Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Adobe's ADEPT DRM Broken

Comments Filter:
  • and... (Score:5, Insightful)

    by greengrass (945616) on Monday March 09, 2009 @08:42AM (#27119917) Homepage Journal
    DRM is like trying to make water not wet.
    • Re:and... (Score:5, Insightful)

      by flyingfsck (986395) on Monday March 09, 2009 @08:59AM (#27120055)
      It is easy to make water 'not wet'. There is lots of it out here today. Minus 21 Celsius, almost tropical.
      • Re:and... (Score:4, Insightful)

        by dhaines (323241) on Monday March 09, 2009 @11:34AM (#27121841)
        It is easy to make water not wet. Not so easy to keep it not wet for the long term though -- at least not without constant maintenance or putting it in a place where people don't generally like to live.

        DRM: the arctic for content. (Additional costs may apply. Subject to climatic variation.)
    • Re:and... (Score:5, Funny)

      by fuzzyfuzzyfungus (1223518) on Monday March 09, 2009 @09:01AM (#27120079) Journal
      Which is why "chilling effects" are a favorite technique...
      • Which is why "chilling effects" are a favorite technique...

        That's fucking brilliant. Anyone who thinks word play is not one of the higher forms of a self-referential intelligence, compare this to anything you've ever said, and then kill yourselves.

    • Re:and... (Score:5, Insightful)

      by Anonymous Coward on Monday March 09, 2009 @09:33AM (#27120353)

      That's not quite right.

      To use Bruce Schneier's analogy, it's more like trying to make a safe secure.

      There's not such thing as a secure safe. Ultimately, it is not the locks and thick walls of a safe that protects the safe's contents. It is what economists would call "opportunity costs". Why am I wasting my time praying I can cut through this damn thing with a thermal lance before people return for work on Monday morning when I could make easier money doing something else, like panhandling or flipping burgers?

      Safes only need to be sufficiently secure that their contents aren't worth stealing; they needn't be any more secure than that. You don't buy a million dollar safe to keep your petty cash in, or for holding cheap costume jewelry. Likewise, DRM only needs to be sufficient secure that people don't bother getting around it. What the recording industry provides is not infinitely valuable, so DRM needn't be infinitely strong.

      The obsession of the recording industry with unbreakable DRM isn't rational. It probably reflects a guilty conscience.

      If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit? Anybody who is chary of losing access to their DRM purchases is reassured that they will always have access to it, but the vast majority won't ever bother. Of course that means the content would appear illegal sharing sites, but that was going to happen anyway.

      In a sense, that's where Apple is with Fairplay. It's been cracked for ages, but at $0.99/track, almost nobody bothers.

      • Re:and... (Score:5, Interesting)

        by PopeRatzo (965947) * on Monday March 09, 2009 @10:10AM (#27120749) Homepage Journal

        Right.

        The problem is that the Entertainment/Industrial Complex believes there's a lot more money in the safe than there really is.

        The "Sita Sings the Blues" case proves that. Somebody thought that the intellectual "property" of a handful of songs from the 1930's was worth hundreds of thousands of dollars. They were wrong.

        So they take their anger out on "I love cabbages" and The Pirate Bay. It's futile, but try telling that to someone who's enraged that the "Rolex" they bought was really a fugazi.

      • Re:and... (Score:4, Insightful)

        by Lonewolf666 (259450) on Monday March 09, 2009 @10:50AM (#27121217)

        To extend this analogy, a PC is like a safe to which you have to hide the key in the same room. Because in order to allow legitimate users access, the decryption mechanism including key must be in a piece of software on the PC.
        AFAIK all purely software based DRM schemes have been cracked within a few months so far (systems which hide the key in special hardware do better, see game consoles). And some people do it for the challenge, so the argument with opportunity costs does not work.

        If I were creating a DRM scheme, for my content, I'd release the scheme with an exploit. An exploit that anybody could use, but which was a certifiable pain in the ass. It's going to be broken sooner or later, so why not remove the incentive to make a convenient exploit?

        Now you have created an incentive to create a user-friendly wrapper for the pain in the ass exploit. Which probably requires less hacking skill.

      • Re:and... (Score:5, Interesting)

        by sjames (1099) on Monday March 09, 2009 @10:55AM (#27121269) Homepage

        Far worse for them, unlike the safe, anyone can take a 'crack' at it with no risk whatsoever. Nobody ever got carted off to jail because they were discovered cracking the DRM on Monday morning. You have as long as you care to spend to crack it.

        For some, the entertainment value of cracking the DRM (think of it as a puzzle) far exceeds the value (to them) of the content. Then, of course, there's the value of being recognized as an 'uber hacker' if you're the first to crack it. The harder the DRM is, the greater that value is.

        Because of that, weaker DRM might actually keep the content locked up longer (I believe that's what you're getting at by releasing DRM with an exploit). That certainly would reduce the entertainment value of finding a second way in.

      • I completely agree with what you said, except as much as I dislike the recording industry and their tactics? I think their quest to find "unbreakable DRM" has more rationality behind it than you give them credit for.

        The problem in their scenario is, they count on making their money via a high volume of music sales. (So to use one of your analogies, it's as though their business is costume jewelry sales. No individual piece would seem to be worth spending much money to protect, from a customer's perspecti

      • by Tuoqui (1091447)

        What the recording industry provides is not infinitely valuable, so DRM needn't be infinitely strong.

        No they just BELIEVE that what they provide is infinitely valuable. That is why they have an obsession with unbreakable DRM>

      • Re:and... (Score:5, Insightful)

        by adiposity (684943) on Monday March 09, 2009 @12:25PM (#27122701)

        Your attempts to make it a "certifiable pain in the ass" will be rendered as useless as the attempts to an DRM "uncrackable" will be. Instead of having to find a way to crack the DRM, they will start with one. Their only job will be to make it quick and easy. And if the "pain in the ass" method is too ugly to automate, they will properly crack your DRM and make it even easier. Since an exploit is already known, a "proper" crack might even be easier to create.

        And Fairplay has been cracked for ages, but Apple keeps changing it to make it a PITA to always have access to the latest crack. That's where the future of DRM lies: change the codes every week and have devices that can download the latest codes. Pretty soon it just sucks to be an uncertified client. Sure, you can always find a way around it if you really need to (say you need to move your entire iTunes library to another computer because your old computer is being upgraded), but for casual piracy, not worth it.

        -Dan

  • by muffen (321442) on Monday March 09, 2009 @08:48AM (#27119979)
    The tools are not on the site anymore...

    But now what you're really here for - the PDF decryption tool: REMOVED. (And if you don't already have it, the key-retrieval tool: REMOVED.)
    Edit: Links to tools removed due to DMCA complaint from Adobe.

    This is not the next Dmitri, if anything, it may turn in to the new DeCSS as Adobe is trying to stop the tool(s) from spreading, which tends to have the opposite effect.
    I really wonder if it hadn't been better for Adobe not to say anything, now they are giving it publicity it wouldn't have had otherwise.
    • Re: (Score:3, Informative)

      by Joce640k (829181)

      Um, that'd be what the "streisendeffect" tag is for...

      • Isn't the key retrieval still linked in the earlier post (pastebin?) and the key decryptor?

        If not, there are are now two random python files on my desktop waiting for analysis.
    • Re: (Score:2, Insightful)

      by mysidia (191772)

      Since when was the definition of copyright infringement extended, so any tool that got passed ineffective access controls, could automatically be configured infringement?

      The DMCA takedown rules should require a work to actually be infringing...

      Perhaps they should start sending takedown notices to people finding and posting security exploits, that allow hackers to remotely execute code in their software.

      Because you know, it's cheaper to silence people who have found flaws in your software than to prop

      • by MBGMorden (803437) on Monday March 09, 2009 @09:26AM (#27120285)

        Since when was the definition of copyright infringement extended, so any tool that got passed ineffective access controls, could automatically be configured infringement?

        The DMCA takedown rules should require a work to actually be infringing...

        Nope - DMCA defines extra crimes involving copyrighted works, but the crimes defined needn't be copyright infringement themselves. Namely, any program that facilitates the disabling of any copy protection device violates the DMCA. Doesn't matter how it does it or the technical details. I don't think there's any question that this program was breaking the letter (and hell, the spirit) of the law when it comes to the DMCA.

        The problem is that the DMCA itself is a bad and unfair law. Bad and unfair laws result in bad and unfair application. You can either live with it, ignore it, or try to change it. Geeks don't have the lobbying power to change it, nor the will power to just live with it, so far the most part we just ignore that law, only complying as a token gesture as needed. I mean really - this guy has now complied with Adobe's takedown notice, but the code was released into the wild. At this point the cat is out of the bag.

        Though really - why don't we start posting these things on foreign servers to begin with? Put it up on The Pirate Bay or something for goodness sakes. DMCA takedown notices mean little in areas where the DMCA doesn't apply.

        • by Sloppy (14984)

          Namely, any program that facilitates the disabling of any copy protection device violates the DMCA.

          Actually, there's a loophole that causes that to not always be quite true, although I don't know if it applies here or if it's been exploited yet.

          DMCA prohibits disabling copy protection without authorization. If a copyright holder says it's ok to bypass the access control, then it doesn't count as "circumvention."

          So far, all the high-profile DRM schemes have only been use by a small group of copyright ho

      • by russotto (537200)

        The DMCA takedown rules should require a work to actually be infringing...

        They do. Takedowns of encryption tools are a misuse of DMCA 512. But the rules encourage bogus takedowns, and it's not like someone who is flagrantly violating DMCA 1201 is going to write a DMCA 512 counternotice.

    • by Dolohov (114209) on Monday March 09, 2009 @09:09AM (#27120151)

      What do you expect them to do, wave a white flag and say "It's a fair cop, you got us"? They have a responsibility to their shareholders to do everything they can to protect a) their investment in creating the DRM in the first place, and b) the value of their licensed software and agreements with publishers.

      While I personally believe that Adobe would have been better-advised to have not bothered with this in the first place, DRM being particularly silly for text, they did. And because they did, saying nothing right now is not an option, or their shareholders could rightly accuse them of not being duly diligent. If the DeCSS/Streisand effect kicks in, well that's just part of the dance they started way back when.

      • They have a responsibility to their shareholders to do everything they can to protect a) their investment in creating the DRM in the first place, and b) the value of their licensed software and agreements with publishers.

        Well, they have a responsibility to their shareholders to deliver a good return on investment.

        You can try doing that in multiple ways. One of them is fighting a losing battle tooth and nail, another is coming up with a business model that works well in the environment it'll execute in.

        I'm not saying Adobe is at one extreme and should move to the other. But you have to wonder whether fighting the DRM war is ultimately good or bad for business. If it's bad, not fighting it is their shareholder responsibili

        • by Dolohov (114209)

          Like I said, I don't think they should have gone down this path in the first place. PDFs were not a prime candidate for working DRM in the first place. But if they simply abandon it, then they open themselves up to lawsuits from the publishers who had been using the DRM and would be left high and dry. The harder a fight Adobe puts up now, the less they stand to lose in court. And since I strongly suspect that the people handling the cease-and-desist stuff are staff lawyers who get paid either way, I dou

      • And because they did, saying nothing right now is not an option, or their shareholders could rightly accuse them of not being duly diligent.

        Correct, but that reasoning is the root cause of most of the problems that get discussed to death on Slashdot, isn't it? You can't turn on the television or open a newspaper to learn how intellectual property represents a large part of our economy, and how protecting that property is vital to economic growth. I'd go so far as to say it's become a mantra that's repeate

        • by Dolohov (114209)

          Frequently it does seem that companies and the government are following the old plan: "Something must be done. This random thing is something. Therefore it must be done!" When the idea of due diligence comes into play, frequently that "something" seems to be just enough to keep the legal wolves (who often do not actually understand the businesses involved) at bay.

          Some of the problem, it seems to me, stems from perception of international competition. How many times have we heard it said, "Sure, they can

  • by XenoPhage (242134) on Monday March 09, 2009 @09:05AM (#27120105) Homepage

    There is of course, Google Cache [74.125.47.132] ...

    Or, you can just get it from pastebin:

    http://pastebin.com/f1cb3663c [pastebin.com]

    and

    http://pastebin.com/f26972321 [pastebin.com]

  • That DRM was broken close to 10 years ago or so by this guy http://en.wikipedia.org/wiki/Elcomsoft [wikipedia.org]
    I dont think they changed the encryption, just the way they encrypted it. My guess is that
    the tools created by Dmitri and the rest still work today....I may be wrong.

  • Here is the link... (Score:3, Informative)

    by hesaigo999ca (786966) on Monday March 09, 2009 @09:21AM (#27120239) Homepage Journal

    >But now what youâ(TM)re really here for â" the PDF decryption tool: http://pastebin.com/f1cb3663c [pastebin.com]. (And >if you don't already have it, the key-retrieval tool: http://pastebin.com/f26972321. [pastebin.com])

    From the original article without having the links broken by law.
    I wonder is /. will have to do the same now?
    You can always call it back from google cache...as I did.
    http://74.125.47.132/search?q=cache:aoDTe7wI6s4J:i-u2665-cabbages.blogspot.com/2009/02/circumventing-adobe-adept-drm-for-pdf.html+http://i-u2665-cabbages.blogspot.com/2009/02/circumventing-adobe-adept-drm-for-pdf.html&hl=en&ct=clnk&cd=1&gl=ca [74.125.47.132]

  • Unless he stole Adobe code, the DMCA takedown notice was probably illegal. Giving people the right to read what they bought is not a violation of copyright that DMCA takedowns are meant to refer to..
    • by Coopjust (872796) on Monday March 09, 2009 @11:15AM (#27121561)
      Legally murky [chillingeffects.org], as software with little or no purpose other than circumventing copy protection, software which is marketed for circumventing copy protection, or primarily designed to break protection would be a violation of US Code Section 1201, which would leave the service provider open for secondary infringement. So while the DMCA may not be the "right" way to ask, once the copyright holder has knowledge of a tool as described above, they could be legally liable if they don't remove it.

      As far as the legal ramifications of (possibly) abusing the "safe harbor provision", I'm not sure.

      Disclaimer: I am not a lawyer, this does not constitute legal advice, etc.
  • by Jiro (131519)

    You could argue this violates the DMCA with respect to technological protection measures.

    But DMCA notices use a different part of the DMCA, which allows takedowns for actual copyright violations. IANAL, but I don't think that you can combine the two and use a DMCA notice to take down something that doesn't violate copyright but does violate the other part of the DMCA.

  • Does he/she really love cabbages?

No amount of genius can overcome a preoccupation with detail.

Working...