July 19, 2007
By Bill Rosenblatt
From http://www.drmwatch.com

An updated hack to Windows Media DRM was released last Friday on the Doom9 forum. This is the third release of FairUse4WM and features an easy-to-use user interface, in the manner of DVD-ripping tools such as 321 Studios' DVD XCopy. The author calls himself Divine Tao, an anagram of viodentia, the author of the original FairUse4WM. Unlike previous versions, this one appears to work with files from subscription services like Napster, not just permanent downloads. It also works on files from Microsoft's Zune Marketplace, which uses a different DRM. Microsoft has stated that the design of WM DRM anticipates such hacks and incorporates ways to deal with them. This has usually meant issuing patches to Windows Media Player and requiring them to be applied before users can use it further; this is a standard technique for field-upgradeable DRM. Because Microsoft owns and controls both the player software and the DRM, the process is more straightforward than, for example, the key retirement process for AACS (for HD DVD and Blu-ray) which we saw in action over the last few months. Yet Microsoft has not commented in public about when it will issue a patch for this hack. In assessing the impact of DRM hacks, we like to use an analog world analogy that, while not 100 percent accurate, should give a good flavor. Suppose someone invents a replicable way to pick combination locks made by Master (a leading US lock maker). This does not mean that, all of a sudden, all of the high school gym lockers in America are now open. Two things must happen. First, other people need to be able to get their hands on the instructions for the picking technique; second, they must be able to apply the technique themselves. Any difficulties with either of these points serve to mitigate the damage. Fear of litigation takes care of the first of these points. One cannot simply go to Doom9 (or any other website) and download FairUse4WM; the hacker's fear of discovery makes it only possible to obtain the hack by personal message from one of the people who have it; the number of such people is growing, though not anywhere near as fast as it would if the hack were simply posted on a public URL. The DMCA and other laws give Microsoft ammunition to have hacks taken down from web pages and to go after hackers, both of which they do unstintingly. (Last time around, they accused viodentia of stealing their source code instead of violating DMCA, but they dropped the suit after failing to find viodentia's real identity.) FairUse4WM appears to address the point about applying the technique -- at least for Windows XP -- judging from posts on Doom9. This contrasts with the effort needed to implement most hacks to AACS, which require considerable technical skill. As both hackers and surrounding technologies get better at addressing hack distribution and application, DRM technologies will need to get better if they are to remain viable.