Re: [Fsfe-uk] BBC's DRM Iplayer windows only

[Chris Croughton]

On Mon, Dec 31, 2007 at 12:54:13PM +0000, Andy wrote:

> > Similarly, I think the DRM is much more about preventing non-UK-resident
> > users than free software users.
> 
> If it's about preventing non-UK users then can't that be done using IP
> filtering?

No.  IP spoofing is trivial, so are proxies.

> Sam Liddicott wrote:
> > Cos if you can see the code then you can re-compile the code to divert
> > the decrypted stream to disk (and it must be decrypted to play) and then
> > you can watch it without asking the DRM system.
> 
> Could you not just tamper with the driver that the software outputs to?
> Same affect, works on closed software too so opening your code would
> have caused no loss of security would it now?

Well, that's the same as he pointed out about sticking an A-D on the
output.  You may lose trivial quality, but I doubt anyone would notice.

If you have the code then it is trivial to grep it to find the part
which needs changing and redirect the output, then recompile, without
having to subvert a driver or re-record in realtime.  And then
redistribute the program so everyone can do it.

> If proprietary software is running on a system controlled by the
> attacker they can see precisely how it operates. The fact there are
> people in high positions who believe that running a piece of source
> code through a compiler makes the contents so secure as to make it
> impossible for an attacker to see how the program operates is
> extremely worrying.

Impossible, no.  Very difficult for most people, yes.  Have you ever
used gdb on an executable without the source?

> Compiling code does NOT encrypt it. It translates it into another,
> publically known, language. This is the equivalent to saying if I have
> a private document written in English I can translate it into French
> and give it to the attacker and it will be secure. (it clearly is not
> secure as: 1. the attacker may understand French. 2. The attacker can
> employ someone who understands French. 3. The attacker may buy an
> English-French dictionary).

OK, I'll send you a hex dump of some random piece of software which does
video output, and you tell me what it is, how it works, and how to hack
it.  Fair?  Your analogy is just as bad as the one about cracking SSH,
because compiling is pretty close to being a one-way hash.  Even if you
know the compiler used there is practically no way of regenerating the
source, especially with modern languages.

> What makes matters even worse is that the DRM program does not need to
> be understood to be broken. Software itself does not know the time for
> instance, it must ask someone. If that someone is the OS then what
> stops the OS lying and telling DRM.exe that it's always before the
> file expires?  Or even better you can modify the binary to not perform
> the checks. Giving the binary to the user is the security threat in
> itself. So if you give them the binary you have an insecure system so
> how can you use "security" as an excuse any more?

Nothing is ever totally secure.  As has been pointed out, at some point
it has to be converted into analog form (the same goes for music) and
can be reconverted.  The point of DRM (and other security, like GPG) is
to make it more difficult for someone to get at it, preferably to the
point that most people don't bother decrypting it.

The point is that distributing executable-only is a pretty good way of
making it secure from most people.  If it wasn't, then there would be no
problem hacking it to run on free OSs...

(No, I don't like DRM.  Music etc. which is distributed DRM locked I
simply don't use, the same for IE-only and Flash websites.  That's their
loss, they don't get my custom, I vote with my wallet.   I don't like
the BBC using my TV tax to develop a bad replay system, the same as I
don't like the government using my other taxes to run their wars and ID
databases.  But I also don't like fanaticism wherever it is, including
"free is perfect, everything else is evil" fanaticism.)

Chris C

Chris C