Sony's DRM more powerful than you can imagine

[tracerbullet]

World of Warcraft hackers using Sony BMG rootkit

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.

Courtesy of securityfocus.com

 

[Quad Master]

Didnt knew this.
Cheaters can go to ne extent to win.
Donno where people get such ideas from.

 

[Blade_Runner]

Duh Sony shudn't go to such extent to prtect their Ip. And they are hosing the people who buy legit stuff rather than the pirates. Really stupid of Sony.

 

[KingKrool]

U guyz shud read about this DRM stuff on sysinternals.com

That will explain sony's nefarious activities.

This is just a side effect

 

[Params7]

Here's an elaborate on what Krool said -

http://www.torrentspy.com/article.asp?id=3830

An enterprising tech writer has discovered a bundle of info about the DRM that Sony installs on your PC with the new Van Zant CD.

The information is disassembled, literally, here.

The nutshell is this: Sony releases the new Van Zant CD. On the computer, it only plays within its own executable, not via Windows Media Player or any other software. You are allowed to burn three copies of the CD, and then it's done with.

Well, it appears that, to enforce this DRM, Sony are installing device drivers, DLLs and registry hacks, then running a Rootkit process to mask their installation. If you attempt to uninstall the playing software, the device drivers are left installed, and are left active. Trying to delete the drivers manually - providing you can even find them - can leave your PC crippled. The code is programmed so badly, you can be losing 1-2% of your CPU time even when the CD isn't in the drive, as the DRM software is searching your machine to check nothing is going on that it should know about.

This technique of masking files and folders to prevent detection is commonly used by malware and spyware to prevent uninstallation. Only by using a RKT detector can you see the processes running and from there, it's an incredibly complicated process to break down the inbuilt protections in the software. The author of the article linked spends a lot of time disassembling hex entries and C code to try and get to the bottom of what on earth the Sony code is doing. It's an enlightening read in to how this stuff gets cracked. Here's a quick quote:

"I deleted the entry, but got an access-denied error. Those keys have security permissions that only allow the Local System account to modify them, so I relaunched Regedit in the Local System account using PsExec: psexec –s –i –d regedit.exe. I retried the delete, succeeded, and searched for $sys$ again. Next I found an entry configuring another one of the drivers, Cor.sys (internally named Corvus), as an upper filter for the IDE channel device and also deleted it. I rebooted and my CD was back."

Further Here -
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

 

[tracerbullet]

Very, very interesting link Params and KingKrool. I'm going to fully read it when I get home. I'm still at work, can you imagine!

Off-topic: I've been having a hell of a time trying to remove some bit of spyware that got into my system a couple of days ago. I checked my task manager for unknown applications, ran Ad-aware, Windows Anti-spyware, Spybot and Spyware Doctor from safe mode. Then I manually cleansed the registry myself from whatever locations I knew, but nothing worked. I'd still get random popups in my browser.

Finally, I found that rundll.exe was running some dlls from within the system32 folder. These dlls had no verification, version, company name etc. and had the most bogus of names like czgmgr32.dll, io01ewq.dll and were in use even in safe mode. I had to eventually boot from the windows disc, go to the recovery console (couldn't use ordinary DOS as it wouldn't detect my NTFS partitions) and then manually delete the dlls. Everything seems okay now. Browser hijacking seems to have disappeared and no other suspicious activity is happening.

The reason I mentioned this is because I should have tried running a rootkit revealer - it would have made my job a whole lot easier, I think.

 

[KingKrool]

If you could see the stuff, it is unlikely to be a rootkit. Not impossible, but most rootkits do try to hide themselves

 

[tracerbullet]

Another INQ-typical scathing article, except this time Sony's facing the music.

Sony DRM is worse than you might think

SONY SCREWED UP WITH its rights removal to protect its profit margins philosophy and there is no way the use of rootkits can be justified.

Caught with its pants down, what did it do? Make things right? Heck no, it blamed the user, and doesn't do anything more than window dressing to deflect what are valid criticisms.

If you read the Sony PR spin masquerading as a FAQ here, the tepid responses it give are laughable. Number one states that the technology is used to prevent copying, but that is true for only Windows boxes, so why the discrimination? It only affects legitimate users. If you want to copy the music, all you need to do is hold down the shift key when inserting it and you are free to copy. That or have a non-Windows computer.

.

.

More happy news? These merchants are designing the next generation drives called Blu-Ray with much more DRM built into the hardware. It is bad enough to make me back the views of Bill Gates on the subject with absolute open arms. These are scary times people, and if we let Sony get away with this now, it will only get worse and harder to stop later.

I loved the ending bit, they couldn't have put it better.

Here's the l'inq