Well, I know it's quite an open question.
More specific questions could be:
Can you 'brute force' a drm'ed file?
When copying drm'ed files to a portable device such as iTMS -> iPod or WMA -> Whatever, is the file still drm'ed, or are you able to copy it back to another harddrive and play it without licence?

I don't expect any full length explanation here, but a couple of links would be great :-)

Edit: This is not one of them 'I need to l33t hax0r all my friend's files', I would really like some technical knowledge on the subject.

No kidding!


Yes, but there are far easier ways. See below.


Still DRM'd. The license/key to the file must be copied along with the file in that case.


Speaking in very broad terms, DRM is encryption. They encrypt the data in some way so that you cannot play it back without the key to unlock it. The key is just a series of bits that decrypts that file.

Now, the thing that sets DRM apart is that it's encryption that you *must* be able to decrypt. If you can't decrypt it, then you can't play it. So in other words, they have to give you the key, somehow. Giving you an encrypted file along with the key to decrypt it seems rather stupid, doesn't it? And the answer is yes, it is stupid.

The goal of DRM is to allow you to play back the thing but not to copy it. Of course, you can copy it, but since it's encrypted, the copy of just the file is no good. It won't play without the key. So they have to give you the key and hide that fact from you. The way they do this varies, but generally you have some program you have to run that gets the key and uses it to decrypt the file, but doesn't give you the key.

Hack that program, get the key, figure out the method, decrypt the file, save it unencrypted, and you break the DRM. This is far faster than brute force, it just requires brain power.

The security of all DRM methods relies on the difficulty involved in reverse engineering the program that is the real protection of the key. It also lies in figuring out the encryption methods (which used to often be non-standard and unpublished, but are now generally variations on standard forms of hard crypto).


In the specific case of iTunes and the iPod, the way it works is simple.

-Every file you purchase contains an account name (email address) that says who bought the file.

-To play the file, you must be "authorized". This is a fancy way of saying you must have the key.

-"Authorization" downloads your key from Apple's servers, and stores it. It stores it encrypted, actually. This is common in crypto methods, and it's called a "keyring". The keyring is protected by using various unique bits of your computer system to form the key to unlock the keyring. This prevents you from just transferring the keyring to as many PC's as you want, because the keyring has to be unlocked with unique bits from your computer.

-When you play the song in iTunes, iTunes unlocks the keyring, reads your account key, uses the key to unlock the file, and plays the file.

-When you transfer the song to an iPod, iTunes unlocks the keyring, reads your account key, and puts it on the iPod too, in a special place. The iPod then can use this to play back the DRM'd file.

And that's how it works. Naturally, like most DRM systems, it has been cracked. The crack is easy: Figure out how it unlocks the keyring. Then you can unlock the keyring, get the key, unlock the DRM'd file, and save it as an unencrypted, unprotected audio file.

So a big part of such a drm system is actually "security through obscurity"?

And have I understood it correctly, that if you have the drm'ed file, the licence key and a program than can unlock the licence key and decode the file, you can potentially create an unprotected file with no traces of the original 'owner'?
Do both AAC and WMA work this way?
If yes, then it all sounds like a short-lasting solution to me :-) There must be many users wanting to unprotect their legally bought files so they can play it on whatever equipment they like.

Thanks for an informing post :-)

Another thing, I've heard something about a technology which put some kind of a fingerprint directly on the sound, which doesn't prevent illegal copying but allows eg. the copyright holders to find the original owner of the file.
Do you know anything about this technology?

Edit: By the way - this also helps me understand why it's impossible to employ such a drm-system into formats like Ogg - Security through obscurity isn't really an option in open source ;-)

At the expense of some CPU time they could come up with a combined compression/encryption incorporating the user's account number as part of the key. Then there would be no such thing as a decrypted version of the file that wasn't also uncompressed. Shared compressed copies would have to accompanied by the key to be useful, so would be traceable. Shared uncompressed copies would be possible, but are not protected in any way as it is now.

Brute force can be applied to any encrypted content. It cannnot be prevented.


I might be wrong: They change the file a bit in such a way that these changes are not audible but can be detected later. For example, if you have a 16 bit wave file you can alter the lower 2 bits or even 4 bits and the new file will sound quite like the original. So you can store there some data. If this data is encrypted then it is impossible to prove its existance without knowing the encryption key and the only person who knows this key is the one who encrypted the file. Of course one can discard this 2 lower bits removing the copyright information. So this information must be stored in a different place inside the file but the general idea remains the same.

so is there only one valid key per file? Let's say me and my friend both bought the same song. Could he use his key to play my song? If not, wouldn't that mean that for each download the song has to be encoded again?

It's watermarking. Basically, you add en imperceptible but specific signal into the track. This signal being specific to the buyer, you can identify the buyer. The benefits is that it’s not in the format but in the content itself therefore even if you transcode it you still keep the trace of the buyer. This scheme was defeat during the well known SDMI contest. Pr Felten from Princeton University proved that it can be defeat easily and industrially. The trick is to compare two tracks with watermarks. The difference will reveal the watermark. It is then easy to blur or to remove it. Theoretically, a perfect psychoacoustic model should be able to remove it.
Moreover it has been said that watermarking is actually hearable, degrading the quality of the sound.
It is used on high resolution format like DVD-Audio and SACD. Each player adds a specific watermark on the analogue output. If a watermarked content is found on p2p, the specific watermark is identified. This player is added to a blacklist coded on each SACD and DVD-Audio (the CD itself, not the player). The following releases will not playable on that player because all the players check the blacklist. In that case, the unfortunate owner of the player should bring it back to the shop saying it doesn’t work and will be caught.

well, the question how much space such a blacklist would take...besides that, there are surely ways to get around that blacklist check...for instance using some Software that prevents the DVD-Drive from reading that part of the DVD or inserts some dummy 'blacklist'...that would also mean, the every DVD drive must have a unique Serial Number...something that could be altered by changing some bits of the firmware...

For instance, I have a copy protetcted CD and wanted to listen to it through my CD Drive. That didn't work, the drive kept reading and reading but couldn't get it's content...next thing I did, was starting EAC and inserted the CD again and all of a sudden the problem was solved. So there's a bunch of things you can do with Software...also, I guess many manufacturers will not implement this 'blacklist' protection in order to boost their sales...I mean, who doesn't buy a 'codefree' DVD player these days...

Well when they'll have blacklisted all the population of the earth, there will have no more bits for music


You can't barely read the hi-res content of DVD-Audio or a SACD with a DVD drive.


SACD and DVD-Audio players have one.


Probably


I guess they want to keep hi-res content fare from software precisely for this reason.
Anyway often you can get the content (not hi-res) out of the DVD-Audio or SACD because they make dual layer for compatibility reasons. So you can grab the CD or the DTS or the Dolby ac3 version out of a SACD or DVD-Audio disk.
Also it hasn't been proved that you can hear the extra information you can get thanks to these hi-res format. And maybe the difference you hear is the watermark

Finally, IF these format succeed, a work around will pop up

There is one thing I don't get... I know that some sites offer WMAs which can be copied 5 times (to portables), played back 1000 times and written on CD 1 time for example. Well... If I burn the track on the CD, I can then copy the song as WAV and the DRM is gone.

You do got it.
In France, the Fnac (kinda Megastore), launched a music distribution site with wma format. The Fnac encourage buyer to do so in order to back up and to play the music on the format the buyer wants (=mp3).

So what's the point having a play/copy count limitation when you can burn the file as audio CD?

I don't see another reason than stupidity.
Do you see another one?

You can burn as CD, but if that copy is recoded to mp3 for use in kazaa etc the quality will be degraded compared to shareing a 1st generation encode. That seems to be the same theory that itunes is using. Not perfect, but it makes sharing from a real CD more attractive, so the pressure is off the on-line vendors.

Warning: big long post:


Yes.


Yes. Since you have to have all these to play the thing, they have to give you all these in some fashion. Typically, the limitations of DRM are built into the playback/decoding program obeying certain rules. Change the program, or write your own, and you no longer have to obey those rules.


If by AAC you are really talking about iTunes FairPlay DRM, then yes. Fairplay has already been broken in this fashion.
Yes to WMA too, although nobody has broken it yet. They keep changing it so it's a moving target, and realistically people capable of cracking it just avoid WMA anyway since it sucks so much.


Yep. It's not just a short-lasting solution, it's actually an impossible goal to achieve. Anything I can playback, I can copy, and no amount of messing about is going to change that. Not now, not ever.


Yeah, it's called Watermarking. The gist is that you change the actual audio itself in very subtle ways that are slightly below the threshhold of human hearing. These would have enough redundancy to survive a couple of D2A and A2D conversions and such, and so you'd at least be able to tell which copy of the original protected file was used to make all these copies. It does work, but nobody implements it because it's unsuitable for a lot of reasons. For one thing, it changes the audio slightly, and this is hard to do on a per sold song basis and still keep it inaudible. Also it's fairly easy to remove, if you know it's there, so it's kind of useless too.


True, but also not a big deal. You could uncompress it and then recompress it with something else. Or, in theory, develop a codec that could deal with a separated file. Basically, any encryption combined with compression could be reverse engineered to separate the two. You could then produce a compressed, but decrypted file. The original codec might not be able to play it, but your magic new codec that you developed would. Just munge the data into another format.


Not necessarily. In theory, you could build it this way, such that each song needs it's own license. WMA works this way in some cases, I think.

iTunes works on a shared key concept. Every file you download from iTMS is encrypted at the time you download it. So if you download a song and your friend downloads the same song, and you compare them, they're different files, even though they decrypt to the same song. It doesn't have to be encoded again, just encrypted again, for every download. This is actually not a huge thing to do depending on your encryption and such.


The way you ask this question assumes that you think there is an actual answer.

DRM itself is an impossible task. It cannot be achieved. So the goal has slightly changed into simply making it harder to do what you want to do. So yes, you can buy a tune, burn it to an Audio CD, rerip it, and do what the heck you like with it. They really can't stop you from that. But they feel that not enough people will do this to matter.

Unfortunately, they haven't figured out that with P2P, it only takes one person to do this and stick it on a P2P network. So it's still ineffective. Ultimately, however, ripping to an audio CD and reencoding I find unacceptable, and so I only buy DRMd audio that I have a perfect hack for, like iTunes Music Store. Where I can decrypt the file and produce an AAC that hasn't been transcoded. Still, I mainly stick to buying used CD's, as a used CD prevents my cash from supporting the recording industry, which is always nice.

Either that or I simply download from my favorite P2P and send some cash to the artist directly (when I can find an address to send to). I highly recommend doing this, BTW. Send a note along explaining why you're doing it too. Explain how DRM sucks and how CD "copy protection" and other things they're doing are ruining the industry. Say that you thought they deserved payment, but didn't want part of that payment going to the jerks doing this sort of thing. Explain about the "loudness race" if you like and how mastering standards suck. Whatever. It's worth a try anwyay, and if enough people did this sort of thing then maybe there'd be some kind of change.

If you are replying to my post, then yes that was my suggestion. Each purchase would mean a new encode.

the point is that most people don't want to have Audio CD's anymore...and if they do they don't want that bad quality AAC 128 produces (compared to a real Audio CD)...they also want prevent people from sending a file to their friends as an email attachment...kinda like 'Hey check out this cool song'. Nobody will go through all this hassle and burn it and re-rip it just to email it to someone...even if I could get free songs as mp3 that were transcoded from AAC 128kbps I wouldn't take them...

The only thing that is stupid is when they only allow you burning it once. I mean, since I have it on CD I can copy it over and over again...


wouldn't that be a reason to crack it?


sorry to disappoint you but this is not true. You're supporting the recording industry...if many people buy used CD's the prices will go up since there is a higher demand for that...so, if I know that I still get a decent price for my used CD's after a coupple of month I might buy some CD's I wouldn't be usually just to listen to them...

No, not really. I was referring to the audio sucking so much, not the DRM. WMA sounds terrible, IMO.


I'm not following you here. If I buy a used CD instead of a new one, then the first sale has already occurred. None of that cash goes to the recording industry. Buying used CD's doesn't lead to more sales for them, it leads to less. Granted, it causes a possible increase in demand, if you don't go back and sell your old CD's for used later.

DRM downloads don't have to be bomb-proof. You CAN make it so the results are degraded (decode-encode cycles, possibly D/A-A/D), and a pain to keep up with... recent news that itunes has changed DRM again so a popular crack doesn't work: Apple breaks Hymn


It is like running from a lion. You don't have to be faster than the lion, just faster than your companion. (where the "companion" is ripping a normal CD)

Bah. They've broken Hymn before, and it was fixed in under a week.

It's basically impossible to design a DRM system that cannot be worked around. It might take a lot of effort, I grant you, but it can always be done. And the gist of what I'm saying is that it only has to be done once and then everybody can do it. If they change it up, then you change up your decoder to cope. Not a big deal.

Furthermore, they can't have changed the DRM scheme all that much, because the iPod firmware hasn't changed recently. So most likely all they did was to mess with the encoding of the keyring. They've done that before too.

Edit: Matter of fact, they've already fixed it. Using JHymn, add the iods atom to the unwanted list. Problem solved. No code changes needed.

ok, let's say my budget allows me to spend 500 bucks a year on CD's. However, since there are many people like you who like to buy used CD's, the prices for used CD's go up because of higher demand. So, I know that I get let's say 50% of my 500 bucks back when I sell them. Therefore, I can spend my 500 bucks budget + the 250 bucks I'll get back when I sell them...therefore, the record industrie makes more money...

So, it's the same thing with CD's I usually wouldn't buy. However, since I know that I can sell them still for a pretty good price if I don't like them I'll may consider buying CD's I usally wouldn't buy...however, if I'd know that I only get 2 bucks when selling a CD caused by lack of demand, I'd never do that...

Also, someone has to buy new CD's so that you can buy them used. So, if just one person buys a new CD but there are 10 people who want to buy this CD used it won't work...the result is that more people buy this CD as new...which results more money for the record industry...

I hope you get the basic idea of how it works