Anyone know about supposedly free software DRM?

Fri Nov 16 14:46:21 UTC 2007

On 15/11/2007, Rui Miguel Silva Seabra <rms at 1407.org> wrote:
> Does anyone know how to make a Free Software DRM that can fullfill the
> DRM function?

Does anyone know how to make a Software DRM that can fulfill the DRM function?

> Step 1. Decompile/Reverse engineer binary
> Step 2. Write new code or alter the binary (NOP out the calls to checking functions,
>   falsify the results of function calls etc.)
> Step 3. Enjoy Civil Liberties.

Other approaches include extracting the decrypted content from memory.
Extracting keys from disk or memory and using reverse engineered algorithms.
Using reverse engineered algorithms and find a weakness in the
cryptographic algorithm (more likely as it won't have been properly
peer reviewed).

And my personal favorite (may only work in the U.K. if it works at
all): Appeal to the secretary of state to issue an order to the
distributer to give you means to execute your rights under the law.
(Not sure if this has ever been attempted).

Just because you compile something doesn't mean it is secret.

Know the attacker.
According to the MPAA (i can't find stats for TV piracy specifically)
> The major U.S motion picture studios lost $6.1 billion in 2005 to piracy
> worldwide.
> http://www.mpaa.org/2006_05_03leksumm.pdf

Against an attacker with $6.1 billion whether it is free software or
not has no impact what so ever.
They can afford to reverse engineer the code. Or they would have more
than enough money to bribe or, blackmail an employee at the DRM
company to obtain the source code and documentation.

Making the software free software provides certain additional
security, Algorithms are analysised by many security experts. This
reduces the risk that someone can access the content without ever
possessing the key. Employees are also significantly safer as the risk
or them being tortured or blackmailed is greatly reduced.

> I'd say any Free Software DRM is snake oil, but I can be proven wrong.

I would say any software DRM is snake oil, I doubt I will be proved wrong.

If you want more examples of why DRM doesn't work why don't you use Google?

DVD-CSS broken.
HD-DVD/Blu-Ray broken and keys exposed.
HDCP, unless it was changed this was badly broken. In a paper
presented at a DRM conference it was shown that with a set of 40
public/private key pairs (spanning a certain set the signing
authorities secret could be recovered and an attacker could generate
as many key pairs as needed.
Windows Media DRM has been broken as well.

It really annoys me when people claim that "Free Software" DRM and
thus can't be used. Non-Free Software DRM is also insecure. If you
want a secure Software DRM solution then you don't understand what
software is. It can't happen.

If you don't mind insecure DRM then Free Software DRM can fulfill that.

Compilation is NOT a secure transformation. Maybe you should read
GCC's source code if you think that compilation secures your
algorithms in any way. It doesn't. It's also not possible for other
compilers to encrypt algoirithms, the CPU needs to be able to execute
the instructions.

Of course if you add hardware assistance to the DRM system then it may
be stronger but there is no guarantee. It is also widely considered
immoral and in many countries illegal to secure the last part of the
video transmission. (from the screen to the human).

Also to whoever said that it's not Free Software because US Law won't
let you tamper with it, does that not mean that GPG is not free
software because there are restrictions in some countries relating to
the possession, use and distribution of cryptography?

Andy

-- 
Computers are like air conditioners.  Both stop working, if you open windows.
                -- Adam Heath