April 14, 2005
The Cracking of Napster WMA DRM
Cody Brocious was kind enough to respond to my post below, and then chat with me on AIM about the crack. Here’s the scoop:
Cody and co. are apparently very near an implementation of a utility
that will allow people to turn songs acquired through Napster Light
(the a la carte service) and Premium (the non-portable subscription
service) into unencrypted files. You have to have paid for the songs
first to do this circumvention, because the keys have to be retrieved
from Napster. This tool will actually circumvent and remove the
DRM, rather than recording from the sound card or employing other
similar workarounds to create unencrypted files.
The tool will not circumvent Napster To Go songs using Janus DRM, which
is WMA DRM v10 and different from the DRM applied to Light and Premium
songs. Their utility is indeed based on the Beale Screamer code
document and only works with the WMA DRM
code pre-v10. After the Beale Screamer code’s release, a tool called Freeme
was released that decrypted WMA files, but MS updated WMA to account
for this problem and secure the keys held client-side. Since the
utility “requests the license from the Napster license server just like
the official client does,” this issue is inapplicable.
Technically, this is distinct from the PyMusique crack for iTMS.
Cody suggests that Napster Light and Premium songs do not use the Janus
DRM because of backwards compatibility issues. If Napster Light
were to sell songs using Janus, the pre-Janus portable players (that
is, most players on the market) would not be able to play the content.
This issue does not apply to the non-portable Napster Premium; however,
since Napster To Go only works with WinXP, I imagine that all Win2k
users may have problems if Premium were to use Janus DRM.
So Napster could respond to this crack simply by updating all DRM to
Janus, but it would come at great cost. Cody acknowledged other
ways they could change the way they encrypt the content, but he
believes these changes would be trivial to circumvent, assuming they do
successfully implement the utility they are currently working on. He
also expects that Janus will be cracked, but stated that he is not
attempting to do so.
The tool will only work with Napster, but Cody expects that this scheme can be applied to other music stores in the future.
Cody sees his actions as “ethical,” irrespective of legality, and he is
willing to “fight the DMCA.” He wants to be able to play his
lawfully acquired Napster music on Linux.
Further technical details will be available shortly.
Update, noon 12/15: Alex Goodwin, one of Cody’s fellow coders, offers additional details in this comment.
Filed by Derek Slater at 11:43 pm under General news
11 Comments