Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe's ADEPT DRM Broken

Posted by timothy on from the it-was-just-all-caps dept.

An anonymous reader writes "I love cabbages has reverse-engineered Adobe's ADEPT DRM (e-book protection). On February 18, I love cabbages released code that decrypts EPUB e-books protected with ADEPT and followed that up on February 25, with code that decrypts PDF e-books protected with ADEPT. On March 4, I love cabbages was given a DMCA take down notice. And there's plenty of evidence he got it right. DS:TNG (Dmitry Sklyarov: The Next Generation)?"

32 of 273 comments (clear)

  1. and... by greengrass · · Score: 5, Insightful

    DRM is like trying to make water not wet.

    --
    The MS "no sue/patent deal" with Novell/Xandros is like the Pope blessing a Jewish wedding
    1. Re:and... by flyingfsck · · Score: 4, Insightful

      It is easy to make water 'not wet'. There is lots of it out here today. Minus 21 Celsius, almost tropical.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    2. Re:and... by fuzzyfuzzyfungus · · Score: 4, Funny

      Which is why "chilling effects" are a favorite technique...

    3. Re:and... by Anonymous Coward · · Score: 5, Insightful

      That's not quite right.

      To use Bruce Schneier's analogy, it's more like trying to make a safe secure.

      There's not such thing as a secure safe. Ultimately, it is not the locks and thick walls of a safe that protects the safe's contents. It is what economists would call "opportunity costs". Why am I wasting my time praying I can cut through this damn thing with a thermal lance before people return for work on Monday morning when I could make easier money doing something else, like panhandling or flipping burgers?

      Safes only need to be sufficiently secure that their contents aren't worth stealing; they needn't be any more secure than that. You don't buy a million dollar safe to keep your petty cash in, or for holding cheap costume jewelry. Likewise, DRM only needs to be sufficient secure that people don't bother getting around it. What the recording industry provides is not infinitely valuable, so DRM needn't be infinitely strong.

      The obsession of the recording industry with unbreakable DRM isn't rational. It probably reflects a guilty conscience.

      If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit? Anybody who is chary of losing access to their DRM purchases is reassured that they will always have access to it, but the vast majority won't ever bother. Of course that means the content would appear illegal sharing sites, but that was going to happen anyway.

      In a sense, that's where Apple is with Fairplay. It's been cracked for ages, but at $0.99/track, almost nobody bothers.

    4. Re:and... by PopeRatzo · · Score: 4, Interesting

      Right.

      The problem is that the Entertainment/Industrial Complex believes there's a lot more money in the safe than there really is.

      The "Sita Sings the Blues" case proves that. Somebody thought that the intellectual "property" of a handful of songs from the 1930's was worth hundreds of thousands of dollars. They were wrong.

      So they take their anger out on "I love cabbages" and The Pirate Bay. It's futile, but try telling that to someone who's enraged that the "Rolex" they bought was really a fugazi.

      --
      You are welcome on my lawn.
    5. Re:and... by Lonewolf666 · · Score: 3, Insightful

      To extend this analogy, a PC is like a safe to which you have to hide the key in the same room. Because in order to allow legitimate users access, the decryption mechanism including key must be in a piece of software on the PC.
      AFAIK all purely software based DRM schemes have been cracked within a few months so far (systems which hide the key in special hardware do better, see game consoles). And some people do it for the challenge, so the argument with opportunity costs does not work.

      If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit?

      Now you have created an incentive to create a user-friendly wrapper for the pain in the ass exploit. Which probably requires less hacking skill.

      --
      C - the footgun of programming languages
    6. Re:and... by sjames · · Score: 4, Interesting

      Far worse for them, unlike the safe, anyone can take a 'crack' at it with no risk whatsoever. Nobody ever got carted off to jail because they were discovered cracking the DRM on Monday morning. You have as long as you care to spend to crack it.

      For some, the entertainment value of cracking the DRM (think of it as a puzzle) far exceeds the value (to them) of the content. Then, of course, there's the value of being recognized as an 'uber hacker' if you're the first to crack it. The harder the DRM is, the greater that value is.

      Because of that, weaker DRM might actually keep the content locked up longer (I believe that's what you're getting at by releasing DRM with an exploit). That certainly would reduce the entertainment value of finding a second way in.

    7. Re:and... by dhaines · · Score: 3, Insightful

      It is easy to make water not wet. Not so easy to keep it not wet for the long term though -- at least not without constant maintenance or putting it in a place where people don't generally like to live.

      DRM: the arctic for content. (Additional costs may apply. Subject to climatic variation.)

    8. Re:and... by adiposity · · Score: 4, Insightful

      Your attempts to make it a "certifiable pain in the ass" will be rendered as useless as the attempts to an DRM "uncrackable" will be. Instead of having to find a way to crack the DRM, they will start with one. Their only job will be to make it quick and easy. And if the "pain in the ass" method is too ugly to automate, they will properly crack your DRM and make it even easier. Since an exploit is already known, a "proper" crack might even be easier to create.

      And Fairplay has been cracked for ages, but Apple keeps changing it to make it a PITA to always have access to the latest crack. That's where the future of DRM lies: change the codes every week and have devices that can download the latest codes. Pretty soon it just sucks to be an uncertified client. Sure, you can always find a way around it if you really need to (say you need to move your entire iTunes library to another computer because your old computer is being upgraded), but for casual piracy, not worth it.

      -Dan

  2. Not really a new Sklyarov by muffen · · Score: 4, Informative

    The tools are not on the site anymore...

    But now what you're really here for - the PDF decryption tool: REMOVED. (And if you don't already have it, the key-retrieval tool: REMOVED.)
    Edit: Links to tools removed due to DMCA complaint from Adobe.

    This is not the next Dmitri, if anything, it may turn in to the new DeCSS as Adobe is trying to stop the tool(s) from spreading, which tends to have the opposite effect.
    I really wonder if it hadn't been better for Adobe not to say anything, now they are giving it publicity it wouldn't have had otherwise.

    1. Re:Not really a new Sklyarov by Dolohov · · Score: 4, Informative

      What do you expect them to do, wave a white flag and say "It's a fair cop, you got us"? They have a responsibility to their shareholders to do everything they can to protect a) their investment in creating the DRM in the first place, and b) the value of their licensed software and agreements with publishers.

      While I personally believe that Adobe would have been better-advised to have not bothered with this in the first place, DRM being particularly silly for text, they did. And because they did, saying nothing right now is not an option, or their shareholders could rightly accuse them of not being duly diligent. If the DeCSS/Streisand effect kicks in, well that's just part of the dance they started way back when.

    2. Re:Not really a new Sklyarov by MBGMorden · · Score: 3, Insightful

      Since when was the definition of copyright infringement extended, so any tool that got passed ineffective access controls, could automatically be configured infringement?

      The DMCA takedown rules should require a work to actually be infringing...

      Nope - DMCA defines extra crimes involving copyrighted works, but the crimes defined needn't be copyright infringement themselves. Namely, any program that facilitates the disabling of any copy protection device violates the DMCA. Doesn't matter how it does it or the technical details. I don't think there's any question that this program was breaking the letter (and hell, the spirit) of the law when it comes to the DMCA.

      The problem is that the DMCA itself is a bad and unfair law. Bad and unfair laws result in bad and unfair application. You can either live with it, ignore it, or try to change it. Geeks don't have the lobbying power to change it, nor the will power to just live with it, so far the most part we just ignore that law, only complying as a token gesture as needed. I mean really - this guy has now complied with Adobe's takedown notice, but the code was released into the wild. At this point the cat is out of the bag.

      Though really - why don't we start posting these things on foreign servers to begin with? Put it up on The Pirate Bay or something for goodness sakes. DMCA takedown notices mean little in areas where the DMCA doesn't apply.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
  3. Re:Hey, why not just steal GPL code? by Nursie · · Score: 5, Insightful

    Non-sequitur

    Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy. Removing DRM so that consumers have a choice over how and when to use content they have paid for is a great thing.

    It is regrettable that these developments are also massive boosts for piracy, but without this sort of action there would be no DVD playback on Linux.

  4. Re:Hey, why not just steal GPL code? by The+Warlock · · Score: 4, Insightful

    Because sometimes (read: very often) the DRM will prevent the end-user from exercising rights he would have under standard Fair Use doctrines.

    --
    I've upped my standards, so up yours.
  5. Re:Hey, why not just steal GPL code? by guruevi · · Score: 3, Informative

    Licensing is not copyright. Licensing is a contract you enter in depending on whether you want to use certain programs and it's code associated with. You can choose not to buy/use/change the program or you can haggle for better fitting licensing (whether it be cost or freedom). If you don't like it, make your own program that does the same job but better (or cheaper).

    Copyright is forced upon you whenever the creator creates his product. Even if you go to a library or book store and DON'T buy the book, the thing is still copyrighted and you can't make copies of it nor can you make a similar book with the same or a similar story.

    Copyrights are like patents in software/hardware. They prevent you from improving upon a certain work and they effectively lock the competition out of making anything that is vaguely similar or even an extension of a book.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:Hey, why not just steal GPL code? by TheRaven64 · · Score: 5, Insightful

    I can't believe that this nonsense keeps being repeated. The GPL (a license I don't really like, but respect) is a distribution license. It follows both the spirit and the letter of copyright law, allowing the original author to restrict how people copy their work. DRM, in contrast, restricts how people use their work. This is counter to the spirit of copyright law - there's a reason it's called copyright not useright - and is antithetical to Free Software. Note that even laws like the DMCA talk about copy protection, rather than DRM. They are not the same thing. Copy protection only prevents copying, while DRM prevents various forms of use, for example annotating a PDF or playing a DVD from a different country.

    --
    I am TheRaven on Soylent News
  7. Took down the links, not the content.. by XenoPhage · · Score: 5, Informative

    There is of course, Google Cache ...

    Or, you can just get it from pastebin:

    http://pastebin.com/f1cb3663c

    and

    http://pastebin.com/f26972321

    --
    XenoPhage
    Technological Musings
    1. Re:Took down the links, not the content.. by skeeto · · Score: 5, Insightful

      Or on Freenet, where it is impossible for anyone to remove,

      CHK@Lxdd7kNnDxsKDbJvN954w8VVTkyeXriXBc~CZQi7yh0,CpQsd8KQkbzeRnfpY4tprGAlt2LYjIKtwVdDYXWY~nE,AAIC--8/ineptpdf.pyw

      CHK@0sthR-c3bxeDPtyRP4vLst4MKLAYunyPgL3DFgijAR4,GLU99yTKNtuIx9A54tvh20XisaAPwCcul58wTmTKjRE,AAIC--8/ineptkey.pyw

    2. Re:Took down the links, not the content.. by steelfood · · Score: 4, Funny

      In other news today, Adobe sues Google.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  8. Re:Hey, why not just steal GPL code? by fuzzyfuzzyfungus · · Score: 5, Interesting

    "Copyright law" does not equal "technological enforcement of whatever terms somebody feels like enforcing".

    While some DRM-crackers are indeed, more or less unrelated(you don't see GPL proponents celebrating the availability of cracked copies of proprietary software), the DRM-crackers who stand up for our freedom to own and control our computers, rather than the other way around, have pretty much exactly the same objective as core GPL proponents.

  9. Re:Hey, why not just steal GPL code? by amiga3D · · Score: 5, Funny

    If anyone other than fat, neck-bearded, Cheeto-stained, basement-dwelling gruntwaffles actually *used* Linux

    Hey! I am not a gruntwaffle! Or....maybe I am...WTF is a "gruntwaffle?"

  10. GPL vs. DRM: DRM goes against the copyright spirit by jonaskoelker · · Score: 3, Insightful

    The thing is, the legal framework, the right of the copyright holder to issue a license, is the same for software with DRM as it is without.

    As I understand it, the purpose of copyright is to secure for creators a limited time monopoly on the rights necessary for selling the creation, in return for them eventually enriching the cultural (and, in the case of software, technological) commons.

    Some kinds of DRM prevent or obstruct use of the work in such a way that when the work enters the public domain, it doesn't enrich the commons in practice. It's like being given a car wreck that's in really bad shape: sure you can sell it as scrap metal, but it's worth so little that you're better off ignoring it.

    For this reason, I think one can argue that DRM (with certain properties) goes against the spirit and purpose of copyright law, and the argument doesn't apply to GPL'ed software.

  11. Re:Hey, why not just steal GPL code? by Dredd13 · · Score: 3, Insightful

    The rights-holder is the sole arbiter of the "conditions of the distribution of their content". If they want to distribute content to you which you are forbidden to use in months which end in "Y" that is their right. You're free as a consumer to say "that's horse-shit," and not purchase their content at all. But at the end of the day, the copy of the content was given to you, after an exchange of moneys, based on an agreement (the license agreement). If you're unhappy with the license agreement you're now bound by, please feel free to read the license more closely in the future. If the license wasn't adequately provided to you prior to purchase (e.g., license agreements INSIDE software boxes, etc.) feel free to use the court system to get your money back, or to prove that those particular agreements are invalid. But what you don't get to do is simply ignore the copyright restriction when it isn't convenient for you.

  12. Re:Hey, why not just steal GPL code? by js_sebastian · · Score: 5, Insightful

    Opening up DRM'd media so that it can legally be used in more situations by someone with a valid license is not the same as rampant piracy.

    As a rights-holder? Bull. Shit. "You have the right to use content provided you do so in a manner consistent with the license provided with it." That's the same basic principle protected in the GPL, as well as in DRM-licensing terms.

    You fail (again). The GPL does not, in any way, restrict your use of the licensed code. It only restricts the way you redistribute that code (if you should choose to do so). And, newsflash, even if the GPL wanted to restrict your use, it couldn't, because the GPL is based on copyright law. A license can only grant you MORE freedom than is already allowed to you by copyright law. And copyright law regulates distribution, not private usage.

  13. Re:Hey, why not just steal GPL code? by Chyeld · · Score: 4, Interesting

    The GPL is an additive license. You don't loose the right to do anything under it, you gain the right to do things you weren't otherwise allowed if you follow it.

    The DRM license an eBook is published under is subtractive, you don't gain anything from the license that your money hasn't already purchased. The sole point of the license is to force you to give up rights 'in favor' of the rights holder position.

    Apples and Oranges my friend.

    When you come up with a DRM backed license that at leasst actually gives, in exchange for what it's taking, something of value, then you might have an arguement. Till then, when I purchase a book, I expect to be able to use it. And since the law explicitly allows circumvention of DRM for the purposes of interoptability, I'd say so does the law.

  14. Re:Hey, why not just steal GPL code? by multisync · · Score: 4, Informative

    I'm really getting tired of these same straw men getting trotted out every time the issue of DRM comes up.

    So, to use your argument, if I wanted to argue that I should have the RIGHT to use the Linux kernel however I see fit (including, potentially, in a closed-source application), you'd be in favor of that.

    You bet. You may use GPL software in any way you see fit. Freedom 0 guarentees that:

    Freedom 0: The freedom to run the program for any purpose.

    In fact, the license specifically forbids a copyright holder from taking steps to control how you use the software. The GPL only puts restrictions on how the software is distributed. The only person being restricted by the GPL is the copyright holder.

    This is as it should be.

    DRM has nothing to do with copyright. It's purpose is to controls access to the copyrighted work, to control how the person who paid for the copyrighted work uses it.

    DRM is an attempt by copyright holders to claim additional rights for themselves beyond what copyright allows for. In many cases, it prevents citizens from exercising fair use without defeating it, making it incompatible with copyright law. If a copyright holder wishes to employ DRM, they should forfeit copyright protection, as they are not holding up their end of the bargain.

    ... right.... right?

    You know, one fucking "right" will do, thanks.

    --
    I don't care why you're posting AC
  15. Re:Hey, why not just steal GPL code? by steelfood · · Score: 4, Insightful

    Copyright law allows the rights-holder to determine the conditions upon which they are willing to give you rights to use the content.

    Wow. You failed twice in a row, and some idiot mod still modded you up.

    Copyright. Read it carefully. Say it out loud. It is literally the right to copy. Copyright only deals with redistribution, whether in original or modified form. It does not deal with usage. Get it into your thick skull already; copyright cannot stop you from using what you bought the way you want it. It only stops you from copying what you bought and giving it to others. (Fair use covers the part where you copy something for backup purposes.)

    Seesh. Get it right, or go troll somewhere else.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  16. Re:Hey, why not just steal GPL code? by steelfood · · Score: 4, Interesting

    Wow, all the trolls have come out of the woodwork.

    What makes you think people are going to stop creating works of art just because somebody else is going to copy them? What makes you think that people are going to stop singing, painting, writing, telling stories, just because somebody else can sing the same song, paint the same picture, write the same words and tell the same stories?

    Without copyright, people might not make money out of it. But nobody says people are supposed to make money for everything they do. Making money is not a right.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  17. Re:Hey, why not just steal GPL code? by multisync · · Score: 3, Insightful

    The point is that while you or I may not necessarily care "how" someone uses it, some people DO care how people use it, and they've got the right to have you agree not to use it in a conflicting way before they give you the content.

    So the manufacturer gets to decide how we use their product after we purchase it? Kellogs can prevent me from using their product to make Rice krispie squares? You don't believe in private property?

    I think you need to think this through a little.

    --
    I don't care why you're posting AC
  18. Re:Hey, why not just steal GPL code? by RobBebop · · Score: 4, Insightful

    At this point this discussion should probably be modded Flaimwar, but from the biased opinion of a self-publisher and a GPL content consumer, I think both arguments are correct. GPL advocates need to differentiate why they should be able to disable the rights claimed by DRM content or else it comes off as "we want freedom to do what we want (in the interests of consumers) AND to prevent you from doing what you want (in the interests of producers).

    Not respecting the rights that DRM imposes isn't too far off from not respecting the right that GPL imposes. Either copyright is valuable, or it isn't. Pick a side.... and know that you can't have your cake and eat it too. There are benevolent and greedy consequences on each side of the copyright argument.

    --
    Support the 30 Hour Work Week!!!
  19. Re:DMCA Takedown illegal? by Coopjust · · Score: 3, Informative

    Legally murky, as software with little or no purpose other than circumventing copy protection, software which is marketed for circumventing copy protection, or primarily designed to break protection would be a violation of US Code Section 1201, which would leave the service provider open for secondary infringement. So while the DMCA may not be the "right" way to ask, once the copyright holder has knowledge of a tool as described above, they could be legally liable if they don't remove it.

    As far as the legal ramifications of (possibly) abusing the "safe harbor provision", I'm not sure.

    Disclaimer: I am not a lawyer, this does not constitute legal advice, etc.

  20. Re:Hey, why not just steal GPL code? by ericrost · · Score: 3, Insightful

    Where did I agree to those terms and conditions when purchasing a DVD or CD @ Best Buy?

    --
    My Babylon