The Cracking of Napster WMA DRM

Update, 10/07/2006: Those interested in this story might be interested in the release of FairUse4WM, a Janus DRM evasion tool

Cody Brocious was kind enough to respond to my post below, and then chat with me on AIM about the crack.  Here’s the scoop:

Cody and co. are apparently very near an implementation of a utility
that will allow people to turn songs acquired through Napster Light
(the a la carte service) and Premium (the non-portable subscription
service) into unencrypted files. You have to have paid for the songs
first to do this circumvention, because the keys have to be retrieved
from Napster.  This tool will actually circumvent and remove the
DRM, rather than recording from the sound card or employing other
similar workarounds to create unencrypted files.

The tool will not circumvent Napster To Go songs using Janus DRM, which
is WMA DRM v10 and different from the DRM applied to Light and Premium
songs.  Their utility is indeed based on the Beale Screamer code
and only works with the WMA DRM
code pre-v10.  After the Beale Screamer code’s release, a tool called Freeme
was released that decrypted WMA files, but MS updated WMA to account
for this problem and secure the keys held client-side. Since the
utility “requests the license from the Napster license server just like
the official client does,” this issue is inapplicable. 
Technically, this is distinct from the PyMusique crack for iTMS.

Cody suggests that Napster Light and Premium songs do not use the Janus
DRM because of backwards compatibility issues.  If Napster Light
were to sell songs using Janus, the pre-Janus portable players (that
is, most players on the market) would not be able to play the content.
This issue does not apply to the non-portable Napster Premium; however,
since Napster To Go only works with WinXP, I imagine that all Win2k
users may have problems if Premium were to use Janus DRM. 

So Napster could respond to this crack simply by updating all DRM to
Janus, but it would come at great cost.  Cody acknowledged other
ways they could change the way they encrypt the content, but he
believes these changes would be trivial to circumvent, assuming they do
successfully implement the utility they are currently working on. He
also expects that Janus will be cracked, but stated that he is not
attempting to do so.

The tool will only work with Napster, but Cody expects that this scheme can be applied to other music stores in the future.

Cody sees his actions as “ethical,” irrespective of legality, and he is
willing to “fight the DMCA.”  He wants to be able to play his
lawfully acquired Napster music on Linux.

Further technical details will be available shortly.

Update, noon 12/15: Alex Goodwin, one of Cody’s fellow coders, offers additional details in this comment.

Napster’s WMA DRM Cracked?

Update, 10/07/2006: Those interested in this story might also be interested in the release of FairUse4WM, a Janus DRM evasion tool.

Shortly after Napster-To-Go’s launch about two months ago, word spread
that Napster’s DRM had been “hacked.” Nothing of the sort had happened,
but that didn’t stop Steve Jobs from pushing the rumor forward. Really, someone had posted instructions
on how to take the unencrypted output from the sound card and turn it into
a new wav file.  The spin got so out of control that Napster responded publicly on its website.  

Well, Neowin (via Digital Music News)
reports that the DRM itself may be compromised now.  The details
are sketchy, and the article’s suggestion that the crack is built on
the 2001 Beale Screamer code makes me a little suspicious.  Slyck has a vague article up as well.  Check out coder Cody Brocious’ blog for more details.

More on Rhapsody

Apropos of my post earlier this week: Postplay reports that Real is planning a major announcement
for later this month, likely about a new version of Rhapsody and/or the launch of a
portable subscription service. If it’s anything less than that, the
press release hype will appear even more ridiculous. From what I had
read earlier, Real was looking to get a portable subscription service
out by the end of the year, viewing that market as really a year away,
but perhaps they’re pushing harder now that Napster is getting some
uptake.  It will be interesting to see if they adopt Janus DRM as
well.  Though it went largely unnoticed amidst the introduction of Harmony, Real also chose to allow
transcoding to WMA from the Helix-DRM-locked AAC files sold by the Real
Music Store  It also started selling songs in WMA format.  So offering a portable subscription via WMA would be
another interesting step away from using their own proprietary formats.

Updated, 5/20: I stand corrected by Bill Rosenblatt of DRMWatch.  This post originally said that “they didn’t outright sell the songs in WMA
format.” Apparently, Real does sell tracks in WMA. Thanks, Bill.