Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe's ADEPT DRM Broken

Posted by timothy on from the it-was-just-all-caps dept.

An anonymous reader writes "I love cabbages has reverse-engineered Adobe's ADEPT DRM (e-book protection). On February 18, I love cabbages released code that decrypts EPUB e-books protected with ADEPT and followed that up on February 25, with code that decrypts PDF e-books protected with ADEPT. On March 4, I love cabbages was given a DMCA take down notice. And there's plenty of evidence he got it right. DS:TNG (Dmitry Sklyarov: The Next Generation)?"

18 of 273 comments (clear)

  1. and... by greengrass · · Score: 5, Insightful

    DRM is like trying to make water not wet.

    --
    The MS "no sue/patent deal" with Novell/Xandros is like the Pope blessing a Jewish wedding
    1. Re:and... by flyingfsck · · Score: 4, Insightful

      It is easy to make water 'not wet'. There is lots of it out here today. Minus 21 Celsius, almost tropical.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    2. Re:and... by Anonymous Coward · · Score: 5, Insightful

      That's not quite right.

      To use Bruce Schneier's analogy, it's more like trying to make a safe secure.

      There's not such thing as a secure safe. Ultimately, it is not the locks and thick walls of a safe that protects the safe's contents. It is what economists would call "opportunity costs". Why am I wasting my time praying I can cut through this damn thing with a thermal lance before people return for work on Monday morning when I could make easier money doing something else, like panhandling or flipping burgers?

      Safes only need to be sufficiently secure that their contents aren't worth stealing; they needn't be any more secure than that. You don't buy a million dollar safe to keep your petty cash in, or for holding cheap costume jewelry. Likewise, DRM only needs to be sufficient secure that people don't bother getting around it. What the recording industry provides is not infinitely valuable, so DRM needn't be infinitely strong.

      The obsession of the recording industry with unbreakable DRM isn't rational. It probably reflects a guilty conscience.

      If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit? Anybody who is chary of losing access to their DRM purchases is reassured that they will always have access to it, but the vast majority won't ever bother. Of course that means the content would appear illegal sharing sites, but that was going to happen anyway.

      In a sense, that's where Apple is with Fairplay. It's been cracked for ages, but at $0.99/track, almost nobody bothers.

    3. Re:and... by Lonewolf666 · · Score: 3, Insightful

      To extend this analogy, a PC is like a safe to which you have to hide the key in the same room. Because in order to allow legitimate users access, the decryption mechanism including key must be in a piece of software on the PC.
      AFAIK all purely software based DRM schemes have been cracked within a few months so far (systems which hide the key in special hardware do better, see game consoles). And some people do it for the challenge, so the argument with opportunity costs does not work.

      If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit?

      Now you have created an incentive to create a user-friendly wrapper for the pain in the ass exploit. Which probably requires less hacking skill.

      --
      C - the footgun of programming languages
    4. Re:and... by dhaines · · Score: 3, Insightful

      It is easy to make water not wet. Not so easy to keep it not wet for the long term though -- at least not without constant maintenance or putting it in a place where people don't generally like to live.

      DRM: the arctic for content. (Additional costs may apply. Subject to climatic variation.)

    5. Re:and... by adiposity · · Score: 4, Insightful

      Your attempts to make it a "certifiable pain in the ass" will be rendered as useless as the attempts to an DRM "uncrackable" will be. Instead of having to find a way to crack the DRM, they will start with one. Their only job will be to make it quick and easy. And if the "pain in the ass" method is too ugly to automate, they will properly crack your DRM and make it even easier. Since an exploit is already known, a "proper" crack might even be easier to create.

      And Fairplay has been cracked for ages, but Apple keeps changing it to make it a PITA to always have access to the latest crack. That's where the future of DRM lies: change the codes every week and have devices that can download the latest codes. Pretty soon it just sucks to be an uncertified client. Sure, you can always find a way around it if you really need to (say you need to move your entire iTunes library to another computer because your old computer is being upgraded), but for casual piracy, not worth it.

      -Dan

  2. Re:Hey, why not just steal GPL code? by Nursie · · Score: 5, Insightful

    Non-sequitur

    Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy. Removing DRM so that consumers have a choice over how and when to use content they have paid for is a great thing.

    It is regrettable that these developments are also massive boosts for piracy, but without this sort of action there would be no DVD playback on Linux.

  3. Re:Hey, why not just steal GPL code? by The+Warlock · · Score: 4, Insightful

    Because sometimes (read: very often) the DRM will prevent the end-user from exercising rights he would have under standard Fair Use doctrines.

    --
    I've upped my standards, so up yours.
  4. Re:Hey, why not just steal GPL code? by TheRaven64 · · Score: 5, Insightful

    I can't believe that this nonsense keeps being repeated. The GPL (a license I don't really like, but respect) is a distribution license. It follows both the spirit and the letter of copyright law, allowing the original author to restrict how people copy their work. DRM, in contrast, restricts how people use their work. This is counter to the spirit of copyright law - there's a reason it's called copyright not useright - and is antithetical to Free Software. Note that even laws like the DMCA talk about copy protection, rather than DRM. They are not the same thing. Copy protection only prevents copying, while DRM prevents various forms of use, for example annotating a PDF or playing a DVD from a different country.

    --
    I am TheRaven on Soylent News
  5. Re:Not really a new Sklyarov by MBGMorden · · Score: 3, Insightful

    Since when was the definition of copyright infringement extended, so any tool that got passed ineffective access controls, could automatically be configured infringement?

    The DMCA takedown rules should require a work to actually be infringing...

    Nope - DMCA defines extra crimes involving copyrighted works, but the crimes defined needn't be copyright infringement themselves. Namely, any program that facilitates the disabling of any copy protection device violates the DMCA. Doesn't matter how it does it or the technical details. I don't think there's any question that this program was breaking the letter (and hell, the spirit) of the law when it comes to the DMCA.

    The problem is that the DMCA itself is a bad and unfair law. Bad and unfair laws result in bad and unfair application. You can either live with it, ignore it, or try to change it. Geeks don't have the lobbying power to change it, nor the will power to just live with it, so far the most part we just ignore that law, only complying as a token gesture as needed. I mean really - this guy has now complied with Adobe's takedown notice, but the code was released into the wild. At this point the cat is out of the bag.

    Though really - why don't we start posting these things on foreign servers to begin with? Put it up on The Pirate Bay or something for goodness sakes. DMCA takedown notices mean little in areas where the DMCA doesn't apply.

    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
  6. GPL vs. DRM: DRM goes against the copyright spirit by jonaskoelker · · Score: 3, Insightful

    The thing is, the legal framework, the right of the copyright holder to issue a license, is the same for software with DRM as it is without.

    As I understand it, the purpose of copyright is to secure for creators a limited time monopoly on the rights necessary for selling the creation, in return for them eventually enriching the cultural (and, in the case of software, technological) commons.

    Some kinds of DRM prevent or obstruct use of the work in such a way that when the work enters the public domain, it doesn't enrich the commons in practice. It's like being given a car wreck that's in really bad shape: sure you can sell it as scrap metal, but it's worth so little that you're better off ignoring it.

    For this reason, I think one can argue that DRM (with certain properties) goes against the spirit and purpose of copyright law, and the argument doesn't apply to GPL'ed software.

  7. Re:Hey, why not just steal GPL code? by Dredd13 · · Score: 3, Insightful

    The rights-holder is the sole arbiter of the "conditions of the distribution of their content". If they want to distribute content to you which you are forbidden to use in months which end in "Y" that is their right. You're free as a consumer to say "that's horse-shit," and not purchase their content at all. But at the end of the day, the copy of the content was given to you, after an exchange of moneys, based on an agreement (the license agreement). If you're unhappy with the license agreement you're now bound by, please feel free to read the license more closely in the future. If the license wasn't adequately provided to you prior to purchase (e.g., license agreements INSIDE software boxes, etc.) feel free to use the court system to get your money back, or to prove that those particular agreements are invalid. But what you don't get to do is simply ignore the copyright restriction when it isn't convenient for you.

  8. Re:Hey, why not just steal GPL code? by js_sebastian · · Score: 5, Insightful

    Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy.

    As a rights-holder? Bull. Shit. "You have the right to use content provided you do so in a manner consistent with the license provided with it." That's the same basic principle protected in the GPL, as well as in DRM-licensing terms.

    You fail (again). The GPL does not, in any way, restrict your use of the licensed code. It only restricts the way you redistribute that code (if you should choose to do so). And, newsflash, even if the GPL wanted to restrict your use, it couldn't, because the GPL is based on copyright law. A license can only grant you MORE freedom than is already allowed to you by copyright law. And copyright law regulates distribution, not private usage.

  9. Re:Hey, why not just steal GPL code? by steelfood · · Score: 4, Insightful

    Copyright law allows the rights-holder to determine the conditions upon which they are willing to give you rights to use the content.

    Wow. You failed twice in a row, and some idiot mod still modded you up.

    Copyright. Read it carefully. Say it out loud. It is literally the right to copy. Copyright only deals with redistribution, whether in original or modified form. It does not deal with usage. Get it into your thick skull already; copyright cannot stop you from using what you bought the way you want it. It only stops you from copying what you bought and giving it to others. (Fair use covers the part where you copy something for backup purposes.)

    Seesh. Get it right, or go troll somewhere else.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  10. Re:Hey, why not just steal GPL code? by multisync · · Score: 3, Insightful

    The point is that while you or I may not necessarily care "how" someone uses it, some people DO care how people use it, and they've got the right to have you agree not to use it in a conflicting way before they give you the content.

    So the manufacturer gets to decide how we use their product after we purchase it? Kellogs can prevent me from using their product to make Rice krispie squares? You don't believe in private property?

    I think you need to think this through a little.

    --
    I don't care why you're posting AC
  11. Re:Took down the links, not the content.. by skeeto · · Score: 5, Insightful

    Or on Freenet, where it is impossible for anyone to remove,

    CHK@Lxdd7kNnDxsKDbJvN954w8VVTkyeXriXBc~CZQi7yh0,CpQsd8KQkbzeRnfpY4tprGAlt2LYjIKtwVdDYXWY~nE,AAIC--8/ineptpdf.pyw

    CHK@0sthR-c3bxeDPtyRP4vLst4MKLAYunyPgL3DFgijAR4,GLU99yTKNtuIx9A54tvh20XisaAPwCcul58wTmTKjRE,AAIC--8/ineptkey.pyw

  12. Re:Hey, why not just steal GPL code? by RobBebop · · Score: 4, Insightful

    At this point this discussion should probably be modded Flaimwar, but from the biased opinion of a self-publisher and a GPL content consumer, I think both arguments are correct. GPL advocates need to differentiate why they should be able to disable the rights claimed by DRM content or else it comes off as "we want freedom to do what we want (in the interests of consumers) AND to prevent you from doing what you want (in the interests of producers).

    Not respecting the rights that DRM imposes isn't too far off from not respecting the right that GPL imposes. Either copyright is valuable, or it isn't. Pick a side.... and know that you can't have your cake and eat it too. There are benevolent and greedy consequences on each side of the copyright argument.

    --
    Support the 30 Hour Work Week!!!
  13. Re:Hey, why not just steal GPL code? by ericrost · · Score: 3, Insightful

    Where did I agree to those terms and conditions when purchasing a DVD or CD @ Best Buy?

    --
    My Babylon