Adobe's ADEPT DRM Broken

An anonymous reader writes "I love cabbages has reverse-engineered Adobe's ADEPT DRM (e-book protection). On February 18, I love cabbages released code that decrypts EPUB e-books protected with ADEPT and followed that up on February 25, with code that decrypts PDF e-books protected with ADEPT. On March 4, I love cabbages was given a DMCA take down notice. And there's plenty of evidence he got it right. DS:TNG (Dmitry Sklyarov: The Next Generation)?"

and...

[greengrass]

DRM is like trying to make water not wet.

Re:and...

[flyingfsck]

It is easy to make water 'not wet'. There is lots of it out here today. Minus 21 Celsius, almost tropical.

Re:and...

That's not quite right.

To use Bruce Schneier's analogy, it's more like trying to make a safe secure.

There's not such thing as a secure safe. Ultimately, it is not the locks and thick walls of a safe that protects the safe's contents. It is what economists would call "opportunity costs". Why am I wasting my time praying I can cut through this damn thing with a thermal lance before people return for work on Monday morning when I could make easier money doing something else, like panhandling or flipping burgers?

Safes only need to be sufficiently secure that their contents aren't worth stealing; they needn't be any more secure than that. You don't buy a million dollar safe to keep your petty cash in, or for holding cheap costume jewelry. Likewise, DRM only needs to be sufficient secure that people don't bother getting around it. What the recording industry provides is not infinitely valuable, so DRM needn't be infinitely strong.

The obsession of the recording industry with unbreakable DRM isn't rational. It probably reflects a guilty conscience.

If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit? Anybody who is chary of losing access to their DRM purchases is reassured that they will always have access to it, but the vast majority won't ever bother. Of course that means the content would appear illegal sharing sites, but that was going to happen anyway.

In a sense, that's where Apple is with Fairplay. It's been cracked for ages, but at $0.99/track, almost nobody bothers.

Re:and...

[adiposity]

Your attempts to make it a "certifiable pain in the ass" will be rendered as useless as the attempts to an DRM "uncrackable" will be. Instead of having to find a way to crack the DRM, they will start with one. Their only job will be to make it quick and easy. And if the "pain in the ass" method is too ugly to automate, they will properly crack your DRM and make it even easier. Since an exploit is already known, a "proper" crack might even be easier to create.

And Fairplay has been cracked for ages, but Apple keeps changing it to make it a PITA to always have access to the latest crack. That's where the future of DRM lies: change the codes every week and have devices that can download the latest codes. Pretty soon it just sucks to be an uncertified client. Sure, you can always find a way around it if you really need to (say you need to move your entire iTunes library to another computer because your old computer is being upgraded), but for casual piracy, not worth it.

-Dan

Re:Hey, why not just steal GPL code?

[Nursie]

Non-sequitur

Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy. Removing DRM so that consumers have a choice over how and when to use content they have paid for is a great thing.

It is regrettable that these developments are also massive boosts for piracy, but without this sort of action there would be no DVD playback on Linux.

Re:Hey, why not just steal GPL code?

[The+Warlock]

Because sometimes (read: very often) the DRM will prevent the end-user from exercising rights he would have under standard Fair Use doctrines.

Re:Hey, why not just steal GPL code?

[TheRaven64]

I can't believe that this nonsense keeps being repeated. The GPL (a license I don't really like, but respect) is a distribution license. It follows both the spirit and the letter of copyright law, allowing the original author to restrict how people copy their work. DRM, in contrast, restricts how people use their work. This is counter to the spirit of copyright law - there's a reason it's called copyright not useright - and is antithetical to Free Software. Note that even laws like the DMCA talk about copy protection, rather than DRM. They are not the same thing. Copy protection only prevents copying, while DRM prevents various forms of use, for example annotating a PDF or playing a DVD from a different country.

Re:Hey, why not just steal GPL code?

[js_sebastian]

Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy.

As a rights-holder? Bull. Shit. "You have the right to use content provided you do so in a manner consistent with the license provided with it." That's the same basic principle protected in the GPL, as well as in DRM-licensing terms.

You fail (again). The GPL does not, in any way, restrict your use of the licensed code. It only restricts the way you redistribute that code (if you should choose to do so). And, newsflash, even if the GPL wanted to restrict your use, it couldn't, because the GPL is based on copyright law. A license can only grant you MORE freedom than is already allowed to you by copyright law. And copyright law regulates distribution, not private usage.

Re:Hey, why not just steal GPL code?

[steelfood]

Copyright law allows the rights-holder to determine the conditions upon which they are willing to give you rights to use the content.

Wow. You failed twice in a row, and some idiot mod still modded you up.

Copyright. Read it carefully. Say it out loud. It is literally the right to copy. Copyright only deals with redistribution, whether in original or modified form. It does not deal with usage. Get it into your thick skull already; copyright cannot stop you from using what you bought the way you want it. It only stops you from copying what you bought and giving it to others. (Fair use covers the part where you copy something for backup purposes.)

Seesh. Get it right, or go troll somewhere else.

Re:Took down the links, not the content..

[skeeto]

Or on Freenet, where it is impossible for anyone to remove,

CHK@Lxdd7kNnDxsKDbJvN954w8VVTkyeXriXBc~CZQi7yh0,CpQsd8KQkbzeRnfpY4tprGAlt2LYjIKtwVdDYXWY~nE,AAIC--8/ineptpdf.pyw

CHK@0sthR-c3bxeDPtyRP4vLst4MKLAYunyPgL3DFgijAR4,GLU99yTKNtuIx9A54tvh20XisaAPwCcul58wTmTKjRE,AAIC--8/ineptkey.pyw

Re:Hey, why not just steal GPL code?

[RobBebop]

At this point this discussion should probably be modded Flaimwar, but from the biased opinion of a self-publisher and a GPL content consumer, I think both arguments are correct. GPL advocates need to differentiate why they should be able to disable the rights claimed by DRM content or else it comes off as "we want freedom to do what we want (in the interests of consumers) AND to prevent you from doing what you want (in the interests of producers).

Not respecting the rights that DRM imposes isn't too far off from not respecting the right that GPL imposes. Either copyright is valuable, or it isn't. Pick a side.... and know that you can't have your cake and eat it too. There are benevolent and greedy consequences on each side of the copyright argument.