CD/DVD Copy Protection
36
CD/DVD Copy Protection Tim G¨ uneysu 02/12/2004 Advanced Seminar for ITS Ruhr-Universit¨ at Bochum Chair for Communication Security Advisor: Andr ´ e W eimerskirch
Transcript of CD/DVD Copy Protection
CD/DVD Copy Protection
Tim Guneysu
02/12/2004
Advanced Seminar for ITS
Ruhr-Universitat Bochum
Chair for Communication Security
Advisor: Andre Weimerskirch
Contents
1. Introduction 1
2. Specifying the Medium 22.1. Characteristics of an Optical Data Medium . . . . . . . . . . . . . 22.2. CD Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2.1. Red Book . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2.2. Yellow Book . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3. DVD Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3.1. DVD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3.2. DVD-Video . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Copy Protection in Theory 83.1. Target Applications and Business Areas . . . . . . . . . . . . . . . 83.2. Classification of Protections . . . . . . . . . . . . . . . . . . . . . 8
3.2.1. Abusing the Medium Specification . . . . . . . . . . . . . 93.2.2. Injecting Read Errors Intentionally . . . . . . . . . . . . . 103.2.3. Verification of the Original . . . . . . . . . . . . . . . . . . 103.2.4. Digital Signatures and Cryptography . . . . . . . . . . . . 10
4. Protection Implementations 114.1. Protecting Data on CD-ROMs . . . . . . . . . . . . . . . . . . . . 11
4.1.1. Suitable Approaches for Data Protection . . . . . . . . . . 114.1.2. Implementations providing Data Protection . . . . . . . . 114.1.3. Efficiency of recent Data Protection Mechanisms . . . . . . 14
4.2. Protecting Audio Content on CD-DAs . . . . . . . . . . . . . . . 144.2.1. Suitable Approaches for Audio Protection . . . . . . . . . 154.2.2. Implementations providing Audio Protection . . . . . . . . 154.2.3. Efficiency of recent Audio Protection Mechanisms . . . . . 15
4.3. Protecting Data on DVD-ROMs . . . . . . . . . . . . . . . . . . . 174.3.1. Suitable Approaches for Data Protection . . . . . . . . . . 174.3.2. Implementations providing Data Protection . . . . . . . . 174.3.3. Efficiency of recent Data Protections . . . . . . . . . . . . 17
4.4. Protecting Video Content on DVD-Video Disks . . . . . . . . . . 18
ii Contents
4.4.1. Suitable Approaches for Video Protection . . . . . . . . . 184.4.2. Implementations providing Video Protection . . . . . . . . 184.4.3. Efficiency of recent Video Protection Implementations . . . 18
5. Legal Aspects 205.1. Digital Rights Protection in Germany . . . . . . . . . . . . . . . . 205.2. Circumventing Copy Protections . . . . . . . . . . . . . . . . . . . 20
6. Conclusions 21
A. Appendix 22A.1. Listing of CD Protections . . . . . . . . . . . . . . . . . . . . . . 22A.2. Listing of CD & DVD Protections . . . . . . . . . . . . . . . . . . 28
1. Introduction
This paper was written for the advanced seminar ”CD and DVD Copy protection”accomplished during the author’s ITS master studies at the Ruhr-UniversitatBochum. It represents an overview about mechanisms, technologies, and availableimplementations for protecting optical media discs as a widespread commodityagainst further and uncontrolled replication.It will further outline options how to circumvent and deactivate copy protectionsof optical media - but of course without giving details. This report definitelyrefuses to be considered as some sort of a hacker’s guide to rip contents illegallyfrom Compact Disks (CD) and Digital Versatile Disks (DVD).As a first step in the jungle of protection systems, this paper will commenceto classify and assess the operation and performance of several copy protectionschemes.
But to do so, it is required to start with introducing the reader to the limi-tations and specification of the considered media. This information will barelybe necessary for understanding the different variants of hardware based copy pro-tections.
The next topic is dedicated to available protections suitable for preventing aCD from being duplicated without authorization. This chapter will also dis-cuss diverse implementation approaches to assess their means and effectiveness.This includes a presentation of ways how to break inefficient CD based protec-tion mechanisms. To accommodate with the different options for CD contents likedata and audio, an evaluation will be performed separately of both content types.
Accordingly, the DVD as second medium is analyzed using same criteria as al-ready determined for CD evaluation.As a last important fact, the legal aspects of making copies of protected andunprotected media and the employment and development of tools to support thisaction is highlighted in a separate chapter. The discussion of regulations in pub-lic laws will give a clue if authors and originators of content and software willreceive backup support by a country’s legislative. For simplicity, this part willonly relate to German laws.Finally, the employment of copy protections for optical media will be discussedas a whole in respect to options what needs to be improved and if it makes senseto ship products with copy protections.
2. Specifying the Medium
2.1. Characteristics of an Optical Data Medium
It is evident to have a closer look onto the medium itself. This basic informationwill help to get a more thorough understanding of protection mechanisms andtheir technical operation.Both, the Compact Disks (CD) and Digital Versatile Disks (DVD) are disks withnormally 12 cm diameter and 1.2 mm thickness. In common, the physical bodyof such an optical medium is called dye.
The disk dye itself comprises a sandwich of a polycarbonate substrate containingpits molded into the upper surface and coated with aluminum. This layer is thenprotected by a lacquer on which the disk label is printed.
The dye for CDs and DVDs measures 15mm diameter centric hole. The audioor computer data is stored between two disk circles of 25 mm (after the lead-in)and 58 mm maximum where the lead-out starts. The basic layout of a CD/DVD/is depicted in Figure 2.1. Data on an optical disk media is stored using two states
Figure 2.1.: CD/DVD Layout
which are represented on the surface, the so called pits and lands [Ser02a].A laser beam is required to focus on the data lane consisting of pits and landsthrough the clear optical grade polycarbonate plastic.
2.2 CD Specifications 3
The data on the disk is divided into three main areas:
• Lead-in (from 23 mm to 25 mm on disk) which contains digital silence in themain channel plus the Table of Contents (TOC) in a subcode Q-channel. Italso allows the laser pickup head to follow the pits and to synchronize to theaudio or computer data before the start of the program area. The lengthof the lead-in is determined by the need to store the Table of Contents forup to 99 tracks. A track is a data segment which is placed in one sequenceon the disk and represents a logical data group.
• Program area (from 25 mm to at most 58 mm) contains up to about 80minutes or 700 MB of data divided into a maximum of 99 tracks.
• Lead-out contains digital silence or zero data. This defines the end of theCD program area.
2.2. CD Specifications
On a CD the data is stored in a helix of pits and lands where pits are about0.12 microns deep and their length varies from 0.8 microns minimum (3 units inlength) to 3 microns maximum (11 units in length) depending on the data. Thelaser which will read out the bits represented by pits and lands operates on awave length of 780 nm [Ser02a].The data is arranged in sectors which are the smallest addressable unit for aCD-ROM device operating according to Yellow Book specification. Each sectoritself is composed out of 98 frames which build a subunit containing basic datasegments like a laser synchronization area, a set of subchannels or control code,24 bytes of data payload and an error correction code. Frames are intricatelyinterleaved so that damage to the disk will not destroy any single frame, but onlysmall parts of many frames [Sto00].An important role for copy protection systems is due to the subchannels. Theyare defined as eight separate one bit channels, each designated by a characterfrom P to W. The subchannels are important for defining the Lead-In, Lead-Outand Track areas of a disk (P-Channel) as well the complete TOC or the remainingtime index (Q-Channel). It should be annotated that not all subchannels are inuse (R-W are usually empty for most formats).After having shortly discussed the physics of the disk dye, it is evident to highlightthe logical disk structure next. Several different formats for arranging data onCDs have been defined. Those ”books” of the Compact Disk family were namedfor the color of the binder covers in which the specification was issued. RedBook is the specification for CD Audio, Yellow Book is CD-ROM, Orange Bookis CD Recordable, Green Book is CD interactive (CD-i), Blue Book is EnhancedCD, and White Book is Video CD. All of these books are based on the Red
4 Specifying the Medium
Book physical disk specification, but some also define the types of content thedisk may contain, such as 44.1 MHz PCM audio for Red Book, and MPEG 1video for White Book. Other disk formats, such as Mixed Mode or HFS, do nothave books, but are logical variations of one or more of the book formats. Forexample, the Yellow Book defines CD-ROM as far as the physical characteristicsof the disk, addressing schemes, and error correction are concerned, but the filesystem and type of content can be user defined. A Yellow Book disk could use theHFS file system, the ISO 9660 file system, or a user-defined file system, and couldcontain text, raw data, or multimedia elements. As copy protections are usuallyonly deployed on Red and Yellow Book CDs, those standards will be subject ofinvestigation in the following.
2.2.1. Red Book
The Red Book, which defines CD-Audio, is the compact disk pioneer. The CDwas created, after all, to be nothing more or less than a universal delivery mediumfor one type of content only, namely music digitized at 44,100 samples per second(44.1KHz) in a range of 65,536 possible discrete values (16 bits). The resultinglogical format, the Red Book, or Compact Disc-Digital Audio (CD-DA), wasdefined by Philips N.V. and Sony Corporation in 1980.
Data on an audio disk is organized into frames in order to ensure a constantread rate. Each frame consists of 24 bytes of user data, plus synchronization,error correction, and control and display bits. One of the first crucial things tounderstand about CD-Audio is that its data is not arranged in distinct physicalunits. Instead, one frame is interleaved with many other frames so that a scratchor defect in the disk will not destroy a single frame beyond correction. Rather, ascratch will destroy a small portion of many frames, all of which can be recovered.It is important to note that at this point the frame-to-sector grouping has nottaken place [Ser02a].
2.2.2. Yellow Book
If Red Book is the father of all CD formats, Yellow Book is the mother. Red Bookis actually the basis for and an integral part of Yellow Book, which defines CD-ROM, or Compact Disk-Read Only Memory, announced by Philips and Sony in1983. CD-ROM was originally seen as a way to allow digitized content includingbut not limited to audio to benefit from the capacity, durability, and economiesof scale that were rapidly making compact disk audio a big success. Yellow Bookis the disk specification that gave birth to all the variations on a CD scheme thatmake CD formats so versatile and confusing.
Rather than redefining the physical format, it was decided to adapt the physi-cal format of Red Book for storage of computer data. At its lowest level, YellowBook specification for CD-ROM is nearly identical to RedBook, in that it retains
2.3 DVD Specifications 5
the TOC, Lead In, Program area, Lead Out, and basic error correction. But thenext level of Yellow Book reorganizes the frames defined in Red Book into sectors(98 frames, or 2,352 bytes per sector) and adds another layer of error detectionand correction. The extra error correction information, at 288 bytes per sector,plus 12 bytes of sync and 4 bytes of header, reduces the available sector space foruser data to 2,048 bytes. Addresses of sectors are expressed as minutes, seconds,and sectors (MM:SS:SS). Yellow Book stops there, however, leaving it up to theCD-ROM developer to decide how to arrange sectors into logical blocks and log-ical blocks into files. And that is the first step into the complexity of CD, in theform of Mode 1 and Mode 2.
The Yellow Book specification defines two data structures: Mode 1 and Mode2. The mode byte, which is included in the header field of a CD-ROM sector,describes the type of data contained in the data field. Mode 1 denotes CD-ROMdata with Error Correction Code (ECC), which provides space for 2,048 bytes ofuser data in each frame. It is the mode used to store data that is unforgiving oferror, like computer programs or databases. Mode 2 denotes a sector with datastored without ECC, which provides more room (2,336 bytes) for user data, butwhich is typically used for data that is more tolerant of error, like audio, video,or graphics [Ser02a].
It is important to note the ability of Yellow Book to manage multi-sessions.Multi-session means to continue writing data to a CD though a previous recordingsession was already applied and finished. This feature is very useful especiallyconsidering when appending additional files to a file system residing on an opticaldisk later on.
2.3. DVD Specifications
The Digital Versatitile Disk (DVD) is a high capacity CD-dimensioned disk forvideo, multimedia, games and audio applications. Physical dimensions are inprinciple identical to compact disk except a bonding of several layers of polycar-bonate instead of a single one. Capacities for the read-only disk are by far largerthan for a CD and range from 4.7GB to 17.1GB [Ser02b].With the success of the compact disk there has been a clear need for a highercapacity format to meet additional application requirements like the following.
• DVD-Video, which was launched in 1997 in the USA, has become the mostsuccessful of all the DVD formats, as it has proved to be an ideal vehicle fordistributing video content from the movie industry. It can store a full-lengthmovie of high quality video with surround sound audio.
• DVD-ROM is beginning to replace the CD-ROM and provides a new highcapacity disk format for the computer industry. New PCs are now provided
6 Specifying the Medium
with DVD drives instead of CD drives. The entertainment industry hasdeveloped new game consoles (e.g. Sony’s PS2 and Microsoft’s X-Box)which incorporate DVD-ROM drives for more sophisticated and realisticgames.
• DVD-Audio, which was launched in 2000, is slowly gathering momentum tobecome the format for very high quality, surround sound music, offering themusic industry new revenue opportunities. Thus, it will not play a majorrole in further investigation of copy protection mechanisms.
• Recordable formats such as DVD-RAM, DVD-RW and DVD-R are now be-ing extensively used in PCs for computer backup and in standalone productssuch as video recorders and camcorders.
2.3.1. DVD-ROM
The DVD-ROM was designed to have logical characteristics similar to the CD-ROM. The main intention for the development process was to achieve a mediumwith more capacity than a CD-ROM but the same features. But it is not thatsimple. The filesystem ISO 9660, which is commonly used for CD-ROMs, is ca-pable of addressing 4GB of sectors. At 2,048 bytes of user data per sector, that isaround eight terabytes of addressable data in a single volume. Furthermore, ISO9660 is capable of addressing a maximum file size of 4GB. However, in the real-world implementations of ISO 9660, drivers and redirectors such as MSCDEXand CDFS are capable of addressing only 2GB of data, and files of up to 2GB insize. This 2GB limitation is not exclusively the property of CD-ROM, however,most operating systems are limited to reading 2GB as a restriction of a 32-bitsystem.
The new file system that DVD-ROM uses is a officially defined as ”ISO 9660and Micro UDF”; however, there may be good reasons to leave ISO 9660 behindwhen making the move to DVD. UDF is capable of addressing 18 quintillion, or18 billion bytes of data. That seems sufficient for nowadays, and most of ourfuture needs, certainly. But the real beauty of UDF is that it can offer the truecross-platform universality that ISO 9660 attempted.
2.3.2. DVD-Video
DVD Video is identical to DVD ROM up to the application level. For DVDVideo, the application layer is defined as the type of video codec, audio compres-sion, navigational commands, auxiliary files, and other data types it may contain.Only a DVD disk that conforms to these definitions will play on a DVD Videoplayer. If a DVD-ROM disk not developed to the DVD Video application layer
2.3 DVD Specifications 7
was inserted into the player, the player would not recognize it as a DVD.
The DVD Video specification is by far the most detailed, largest, and most re-strictive of the DVD format books, and far beyond the scope of this report tocover in detail. The format defines MPEG 2 variable bit rate video, alternatecamera angles, multiple aspect ratios, interactive menus with chapter breaks,parental, presentation, and navigational controls; Dolby AC-3, MPEG 2, or Lin-ear PCM audio; Stereo or Surround Sound; up to eight sound tracks (for foreignlanguages); and 32 subpicture streams (for subtitles). The output from a DVDVideo disk is not an MPEG 2 digital video stream, but a stream of all of theseelements multiplexed together. In addition, most DVD Video discs use Macrovi-sion Colorstripe encoding for digital to analog copy protection, and CSS (ContentScrambling System) encryption to prevent digital to digital copying. The lattertype of copy protection will be highlighted more thoroughly in the next chapters.
3. Copy Protection in Theory
3.1. Target Applications and Business Areas
What is the reason that copy protection is required? Software piracy grew from37 percent in 2000 to 40 percent in 2001 around the world, according to the Busi-ness Software Alliance’s (BSA) seventh annual survey on global software piracy.It is expected that software and content privacy will cause a major impact on theincome of owners as stated by the following figures. The Recording Industry As-sociation (RIAA) says they were more successful in holding up illegal operationsin 2001 than they were in 2000. Raids on more than 230 distribution operationsand more than 145 manufacturing operations led to the seizure of 2.8 millionunauthorized CD-Rs. Raids aside, the RIAA says the music industry loses morethan $1 billion per year from the illegal activities conducted in the world’s fourleading pirate marketplaces: Brazil, China, Russia, and Mexico. Not includinglosses resulting from Internet piracy, the sale of pirate recordings exceeds $4.2billion worldwide.It is obvious, that some sort of mechanism needs to be found to reduce the im-pact of losses caused by uncontrolled content duplication and software piracy.So, what are the areas of business in which copy protection against unauthorizedreplication and distribution is supposed to help?
• Audio (CD-DA)
• Video (DVD-Video)
• Games (CD-ROM, DVD-ROM)
• Commercial Software Products (CD-ROM, DVD-ROM)
• Copy Controlled Data (CD-ROM, DVD-ROM)
3.2. Classification of Protections
Although it is an obvious necessity for protecting systems to minimize piracywith CDs and DVDs, this is not a trivial task. The following requirements apply:First, an original compact disk must always permit reading to allow access to thestored data. Second, it is clear that a duplication of content means that the data
3.2 Classification of Protections 9
is read as well from the original with the only difference that this operation isdedicated to create another copy. But how is it possible for the optical system todetect if the data is just used for its intended purpose or is going to be replicated?A second requirement is that the copy protection must guarantee availability ofthe medium, this means the protection may not influence its compatibility inrespect to be played in various environments and devices.Third, due to the fact that a CD is considered as a commodity, a protection mech-anism may not increase the production costs in a significant manner. Otherwise,if the financial additional burden to afford the protected CD for a customer isunacceptably high, he or she might feel especially forced to obtain the contentillegally by private duplication.It is rather obvious that all requirements contradict each other resulting in aneed for a trade-off between protection benefits, financial efforts and compatibil-ity issues. Having highlighted the requirements for protection mechanisms, thenext step is to classify the different types and ways how to reduce the threat forundesired medium replication.
The techniques for protection can be organized to four different flavors andprotection classes, respectively:
• Abusing the Medium Specification (A)
• Intentionally Injecting Read Errors (B)
• Verification of the Original (C)
• Digital Signatures and Cryptography (D)
The protection classes will differ in their efficiency and additional cost - inmonetary and computational sense. The means to apply such a copy protectionclass to an optical disk is described by the following sections.
3.2.1. Abusing the Medium Specification
The integrity and structure of an optical medium like a CD or DVD is describedby a standard like the Red, Yellow or other colored book and DVD-5/9/10/17specifications. A lot of copy protections are based on the idea that some contentreplaying devices are more ’intelligent’ than others. A digital trap will prevent’smarter’ ones to use their built-in advantage for creating a copy.Exactly this is the situation for CD-DA disks specified after the Red Book stan-dard. They are being manipulated in a way that they will work fine with (atleast most of) all CD audio players which only know reading Red Book CDs butwill probably fail when being inserted into CD-ROM drives which are capableto deal with Yellow Book CDs, because those more advanced features from theYellow Book standard have been disrupted and cause the ’smarter’ device to get
10 Copy Protection in Theory
stuck.This is definitely the most naive approach to protect a medium, but of course it ison the other hand a rather cheap way as it just requires some minor modificationsto the format of the original disk. By the way, this protection type using formatdeviation is a very simple technique and is usually only applied for protectingRed book or audio CDs.
3.2.2. Injecting Read Errors Intentionally
Another scheme to prevent disk copying is to inject errors on the disks in lessimportant areas which should cause a copy process reading the entire disk for afull one-to-one copy to fail. This protection type is usually employed with databound media (CD-ROM, DVD-ROM). Usually, it requires a software on the diskthat can check for the presence of these security characteristics, namely defectivesectors. If those could not be found as the disk is an unauthorized replica onwhich the disk errors were corrected during the replication process, the softwareshould complain about the copy and exit.To inject read errors into media requires the usage of specially crafted devicesand software capable to modify the frame format or designated parts of it. Ingeneral, this demands more sophisticated systems or even specially equipped CDreproduction facilities to produce such ’modified’ disks.
3.2.3. Verification of the Original
This type of protection relies basically on fingerprinting techniques which willidentify a master or original disk from a copy. There are some aspects in theCD/DVD production process which might be used to distinguish between mediaincorporating the same content uniquely. Again, this technique is only suitablefor disk containing software which is capable to scan for the required securitycharacteristics.
3.2.4. Digital Signatures and Cryptography
Another option for copy prevention is the application of digital signatures andcryptography. Although the employment of cryptographic mechanisms mightlook to be the most promising idea, it should be clear that the only medium whichcould hold the signature or the key, is the disk itself. Thus, as the cryptographicelement is placed on the disk, it might be an easy subject of compromission incase that its exact location is known.Of course, this option requires a verification engine which performs a check ofthe signature’s validity. The validation process can occur either by hardware(DVD-Video) or software (CD-ROM, DVD-ROM).
4. Protection Implementations
The following chapter will discuss recent implementations of copy protections.For a better overview it will highlight protections for CDs and DVDs separately.
4.1. Protecting Data on CD-ROMs
As a first step, the protection of Compact Disks created according to the YellowBook standard are being discussed. This includes the media for data and filesystem oriented content like software products and games.
4.1.1. Suitable Approaches for Data Protection
Common techniques to protect data disks make use of all protection classes asstated in chapter 3.2, i.e. format deviations, read errors, the verification of theoriginal and the application of cryptography.
4.1.2. Implementations providing Data Protection
The most simple implementation which can be applied to Yellow Book compli-ant CDs to reduce the risk for unauthorized duplication is the manipulation ofthe disk’s file system on which the software or data is written. This should beconsidered as a class (A) protection.Here, it is common practice to create either too large files which seem not to fitonto the medium (e.g. 6 GB) when attempting a copy by just faking the file sizein the catalog or by using doubly referenced blocks or even by storing more dataon the CD as it would be expected. There are original CDs which show a totalcapacity of data greater than the available size of common recordable disks (e.g.706 MB) [Gra03]. This type of copy protection is suitable to prevent the userfrom copying the contents of the disk on a file per file basis.
The class (B) protection, the creation of unreadable areas, is intended to dooman attempt for a one-to-one copy. This defective sectors which were injectedto the discs are usually part of unused space or files. The creation of defectiveblocks can be either take place by manipulating the error correction code in afashion that a correction by hardware is not possible and just results in triggeringan error escalation mechanism. A more profoundly approach is the disruption
12 Protection Implementations
of entire frames by playing around with the sync pattern of each frame whichwill cause the disk drive’s laser to lose synchronization while following the datahelix. Where an unqualified correction code might still be copied using a rawcopy mode of a replication device, a loss of synchronization on the medium willusually cause a failure of the copy process when a sequential read is attempted.Another technique of class (B) protection is the use of so called ’Weak Sectors’.At first sight weak sectors look like a collection of useless data. The data consistsof a sequence of zeros but it also has special sector groups containing a regu-lar bit pattern. Reading this data with a CD-ROM will work perfectly in allCD-ROMs and CD-recorders. A regular pattern like this will appear similar to’XYXYXYXYXYXY’.
Figure 4.1.: Weak Sectors on Optical Media
But when trying to write out these regular bit patterns there are a lot ofrecorders that do not support this operation. A CD recorder has to produce thesame patterns using its EFM encoder. When a regular bit pattern goes throughthe EFM Encoder it is converted to a smaller value by converting bits to bytes(8 bit = 1 byte) in a predetermined way. But exactly this lookup will fail for aseries of widespread CD recorders. Figure 4.1 shows the futile process of weaksector copying. There are rumors that this is a secret arrangement between copyprotection and CD recorder manufactures about the implementation of write fail-ures when a special bit pattern occurs in the input stream [CDF03].Third class (C) of protection mechanisms includes unique fingerprints on the orig-inal disk which allows the software to identify the master with great probability.A first variant provides a check routine verifying the physical angle between thefirst and last accessible logical block on a CD. This information can be used asinput to generate a hash code from the angle information which can be checkedby a software routine against the CD to prove that it is an original. This methodworks due to the fact that the angle between first and last logical block is differentfor every disk written by a CD-R writer, due to variably-sized laser calibration
4.1 Protecting Data on CD-ROMs 13
areas, different CD-R types, etc. This kind of protection was published and imple-mented by the CD-Cops protection from the Link Data Security Labs [Gam03a].A quite simple but effective approach is taken in Sony’s SecuROM [Son03]. Aspecific check routine probes for the existence of a so called pregroove area whichis only present on CD-recordables. The pregroove for CD-R is used to defineits size, vendor, maximal recording speed, etc. If such an information block isfound, it is for sure that the underlying medium is a CD-R copy. Another class(B) option yields the usage of prepared masters containing already a precompiledsession which cannot be copied by conventional techniques. A software moduleagain can check for the presence of this session and in case that it is not foundinstantly exit with an error message. This technique is implemented by the Hex-alock copy protection [Hex03].But an immediate shutdown is not the only possible way for a copy protectionmechanism to behave. The Fade protection is preferring a gradual loss of fea-tures after the first time a startup from a duplicated disk was performed [Cod01].Thus, a game based on the Fade protection system, will first show up all featuresand will then reduce its options with the time, e.g. suddenly it is not possibleto raise more funds in an economic game or to trigger the grenade launcher inan Ego-Shooter game. Psychologists promise this to be the more annoying andsustaining type of copy protection causing the owners of the replica to buy thegame with a greater probability than without the gradual loss of features. Anabrupt termination is considered to provoke more efforts to break the copy pro-tection than this silent way.
The protection class (D) is concerned about digital signatures and cryptogra-phy. It is important to emphasize that all keys and signatures must be placedon the medium itself reducing its security quite dramatically. For common andstandardized CD-ROM devices with no support to advanced cryptography, thiswill only represent a rather weak solution to protect the disk content, becauseit means that the key encrypting the content must be placed somewhere on themedium in plain text. The only option to complicate a direct extraction of thecryptographic element from the medium is to hide it away very securely eitherin the disk subcodes or between defective sectors. A specific software wrapper isresponsible to extract the hidden key from the disk and thereafter decrypt thecontent using that gathered code.Currently, there are some implementations available incorporating this type ofprotection mechanism. SafeDisk [Mac01] and Securom [Son03] are the most fa-mous representatives of this kind.
14 Protection Implementations
4.1.3. Efficiency of recent Data Protection Mechanisms
Copy protections which rely on abusing the medium or file system specificationare in general rather inefficient and simple to deactivate. The security mecha-nisms of those products can easily be circumvented by simply creating so called1:1 Disk-At-Once (DAO) copies. This is a special recording mode of a CD-recorder which does not read the original CD per file or track but as a whole.Thus, the file system is not being analyzed and thus the copy process will notdetect any problems due to a file-based copy protection.Protections of class (B) are harder to fool. Due to the reason that the inten-tionally injected read errors will be checked by software, two option remain tomake a copy. First, the CD is duplicated one-per-one using raw data copy by aduplicator which is enabled to skip defective errors quickly. This process mightwork very efficiently if the frame format is intact and if only the error correctioncodes are subject to errors. But this process is likely to last several hours as theextraction of totally corrupted sectors and frames is quite time consuming.As a second step, the software checking for the disk errors requires to be patched.If the check routine is finally eliminated from the code, missing read errors of thecopy will not have any effect to the execution of the program. This is exactlythe way to handle the verification mechanisms of class (C) protections. As all ofthem rely on unique physical characteristics of a medium, the only way to workaround the protection is to remove the checking routine from the software.Digital signatures and other cryptographic elements of class (D) will also bemainly dependent on software. Usually, wrappers or loaders are existing on suchcopy protected CDs encapsulating the actual content. Only when the crypto-graphic element was successfully found, the application’s startup or content ex-traction is granted. The most promising way to circumvent this problem is tosubstitute the wrappers or loaders with patched versions which either do the jobwithout requiring the digital signature or by introducing a new file (replacingthe information from the hidden sectors) in which the key for data decryption isstored.
4.2. Protecting Audio Content on CD-DAs
Audio CDs or Compact Disk Digital Audio (CD-DA) are manufactured accord-ing to the Red Book specification. As already mentioned, the Red Book doesnot encompass all of the features provided by later standards like multisessionrecording, multiple TOCs, etc. On the other hand, Audio CDs are played by astand-alone player device with no additional software involved which could beadapted to inhabit some flavors of copy protection mechanisms.
4.2 Protecting Audio Content on CD-DAs 15
4.2.1. Suitable Approaches for Audio Protection
As mentioned in the introduction, the missing capability to employ software basedprotections like class (C) and (D) is a delimiting factor and will restrict the CD-DA to rely on simple TOC manipulations in order to confuse Yellow Book capableCD-ROM devices. This may include the following techniques from class (A):
• Invalid TOC: Incorrect Track Size
• Invalid TOC: Not exisisting succeeding TOC
• Multisession: Illegal second session
4.2.2. Implementations providing Audio Protection
Due to the reason that only protection class (A) is available for CD-DA, thereare only quite a few imaginable implementations.First it is possible to manipulate the TOC in the Q-Subchannel of the CD-DAwith extended features borrowed from the Yellow Book which a standardizedaudio device is supposed to ignore. But these advanced features are invalidcausing a CD-ROM device getting confused and stuck.A first way to trick CD-ROM devices is to manipulate the actual track size ofeach audio track. Most audio player ignore the track size in the Q-Subchanneland just read the data from the track. A more intelligent CD-ROM drive willmake use of this falsified information and refuse to copy the huge track.Another option yields the multisession option of the Yellow Book standard. A RedBook compliant CD-DA will be ’extended’ by an invalid additional session. Thisextension can either consist of a corrupt TOC entry pointing to a non-existingsession or a session which contains only totally scrambled data causing the readingdevice to look for the session somewhere in nirvana. The latter approach is quiteheavily used, a good example is Sony’s Key2Audio copy protection [Son02].
4.2.3. Efficiency of recent Audio Protection Mechanisms
As stated in the introduction, members of protection class (A) as employed onCD-DAs do not claim to be the hardest to handle. There are quite a bunch ofpossibilities how to disable the copy protection on CD-DA.A first way is to use the feature in recording programs called ’Ignore Illegal TOC’.This option will analyze the track structure without considering the poisonedinformation from the copy-protected audio disk. A further strategy could be toduplicate the original CD one-by-one using a raw data copy mode including anysubchannel information. In most cases this will just copy the illegal informationwithout making a big deal about it. However, the most famous option is the socalled felt-tip or post-it attack. Here, the illegal information which is sometimes
16 Protection Implementations
stored in a visible circle on CD can be easily defeated by filling and deactivating itusing a felt-tip (Figure 4.2) or covering it with post-its (Figure 4.3). It should be
Figure 4.2.: Felt-tip Attack
mentioned that the felt-tip variant should be considered as the preferred methodwhen attempting to eliminate the protection. Due to strong radial forces whichact on the CD within the reading device, the post-it may peel away causingdamage to the CD drive.
Figure 4.3.: Post-It Attack
To solve the secret why this type of circumvention works: when the defectivesessions which contain some scrambled data are covered entirely or partially eitherby a post-it or by a felt-tip line, the CD-ROM drives will decide to stick withthe first session or TOC as this is the only one readable. As the device cannotextract a single bit from the succeeding session it cannot fall into the trap of thenonsense contents in an appended session.
4.3 Protecting Data on DVD-ROMs 17
4.3. Protecting Data on DVD-ROMs
In general, the CD and DVD do not differ much. Thus, most of the mechanismsexcept any kind of format deviations introduced in context with the CD wouldprincipally work with a DVD as well. The only reason for DVD protections notbeing that popular is their novelty; there are currently quite a few vendors andsoftware distributors which propagate their software or data products on DVDs.Thus, the margin of products is not big when considering to reduce unauthorizeddisk duplication.
4.3.1. Suitable Approaches for Data Protection
As already stated, variations with the disk format specification will not be appli-cable for DVDs in general. But it is imaginable to make use of all other possibletechniques which have already been introduced for the CD. This includes theinjection of bad and/or weak sectors, specific verification techniques which mightagain engage on the physical sector geometry as the deployment of hidden digitalsignatures and cryptographic elements. Please refer to Section 4.1.1 for furtherinformation.
4.3.2. Implementations providing Data Protection
DVD protections are based in general on protection categories (B) to (D).Thus, it is possible to inject defective sectors to avoid simple one-to-one copiesfrom the original. This is also true for the employment of weak sectors, becausethe SafeDisk protection from MacroVision is also available for DVDs employingthe same techniques [Mac01]. Implementations fitting in protection class (C)however seem not to be on the market. This might be a direct effect that DVDscontaining software or games have not been established in greater dimensions inthe markets. For most purposes, CD-ROMs are still in use. But this is probablyjust a matter of time until first implementations fitting class (C) will arise.But there are already protections of class (D) for the DVD. Again, the SafeDiskimplementation is a sample for the employment of digital signatures.
4.3.3. Efficiency of recent Data Protections
Because the same protection mechanisms are used for DVDs as for CDs theirefficiency will not differ much. Therefore, the evaluation of effectiveness looksquite the same. For estimating the scope of a protection, please gather furtherinformation from Section 4.1.3.
18 Protection Implementations
4.4. Protecting Video Content on DVD-Video Disks
Nowadays, the DVD is broadly used as a medium to carry movies from the pro-ductions studios to the end-user at home. The device manufactured for this pur-pose, the DVD-player, has already found its way into many homes. This deviceprovides cryptography and thus an advantage to the copy protection developersas seen in the following sections.
4.4.1. Suitable Approaches for Video Protection
Most DVD-Video discs are encoded in a scrambled format. The scrambling wasperformed prior to burning and requires a descrambling in hardware before thevideo content becomes visible again. The content descrambling is usually per-formed by dedicated players, commonly known just as DVD player, and a diskkey. The current state-of-the-art in this field is discussed in the following.
4.4.2. Implementations providing Video Protection
The Content Scrambling System (CSS) is the most popular system used to scram-ble the audio/video data on the DVD-Video disk. Each video title set (VTS) canbe selectively scrambled using a unique key. Each unique title is assigned to onedisk key and up to 99 title keys (one per VTS), which are stored on the disk inencrypted form.
In the decoder or DVD player, the original keys are obtained by decryptionof the disk key using appropriate keys which have been incorporated to eachplayers and these are finally used to descramble the data. For DVD-ROM drives,the MPEG-2 decoder challenges the drive and receives the necessary keys fordecryption. This ensures that only approved hardware/software can be used.
The keys used should be unique for every disk title and are encrypted by theCSS Licensing Authority and, usually, the initial scrambling is performed, as al-ready stated, during glass mastering. Security is vital and the keys used and theencryption algorithms must be kept secret. Only those companies involved indesigning hardware and software for CSS encoding and/or decoding need infor-mation on the algorithms and systems used.
4.4.3. Efficiency of recent Video Protection Implementations
Although the CSS makes use of a multitude of keys which might indicate a com-plex encryption and a decoding scheme strongly preserved as secret, the systemis completely insecure. The disk key, which is relevant to deduce the title keys,only uses a 40 bit encryption, which is itself not an impossible problem wheninitiating a brute force key search. Using cryptanalytical methods it is possibleto break down the total computational complexity further to 216 which is barely
4.4 Protecting Video Content on DVD-Video Disks 19
Figure 4.4.: CSS Key System
nothing in today’s processing power. So it is very easy to break the encryption ofthe video/audio content and convert the video content into a new format [Gra03].And it is even worse. As described above, the disk key is decrypted using a setof player keys stored in each DVD player device. Using a similar attack, it ispossible to extract all player keys from a playing device which enable an easydeciphering of the latest DVDs. There is no need to break the disk keys by bruteforce any more.
5. Legal Aspects
5.1. Digital Rights Protection in Germany
Since September 2003 the German legislature has released new laws to protectcopyright holders. This act was mandatory to meet the previously adopted Eu-ropean directives to improve the legal situation for intellectual property [dJ03].Although not all postulated details by the EU were already realized in this changeof statutes, copyright holders may be pleased nevertheless.The balance of what is allowed and prosecuted since September 2003 has beendefinitely shifted in their favor, cutting off rights of the end-user.
5.2. Circumventing Copy Protections
The new law also encompasses the creation of disk duplicates for backup purposes.When an end-user is willing to replicate his original media with protected contentto avoid a disaster in case that the original is accidentally devastated, he or she isallowed to do that as far as no copy protection is circumvented. This is definitelytrue for CD-DA and other content (§95a to 95d UrhG), for CDs with softwareand raw data content this does not have any effect (§69a Abs.5 UrhG). Thus, itis allowed to create up to seven backup copies of your favorite computer games,but of course, you may not pass it on or even sell it to third parties. The same istrue for discs with other contents, as long as they are not affected with any copyprotecting mechanisms. Thus, circumventing copy protections will be prosecutedin case that the underlying medium is of any other type like audio, video orphoto CD. Furthermore, not only the act of duplication itself is prohibited, eventhe employment and development of tools to support the operation of copyingthose disks has been declared to be illegal. This includes the use of programslike CloneCD, BlindWrite Suite, and lots of more. The legal situation with copyprotection faking and emulation utilities like the DAEMON Tools or other virtualimage managers are yet unknown and will be matter of precedence cases in thefuture.
6. Conclusions
Drawing a final conclusion about the facts, it will reveal that copy protection, inspite to what their names might imply, does only represent a way to complicatethe creation of a working duplicate. Therefore, some vendors avoid the termi-nology of ’copy protection’ and use a weaker expression of ’copy control systems’instead.The actual intention is only to frustrate most people who attempt to create asimple one-to-one pirate copy from a borrowed medium. It is true that mostcopy protection mechanisms have already been broken, for many of them evenexist generic patches or step-by-step circumvention strategies which mean onlyinsignificant additional effort for a common user who considers a medium repli-cation.
The analysis of this situation clearly shows that only a complete framework of se-curity measures may create a solution which is absolutely secure against copying.The greatest problem of the current approach is that the authorization infras-tructure based on stand-alone players with no secured interfaces is absolutelyinadequate to support an unbreakable solution. It is easily possible to rip off themusic from a CD-DA using a digital output of the CD-player which is pluggedinto the digital input jack of a computer’s sound card. A solution to this mightcome with the Content Protection System Architecture as proposed by the 4C(IBM, Intel, Matsushita, Toshiba) including encrypted interfaces and connectionscombined with a better key management than CSS is currently using [Ent00]. Aslong as such an or similar approach will be realized, optical disk media are hardlyto prevent from becoming subject of piracy. Another point of criticism is therealization of compatibility. As postulated by a requirement in the beginningof this paper (compare chapter 3.2), copy protection should be designed to keepcompatibility to every type of replaying hardware. This is unfortunately not true,especially for class (A) protections. There are quite a significant number of playerimplementations on the market which are getting dazed by copy protections aswell as resulting in reasonable enragement of customers. Besides the fact thatcopy protection are only useful in very limited dimensions, there are known factsthat they even change the customer’s attitude when considering to buy a copy-protected CD when he or she might risk that the newly afforded disk will notoperate in his or her environment.
A. Appendix
A.1. Listing of CD Protections
CD-Cops
CD-Cops is an envelope protection which is added to the CDs main executable.Minute differences are measured to establish the CD-ROMs fingerprint and toensure that copies are not accepted. This fingerprint is usually expressed as an8-digit code or key number. The CD-Cops software which recognizes and eitheraccepts or rejects the CD is protected by Links Code Security, a system whichhas been in use since 1984 [Gam03b].
Protection Class: C
Backup Solution: Use CD-Cops Decryptor to determine new CD-Code from backup copy
Vendor: Link Data Security
Website: http://www.linkdata.com
CD-Protect
CD-Protect works on the principle of direct hardware coding on the CD-ROM.While trying to read a CD master treated as described, unreadable sectors arereported. These areas cannot be copied to the hard drive without further in-tervention of the operating system (Windows 9x/Me/2000/XP). The attempt toread the CD with a copying software is either directly terminated or takes upto several hours. Copying to a blank CD is thus hardly possible with the copyprotection [Gam03b].
Protection Class: B
Backup Solution: Use DAO-Copy with defective sector skipping and patch the software accord-
ingly
Vendor: Software & Protection Beisheim e.K.
Website: http://www.holgerbeisheim.de
A.1 Listing of CD Protections 23
CD-Shield SE
CDSHIELD protects/modifies a CD-Image by adding sector-errors before it isburned to a CD-R. This prevents people from making a backup [Gam03b].
Protection Class: B
Backup Solution: As this is a very low-budget solution most advanced backup software should
work
Vendor: Mindestworx
Website: http://www.mindestworx.fr.st
DBB (Don’t Bother Burn)
DBB’s exact functionality is of course surrounded by strict secrecy, but briefly,the protection comprises several separate security modules which work togetherto create the complexity that crackers encounter in their attempts to break theprotection. Among other things, DBB contains instructions that register anychanges made, add a dynamic process that changes the protection sequence be-tween each production and parts of the secret behind DBB and DBB PS is re-vealed. A strong encryption should ensure that the exact instructions and codesremain secret [Gam03b].
Protection Classes: B, D
Backup Solution: Not yet published
Vendor: Effnet
Website: http://www.effnet.com
FADE
Codemasters’ anti-piracy initiatives receive an additional push with the introduc-tion of FADE, a PC-based piracy protection system that can degrade gameplayif a counterfeit copy of the game is identified as being played. Codemasters hasequipped the computer game Operation Flashpoint with embedded coding thatcan recognize the difference between counterfeit and real copies of the game’s CD.If a pirate CD is identified, the game automatically disables key gaming features[Gam03b].
Protection Class: C
Backup Solution: Software patches will be required to remove/disable the protection.
Vendor: Codemasters
Website: http://www.codemasters.com
24 Appendix
HexaLock CD-RX
HexaLock CD-RX media are specially made CD-R’s that contain a precompiledsession, which includes security elements that make the disks copy protectable.The program files are linked to these security elements during the recording pro-cess, thus creating a copy-protected CD-R. The authorized mastering processcan be done in one-off mode, or in an automated mode in selected duplicationsystems [Gam03b].
Protection Class: C
Backup Solution: Software patches will be required to remove/disable the protection.
Vendor: HexaLock
Website: http://www.hexalock.com
LaserLock
Laserlock uses a combination of encryption software and unique laser markingon the CD surface made during the special LaserLock mastering procedure, inorder to make copying practically impossible. Every CD-ROM application hasa unique locking parameter that provides a complete protection against illegalre-mastering and reproduction. LaserLock offers protection for every applicationdifferently as each application package is characterized by a unique encryptionparameter that is specified during LaserLocking procedure [Gam03b].
Protection Classes: C, D
Backup Solution: Use either a generic LaserLock reader or simply copy the disk using a raw data
mode
Vendor: MLS LaserLock International
Website: http://www.laserlock.com
LockBlocks
The LockBlocks protected CD’s have 2 circles, one about 5 mm, the other 3 mm,which cause a CD-Reader/Writers to lockup when being read. Unfortunately,more is not known about this type of copy protection [Gam03b].
Protection Classes: B, C
Backup Solution: Software patches are needed to get around this protection.
Vendor: Dinamic Multimedia
Website: http://www.dinamic.com
A.1 Listing of CD Protections 25
Phenoprotect
Phenoprotect produces read errors directly on the CD-ROM in areas which donot contain any game data, but can be checked by programs. CD Writers reportthese as unreadable sections. These areas cannot be copied to the hard drive.
The specific software, e.g. the game and the InstallShield used for installationcan, however, contain instructions from the software manufacturer to check thiserroneous data, if this data is not found when the program starts, it is not anoriginal version and the game or installation is terminated.
Windows 9x operation systems cannot read the erroneous sections. Any at-tempt to copy will result in the operation system aborting the process [Gam03b].
Protection Class: B
Backup Solution: Raw disk copy and software patches are required.
Vendor: CodeCult
Website: http://www.codecult.com
RingProtect
A visible circle is added to the CD, with which users can distinguish between anoriginal and a pirated copy at a glance.
Several checks are added in order for the software to be able to check the filesin the visible circle, and when not found the application should deny to func-tion. The files which are located inside the visible circle are designed not to becopied, since the circle origin cannot be exactly replicated on known CD-R media.Furthmore, it will take many hours for a CDRW to read the Ring PROTECHprotected CD, and eventually it will malfunction [Gam03b].
Protection Class: B
Backup Solution: Raw disk copy mode of advanced backup software is required to copy those
CDs.
Vendor: ED-CONTRIVE
Website: http://www.ed-contrive.co.jp
Roxxe
Roxxe CD protection is a combination of hardware and software protection thatshould make it impossible to run software from illegally copied CDs [Gam03b].The vendor of Roxxe promises the following basic requirements:
• The original software is modified so that it will not run, without the specificaction of the guard module.
26 Appendix
• The guard module recognizes the original CD-ROM, without this detectionthe application will not run or will run under considerable restrictions.
• Physical key is present on the CD-ROM. This key should not be repro-ducible, either by disk copying using a CD writer or professional remaster-ing to a silver CD.
Protection Classes: B, C, D
Backup Solution: Not yet published
Vendor: Electronic Publishing Association LLC
Website: http://www.roxxe.cz
SAFECAST
Macrovision SAFECAST is designed to help developers and publishers protecttheir pre-release software from unauthorized copying. It uses a software-basedencryption toolkit that is made available to the publisher in order to allow com-plete control of the encryption process. When a publisher encrypts the gold diskthey can distribute it directly to end users who are then required to contact thepublisher directly or via a web site to obtain access keys to play the program.The access keys are a cheaper substitute for hardware dongles or other securitymechanisms which often interfere with playing a particular pre-release program[Gam03b].
Protection Class: D
Backup Solution: Not yet published.
Vendor: MacroVision
Website: http://www.macrovision.com
A.1 Listing of CD Protections 27
SmarteCD
The SmarteCD technology is designed to encrypt and embed an identifying ’blackhole’ within the content of each individual product CD resulting in technologythat should distinguish an original, properly licensed CD from a forgery. At thepoint of CD replication or duplication, SmarteCD physically alters the CD mediapreventing it from duplication or digital reproduction [Gam03b].
Protection Classes: C, D
Backup Solution: A one-to-one backup will seem to be working at once, but requires additional
software patching as the protection will recognize the duplicate at some point during execution.
Vendor: Smarte Solutions
Website: http://www.smartesolutions.com
SoftLock
SoftLock affects each CD-ROM title with a unique locking parameter, namely aprotection code and special mark, consisting of defective errors.
SoftLock uses a combination of:
• Encryption software
• Unique serial marking on the CD made during mastering procedure.
• Special arrangement of files in TOC.
This type of protection makes use of virtually all protection classes [Gam03b].
Protection Classes: A, B, C, D
Backup Solution: Not yet published
Vendor: Assel
Website: http://www.soft-lock.com
28 Appendix
A.2. Listing of CD & DVD Protections
DiscGuard
DiscGuard is an anti-piracy system that effects two basic changes to the softwarepackage:
• The main executable files on a DiscGuard-protected CD-ROM are en-crypted.
• A special digital signature is inscribed onto a pressed CD-ROM, and mappedinto a software decryption key. The digital signature has been designed tobe hardly reproducible by either counterfeiting (re-mastering) or disk burn-ing.
When such an authentic disk is used, a signature decryption occurs first and,if successful, the application will be executed [Gam03b].
Protection Class: D
Backup Solution: No generic software patch exists. Thus individual patching is required.
Vendor: TTR Technologies Inc.
Website: http://www.ttrtech.com
DVD-Cops
The DVD-Cops protection is added directly to the main executable before theactual DVD is pressed. After this a unique access code is extracted from the DVDwhich enables the user to install the DVD. From then on, the software shouldrun only when the original DVD is present in the drive [Gam03b].
Protection Class: C
Backup Solution: Not yet published, but probably similar to CD-Cops mechanism.
Vendor: Link Data Security
Website: http://www.linkdata.com
SecuROM
SecuROM is a CD-ROM and DVD copy protection technology that identifies agenuine CD-ROM or DVD using a special authentication mechanism. DuringSony DADCs mastering process an electronic fingerprint is applied onto the glassmaster which assigns a unique number to each CD-ROM title.
A.2 Listing of CD & DVD Protections 29
The most recent version also detects if it is being run from a CD-R media(V-Rally 2), to solve this just use a CD-ROM, instead of a CD-Writer, to playthe game from.
The latest SecuROM New revision includes ”Trigger Functions” which al-low the developer to program multiple and customizable authentication checksthroughout the entire application, providing a stronger copy control than systemswith only one check at program start [Gam03b].
Protection Classes: B, C, D
Backup Solution: First perform a raw data copy, then apply generic patches available on the
Internet
Vendor: Sony
Website: http://www.sony.com
SaveDisk v1-v3
SafeDisc v3 uses an key to encrypt the main executable (EXE or DLL) andcreates a corresponding digital signature which is added to the CD-ROM/DVD-ROM when they are replicated. The size of the digital signature varies from 3to 20 MB depending how good the encryption should be. The authenticationprocess itself takes about 10 to 20 seconds [Gam03b].
Protection Classes: B, D
Backup Solution: First perform a raw data copy, then apply generic patches available on the
Internet (v1, v2) or patch the executable individually (v3).
Vendor: Macrovision Corporation
Website: http://www.macrovision.com
TAGES
TAGES uses new encryption and authentication technologies compatible withstandard multi-media PC computers and drives (a ring of 1 MB secured content)[Gam03b].
Protection Classes: B, D
Backup Solution: Replacing the protected executable by a fixed executable.
Vendor: MPO & THALES
Website: http://www.thalesgroup.com
List of Figures
2.1. CD/DVD Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4.1. Weak Sectors on Optical Media . . . . . . . . . . . . . . . . . . . 124.2. Felt-tip Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.3. Post-It Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.4. CSS Key System . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Bibliography
[CDF03] CDFreaks. Safedisc 2 explained and defeated. Internet Website, 2003.http://www.cdfreaks.com/article/52.
[Cod01] CodeMasters. Codemasters fade system. Internet Website, 2001.http://www.codemasters.com/news/displayarticles.php?showarticle=500.
[dJ03] Bundesministerium der Justiz. Gesetz uber urheberrechtund verwandte schutzrechte. BGBl I 1965, 1273, 2003.http://bundesrecht.juris.de/bundesrecht/urhg/.
[Ent00] 4C Entity. Content protection system architecture. PDF, 2000.http://www.4centity.com/data/tech/cpsa/cpsa081.pdf.
[Gam03a] GameCopyWorld. Cd-cops copy. Internet Website, 2003.http://www.cdmediaworld.com/hardware/cdrom/cd protections cd-cops.shtml.
[Gam03b] GameCopyWorld. Listing of copy protections. Internet Website, 2003.http://www.cdmediaworld.com/hardware/cdrom/cd protections.shtml.
[Gra03] TTD Graphics. Kopierschutzverfahren fur cd und dvd. Internet Web-site, 2003. http://www.webwitch.de/media/kopierschutz/.
[Hex03] Hexalock. Hexalock cd-rw. Internet Website, 2003.http://www.hexalock.com/cd-rx.html.
[Mac01] MacroVision. Macrovision safedisk v1-v3. Internet Website, 2001.http://www.macrovision.com/products/safedisc/index.shtml.
[Ser02a] Deluxe Global Media Services. CD Specification. Internet, 2002.http://www.disctronics.co.uk/technology/cdbasics/cd intro.htm.
[Ser02b] Deluxe Global Media Services. D VD Specification. Internet, 2002.http://www.disctronics.co.uk/technology/dvdintro/dvd intro.htm.
[Son02] Sony. Key2audio homepage. Internet Website, 2002.http://www.key2audio.com/.
32 Bibliography
[Son03] Sony. Sony securom. Internet Website, 2003.http://www.securom.com/solution disc.asp.
[Sto00] Search Storage. Compact disc. Internet Website, 2000.http://searchstorage.techtarget.com/sDefinition/0,,sid5 gci507072,00.html.
