Windows Media Rights Manager
and
FairPlay
23-05-06
Seminar Digital Rights Management
Clara Fernández de Castro
-1-
Index
Windows Media Rights Manager and FairPlay ..................................................................... 3
Introduction......................................................................................................................... 3
Windows Media Rights Manager ....................................................................................... 3
Encrypting Content ......................................................................................................... 4
Sharing Business Rules .................................................................................................. 5
Challenge and Response................................................................................................. 7
License Delivery ............................................................................................................. 8
Attacks against WMRM .................................................................................................. 9
Fairplay ............................................................................................................................. 10
Restrictions ................................................................................................................... 10
Brief Technical Description ......................................................................................... 11
Is FairPlay “fair”? ITunes business model .................................................................. 13
Harmony ........................................................................................................................ 14
Reverse-Engineering against Apple ............................................................................ 14
Conclusions....................................................................................................................... 16
References ........................................................................................................................ 16
-2-
Windows Media Rights Manager and FairPlay
Introduction
Piracy of copyrighted entertainment is not new. For years, people copied record albums
onto cassette tapes and traded them, a violation of copyright law that was generally
overlooked because the quality of the copies was not as good as the original one. But
with the advent of digital entertainment on compact discs and more powerful personal
computers, perfect copies could be made easily.
Digital multimedia files can be easily copied and distributed without loosing quality.
That is the reason why the distribution of this kind of files has increased on the
Internet, both via authorized and not authorized channels. Piracy is a real problem if not
techniques are used to protect content. In this sense, Digital Rights Management allows
content providers to protect and control the distribution of the files. They can also
protect and manage the rights creating valid licenses for each digital multimedia file.
Moreover, the process of license registering provides important information about
consumers allowing providers to be closer to their consumers. The efficient
implementation of a DRM system grants a maximum and wide distribution of audio and
video to consumers.
Windows Media Rights Manager
Windows Media Rights Manager (WMRM) lets content providers deliver songs, videos,
and other digital media content over the Internet in a protected, encrypted file format.
Windows Media Rights Manager helps protect digital media (such as songs and videos)
by packaging digital media files. A packaged media file contains a version of a media
file that has been encrypted and locked with a "key." This packaged file is also bundled
with additional information from the content provider. The result is a packaged media
file that can only be played by a person who has obtained a license.
As depicted in the Figure 1.1, the Windows Media Rights Manager process begins when
a content owner wants to protect a piece of media content already encoded in the
Windows Media format. The content packager creates a media package adding to the
content a header containing necessary information during the process.
Once the file is protected, is ready to be distributed to the users. In order to play the
content of a protected file, the user must acquire an appropriate license. The license is
issued by a third-party license provider.
-3-
Figure 1.1
Encrypting Content
In order to begin the encrypting process, the content owner must meet some
requirements, such us having a computer running a Windows 2000 server and the
Windows Media Rights Manager SDK installed. Before the content owner can protect
his content, he or she must set up an account with a license provider and establish the
business model and terms of the licenses for the content.
Figure 1.2 shows the process of encrypting a piece of content.
Figure 1.2
The content owner has already some content in Windows Media format and wants to
protect the file using the WMRM. A simple web based interface might be useful to
handle the encrypting process. A web example is provided with the WMRM.
To protect the content, some information is required to build the file header:
1. Key ID: is a string used to generate a key and uniquely identify the content.
2. License Acquisition URL: which points to the server where the license is to be
acquired.
3. Optional attributes: such us metadata.
Content Packager must also include the following information:
1. Private Signing Key: used to sign the content header.
2. License Seed Key: value used to generate the key and is shared between
content owner and license issuer.
-4-
Figure 1.3
The key which will be required to unlock the package file will be generated using the
seed along with the Key ID.
Therefore, when using the web based interface the content owner should enter the
name of the specific piece of content he or she wants to protect, the output name for
the file, the key ID which is recommended to be easy in order to recognize it during the
process, the license key seed and the content server public key. After collecting the
entered information, the WMRM builds the header. To finish the creation of the
package, the WMRM must follow the next three steps:
1. Generate or specify a key using the key ID and the license key seed.
2. Generate and sign the content header using private signing key.
3. Encrypt the file using this information.
Once the content has been encrypted the files are moved to a content distributor and
placed either on a web server, making them available for download, or streaming server
for streaming.
Sharing Business Rules
A key benefit from the WMRM is its flexibility in supporting different business models.
Licensing methods such us purchase, pay-per-view, free trial version, or limited play.
This business are set up and associated with the content.
Once the encrypted content is ready to be distributed, the content owner needs to share
some secrets with the license issuer in order to issue the appropriate required licenses.
The secrets consist on the seed, the public key and the business rules under which
licenses will be granted. As the word “secrets” suggest, this information is key in the
whole process and secure means of communication must be established.
Let’s make in example in which a music group, the content owner, has encrypted
several pieces of content with WMRM and wants to associate different business rules to
it. Particularly, the band wants an audio file to be available on a subscription basis and a
video file to distribute it as a “try before you buy” promotional version. The content
packager from the band shares the secrets of the pieces of contents with the license
issuer. The information exchanged is shown in the Figure 1.4.
-5-
Figure 1.4
The license issuer must have already set up a server and must be prepared to respond
to customer’s request for licenses based on the information the content packager has
shared with him. In order to set up the different business rules, the license issuer has
created a secured database, which is maintained to associate files with allowable
licenses based on the business rules defined by the content owner. In our example, the
license issuer should provide two different licensing schemes: a copy that is distributed
as part of a subscription and has an expiration date, and a “try before you buy”
promotion that has a limited play for 12 hours.
For the “try before you buy” promotion, the content owner can also choose to redirect
the consumer to buy the entire video once the trial period has expired. This business
rule is included in the first license which is sent to the consumer after attempting to
play the trial video. The initial license will allow the consumer to play the content for a
specific period of time, after he or she will be redirected to a purchase site. After the
successful purchase, a new license will be issued to the consumer. The process is
depicted in the Figure 1.5
Figure 1.5
In order to provide different licenses under different business rules, the license issuer
database uses the key ID contained in the header of the file along with an attribute that
is also retrieved from the consumer’s computer. The attribute is used to determine
which business rule must be applied.
To recap, when the consumer plays a piece of content, the player looks for a valid
license in the consumer’s computer. If the license is not found in the license store in the
-6-
computer, a request that includes the key ID from the header of the file and more
attributes are sent to the license issuer, whose URL is also included in the header.
Based on the information received, the license server does a lookup in its database in
order to collect the necessary information to create a valid license in accordance with
the business rules defined in that case. The Figure 1.6 shows a possible status of a
license issuer database, where different business rules have been defined for the same
piece of content.
Figure 1.6
Challenge and Response
The Challenge and Response process begins when a consumer attempts to play a
protected piece of content with the WMRM. In order to play the content, he or she
needs to acquire a valid license.
Bob, a potential consumer, visits an online Music Store he is subscribed to. And after
clicking on a song he wants to play, the file is downloaded to his computer and the
scenario presented in the Figure 1.7 takes place.
Figure 1.7
The player queries the license store in Bob’s computer to determine if a valid license
exists for the file and the content can be played. If a valid license is not found, a
request to the license issuer via the URL license acquisition in form of a challenge is
-7-
sent. The challenge is an object that includes the header from the content file, the
hardware ID from Bob’s computer and the action requested.
Based on the challenge received, the license issuer responds with a valid license
allowing Bob to play the song. The license contents:
1.
2.
3.
4.
Encrypted key used to encrypt the content.
Specific rights.
Information about Bob’s computer.
The certificate of the license issuer.
License Delivery
There are four methods by which licenses can be delivered to consumers:
1. Non-silent: the consumer is prompted to perform some tasks before receiving a
license.
2. Silent: where there is not user interaction required.
3. Non-pre-delivered: where the license is acquired separately and after the
content is acquired.
4. Pre-delivered: where the license is delivered before or at the same time as the
content.
In order to explain each method, we will continue with Bob’s example.
Non-silent license
Bob visits the same online Music Store that he is subscribed to. The site contains the
newest song he has been looking for. The site offers a free promotion of this song in
exchange of some information about Bob, such us his email address, name, age and
nationality. If Bob agrees to share that demographic information about him, he would be
able to receive and play the song.
Silent license
Bob once again visits the Music Store, but this time he clicks a song which is included
in his subscription service. The song is downloaded in his computer and the license is
acquired without extra task to play the song.
Non-pre-delivered license
Bob sends his friend Alice the first song he downloaded. Alice receives the file by
email, but the license that will allow her to play the song it is not included in the
content. When Alice clicks on the song to play it, she is asked to enter some
demographic information about her before she is able to play the song.
Pre-delivered license
Bob wants to rent a movie on the Web. In this case, Bob must purchase the movie
before a valid license is delivered in order to play the content. After entering his credit
card number and more information to pay the license, he is able to play the movie. This
procedure allows content owners to promote and monitorize their content.
-8-
Attacks against WMRM
Remove DRM from .wmv files
So far, files protected using WMRM have not been cracked, although some ways of
removing DRM in order to avoid limitations such us a trial period or a number of
possible copies, have been developed.
In October 2001, news.com published an article saying that Microsoft had confirmed
that a software code, written by a programmer using the pseudonym "Beale Screamer",
could strip off the protections that prevent a song from being copied an unlimited
amount of times.
Screamer's software, called freeme.exe, had some limitations. To make Screamer's
software work, a computer user should already have a valid license to listen to the
song. The software essentially used information found in this license to fool the DRM
software, stripping off the protective technology entirely.
This meant that someone downloading a protected song from the Web without first
paying for it, or otherwise getting the rights to listen to it at least once, would be unable
to use Screamer's software. But purchasing a CD with Windows Media files on it, in
conjunction with the software, could allow someone to strip off the protections and
distribute the files online with no restrictions.
Freeme.exe was a very simple MS-DOS program which easy way to use is shown in
Figure 1.8.
Figure 1.8
Microsoft quickly reacted delivering new versions of the Windows Media Rights
Manager and giving instructions to both content owners and license issuers to increase
the security of the whole process.
-9-
Ads and adware
Hackers are turning digital rights management features of Microsoft's Windows Media
Player against users by fooling them into downloading massive amounts of spyware 1,
adware2, and viruses.
For instance, the anti-virus vendor Panda Software, claimed to have found two new
Trojan horses planted in video files seeded to peer-to-peer file-sharing networks like
eMule and KaZaA. As we have already seen, after a consumer attempts to play a file
protected with WMRM, the player looks for a valid license in the consumer’s computer.
If the license does not exist, the player looks for it on the Internet so the user can
download or purchase it.
The Trojans attack consist only in pretending to download the corresponding license
but, instead they redirect the consumer to their own Internet sites from where they
download a large number of adware, spyware, dialers3, and other viruses.
Fairplay
As an introduction, let’s clarify some terms that will be referenced in the following
sections. The iTunes Music Store is an online music service run by Apple Computer
through its iTunes application. iTunes is a proprietary digital media player application,
launched by Apple Computer on January 9, 2001, for playing and organizing digital
music and video files. The program is also the interface to manage the music on Apple's
popular iPod digital audio player. The iPod is a brand of portable media players
designed and marketed by Apple Computer.
Apple’s iTunes Music Store lets customers search a catalog of over 500,000 tracks.
With one click, users can purchase the songs and download them into their iTunes
music library for very low prices, without any subscription fees. Songs are downloaded
in digital quality and can be burned onto CDs for personal use, played on up to five
computers, and listened to on an unlimited number of portable players such as Apple’s
iPod. Downloaded files come with restrictions on their use, enforced by FairPlay,
Apple's version of Digital Rights Management.
Restrictions
Users can only download a purchased song once and can only use the song on five
authorized computers simultaneously. However, they can move songs to a portable iPod
an unlimited number of times. The protected track may be copied to a standard CD
audio track any number of times, but can only burn the same exact playlist 7 times. The
resulting CD has no DRM and may be ripped 4, encoded and distributed like any other
CD.
1
Spyware: refers to a broad category of malicious software designed to intercept or take partial control of a
computer's operation without the informed consent of that machine's owner or legitimate user.
2
Adware: any software package which automatically plays, displays, or downloads advertising material to a
computer after the software is installed on it or while the application is being used.
3
Dialer: computer program which creates a connection to the Internet or another computer network over the
analog telephone or ISDN network.
4 Ripping a cd: converting audio CD tracks, saving them into audio formats such as mp3, wav, and wma.
- 10 -
Brief Technical Description
Fairplay is a quite simple implementation of common DRM techniques. FairPlayprotected files are regular mp45 container files with an encrypted AAC6 audio stream.
The master key required to decrypt the encrypted audio stream is also stored in
encrypted form in the MP4 container file. The key required to decrypt the master key is
called the "user key".
Each time a customer uses iTunes to buy a track a new random user key is generated
and used to encrypt the master key. The random user key is stored, together with the
account information, on Apple’s servers, and also sent to iTunes. As the Figure 2.1
shows, iTunes stores these keys in its own encrypted key repository. Using this key
repository, iTunes is able to retrieve the user key required to decrypt the master key.
Using the master key, iTunes is able to decrypt the AAC audio stream and play it.
Figure 2.1
When a user authorizes a new computer, iTunes sends a unique machine identifier to
Apple’s servers. In return it receives all the user keys that are stored with the account
information. This ensures that Apple is able to limit the number of computers that are
authorized and makes sure that each authorized computer has all the user keys that are
needed to play the tracks that it bought. The process is depicted in the Figure 2.2
5
mp4: multimedia container format standard most-commonly used to store digital audio and digital video
streams.
6
AAC: Advanced Audio Coding is a digital audio encoding and lossy compression format.
- 11 -
Figure 2.2
When a user deauthorizes a computer, iTunes will instruct Apple’s servers to remove
the unique machine identifier from their database, and at the same time it will remove
all the user keys from its encrypted key repository.
The iPod also has its own encrypted key repository. Every time a FairPlay-protected
track is copied onto the iPod, iTunes will copy the user key from its own key repository
to the key repository on the iPod. This makes sure that the iPod has everything it needs
to play the encrypted AAC audio stream.
Figure 2.3
While licenses to the AAC compression and the mp4 file format are readily available,
Apple has not agreed to license their proprietary FairPlay encryption scheme to other
- 12 -
hardware manufacturers until recently, so only Apple's iPod was able to play AAC files
encrypted with Apple's FairPlay technology.
Is FairPlay “fair”? ITunes business model
An intentional limitation of Fairplay is that it prevents iTunes customers from using the
purchased music on any portable digital music player other than the Apple iPod. On
January 3, 2005, an iTunes online music store customer filed a lawsuit against Apple
Computer, alleging the company broke antitrust laws by utilizing FairPlay with iTunes
so that purchased music will work only with its own music player, the iPod, freezing out
competitors.
Apple’s DRM, as mentioned, is proprietary in nature. No portable player aside from the
iPod supports FairPlay, and the iPod only supports the AAC and MP3 standard rather
than the dominant standard used by the other digital music services, Microsoft’s
Windows Media DRM for Windows Media Audio (WMA). This lack of interoperability,
however, might be a key part of Apple’s business model. Using software to drive
hardware sales is a typical strategy for Apple, so it might accept moderate losses from
the Store to recover a net profit with device sales.
Assuming for the moment that iTunes Store’s main purpose is to generate profits in
iPod sales (even if operating at a loss), restricting interoperability is a sound business
decision. In making this decision, Apple has to balance the trade-off between the
possible increase in profits derived from expanding the iTunes Store's consumer base,
and removing the strategic advantage the iPod has by way of its exclusive relationship
to the iTunes service. Making iTunes songs only compatible with iPod allows for the
generation of noticeable entry barriers in the market of portable players and some
barriers in the market of music downloading services (iTunes competitors). In so doing,
this strategy ultimately reinforces Apple's price discrimination scheme, as Apple is able
to fine tune prices more precisely to a consumer base that is more tightly linked to both
products, and conveys information about intensity of usage or downloads more
efficiently.
Furthermore, by integrating iTunes Store and the iPod, it is not only possible to
leverage success in one market to the other, but also to actually reshape the product
market to a certain extent. By competing in price and adding capabilities, iPod is not
only competing in the market of portable players, but up to a certain point is forcing its
competitors to match the advantages of the iTunes Store complement by either offering
lower prices or by developing a competing service to accompany their players.
Its expansion onto Windows secures an increasing demand for the iTunes service. This
step, while still preserving iPod’s advantage as an iTunes Store integrated device,
allows for iTunes Store to transform a broader base of consumers that includes PC
users, into a bigger iTunes business, with a larger repertoire, and leverage this growth
back in favor of Apple’s privileged iPod users.
- 13 -
Harmony
In July 2004, RealNetworks introduced their Harmony technology. The Harmony
technology is built into RealPlayer and allows users of the RealPlayer Music Store to
play their songs on the iPod. Before the introduction of Harmony this was not possible,
because the RealPlayer Music Store uses a different scheme to protect their content
that was incompatible with that used by Apple. Harmony transparently converts it to a
FairPlay-compatible protected file.
RealNetworks argued they freed consumers “from the limitation of being locked into a
specific portable device when they buy digital music”.
RealNetworks was criticized for:
1. Keeping its own intellectual property and products closed, while asking Apple to
open up the iPod.
2. Attempting to force Apple into a partnership that would only benefit
RealNetworks.
Harmony was quietly disabled by Apple around the time of the iPod photo launch, and to
older versions shortly after in firmware updates. Since then, Apple and Real have
effectively been playing a game of cat and mouse with Apple blocking Harmony with
each new iPod software update and Real fixing Harmony to work on iPods some time
later.
In August 2005, RealNetworks admitted that continued use of the Harmony technology
put themselves at considerable risk because of the possibility of a lawsuit from Apple,
which would be expensive to defend against, even if the court agreed that the
technology is legal.
Reverse-Engineering against Apple
Many efforts have been made to circumvent the encryption of FairPlay-protected files.
Most of attacks consisted on removing the encryption from FairPlay-protected files. So
far, all applications have two things in common:
-
They use the user keys from the key repository, which ensures they can
decrypt only files that are legally bought.
They keep the metadata inside the MP4 container intact, so is possible to
identify the user who originally bought the file after it is decrypted.
The name Jon Johansen should be familiar to any foe of digital rights management.
Known primarily for authoring DeCSS, a tool for removing the CSS from DVDs, the
Norwegian programmer seemingly spends most of his time fighting DRM
implementations. He describes himself as a defender of consumer digital rights, and
says his software tools are aimed at an industry that is penalizing honest buyers.
And continuing with his battle against DRM, he also started a campaign against Apple.
He says he spent 80 hours dissecting iTunes, figuring out how it places digital
restrictions on songs and how to circumvent them.
- 14 -
PyMusique
On March 18, 2005, Travis Watkins and Cody Brocious, along with Johansen, wrote
PyMusique, a Python based program which allowed the download of purchased files
from the iTunes Music Store without DRM encryption. This was possible because Apple
Computer's iTunes software adds the DRM to the music file after the music file is
downloaded. On March 22, Apple released a patch for the iTunes Music Store blocking
the use of the PyMusique program. The same day, an update to PyMusique was
released, circumventing the new patch.
PyMusique worked as a front-end to iTunes Music Store, emulating iTunes' connection
to the online music store. The application provided the usual iTunes Music Store
features: access to song previews and the ability to set up a payment account and to
use it to buy songs (as shown in the Figure 2.4). But there are two crucial differences.
First, PyMusique allowed users to re-download songs they have already purchased.
Second, none of the tracks bought were protected with the DRM technique. So users
were able to distribute tracks and copy them without restrictions.
Figure 2.5
Obviously, accessing iTMS through a third-party application was a violation of the
Terms of Service, so those who purchased music through PyMusique were doing so in a
manner not consistent with the Terms of Service. Apple might be able to argue that the
application was a disruption to their business, costing them money.
In September 2005, Jon Johansen released SharpMusique, which took over where
PyMusique left off.
- 15 -
Conclusions
After the discussion of both Microsoft and Apple’s DRM techniques, it could be argued
that Microsoft's WMA now looks strikingly stronger, as it has yet to be cracked for any
length of time.
It is naive to believe that WMA will not also be cracked. The stronger argument to be
made is DRM technology will never solve the problem of piracy, as schemes will likely
be able to crack in perpetuity. The answer then may lie somewhere else other than
copyright directives and DRM wrappers.
People who think that the current purpose of applying DRM techniques is not limiting
copying or distribution, but rather restricting the use of the copyrighted work, will keep
on supporting and performing attacks against the actual DRM system. From a New York
Times article: "In the past, when a company published a book, the fair use rights of
readers limited its control over the work. But if the same company issues a book today
and encrypts it, its control over readers is far greater unless there is a right of access
to the material."
References
 AdwareReport
http://www.adwarereport.com/
 ArsTechnica
http://arstechnica.com/news.ars/post/20050318-4716.html
 Beale Screamer’s web site
http://www.spinnaker.com/crypt/drm/freeme/
 “iTunes, How Copyright, Contract, and Technology Shape the Business of Digital
Media”
http://cyber.law.harvard.edu/media/uploads/53/GreenPaperiTunes03.04.pdf
 Microsoft analysis of Freeme.exe
http://www.microsoft.com/windows/windowsmedia/es/drm/freeme.aspx
 PcWorld: “Microsoft to Boost Media Player Security”
http://www.pcworld.com/news/article/0,aid,118781,pg,1,00.asp
- 16 -
 Post-Gazzette, Business News
http://www.post-gazette.com/pg/05290/590139.stm
 The Register
http://www.theregister.co.uk/2005/03/18/itunes_pymusique/
 Wikipedia
http://en.wikipedia.org/wiki/FairPlay
http://en.wikipedia.org/wiki/PyMusique
- 17 -