On 15/11/2007, Rui Miguel Silva Seabra rms@1407.org wrote:
Does anyone know how to make a Free Software DRM that can fullfill the DRM function?
Does anyone know how to make a Software DRM that can fulfill the DRM function?
Step 1. Decompile/Reverse engineer binary Step 2. Write new code or alter the binary (NOP out the calls to checking functions, falsify the results of function calls etc.) Step 3. Enjoy Civil Liberties.
Other approaches include extracting the decrypted content from memory. Extracting keys from disk or memory and using reverse engineered algorithms. Using reverse engineered algorithms and find a weakness in the cryptographic algorithm (more likely as it won't have been properly peer reviewed).
And my personal favorite (may only work in the U.K. if it works at all): Appeal to the secretary of state to issue an order to the distributer to give you means to execute your rights under the law. (Not sure if this has ever been attempted).
Just because you compile something doesn't mean it is secret.
Know the attacker. According to the MPAA (i can't find stats for TV piracy specifically)
The major U.S motion picture studios lost $6.1 billion in 2005 to piracy worldwide. http://www.mpaa.org/2006_05_03leksumm.pdf
Against an attacker with $6.1 billion whether it is free software or not has no impact what so ever. They can afford to reverse engineer the code. Or they would have more than enough money to bribe or, blackmail an employee at the DRM company to obtain the source code and documentation.
Making the software free software provides certain additional security, Algorithms are analysised by many security experts. This reduces the risk that someone can access the content without ever possessing the key. Employees are also significantly safer as the risk or them being tortured or blackmailed is greatly reduced.
I'd say any Free Software DRM is snake oil, but I can be proven wrong.
I would say any software DRM is snake oil, I doubt I will be proved wrong.
If you want more examples of why DRM doesn't work why don't you use Google?
DVD-CSS broken. HD-DVD/Blu-Ray broken and keys exposed. HDCP, unless it was changed this was badly broken. In a paper presented at a DRM conference it was shown that with a set of 40 public/private key pairs (spanning a certain set the signing authorities secret could be recovered and an attacker could generate as many key pairs as needed. Windows Media DRM has been broken as well.
It really annoys me when people claim that "Free Software" DRM and thus can't be used. Non-Free Software DRM is also insecure. If you want a secure Software DRM solution then you don't understand what software is. It can't happen.
If you don't mind insecure DRM then Free Software DRM can fulfill that.
Compilation is NOT a secure transformation. Maybe you should read GCC's source code if you think that compilation secures your algorithms in any way. It doesn't. It's also not possible for other compilers to encrypt algoirithms, the CPU needs to be able to execute the instructions.
Of course if you add hardware assistance to the DRM system then it may be stronger but there is no guarantee. It is also widely considered immoral and in many countries illegal to secure the last part of the video transmission. (from the screen to the human).
Also to whoever said that it's not Free Software because US Law won't let you tamper with it, does that not mean that GPG is not free software because there are restrictions in some countries relating to the possession, use and distribution of cryptography?
Andy