Instead of our usual run of interviews with industry luminaries and the like, today we're aiming the camera a different direction. We had a few things to ask the person whom we've identified as Viodentia, the creator of FairUse4WM -- the thorn in Microsoft's (and Yahoo's, and Napster's, and Real's, etc.) digital media business for a month now. Seems at once likely and not that the big DRM scheme developed by the largest software company was broken and broken again by a single person, but here we are -- and here's what Viodentia had to say about the digital music business, where Microsoft went wrong with PlaysForSure, and what s/he thinks about this latest memo and patch.
Thanks for granting this interview. So FairUse4WM caused quite a stir. How long did it take you to crack Microsoft's PlaysForSure DRM? Was anyone else involved?
Finding a way to extract key information took about a couple of weeks of spare time. Going from a prototype to a more general tool took a couple of months. I am the only developer, although my friends served as early beta testers and sounding boards, and with the initial release I've gotten to know some very helpful people.
So apart from any ideological or political distaste you may have for DRM, do you have any personal reasons for wanting to crack Windows Media DRM? Like, are you a Rhapsody or Napster subscriber?
No, due to geographic location, I'm unable to subscribe to those services. Only my selfish rationale is the challenge in pitting my skills against the industry leader.
Without revealing the secret sauce, what were the fundamental flaws with PlaysForSure that allowed you to break it? Did Microsoft know about these flaws?
Once code is released, there's really nothing secret anymore -- Microsoft didn't follow standard security practices, and left sensitive data unencrypted on the stack while calling routines out of kernel32.dll. Even when they fix this by changing malloc() to alloca(), it'll still be a big task to audit other sensitive routines for DLL calls. On a theoretical level, they have to send the decryption keys outside of their control, and their only defense is through obfuscation.