Microsoft already on their way to patching FairUse4WM
---copied from source---
From: Windows Media License Agreements [email removed]
Sent: Monday, August 28, 2006 8:52 PM
To: Windows Media License Agreements
Subject: Update to the Windows Media Format SDK version 9.5 [identifier removed]
Dear Windows Media Licensee,
On August 25th, 2006, Engadget.com reported on a software tool that would allow consumers to decrypt WMDRM protected content. In response, on August 28, 2006, Microsoft released an update to the individualized blackbox component (IBX) designed to ensure that client applications using the Windows Media Format SDK version 9.5 who individualize to this latest version are robust against a new circumvention tool.
This update is not yet available for the Windows Media Format 9 Series FSDK or for users of Windows XP Media Center Edition 2005 Update Rollup 2.
Consumers are not at risk in any way. Content services can require that the updates be present in order to issue licenses by following the instructions below. Please note that the version number of IBX was not incremented as part of these updates to avoid delaying the release of these critical breach mitigations. Consequently, the only way to determine if the update is installed is to query the build number of the IBX. This requires code executing on the client.
To determine the build number of the IBX:
1. Ensure the PC is running the August 2005 update to Windows Media DRM. See the attached white paper for details.
2. Determine the path of the WMDRM folder. The path is stored in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\DRM\DataPath
3. Identify the file name of the latest IBX. If the machine has been individualized only once, the IBX file name will be indivbox.key. Otherwise, the IBX file name is in the form indivbox_xxx.key, where xxx are digits 0-9. The file name with the greatest value of xxx will be the latest IBX.
4. Call GetFileVersionInfo() to retrieve the build version of the file identified in step 3. See [link].
5. If the IBX file version is 11.0.5497.6285 or greater, then the updated IBX is installed
Please submit questions to [email removed]
Best regards,
Windows Media Licensing Department
Microsoft Windows Digital Media Division
--------------------------------
Reader Comments (Page 1 of 1)
Matt @ Aug 29th 2006 12:16AM
To head-off the obvious arguments:
Yes, it's Microsoft's licenses and the content companies' music. They can do what they want with it, and we are all legally required to comply. If we don't like it, we don't have to buy the music.
Now to better stuff:
I have a Mac and an iPod (and of course, some PCs). I was going to subscribe to Napster now that I could use PlaysForSure music on my iPod. Now that it won't, they won't be getting my money.
In other words, I don't like it, and I won't be buying the music. They protect their miniscule marketshare and money-losing enterprises, and I continue to rip music from CDs.
steve @ Aug 29th 2006 12:41AM
ok, here's the deal. as long as you don't update any of your software (either media player or your copy of napster or whatever your useing), you won't have any issues. all they're doing is a simple regestry hack which will proberly be broken as soon as the update is released.
Scabies @ Aug 29th 2006 12:46AM
Screw y'all microsoft.
I have to wonder if they reverse engineered the software in FairUse4WM, in which case they are acting illegally. We'll never prove that, though.
Thats hypothetically, of course. I'm no programmer, but I assume you can see what a file looks like before and after FairUse4WMing it, and see what changes (and how to prevent future files from being changed, or being affected by said changes)
Lets hope more and more consumers put up a stink about being locked into unfair/unacceptable EULAs
sputnik @ Aug 29th 2006 12:57AM
This sucks...I was enjoying listening to subscription songs burned to CD's in my car since I don't have an MP3 player jack on my CD player.
Dave @ Aug 29th 2006 1:12AM
Yeah, just a few minutes ago Yahoo asked me to renew liscenses on DRM-ed music I had downloaded. I figured it had to do with FairUse4WM.
Rohan @ Aug 29th 2006 1:32AM
Just a thought - do you suppose we could open our existing (vulnerable) "indivbox_xxx.key" files in a hex editor, and change the version number to the newer (patched and not vulnerable) version number?
Presumably this would thwart whatever measures they take to force consumers upgrade/patch.
John Bell @ Aug 29th 2006 1:40AM
I LOVE that MS named Engadget as their means of learning about the new tool. Awesome. Looks like someone there is reading...
z @ Aug 29th 2006 1:43AM
Seems like Bill isn't the boss anymore...
Pc_Madness @ Aug 29th 2006 1:43AM
I doubt its as simple as a version change Rohan. More than likely you'll find the song you downloaded can't be decrypted.
Rohan @ Aug 29th 2006 1:47AM
Interesting -
I opened my "IndivBox.key" file (for me, it was located in Docs & Settings / All Users / DRM) in ResHacker. Sure enough, there is an entry:
VALUE "FileVersion", "10.00.00.3930"
Which I changed to:
VALUE "FileVersion", "11.0.5497.6285"
Perhaps this little trick will be enough to fool Napster, Yahoo, etc into thinking my system has the new "updated" Windows Media DRM. For the record, the change preserved my ability to play DRMed music, so it at least doesn't appear to be a destructive hack.
Thoughts - will this work?
Eric @ Aug 29th 2006 2:06AM
Steve, No this is not a registry change. Windows DRM uploads onto your machine, the necessary code to decrypt downloaded WMDRM content. the "IBX" in this case is probably a renamed DLL with authenticode watermarkings.
Every "IBX" is unique to each computer. When Yahoo issues you a license to play downloaded content they generate this file special for you.
To all those who are trying to hex edit their IBX files: It won't work, because Yahoo or Napster will encrypt any new content on their end using the new version of the IBX. I bet you'll have to delete your hacked version to get any new downloads to work. Even worse, I bet if you change the file your previously downloaded DRMed files will not be playable.
ethana2 @ Aug 29th 2006 2:22AM
I hold that my rights cannot be signed away. Through no liscence or agreement will my freedoms to what I deem fair use be inhibited. And M$? You are angering us.
Raise your hands, people if you've EVER said, nope, sorry, EULA, I disagree. Do not install. Yeah right. It's generally more like, Hmmm.... By installing this software, you legally give us your soul and rights to any form of free speech regarding all issues pertaining to... yeah... whatever.. just install already. We all basically disagree. Or, if you want to get technical, freeze app, mirror memory, I disagree. I agree. Adress found. *hack*
I disagree. ....Installing program files....
Or edit the test or something. Don't count on our honor if we can't count on yours. Our compliance will correspond to our perception of liscence quality. Can't go wrong with GNU. Eman out.
SectionZ @ Aug 29th 2006 2:34AM
next time let a good secret stay secret.
Matt @ Aug 29th 2006 2:40AM
For those of you who are desperate or just spiteful I dout there is any simple way of stoping you from recording your soundcards output. Play the file with the speaker out plugged into the sound in. Record. As far as DRM goes there will always be a way to decrypt it. It just must be found. The encrytion key must be some value know to your computer so it can play the file. So you already have your decrypion key(s). All MS has done is scrable things a little. The key(s) must be avalable (still and always in DRM of any kind) in some some form. The method used to decrypt the files just needs to be found.
Rohan @ Aug 29th 2006 2:40AM
Interestingly enough, I think it was a Buzz Out Loud episode where I heard this - Fair Use is a concept found in case law, where as the DMCA is statue law. Thus DMCA (supposedly) trumps Fair Use.
Is Fair Use really a "right"? I mean it should be, but that often doesn't matter.
Adrian @ Aug 29th 2006 3:34AM
The user doesn't even own 'their' music on their own PC, Microsoft does legally. I guess this this allows them to make changes when and how they like to 'our' music. If you don't like it rip from CD's or buy a different file format from someone else. I guess this is why Mp3 is the king.
RacetrackOwner @ Aug 29th 2006 5:50AM
The lame irony here is all the people blaming Microsoft. Last time I checked, Microsoft didn't sign recording artists, or publish music. To a degree it's valid to point fingers at anybody providing DRM software, but realistically if it wasn't Microsoft it would be somebody else, and utimately if no third-party did it, the publishers themselves make enough dough to muddle their way through it without outside help.
If you're going to pound on the wall and wail, you might as well make sure you're pounding the right wall.
http://www.boycott-riaa.com/links/congress
Jeff @ Aug 29th 2006 7:11AM
Well, I've still got 4 days to cancel my Napster trial. I'd keep it if this tool continued working, but I have no interest in paying for crippled music.
That said, I'm still able to convert files I download through Napster. How are they planning to "push" this update? If it's through Windows Update, I've got that set to notify rather than download, so I can just ignore that update. I suppose they could eventually require the update to use the software, but that's the point at which I cancel Napster.
Or is there a way that they can push it down through Napster itself? The email above doesn't seem to imply that from what I'm reading; it seems to imply that it's a Windows Update. (Or maybe a WMP update?)
Norock @ Aug 29th 2006 10:03AM
Jeff: I could see it being a simultaneous WMP/Napster/URGE/Whatever update. Napster would change some technicalities of the music you download, and WMP would change some technicalities of what songs it would play. If that's the case, then WMP will stop playing protected songs the instant they come out. I'd also imagine that Napster (if they have a record of all the music you've gotten from them; I've never used the dumb thing) would go back and re-screw-up all your old songs, making them incompatible with the first fateful connection to their services.
Of course, you can simply cut off use of Napster and never get any more music from them, and your music will remain in the uh... "Slightly less debilitated" form that it is in now.
What I want to say:
I didn't know this many people used Napster! I don't know a single person that uses that service, so it's weird to suddenly hear the cries of a dozen or so that are all whining about their Napster functionality getting cut off. I don't get why you're complaining though... You went into this odd agreement and you must have realized how skewed and oppressive it works, what with the lack of ownership and invisible tags all over all your files. It's only to be expected that eventually they would implement something that was so safe it ceased to be functional.
Craig @ Aug 29th 2006 11:13AM
I only signed up for Napster for the free trial, which I shall probably be cancelling when it's over if this patch is gonna happen (I have an ipod).
I always think that maybe if everyone got together and boycotted all drmified download services, maybe for a week or something, then we might get somewhere. The record companies are more likely to listen if there income is falling. The problem is it would probably be pretty difficult to get everyone to do it at the same time.
The more I think about it, the more I wonder if it could be done..
Jeff @ Aug 29th 2006 12:17PM
"I didn't know this many people used Napster! I don't know a single person that uses that service, so it's weird to suddenly hear the cries of a dozen or so that are all whining about their Napster functionality getting cut off. I don't get why you're complaining though... You went into this odd agreement and you must have realized how skewed and oppressive it works, what with the lack of ownership and invisible tags all over all your files."
I think the point is most of us here talking about Napster signed up specifically *because* of this DRM tool. I'm not "complaining" that it no longer works (anyway, it actually still does), I was just asking how they were planning to implement the "fix", because from the email it doesn't seem like anything I couldn't avoid. It seems like it's a file that needs to be put on your computer by MS. But maybe it's not.
Anyway, I think what we're saying is that FairUse4WM made services like Napster useful. I have an iPod, so now I can play my Napster songs on it. When this tool is rendered useless, though, then so is Napster. So I'm not complaining about it because it just puts things the way they were 2 days ago... but it does mean that I no longer have any reason to subscribe to Napster.
Oh well. They could have had my money if they wanted it.
Jeff @ Aug 29th 2006 12:33PM
btw, I missed this earlier:
"Fair Use is a concept found in case law, where as the DMCA is statue law. Thus DMCA (supposedly) trumps Fair Use."
Both of these statements are incorrect. (Though I'm gonna avoid making the Cosmo Kramer "statue" joke.)
Fair use is codified in section 107 of US Copyright Law. It is statute law, not just case law. You can look this up.
The DMCA also specifically excepts fair use from its section on DRM. It's a big stinkin' myth that it does away with fair use - fair use is actually written into the law just as it is standard copyright law. People get up to the part about DRM and freak out and don't read any further. Just beyond that is where it says "c) OTHER RIGHTS, ETC., NOT AFFECTED- (1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title."
That's a confusing statement, but what it basically means is nothing in the preceding section is intended to usurp existing copyright law, including the doctrine of fair use.
The DMCA does limit a lot of things, but the actual concept of fair use is alive and well in the DMCA and in codified copyright law. Of course, the RIAA would like to convince you and the courts otherwise.
Rohan @ Aug 29th 2006 2:52PM
I also only signed up for Napster's free trial because of this software. It they patch it such that their DRM works again, I'll cancel my Napster. It's a useless service unless it gives you unprotected music.
For that matter, even WITH this crack, Napster is still pretty useless, given that everything is in "WMA" format... that's just a notch up from RealAudio in my mind- USELESS :)
TR @ Aug 29th 2006 7:50PM
"Fair use is codified in section 107 of US Copyright Law. It is statute law, not just case law. You can look this up."
Ah, but here's the problem. Are we dealing with copyright law or contract law? Copyright would allow us the right of resale provided we didn't alter the product. Can't do that with software
17 USC 117 would normally permit the owner of a copy of software (us) to make as many copies as necessary for the PERSONAL use or backup of software. However, we don't "own" any of the software we buy. The EULA most companies slog at us post-sale only grants license to limited possession and usage of the software. In other words, it's a contract like one you'd sign when renting an apartment. Instead renewing the lease each year, we pay for new upgrade or version AND incur the expense of meeting new system requirements.
One more twist: A basic tenet of contract law is there must be "meeting of the minds," i.e. both sides must agree to terms, or the contract is as meaningful as a warm cup of spit. To BUY software and THEN be forced to click "I Agree" that you're only using not owning it throws the validity of the EULA contract out the window with Fair Use.
Oh yeah, and if it hoses your system, because they own it doesn't mean they're responsible. What other industry gets away with that?
yo @ Aug 30th 2006 12:03AM
that's why I steal my music. it's just easier
daz @ Aug 30th 2006 6:35PM
"Play the file with the speaker out plugged into the sound in. Record. " was the earlier suggestion.
Not even required, play the DRM protected file in WMP, record it using Nero wave editor or similar. No need to jig cables, just set Nero to record from wave and save as high quality mp3 or .wav !!
mayang @ Sep 2nd 2006 1:11PM
FairUse4WM v1.2 vailable now at doom9.org
change log:
1. Will works with new IBX version being pushed by Microsoft on new individualizations.
2. DRMv1 support for files you ripped yourself with protection enabled
3. Now should work with WM9 (individualized)
includes a Workaround for WMP11beta2 (11.0.5705.5043)
4. Subdirectory support - takes a directory as the command-line parameter
MalignantKid @ Sep 2nd 2006 5:28PM
Nice going on the new version!, I'd like to add that if in the future they find a way to render FairUse4WM useless you could always use TuneBite. This program takes advantage of the "analog hole" and lets you rip your wma's at up to 4x by playing them in WMP at a accelerated speed. It records this stream then slows it down and you have a nice DRM free ogg,.mp3 etc. The neat thing is that you can select whole folders to convert.
Midnight @ Sep 28th 2006 10:45PM
Hey everyone...I use a simple altho not free solution, but it works great...program called replay music...records off your sound card...even tags them for you...
andyman @ Dec 25th 2006 3:15AM
Haaa...yes this must be from the same company that brought us the wonderful Replay AV. I use it for ripping myspace music, which enables me to get tracks that are due to release in Feb 2007 :D
Hezakiah @ Jan 2nd 2008 3:40PM
Get one of the slews of programs out there that re-records locked tunes into MP3's and kwitcherbeliakin.Most,if not free are a dirt cheap investment compared to buying track after track.