Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
News Your Rights Online

CPRM Lecture 102

Posted by michael from the getting-schooled dept.
QuantumG writes: "I've written a summary of the lecture at Stanford by Jeffery B. Lotspiech / IBM. John Gilmore (EFF) was there and other than hounding Lotspiech with ethical questions, gave me a free T-shirt." We can't argue with that. Stanford has the video online, in a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer. There's some sort of lesson there, I think. But the video is good, well worth watching.
This discussion has been archived. No new comments can be posted.

CPRM Lecture More

CPRM Lecture

Comments Filter:

  • What CPRM means (Score:1)

    by Anonymous Coward
    cp = copy
    rm = remove

    Hey, it's UNIX! I know this!

  • Re:Closed minds (Score:1)

    by Anonymous Coward
    Additionally I am sick and tired of intellectual property. Sure we all need to get ours but... if half the ancient texts were "copyrighted" and guarded as intellectual property (and I'm talking mostly philosophers here), then we would be missing critical portions of our fundamental knowledge base, like the Pythagoran theorums, and many of our claims about the universe, which began with Plato and his fellow thinkers.
    Dude, the Pythagoreans *did* guard their info as intellectual property. Nobody within the society was allowed to divulge any of the knowledge discovered to outsiders. Some were executed for breaking this pledge -- but it's only because they did break it that we know anything about their discoveries at all. Unfortunately, a good deal of their work *was* lost because of this policy.

    Of course, they guarded that knowledge for reasons completely different to the reasons IP is guarded today. Nevertheless, it *was* guarded.

  • The keyspace currently is a matrix. The tree model was proposed as a means for addressing several concerns, incluing enlarging the keyspace, discouraging certain attacks, and minimizing storage requirements for holding the keyspace. The tree is designed such that a minscule subset (several hundred?) keys would actually describe (and allow to be derived) all keys in the tree.

    What part of "Gestalt" don't you understand?

  • - ASF is patented, however.

    - Microsoft did force the author of VirtualDub [virtualdub.org] to abandon ASF support in its product.

    There may be a copy of the file VirtualDub_source-v1.3c.zip out there somewhere, though.


    --

  • Hrm, this is a lot more than a summary. There's considerable amount of opinion here.

    It's nice qg bothered to do this. But this isn't a summary of a lecture, it is qg's opinions about CPRM with a small amount of summary intermingled.

    cbd.

  • it aint gunna happen.

    To brevity! :)

    If you have time to provide a bit more info on the questions that were asked and answers I'd appreciate it.

    best,
    cbd.

  • And here I thought that ATA was intended to be used with direct-access media, while a tape drive is a sequential access device...

    Yet another removable drive that uses ATA is Castlewood's ORB. Still, this is a very small minority.
  • If you captured every bit of the conversation? Well, let's say the server issuing the video issues a unique cryptographic challenge and expects your computer to issue a unique response. This can allow fingerprinting each movie downloaded with your identification. The only problem for us is that the proprietary player had part of that key negotiation and verified it was an "approved" download. So you can now see it once.

    Looks like the future of computer technology is getting permission to use the stuff we just bought. Great progress in exchange for our pocketbook.
  • You say that now. Imagine if this system had been put into place in 1980. Would you stick with your Apple II+ or C64? They're attacking us way the hell upstream, which gives them a substantial edge. And businesses are stupid and shortsighted, and motivated by money, so they have a reasonable chance of success.

    The best attack is to not let it get implemented at all, ever. Ignoring by assuming that it can be cracked, or that it won't sell (even when there are no alternatives) is not going to help our side of things. We should also crack it, and also refuse to buy the hardware whenever possible, but that's not all that we should do.
  • OK, somebody please explain this to me. Why don't they just use mpeg? Why do they insist on using a proprietary format? What advantage does it give them?
    ___
  • Here's a log of winsock calls (and return data) that was issued by media player 6 on a win2k box.

    It's on the long side, and includes a little bit of the video data (from b4 I killed media player, as all I wanted was how media player convinced it to download)

    (slashdot is evil, can't post the code, stupid lameness filter)

    find it at http://yucs.mc.yu.edu/~spotter/hello.txt
  • Yes, that's why I did the socket dump, but I haven't had time to play with it. Feel free to take a look at it and figure it out.
  • yes it can only play in windows, but download the asx file, open it in notepad, and what do you see

    http://cobb.stanford.edu/ee380/010404-ee380-100. as f

    easy enough to save.
  • my bad. It seems they are evil. and they ignore requests from non any media player apps. But as it is using http to stream, this should be easy enough to figure out.
  • as they usually are informitive,

    but then you get these bone heads who like to be the first to post here and mess up our lives..

    (turns on the TV)
  • Well, frankly I hadn't known about it. In fact, I had a class upstairs not 15 minutes before this started. Gr.
  • That's true, right up until the point that you DeCSS the original DVD data, producing unencrypted data. Remaster, burn to DVD-R, and off you go - unless the DVD consortium is planning on making it impossible for corporate/home users to produce their own video on DVD, I don't see how you can stop it from happening.
  • I should have been a bit clearer in my post, sorry. But I don't understand how this makes DVD's (as they currently exist, anyway) any harder to decrypt. The whole point to CPRM, as I understand it) is to restrict users abilities WRT data that they don't "own" ("own" in the copyright sense, anyway).

    But, if I have a fast enough system to DeCSS a disk on-the-fly, such that no encrypted data ever touches my CPRM-enabled hard drive (although I'm not sure if I'd have to go to those lengths anyway), then as far as CPRM is concerned, that raw, unencrypted video file is mine - I own it, I created it, and I have the right/ability (in the TECHNICAL sense, not the LEGAL sense) to do whatever I like with it.

    In this limited case, the weak link is the DVD spec, not CPRM. Since DVD is broken, unless they change the DVD spec, I can produce unencrypted data which, AFAIK, CPRM has no way of knowing actually belongs to someone else.

    And I don't believe for a minute that a watermark yet exists that can't be scrubbed away (who know about tomorrow, though?). There's only so much you can do to digital media without affecting quality, and I've seen no evidence that watermarks exist which can survive the sorts of conversions/compressions/modifications that even normal users do, let alone someone actively attacking the watermark. If you want to wipe a Digimarc watermark, for example, it's not exactly hard - no statistical analyses of LSB's or any crap like that.

    Or am I missing something? I don't claim to be an expert on CPRM, and I make no claims about more secure media which doesn't exit yet,so if I'm totally off-base, please let me know - I hate to wander around all ignorant like ;)
  • My bad - for some reason I thought this was ATA-only, but after rereading the proposal more closely I see that The Man is actually targetting ATAPI devices from the outset. CPRM on ATA hard disks seems like a bonus side-benefit for them.

    I stand corrected. And that's more of an admission than you'll get from most people here.

    On the other hand, "everything you know is wrong" is a pretty strong statement that I will take issue with ;)
  • Actually, most mathematicians prior to (maybe around) the 19th century kept most of their formulas secret. There were various reasons for this, and I unfortunately don't have any sources to cite regarding this (though I read some about it in the biography of paul erdo:ch(sp?), maybe in a few other places), but there were a number of reasons. Mathematicians would challenge each other to algebra contests - if they kept their solving methods secret, they could solve certain problems that no one else knew how to solve. There were methods for solving certain polynomials of degree 3 that weren't known until several hundred years after they were first found. Also, some just kept their work secret I guess for the hell of it. Gauss was supposedly really bad about this; people are still probably unearthing his notes.

    The greeks, or at least some of them, were no stranger to this sort of secrecy. As someone pointed out, pythagoras was pretty bad about this too. He was a cult leader as well as a mathematician - he supposedly (though this is probably an exageration) had someone executed for pointing out that the hypotenuse of some triangles weren't rational numbers. (he really like rational numbers)

    And you are talking mostly about philosophers, but mathematicians used to be mostly philosophers.
  • In the summary, QuantumG makes the arguement that if keys are hard to get from legit devices, they will necessarily be hard to get from blak boxes too. This isn't necessairily true. If you are a cracker, you will need to peel back the insulation on the chip and understand the lithography of the chip (hard), or use a brute force, exhaustive search of the entire keyspace in software (not technically hard, but takes billions of years). However if you are CPRM, you have a list of all the valid keys sitting on your desk, so rather than an exhaustive search of the entire keyspace to find out what key a black box is using, you only need to test the keys on your list. This is trivial, and as such makes it very easy to deactivate a comprimised key, even though getting keys out of legit devices is still hard.

    cya
  • Recently I discovered asf recorder.
    Very useful for getting around short-comings of certain streaming video applications. Search for it [google.com]

  • Makes you wonder what sort of desktop box Michael is using, doesn't it? Ah well, as long as you can get perl on it it's good enough for /. :)

  • As my first grade teacher pointed out to my everlasting shame, there's no such word as "firstly". :)

    Firstly, as players like Microsoft move towards, the leased software .NET model of distribution, there will be a decreasing need for copy protection as there will be less software to copy.

    The big issue with CPRM is content (music, video), not software protection. Software copyright protection has been tried and pretty much rejected by consumers. Although if CPRM becomes a reality, I could see software companies making use of it.

    Although I applaud the efforts that have prevented CPRM from being part of the spec., there will continue to be some sort of HW-based protection mechanism in the works as long as hardware makers think they can make money off of the content industries from it. Consumer disdain is the only real deterrent to CPRM, and it remains to be seen if consumers will care enough or even notice. You might say I'm prepared to be disappointed :)

  • All I can say is:

    "I never heard that word where I grew up in Shelbyville."

    "I don't know why, it's a perfectly cromulent word."

    (now I'm mad I didn't stand up to her!)

  • Yeah? Try looking at the file you just saved with at text editor. It will say something like 'ASX 0023581-153-25.asx' The web server doesn't even send it unless it's the asx client making the request....

    *sing* I'm a karma whore and I'm okay....
    I work all night and I post all day
  • the asx file points to an asf file which points back to itself....very strange

    *sing* I'm a karma whore and I'm okay....
    I work all night and I post all day
  • Netscape under Linux had no problem saving it, I just clicked on the link and Netscape didn't know what to do with it so it popped up a "Save As" dialog box. ;-)

    I'm willing to bet the same thing would happen if you browsed the site with Lynx.

    If you're actually using a Windows box (and I pity but understand your reasons for doing so), you should be able to just remove the MIME association in your browser and click the link.

    On second thought, what about right clicking the link, or shift-click? Don't those allow saving the content to your local drive?
  • That doesn't work, but streambox VCR 1.0 beta 3 (if you can find it) can save it fine.

    I would post the (50+M) asf on my website but I can't handle being slashdotted.

    If you have a decent mirror, respond here.
  • ASF versions of VirtualDub are available for download from Doom9's DVD/DivX site, at www.doom9.net.
    HTH. HAND.
  • Yeah, there is that. Myself, I'm never going to give up my un-CPRM hardware, so I'll always be able to do what I want with media.

    But, I doubt it'll take long for the watermarking to be cracked. Detecting watermarking isn't something you're going to do in an custom chip, it's going to require a fair bit of horsepower and a general purpose CPU. This essentially means that the watermark reader is 'just' software, and thus much easier to crack. Once it's cracked, we'll know what it looks for and how to block it. Watermarking is *only* security by obscurity. Once you know what they're doing, you know what to undo.

    This assumes that the watermark checking is done in the speakers and monitors. If it's done in Media Player, for example, it'll be even easier to crack. (That is, assuming the next hacker at MS doesn't just grab the source for WMP.)

  • I agree, we should fight it in all ways. I have purchasing approval at my company and I'll never approve CPRM hardware, as long as anything else is on the market. And I'll speak up to the HD manufacturers about it.

    And as to the sticking with the computer... My Apple2 couldn't play music and videos as well as a stereo and TV. If they go with the watermarking and it can't be cracked, I'll simply wait for the DeCSS of the future and play the watermarked video on my current PC.

    I don't mean I'll never upgrade, just that I'll keep my current hardware as well, if they build backdoors into the new stuff.

  • Finding the purloined key (Score:3)

    by WNight ( 23683 ) on Thursday April 05, 2001 @07:00AM (#313664) Homepage
    Finding the key a device is using will be easy. The content creators will have a list of all of the keys they used (true even if there were thousands or millions of possible keys, in a search space of 2^128) and can simply feed the device a media stream encoded with various keys until it decodes it.

    Whereas hackers can't do this because we'd have to try all possible keys, not just a short list of potentially valid ones.

    Hackers also aren't likely to build a device in such a way as to make reverse engineering the hardware difficult. (My company makes custom hardware and it's quite expensive to make something that a skilled engineer can't figure out.)

    FPGAs are out, because you send the 'program' to them on startup. You can do clever bootstrapping where there are multiple layers of encryption, but that just takes more time - proportionally more of yours than of the attackers. ASICs are more expensive (being custom) and are usually a fairly standard chip, like an FPGA, except that it's preconfigured (and static). This means that if you do open it up and examine it, it's not that hard to decipher. So you're looking at a special-made chip, designed not for efficiency, but to be hard to understand.

    That's massively expensive, you need HUGE volume to make the cost bearable.

    A hacker would just use an FPGA and some flash-ram, to allow reconfiguring with new keys when they were needed. Who cares about killing WMP by invalidating all its keys...

    As for why it's hard to get all the keys from a device...

    It would decrypt one key at a time and use it. Only if that key didn't work would it use another, probably encrypted much differently. You'd have to wait till media without the first key was released to be able to 'easily' snoop on the device with logic probes and capture the key.

    Finally, software... The idea is to not give WMP a decryption key. WMP would have an access key, to perform the basic 'release the encrypted data stream.' It'd then pass this off to the USB speakers which would perform the actual decryption, in a chip right on the back of the actual speaker, to reduce the length of the wire with the unencrypted signal in it.

    The industry won't do another DVD CSS, where it plays on 'open' hardware. They know the weak link is software. They'll put CPRM in all the devices, without using it, and when the market is saturated with it, they'll release media that requires a CPRM HD, a CPRM monitor, and CPRM speakers.

    Of course, now that the DeCSS has woken us up, and more people know/care about the issue, it'll be worth a few talented engineers ripping the actual hardware apart and decoding this. And when it does come tumbling down, it'll *kill* the industry behind it. They'll have basically given the encryption chips away for free to manufacturers (to encourage their use) intending to make it up on licensing fees from the media people. When the scheme gets broken and companies get POed that their DVD player is being excluded from new media, they'll drop the scheme. And when the media people realize that their user base is drying up they won't try anything basic on hardware again.

    It does raise the bar on hackers, but it REALLY raises the bar on designers and implementers. And it only takes one skilled hacker to bring it tumbling down.
  • > a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer.

    Ummm learn how to use google.

    asfRecorder [linuxberg.at]

  • Well, I wonder if their protection scheme would deal with you simply starting tcpdump on a linux box next to the windows box, caputuring the entire conversation with the server and then later playing it back to the windows application again. (granted, you have to later set up the windows box to use the linux box as a router, spoof the address of the site if it was hard-coded, ...)
  • Thats why I was saying "I wonder if". If I were implementing the protocol that the video is streamed over, I'd certainly implement it in a way that authenticated based on a cryptographic checksum, was encrypted, ...

    However, we already have proof that many other systems (see DVDs for an example) don't necessarily do a good job of the protection they do implement.
  • The speaker was talking about how this technology didn't hinder copying of data, so you can copy is, but the 'unique media key' isn't copied, so your CPRM complient player won't play the data, since it can't find the media key.

    What would prevent people from creating their own media players that don't follow the CPRM standard, and play the data (video, audio, etc.) regardless of the media key.

    Please correct me if I'm wrong.

    ...and I'm not sure we should trust this Kyle Sagan either.
  • I was watching the lecture, and after about 5 minutes of the Prof. talking about how you had to be to 8 of the 10 lectures, otherwise you wouldn't get credit, I realized that I was late for my Astronomy class....

    Oh well...

    ...and I'm not sure we should trust this Kyle Sagan either.
  • SDMI devices watermark content for you when you add your own (non-watermarked) content. This isnt a line of defence, its a means of tracking who created the content. That being said:

    It would be virtually impossible to sell users a system which does not play their existing non-watermarked content. I own >300 CDs, which would cost me £3-4000 to replace (and that's just CDs!). The cost of a PC is sub £1000, and a CD player is peanuts. Hence I (and others) would far rather buy an alternative device to play on than replace my media. So, you're not going to get rid of non-CPRM data for a long time yet.

    Attempts to introduce uncopyable CDs as a stopgap, like Gmbh did, have foundered on peoples unwillingness to buy media which might not play on their own machine (10% of players in Gmbhs case).

    The bottom line is, theres nothing here for consumers. Unless theres something in it for me, why would I buy CPRM hardware? To turn your argument around, 'few consumers will bother with having a special nonstandard system (CPRM?) to NOT PLAY their content'

    -Baz
  • Pirates working in volume have access to industrial equipment. Hence the argument that this prevents 'perfect' copying is crap. Its aimed against copying by the consumer.
  • I ran ispell bitch, you want to give me an example of something misspelt?
  • no worries.. it was like 2am when i wrote this and yer, I got dissed on the register for saying "quitely convincing" which the guy didn't know if I ment "quite convincing" or "quietly convincing".. frankly I was just trying to introduce the word "quitely" to the english language in a subversive way ;)
  • hehe.. ok, sorry to dis ya.
  • what do you mean "more"? No-one attended. Not a single person. Not one.
  • I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.


    Thanks for thinking about this. I specifically asked Lotspiech this question and outlined the senario. His response was "umm, so you dont believe in tamperproof software" I told him I didn't and he said "no, neither than I" he then repeated his statement about this being a "little speedbump". As for the question of this going into harddrives and harddrives doing the decoding, it's not going to happen for the sole reason that there will not be standard and 4C cant control the manufacturers.
  • Once again, very nice to see people thinking about the technology. Lotspiech was quite agreeable with the claim that WMP would have keys inside and that you would be able to break it. I dont see your claim about the key's being decoded one by one. Even if this is how it works (and I'm not saying it is) then one can always note that key, flip a bit, watch the decryption fail and get the next key. Scratching the DVD could be the simplest way to get a player to give up all its keys. Also I dont think this is going to be a custom bit of silicon. These days the line between software and hardware is so blured in consumer devices that most just use a "secure processor" which contains some firmware. This is hard to break, but if you're going to succeed, you are going to get all the keys, not just one. It occurs to me that 4C being able to essential paperwieght a lot of hardware that has already been sold to stop people copying content is a little too draconian.
  • first to post

    No, that would be the only person who went. There was a guy from The Register there, so you might see a story come out of it, but basically we had access to the creator of a technology that everyone makes a big stink about, who you could have asked questions, interrogated (and John did man) or otherwise annoyed, but no-one went.
  • it's not really trivial.. you have to encrypt a plaintext message with every one of your (how many billion) keys and then feed them in one by one. But yes, this is how they would do it.
  • The unique id is hashed with the media key and the key you retrieve from the media key block to get the cypher key. You could build a device that just tries to bruteforce the unique id (which is on the burst cut area of the dvd that you cant write to) but you cant use a standard player, and that's the point.
  • damn straight. It is my summary of CPRM, which I can sum up in one sentence: it aint gunna happen.
  • Microsoft provides the data storage for Stanford (as if Stanford can't afford a few gig harddrives) and as part of the agreement they have to use WMP format. The lecturer was quite upset about this.
  • No, there's a uniq id on the hub of the DVD (in the "burst cut" area that can't be written to by anyone who doesn't have funky lasers) which is hashed with the media key and the key taken from the media key block (which you need the device key to decode) to determine the cypher key. So you essentially copy all the bits off the DVD and put them onto a new DVD but you cant change the uniq id in the burst cut area so the player cant decode the data.
  • no not at all. If I'm going to have a boot in my face I want it to be a real boot. Not some fake boot that I have to pretend is real because there's a law that says it is illegal to break it. The mere fact that you can build circumvention devices shows that it is impossible to do this. So yes, come up with a better system and I will break that one too and another and another and in 10 years time when no-one has been able to agree on a secure music standard, I will know I've won.
  • Worth it? I dont understand, the question is, do you want something that really is hard to get around or do you want something that you are required by law not to get around. I think it would be amuzing to see the battle between DVD rippers and 4C, but I'd much rather see it on a more level playing field. So far what I've seen has not impressed me.
  • Well John Gilmore pretty much stole the floor which you can see if you've seen the flick. I think the organiser actually gave his microphone to John. Basically everyone in the room was like "I can break this, I dont even have to go home and think about it, I'll break it right now" which is a sure sign that your system is lame. But yes, there were some serious questions after the presentation about why Jeff was doing this. He appeared like a very ivory tower type who had fallen into a project that would have actual real effects on society and he had no real idea about what was happening around him. The most worrying thing he kept saying was "well, this is just entertainment" to which I quite annoyingly pointed out was another word for "culture", something that he is actively aiding a cartel to control. His opinion was that this technology is useful to avoid overbearing laws. Laws that make the DMCA look tame.
  • The point is, this is a new encryption system which is more effective than CSS. If you can decrypt the DVD then you can reburn with no encryption, no problem, but the system is supposed to make it hard for you to decrypt the DVD.
  • What part of my sentence are you not understanding: CPRM replaces all existing DVD technology. Everything you know is wrong. CPRM will encrypt the content that is on DVD disks now with a better encryption method than CSS (well, apparently). Hope that's clear.
  • I've already debated the question of whether copyright is good or the media companies have rights to do this crap until the cows come home. Let's stop arguing and do what we can to fuck over these evil plans. If we go the way of law the only people we have to protect us is lawyers and politicians.. at least if we go the industry way we can fight the fight outselves. Let them copy protect everything, there will be ways to get around it and hopefully it will piss people off enough that they will starting thinking about whether these media cartels are a good thing for them or not. But inact laws and we will be spending all our time talking to lawyers and worrying about being thrown in jail.
  • I love the way you talk about fair use. The cryptographic system in CPRM is precisely a response to fair use. You have the right to space shift and time shift your stuff, so go ahead, CPRM wont stop you. What you dont have the right to do is make verbatium copies.. that is what the challenge is going to be. That is what's gunna be interesting to watch. For once we might see the a real war over copyright. Not some war where pirates do their little thing and the lawyers do their little thing. Instead we'll have crypto on both sides, fighting with the same tools. If you're a normal user you wont have any problems. If you do have problems, well hey, it's your money, dont buy their shit.
  • You know why you are allowed to make copies of dat tape? Because you pay a tax to the RIAA every time you buy a DAT tape. You will have no problem time shifting programs with CPRM devices. The question is, do you want some bullshit legal requirement that everyone who writes a program to copy files has to make sure they are not media files or do you want something that is a little more workable? You cant say "I dont want anything, I want no protection" because the guys with the money have people in congress who do want it.
  • > What's the big deal about not being able to save it? If ya can't save it that's a very effective form of copy protection. I can't seem to get my stupid windows box to view it :(

    That's not a bug, it's a feature. After all, if you could view it, you could tell us what you saw, and that'd be violating their copyright, right?

    Unviewable media is the best form of copy control of all!

  • This sounds very suspiciously like a bastardization of a mechanism IBM has used for years on midrange to control access; Well, save the CPRM functions were done in hardware alone there..
  • You said it, man.
  • you can use ASF Recorder to download the file, and avifile/aviplay to view it, ALL ON LINUX.

    a link to asf recorder is in my .sig.
    -----

  • No idea what Cougar is, but the reason you only ever get back the asx is that it checks the USER_AGENT. Only if it == WMP will it send the actual file. I feel a hack coming on...
  • Stanford has the video online, in a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer. There's some sort of lesson there, I think. But the video is good, well worth watching.

    What's the big deal about not being able to save it? If ya can't save it that's a very effective form of copy protection. I can't seem to get my stupid windows box to view it :( oh well.
    --

  • The real problem.... (Score:4)

    by bencc99 ( 100555 ) on Thursday April 05, 2001 @05:14AM (#313698) Homepage
    ..with CPRM is that they've been pushing for it to be integrated into the ATA specification, which contrary to what they claim *IS* very relevant to hard drives. They claim it's specifically for removable devices, but almost all removable hardware uses the ATAPI commandset -of which CPRM won't be a part, so it will be largely ineffective from that point of view.
    AFAIK, the only mainstream removable device that uses ATA is onstream's series of ADR tape drives.

  • Why didn't more slashdotters attend...? (Score:3)

    by brassman ( 112558 ) on Thursday April 05, 2001 @05:18AM (#313699) Homepage
    I didn't, for one, because I'm in New York. (Duh.) As Steven Wright once said, "It's a small world, but I'd hate to have to paint it."

    That's one of the nice things about the 'net -- we *don't* all have to be there. (And John doesn't have to lug as many t-shirts.)

    Thanks for the article.

  • You can save it if you use an older version of Media Player. I'm using version 6 which comes with IE5.5.


    +++

  • What's the big deal about not being able to save it?

    Normally, this wouldn't be such a big deal, but what about us with slow connections to the net? Not being able to download it on a fast connection and watch it at home just ensures that people with slow connection won't watch it.

    ----
  • There's a second line of defense. There's a watermark in this system, too. The idea is that unmodified devices won't play a watermarked file unless they also see the decryption/authorization process taking place. Thus, even if someone cracks the protection, they can't create a file that will play on unmodified CPRM devices.

    That's what really makes it work. The concept is that a consumer's unmodified system won't play cracked content, and few consumers will bother with having a special nonstandard system (Linux?) to play such content.

    There's been some success in removing watermarks from audio, because it's hard to put a good watermark in audio without damaging the sound. But there's so much information in video in which to hide watermarks that watermarked video will probably resist attack.

  • Oh well in the future we can just release utilities like that anonymously, until the software enforcement bureau comes and raids our homes because we were suspected of sending a controversial file over the internet.

    Sounds like a perfect use for Freenet [sourceforge.net].

  • not knowing anything about the m$ format, i tried the standard 'telnet to port 80 and do a GET', which doesn't work, but does feed you a different url prepended by 'ASF'. opening up that one with the same method gives you a 500 response (server error).

    so i opened a connection from a windows media player to a url on my linux box, and captured the GET query with ngrep (Accept:*/*, User-Agent:NSPlayer/4.1.0.3856, + host and pragma info relating to framerates, and an xClientGUID).

    pasting that line into a quick and dirty perl script does get you binary output, but it's too short to be the actual stream (~1k) so i'm assuming that it's another redirect-like command.

    not really interested enough to actually try to get this part of it down at this point, at least not while there's downloadable utilities that'll do it for me. just thought this was interesting and not really off-topic because this story *is* about copy protection, after all, and this 'streaming-only' enforced through client software obviously isn't anything more than mildly annoying.

    if this is the wave of the future, it's not going to do a whole lot in terms of stopping anyone curious, let alone malicious...



    (email addr is at acm, not mca)
    We are Number One. All others are Number Two, or lower.

  • I just finnished watching it ... most interesting thing mentioned is that the scheme only used 56 bit encryption! Since this is a "simple" cypher it should be possible to brute force working keys. The only thing making it hard is the fact that the encryption algorythm is going to be a trade secret.

    I suspect that there will be a generic crack of this whole CPRM system in fairly short order since it does not appear to be a real improvement over what was done with DVD.

    Ok what are the variables:

    • A player specific key.
    • Media specific key that is incrementable for R/W media like HD & Flash, fixed ID for DVD, DVDA, DVD-R and CDR.
    • A matrix or tree (added in the past couple months) "media key block" containing a list of valid keys.
    Here's how it sounds like it works for playback:
    1. The player retreives the media key uses it's key and some magic hash to determine were to start looking in the matrix/tree for it's key.
    2. The player then uses that key to try to decrypt the track key, if it fails try next key in matrix/tree till you succeed.
    3. The track key & media ID key is used to decrypt the content for playback via the magic "C2" encryption.
    Result: You copy the data to different CPRM media, the media ID is different and so won't play back. You copy the data to non-CPRM media, still no good cause it's encrypted.

    For recording it works a bit different:

    1. The player retreives the media key uses it's key and some magic hash to determine were to start looking in the matrix/tree for it's key.
    2. The player then uses that key to try to and generates a track key.
    3. The media ID and track key is used to encrypt the content.
    Result: same as the prior example.

    Copying is doing the above two togeter, it just requires that the software honor the copy permission data, and to get licenced to use CPRM you must play by the rules or dire consequences will ensue.

    The bright side I see is the tree scheme seems to depend on approx 500 root keys, and if you can figure out the algorthm for calculating the rest in the tree you have every key in that tree.

    Result:

    1. They have to pull keys for whole groups of manufacturers, pissing off consumers and manufactuers.
    2. Game over, they give up, and go into a corner and suck their thumb.
    3. They ingore it publicly, sue you and everyone you know into the stone age, and say it was not a significant hack.
    4. Buy a law to make reverse engineering, debuggers, logic analyizers, and thinking illegal unless you are specifically licenced to do so and work for one of five companies.
    Hmmm probably the last two I think!

    Do I have it right or am I missing something?

    - subsolar

  • Hmm... be glad he's giving them away for free, and not selling the lecture notes because that's illegal [slashdot.org] in California.
  • Firstly, as players like Microsoft move towards, the leased software .NET model of distribution

    i.e. Microsoft sucks

    Additionally I am sick and tired of intellectual property

    i.e. Microsoft sucks

    the open source software community is such an amazing addition to the all the sub-groups of software developers out there

    i.e. Open source software is better than Microsoft, which clearly sucks

    But wait... here it comes...

    And for an additional quick stab at Microsoft

    Get ready...

    I haven't upgraded MS-Word to the 2K edition because there's just no need.

    i.e. MS Word has so many nice features that I don't even need to upgrade it.

    If you're going to slam Microsoft, slam them across the board. "The right tool for the job" idea is strictly forbidden here.

  • No not so much that as I have just yet to find the job for which winders is the right tool. If you know of one please let me know.

  • Re:So you can't save it.. [OT] (Score:3)

    by digitaltraveller ( 167469 ) on Thursday April 05, 2001 @05:57AM (#313709) Homepage
    Recently I discovered asf recorder. Very useful for getting around short-comings of certain streaming video applications. Search for it
    Actually on the wake of Slashdot's interview with Doug Miller we should interview the author of Virtual Dub and ask him what he thinks about Microsoft's quest for interoperability. Virtual Dub was a free program for among other things conversting asf files into other formats. M$ legal department utilized standard Corporate America bully tactics to get him to remove that functionality from his program which he achieved by good old fashioned reverse engineering.
    Oh well in the future we can just release utilities like that anonymously, until the software enforcement bureau comes and raids our homes because we were suspected of sending a controversial file over the internet.
  • So tell me, who has the "proprietary and restricted" format?

    ?!?
    Your basic assumption (that most people here are OK with Real but not with WMP) is, AFAIK completely wrong. Real are every bit the bastards M$ are, possibly moreso (for reasons you point out).

    Saying WMP is bad is not saying that Real is Ok, it's saying that WMP is bad. If the format was Real, I'm pretty confident the no-save remark would have been made just the same - when you try to save and are denied, that pisses you off a lot more than any MS-but-only-MS-hating agenda would.

    No-one has said that the shit Real pulls is acceptable. It isn't. But just because Real pulls it doesn't mean that MS should be exempt from criticism when they do the same.

    If the excuse "don't blame us - we're not the only ones doing it" had any validity, the world would noticably be even worse off than already is.
  • What would prevent people from creating their own media players that don't follow the CPRM standard, and play the data (video, audio, etc.) regardless of the media key.

    The law, i.e. DMCA. Sure, they won't go after someone building something by themselves for their own use, but they will go after any Consumer Electronics firm who tires to come out with a mass produced, non compliant player (look what happened with the Rio and DAT).

    N.

    If you don't have anything nice to say, say it often.

  • I'm at 18 minutes, and it does seem that this guy is a friggin' idiot.


    I have a shotgun, a shovel and 30 acres behind the barn.

  • For people who really want to trade copyrighted MP3's and videos, I don't see what the problem is. Why not just play it, take the analog output, and redigitize it? You then have a digital version that can be copied ad infinitum. For audio, it seems like such a trivial hardware hack, you could probably do it without even breaking out the soldering gun. Only a little less trivial for video.

    Then again, I think it's a pretty sad commentary on the free information movement if all everyone wants to focus on is taking information instead of making some. The reason you've heard of Linus Torvalds isn't because he cracked the copy protection on a proprietary Unix. Sure, it's loathsome to have this kind of copy protection shoved down your throat the next time you buy a computer, but I'd rather see a vibrant, independent culture based on free information than a parasitic one that just whines a lot and sponges off of the big-business media.


    The Assayer [theassayer.org] - free-information book reviews

  • Copy protection. Its a word that's around everywhere now, from digital music to DVD movies, and comming soon to a licensed software package near you.

    Firstly, as players like Microsoft move towards, the leased software .NET model of distribution, there will be a decreasing need for copy protection as there will be less software to copy.

    Additionally I am sick and tired of intellectual property. Sure we all need to get ours but... if half the ancient texts were "copyrighted" and guarded as intellectual property (and I'm talking mostly philosophers here), then we would be missing critical portions of our fundamental knowledge base, like the Pythagoran theorums, and many of our claims about the universe, which began with Plato and his fellow thinkers.

    This illustrates yet another reason why the open source software community is such an amazing addition to the all the sub-groups of software developers out there. It's not that they are against intellectual property, far from it, but they are willing to share. A amazing example ot a simple childhood concept comming back to change the world. "Now Johnny, share your Quake 3 game with little Debbie, she wants to kill and main too!"

    And for an additional quick stab at Microsoft, because that's the order of the day here at Slashdot anyway, I haven't upgraded MS-Word to the 2K edition because there's just no need. It already does word processing, web pages, document summaries, cooks breakfast and dusts around the house, do I really need the next version to make my bed and wipes my ass?


    yoink
  • Thank You! I so rarely see Blake's Seven fans!

  • The mascot is copyrighted, actually. Something tells me, they don't have the permission to use it :)

    The very people who give lectures on protection of copyrighted content...

    -mi
  • Umm... Troll?

    He's barely on topic, and the whole thing could be pasted onto any copyright discussion. But, since no one else is discussing the story, free mod points!

    Of course, there often appears to be no difference between the clever paste-from-file troll and the poster who hasn't figured out the culture yet (post on topic, few if any offtopic "additional stabs"). Letting this rambling stuff get modded up just encourages this kind of behaviour.

    Since I'm breaking my own rules, should I post or not?... sure, it's a slow day.

    If it isn't a troll, then - The topic was not intellectual property or software copyrights. The topic, if you cared, was about a contraversial new technology that promises to allow media copyright holders (recording companies, movie studios, cable broadcasters, etc) to enforce, in hardware, their copyright restrictions. On one hand, this seems preferable to enforcing the restrictions in law, since that would involve violating privacy and getting the government more into people's lives. The bad part is it gives the consumer no advantage, except perhaps the studios would release more copyrighted materials if they thought they would be safe.

    To argue that this is a good thing, is to say that copyrights promote artistic progress, since innovators and creators and facilitators can be sure that they will earn a living off what they created. John Carmak et all made Quake 3 only because enough John's and Debbie's would buy it to make it worth their time. To argue that John Carmak should freely share what he created is like saying "Johnny, you get 2 dollars allowance, but Debbie didn't do her chores, so she gets none. But to be fair, give her one of your dollars."

    Sharing and open-source work well for those who want to share, and who have independant means to support themselves. Those who live off their work deserve to be compensated for it. Forget about nursery school and childhood, this is the adult world. If you have a talent, and you make your living off of that talent, then if people steal your creation, then they are attacking your ability to survive, and discouraging other talented folks. If record companies, Napster users, movie studios, and Gnutella users could find a way to fairly compensate those people who worked to create the art, then the world would be a little better. If Linus couldn't afford to pay the electric bill, then Linux wouldn't be in such great shape today.

  • I saw that tree structure toward the end of the lecture (45 minutes in?) It looked like it was a recent development (last 4 years), and I wasn't sure whether they were contemplating it or implementing it.

    The idea is that there is a tree of all possible keys, and each manufacturer is assigned a branch. If the manufacturer is a rogue manufacturer (gets a large number of keys to use, then violates the licsense by distributing them publicly), then you can just specify a root node as being invalidated, and all the rogue keys are invalidated.

    It sounded to me, however, that a node was a set of sixteen keys. The tree structure simply makes it possible to test if a node was a child node of a rogue parent, and thus invalidate ALL the keys. This was to mitigate the rogue manufacturer strategy, not the clever hacker attack. BTW, it would also help if a clueless manufacturer leaves his keys in a easily retrievable form - the bad manufacturer's keys can all be invalidated.

    It also seems that the clever hacker gets the best of all possible worlds. If he can get the keys for a device, and can fool the software into running for him, he can play anything he likes, without consequence - none of the information is sent back to a central server. When he shares this info, and it becomes popular, his hard-won keys are invalidated, and he has to start over. Unless he is motivated, he will eventually quit sharing, and keep his keys to himself. If he distributes a method to get keys, based on one manufacturer, all that manufacturer's keys might be revoked. If it breaks the encryption (a posibility they won't even consider), then all keys are open, and all bets are off.

    There is a bit of confusion about what this technology really is, which is increased by the fact that the impementers don't want to give out the details. It would be nice if someone put together a web page of what we know about this technology, so we can come to some concensus on it.

    It would also be nice to have the "rogue hacker in Norway" chart, outlining when he was mentioned, and his movements about Europe. Different people refered to him being from Norway, Sweeden, and I even heard a Germany. That hacker's on the run!!!

  • If you want to go after large-scale pirates, you use law enforcement, warrants, or, in some cases, diplomacy and trade threats. This is something law enforcement can do - work with a focus on a single target, and allocate resources comparable to the task at hand.

    Mass consumer piracy is harder. If everyone is doing it, then you have a problem enforcing the law. There are few squealers, and it fails a cost / benefit test. The best way to prevent it is to make it technologically difficult to pirate media, and ocassionaly beat the bush to get the pirates, spending all the enforcement time, money and energy at once. It is possible to pirate cable TV, but you need the equipment, and every three years or so they run around looking for cable lines that shouldn't be there.

    So, yeah, this is aimed at Average Jones, not the mass-market pirates. The alternative may be no digital content. Back to the VHS (macrovision) and audio cassettes!

    BTW, the guy was arguing that perfect copying was possible, and that this was a benefit. The difference is the decryption, which is difficult and propriatary, and the licsense, which means the reader and the media itself have to shake hands and decide the user is permitted to play the data. What happens when companies close, or media goes out of style? For a preview of what's to come, ask someone who bought a DIVX player what they did with all their movies.

  • Interesting Lecture. (Score:4)

    by JWhitlock ( 201845 ) <John-Whitlock&ieee,org> on Thursday April 05, 2001 @09:15AM (#313720)
    I'm watching the lecture now, and I'm impressed by the quality of the video. Some text is illegible, but I'm sure the PowerPoint presentation would be availible elsewhere. There are multiple cameras, cuts to the audience, etc. Stanford has a pretty professional system.

    The speaker is fairly vague about the whole thing, or perhaps I'm not familiar with the tech. The idea seems to be that each device gets 16 (out of 2^64?) keys, that will allow the device to decode a file in their propriatary and patented C2 algorithm. Devices may, by chance, share one or more keys, but not all 16. In addition, keys appear to be serially numbered, so that decryption uses Key 7892's data, as well as the fact that it is key #7892.

    If key X is compromised, and the powers-that-be discover it on Day 0, then on Day 1 all new media would return garbage when key X was used. The distributer of the key wouldn't be affected - he has 15 keys left. Other users shouldn't be affected - most still have 16, some have 15 left. Users of the illegal key would be unable to see new media, but Day -1 media and earlier would still be accessible.

    In any case, new media has a serial number, and some standard fields (some in write-only space) that encode the permissions on the media - if copies are permitted, if instead copies are "check out", deleting the original. Complying devices, the only ones with keys, obey these fields because they agreed to when they liscensed the technology. The speaker claims that there is no restriction on copying data, but you either have to know the decryption algortihm (very hard) or have a keyed device to decode the file.

    Under the scheme, you could have a peice of media with serial #4, with encrypted data and instructions that the data can only be played if it resides on media with serial #4. Since you need industrial equipment to write a serial number, you can make a perfect copy of the Matrix DVD (onto media with a different factory-endoded serial number), and a compliant player would refuse to play it. If my Matrix DVD was re-writable, I could image the DVD to my hard disk, for back-up purposes, tape South Park on the DVD, then when I wanted to watch the Matrix again, copy it back to the original DVD, and only then it would play. If the original was physically destroyed, I'm out of luck. Backups, in the traditional sense, would not be allowed. He aluded that all complying media would have some writable areas, to allow the accounting needed to make backups, etc.

    So it's a combo of technology, licsensing, and patents. Great.

    The submitter's webpage argues that software players would break the system. It might be hard to retreive a key from hardware, but not as hard from software. He argues that Window's Media Player would have 16 keys for all copies, all these could be found, and soon WMP would no longer work. Microsoft would have to issue a new WMP, and the cycle would continue.

    I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.

    However, I doubt that this tech will be used on hard drives. They would have to standardize the encryption, which they don't want to do. More likely is that CD-ROM and DVD-ROM drives will be unable to play CPRM CDs at all. We'll complain, the content providers will say tough shit, buy a new CD player. Since all previous technology would become obselete, I doubt this will catch on like wildfire.

  • Speaking of which, I think I have access to an older copy (which does do ASF). I don't have it, but I'm pretty sure a friend does. Email me if you can't find it online, but it'll be a few days before I reply, so go look for it online first. Also, it's GPL, so the old source should be out there if someone wants to integrate into new source and release anonymously on freenet. That'd be cool. I don't program well enough though. BTW, it's a very good tool for what it does (Linear video editing; Premiere and the like are non-linear; VDub is NOT useful for NLE tasks).
  • Ok, after actually ** attending in person ** this lecture, I think most of the posters are missing what he was saying. There are more than 16 keys, and you could not compromise the sceme by finding 16 of them. They are using this scema where there is a tree-based key system, with each leaf being a key. Clearly, this is more than sixteen for any sizeable tree (although he didn't actually specify the tree size). Really, the best way to break this system is with the above mentioned attack on the serial number (but serial numbers are 2^64, so finding a matching serial number or one close would be nearly impossible, as serial numbers are incrementable). The thing I'm most sceptical about is the C4's consotium's invalidation of media. The real war will be as hackers create a program with a hacked key. C4 invalidates the key in all new media. Hacker compromises another key, creates new program, etc. The issue is that Joe Blow on the street won't have the energy to constantly be looking for hack players. It will be a serious pain in the ass to hack, and only for people with a lot of time on their hands. By and large, Hollywood/RIAA will get their copy protection money on this (how many hackers do you suppose pay for music anyway?) The other interesting thing is the guy from IBM was constantly referring to the 'rogue hacker in Norway' as an example of people who would want to get around the CPRM system. This is an obvious attempt to marginalize the people who actually want to use their paid-for media in legitimate ways (i.e. ways that are not against the law). It will be interesting to see what happens..
  • Most users here have never seen anything that uses serial data at mechanical speeds. I have forgotten, is that one of the original machines using 5 bits and 1 1/2 stop bits, or is it one of the newer 7/8 bit machines? Last time I saw a functioning Teletype was about 15 years ago. I do remember they did not impliment any copy protection. ;-) Just oad the punched tape and you could get a printout, with a carbon copy and punch a new tape on the punch that was a bit for bit duplicate of the original. Maybe we will have to go back to these and demand our sereaming data at 65 bps.

  • Of course you can save it. It is buffered to your harddrive, in a temp directory under some bizarro name. All you have to do is NOT close your player after viewing it and do a search of your temp files looking for a big file in the many megabytes range. Chances are that is the video. Copy it to another name somewhere and you have it.

  • That address saves a whole 1KB file to your computer. It still streams it from the Net. Please slap the mod.
  • They seem open to putting other video formats up. From the site in the article: "There have been a several reqests that we support other players, formats, and operating systems. It would be helpful to know what video support EE380 folks would like to see. CLICK HERE [mailto] to send your video player wishlist. Be sure to tell us what OS you would be using."

    So just send off an e-mail and they should put other formats. This worked when I sent in a request for a non-streaming copy of the Future of IP debate with Jack Valenti a while back at another Law School. They not only sent me one, but also put it on the web site.
  • Or alternately, get an old version (before the Real lawsuit) of Streambox Ripper. It is perfectly capable of opening Realaudio files and saving them to WAV.
  • hmm, I have Streambox VCR 1.0 beta 2 . . . where can I get my hands on beta 3???
  • As I'm quite a few hours away. Thanks for the summary - the video is useless on my AIX box here t work and I can't be bothered to attempt to convert Media Player stuff in Linux on my laptop or on my workstation at home. -- JB

  • ASF (Score:1)

    by Husaria ( 262766 )
    Well,
    its a shame really..
    They're coming up with things you can't even save on your disk, but can see on your computer.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close