-----BEGIN PGP SIGNED MESSAGE-----
The software distributed with this README file removes content protection from any Windows Media Audio file (.wma file) that uses DRM version 2 (as implemented in Windows Media Player version 7). It has been tested under Windows 98, so may or may not work with other Media Player/OS combinations. Also be aware that many "protected content" files out there are actually DRM version 1, especially if they are older files. This software will not do anything to unprotect version 1 files.
There is another piece of software, called "unfuck", which similarly removes protections, but there is a fundamental difference in how these two pieces of software work. Unfuck works by allowing the player to unprotect and uncompress the audio, and then captures the audio samples on the way to the sound card. This software attacks the problem directly: it simply removes the encryption from the protected file, leaving everything else exactly the same. Because of this, there is no loss of quality due to uncompressing and re-compressing the content -- what you're left with is exactly the original content, just not protected. It's also much faster.
Please be aware that this software is "proof-of-concept" or "demonstration" level, not production level. While every effort has been made to make sure that it works properly, it may fail in unforeseen situations -- it has NOT been thoroughly tested! There isn't much chance that this program will screw up your system, but use at your own risk!
WARNING!!!!! I have just learned that the new Microsoft Media Player EULA includes a clause that says they can *automatically* modify the software on your system, without any confirmation from you required! In other words, they can disable your software, or force an upgrade so that FreeMe won't work, just because they feel like it. Be careful out there!
README - This file LICENSE - Yes, a license! Read it! Technical - Full technical description of how MS DRMv2 works Philosophy - My philosophy on why I released this, and what's wrong with the DMCA FreeMe.exe - The actual program src/ - The source code
Note that neither the software executable, FreeMe.exe, or the source code are present on or distributed from bearcave.com. Don't send me e-mail asking for these files. While I still believe that I have a first amendment right to publish, I will not take part in any action related to breaking Microsoft's DRM that is not protected by the first amendment. Under no condition will I distribute this software (at least until the DMCA is overturned).
Ian Kaplan, www.bearcave.com
The first 4 files can possibly be widely re-distributed and mirrored without much fear of real legal worries -- however, you will almost certainly be harassed by several big and powerful companies, so keep that in mind. The last two files (the program) cause more problems: distributing these in the U.S. is almost certainly a violation of the DMCA. However, outside the U.S. should be mostly ok -- so mirror these on as many foreign sites as possible! Again, you may be harassed by big and powerful companies, and might get threatening letters from lawyers, so be prepared for that.
There's just a single executable file "FreeMe.exe" to install. You can copy it so that it's in your executable PATH (for example, copy to directory C:\WINDOWS\COMMAND), or you can put a shortcut to it on your desktop -- see below.
This is a command-line program, and the best way to run it is from the command line. If it is installed, and the executable is in your PATH, all you have to do is type "freeme x.wma" at a DOS prompt in order to unprotect the file "x.wma". There is a verbose flag that you can invoke to have it print out all sorts of information as it discovers it (your public/private key pairs, KID of the file you're unprotecting, content key, etc.). For example, typing "freeme -v x.wma" unprotects the file as above, but in verbose mode. The output file will be called "Freed-x.wma", where "x.wma" is the original filename.
One problem with this being a command line utility is that many audio files have very long file names, so you'll have to put the filename in quotes in order for this to work, like so: Prompt> freeme "Billy and the Boingers - The RIAA Stole My Soul.wma"
As an alternative, you can put a shortcut to the FreeMe.exe executable on your desktop, and then can simply drag files from the file explorer to FreeMe. However, there is one big problem with this: the filename given to FreeMe is actually the short filename, so if you did this with the file above, you'd end up with an output file named something like "Freed-BILLYA~1.WMA" Unfortunately, I don't know how to fix this -- maybe someone else out there does.
The full source code is included in the src/ directory, but you will need a Win32 version of the OpenSSL package (and crypto library) in order to compile it.
There are some definite problems with this code, which I would suggest to people interested in improving what I've distributed: First off, a lot of things in Windows seem to be designed to be easier in C++ than in C; unfortunately, I don't know a lot about Windows programming, and never have learned or used C++ at all, so some of my code may be a little strange in its approach. Secondly, my .asf/.wma file format processing is hopelessly naive. Surely there are better ways to do this, or existing libraries to do it. Also, I don't really do XML parsing, but just a very simplistic scanning. This seems to work for every license I've seen, but using a real XML parser would make this much more robust. Finally, a nice pretty GUI would be good, but wasn't necessary for my "proof-of-concept" code, so I didn't include it.
Finally, you know that Microsoft is going to make some changes that will render my software useless. You've got the source code, so use that as a starting point to change with them.
Being anonymous, it's hard to give a way to contact me. However, if you have something very important to tell me, post to the sci.crypt Usenet newsgroup with a subject that includes the phrase "To Beale Screamer". My PGP key is given in this distribution, in case you need it (and I will always sign anything I distribute).
Please don't inundate the poor people in sci.crypt with a bunch of pointless comments. But I did want to give people some avenue for contacting me if absolutely necessary.
I have included messages below for specific groups of people.
Users: Please respect the uses I have intended this software for. I want to make a point with this software, and if you use it for purposes of violating copyrights, the message stands a very good chance of getting lost. Also, Microsoft is obviously going to release patches to their media player in order to get around the exploit in my software -- I think you'll be safe it you refuse to upgrade from your current version of the Windows Media Player (but see the warning above about "forced upgrades"). Unless they want to sacrifice backward compatibility, you will at least be able to work with your current (legally obtained) media files for the near future.
Microsoft: You guys have put together a pretty good piece of software. Really. The only real technical flaw is that licenses can't be examined for their restrictions once they are obtained. My real beef is with the media publishers' use of this software, not the technology itself. However, it's easy to see where software bloat and inefficiency comes from when this code is examined: every main DLL has a separate copy of the elliptic curve and other basic crypto routines, and parameters passed back and forth between modules are encrypted giving unnecessary overhead, not to mention all the checks of the code integrity, checks for a debugger running, code encryption and decryption. Perhaps you felt this was necessary for the "security through obscurity" aspect, but I've got to tell you that this really doesn't make a bit of difference. Make lean and mean code, because the obscurity doesn't work as well as you think it does. Also read the message below to the Justice Department!
Justice Department: Maybe this should really be addressed to the state officials, since it looks like the current U.S. administration doesn't care too much about monopoly powers being abused. But for whoever is interested, there is a very serious anti-competitive measure in this software. In particular, for various modules of the software to be used, you must supply a certified public key for communication. Guess who controls the certification of public keys? Microsoft. So if someone wants to make a competing product, which integrates well with the Windows OS, you will need to get Microsoft's permission and obtain a certificate from them. I don't know what their policy is on this, so don't know if this power will be abused or not. However, it has the potential for being a weapon Microsoft can use to knock out any competition to their products.
Artists: Don't fear new distribution methods -- embrace them. Technology is providing you the means to get your art directly to consumers, avoiding the big record companies. They want a piece of the action for YOUR creativity, and you don't need to let them in on it any more. Your fans will treat you nicely, unless you treat your fans poorly (take note of that Lars). Bo Diddley didn't have anything to fear from his fans, but a lot to fear from Leonard Chess. Think about that.
Publishers: Give us more options, not fewer. If you try to take away our current rights, and dictate to us what we may or may not do, you're going to get a lot of resistance. You better find a way to play nicely soon, because technology is making it possible for artists to make do without you at all. Try getting some progressive thinkers into management -- current people don't seem to be able to cope with the new environment that is emerging.
- - --
Original Distribution Date: October 18, 2001
by "Beale Screamer"
-----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBO84IDZCr1f2GXCalAQGRcAP8CHkU6B42NZNiuhS/roxKJTljm36Doq+R zrqFeO2JY9xMCMhBlYP6RRkDATdlMWNj/U3DLXJ/lBJYUeSwMT3vsUTUHOA/lGMQ 9VqYHmAEwImnKWBNDG694abVeCFa9H/FziLLjeJQ73ADcfjr4rJ/FpHMxrtb2YfF K5QaP3QRXl0= =RK34 -----END PGP SIGNATURE-----