Slashdot Mirror
Napster Has Been Cracked
Sabathius writes "Users have found a way to skirt copy protection on Napster Inc's portable music subscription service just days after its high-profile launch, potentially letting them make CDs with hundreds of thousands of songs for free...""
So long as the audio comes out speakers at some point you will always be able to grab the analog signal and re-encode it to whatever format you want... this isn't some breakthrough... It's called recording the analog output...
---
Programming is like sex... Make one mistake and support it the rest of your life.
Oh this has been explained for a while: http://marv.kordix.com/archives/000400.html
All that is happening is that people are grabbing the actual output of the song, and dropping it into a wav file. This will ALWAYS happen with any kind of copy protection. If you let users actually hear (music) or see (movies/tv) the content, there will always be a way to get it. At the absolute worst, people can just set up a tape recorder and grab it from that.
Regardless, the point is that it is STILL ILLEGAL to abuse. Until you can get people to stop breaking the law voluntarily (via fair pricing and good business practices), all media/content companies will have to keep playing this game. What they need to realize is that they are always going to lose.
"The DRM (digital rights management) is intact. Basically, people are just recording off a sound card. This is nothing new and people could do this with any legitimate service if they want to use a sound card," she said.
"This kind of attack has been around for a long time and it's just because of our higher profile that it has sparked such interest," she said.
But isn't this the point? All it takes a little software tool and suddenly everyone can do it. You can't just "ignore" attacks - because the attackers certainly wont.
Simon.
To be fair, this is a far more crude hack than Hymn.
Hymn (the iTunes DRM remover) keeps the encoded data encoded, simply removes the copy protection, wheras this takes the decompressed audio, writes it as a wav file to the disk. As a result, if you want to encode it to save space, say, WMA, or ogg or MP3, you're losing more information (I suppose you could also go with FLAC, but that's a lot of space for a mediocre bitrate WMA version anyway).
All in all, I'd say wait for a better way of bypassing the DRM before you hog up to the Napster smorgasboard.
"If we let things terrify us, life will not be worth living."
- Seneca
So what's the point? The main thing of Napster is that you can legally download songs off the internet. Circumventing copyright protection schemes is illegal, at least here in Finland. So why not download the songs illegally in the first place? Of course there's the RIAA-factor but if you don't share, is there a problem as getting caught propably isn't that likely.
..."we're powerless to stop it".
Don't think it isn't being worked on, just not by Napster. You can read more about Secure Audio Path here. Of course, the next step is a simple loopback-cable to another sound card (your input will be disabled while doing secure playback). The next step is to add a broadcast flag to the signal, only to have people circumvent it. Then they'll go for Secure Digital speakers. Then people will record with a high-fidelity microphone. And some time after they ban A/D converters, we will win (or the digital society we've made will collapse, whichever comes first).
Kjella
Live today, because you never know what tomorrow brings
To be fair, there always must be a "WAV" step; you just don't see it in action using method described for the link.
The thing is always in the hand of the user. With some tools, I can completely re-flash my cell phone. If I'm smart, I can even make the modifications I did stealth from the POV of the cell phone company. This is and will always be true, unless you start making appliances that explode when you open them. Or when you try to make any "illegal operation" with them.
...Or until you persuade the government to criminilize attempts to defeat your DRM. Then you can make your DRM encryption as weak as you want, and let the police pick up the slack for your laziness/technological shortcomings.
I'm not a smorgasbord.
The upshot of all which is, it's trivially easy to capture data meant for the sound card; and there is no place for any kind of security through obscurity, because everyone needs to know at some level how to send data to a sound card.
Not so fast. Microsoft is already a step ahead of you with Secure Audio Path. Essentially, Windows Media DRM can require a digitally signed audio driver which accepts encrypted input. It simply won't talk to an "untrusted" driver (such as TotalRecorder).
That said, the Napster representative in TFA is incorrect about the type of exploit this is. The audio isn't being captured by a "rogue" sound driver (or an analog loopback, which is what she makes it sound like). It's being redirected to disk via a Winamp output plugin. Ordinarily, Winamp will refuse to write to a disk writer plugin given a DRM'd input file, but the Output Stacker plugin sends audio to *both* the DirectSound driver (the "primary" one, which is kosher for DRM'd audio and is the one Winamp sees), _and_ the secondary driver, which is a disk writer plugin.
The upshot is, if you want a means to remove encumbrances from legally acquired media, download Winamp and Output Stacker now before Nullsoft "fixes" this "exploit". But don't share anything you decrypt online, or you'll only vindicate the suits who press for DRM to prevent file sharing.
Please remove vinyl from your list. A well taken care of record on a good turntable with a good phono pre-amp can often sound superior to the CD of the same music.
I still prefer CD's because of their ease of use and portability, but when I'm sitting alone in my main listening environment, I definately perfer the sound of vinyl.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
I repeat: YES, I will.
If it's on *my* memorystick, I will extract it. If it requires a closed software to play it, I'll install such closed software under a hacked version of QEMU that instead of playing some stream writes it into a file. Digitally.
I guess Akio Morita did not know what he was getting into when he had the CD/DAT idea "let's write everything digitally in the media".
Repeat after me: there is no DRM. It's cryptographically infeasible. One of the pillars of crypto is that the key must travel between Alice and Bob by a secured mean, so that Eve cannot get a hold of it. When Bob is schizo and Eve is the same as Bob, Eve has the key, so Eve has the message. Pristine. Not even quantum crypto can give a real DRM.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048