Slashdot Mirror
Sticky Tape Defeats Sony DRM Copy Protection
cybrpnk2 writes "As reported by InformationWeek, Sony BMG Music's controversial copy-protection scheme can be defeated with a small piece of tape. According to thinktank Gartner analysts Martin Reynolds and Mike McGuire, Sony's XCP technology is stymied by sticking a fingernail-size piece of opaque tape on the outer edge of the CD. 'After more than five years of trying, the recording industry has not yet demonstrated a workable DRM scheme for music CDs. Gartner believes that it will never achieve this goal as long as CDs must be playable by stand-alone CD players.'"
Does using tape in such a fashion violate the terms of the DMCA? If so, could the tape manufacturers be held responsible for making a product that potentially aides in piracy?
Cyric Zndovzny at your service.
And they always said that home taping would kill the music industry...
Sony/BMG sued 3M Corporation today for their new technology called "tape" to circumvent their copy protection and encryption schemes. They will be tried under the DMCA, news at at 11!
Unstable Apps: Our Android Apps Don't Suck
Here's what you can do to defeat it without risking your optical drive: Hold shift when inserting the disc or, even better, disable CD autostart. But that wouldn't make such a nice headline, would it?
Only outlaws will have office supplies.
Illegal technology, outlawed by DMCA:
* Sticky Tape
* Magic Markers
* Shift Keys
When will these companies learn? 3M, Sharpie, and Dell-- stop trying to get me to break the law!!!
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
Last time I had to defeat the usual sort of multi-session CD DRM I just used a whiteboard pen. It's helpful because if you go to far in (and start losing the last track), you can just rub little bits off until you get it just right.
In 2003 some of the HP Labs researchers looked at the related issues and published a paper titled: "If Piracy is the Problem, Is DRM the Answer?" http://www.hpl.hp.com/techreports/2003/HPL-2003-11 0.pdf
You might find the white paper interesting if you've not read it before. This caused quite a stir when it was released, both inside and outside HP, and is still quite relevent in light of the Sony issue. This provides an counterpoint even inside HP where we try to maintain some form of management across all the issues.
The conclusion reads:
"We pointed out that unauthorized use and unauthorized acquisition are two aspects of piracy. A key concept is how licenses are bound to content. We saw that various kinds of DRM technology address these issues in very different ways, but that all of them have some kind of flaw that make it highly unlikely that they will be able to solve the problem of piracy. The real problem with piracy is that it takes only a small fraction of users who are capable of dissociating licenses from content to make managed content available to a significant fraction of users in unmanaged form.
We explored the concept of draconian DRM in which devices that handle managed content do not handle unmanaged content at all. Draconian DRM could potentially be effective at eliminating piracy if it were ubiquitously adopted, but introduces a new problem of how to handle public content.
Our conclusion is that currently proposed technical measures will not be able to completely stop the illegitimate distribution of pirated content. We believe that content producers must take steps to compete with the piracy as an alternative."
I still maintain that the best way to defeat Sony's DRM is by simply not buying their music. All the fuss and legal backlash is nothing if we are two-faced in our dealings with them, and indeed all big industry. If we're chiding them on the one side for their vicious tactics and financially supporting them on the other, they hear the message loud and clear: we're pushovers. I think that's the answer they were prodding for when they first decided to include XCP on their CDs in the first place.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
How to permanantly turn off CD Autorun on Windows.
Oh, this is too funny.
.01 cent piece of 'write-protect' tape. And now, Sony repeats it with the same level of hubris... that's too funny.
Many years ago in the Apple ][ era... Lotus 1-2-3 was a great spreadsheet. They invested a huge pile of money to make certain that you could not run their program without possessing the original disk. And try as we may, we couldn't figure out how they did it... there was one sector that was funky, but it didn't make any sense.
Then, by chance, my neighbor had a nice RANA drive - and it had a 'write protect' button on the face, that you could manually toggle. We stuck a (non-working) copy into the drive to begin the arduous task of single-stepping through the code, and accidentally hit that button while doing so. The result?
Lotus fired right up!
They spent way too much money using a laser to create a specific media defect in a specific place; upon startup, the program would attempt to write to that location. If it failed, it knew it was the original. If it succeeded... then there was no defect there, and it was a copy.
All that time and god-knows-how-much-money they invested in this scheme... only to be defeated by a
help me i've cloned myself and can't remember which one I am
WHICH IS STICKING THE TAPE TO MY SHIft key oh darn it got loose again....
You're right that the tape is a bad idea. If someone does try it though, at least put a balancing slice on the opposite side of the disc. You don't know strange and loud until a CD EXPLODES in your CDROM drive. I've seen the remaining disc after an explosion, and sand almost has bigger pieces than some of what's left.
Also in describing the Sony Rootkit problem it's good to mention that the disks are "infected with DRM". The person won't know what DRM is, but it helps to associate it with a bad word like "infection". And in the case of the Sony CDs, it's not overhyping the facts either, so your conscience can remain clear.
Bottom line is, "these discs are designed to infect a computer with DRM, which breaks Windows, and lets Sony and viruses take over your computer."
Saskboy's blog is good. 9 out of 10 dentists agree.
" ". . .it will never achieve this goal as long as CDs must be playable by stand-alone CD players.'" "
Well, obviously all they need to do is put a stop to this sort of nonsense.
KFG
People buy CDs to get the best 44.1Kbs uncompressed audio usually available for purchase. Yet the DRM'd versions are highly compressed audio files (hence things like the illegally included LAME decoder in the XCP package) where true quality is sacraficed in order to achieve compression levels allowing it to be sandwiched onto a standard CD.
Some very fine audio chips and speakers are available for computers these days, and certainly some people use their computers as their primary audio system. Yet were on the packaging, or EULA (an astonishing concept for a music CD in and of itself), does it tell you that you'll receive inferior quality playback when played on your computer. How many people believe that the DRM'd discs are actually playing back the .WAV files, instead of WMA or other crap files? It's fraud to not inform consumers that even after they agree to the DRM that they'll receive degraded audio as a result -- and Sony should have to pay for that as well!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Sony VAIOs will now ship without shift keys...
Ed Foster provides more information that allows us to make a "behavioral profile of Sony":
... before users can even say yes or no to accepting the Sony EULA,
MediaMax has already installed a dozen files on their hard drive and started
running the copy protection code. The files remain even if the user rejects
the EULA, and the Sony CDs provide no option for uninstalling the files at a
later date.
... an e-commerce revenue generation "feature of dynamic on-line
and off-line banner ads. Generate revenue or added value through the placement
of 3rd party dynamic, interactive ads that can be changed at any time by the
content owner."
Sony has other DRM software. Here are quotes:
MediaMax also "phones home" every time you play a protected CD with a code identifying what music you're listening to.
Ed Foster says Sony management has a "scum" profile. Quote: OK, so let's see what we've got here. A company that seems bent on sneaking files onto unsuspecting users' computers, pretending they've gotten permission to do so from a vaguely-worded EULA, transmitting a constant stream of usage information back to their servers, and using that information for who-knows-what revenue generating opportunities. Does this sound like a familiar profile to you? Of course, it's the profile of all the spyware/adware scum that have come very close to destroying the Internet just to make a few bucks peddling their trash.
Issues that remain concerning Sony's rootkit software and other DRM software:
As is shown by Ed Foster's analysis linked above, attacking customer computers seems to be the kind of thing that is part of the Sony corporate culture. There has been no apology, and Sony management makes statements giving the impression they intend to continue infecting customer computers.
A music retail store spokesman said that Sony's rootkit attack has become public just before Christmas. Customers can easily choose some other gift now that they are scared about computer attacks. Sony's attack has hurt the entire music industry, not just Sony. Also, the damage will continue after Christmas.
Few people are technically knowledgeable. The Sony rootkit CDs will be causing problems for many, many years, as they are traded or borrowed or sold to thrift stores.
The number of computers already corrupted by the Sony rootkit is probably far larger than the 500,000 quoted in articles about the Sony attack. That number is just the number of Domain Name Servers that show evidence that a computer has tried to contact the Sony phone home address. The average server would almost certainly service more than one corrupted computer.
Following Microsoft's lead years ago, some businesses treat all their customers as crooks so that they can stop a few.
I really fail to understand what anyone hopes to achieve by any form of copy protection...
As far as I can tell, the only form of copy protection that can hope to work against any low-level data extraction tool is one that involves partially invalid data or unreadable regions. And even then, you can do a straight 1:1 copy, and whenever it starts having read errors, put a 0 or something in those bytes and skip them. That is easily achieved using a utility like dd. In many cases, you can also read the disc in a virtual PC (e.g. VMware), and save the audio output to a disk file - and then delete the virtual PC in case of malware installed by the CD.
Unless the disc is in a proprietary format which can only be read by a specific player, which has no standard output connections, you can copy anything that you can play, simply by plugging the output of whatever you use to play it into the line-in on your PC. If they somehow prevent that, you can still record anything using a microphone, as long as you can somehow get sound waves out of it.
Also, is it really right to try and stop all copying? I absolutely cannot stand any kind of data being held within a single physical object, especially such a fragile one as a CD. I keep most of my CDs backed up onto two locations, but I steadfastly refuse to play the music on more than one location at a time, or share it with a friend. There can't be very many people in the world who would want to rip the musicians off, and not posess the necessary technical skills to bypass copy protection. The slightest hint of copy protection on a CD in my posession prompts me to try and create a "pure" copy, just because I can't stand my data being defiled by such things.
Certainly, it is stupid to incorporate Windows trojans into the CDs. People trust the music companies; at least, they did. Things like this must really lower people's trust - especially since they try to disuade people from piracy by saying that pirate copies may contain trojans. I will certainly be very reluctant to insert a CD into a Windows computer without the shift key held down in the future.
//Information does not want to be free; it wants to breed.
Audio CD Protections, in brief:
- Zeroth Generation (the Click Generation):
* Weak Sectors in ATIP: TTR Technologies MusicGuard (never deployed)
Flat out doesn't work at all, you probably wouldn't even notice they'd done anything. Any Lite-On, BenQ or Plextor wouldn't even skip a beat. Only CD-ROM tested which even gave a damn was a Sony (heh), the drive in the PlayStation 1 to be precise. Didn't get a contract, so TTR partnered with Macrovision, and tried harder. Much harder. Much too hard, in fact.
* Weak Sectors causing C2 Errors in Audio: TTR Technology/Macrovision SAFEAUDIO (limited deployment), Settec Alpha-Audio D-Type (data type, never deployed)
Extremely rare, no longer used; the market overwhelmingly rejected it, which is to say, it broke a music exec's speakers. High channel return rate because of obscenely low compatibility, duplicators returning whole batches as bad pressings because they couldn't perform any useful QA on discs deliberately damaged to this extent. Useless. (TTR apparently liquidated.)
Archiving: Alternate CDFS.VXD tools for Win9x may work, as they interpolate in exactly where SAFEAUDIO puts corruption. Other than that, deliberate damage = not perfectly playable, or rippable. Effectively an analogue medium with huge deliberate noise spikes. Use a mint disc, do the best you can, and high-order-interpolate over the scratches (Adobe Audition or something), just like archiving vinyl.
- First Generation (The Anti-CD Generation):
Archiving all first-generation formats merely needs a Good Drive and Good Software with Good Settings. Can be divided into roughly three groups:
* High Jitter Spike: Cactus Data Shield (classic): CDS-100/CDS-200, First4Internet XCP-Aurora XCP "Red"
(0'09", insert bad CIRC sector, 1200 weak sector/desync, 2 *blank* sectors with no sync, then start again with normal data.) Intent: Cause a "hiccup" during a burstmode rip which would be absorbed by a CD player's (tiny) buffer. Reality: Any quality drive firmware, buffer, or jitter correction, means you won't even skip a beat. Might slow down a little, but that's all. Now only marketed for internal releases/promos.
* Malformed TOC/Evil Session with no player: Early Sony key2audio (1.0), Settec Alpha-Audio S-Type (session type), First4Internet XCP-Aurora XCP1
Bread and butter, it's simple; include a normal or malformed TOC, and sprinkle liberally with a seriously malformed second session, relying on CD-ROMs being multisession and CD players being single session only.
* Malformed TOC/Evil Session with autorun player: Sony key2audio, SunnComm MediaClòQ
Differs from the above only in the second session being malformed, but having a valid data track containing a DRMv2 WMA player (or downloader). Players have evil EULAs, and may interfere with ripping while the player is running (although the first version of the key2audio player that appeared actually shifts the session enough to allow flawless ripping while the player is running...!) but as far as known, they don't leave behind malicious software.
- Second Generation (The Autorun Generation):
Rate of returns was still high, so Macrovision tried a weaker system with a much higher false negative, but a much lower false positive. Actually caught on; almost no returns. They could actually put the CD logo on these if they wanted.
* Valid CD-Extra with autorun player: Macrovision CDS-300, Macrovision TotalPlay CD, Alpha-Audio M-Type (main type)
Player (MS-DRMv2, as usual) interferes with ripping (while it's running) but doesn't seem to leave any malicious software behind. If the autorun isn't run (disable it, or hold SHIFT while inserting CD and be careful in Explorer) or supported, it's a normal CD-Extra. First session is valid Red Book.
- Third Generat