1

Windows Media Rights Manager

and FairPlay

Seminar Digital Rights Management

Clara Fernández de Castro

2

Introduction

• Piracy of copyrighted entertainment is not new -> cassette tapes.

• Digital multimedia files can be easily copied and distributed without loosing quality.

• The efficient implementation of a DRM system grants a maximum and wide distribution of audio and video to consumers.

3

Windows Media Rights Manager

• Windows Media Rights Manager Flow– Encrypting Content – Sharing Business Rules– Challenge and Response– License Delivery

• Attacks against WMRM

4

5

• Enables content owners to protect digital media (Encrypt content).

• User must have the corresponding license to play the content (Request License).

• License is issued by a third-party license provider (Create license).

• License "unlocks" the content and determines how the content can be used (Unlock content).

Key points of the process

6

Encrypting Content

• Hardware requirements: Windows 2000 server and WMRM SDK.

• Account set up with the license provider.• Content Packager uses web-based interface to

handle the encrypting process

7

Packaged Windows Media File

The seed along with the key ID are used to generate the key:

Seed + Key ID = Key

8

Steps to complete the package

• Generate or specify a key using the key ID and the license key seed.

• Generate and sign the content header using private signing key.

• Encrypt the file using this information.

9

• Key benefit from WMRM: flexibility in supporting different business models, such us:– Purchase– Pay-per-view– Free trial version– Limited play

• Content owner and license issuer share some “secrets”• Secrets:

– Seed– Public key– Business rules

Sharing Business Rules

10

The content owner defines two different schemes:• Audio File -> available on a subscription basis• Video File -> “try before you buy” promotional

version

License issuer must update database.

Example: sharing secrets

11

Redirecting user to a purchase site

12

License issuer database

• Content owner is able to define multiple business rules for the same piece of content.

• License issuer uses the key ID and an attribute containing the corresponding business model to maintain his database.

13

Challenge and Response

• Process starts when a consumer attempts to play a protected piece of content.

• For playing the content, he or she must acquire a valid license.

14

Example

- Encrypted key used to encrypt the content.- Specific rights.- Information about Bob’s computer.- The certificate of the license issuer.

15

License Delivery

• Four examples of how consumers acquire licenses:

1) non-silently

2) silently

3) non-pre-delivered

4) pre-delivered

16

Non-silent License

The consumer is prompted to perform some tasks before receiving a license

Bob visits an online Music Store that he is subscribed to. The site contains the newest song he has been looking

for. The site offers a free promotion of this song in exchange of some information about Bob, such us his

email address, name, age and nationality. If Bob agrees to share that demographic information about him, he would

be able to receive and play the song.

17

Silent License

There is not user interaction required.

Bob once again visits the Music Store, but this time he clicks a song which is included in his subscription service. The song is downloaded in his computer and the license is

acquired without extra task to play the song.

18

Non-pre-delivered license

The license is acquired separately and after the content is acquired.

Bob sends his friend Alice the first song he downloaded. Alice receives the file by email, but the license that will

allow her to play the song it is not included in the content. When Alice clicks on the song to play it, she is asked to

enter some demographic information about herself before she is able to play the song.

19

Pre-delivered license

The license is delivered before or at the same time as the content.

Bob wants to rent a movie on the Web. In this case, Bob must purchase the movie before a valid license is

delivered in order to play the content. After entering his credit card number and more information to pay the license, he is able to play the movie. This procedure

allows content owners to promote and monitorize their content.

20

Attacks against WMRM

1) Remove DRM from .wmv files.

- Freeme.exe

2) Ads and adware

Not properly cracked, but attacked intwo different ways:

21

Freeme.exe

• October 2001, Microsoft confirmed the software “freeme.exe” could strip off the protections that prevent a song from being copied an unlimited amount of times.

• The software from "Beale Screamer" essentially used information found in this license to fool the DRM software, stripping off the protective technology

entirely.

22

Freeme.exe

• Microsoft quickly reacted delivering new versions of the Windows Media Rights Manager and giving instructions to both content owners and license issuers to increase the security of the whole process.

23

Ads and adware

24

What it is FairPlay?RestrictionsBrief Technical DescriptionIs FairPlay “fair”? ITunes bussines modelHarmony technology (RealNetworks) Reverse-Engineering against Apple

Jon Johansen, PyMusique

FairPlay

25

FairPlay

Key terms:• iTunes Music Store: online music service.• iTunes: digital media player.• iPod: portable media player.• FairPlay: Apple’s DRM technique

26

Restrictions

A protected track:• may be copied to any number of iPod players.• may be played on up to five authorized computers simultaneously.• may be copied to a standard CD audio track any number of times.

A particular playlist within iTunes containing a protected track can be copied to a CD only up to seven times.

27

Brief Technical Description

• FairPlay’s protected files are regular mp4 container files with an encrypted AAC (Advanced Audio Coding) audio stream.

• User key and Master key

28

Purchase Process

29

Authorize / Deauthorize

30

iPod

31

Is FairPlay “fair”?

• No portable player aside from the iPod supports FairPlay.• iPod only supports the AAC and MP3 standard, no WMV.• Expecting profits in iPod sales, allows Apple to drop prices

in the iTunes Music Store.• Key strategy from Apple’s business model:

Using software to drive hardware sales.

32

Harmony

• Introduced by RealNetworks in July 2004.

• Harmony allows RealPlayer Music Store to play their songs on the iPod.

• RealNetworks uses a different protection scheme incompatible with FairPlay.

• How? Harmony transparently converts a RealNetworks protected file to a FairPlay-compatible protected file.

33

Harmony• RealNetworks argued they freed consumers “from the limitation of

being locked into a specific portable device when they buy digital music”.

• A cat and mouse game started between Apple and Harmony.

• RealNetworks was criticized for:– Keeping its own intellectual property and products closed, while asking

Apple to open up the iPod.– Attempting to force Apple into a partnership that would only benefit

RealNetworks.

• Finally, afraid of a lawsuit from Apple, RealNetworks gave up trying to break Apple’s technology.

34

Reverse-Engineering

• Many efforts have been made to circumvent the encryption of FairPlay-protected files.

• Most of attacks consisted on removing the encryption from FairPlay-protected files.

• So far, all applications have two things in common:– They use the user keys from the key repository, which ensures they

can decrypt only files that are legally bought.– They keep the metadata inside the MP4 container intact, so is

possible to identify the user who originally bought the file after it is decrypted.

35

Reverse-Engineering

• Jon Johansen

– The DRM anti-hero or the anti-DRM hero.

– In March 2005, he released via his own website PyMusique, for the purpose of allowing downloads from the iTunes Music Store.

36

PyMusique

• Works as a front-end to iTunes Music Store, emulating iTunes' connection to the online music store.

• Allows the download of purchased files from the iTunes Music Store without DRM encryption.

• This was possible because iTunes software adds the DRM to the music file after the music file is downloaded.

37

PyMusique

38

PyMusique

• Legal aspects:

– Accessing iTunes Music Store through a third-party application is a violation of the Terms of Service.

– Users who purchase music through PyMusique are doing so in a manner not consistent.

• On March 22, Apple released a patch for the iTunes Music Store blocking the use of the PyMusique program.

• In September 2005, Jon Johansen released SharpMusique, which took over where PyMusique left off.

39

Conclusions

• It could be argued that Microsoft's WMA now looks stronger than iTunes.

• WMA will also be cracked.

• People against DRM will support reverse-engineering.

40

Questions?

41

Thanks for your attention!