Slashdot Mirror
Napster Has Been Cracked
Sabathius writes "Users have found a way to skirt copy protection on Napster Inc's portable music subscription service just days after its high-profile launch, potentially letting them make CDs with hundreds of thousands of songs for free...""
Never saw that one coming.
So long as the audio comes out speakers at some point you will always be able to grab the analog signal and re-encode it to whatever format you want... this isn't some breakthrough... It's called recording the analog output...
---
Programming is like sex... Make one mistake and support it the rest of your life.
Oh No...
Now the name Napster will be tried to illegally copied music... and after all the paid of the good number of that company...
Cruise TT
Oh this has been explained for a while: http://marv.kordix.com/archives/000400.html
All that is happening is that people are grabbing the actual output of the song, and dropping it into a wav file. This will ALWAYS happen with any kind of copy protection. If you let users actually hear (music) or see (movies/tv) the content, there will always be a way to get it. At the absolute worst, people can just set up a tape recorder and grab it from that.
Regardless, the point is that it is STILL ILLEGAL to abuse. Until you can get people to stop breaking the law voluntarily (via fair pricing and good business practices), all media/content companies will have to keep playing this game. What they need to realize is that they are always going to lose.
I thought all music downloaded from the internet was free?
Omnis amans amens
The jig is up. I was hoping I'd finish my 14-day trial before anyone found out about this. Oh well, I got 8 gigs already, and I can get more today.
I use a program called tunebite that plays the files back and records them to MP3, as well as copying over album/artist metadata from the tags.
Hopefully I can get everything copied before they fix it (if they ever can fix it).
"The DRM (digital rights management) is intact. Basically, people are just recording off a sound card. This is nothing new and people could do this with any legitimate service if they want to use a sound card," she said.
"This kind of attack has been around for a long time and it's just because of our higher profile that it has sparked such interest," she said.
But isn't this the point? All it takes a little software tool and suddenly everyone can do it. You can't just "ignore" attacks - because the attackers certainly wont.
Simon.
"Growsing about rejected submissions" my behind -- I submitted a better worded snap with more informative links two days ago...
WinAmp has pulled the plug-in in question from their site, it seems...
In Soviet Washington the swamp drains you.
1. Launch DRM'd subscription-based music service. Nobody joins it but RIAA backs your model and you get lots of good music.
2. Wait for DRM to be cracked, in, ooh, three or four days.
3. Your subscriptions suddenly rocket
4. PROFIT!
I'm not wrong. You haven't thought about it hard enough.
Sticking something on the output of the media player that saves a copy of the bits is not a crack.
Isn't this just a plugin to WinAmp the grabs the output stream from napsters software going to the sound card and "records" it? As far as I can tell you would still have to manually name/tag the files unless your happy with generic names. Also, a five minute song will take five minutes to capture. OPh and it captures as an uncompressed wav so you would need to convert it to your prefered format.
Uhm... Napster?
So much for the business model...
How come Slashdot never gets Slashdotted?
It's not actually been cracked - They can't make real digital 1:1 copies of the songs - What they do is record from the sound card. That's not so bad if you just want to burn them to CD, but if you want to re-encode from WAV to Ogg or MP3, the quality will deteriorate further...
You can do this will *all* DRM media, nothing new here - It's only because it's Napster (woohoooo) that people think it's revolutionary. It isn't.
Any technology distinguishable from magic, is insufficiently advanced.
So what's the point? The main thing of Napster is that you can legally download songs off the internet. Circumventing copyright protection schemes is illegal, at least here in Finland. So why not download the songs illegally in the first place? Of course there's the RIAA-factor but if you don't share, is there a problem as getting caught propably isn't that likely.
napster just keeps finding a way to provide free music. lol. talk about irony.
Divide the number of songs sold on iTunes by the number of iPods sold, and it works out to only something like 5 or 10 albums per iPod. Unless people are buying much much bigger players than they need for some reason, it looks like people are mostly putting things other than iTMS music on their iPods.
Apparently, users have been sitting in front of their TV with a camcorder...
Hehe
iTunes: $0.99 per song.
Napster: 14 day free trial: All the songs you can download and copy to MP3.
Hrm... =)
Jason Lotito
Napster have already responded on their site (link in top right) and basically said the same thing. They also rightly pointed out (i think, as i've not tried) that this would be a 1:1 copy, so a 60 minute album would take you the same amount of time to copy - which isn't going to be much fun to do lots of.
Apparantly rumour has it that Steve Jobs contacted music executives, pointing them to the site and the Napster CEO countered by pointing out several sites which showed you how to do the same with iTunes files. I'm not sure how true this is.
Interestingly enough, the Winamp plugin required to do this - Output Stacker - was pulled from the winamp site. Which I find a little odd, since there are perfectly legal uses for the plugin - so I don't understand why they're playing censorer (to be safe?)
If anyone knows where to get it from, it would be appreciated since Googles cache shows no homepage and a Google search of the author gives only a set of links to a non-working winamp.com URL.
Avantslash - View Slashdot cleanly on your mobile phone.
..."we're powerless to stop it".
Don't think it isn't being worked on, just not by Napster. You can read more about Secure Audio Path here. Of course, the next step is a simple loopback-cable to another sound card (your input will be disabled while doing secure playback). The next step is to add a broadcast flag to the signal, only to have people circumvent it. Then they'll go for Secure Digital speakers. Then people will record with a high-fidelity microphone. And some time after they ban A/D converters, we will win (or the digital society we've made will collapse, whichever comes first).
Kjella
Live today, because you never know what tomorrow brings
Steve Jobs reportedly e-mailed record company executives a link to a blog detailing the hack. He apparently wants to paint Napster as an insecure service, no different from its original form all the while portraying iTunes as secure (PlayFair anyone?)
Ruthless business tactics IMHO, dare I say reminiscent of the Redmond giant. I wish he'd let consumers decide which service is better rather than try to sabatoge Napster with his industry connections and FUD.
(Disclaimer: Heard this as a rumor - I wasn't exactly CCed on Steve's e-mail - but I had no reason to disbelieve the source).
A response from the Napster CTO taken from the homepage of Napster.com:
----
It has come to our attention that there are a number of inaccurate statements posted by various sources on the Internet regarding the security of Napster and Napster To Go. As Napster's CTO, I would like to officially state that neither Napster To Go, Napster, nor Windows Media DRM have been hacked. In the interest of providing the most accurate information to consumers, the following is some background on the subject.
There is a program that allows a user to record the playback of tracks directly from the computer's sound card. This process can be likened to the way people used to record songs from the radio onto cassette tapes, but instead of capturing the music on a tape, the file is converted into a new, unprotected digital format. This program does not break the encryption of the files, which can only be recorded one at a time making the process quite laborious. It would take 10 hours to convert 10 hours of music in this manner. It is important to note that this program is not specific to Napster; files from all legal subscription and pay-per-download services can be copied in this way.
We hope that the information provided above clarifies the matter and puts questions regarding the security of Napster and Napster To Go to rest. Napster's mission is to provide consumers with a legal environment in which they can experience and discover the world's largest collection of digital music. We believe that artists should be compensated for their work and intellectual property rights should be respected. While we acknowledge there are always going to be those who do not share our belief, we remain committed to providing the most enjoyable and flexible digital music experience for those who do.
No, it quite certainly is still illegal to abuse. A subscription to Napster gives you the legal right to use the songs you want for as long as you pay a subscription to Napster. You are not paying for the song; you are paying for the right to RENT the song.
http://www.napster.com/terms.html
Even if it was illegal, dont try to pretend that it still wouldnt be IMMORAL. Does it really matter if your country doesn't have specific laws keeping you from doing this?
Does the artist of the song get paid? No? Well, arent you kind of screwing him/her over? I think the answer is clear.
Output Stacker plugin has been pulled from the WinAmp site, but you can still get it in their forums.
v FLX6QJ: www.winamp.com/plugins/details.php%3Fid%3D86033+wi namp+output+stacker+plugin&hl=en&client=firefox-a
e adid=3 5627
p ostid=159 3266
The details on the plugin are cached here, this is the PULLED page:
http://64.233.183.104/search?q=cache:zsalM
This thread lists where it can be found NOW:
http://forums.winamp.com/showthread.php?thr
And this contains the plugin:
http://forums.winamp.com/attachment.php?
Google is a wonderful thing when companies wish to backtrack like that.
The plugin has tons of geniune uses... pulling it, well yeah I understand AOL/Time Warner's motives... but they're kinda dumb.
Before you criticise the craftwork, consider the medium.
You don't expect a pile of burning tires to be stacked neatly, do you? That's about the same as expecting coherence and grammar in a slashdot post.
Someone had to do it.
Well according to Napster, this is not a crime. Quotting from the article: "The DRM (digital rights management) is intact. Basically, people are just recording off a sound card. This is nothing new and people could do this with any legitimate service if they want to use a sound card".
yes. MP3, Ogg, and WMA all take away different parts of the waveform in their quest to be smallest. Therefore, transcoding from one to another results in the waveform being mangled more and more.
Get your Unix fortune now!
-If you use the "Out-lame" Winamp plugin in the Output Stacker in place of "Out-disk", you can convert straight to MP3. It still encodes no faster than realtime, but this is a great way to conserve space. WAV(Out-disk) is still recommended if you are burning CDs and want to keep as much quality as possible. I can confirm that this all works.
-You can run multiple instances of Winamp at once, each converting its own song. Each instance's playback will not interfere with any of the others, illustrating the fact that this is not simply recording the music off of your soundcard. Doing this, you can get FAR MORE than 252 full 80 minute CDs within 14 days. I can confirm that this works.
You can transcode(MP3) or decode(WAV) X albums in the time it takes for the longest track on the album to elapse. And since you're not limited to only tracks from one album at a time, you can trans/decode as many tracks as instances of Winamp your computer will run limited only by your computer's resources.
Quote from Napster's official statement: "It would take 10 hours to convert 10 hours of music in this manner."
With the updated methods, you can convert 100 hours or 1,000 hours or 10,000 hours of music in 10 hours. The only limit is your computing resources.
--- Eat my sig.
I have just cracked LP copy protection. I have plugged my record player into the line in button on my sound card, dropped the needle and clicked "record". This is a banner day. Hail to me. I am off to crack my camcorder next.
(+1 Funny) only if I laugh out loud.
The thing is always in the hand of the user. With some tools, I can completely re-flash my cell phone. If I'm smart, I can even make the modifications I did stealth from the POV of the cell phone company. This is and will always be true, unless you start making appliances that explode when you open them. Or when you try to make any "illegal operation" with them.
...Or until you persuade the government to criminilize attempts to defeat your DRM. Then you can make your DRM encryption as weak as you want, and let the police pick up the slack for your laziness/technological shortcomings.
I'm not a smorgasbord.
for audiophiles and perfectionists ....
:)
Turns out they don't care since they'd never purchase that low quality of music in the first place eh?
...Or until you persuade the government to criminilize attempts to defeat your DRM. Then you can make your DRM encryption as weak as you want, and let the police pick up the slack for your laziness/technological shortcomings.
Well, this doesn't exactly help alot since copying the music is already illegal (copyright infringement) providing you can not claim fair use.
I'll make an analogy.
Stealing bikes is forbidden according to law. But some people still steal bikes fully aware that it is illegal. So bike owners install locks on their bikes to prevent theft. But some bike thieves will just bash or pick the locks and still steal the bikes.
So, lets assume that BOAA (Bike Owners Association of America) puts some serious lobbying money towards making it illegal to circumvent bike locks. Will this stop bike thefts? Bike thieves are already breaking the law, so what makes anyone think that they will respect the latter law when they already disregard the former?
I call bollocs on the Lawmakers...
Disclaimer: I am not actually comparing stealing bikes with downloading illegaly copied music, I do it just to prove a point
The upshot of all which is, it's trivially easy to capture data meant for the sound card; and there is no place for any kind of security through obscurity, because everyone needs to know at some level how to send data to a sound card.
Not so fast. Microsoft is already a step ahead of you with Secure Audio Path. Essentially, Windows Media DRM can require a digitally signed audio driver which accepts encrypted input. It simply won't talk to an "untrusted" driver (such as TotalRecorder).
That said, the Napster representative in TFA is incorrect about the type of exploit this is. The audio isn't being captured by a "rogue" sound driver (or an analog loopback, which is what she makes it sound like). It's being redirected to disk via a Winamp output plugin. Ordinarily, Winamp will refuse to write to a disk writer plugin given a DRM'd input file, but the Output Stacker plugin sends audio to *both* the DirectSound driver (the "primary" one, which is kosher for DRM'd audio and is the one Winamp sees), _and_ the secondary driver, which is a disk writer plugin.
The upshot is, if you want a means to remove encumbrances from legally acquired media, download Winamp and Output Stacker now before Nullsoft "fixes" this "exploit". But don't share anything you decrypt online, or you'll only vindicate the suits who press for DRM to prevent file sharing.
I have spoke to a friend within apple who has told me they are aware of this rumour, it is NOT true, and it is apparently being spread by people like gmajor(look at his several replies acting as if the "email" is a fact) as some sort of FUD campaign (maybe gmajor does the astro???). I have to admit though, he had me at first...we all know between running sucessful companies and coming up with innovative products steve is busy RABIDLY FOLLOWING BLOGS!!! UZ PWNED!
Christ almighty, way to make a mountain out a molehill.
...just route your soundcard's line out to the line in jack, creating a loopback, and have fun with your audio recorder program.
As long as any type of music is taking an analog path out to the listener's ear, it will ALWAYS be possible to "crack"
That's not cracking, it's common sense.
Talk about your sensationalist journalism... I was expecting to read some article about a batch processor that strips the DRM from the MP3 files, not requiring decoding and re-encoding again.
[an error occured while processing this directive]
"CDs" it is plural
It's always nice when someone doesn't get the joke. It's even better when they reply with broken English. It's best when they're trying to correct me using broken English while missing the joke. Thank you, sincerely.
http://xkcd.com/386/
Please remove vinyl from your list. A well taken care of record on a good turntable with a good phono pre-amp can often sound superior to the CD of the same music.
I still prefer CD's because of their ease of use and portability, but when I'm sitting alone in my main listening environment, I definately perfer the sound of vinyl.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
I repeat: YES, I will.
If it's on *my* memorystick, I will extract it. If it requires a closed software to play it, I'll install such closed software under a hacked version of QEMU that instead of playing some stream writes it into a file. Digitally.
I guess Akio Morita did not know what he was getting into when he had the CD/DAT idea "let's write everything digitally in the media".
Repeat after me: there is no DRM. It's cryptographically infeasible. One of the pillars of crypto is that the key must travel between Alice and Bob by a secured mean, so that Eve cannot get a hold of it. When Bob is schizo and Eve is the same as Bob, Eve has the key, so Eve has the message. Pristine. Not even quantum crypto can give a real DRM.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Now it really IS cheaper than iTunes. :)
This is only true for lossless codecs. This won't work for any lossy codec. You can't go from MP3->WAV->MP3 for example without quality loss. Same with WMA, AAC, and pretty much all the popular lossy codecs. For more information, see this discussion on HydrogenAudio.