Thursday, December 20, 2012

Thinking, Copyright/Security, and Bug Analysis

Someone recently remarked that we should be teaching students/children to think rather than learn by rote. That's fine. However, there's one significant issue here. Without a base level of knowledge there's not much that they can do of any significance. Imagine two students. One is taught nothing other than cheese appreciation/making and 'The Art of Thinking'. Another has a more balanced education with a balanced education that emphasises both thinking but with a broader educational base. Which is going to more useful in the long term? Unless, the child loves cheese and the cheese makes the world go round the latter makes more sense right?

Bugs of the Week

Microsoft's Windows Media Player 12
Optical drives are enumerated on startup of program which means hot plugged optical drives aren't picked up while the program is loaded in memory. A restart of the program is required.

Trading Website (further details not disclosed for security reasons)
Some websites are becoming overly dependent on certain technologies for one reason or another without factoring those who may not be support it. This one is highly dependent on JavaScript. In fact, you can't even move to another page without getting authentication errors when JavaScript is turned off in your browser. Needs a secondary option...

Service Provider (further details not disclosed for security reasons)
I first discovered this flaw in another service provider during the dial up era and amazingly it still exists now. Using generic credentials some providers allow you a fairly large amount of free time/access to the Internet prior to requiring authentication. Back then things weren't that bad since downloads were often dictated by bandwidth but given the speed of todays connections it seems fairly clear that this needs to be better thought out. I did a rough calculation and determined that this particular provider would allow several hundred MB in downloads prior to requiring authentication. A captive portal type is an option.

http://en.wikipedia.org/wiki/Captive_portal

Music Producer (further details not disclosed for security reasons. The media/music in question was produced about a decade ago, unpopular, and is almost impossible to find in retail music stores (I got this in a used music store). Moreover, much music is purchased digitally now and it's likely they've moved on to other systems.)
I recently had a problem ripping some music (could only rip 2/3's of the disc) for use on my smartphone. I thought it may be related to a scratched disc but cleaning it and using another drive (some drives have superior error detection and correction capabilities) didn't achieve anything. At a certain point disc reads/ripping would time out (in the first 20% of a track about 2/3's of the way through the disc). I had an inkling that there may have been some copy protection involved. Attempting an ISO copy of the disc in ImgBurn resulted in the following.

####Start ImgBurn Quote####
As Yoda would say, "Hmm. Failed in your attempt to outsmart me, you have."
ISO is not an appropiate container format for the current disc.
Reason. The disc contains multiple tracks.
Regardless of what you select for the file extension, I will not create a true (MODE1/2048) ISO image!
The file will be created with a '.bin' extension instead.
####End ImgBurn Quote####

Letting ImgBurn run with a '.bin' copy resulted unsurprising in a freeze/timeout.

Using CDBurnerXP resulted in the following errors (whole disc copy using .MDS format).

####Start CDBurnerXP Quote####
Unreadable area detected on disc at position ??????

I/0 Error!
Device: ?
ScisciStaus: 0x02
Interpretation: Check Condition
CDB: ?
Interpretation: Read CD - Sector ?
Sense Area: ?
Interpretation: Timeout on Logical Unit
####End CDBurnerXP Quote####

There are obvious clues though. There were indications that the disc itself was partitioned into multiple tracks/sessions. This technique itself is ancient (think the early floppy disc era/decades ago) and is similar to another scheme that was recently used by another music producer that involved blanking out the first track of a music disc to make it readable to music players but not to computers (you could circumvent it by literally carefully running a texta over that first track). In this case, I got around it by loading it up, ripping the first 2/3's of the disc (partition is set at about 2/3's of the disc capacity), stopping the process, connecting an external optical drive and then ripping the final 1/3 from there (stopping/restarting doesn't seem to work. There seems to be measures to calculate a continuous read around the disc.)(I tried both lossy MP3 as well as a lossless WAV rips which were successful).

The purpose of this is not to prime you on how to break copy right protection systems! It gives you an idea that a lot of the work out there is often derivative and often not enough thought is put into the theory or implementation of such technology. Many of the implementations out there indicate an understanding of one side of the equation but not another which often leads to a gaping hole (read up on the history of breaking DVD, PDF, and PayTV encryption).

http://en.wikipedia.org/wiki/Analog_hole
http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
http://en.wikipedia.org/wiki/Portable_Document_Format
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Content_Scramble_System
http://en.wikipedia.org/wiki/Smart_card