ReadMe
by "Beal Screamer"

-----BEGIN PGP SIGNED MESSAGE-----

The software distributed with this README file removes content protection from any Windows Media Audio file (.wma file) that uses DRM version 2 (as implemented in Windows Media Player version 7). It has been tested under Windows 98, so may or may not work with other Media Player/OS combinations. Also be aware that many "protected content" files out there are actually DRM version 1, especially if they are older files. This software will not do anything to unprotect version 1 files.

There is another piece of software, called "unfuck", which similarly removes protections, but there is a fundamental difference in how these two pieces of software work. Unfuck works by allowing the player to unprotect and uncompress the audio, and then captures the audio samples on the way to the sound card. This software attacks the problem directly: it simply removes the encryption from the protected file, leaving everything else exactly the same. Because of this, there is no loss of quality due to uncompressing and re-compressing the content -- what you're left with is exactly the original content, just not protected. It's also much faster.

Please be aware that this software is "proof-of-concept" or "demonstration" level, not production level. While every effort has been made to make sure that it works properly, it may fail in unforeseen situations -- it has NOT been thoroughly tested! There isn't much chance that this program will screw up your system, but use at your own risk!

WARNING!!!!! I have just learned that the new Microsoft Media Player EULA includes a clause that says they can *automatically* modify the software on your system, without any confirmation from you required! In other words, they can disable your software, or force an upgrade so that FreeMe won't work, just because they feel like it. Be careful out there!

CONTENTS:

  README - This file
  LICENSE - Yes, a license!  Read it!
  Technical - Full technical description of how MS DRMv2 works
  Philosophy - My philosophy on why I released this, and what's wrong
               with the DMCA
  FreeMe.exe - The actual program
  src/ - The source code

Note that neither the software executable, FreeMe.exe, or the source code are present on or distributed from bearcave.com. Don't send me e-mail asking for these files. While I still believe that I have a first amendment right to publish, I will not take part in any action related to breaking Microsoft's DRM that is not protected by the first amendment. Under no condition will I distribute this software (at least until the DMCA is overturned).
Ian Kaplan, www.bearcave.com

The first 4 files can possibly be widely re-distributed and mirrored without much fear of real legal worries -- however, you will almost certainly be harassed by several big and powerful companies, so keep that in mind. The last two files (the program) cause more problems: distributing these in the U.S. is almost certainly a violation of the DMCA. However, outside the U.S. should be mostly ok -- so mirror these on as many foreign sites as possible! Again, you may be harassed by big and powerful companies, and might get threatening letters from lawyers, so be prepared for that.

INSTALLATION:

There's just a single executable file "FreeMe.exe" to install. You can copy it so that it's in your executable PATH (for example, copy to directory C:\WINDOWS\COMMAND), or you can put a shortcut to it on your desktop -- see below.

USAGE:

This is a command-line program, and the best way to run it is from the command line. If it is installed, and the executable is in your PATH, all you have to do is type "freeme x.wma" at a DOS prompt in order to unprotect the file "x.wma". There is a verbose flag that you can invoke to have it print out all sorts of information as it discovers it (your public/private key pairs, KID of the file you're unprotecting, content key, etc.). For example, typing "freeme -v x.wma" unprotects the file as above, but in verbose mode. The output file will be called "Freed-x.wma", where "x.wma" is the original filename.

One problem with this being a command line utility is that many audio files have very long file names, so you'll have to put the filename in quotes in order for this to work, like so: Prompt> freeme "Billy and the Boingers - The RIAA Stole My Soul.wma"

As an alternative, you can put a shortcut to the FreeMe.exe executable on your desktop, and then can simply drag files from the file explorer to FreeMe. However, there is one big problem with this: the filename given to FreeMe is actually the short filename, so if you did this with the file above, you'd end up with an output file named something like "Freed-BILLYA~1.WMA" Unfortunately, I don't know how to fix this -- maybe someone else out there does.

SOURCE CODE:

The full source code is included in the src/ directory, but you will need a Win32 version of the OpenSSL package (and crypto library) in order to compile it.

There are some definite problems with this code, which I would suggest to people interested in improving what I've distributed: First off, a lot of things in Windows seem to be designed to be easier in C++ than in C; unfortunately, I don't know a lot about Windows programming, and never have learned or used C++ at all, so some of my code may be a little strange in its approach. Secondly, my .asf/.wma file format processing is hopelessly naive. Surely there are better ways to do this, or existing libraries to do it. Also, I don't really do XML parsing, but just a very simplistic scanning. This seems to work for every license I've seen, but using a real XML parser would make this much more robust. Finally, a nice pretty GUI would be good, but wasn't necessary for my "proof-of-concept" code, so I didn't include it.

Finally, you know that Microsoft is going to make some changes that will render my software useless. You've got the source code, so use that as a starting point to change with them.

HOW TO CONTACT ME:

Being anonymous, it's hard to give a way to contact me. However, if you have something very important to tell me, post to the sci.crypt Usenet newsgroup with a subject that includes the phrase "To Beale Screamer". My PGP key is given in this distribution, in case you need it (and I will always sign anything I distribute).

Please don't inundate the poor people in sci.crypt with a bunch of pointless comments. But I did want to give people some avenue for contacting me if absolutely necessary.

MESSAGES:

I have included messages below for specific groups of people.

- - --

Original Distribution Date: October 18, 2001
by "Beale Screamer"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBO84IDZCr1f2GXCalAQGRcAP8CHkU6B42NZNiuhS/roxKJTljm36Doq+R
zrqFeO2JY9xMCMhBlYP6RRkDATdlMWNj/U3DLXJ/lBJYUeSwMT3vsUTUHOA/lGMQ
9VqYHmAEwImnKWBNDG694abVeCFa9H/FziLLjeJQ73ADcfjr4rJ/FpHMxrtb2YfF
K5QaP3QRXl0=
=RK34
-----END PGP SIGNATURE-----