At the other end of the spectrum, you have satellite TV. In this area, a lot of money invested and full control of the playback platform have resulted in some strong systems. But still, it took a long time and a lot of cracks of intermediate systems for this industry to become the success story it is today.
Disclaimer: I worked for a company involved in the above.
But DirecTV reacted to that wrinkle over a year ago, by taking advantage of their ability to remotely reprogram the set top satellite receivers, as well as the cards. The company sent a few specific bytes of data to all the H cards, while simultaneously reprogramming the satellite receivers to reject cards that didn't reflect the change. This forced hackers to update the cards manually with the new data, or to make the cards writable again.
With a combination of technology (latest generation smart cards and cryptography) and litigation (going really strongly against infringers) has made DirecTV uncrackable in practice.
The fact that here in Mexico I cannot find someone selling a fully unlocked US smartcard shows that in a way DirecTV has won.
It used to be the case that for US$300 you could buy this fully unlocked DirecTV card to watch all USA channels here in Mexico. This was about 10 years ago when I was in college (and my flatmate used to buy that stuff).
That is all.
Actually, 13 of them.
i used to think they did it on purpose, but now i'm starting to think they're just stupid and they actually think they're doing a good job.
A friend of mine sent me a research study on security standards for healthcare and they did suggestions on what to do. it boiled down to this:
in essence all they were saying was use decade old crypto that everyone else already uses, we're just stuck in the past, but i'll make it sound like i just invented something new.
i wish i could find the link.
3DES is decades old and absolutely not acceptable today.
Developers use md5 and plaintext because of laziness. It's not really a conscious choice on their part. They consciously choose to use MySQL vs Oracle, PHP vs .NET, etc, and they spend much more time thinking about those sorts of choices than about security choices.
Maybe some don't realize they're exposing themselves to alarming danger by storing passwords as md5 or plaintext. But I'd bet money that most simply feel that their current solution is sufficient because it "doesn't really matter anyway" since the likelihood of them getting burned by their mistake seems low to to them. So no matter how much you try to make them see that the chance of disaster is in fact alarmingly high, they'll always feel like the chance is low (until their database gets downloaded, and even then they're more likely to rationalize that away as a freak occurrence).
But the root of the problem is the laziness. So we can improve the situation by making it eas(y|ier) to use Crypto libraries properly. If it takes very little effort from average developers to use a crypto library properly, then they're much more inclined to listen. (If it costs them no time, then they're likely to go ahead and use the crypto library instead of a half-baked solution.)
By making it easy to fall into a "pit of success" for crypto, we're only one or two generations of programmers away from making md5 and plaintext password storage extinct.
Unfortunately, it may be impossible to make crypto libraries easy to use without also introducing other (more subtle, yet just as dangerous) security problems, due to the context in which the crypto API is being used. In other words, truly securing an application is Really Hard, which is why tptacek's company (Matasano Security http://www.matasano.com) is so successful.
 - http://www.codinghorror.com/blog/2007/08/falling-into-the-pi...
What's impressive is how long silly schemes (this one in particular) stay afloat!
"Video content is protected with our BrainTrust™ DRM, and is unplayable except by a legitimate owner. All aspects of the platform feature a near-ridiculous level of security."
Near-ridiculous security seems about right.
The real laugh-out-loud moment is this tagline (http://leapingbrain.com/mod-machine/overview/):
"Forget crappy streaming systems and primitive, unprotected loose movie file downloads that make your products seem like a joke."
I mean, even for the US, the superlatives seem a bit overdone.
That reminds me of a psychic hotline from the 90s which produced an infomercial featuring Billy Dee Williams and an obviously scripted and professionally shot series of vignettes purportedly about a young woman documenting her experiences with the hotline.
Their very next infomercial opened with these words: "Tired of psychic informercials with phony testimonials and has-been celebrities?"
Not just near ridiculous, it is truly ridiculous!
Given the evidence (complex integration with a non-standard set of open source libs, complex industry area in general), I'd say it's almost certainly an insult to imagine the developer could not have made your life harder if he'd chosen to.
Please, if anything commend the dear fellow, and shame on whoever considered a momentary glimpse of Google Plus limelight worth making this guy's Tuesday morning and ongoing professional reputation much harder earned than it otherwise might have been.
"No good deed goes unpunished"
The developer(s) created a product that didn't do even 10% of what was advertised and now must face the consequences. Why is that bad? Their professional reputation should suffer if the quality of their work is poor.
Anyone with a few years of experience in the software field has heard the following: I'll pay you N dollars to X but you have to finish by unrealistic Y. I'm the sole provider of a household of 4, so in this kind of circumstances I'll agree to minimum features or specific features plus additional features if time allows. I'll make it very clear that the client can't have their cake and eat it too. Sometimes it's merely a matter of economics, so don't go hanging anyone yet.
Any minimally competent developer could have implemented this particular design during, and for the price of, their lunch.
If you're really doing it for moral reasons, you won't keep quiet and make a buck while doing it. If you're opposed to drugs, you don't become a drug dealer and make loads of money selling lower quality drugs.
broadcasting this, and likely harming the developer, for internet points, is a pretty poor move.
Looks like they know they cannot offer a video platform without providing DRM, because the media industry demands it, and they also know that trying to implement unbreakable DRM is futile. Therefore, they just need to implement the minimum needed to convince the media suppliers that their content is really DRM'd.
This is why I'll never be rich: I am utterly unable to sell crappy non-solutions to people with more money than knowledge.
Its like the first law of "info-dynamics": 'If you can watch it, you can copy it'.
Anyone actually paying for a DRM scheme feels to me to be of the same caliber as someone investing in a perpetual motion machine. They're determined to get ripped off throwing good money after bad. Why try any harder than you have to to accept their money?
I know that by now it's tradition to say this, but can we please stop?
It seems to be that a law of life is 'everything dies'. Is medicine therefore useless? Are all the people who spend money for nothing but delaying the inevitable getting ripped off?
We all admit perfect security is impossible. Yes, you're right! Controlling the spread of information is a very hard problem. Yes, you're right! It would be very nice if the things I want to watch and listen to were made freely available by their creators.
But no, you're wrong. DRM has a purpose, and it can be successful even without perfectly achieving its goals. People tend to avoid effort, and if you can make pirating content more difficult than obtaining it legitimately, most people will obtain it legitimately.
There is no fundamental reason why information deserves to be free, it's just easier to copy than physical things.
I haven't yet met a DRM scheme that doesn't achieve this purpose backwards(1). What it really rests on is that people don't know they could just get it easier on "allmyvideos.net".
There is no fundamental reason why information deserves to be free, it's just easier to copy than physical things.
Its not just easier. A copy has zero marginal cost. That makes it special and different than anything that came before. DRM seems to just be a monkey-patch to try to get that marginal cost to be non-zero. I'm not saying that it deserves to be free. I'm not even saying that I think it should be. I'm saying that it IS free. We don't want it to be, because our economic models don't support it (yet), but that's its natural state.
I stand by "DRM is silly". If that money were spent providing a better, easier product, they'd make more than they do now with DRM. It seems like they're perfectly willing to spend $3 to keep from losing $1 to piracy. It feels like a kind of willful ignorance.
No data, of course, just a strong opinion, held loosely.
(1) It doesn't take long outside the US to find out that there are plenty of things DRM makes impossible to aquire legitimately.
When you say it like that, a light really went on for me. In an undergrad economics class (for some reason I can still remember the exact phrasing the professor used, though it's been almost 30 years): "a good is 'free' if, at a price of zero, supply is adequate to meet demand."
This completely explains the unique situation with regards to digital information. The (marginal) cost to provide a supply adequate to meet demand is zero.... meaning the market will drive the price to zero... digital information is free. As a content publisher, you can want it to not be that way, but that is not the reality.
That's a myth, because people were writing novels and singing songs and doing theatrical plays long before media distribution and consumption. Even now many musicians earn much more money from live concerts.
Also, I pirate stuff, mostly because where I live I can't get that content at all when I want it. However I also go to the movie theaters nearby with my wife and pay something like $30 for 2 tickets and some popcorn, per movie.
I don't mind paying that price because I'll never have the same experience at home, no matter how awesome my equipment can get, because (1) the size of my monitor is upper-bounded by the size of my living-room walls and (2) watching movies at home is boring.
"Its not just easier. A copy has zero marginal cost. That makes it special and
different than anything that came before. DRM seems to just be a monkey-patch
to try to get that marginal cost to be non-zero. I'm not saying that it
deserves to be free. I'm not even saying that I think it should be. I'm saying
that it IS free. We don't want it to be, because our economic models don't
support it (yet), but that's its natural state."
Steam would be a good example. It is DRM in the sense that it prevents people from simply copying the game folder anywhere, and it is more convenient than pirating (at least most of the time) with the advantages of things like pre-loading most of the files before the release date, and offering fast servers from which to download your game.
Because most people think that this time around, DRM is going to work perfectly, when actually, you have as much expectation it will work perfectly as that cheap Master Lock from the hardware store.
> DRM seems to just be a monkey-patch to try to get that marginal cost to be non-zero.
This is indeed the right way to think about it.
> If that money were spent providing a better, easier product, they'd make more than they do now with DRM.
Or there's the example with Steam, where you have better and easier combined with just a little DRM applied intelligently.
Contrast this to a system like Apple's iTunes which set up a market with strict rules the publishers had to follow to join. They HAD to sell songs individually. They HAD to sell them for 99 cents a track. They HAD to permit the user to burn them to CD. Etc, etc, etc. Steam does not have even one single "have to" when it comes to games publishers. It is a publishers wonderland.
If you have lightweight DRM on Steam games, you have the games publishers to thank for that, not Valve. Valve would not protect you from even the most extreme forms of DRM if a publisher wished to do it. Valve even goes so far as to spend hundreds of thousands of dollars (possibly millions but I doubt it) to have their developers create features which enable publishers to make it look like they're embracing digital distro when they're not. Case in point: the ability to download a game when its done... and then sit there and wait with it encrypted and complete on your hard drive, paid for... until physical retailers can get the game on their shelves. And users think this is a feature! It is a crippling of digital distro, which operates at light speed as opposed to the slow-as-molasses speed of physical distribution. Valve didn't have to do this. They could have said 'when you upload it to our servers, the customers who preordered it get the content available immediately', but they didn't, they followed the Golden Rule of Steam - The Publisher is ALWAYS right.
Concretely, why is selling a DVD with a marginal cost of production of $0.50 for $15.99 ok, but selling a movie with a marginal cost of $0.001 for $15.99 "special and different from anything that came before"?
Whenever I have bought an optical media, i have thrown it away as soon as I had the data on my harddrive.
I disagree that this is news. Thought experiment: You steal a car from the local dealer, but you leave enough money behind to pay for all the materials, transportation and manpower that went into building this one car (the marginal cost). Would this be morally okay? Why, why not? If everyone does this, who will pay for R&D?
Exactly the same is happening with digital copies. You are taking something with a marginal cost of 0, but the producer has no way to pay for one-time costs. Distributing them onto the unit price is not a new monkey-patch at all.
This will be an interesting question as 3D printing advances.
> but that's its natural state.
"Natural" is always a great word to turn an intuition into a fact. ;) There are certainly many products that are sold at arbitrary prices that have little to do with the marginal cost, it didn't take computers to get there.
The correct thought experiment is: having bought a car from Ford, you examine it carefully then purchase all the raw materials yourself and assemble an identical duplicate for your wife.
In doing so you save whatever markup Ford places above and beyond their marginal cost.
Asking whether this is morally okay is the true issue.
But I agree that your experiment boils down to the problem I am pointing to, and it is better because it is a very real problem that we see every day (e.g. in China).
It does, and the cases are not comparable. Leaving an empty space (plus marginal cost) where the car used to be requires the original owner to expend time and effort to replace it, and they have opportunity cost as well. None of that is true of the digital example. To be a fair comparison you'd have to leave an atom-for-atom identical replacement for the car (or more accurately, take an identical copy and leave the original) and I doubt as many people would judge that unethical.
You are taking something with a marginal cost of 0, but the producer has no way to pay for one-time costs. Distributing them onto the unit price is not a new monkey-patch at all.
This is actually a very good observation. We've reached the point where the entire cost of the good is the one time production cost and we've discovered that we've got no good way to collect it. DRM is the best we've got right now, and its awful. You are more than correct in pointing out that 3D printing (and localized digital micro-manufacture in general) is about to make this problem acute.
As we stumble into our Star Trek future, we should be expending as much innovative energy as we can into finding a way to solve this issue.
(1) At this point in history, with the operation of the market as it currently stands, I lean towards no, it is not moral to bootleg that Disney flick.
While DRM is awful, I think we should keep in mind what advantages we (arguably?) enjoy from this monkey-patch (distributing one-time costs onto an arbitrary unit price). With Kickstarter and other one-time funding, there is no incentive to absolutely excel and make a huge profit from unit prices. There is also little risk in delivering a terrible product because one-time costs have already been covered.
> As we stumble into our Star Trek future, we should be expending as much innovative energy as we can into finding a way to solve this issue.
If this Star Trek future is anything like an utopia, then I don't see anything wrong with agreeing to keep the monkey-patch in place, even if it is not natural in the economic sense, or even enforcable. (Very much like privacy - it's not really enforcable, but I really hope that society starts to respect it anyway.)
If you like the car and you tell others they will most likely buy it at full cost or a least with a profit still on it.
Servicing the car will most likely depend on the manufacturer's own part on which they make a profit.
In terms of sales there is one more on the road, which will contribute to the quarterly reports for the company causing the share price to rise.
If the dealer has had it on the forecourt for several months they actually want to get rid of it now and they will be bring the price down towards, or even below, what they paid for it. You may even end up paying more than they were going to sell it for.
I love the rest of your post, but this stood out. It's special and different from anything that came before hundreds of years ago. But copyright wasn't invent yesterday, and patents weren't invented yesterday either. They've been around for hundreds of years.
I'm no historical expert, but I would wager that looking through history, you'll find that this situation isn't as unique as most people think. People were debating copyright in the English Parliament during the 1800's, including debates on piracy which practically predict the current situation.
Yes, that's absolutely what it is. As a society, we seem to believe that information can be owned. We get angry at each other for 'stealing jokes'. Fanboys around the world are up in arms whenever another platform copies some feature from their beloved. Plagiarism is an accusation which can ruin a career. We have always felt entitled to do what we please with the fruit of our labors, and we feel no differently when that fruit is information.
We have all had bad experiences with DRM, but we've all had bad experiences with technology in general. Especially here on HN, why does the conclusion have to be "DRM is intrusive and impossible to do right anyway" instead of "What an opportunity for a non-intrusive alternative"?
I'm not saying the second option is right, but why can't it be?
Two wrongs (information cannot be "owned" in the same sense of a physical thing, regardless of how much one wants to be believe it; and that DRM can be effective) do not make one right. Note that I'm not discussing values here - just pure technical issues.
Here's the two problems of DRM in a nutshell, that make it into snake oil.
1. The "owner" of the content wants to make said content available to person X, but not to person X's recording device, which is indistinguishable from X.
2. It is enough for said content to be freed from DRM once, to become universally free of DRM.
No matter how smart your protocols, cryptography etc is, because (1) if you can display it on a screen, and take a picture of said screen, with a high resolution capture device, you've defeated DRM. And then because of (2) the DRM scheme, regardless of its other merits, becomes ineffective.
That's why DRM cannot be done right, even if you assume it's the right thing to do. (which I don't)
> Plagiarism is an accusation which can ruin a career.
1) Person A creates an idea
2) Person B independently creates the same idea (or
something extremely similar).
3) Person A attempts to assert control over the idea
by dictating what Person B can or cannot do with it
based on the fact that Person A 'got there first.'
1) Person A creates an idea.
2) Person B copies Person A's idea, and attempts to claim
independent creation (or attempts to claim creation prior
to Person A).
"We have always felt entitled to do what we please with the fruit of our labors,
and we feel no differently when that fruit is information."
Except that fruit of your labor is not "information", it's a "copy of
And of course you are entitled to do whatever you want with it.
As am I, if I have gained access to it by any means that did not violate your
privacy (eg., breaking into your house or hacking into your computer) or other
fundamental rights (copy"right" is not a right, it's a privilege - very, very
important difference, as rights cannot be granted by law).
In other words, I cannot force you to share something with me.
But neither can you forbid me from sharing things I have - including pieces of
information - unless they violate one of your fundamental rights (for example,
The only successful shops I can think of, such as Amazon, Steam, etc., aren't successful due to DRM (at least, not from the piracy perspective). It's due to an easier shopping experience, with the DRM getting out of the way. I'm not sure you can even meaningfully call Amazon MP3's approach DRM: it's just watermarking.
Pirating content is trivial and easy. In order to compete, you have to make an as-nice experience. Buying a book on the Kindle store is _easier_ than torrenting the book (if only slightly) - DRM has nothing to do with this aspect. DRM doesn't even remotely stop the spread of content.
The only time I've heard DRM being remotely effective is really complicated systems on games, delaying a crack by a week or so, which apparently increases sales (at the cost of plenty of bad-will from paying customers) - although I'm not aware of any published studies that really investigate that and compare to the negative sides. This is the only time your analogy of medicine delaying death makes sense; one small use case, and only for specific programs, not general content.
But for content? DRM is a non-solution, really.
Yes, but it's a two-part process. Bits are very easy to copy around, and providing an easy way of giving money will only get you so far. What happens when the alternative of pirating is just as easy, but doesn't require money? If you want to make a nicer experience, you will eventually have to make pirating harder.
> DRM doesn't even remotely stop the spread of content.
Of course it does! No, it doesn't stop you. You know what torrents are, you know which torrents are likely to be viruses and which are in formats your computer is capable of reading. Many people out there know none of that, but can easily find the itunes button on their ipads. And all of those people have no way of sharing the things they buy, thanks to DRM.
> Name one real-world DRM system that makes piracy look less attractive for content (movies, music, books).
Here's another: Netflix. All you do is give Netflix a little bit of money each month, and then you don't have to worry about starting the download a couple hours before you want to start watching. You don't have to worry about getting caught under the new six-strikes program. You can't easily copy what Netflix gives you thanks to good old DRM, but that doesn't really hurt you.
This doesn't have anything to do with DRM, though. If DRM didn't exist, people would still easily find the iTunes button on their iPad, and would still have a hard time navigating torrents and file format issues. All DRM seems to do is slowly teach those who can't authorize that nth device to learn how to torrent.
Unless you happen to run a non-mainstream OS. Or move to Mexico. In which case it hurts you all the way.
I have 8 devices in my house that can play Netflix and only 1 ubuntu machine that can't -- but only because I don't want to go through the headache of patching WINE.
People have gotten Netflix working on Ubuntu before.
The problem with DRM is that with information, it doesn't matter if it's more difficult for any given user to pirate. It only takes one person to make a copy of it without DRM, and they can then share it, and now nothing can stop anyone from viewing it. At least, that's the case without horribly repressive measures that don't allow anyone to view their own media.
All the DRM does is make legitimate use harder. If you want to find a free copy, you can; but if you're a legitimate user, and want to make a backup of your DVD? Nope, sorry, people aren't allowed to sell tools to help you do that. Want to capture a few seconds to comment on? Nope, sorry, people can't legitimately distribute tools that allow that. Want to skip the stupid previews? Nope sorry, also illegal.
The problem with DRM is that if it doesn't work perfectly, all of the bad things that it's trying to prevent can still happen, and in the meantime, tons of legitimate uses are banned, and we start to produce technology that is oppressive and works against the interests of its users.
Encryption deals with sending messages from A to B such that a third-party C can't intercept the message. In a DRM scheme B and C are the same, which is why DRM is flawed by design, because:
(1) no amount of patching can ever fix it
(2) it punishes legitimate customers, as pirated content is far easier to deal with, while not suffering from lock-in effects; the irony might be that DRM is helping the prevalence of piracy
(3) no matter how hard it gets to create the initial DRM-free copy, from then on all other copies are zero-cost - which means it only takes one dedicated individual to create a pirated copy and all people that pirate stuff can enjoy it ;-)
> DRM has a purpose
Of course it does. Its purpose is to save a dying business model that was made obsolete by technology ... 1000 years ago there were businesses selling ice to clients.
The equivalent of DRM would have been to restrict refrigerators from producing ice. Fortunately for us, we realized that selling refrigerators is a lucrative business too.
I forget where I read the story (might have been Cryptonomicon), and I don't know if it's true, but I find it quite illustrative of the point.
During WWII the British where finding that some of their messages encrypted with one time pads where being cracked by the Germans. Since they where pretty sure that was mathematically impossible they where quite shocked and immediately launched a full investigation.
Eventually they found that the problem was the team generating the one time pads (basically a room full of people drawing bingo balls with letters on them at random) had started second-guessing the randomness of letters generated. They'd started to subconsciously avoid balls that would lead to what they thought where patterns in an attempt to make the otp more random. Of course this lead to less randomness and broke the security of the otp.
Gosh, people who buy locks must be stupid, because anybody with a crowbar can simply pry the door out of its frame.
DRM deters people from copying content willy-nilly. You might argue about the quantitative results, but it does something, and as long as it has more value than it costs, people will pay for DRM.
Directly controlling the distribution of digital artifacts is nearly impossible.
But such a definition of DRM is pointless and tries to brush over the fact that actual DRM implementations (as in copy-protection schemes used by Amazon, iTunes, Bluray, etc.) are worthless.
DRM is more like leaving your file on the desk and putting a lock on the Xerox machine.
DRM tries to keep people from making off with the stuff in the house after you've already let them in through the door.
DRM schemes seem mostly to be misunderstandings about how encryption and authentication fit together.
> Locks keep people out period.
Someone might be inside the house when they break in and that person might be armed.
Someone might see them opening the door with a crowbar and either report them or stop them.
They may be recorded on CCTV en-route to my house , or stopped the police and have to explain why they were carrying a crowbar late at night.
Even if they are not caught in the act, the incident will almost certainly be reported to the police afterwards.
None of these risks really exist in terms of breaking DRM.
If someone could break your house lock simply by tapping a button on their smartphone then I would suggest that locking your house is pointless.
In the case of DRM, we are not in general interested in the received material being secret to us whereas in the use of traditional public key cryptography we are. The incentives are not aligned in the case of DRM, no matter what technology is used.
DRM is basically the equivalent of Schroedinger's box. You want the content decryptable so that it can be consumed, yet you don't want it to be copied. The problem is, decrypted content does not discriminate use cases. If it's clear-content, it shall do as the handler of the content wishes to do.
Possibly the only method I can think of would be PKI enabled hardware. I've not thought completely on it enough to proclaim it practical or otherwise, but I had an idea that the player somehow has onboard memory to store public keys that are required for a disc to play.
This would work until somebody manages to do a memory dump of one of the players and posts the private key on the internet.
Even if you were to re-encrypt the data for each individual player (manufacture each with a different key) you still have the problem that one DRM free copy can multiply quickly via bittorrent etc.
The most practical solution would be to have players that will only play DRM protected medium and require hardware circumvention on each individual player to bypass that and hope that this is more effort than it is worth to potential pirates.
This is why us engineers quietly keep the world running.
http://leapingbrain.com/about/ - all of them seem to be proudly listed there. Gotta watch the page for disappearances :)
HDCP is cracked, the genie is out of the bottle and there's no practical way to put it back in without causing a consumer uproar. All you can do technically is try to prevent super casual pirating of digital content, because the tech savvy can't be stopped by any practical solution. (Of course, even if HDCP wasn't cracked the analog loophole would still render DRM on any non-interactive content mostly useless).
So ultimately this stupid system (even now that it is 'cracked') is still about as effective as any other when it comes to stopping that super casual pirating.
So they hacked together something that was acceptably fast, figuring they'd solve this technical difficulty for the next release, and that was that....
It's also unfortunately possible that (until now, at least) only the developer(s) knew about this shortcut, if their internal dynamic is sufficiently poor.
I'm not saying this is right, necessarily, but I think companies know full well that their DRM scheme will be broken, so it's not really worth investing in an "uncrackable" and costly solution. Instead, the role that DRM play is purely legal -- when the company does decide to go after someone for piracy, the DRM scheme, no matter how simple, provides them with the ability to say that the accused person "broke a lock," rather than simply walking in through an unlocked door. "Entering" vs. "breaking and entering." It's nothing but legal leverage, and effective at that role even if it's not a very strong lock.
Of course, to have this argument hold, a company would never be able to admit that they purposefully implemented weak security -- this would be akin to admitting that their door was unlocked afterall, and would weaken their legal argument. Therefore, there remains a niche in the market for solutions that look secure even if they fundamentally aren't. It's all about lip service.
The DRM could be as simple as the code being "A" to bypass the DRM and if you do so, you have broken the law. Even providing that "A" to someone else would be illegal, look at all the silliness over the dvd copy protection fiasco. Therefore, they don't even have to pretend that the DRM is strong, just saying it's there is probably enough.
It's one reason printer cartridges have chips that communicate to the printer. Reverse-engineering that to provide third-party cartridges is illegal. Well, it used to be, I'm not sure over current policy as the DMCA has a back door for exceptions.
For PC games, the DRM is often employed to prevent piracy for the first two or three weeks because typically that's the highest level of sales. After that point it is usually cracked but sales often have dipped anyway. In some cases the DRM is removed in a patch at some point, often because the DRM causes problems for people who paid for the game, which kills long-term sales. Ubisoft recently changed their policies on having a seriously strict DRM to one that is more flexible; many thinking because it hurt their sales and that it was useless anyway.
No one thinks of DRM as a long term solution since it is only a matter of time before someone cracks it.
Ahh..the good old days of SoftICE and w32disassm.
Oh man, the worst was the md5 of some salt + whatever you put in.
If you ever want to see some gems of misuse of cryptography for DRM management, let me know - email's in my profile.
Some examples: Using RSA 1024 bit keys, with exponent of 3...
I feel a bit queasy any time I read "just do this" as a solution to crypto flaws. Such answers assume way too much about the system the proposed fix applies to and make it sound trivial to secure. They also leave out all the steps behind what things "just pad" means (e.g., receiver must verify the padding and sender must properly generate).
When a developer hears "just pad", they think "append a string of zeros" when implementing a sender or "skip" when writing a receiver because that's what it means in other contexts.
In particular, your response assumed the DRM system in question:
* Was performing RSA encryption of a message, not signing or verification
* Used a public exponent e=3, not a private exponent d=3
Assuming the reader knows enough about RSA and cryptography to know what "just pad" implies, it may still be insufficient to solve the problem.
For example, if the commenter meant d=3, "just pad" wouldn't fix Wiener's attack.
Or, in the cases of RSA used for purposes other than message encryption, the suggestion of OAEP does not apply. Consider the attacks against the TMN secret sharing protocol and Franklin/Reiter verifiable signature sharing scheme (sections 5.1 and 5.2 of this paper).
The F/R scheme involves RSA encryption of signatures. But signatures must be the full modulus size (no padding possible) unless you use a larger RSA key for encryption than for signing. So again, OAEP would not fix this flaw.
Remember that the commenter was mentioning DRM, so jumping to the conclusion that they were using RSA for straightforward message encryption and with e=3 was not warranted. There are lots of applications for RSA in DRM (verifying a signature on a license key, calculations under homomorphic encryption, etc.)
For many scenarios, "just pad" would not solve the problem, even with the generous assumption that the reader knows exactly what that means and applies it correctly.
 I'm not picking on you here. The most astounding of these kinds of errors was when Colin Percival (who I highly respect) said "use AES-CTR mode + HMAC" and then later found he had made a fatal flaw in his own implementation of exactly that.
You're right that RSA with e=3 can be as secure as e=65537, assuming an application where you use proper encryption/signing padding and verification. But it is more brittle in that partial failures in padding randomness or encryption of related messages can lead to compromise. Unless carefully reviewed and appropriate fail-closed measures are not present, it's better to avoid e=3.
Of course this is only marginally better and should really have been caught, but there's a huge difference between saying that XORing 12 bytes with RANDOM_STRING is kick-ass DRM and actually having a kick-ass DRM infrastructure that then doesn't work right because of a bug.
If this was any really random looking string, I would be more inclined to assume that this was intentional. By the string being this token, I would guess it's a bug somewhere.
Remember. If RANDOM_STRING was truly random, unique per file and account and only transmitted from the server before playing, then this would be as good an encryption as any.
Of course, if a copy protection system was "effective" it wouldn't need a law prohibiting its circumvention. Conversely, if a copy protection system is circumventable, it's not effective.
Does GPLv3 prohibit DRM?
It does not; you can use code released under GPLv3 to develop any kind of DRM technology you like. However, if you do this, section 3 says that the system will not count as an effective technological “protection” measure, which means that if someone breaks the DRM, he will be free to distribute his software too, unhindered by the DMCA and similar laws.
As usual, the GNU GPL does not restrict what people do in software, it just stops them from restricting others.
1201(a)(3)(B) a technological measure "effectively controls access to a work" if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
So, even trivial measures like the broadcast flag or SCMS are covered by the DMCA's anti-circumvention provisions. Similar laws in other countries have similar definitions.
 Assuming a general computation device, not a dedicated hardware player.
Those are the practical uses of any DRM technology one might ever devise.
Sure, you could throw in more than 5 seconds of security-through-obscurity, but why bother?
Edit: I'd guessed we were talking about Divx (of the DivX codec fame) http://en.wikipedia.org/wiki/Divx , which apparently has some DRM products now and is owned by Rovio-formerly-known-as-Macrovision.
I don't think there's actual evidence of many people actually trying to play DIVX rental discs. I only ever bought a player and discs to try to defeat the DRM (and was way overmatched; I think I could break it today with what I know and maybe with a lab I could put on a platinum amex, but not sure)
BD+ is mostly just an annoyance for legit customers, but is hasn't been a major obstactle for pirates and backupers for years. The goal of BD+ was to stop software-based piracy of Blu-Rays and it failed miserably on that front.
What if I told you that the attackers had a 2-month head start on some discs due to insiders leaking them -- would that make a difference? What about if you found out that there weren't as many "rippers" as it seems because for a while, one of them was a "thin client with remote access to a competitor's ripper"?
Also, the "uncrackable" thing came from an external analyst who had no communication with anyone at the company and was obviously wrong.
BD+ _is_ renewable, meaning no single hack breaks the system for all time (unlike DVD-CSS). There's always something you can do, and with enough resources, it can still give attackers a challenge.
I'm not saying that BD+ is the most successful DRM scheme ever, but I do think it's done well given the particular environment. If you want an out-and-out success story from the same company (8 years, no hacks ever), see the CryptoFirewall. This is an apples and oranges comparison though.
It would be really cool if you could go into more detail, this is extremely interesting! Especially the second paragraph.
I'm far from an expert on BD+, so this is pure speculation, but it seems to me though as the patches doesn't work properly because they can't patch the fundumental part of BD+ which Slysoft has figured out. It would be really weird if Slysoft actually have managed to find a completely new flaw in BD+ for every BD+ patch that is released. It seems much more likely to me that the patches can't actually fix the flaw itself, they can just hide it or change some parameters/keys (which Slysoft know how to find), requiring Slysoft to constantly release new updates to "patch the patches". It may give Slysoft's developers a constant challenge, but it also seems gives them a constant unique selling point that they profit greatly from.
Is this correct or have Slysoft actually managed to find dozens of different exploits in BD+, one for every BD+ patch?
It also would not get you any interactive elements which for some may be an issue although for others it may be preferable in this way.
DRM (and similar tech) works pretty well in specific cases, like printer-ink DRM. I actually think ERM was a great idea, but sadly failed to DLP and other solutions (basically blacklist vs. whitelist of permitted activities).
Where it fails is software, particularly "media content", on commodity players, fully in possession long-term of end users, who are otherwise hostile, with no real costs to a failed break attempt.
This whole "DRM for 3d printing" thing is a red herring -- the real war was "DRM embedded in physical devices we purchase", like auto parts and ink, and that was fought and lost in the last decade.
Or, you could ask all the people who used to make 6 figures dealing H-cards for DirecTV, but can't anymore.
Also, credit should be due to the designers of Cinavia as it has succeeded with the least secure design possible. It's a watermark in the compressed stream that is checked by the _player_, which mutes the audio if it is present. All you have to do is patch the player to ignore the mark or play it with VLC and it is "bypassed".
However, even the commercial rippers have not yet stripped off this watermark and all bypasses other than playing in VLC have been partial (e.g., needed an old PS3 firmware).
When people learn about cryptography they learn that one time pads (OTP) are the only mathematically provable secure cryptography. Everything else is thought to be secure, but we don't know.
Then they learn why OTPs are not used more often. (You need a pad as large as the text you want to encrypt; the pad must be really random; you must never reuse the pads; you have to get the pads to the person doing the encrypting and decrypting.)
And then they learn a bit more and one of the simplifications they learn is to XOR a bit of text with a string; they encrypt plaintext with a key. This is not a real crypto system, it's just a silly little demonstration.
But a disturbing number of people seem to stop there and say something like "Let's use XOR and a secret key and it's a bit like a OTP so super secure!!" but they forget that you must have a pad as large as the plain text.
So their crypto system is really very very weak.
Other DRM systems have been broken, but usually by smart people working hard with advanced techniques.
I could have broken this system.
The other thing that's bad about it is that it is ridiculously easy to intercept the decrypted files and copy those.
So they've sold a system to small un-clueful content distributors and they've used hyperbole to do so.
And the law prevents us from telling those content distributors because we're not allowed to circumvent a technical copyright protection method.
The problem is marketing folks getting carried away when describing these "technology solutions" to the content owner, because that's what they (as well as VCs) want to hear.
Disclaimer: cofounded a video CDN+DRM provider more than a decade ago, developed many content protection methods over the years.
In theory, OTPs are nigh uncrackable.
In practice, they suck.
1. The XOR text needs to be as long as the plaintext.
2. The XOR text needs to be truly random.
3. You have to distribute the XOR test somehow. Remember all those spy novels where they burn the codebooks? Yeah.
Now I have a means to communicate over the internet while apart from my paramour without any concerns about the content of the messages being decoded while in transit (compromises at the source or destination are obviously still in play).
Not every crypto problem involves establishing a secure connection party selected ad-hoc without a higher-bandwidth secure channel.
One-time pads are mathematically proven to be uncrackable if used correctly. This is because, for any given cryptext, every possible plaintext of the same length is equally probable.
Using a one-time pad correctly means only using a given pad once, the 'pad' being the key material. If you ever reuse the same key, you are no longer using a one-time pad and the above proof no longer applies.
And if your pad is 13 bytes which you keep reusing over and over again, you're a bleeding idiot.
You can even show your support: http://www.zazzle.com/14_is_not_a_random_number_tshirts-2350...
Or, for those who disagree: http://www.zazzle.com/14_is_a_random_number_t_shirts-2350463...
Either way.. wow... XOR encryption with just such a short repeating string! I bet it wouldn't be too hard to decrypt it even without the original file, since the file signature alone would probably be longer than the string. DISCLAIMER: I'm just speculating, I don't know the .mov specs.
My modifications are on lines 553-556. The compiled app "fixes" the .mov file just long enough for it to be loaded into the player. If you have Leaping Brain's player installed (often branded with the content owner's name), the .mov files are in a hidden .media folder. On my Mac, they were in $HOME/Library/Application Support/LeapingBrain/catalog/$VIDEONAME/.media
"# BrainPlayer is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License
I'm sure Leapfrog hated to put that GPL license on there but were likely forced to due to the VLC components they're using that are GPL/LGPL.
From the post:
By comparing the binary files, I discovered the "proprietary video encryption" algorithm: for the first 15kB, each 1kB block has its initial bytes xor'd with the string "RANDOM_STRING".
> calls 'decrypt movie_file' to create 'decrypted_movie_file'
> calls 'play decrypted_movie_file'
> calls 'delete decrypted_movie_file'
He just made a copy of the python script that calls their own decryption module but removed the delete line.
Also, since xor is just a CPU instruction, you won't immediately notice it in the decompiled script (if you get that far). With all the overhead that decompilers tend to produce, it's really easy to miss.
Literally the only thing that goes missing from .py to .pyc is comments.
(Not that any DRM scheme can ever work, ever, but hey. At least some try to try.)
In a pure software solution, you control the hardware, and any hiding of the key is subject to reverse engineering the software.
For all of the success they've had in protecting DirecTV, if you've got a legitimate access card feeding HDMI data out, you can make a perfect digital copy of the video stream that has no copy protection whatsoever. So ultimately the DRM offers no protection for the media content companies (at least those that don't benefit from live performances like say sports games), though it does for the pipe provider who will surely get his monthly satellite fees.
Counter-example: we once timed a release of a very minor protection update to when the main attacker typically took a holiday. We got 6 weeks out of something trivial, buying more time to work on the major release to greet him when he returned.
Popular, recently produced media has too much value to too many attackers to protect. A celebrity's self shots -- same thing. A game console by Microsoft or Sony -- same thing.
> But it's absolutely possible to make it so insanely complex and difficult that no one will ever break it
A more accurate way to put it: If you make the return on effort ratio low enough, the probability of someone breaking it goes down, and it might even go down enough for you to get away with it for a useful amount of time.
As a counter-example, I propose DirecTV or even their competitor, Dish Network (Nagravision). Hacks of these systems are worth 6 figures, pay TV is widely desired, and there hasn't been a DTV hack since 2004. None.
Putting words in my mouth there. If it's popular, the probability it will be broken goes up.
> there hasn't been a DTV hack since 2004. None.
You're preaching to the choir here. Still, that's one tidbit I didn't already know. The old mainframe Mantis language is another example.
1 + 2 => (+ 1 2) => push 1, push 2, add
push 1 => 1
push 2 => 2, 1
add => (+ 1 2)
Obfuscated bytecode which e.g. doesn't maintain consistent interpreter stack depths for every code path (illegal for JVM or .net CLR) would make things a little harder to analyze, but I doubt that's often the case in practice with Python.
He edited their Python script to make a copy.
First rule of weak DRM, you do not talk when you find weak DRM.
Second rule of weak DRM, you DO NOT talk when you find weak DRM.
Third rule of weak DRM, upload to pastebin, then walk away.
How am I supposed to take weak DRM seriously when it has a third rule but no second rule?
Well... They weren't lying...
Now that I read the article twice, I literally got a panic attack when I realized that it wasn't a random string that they were xor'ing their data with, but a string called "RANDOM_STRING". Although it sounds bad, one must realize that this is not security by obscurity since the key has been leaked, and nobody guarantees encryption against a leaked key.
There is no reason to spend developer time making a complex mechanism that is no more secure than a simple xor.
It might be a good idea to remove their names, to protect their reputation. ;-)
Isn't VLC licensed under the GPL? Or at least was until very recently? http://www.jbkempf.com/blog/post/2012/How-to-properly-relice...
Is/was Leaping Brain violating the license?
EDIT: the wrapper script is apparently released under the GPL too: http://news.ycombinator.com/item?id=4834834
No, I can't see how they are.
Here's one GPL FAQ that's vaguely relevant:-
But this question is very relevant:-
0000000: 0000 0020 6674 7970 7174 2020 2005 0300 ... ftypqt ...
0000000: 5241 4e64 2939 2623 2526 696e 6705 0300 RANd)9&#%&ing...
Edit: To clarify, I meant the encrypted and temporarily-decrypted-by-the-wrapper-script versions of the same .mov file.
In particular, while I don't know the .mov file format backwards, the last step (after lossy encoding) is probably a lossless encoder, either LZ-type or some sort of entropy coder. This means that the plaintext is going to be a very good approximation of IID coinflips; in other words, a one-time pad _key_.
"Decoding" the repeated-key XOR also decodes the one-time-pad encryption of the repeated-key interpreted as plaintext. This is, well, hard.
(mov may have enough frame structure/boilerplate that this doesn't apply; I don't know.)
Fort Knox-level security.
Video content is protected with our BrainTrust™ DRM, and is unplayable except by a legitimate owner. All aspects of the platform feature a near-ridiculous level of security.
As far as I recall the Adobe PDF encryption was also just some XOR with a simple passphrase. Got him into serious trouble.
And WTH is 'virtually uncrackable'?