FairUse4WM News

A couple of weeks I ago I wrote about the battle between Microsoft's DRM system and FairUse4WM, which breaks it. The news for this week is that Microsoft has patched their security against FairUseWM 1.2 and filed a lawsuit against the program's anonymous authors, and those same anonymous authors have released FairUse4WM 1.3, which breaks the latest Microsoft patch.

We asked Viodentia about Redmond's accusation that he and/or his associates broke into its systems in order to obtain the IP necessary to crack PlaysForSure; Vio replied that he's "utterly shocked" by the charge. "I didn't use any Microsoft source code. However, I believe that this lawsuit is a fishing expedition to get identity information, which can then be used to either bring more targeted lawsuits, or to cause other trouble." We're sure Microsoft would like its partners and the public to think that its DRM is generally infallible and could only be cracked by stealing its IP, so Viodentia's conclusion about its legal tactics seems pretty fair, obvious, and logical to us.

What's interesting about this continuing saga is how different it is from the normal find-vulnerability-then-patch sequence. The authors of FairUse4WM aren't finding bugs and figuring out how to exploit them, forcing Microsoft to patch them. This is a sequence of crack, fix, re-crack, re-fix, etc.

The reason we're seeing this -- and this is going to be the norm for DRM systems -- is that DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work. Anyone looking for a demonstation that technical DRM is doomed should watch this story unfold. (If Microsoft has any chance of winning at all, it's via the legal route.)

Posted on September 28, 2006 at 12:55 PM • 37 Comments

Comments

nzrussSeptember 28, 2006 1:40 PM

From what i've read around the place, it didnt "break" the DRM. The "FairUse4WM" software read the unecvrypted music stream from system memory. - In my opi-onion if it went to jury trial, it'd probably be thrown out - nothing was circumvented, and nothing was broken. (not much different than holding a mic up to the speaker)

What I think makes this wrong is Microsoft are suing a 'John Doe' as they dont know who the 'hacker' is. As he/she is not there to represent themself are found guilty by default. (This is the same tactics the RIAA uses to sue file sharers.).

Once the 'hacker' is identified, they are already guilty. They then have to initiate a court hearing to have the decision overturned (costly etc).

NicSeptember 28, 2006 1:59 PM

@nzruss

In terms of the DMCA, holding up a mic to the speaker to record previously encrypted data can can probably be argued to be a means of circumventing encryption.

derfSeptember 28, 2006 2:07 PM

Give out the encrypted file, give out the keys to use it (in the software player), allow it to be used (though in slightly crippled ways) on analog equipment, and then they wonder how the encryption was broken. PC speakers are analog devices, so will we need some HDMI equivilent soon for audio? How far are the software and media companies willing to go to offend their users in order to try to gain their compliance?

Erik NSeptember 28, 2006 2:49 PM

@nruss:

"As he/she is not there to represent themself are found guilty by default."

Are you serious? In which country? In Denmark, the defendent has to be told personally of any charges before the case can begin - at least unless this is a criminal act.

Of course people can simply dissappear, this also happens at times and cases expire.

But even if the case goes on with the defendant in absentia, he will be represented by a defense laywer to run his case. This is equivalent to the defendant using his right not to speak in court.

I find it disturbing if there truly are countries where people are guilty by default unless they meet in court.

RichSeptember 28, 2006 3:03 PM

@Nic
"In terms of the DMCA, holding up a mic to the speaker to record previously encrypted data can can probably be argued to be a means of circumventing encryption."

No. An analog recording of digtal media is not a violation.

foQSeptember 28, 2006 3:30 PM

Yes, these are the kinds of tactics that the RIAA uses to get "summary judgements" declared against anonymous defendants. These judgements merely ask the court to allow them to get discovery from the other side. While this may be a slimy legal loophole around actually having evidence that anyone broke the law, it is probably legal in any jurisdiction that allows for discovery. Also, please note that these are civil charges, not criminal. But then again, what do I know IANAL.

However, I think it would be interesting if someone pressed charges against Microsoft for attempting to defraud the court -- they know that no source code was stolen. They're just out to try to get the guy into court and strongarm him into surrendering. But from what I understand, he isn't in the US, so it's all a moot point. Microsoft will be left holding a bunch of IP random addresses, probably of TOR proxies or something similar.

elkSeptember 28, 2006 3:33 PM

offtopic---Bruce, when will the podcast continue? I don't see anything past July. I miss them!

AlanSeptember 28, 2006 3:35 PM

A John Doe lawsuit can't find anyone liable. It just allows Micro$oft to issue subpoenas to ISP's, etc., to obtain information like IP addresses, customer information, etc. If they are able to uncover the identity of the hacker, then they will amend their complaint to specifically name him as the defendant and attempt to serve him.

maxSeptember 28, 2006 4:55 PM

The reason this is broken so easily is because the hardware platform is not locked down. If MS/Intel follow through on their "trusted computing" initiative, hacking this stuff will become way more complicated. I think that after couple iterations they might actually get it right, and it will become unbreakable (assuming that you are unwilling to put microphone next to your speakers). Also, I don't see why it would be impossible to create portable devices that would be compatible with the standard, and work seamlessly with PCs and each other (cue in Zune). In short -- in my opinion we might live to see the world where all digital media will be DRM-ed, and there will be little we'll be able to do about it.

DanSeptember 28, 2006 5:09 PM

@nzruss

I think it's fair to call FairUse4WM a "break", regardless of whether it actually breaks the encryption or whether it just sneaks around it.

Just because it doesn't "play fair" doesn't make it any less effective as a break. As if there were rules of fair play in cryptography.

maxSeptember 28, 2006 5:13 PM

In addition: to see where this is going, it's helpful to look at xbox and xbox360. The first one was broken very quickly, and you could do pretty much anything with it. The current unit is holding up nicely. The most hackers were able to do is to fool the DVD drive to allow usage of "backed up" games... And this after quite a lot of time was spent by a community of dedicated hackers seasoned in working on the original xbox...

AnagrumpySeptember 28, 2006 5:14 PM

And I thought he was making a point about electronic voting-machine fraud:
vote I and I

AlanSeptember 28, 2006 5:36 PM

I don't think the xbox hacking is comparable. The goal of hacking the xbox is to make use of the hardware to run your own programs -- its the hardware that has to be "unlocked", by making minimal, inexpensive changes. The end result is a hardware modification that costs significantly less than the xbox itself. This problem may not have a solution.

The goal of defeating DRM is to use the data. You can throw any hardware at the problem you want, and make any changes to the hardware you want, as long as you can eventually use the data on standard, general purpose computer. The end result of DRM hacking is a software algorithm that duplicates the decoding process required by the DRM. There is definitely a solution to this problem.

Mike LSeptember 28, 2006 7:02 PM

@derf
"How far are the software and media companies willing to go to offend their users in order to try to gain their compliance?"

Back in 2002 Gordon Mohr came up proposed the idea of DRM Helmets.

http://www.oreillynet.com/1540.html

While most people familiar with DRM got a good laugh out of the idea I'm sure some RIAA/MPAA execs are busily thinking up ways of selling it to Congress.

Jamie FlournoySeptember 28, 2006 7:02 PM

@max
>in my opinion we might live to see the world where all digital media will be DRM-ed,
>and there will be little we'll be able to do about it.

And what would cause the artists and hardware makers and customers to buy into this future scenario? The ever-decreasing influence of the record industry? I think not.

The only people who want DRM are the people who are afraid of losing their grip over the industry. The rest of us don't want it, and we're winning.

Mike LSeptember 28, 2006 7:03 PM

@derf
"How far are the software and media companies willing to go to offend their users in order to try to gain their compliance?"

Back in 2002 Gordon Mohr came up with the idea of DRM Helmets.

http://www.oreillynet.com/1540.html

While most people familiar with DRM got a good laugh out of the idea I'm sure some RIAA/MPAA execs are busily thinking up ways of selling it to Congress.

J.September 29, 2006 1:47 AM

Much like with software, the goal of DRM is not to be unbreakable. The goal is to be unbreakable for the common man, and to get those common men used to the fact that we do not own what we buy. We license what we buy, and are restricted in our usage. After DRM has been proven to be unsuccesful, the industries, not willing to change their current business models, will opt for hardware DRM. Ofcourse, it will be introduced under a guise of fear, for example viruses, terrorism kiddie prnn, or whatever the latest trend is in a few years (return of the witches? the communists? aliens? :). Besides that, it'd strategically be pushed together with a new feature. Microsoft Windows Blackcomb, for example: "Guaranteed virus-free!"

"The reason this is broken so easily is because the hardware platform is not locked down. If MS/Intel follow through on their "trusted computing" initiative, hacking this stuff will become way more complicated. I think that after couple iterations they might actually get it right, and it will become unbreakable (assuming that you are unwilling to put microphone next to your speakers)."

(I refuse to call it trusted computing, calling it hardware DRM instead. More accurate. I'm not into unpaid advertising or unpaid propaganda, you know.)

There's always the analog hole. While not pretty, it will be worth it for a lot of cheapskates. Hoards of them in the P2P community. I wonder, if my speakers are non-DRM and are using digital cables, then could I use a computer + digital cables to a non-DRM computer and record it over there?

Europe is also pushing DRM really hard. AFAIK the only non-DRM music service serving commercial pop music on the Internet is eMusic. Then again, the new trend on video seems to be non-DRM and quite big, for now.

OllySeptember 29, 2006 4:04 AM

So - Microsoft are alleging that viodentia must have stolen source code in order to crack the DRM. Does that mean he also got hold of the source code for the all the patches? Within days of them being released?

Or is it more likely that the DRM is broken in a more fundamental way?

C GomezSeptember 29, 2006 8:05 AM

@Erik N:

It depends. If Microsoft is suing, it's probably in civil court. You aren't found guilty there. And you can serve someone in civil court by many different means if you can't find them. Disappearing is not, and should not be, a means to escape civil judgment. Otherwise every deadbeat in the world would escape child support.

In criminal court, you typically need to be found and that's where you have your criminal rights.

I don't know much about the DMCA. Perhaps it provides civil penalties. Personally, I would throw those civil penalties out. If the DMCA criminalizes activity, then its a crime. If it's a tort, then leave that to the common law. There's no need for Congress to regulate tort law of computer science. Pretty sure that isn't in Article I, Section 8.

SaxonSeptember 29, 2006 8:28 AM

As a tangent, I am currently considering buying a dog, and have noticed that many (most?) Breeders are trying to implement DRM (dog rights management) as well. They all have contracts they want you to sign, even if you only want a "pet-quality" animal, that basically boil down to a license from the breeder to operate a dog. If the breeder doesn't like how you treat your dog (or at least claims to) they reserve the right to sieze the dog with no remuneration. I thought it was an interesting parallel to the comment above regarding not actually owning the thing you "bought".

RDRMSeptember 29, 2006 9:20 AM

@Bruce: "The reason we're seeing this -- and this is going to be the norm for DRM systems -- is that DRM is fundamentally an impossible problem."

And, the reason we're seeing DRM systems is the same reason we see gaping security holes and numerous viruses. Publicity. Free prime time.

Check the pricing on advertising during the 6 o'clock news, people.

maxSeptember 29, 2006 9:24 AM

@alan:
"The goal of defeating DRM is to use the data. You can throw any hardware at the problem you want, and make any changes to the hardware you want, as long as you can eventually use the data on standard, general purpose computer. The end result of DRM hacking is a software algorithm that duplicates the decoding process required by the DRM."

Duh. The point of the "trusted computing", or HDRM, or whatever you want to call it is to replace your good ol' trusty computer with a machine that can be trusted by MS/RIAA (not necessarily by you). In their world you will not be able to run any unsigned code alongside with media-decrypting stuff. The BIOS will be signed, the boot sector will be signed, all the OS code and all the drivers will be signed... In my opinion the only question is whether the public will buy this stuff, not whether it will work...

BrianSeptember 29, 2006 9:45 AM

One of the things that the anti-DRM people have going for them is consumer sentiment. The tighter the DRM, the more it annoys end-users, and the more likely they are to use a competitor's service.

The Akuma service is selling mp3s that can be played anywhere. They use watermarking instead of copy-protection.

http://www.cio.com/blog_view.html?CID=24845

Josh PetersSeptember 29, 2006 11:03 AM

I wonder how much FairUse4WM has influenced Microsoft's choice to use a new DRM scheme for the Zune? I'm sure that the Zune's DRM will be broken after its release, but I would bet that the brokenness of the PlaysForSure DRM has led to such revamping of the system.

JohnTSeptember 29, 2006 2:51 PM

The only way to make truly unbreakable digital restrictions is to make the file totally unreadable to the end user. Not much of a market for that, though.

OSOctober 1, 2006 12:37 AM

@Schneier

Could you please elaborate why you believe that "DRM is fundamentally an impossible problem"?

thanks
OS

ThomasOctober 1, 2006 2:08 AM

@OS

I don't know about Briuce's reasons, but I believe anything brought to you by the same people that though CSS was a Good Idea is never going to work.

Getting this stuff 100% right is probably impossible.
Getting it 99% right is probably worthless (*).
Getting it even 90% right is going to be much too expensive (in time, $$$ and loss of features) for your average PHB.

DRM is the poster-child of "security by obscurity". Bugs are dealt with by sueing those that find them under the DMCA.

It might _work_ (by allowing your business model to be profitable) but it will never _WORK_ (by making those darn bits un-copyable).

(*) Remember that you have to stop _EVERY_ attempt to copy the bits, not just 99.999% of them. Patching a flawed DRM product is useless if the old, unpatched version is still out there and can be exploited.

TKOctober 1, 2006 4:08 PM

As long as all directsound streams are played via a directsound compatible driver there should be no need to hack anything, just write a generic directsound driver that T's the data to both a selected soundcards directsound driver and a pcm or raw sound file that can then be processed into whatever format you like. You can then create your fair use backup incase MS obsoletes your purchased musics DRM or the DRM webservers go down or you find your purchased rights dissapear into the ether under some "in our sole discretion" T&C clause.

Fuck MicrosoftOctober 2, 2006 4:04 PM

Stop sending your money to Microsoft.

As long as you continue to buy products/services from Microsoft then you have no reason to complain, YOU are part of the problem and are too stupid to see this.

PaulOctober 3, 2006 3:43 PM

@derf:
HDMI does exist for audio. The HD-DVD format only allows for the newer lossless surround formats via HDMI 1.3.

Why..?

Because it's less about copy protection and more about license enforcement. DRM is an impossible problem to solve from a copy protection standpoint, but the DMCA makes it perfect to extort licensing fees from equipment manufacturers.

@OS:
the short reason that DRM is an impossible task is the playback equipment has a private key to decrypt the content with, so therefore somewhere on the device is the ability to get the cleartext.

DRM is to cryptography what alchemy is to chemistry. If alchemists were around in serious force today, they'd lobby congress to pass some sort of "lead is gold" act requiring us to pay gold like prices for their painted lead since you can't actually turn lead into gold.

As a software provider, there's always money to be made by convincing copyright holders who don't know better that you can implement "uncrackable" DRM, just as kings throughout history paid alchemists to come up with cheap gold.

Jennifer GranickOctober 5, 2006 2:55 PM

My take on the lawsuit is that Microsoft might believe that the people behind FairUse4WM are insiders, because of the speed with which the tool was released following the latest DRM updates. That’s the only way I can see this lawsuit making any kind of financial sense for the company.

For more about what I think: http://www.granick.com/blog/?p=479

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..