Thanks for granting this interview. So FairUse4WM caused quite a stir. How long did it take you to crack Microsoft's PlaysForSure DRM? Was anyone else involved?
Finding a way to extract key information took about a couple of weeks of spare time. Going from a prototype to a more general tool took a couple of months. I am the only developer, although my friends served as early beta testers and sounding boards, and with the initial release I've gotten to know some very helpful people.
So apart from any ideological or political distaste you may have for DRM, do you have any personal reasons for wanting to crack Windows Media DRM? Like, are you a Rhapsody or Napster subscriber?
No, due to geographic location, I'm unable to subscribe to those services. Only my selfish rationale is the challenge in pitting my skills against the industry leader.
Without revealing the secret sauce, what were the fundamental flaws with PlaysForSure that allowed you to break it? Did Microsoft know about these flaws?
Once code is released, there's really nothing secret anymore -- Microsoft didn't follow standard security practices, and left sensitive data unencrypted on the stack while calling routines out of kernel32.dll. Even when they fix this by changing malloc() to alloca(), it'll still be a big task to audit other sensitive routines for DLL calls. On a theoretical level, they have to send the decryption keys outside of their control, and their only defense is through obfuscation.
Microsoft apparently has teams working around the clock to fix the vulnerability -- and on the legal front they've started getting their lawyers involved, sending C&Ds to places hosting the software. What do you think of their responses to FairUse4WM?
I think they're fulfilling their contractual obligations, and I'm looking forward to their improved obfuscation technology. I certainly disapprove of Microsoft claiming copyright to my program, but realistically I can't do much about that. Nor can I advocate that folks mirror my program against their local laws.
Presently Microsoft has yet to been able to fix this vulnerability -- is it possible for them to repair PlaysForSure without totally starting over?
As soon as I release something, Microsoft can certainly patch around it. I can do the same. I don't believe that either of us has a nuclear option.
What do you think of Microsoft's latest memo, which claims to patch version 1.2?
I'll reserve full commentary until I've had a chance to examine the new IBX in more detail. I'll release a new version sometime this week.
How do you think FairUse4WM affects the industry? Do you worry that cracking PlaysForSure is going to lead to the end of subscription-based services?
I think FairUse4WM is a good thing for the industry -- it demonstrates that the entire world doesn't turn upside down when there's no effective protection on content. I doubt subscription based services are impacted -- programs exploiting the analog hole were already widely spamvertised. The value of a subscription is the continuing access to new titles, which isn't dependent on the protection. I wonder if any subscription company will publicly admit that FairUse4WM was good for them.
Microsoft supposedly has a new DRM scheme they've cooked up for their forthcoming Zune media player. What do you think about their jettisoning PFS for their own device, and this new DRM system of theirs?
I don't have any insight into the politics at Microsoft. If I come across a Zune, I might have more comments on their DRM system at that point. :)
I know a lot of people at Microsoft and its PlaysForSure partners read us -- what do you have to say to them?
I think the biggest mistake with the PlaysForSure / WM design is that it's targeted too broadly. By incorporating forced product obsolesence and platform restrictions, it misses the mark in managing content rights. My suggestion to future designers is simple: don't bother with weak client-side decryption. Instead, provide a public specification for licenses using digital signatures, manage the PKI through a not-for-profit organization, and apply social and legal pressure to programs that don't comform. Accept that folks can trivially patch around the system, but if the restrictions aren't onerous most people won't go through the hassle. If WM files were already interoperable and the license terms were clearly communicated, there wouldn't be anything left for a program like FairUse4WM to accomplish.