Vulnerability Development mailing list archives
hacksdmi?
From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Tue, 10 Oct 2000 22:34:09 -0700
Did anyone else download the hacksdmi.org challenges, and take a look at them? I did briefly. The contest is over, and I think they are announcing something tomorrow. The terms of their agreement were more reasonable that I would have thought. You could have the materials... and you really only had to agree to terms if you planned on going after the money. You could release your findings, you'd just forfeit any prize. So, I figure anyone who wanted to play for the money has done so, and since the thing is over, we won't be interfering with any contest by discussing. naturally, I have my own political agenda, but that part is off-topic. OK, onto the fun stuff.. For example, for watermark 1, they give 3 files. samp1a.wav which is an untouched .wav, samp2a.wav is the same file, but with a watermark. samp3a.wav is a different sound file, but with the same watermark. So, take a look at this: Comparing files samp1a.wav and samp2a.wav 00000004: E0 24 0000004E: A8 A7 00000050: 0E 0F 00000056: A4 A5 00000058: 4A 49 0000006E: 71 70 00000074: 93 94 00000080: EB EC 00000086: 5A 59 0000008E: 40 41 00000094: 28 29 00000098: 94 93 000000AA: 2E 2D 000000B0: 8B 8A 000000B2: BC BD 000000BA: 7B 7A Starting at 4E, the watermarked file has some bytes either 1 larger or one smaller than the unmarked file. I.e. the low-order bit has been flipped. Note that it's only on even bytes. That's a bit of a short sample, but I don't want to dump any huge files on anyone. The original challenge was to strip the watermark so that the detector program (not provided) wouldn't be able to spot the watermark, and that some minimum sound quality be maintained. Anyone else fiddled with this? Later, I'll write some code as an experiment to just zero the low-order bit and see what that does to the sound. BB P.S. Yes, the whole premise of "secure music" is fundamentally broken. Yes, the minute someone figures the algorithm, the watermark is gone. Yes, converting it to an MP3 would hopelessly destroy the watermark. Yes, this is copy protection, and we know that can't be made to work. At least one story on this whole thing says that unnamed techies associated with the SDMI initiative pushed for this hacking contest to prove these exact points. Should the SDMI people actually pick some technology to try this, I fully expect we will crack it within a few days of having code in hand.
Current thread:
- hacksdmi? Blue Boar (Oct 11)
- Re: hacksdmi? Ralph Moonen (Oct 11)
- Re: hacksdmi? Masial (Oct 12)
- Re: hacksdmi? Daniel Petzen (Oct 13)
- Re: hacksdmi? Steve Mosher (Oct 13)
- SDMI - The way I would make the water mark. Richard Rager (Oct 13)
- Re: SDMI - The way I would make the water mark. Robert Collins (Oct 13)
- Re: SDMI - The way I would make the water mark. buggz (Oct 13)
- Re: SDMI - The way I would make the water mark. Steve Mosher (Oct 13)
- Re: SDMI - The way I would make the water mark. Ben Galehouse (Oct 14)
- Re: hacksdmi? Masial (Oct 12)
- Re: SDMI - The way I would make the water mark. Bluefish (P.Magnusson) (Oct 14)
- Re: hacksdmi? Ralph Moonen (Oct 11)