[Armin Tamzarian’s] local library recently started lending eBooks via the OverDrive Media Console system. He checked out a couple of books, which got him thinking about how the copy protection scheme was implemented. He wondered what recourse users had if they wanted to view a book they have already checked out on a different, or unsupported piece of hardware.

His research centers around Adobe’s ADEPT digital rights management scheme, which is used to protect the books offered on loan by OverDrive. The topic is broken down into three parts, starting with an introduction to the EPUB file structure, the OverDrive Media Console, as well as the aforementioned ADEPT DRM scheme.

The second part takes a close look at the OverDrive Media Console itself, where he uses the ineptkey and ineptepub utilities written by [I♥CABBAGES] to pull the RSA cipher keys from the EPUB data he uncovered. When he then tries to strip the ADEPT DRM layer from his books however, he discovers that OverDrive is using a non-compliant version of the ADEPT standard, which renders existing tools useless.

The final part of [Armin’s] discussion digs even deeper into the OverDrive Console’s inner workings, where he finds that the OverDrive Media Console stores quite a bit of information in an SQLite database. After a bit of digging, he finds all the data he needs to strip the DRM from his books. [Armin] also took the time to wrap all of his findings up into a neat little tool called OMCStrip, which as you may have guessed, strips the DRM from ADEPT-protected eBooks with ease.

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks.  Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

Pastebin has the HDCP master key that we talked about in a post last week. This is the encryption protocol used for HDMI content protection on media such as Blu-Ray and High Definition cable television.

The master key array is a 40×40 set of 56-bit hex used to generate the key sets. You get one brief paragraph at the top of the document explaining what to do with this information. If you ask us we’re more interested in how this set was determined. So for some background information read the key selection vector (KSV) Wikipedia page. That points us to an interesting discussion proposing that if 40 unique device-specific KSVs can be captured, they could be used to reverse-engineer the master key. And finally, a bit of insight from a Reddit user (make your own decision on the dependability of this information) commenting on the value of having the master key.

In his comment, [iHelix150] covers the revocation system that HDCP uses to ban devices that are being used to circumvent copy protection. He says that having the master key makes it possible to push your own revocation lists onto devices. Each time a list is written to your device (TV, Blu-ray, etc.) the version number field for the list is updated. If you push an update with nothing on the revocation list, and set the version number to a binary value of all 1′s it will prevent any more rewrites of the list. This means that any previously banned hardware will be allowed back into the chain or trust.

So far this probably means nothing for you. But it’s fun to watch the cat-and-mouse involved in the DRM struggle, isn’t it?

Apparently, Apple has decided that extending DRM to your Nike accessories will keep hackers at bay.  Sick of people cutting the sensors out of their Nike shoes for use on other apparell, they have applied for a patent. Ever noticed the warning that it’s illegal to pull the tag off of a mattress?  Did that stop you?

[via Slashdot]

When working on a Mac, we find that Handbrake works really well. It is intuitive and efficient, featuring useful options and a virtually nonexistant learning curve.

Options on a PC are far more diverse. Our goto app is DVD Shrink: finding the download is a little tricky, but once installed, it makes ripping and burning a snap. We really love how easy it is to alter the compression of audio and video, and selectively include or exclude extras, menus, audio streams, and even legal warnings. We only have 4.7GB to work with, so we make space where we can.

When the source DVD is under the size limit, we prefer not to alter it in any way; for this, we use Alcohol 120. It is capable of creating nearly identical copies of any DVD, even copyrighted DVDs or video games.

It is entirely possible, likely even, that all you’re interested in is ripping. There are entirely too many options to name them all, but we are partial to DivX for rip-only operations. It is cross-platform, easy to use, and encodes in the DivX format. Playback is another issue (cough – FFDShow – cough). One of the most accessible ripping options, though, is an often ignored but useful app: Nero Vision. It is part of the Nero 8 suite, and although it is officially DVD authoring software for beginners, it features a functional ripping option that encodes ripped files in MPEG2 format. This is truly useful if you intend on authoring custom menus on the destination DVD, although Adobe Encore is a far better option for the actual authoring.

The great variety of options is part of what surprised us at the popularity of the low tech solution. Still, given the variables (level of user proficiency, platform, destination media, etc.), we wouldn’t be too surprised if our readers all vouched for different methods. That’s the question: what method do you use to rip DVDs?

[photo: William Hook]