Re: Napster: thoughts and comments?

From: Emlyn (onetel) (
Date: Wed Jul 12 2000 - 23:46:41 MDT

There's a much more basic method of grabbing heavily encrypted music which
is downloaded and played by your PC. You can write a fake device driver that
takes the unencrypted digital information fed to it (necessary to actually
play the music), and instead write the information to a nice little
unencrypted file, say a (really huge) wav file.

I know, because I've used a program that was kicking around for Windows NT
(can't remember it's name), to save full CD-quality streaming audio from a
Metallica site, no less. They had their recent full double album (S&M)
available in this fashion; maybe they still do. The particular program I use
installed itself as a device driver, and popped the music in a wav. All I
had to do was say to the site that I had a T1 connection, then wait quite a
while, and voila! Full CD quality (44.1KHz?) sound.

The machine I did this on has a CD burner attached; I could have made full
replica CDs from this source (actually, the breaks between songs would be
different, but that's really nitpicking). What I did do was convert them to
mp3s, and cut them to CD; I also listened to the full quality recordings on
that computer. I will try to cover my butt ethically, by also reporting that
I did indeed buy the double-cd set (eventually). Yes, I am a sad little
Metallica fan if you hadn't noticed. Their stuff sits in my CD collection
between my Slayer CDs and my opera CDs.

What it comes down to is, the information has to be unencrypted to actually
use it; that's a very good opportunity to steal it.


> "Michael S. Lorrey" wrote:
> > Lee Daniel Crocker wrote:
> > > And no digital format will ever be "secure" except on
> > > secure hardware, and even that is dubious.
> >
> > Actually, no. If the file is encrypted such that each successive play
requires a
> > new key to decrypt, which must be downloaded from the recording
> > keyserver on a pay per play basis (i.e. no key can be used twice on the
> > downloaded file), then you have a very secure file format.
> But not completely secure. Make a backup of the file (and any
> associated data, like hidden files or Windows registry keys) before you
> play it, download the key to another file, trick the player into
> "downloading" the key from the file rather than the company, then copy
> the backup over the original, and there's your crack. (If the key
> depends on the time as reported by the local computer, then trick the
> player into thinking it's always the same moment. If the key depends on
> the time as reported by the company's server, that can be specified as
> part of the served key; it's no problem if the local computer and the
> company's server have way out of sync clocks).

This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 17:34:28 MDT