it appears at first glance. A combination of fantasies are being satisfied at the same time. RIAA is convinced that DRM will eventually stop piracy, the DRM vendors have a continous market for "upgrades" as each layer is cracked, while the continuous circumvention of DRM ensures plenty of interest in online music. Nothing would kill the industry faster than loss of interest. The music industry would have committed commercial suicide by now if they had been given any serious DRM weapons. Fortunately, the can't hurt themselves all that much because all they have are DRM toys.
To be fair, there always must be a "WAV" step; you just don't see it in action using method described for the link.
Why do they even try to put DRM on downloaded music? Everytime they do it, it's cracked. So, they are going through all this trouble for nothing. It doesn't stop the music from being leaked to P2P networks, because even if it was unbreakable, one person could purchase a CD, rip it, and put it on the network. One copy is all you need. If people really wanted to make copies of the music for distribution, they'd be much smarter to just go out and buy a CD. Higher quality, and infinitely easy to copy.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Oh come on, even if this were true, napster came out a couple days ago and said they were going to take out Apple / iTunes.
If you declare war, you can't really bitch that the other side just spanked you.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Yes -- it's just the analog hole, nothing new here...
Yes -- you can do this with iTunes as well...
However, if you strip the DRM off an iTunes song, Apple still gets to keep the $0.99 -- to their accountants they sold one song and they pay the record labels for one song.
Napster's entire business model is predicated on their power to turn off your ability to listen to the music when you quit paying. If you pay $15 for a single month of service and pull down 1,000 songs that you then strip and keep, you're paying them 1.5 CENTS per song. However, they still have to pay the record companies licensing fees on 1,000 songs (I'm sure those fees are less than what iTunes carries, but there's no way it's THAT low.) Napster relies of the fact that users will want to keep paying that 1.5 cents over and over again each month to keep listening to the music. Once that goes away, profit goes away as well (to say nothing of the desire for the labels to let their songs be on Napster once they figure out what's going on.)
It should have been obvious to Napster up front that the analog hole is a real problem for any "all-you-can-eat" content provider. This is why you're not likely to see a subscription-based iTunes anytime soon. Jobs is arrogant, but he's not stupid.
seriously, for most folks, the sound will be plenty good enough. but for audiophiles and perfectionists ....
"It is a greater offense to steal men's labor, than their clothes"
The thing is always in the hand of the user. With some tools, I can completely re-flash my cell phone. If I'm smart, I can even make the modifications I did stealth from the POV of the cell phone company. This is and will always be true, unless you start making appliances that explode when you open them. Or when you try to make any "illegal operation" with them.
...Or until you persuade the government to criminilize attempts to defeat your DRM. Then you can make your DRM encryption as weak as you want, and let the police pick up the slack for your laziness/technological shortcomings.
I'm not a smorgasbord.
...Or until you persuade the government to criminilize attempts to defeat your DRM. Then you can make your DRM encryption as weak as you want, and let the police pick up the slack for your laziness/technological shortcomings.
Well, this doesn't exactly help alot since copying the music is already illegal (copyright infringement) providing you can not claim fair use.
I'll make an analogy.
Stealing bikes is forbidden according to law. But some people still steal bikes fully aware that it is illegal. So bike owners install locks on their bikes to prevent theft. But some bike thieves will just bash or pick the locks and still steal the bikes.
So, lets assume that BOAA (Bike Owners Association of America) puts some serious lobbying money towards making it illegal to circumvent bike locks. Will this stop bike thefts? Bike thieves are already breaking the law, so what makes anyone think that they will respect the latter law when they already disregard the former?
I call bollocs on the Lawmakers...
Disclaimer: I am not actually comparing stealing bikes with downloading illegaly copied music, I do it just to prove a point
What with these people talking about the quality deteriorating when converting to OGG or MP3. I say who cares, I can barley hear the idfference now and anyone who can I applaud you. This may be significant for measuring the quality of the hack performed to get the audio in a non-DRM format, but it fails in all tests if your going to argue about sound quality.
The upshot of all which is, it's trivially easy to capture data meant for the sound card; and there is no place for any kind of security through obscurity, because everyone needs to know at some level how to send data to a sound card.
Not so fast. Microsoft is already a step ahead of you with Secure Audio Path. Essentially, Windows Media DRM can require a digitally signed audio driver which accepts encrypted input. It simply won't talk to an "untrusted" driver (such as TotalRecorder).
That said, the Napster representative in TFA is incorrect about the type of exploit this is. The audio isn't being captured by a "rogue" sound driver (or an analog loopback, which is what she makes it sound like). It's being redirected to disk via a Winamp output plugin. Ordinarily, Winamp will refuse to write to a disk writer plugin given a DRM'd input file, but the Output Stacker plugin sends audio to *both* the DirectSound driver (the "primary" one, which is kosher for DRM'd audio and is the one Winamp sees), _and_ the secondary driver, which is a disk writer plugin.
The upshot is, if you want a means to remove encumbrances from legally acquired media, download Winamp and Output Stacker now before Nullsoft "fixes" this "exploit". But don't share anything you decrypt online, or you'll only vindicate the suits who press for DRM to prevent file sharing.
Christ almighty, way to make a mountain out a molehill.
...just route your soundcard's line out to the line in jack, creating a loopback, and have fun with your audio recorder program.
As long as any type of music is taking an analog path out to the listener's ear, it will ALWAYS be possible to "crack"
That's not cracking, it's common sense.
Talk about your sensationalist journalism... I was expecting to read some article about a batch processor that strips the DRM from the MP3 files, not requiring decoding and re-encoding again.
[an error occured while processing this directive]
Please remove vinyl from your list. A well taken care of record on a good turntable with a good phono pre-amp can often sound superior to the CD of the same music.
I still prefer CD's because of their ease of use and portability, but when I'm sitting alone in my main listening environment, I definately perfer the sound of vinyl.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
I repeat: YES, I will.
If it's on *my* memorystick, I will extract it. If it requires a closed software to play it, I'll install such closed software under a hacked version of QEMU that instead of playing some stream writes it into a file. Digitally.
I guess Akio Morita did not know what he was getting into when he had the CD/DAT idea "let's write everything digitally in the media".
Repeat after me: there is no DRM. It's cryptographically infeasible. One of the pillars of crypto is that the key must travel between Alice and Bob by a secured mean, so that Eve cannot get a hold of it. When Bob is schizo and Eve is the same as Bob, Eve has the key, so Eve has the message. Pristine. Not even quantum crypto can give a real DRM.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
You know, I hate to admit it, but it is exactly this sort of thing that lends some credibility to thugs of the RIAA. For years, users have been saying that all they want is a way to have their music accessible online, and that they would be willing to pay for a download service. Now, as soon as those services come available, those same people are finding and promoting ways to circumvent the security and steal the music! Frankly, this is nothing but bald-faced hypocrisy, and will only encourage further retaliation by the industry. In effect, you're shooting yourself in the foot.
But I'm sure the in the posts that follow you will all prove me wrong by painting yourselves as dedicated hackers who want to "stick it to the man" and are only standing up for your own rights. Right?
Basically, if you can hear music, you can steal it. It's just a matter of the quality you're willing to put up with. It's amazing to me that anyone thinks they can set up a situation where you ultimately send an unencrypted digital stream of data to your audio card, but no one's going to divert that stream to the hard disk.
but have you considered the following argument: shut up.
Is it?
... crappy digital music is better than AM radio. Beats me -- I've never heard of an AM station playing music (only news). So it's a moot point, anyway.
If you have a good FM receiver, FM can sound really good. Maybe not better than a CD (since they're probably playing a CD on the other end), but certainly much better than a poorly-encoded MP3.
DAT can be recorded at higher data rates than a CD. In fact, many (if not most) of my CDs were originally recorded on DAT. So it's not true that tapes always sound bad: some sound much better!
(A lot of my older recordings were done on analog tapes, and they sound fine. Surely you can't be suggesting that this music would sound *better* by running it through an MP3 encoder a couple of times?)
Somebody else will rip you a new one for listing vinyl, so I'll let that one slide.
And I like humming just fine. I've never given myself a headache by humming -- poor-quality MP3's give me headaches, no matter how quiet I play them. I'd rather hum Brahms' first symphony than listen to a 128K MP3 of it.
So you're left with
For any digital file, the odds are good that your SPEAKERS are your biggest impediment to quality.
Maybe. Or maybe not. Depends entirely on your music files and speakers. I know very few people for whom speakers are the limiting factor.
You can replace "digital file" by any of the items in the list, and "speakers" by "equipment", and get a true sentence. For example, "Odds are good that your receiver is your biggest impediment to FM quality".