DRM schemes

Amos Wenger: I only have 38 sleighs. I'm Santa. I have 38 sleighs.

James Munns: RuPaul's Tech Talk with 38 slays.

Amanda Majorowicz: Oh yeah.

Amos Wenger: So James, you got the nice mic and USB interface and Amanda, you got the nice headphones?

Amanda Majorowicz: James also has headphones. He's just not wearing them.

James Munns: I prefer... like, I don't like stuff on my head and I like only having one earphone in. For like editing, I do use them or like when you ask me to review things, I use them, but I don't like them for just chilling.

So this is my sign.

Amos Wenger: Wait, wait, wait, who's the sign for?

James Munns: Me, it's to remind myself to ask questions while you're giving a presentation that not for what I need.

Amos Wenger: It's just a reminder for yourself that you're looking at- okay.

James Munns: Yeah, it's a reminder to myself to be a good host and not just have the conversation with you.

Amos Wenger: Cool.

James Munns: Ooh, audio quality.

DRM schemes

Amos Wenger: Yessss. Just share this window and ha HA! Yes... I haven't shared my screen yet. James, today I wanna talk about DRM. are you ready for that?

James Munns: I'm sure there will be no positive or negative audience response to the initial words of DRM.

Amos Wenger: Yeah, I'm in the free software universe. I have opinions about DRM. I'm usually a protester of DRM. I'm copyleft. I torrented as a child. I now have money to pay for things except now there's 15 different streaming services. So I don't pay for 15 services is all I'm gonna say on the record about this. But today we're not gonna worry too much. There will be one point. We're gonna look into 10 DRM schemes that I think are noteworthy or interesting to talk about. Some are downright fun and completely obsolete and some are more modern. And I only have 38 slides. So I hope it's gonna be a reasonably length one and we can just kind of recall from our past experiences as younger humans, what we interacted with, what kind of systems, because for me there's a bunch of nostalgia in these slides.

So I hope you enjoy them. As usual, you can get the slides on sdr-podcast.com/episodes because there's gonna be a bunch of photos of visuals that you don't strictly need but for maximum nostalgia value you should go get or you can just watch the episode on YouTube. All copyrighted material, right? Of course. I did link to, if you download the PDF, I don't know if the presenter notes show up but I linked to things. So it's gonna be in the show notes. It's gonna be like the show notes because Amanda is the best. Don't keep that in. Just keep that for yourself.

Amanda Majorowicz: That's also on the record! Yes!

Amos Wenger: Yes, of course it is. Cool. So little disclaimer, I've never been a part of any hacker cracker group. part of any hacker cracker group. I have not been a part of reversing any of this. So I'm gonna get some details wrong. And if you know what's good for you, you will let me be wrong and not correct me or just do it privately by email if you don't care or whatever you feel safe. But the point is, I will say wrong things. I did a few hours worth of research on each of these. And for most of it, I just wasn't there. I just acted as a consumer. Yeah, you can send us an email. And some of this still might be illegal in some countries even though it's ridiculous, but that's the way it is.

James Munns: So take it for vibes, not reference material.

Manual-based copy protection

Amos Wenger: Exactly. So it's a numbered list and we're gonna work our way to number one. Number 10 is manual based copy protection. James, do you have any idea what I'm talking about? Think old video games.

James Munns: Are you gonna quote... there was a Star Wars game that made you like look up a table in the manual and if you got it wrong, it would like kill your character or something like that?

Amos Wenger: That's pretty much it. It's like you have a piece of physical thing... In the example I have on screen now with Operation Stealth from 1990, the year I was born. It was just a colored manual. And the game would show you a black and white version of this kind of abstract, strange illustration and it would point to an area and ask you what color it is in the manual. And the fun thing is that in 1990, as I understand, I was just born, I wasn't there to check, but I think making a color copy of some page was pretty expensive. So that was sort of effective.

James Munns: Was this post- this is... 90s probably post-mimeograph, but you're right, like color copies would have been egregiously expensive.

Amos Wenger: Exactly. Another example, pretty famous one is the code wheel from the Secret of Monkey Island where you can rotate... You have faces, it's circular, you can rotate it. You have the upper part of faces and the lower part of faces. And then you have years that are being revealed from rectangular holes in the smaller portion of the disk you can rotate. So again, this is even harder to replicate because you have to develop, I guess it's not impossible. You just disassemble it and photocopy the two and then do a little bit of... I like the idea that if you really wanted to pirate the game, you had to do a little bit of DIY, just like print two things and cut them and then assemble them so you can rotate them. It's fun, it's like, okay, you all are game, you're gonna have to work for it.

James Munns: I sort of love this with copy protection because this is more on software than on media, but like as someone who's writing a piece of software that is probably going to have a license and I have to do some kind of checking for the paid version of it, I know that by the time that someone owns the software and they're running it on their computer that I have no control on and I'm not whatever video game company that's gonna do kernel level anti-cheat for it.

Amos Wenger: We're getting there James.

James Munns: You only, like there's only so far you can go and if most people are not gonna do an arts and crafts project to crack your code, let alone poke around in the software, so I kind of love the, if I made you do an arts and crafts project and that's how you crack my software, I'm not too upset about that.

Amos Wenger: Exactly, here's another fun one, it's called Lenslok. I don't know if you've ever seen that. I haven't, it's a-

James Munns: Ooh, this is one I've never seen.

Amos Wenger: It's a little piece of red plastic with a weird lens on it, transparent plastic with properties that kind of deflect various portions of the screen, so there's two views on the slide we can see, we can see a view from the side where we see kind of gibberish, little bit of pixels, they're not really pixels, they're character size. We're talking even earlier than MS-DOS, this is probably, I don't know, the characters remind me of some other computer, but it's optical, you place it physically on the screen and then it modifies what you see and it kind of decrypts it. This has, people have re-implemented Lenslok in software, so you just give it the image and it just does the transform that it would physically do, but that's kind of amazing, because the previous two, okay, you can find a color copier, just write down the colors of things or you can assemble your little wheel, but good luck freaking building a lens, and that's probably super cheap for them to do, because, well, not super cheap.

James Munns: It's injection-wolded plastic, as long as you're making 10,000 of them, it's whatever.

Amos Wenger: This one showed up in my research today, I didn't know about it earlier, and it's just so fun, it's just like this weird little object. A thing you wouldn't misplace immediately.

James Munns: Yeah, oh, it'd be gone. Yeah, you'd have a little brother or something who would melt it, and then you'd be like, "Oh no, I can't play my game now."

Amos Wenger: Honey, I disposed of the packaging, because you forgot to, it's like, "No!"

9. Serial keys

Amos Wenger: Okay, number nine, we have serial keys, everybody knows and loves serial keys. Here's probably the most famous serial key, I think it's famous enough, I asked, I shit you not, I asked ChatGPT, "Hey, give me the Windows XP serial key that is public knowledge," and it's everywhere, because it starts with FCKGW, there's gonna be an explicit rated episode, it's "fuck gates and windows."

James Munns: Okay.

Amos Wenger: Well, yeah, that's what it meant. Okay, so basically, the way serial keys work is you don't have a list of valid keys in the program, you just have some algorithm that checks a string for some property, it does some computation with the letters, and that checks a property that holds true for a very large number of keys, and the key space is very, very large, you can see there's five... five times five of like, how many?

James Munns: 25 times 36 or something like that, if it's all letters and numbers.

Amos Wenger: It's all letters and numbers, yeah, 36, exactly. So, it's a large key space, most of them are invalid, but there's also no, there was no need for the software to phone home, it could just run a little bit of code, compute and be like, "Okay, that's a correct serial key," but it also for OEMs, it has the nice property that if everybody ends up using the same key, you can trace it back to the person who shared their key. If you know which store they bought it from, because we used to buy software in brick and mortar store, and we used to call stores brick and mortar store. Physically go somewhere in there, oh, it's like John Smash bought this copy of Windows and then shared the key with everyone.

James Munns: Egghead Software. That was a popular company in the US.

Amos Wenger: I thought you just made it up.

James Munns: No, no, no, no, that's a, yeah, that was one of the bigger software retailers, like before Best Buy and stuff even were popular. I don't know, I remember having catalogs and stuff for Egghead Software.

Amos Wenger: That's, okay, that was crazy. Of course, the thing is, because it's just a simple algorithm, you can just make a program that generates any number of valid keys for your software, and then you can't trace it back to the person who leaked their keys, because it's just essentially you reverse the... reverse engineer the executable.

You find the code that's responsible for checking if the key is valid, and then you figure out what's the property it's checking for, and then you can just generate as many keys as you want, and have included two random, I don't even know if those are real. Man, it's so hard to find things on the internet nowadays. Half the stuff, half the things are generated, X-Force and Enderman. They usually play a nice little bit of chiptune music, so I remember those fondly.

James Munns: The SoundCloud of an entire genre of music.

Amos Wenger: It was.

James Munns: This is where a ton of chiptune, or I forget what genre... there's a specific name for the tracker files that people would put in this, because you could put a whole audio track in there.

8. PlayStation schemes

Amos Wenger: Yeah. Number eight is PlayStation schemes. So there's a bunch of them. The PlayStation is really fun, and the first one I wanna talk about is the wobble. So PlayStation was a disc-based console, so you had this that actually looked like this. We're gonna get back to that. Inside, I think in the inner rings, there was special data that an encrypted string that read like SCEA, or SCEE, or SCEI, the Sony Computer Entertainment for various regions, and the PlayStation was able to read that, but if you try to copy the disc with a computer, because we had disc readers we had CD burners, then it wouldn't replicate that, and then the console would know that it's a pirated game and not actually play it. The problem is that you could just put in a legitimate disc and then swap it with a pirate disc afterwards after the check was done, and so it was actually completely defeated, just like that.

Amanda Majorowicz: Hang on a second. Okay, so I used to have a PlayStation when I was younger, and my ex-stepdad's brother- whatever, don't ask- did something in the PlayStation so that we could play these pirated games.

Amos Wenger: I'm getting to it, yes.

Amanda Majorowicz: Okay.

Amos Wenger: Yes.

Amanda Majorowicz: I had a story about my Spyro, the third one.

Amos Wenger: Yeah, yeah, yeah. We're... ah, there's gonna be...

Amanda Majorowicz: Are we getting there?

Amos Wenger: There is gonna be- yes!

Amanda Majorowicz: Am I ruining your slides?

Amos Wenger: Yeah!

Amanda Majorowicz: Holy smokes, first time friends.

Amos Wenger: That's a sign that I'm making it relatable, finally.

Amanda Majorowicz: Honestly to me specifically, thank you, okay, continue.

James Munns: Long time listener, first time spoiler.

Amanda Majorowicz: Exactly.

Amos Wenger: So that's the wobble, and another funny thing was that I would call that the bottom of the CDs, like the part that is actually written on and read, it was black for PS1 games. Actually not all, like it's just the first ones, I think, and that's not really an anti-copying measure, because you can read them exactly like normal ones, but it's more like an anti-counterfeiting measure, because if you're just burning them in a regular CD and then you try to sell that, people are gonna see that it's not black. Unfortunately, the market answered that, and people started

James Munns: selling black CDRs. They give you all kinds of colors, too.

Amos Wenger: Yeah, exactly, there's gonna be a link in the show notes with a page exclusively about the different kind of dyes that you can put in CDs and DVDs to make them different colors. Here's another fun one, it's called LibCrypt. So LibCrypt works differently than the wobble, and the idea is that CDs are physical media, you can have bumps and grooves, I forget the exact physical layer of what's happening, you have zeros and ones, essentially, but then it's organized in sectors, and then there's a file system on there, and there's files you can read, but you can put things in between the file records, right? You can put data that, if you read it in a computer, it would ignore that, it would just, I don't know, it's not in the dictionary, that's how file system work, where you have some sort of, what would you call that? An index, it's like this file is at that place.

James Munns: Yeah, it'd be like hiding data in padding gaps, more or less.

Amos Wenger: Yeah, exactly, and so when you make a copy of the CD, that data is not copied over, and the game actually checks for that, so it sees that it's a copy, and it just says no. But once again, here's the screenshot of Spyro, Amanda.

Amos Wenger: People have come up with fixes for that. There's basically two options. You can either patch the game itself, so let's say you own a copy of Spyro. You can rip it from your computer, so you put it in the CD reader and read everything that's on it, that's gonna read everything but the special data that LibCrypt is looking for, and then you can patch the code to just not check for that. So same thing as, what did you talk about earlier? No, actually, well, that's, we haven't talked about it, but in key gens, you can also just remove the part of the code that checks for the serial key. It was pretty much that simple back then.

James Munns: Yeah, because that's one of those problems, if you have a function that returns a bool, like is valid or is false, you can just, often just return true is a much smaller piece of code than the actual checking. So that's how a lot of binary patching works, is you just go, you find the one place where it says, have you checked and is it valid? And you just say, yes, we're good. And that's one of those fun things, especially with like optimizing compilers, if you try and do something more clever, the compiler will be like, oh, at the end, this just boils down to a binary comparison. So I'll get rid of your whatever, and we'll just say, yes, return true. And it's way easier to patch.

Amos Wenger: But you have to be able to reverse or debug the binary, which can get complicated, we'll get to that. So option one is to patch the game, just remove the checks altogether. And option two is to patch the console. You had this little thing called mod chips. They're very simple, I don't actually know what's in there, but we can see on the slide, they're very small. And you just connect them to various pins on the motherboard of the console. And then, ta-da, you can play games from any region, because games used to be region locked.

That was before the internet. Yeah, it let you, I don't know, it defeated copy protection, so it let you play burnt copies of PS1 games and whatnot. And there were even people who offered mod chip install services. You could order- you could send in your PS1, pay them certain amount, and then you get your console back in the mail a week later with a mod chip installed. But they stopped doing it, the one I found stopped doing it in 2021. So I'm four years too late, unfortunately.

James Munns: Yeah, a lot of these either work by replacing the firmware of a piece that's doing the checking, or they'll do certain things like glitching, where when they detect like, ah, you're talking to the DRM chip, right before you ask it, is this good or not? Because there'll be a similar digital version of asking the chip who maybe has a view of all the data that's coming in or gets fed the signature of something, and it'll return a signal like low or high for good or bad. It'll either glitch the chip or it'll just overpower the response from that chip and like set the electrical signal high or low. Like there's more modern ones like this for every console.

But the ones that I've seen most recently for like the Switch are based on like the RP2040, like from Raspberry Pi, because it's relatively fast. It can like sniff the entire communication and write where it needs to come in and like, you know, override the actual chip on there and says, "Yep, all good, checks out."

Amos Wenger: Yep, and it used to be that I think the older versions of PS1s were easier to mod, so they were higher priced and rare and people thought to get them, but now there's more modern mod chips. And I don't know, the mod chip scene has kept evolving and it's kind of, it's, I don't follow that scene. I don't know the developments, it's all enthusiasts talking on forums and it's not very legal. I don't know which part of it is legal.

James Munns: I am not a lawyer, so we won't weigh in on that.

Amos Wenger: Cut this whole thing. It was a mistake! Next!

James Munns: It is very difficult as someone who ships hardware to like- software is already hard because you put software out there and then anyone can spend as much time as they want trying to break it and manipulate the environment. Hardware is even worse because you have to make them tens of thousands or hundreds or millions of units at a time, which means even if today you know there's a problem, there's so much momentum before you can put in a new version of the hardware and all the ones that are out there and sold are gone. And if there's something fundamental like that where you can't detect that from software because you're only looking, is this good or is this not good? Like it is just a one-sided arms race when it comes to that kind of thing.

7. Break the game

Amos Wenger: Number seven is break the game. So a lot of copy protection slash anti-piracy measures try to prevent you from playing altogether. But some game developers are sadistic a little more. They're like, okay, you can play, but you can't win. An example is Serious Sam 3 where they have these monsters called adult, I forget. I forget what they're called, adult something? And basically they spot, if they detect that you're playing a pirated copy of the game, which could be as simple as like they uploaded a pirated copy of the game on torrent websites and seeded it and now that's the main version that goes around, then they spawn an invincible very fast moving version of that enemy early on in the game and you can't go past that. And that was a pretty famous example. We have a nice high resolution picture of that creature here and I can't believe I forget what it's called. I think it's an adult scorpion. I think that's the name. Another example.

James Munns: My favorite one of these. Oh, exactly. This is exactly my favorite.

Amos Wenger: Nailed it, another was Game Dev Tycoon who did the same thing essentially: detected if you're playing a pirate copy because I have the headline from Eurogamer here. 93.6% of players currently running cracked copy. That's in 2017. Imagine releasing a game and you can tell from analytics that 94% of people are playing a pirated copy. I mean, back when I was-- That's not uncommon.

James Munns: I've seen that from multiplayer games and stuff because that'll be a problem, especially for a multiplayer games is because people will log onto the servers so they're using money for the servers you're running. Like it's not even like zero cost to the developer because you still have to run servers but they could tell that like 95, one out of whatever are actual paid users.

Amos Wenger: I was gonna say, unless playing the game actually cost you something like in the case of multiplayer games, like you said, for single player games, back when I was in the game dev scene or around the game dev scene, because I worked at itch, what we told ourselves was like people who pirate the games are probably not people who would have bought the game anyway, so it's not really a lost sale. It's kind of more exposure and they talk about it. So you're not really trying to get every one of those like 94% of people to convert to paying customers because they're not paying customers, they're just... so yeah, they had a mode where if they detected you were playing a pirated copy of Game Dev Tycoon, everything was so much harder because it's a game about making games and selling them.

So in game, it wouldn't sell, you would make games and nobody would buy them for some reason and you would get weird notifications and people noticed and it became a whole thing. And a year later, because people started liking it and they considered it a challenge, they added it as an advanced option. You can opt into pirate mode because it's so much harder. I'm reading from the options here. It says, "The pirate mode causes severely reduced sales on all of your games. Bankruptcy is likely. You can develop copy protection, but using it will upset fans. 'Fan mail' inspired by true events will reach your inbox from time to time." So they leveraged all the hate mail that they got from doing that in the first place to add this as an extra feature on the game. And if you go on YouTube and you search 'Game Dev Tycoon pirate mode,' you'll see people trying to finish the game with that mode and they did.

James Munns: This has to be some kind of like therapy or catharsis for the devs. Like the only way that you can... this is making lemonade out of lemons, I guess, is all it can be.

Amos Wenger: It's nature giving us peppers. It's like capsaicin, the thing that makes the body go, no, no, no, and we humans are like, "I'm gonna eat all of it. I'm gonna get used to that. I'm gonna eat the hottest pepper I can find." And nature is like, "No! I made this specifically so you wouldn't touch it!" I love that.

James Munns: "My defense mechanism, no!"

6. Macrovision

Amos Wenger: Number six, we have Macrovision. So I was not alive for this one. I regret to tell you. I don't know, do you know what that is, James? Have you heard that before?

James Munns: No, I don't think so.

Amos Wenger: It's for VHS. So we're gonna be looking at analog signals here. So we have on the slide, which you can get at sdr.podcast.com/episodes, in case you've missed that. We can see an oscilloscope reading of signals. So the way VHS works is it scans the screen from left to right and top to bottom. So you get signals for colors as it scans the screen. You just scan lines and everything.

So you get all the different points, which is fun because it means you don't really have a resolution horizontally. Like it's just kind of a continuous thing. There's a number of lines, but then every line is kind of continuous because it's an analog signal. And so that's fun. But then between every frame, there's a vertical blanking interval where you don't have any data. It's just, I don't know exactly what should go on there. I don't know if it's just like zero or one or something in between or some pattern so that it can synchronize. But basically their idea for copy protection is, let's put a bunch of impulses during that vertical blanking interval, which is going to mess with the automatic brightness control of VCRs built in the 1980s.

James Munns: Oh.

Amos Wenger: So you can find on YouTube, and there's gonna be a link to YouTube video in the show notes because Amanda is the best, where you can see that if you played a copy product tape on one of the VCRs, try to copy it, you would see the brightness of the screen moving a lot. You would see a lot of noise. Some VCRs completely bugged out and were not able to detect the blanks. So you just see the image scrolling up and down rapidly. The consensus on that is that it was a pretty bad idea and it didn't work very well. And very, very, very soon, just every piece of hardware started ignoring it because the idea was that also, if you played a tape into a recorder to copy it, the recorder would recognize that those signals in the V blank from Macrovision and be like, uh-uh-uh, I can't copy that.

But then someone just made recorders that ignored those signals and they're like, okay, you can copy everything. They even made double deckers where you could have the source tape and then the destination tape and the same, you'd have two slots in the same machine, just to copy cassettes easier. And yeah, it's fun because it's been rejected by everyone so quickly. This is what it seems like from 2025 when you researched that. I'm sure it was more complicated back then, but what it looks like with hindsight is that people just ignored the signals because you have the entire clear signal, right? You just have to ignore the thing that goes on the V blank. It's not like it's encrypted or anything. It's just garbage in between frames. So you just ignore that.

James Munns: Yeah, and I mean, people aren't gonna get that explanation. So they're gonna be like, "Ah, my TV is bad or my VCR is bad." Not like, "I'm using a pirated copy," which means then the VCR, like the recorders and players or the TVs themselves are motivated to be robust against that because then people don't complain and return their TVs or take them in for service or whatever. It becomes a feature like, "We can play pirated movies too!" Macrovision resisted.

Amos Wenger: Yeah, plus I don't know who was behind this exactly and what kind of power they had to enforce it, like force makers of VCRs to implement that properly.

5. CSS (content scramble system)

Amos Wenger: And we'll see that that's been a big factor later on for number five, which is CSS. CSS not for cascading style sheets, but for content scramble system. James, how much do you know about this?

James Munns: I've heard of it, but I have no idea how it works. Is this the one that was used for? Do you know who this is?

Amos Wenger: Oh. That's DVD Jon. Yeah. Jon Lech Johansen from Norway.

James Munns: Exactly.

Amos Wenger: So when he was 16, Jon figured out that... He figured out how CSS works, which is the original encryption scheme for DVD, which made it so that you couldn't copy DVDs easily because VHS was so easy to copy. As I mentioned, you just like put in a plug, like plug the output of one to the input of the other and hit record it and that was it. But DVDs, they were like, now we're gonna encrypt the content. We're gonna have the players decrypt it. It's gonna be wonderful. They used 40 bit keys to encrypt, which was already ridiculous back then. And someone messed up.

The company who released Xing DVD, the DVD player for Windows forgot to obfuscate or encrypt their decryption key. It was just in plain, like in memory or even in the executable. So they unfound it and figured out the rest of the algorithm. And then suddenly everyone could play DVDs on Linux because here's the thing, this wasn't a big move like, oh, we're gonna be able to crack all the DVDs. It was like, a bunch of people were like, we can't read DVDs on Linux because back then it was not as accepted as it is now. It was still Linux on the desktop.

James Munns: No one sold a DVD player program.

Amos Wenger: I wanna say it wasn't as good as it is now, but is it good now?

James Munns: Well, I don't know. I'm back on Mac. So I'll let you know in five years. When I get upset at Mac and go back to Linux. Cause like every five years I switched between the two.

Amos Wenger: Let's just say back then, that- it never would have been possible to have official support for DVD playback on Linux. There was definitely no industry interest. This was even before Loki games, the Loki, the team that ported games to Linux commercially. It was a wild time. I was actually alive and using Linux on the desktop for that one. So I remember having to install libdvdcss to play DVDs. And this was a whole thing. This became a whole case because essentially Jon was attacked in justice. He got put on trial in Norway because the MPAA, the motion picture something association and the-

James Munns: Association of America.

Amos Wenger: Copyright to the DVD CCA to American organization told Norway, hey, that's not cool. And the problem with America is that it's kind of a superpower. So when they say that's not cool, you can have to like, okay, fine, we'll just put people in prison, I guess. But he was 16. So that didn't help. He was eventually acquitted. He got out, but it became kind of a, what's the term I'm looking for? It was made as an example of like, no, this is free speech. This is free speech.

And people have tried to print the source code, including the key of the CSS decryption code on shirts because they were like, if you can put it on a shirt, then it has to be speech, right? And then speech is protected by the first amendment in the US. So you can't just go sue people for speaking. And so there were a lot of different legal cases around that and it was a whole thing. And yeah, a bunch of companies were sued out of existence because they did this t-shirt used to be sold by Copy Left Limited and I've checked on the website and it's not online. So I'm assuming they're not doing well.

James Munns: One of the early famous examples of this is the US used to limit export- It used to treat cryptography like a weapon.

Amos Wenger: Yes, exactly.

James Munns: And so export of cryptography was illegal under like the ITAR, ITAR is the law. And someone said, well, you know, they put an implementation of a stronger than allowable cryptography algorithm on a t-shirt as like a Perl script, exactly like this on a t-shirt. And it became, I think the court case that set the precedence here of like, if it's information and you can print it and send it, like it is... you know, it becomes a free speech issue exactly like this.

Amos Wenger: I remember it back then because you could install some Debian packages, but they warned you, hey, this is illegal in the US. And I was like, I'm in France, I don't care. But it's kind of crazy. Yeah, I don't have the specifics again. You can go dig on Wikipedia. It could be a special episode about exporting weapons of war across country borders. Cause that's, yeah, that's what encryption was considered as.

4. Widevine L3

Amos Wenger: Number four is Widevine L3. I should have reorganized those. Widevine is interesting. It's Google's DRM protection for audio video content. Microsoft has a different one. It's called PlayReady, I think. And Apple has FairPlay, I think.

James Munns: Yeah, now we're getting to the contemporary ones.

Amos Wenger: We are. Widevine is interesting because- oh, I meant to talk about CSS. One of the problems was that they did not implement revocation at all. So if one of the keys leaked, it was over and that's what happened. So for AACS, the Blu-ray equivalents, they kind of learned their lessons and they were like, okay, we can rotate keys. We can revoke things when they leak. So then it becomes an arm's race of like finding more keys that haven't been revoked yet. And it's kind of the same thing with Widevine, except with a lot more things going on, a lot more levels of obfuscation. And this idea of level is also new. I'm specifically talking about Widevine L3, which is only up until up to 720p content. And it allows doing the decryption in software. And so it's more vulnerable than Widevine L1. L2 doesn't matter, just pretend it doesn't exist. L1 where everything is done in hardware and the GPU or the keys are still in hardware. And you can't really- it's so much harder to break L1 than it is to break L3.

So L3 was broken a bunch of times actually. One of the times was from the widevinecdm.dll file, version 4.10.1610.0. And there's a nice, very, very long write up on how they did it, how they reversed it. It's fascinating. I'm not gonna go in details here, but there's a link to it in the show notes. And you should go read it, because it's fascinating. There's a bunch of anti-debugging tricks used in the DLL. One of them is interrupt2D, which does something different in debuggers than it does in regular code. And it's annoying.

Another thing they do is they just take a function and break it into a bunch of different basic blocks. So just that jumps all over the place for no reason. So when you disassemble them, you get a lot of small little rectangles to jump all over the place and it makes it harder to follow what's going on. But when you read the write up, I haven't done a lot of reversing like that. So for me, reading those is always very, very fun because they go through the code and there's this big sprawling graph of control flow. And they're like, "Well, that code obviously is inflate from libsyn." Like they just, they're just like, "Oh, that's inflate. Oh, that's open SSL." That's, they're just like from mental memory, from just recall, they just know what the code looks like. And that's the closest we'll ever get to real life Matrix. I can see through the zeros and ones. They're like, "I've seen that binary before." That looks familiar.

James Munns: That is one of the cool things about using compilers from high level languages is that compilers have habits the same way that people do. And so like they will code gen specific things in specific ways. And so you start seeing those patterns and you go, "Yep, that's a memcpy." Like that's a, I can see some of those on ARM. You go like, "Okay, yeah, I see what they're doing there."

Amos Wenger: Memcpy is even worse because it goes the other way. If you try to implement your own memcpy, the compiler will recognize that this looks like a memcpy and replace it with the optimized memcpy that it has as an intrinsic. Memcpy is the worst. Exactly. Still on that topic, I wanted to signal boost an article from Matthew Garrett, a recent one, I think, unless I just passed out for a year, called "The GPU, not the TPM is the root of hardware DRM."

The Free Software Foundation has been leading a campaign for a long time called Defective by Design. And it's kind of trying to inform people on what DRM is, how it's preventing, it's getting in the way of freedoms. Like you bought something, you should be able to access it. It's trying to control when and where you can play and enjoy what you bought. So on principle, I'm very much on the side of the FSF and the Defective by Design campaign. However, they got something technical very wrong. And that's what the article from Matthew Garrett is explaining.

They were focused on the TPM, the thing that you have to have if you want to run Windows 11 unmodified. And essentially, the FSF argued that the TPM was the reason that we have hardware DRM for video and audio, and actually it's not, it's in the GPU. So it's an interesting technical article, you can go read it because I learned a bunch of things. Again, I don't know the details of that. The thing is that there's actually very few people who know the details of that. There's people who work at GPU manufacturers, people who work on the Windows team, people who work on the browser media teams. It's a handful of people around the world who have to care about those details. And everyone else is just using code given to them by other companies, licensed by other companies to just try to make their content less pirated, I suppose.

James Munns: I was gonna say, there's also a post, have you heard of Phrack magazine? I don't think so. So Phrack magazine is like one of the old school like hacking web zines. And I think it didn't publish for a while, but people have been starting it up. Wait, it's Phrak with ph, right? Yeah, P-H-R-A-C-K. And I think it started publishing again, but there's another person I follow, is David Buchanan or retr0.id on Bluesky. The cool thing about Phrack is now you can like submit articles and things like that. And he did a really good breakdown of a lot of these current encryption schemes. I think it was a little bit before Matthew Garrett's post, but talking about like, one: some ways to break this, because like you said, there's not a lot of people who understand this.

And sometimes the way that they're implemented is just kind of silly in that like, it's kind of like all the ways that you can mess up encryption. It'll look encrypted on the wire, but you realize you can just be like, oh, here, if I just say it's unencrypted, then all of a sudden that'll get passed along the rest of the chain and an unencrypted signal will pop out the other side. And he did a really good breakdown in Phrack. And also did some analysis on the FSF post around the time that Matthew Garrett was doing it. But he's one of those people who's like, we'll take apart the entire system just to figure out how it works. So he's a good one to follow if you're interested in that, because he writes really well on that.

3. Hardware dongles

Amos Wenger: Number three, hardware dongles. That one's fun. James, I don't know if you ever owned one of these. On the screen right now we have the iLok generations one, two, and three. I had one of those because I had EastWest sounds that were shipped to me on a three terabyte hard disk drive that I connected via IDE, I think at the time. They were the Complete Composers Collection. And you had this USB stick that you had to plug in your computer to be able to use the software and your license was on there.

They still sell that hard disk drive today, but it's now an external hard disk. It's an external SSD most likely. And you connect it over USB. And there's a listing here from Thomann you can buy the disk for $120 without the license. You can't use any of what's on there if you don't have the license. This is just the disk because it's three terabytes of sound. And for people it's just... you're not gonna sit there and just download three terabytes. They're just gonna order it. It's gonna get in the mail in a few days. And that's it and you can take it everywhere you go.

James Munns: I've not used these license keys, but you see this a lot in like niche engineering development tools where they'll usually give you the option between some software program you have to run locally, like a license management server that you have to run and gets authorized and you have so many seats or for some very large flat amount, they'll sell you a USB key or a serial port key or something that you plug in and it will only work when that's attached. And that gets used a lot in industry for like programming machines or stuff that is air gapped because like that's their solution for air gapped things is that you pay five, 10 grand for one of these as the expensive alternative to like a $2,000 a year per seat floating license server kind of thing.

Amos Wenger: Yeah, because the alternative to that is having always on DRM where something phones home regularly. But if you can't have that, then you can just have a piece of physical hardware. I don't know what makes it so hard to reverse, honestly, but it's a black box essentially. You can see what's being sent. You can see what's being received. You don't know what's happening on the chip and you can't just attach a debugger to the circuit, I suppose.

James Munns: It's like a lot of smart cards and stuff. So usually they'll have some protections in silicon so they can detect if you remove the lid off the circuit or sometimes even just open the box, what'll happen at like... this gets used a lot in credit card systems. So credit card systems have very similar copy protections so that they, like, because they download keys so that they can sign transactions but they wanna be tamper resistant.

So they'll have a bunch of different protections. Like one might be the plastic of the case and it presses a button. So when you open the plastic of the case, it releases the button and that cuts the power to the RAM which means it loses the keys. Or they'll have a mesh on, so like on the PCB, they'll have essentially a web of copper and they'll have essentially capacitive touch sensors on there. So if you touch it or cut any of the traces while you're trying to get in there, it also will kill the power and it'll cut the RAM. So there's a bunch of like, none of them are--

Amos Wenger: That reminds me of changing the battery in my car remote and then it lost the programming.

James Munns: It's like that but more sensitive, yeah.

Amos Wenger: I had to look up online from some shady website, the procedure to reprogram the key, just using the car and an existing key. I didn't actually need the existing key. You just do something silly, like turn the key on and off three times and then slam the driver's side door. And I was like, for sure someone's fucking with me. That's not actually the procedure, but it was and it worked.

James Munns: This is like your Bluetooth episode. Just press all the buttons enough times and you'll figure out how to get it into pairing mode.

Amos Wenger: I expect that from a pair of cheap Bluetooth headphones. I don't like slamming this driver's side car. I was like, there's no way this works, but I have to. Because otherwise you go to the dealership and they bill you a hundred bucks just to do that while you're not looking.

2. Denuvo anti-tamper

Amos Wenger: Number two is Denuvo anti-tamper. I think a lot of people hate that one, but actually I think it's a lot less terrible than what was before, StarForce or whatever. There's a bunch of ROM, something. I haven't done, I haven't researched too many. Because those are the sad ones. I wanted the happy take on DRM. Pretty much what Denuvo does, it's not technically DRM or anti-piracy software. It's anti-tamper, but for software, you just talk about physical anti-tamper mechanism. This is for software. And the idea is not to prevent completely to a game from being cracked. So that it's distributed on pirate sites. You can download it. You can play it without having to buy it, without having to have a license for it. The game, the objective here is to just delay the pirates.

If you can have two, three, four, six weeks, where there's no pirated copies of the game available, the only option is to buy it. And during that short window, you can market the heck out of the game and spend a lot of advertising budget. You convert a bunch of people to paying customers. Because not every pirate is potentially a paying customer, but some are. Some are just like, well, if it's just one click away, yeah, I'll play for free. But if buying is the only option, you feel like you're missing out, all your friends are playing it, you want to join a game, you can't.

That's what Denuvo here is here for. Again, there's been a lot of conspiracy. But I think this is kind of back to the making you do a little DIY project, except the little DIY project, there's a lot of reversing. Because there's not just one check you can disable. I think a lot of the code runs in some sort of VM, and there's a lot of checks everywhere, and every release of the game is different. So when you crack one, they just freeze another. Again, I have zero experience reversing Denuvo, but I know some teams do it, and it's kind of a sport. So it makes it fun again.

James Munns: Like you were saying for those four to six weeks, for a lot of those AAA games, 80 or 90% of the sales of all the sales they will ever make on those games are in the first four to six weeks. So someone's actually done the... I've seen a couple articles that analyze that of what the typical sales curve is for those games, and they're like, well, yeah, you can kind of see why being able to, it'll get broken, but if it makes it those two to six weeks, that could mean a lot. I could totally understand the desire there.

1. A/B variant watermarking

Amos Wenger: And number one is the whole reason I made this number list. It's my first numbered list, and I'm a YouTuber, so please admire the restraints. I waited for 2025 me to make a number list. Number one is A/B variant watermarking, and I have found documentation that's gonna be a link in the show notes of some vendor that boasts about it. But originally someone told me about it at a Rust event. They approached me and they talked about it, and I was like, is it secret? Can you tell me that? Oh, yeah, it's not. It would be very fun if they are listening to this episode and recognize themselves, but it's available online, so I can talk about it. It's not an industry secret.

Basically, the aim of this is, let's assume there's the World Cup going on, and it's being streamed in a bunch of legally available ways, but you have to pay to see it. You have to be a paid subscriber of some TV channel, of some website or whatever. It's paper, I don't know. You have to pay, but some people are like, well, I can see it on my computer, which means I can capture the screen of my computer, which means I can rebroadcast it for free on Twitch or whatever, and then what they have to do is just find those streams and squash them, right? They probably have a red telephone all the way to Twitch, being like, "Ah! Nuke that stream!"

But that's not enough, because they're just gonna start another stream with another account and another IP or whatever. So what you wanna do is you wanna find who is doing the rebroadcasting and cancel their paid accounts, because they're violating the terms of their subscription to whatever paid streaming service they have. So there are ways to do that. There's something called steganography, which lets you add some hidden data to an image. It's not visible by eye, but for example, if you do some crimes and you use a copier, and then the papers have little marks on them that can tell the cops which copier you used, and so it's easier to track you.

James Munns: Yeah, so like steganography, yeah, you can look at either the statistical things where you're like, ah, stuff that would be imperceptible to humans or just like on the margins, or I've seen this with audio, or I've heard this with audio as well before, where there was someone who was doing detection of AI-generated audio because he realized, I think I have to go look at this up. I think he had noticed that the LLMs were trained on low-quality compressed audio from places like YouTube, because that's where they could steal it from.

And so he could hear the generated audio was reproducing compression artifacts, but in ways that a compressor would never do. It was like producing them as if they were sound, and they're outside of the normal auditory hearing range of most humans, either high frequency or just subtle enough that it wouldn't bug you, but you could pick it up statistically. And then you were saying the other thing for watermarking, that was the other thing, of printers all... every time you print on a document, they put their serial number in very light yellow ink, and that's how a bunch of counterfeiters have been caught, even beyond the constellation mark stuff where scanners won't scan money if they have a certain pattern in them where they'll just refuse to scan or print it. But even when you print, it'll put something in there where you print enough bills, and one of them will have a watermark on it, and they'll find exactly the serial number of your printer, and they can usually figure out where that was sold, or at least the general area where that was sold, and what distributors sold it to you.

Amos Wenger: And you just ruined a lot of people's get rich quick scheme. I was like, you mean I can't just print dollar bills on my inkjet? Oh, so back to A/B variant watermarking. So you have to take another fee. You can hide information in images that are not visible to the naked eye. So someone watching some movie on Disney + or Netflix or whatever is not going to be able to tell that something's in there. That's the whole point. But if you capture the stream, you can get that information out. Now the question is, you have thousands, maybe hundreds of thousands of subscribers. Are you really going to insert a unique watermark per subscriber per stream? That's a lot of compute.

Encoding a live 1080p stream or 4K stream or whatever is computationally expensive. You don't want to do it once per customer. Also that completely defeats caching. The idea is usually you have some sort of origin server, and then you have some sort of structure where it spreads to edge servers, and those have caches, memory caches, disk caches, that serve the content to a lot of users around the globe. If everyone's getting their own unique copy of the content with their own little watermark, just for them, it doesn't work. So what do you do? You do exactly two variants of the source media, and then you serve everyone a mix. You serve someone like maybe AABAB, and that's a binary number. So James is nodding first. When the person who explained this to me got to this one, I was like, oh, that's so clever. You only have to have exactly two copies of the stream.

James Munns: Yeah, I was about to ask you, I was like, wait a minute, are they--

Amos Wenger: This is the binary encoding.

James Munns: Yeah, they're doing binary splitting where you split them regionally. But yeah, I guess you could re-encode a number by phase shift keying, basically. But yeah, exactly that kind of thing where you end up... you've done a whole series of videos on blocked compression caching and how--

Amos Wenger: Exactly, you're already doing that is the thing. When you do videos from here, you're already slicing things in different--

James Munns: In five or 10 or 30 second segments and things like that. So if you vary 32 times 30 seconds or whatever, so over the course of 16 minutes, you can get a four billion identifiers or something like that.

Amos Wenger: Exactly, but you don't have four billion subscribers and the segments are more like one, two seconds, so it's fine. Yeah, oh, even if you're-- And it's all cacheable. Okay, your edge nodes have to cache twice as much data, but it's all pre-computed at the origin. It's very smart, it's very clever. I hate DRM as a consumer. I think it's wrong, I think it sucks because it's an explicit episode, I can say sucks. But that's so clever, I just kind of like it. I was like, wow, that's, wow, wow.

James Munns: You could appreciate good engineering and silly things.

Amos Wenger: Exactly.

James Munns: You were talking about clever and you talked about people restreaming this to Twitch. One of the most clever, it's dumb clever, but one of the most dumb clever things I've seen is someone was streaming some EuroCup or World Cup game on Twitch, but what they did is they put themselves in the OBS overlay in the corner like most video game streamers do, and they're just sitting there holding the controller and it looked almost like they were playing a FIFA game, but it was like the actual World Cup behind them.

Amos Wenger: And there was so many things on YouTube--

James Munns: way longer.

Amos Wenger: You can find so many videos trying to defeat watermarking. They're gonna have the image upside down, they're gonna have the sound stretched to 96%.

James Munns: weird lines in the middle of the picture.

Amos Wenger: My favorite is "no copyright infringement intended" in the description by 14 year olds.

James Munns: "Email me if you're a license holder!"

Amos Wenger: Exactly.

James Munns: "I will take it down!"

Amos Wenger: Yeah, that's all I got for you today, James.

James Munns: Nice, yeah, I'm somewhat interested, like I said, I'm about to ship a paid app and it's interesting of how far do I wanna go because like every hour I spend on license check stuff is hour that I'm not building features, but if it's ridiculously easy to copy and paste, then it's like, well, I spent months building this and I'm a single person developer on it, so I would like to be paid for it.

Amos Wenger: What platforms are you shipping for?

James Munns: Windows, Mac, and Linux.

Amos Wenger: Because I was thinking earlier today, I was thinking that the reason the Mac has so many nice little apps is that Apple platforms attract people with a product mindset. Not necessarily they wanna get rich and famous and like entrepreneurs type, but just like they like the product, they like the experience, they want the installation to be nice, they want the app to look nice, to be functional, they have this idea of like design purity, and they just like the products and it's a wild over-generalization, I'm gonna make everyone angry with that, but like on the Linux side, not so much. It's more like I want access to everything for free, I wanna be able to modify everything, it's strongly on the freedoms and everything, but there's not that idea of the neat little package product. Yeah, on Mac, every time you wanna do something, you gotta buy a $20 app, but it's usually really nice and most of them are maintained because they can actually make money from it. So I'm enjoying a bunch of those right now.

James Munns: There's something to be said about implicit customer selection, marketing towards a collection of people.

Amos Wenger: That's what I was getting at. I was like, I don't know that a lot of those Mac apps actually have measures in place to prevent piracy, I'm not sure about that, but it never even occurred to me because it's only $20, so as a professional expense in the context of running a company, it's nothing. Personally, if I was a student, I would totally find, not be on Mac, which is I couldn't afford a Mac in the first place.

James Munns: Yeah, the other side is that Macs generally have some of the highest requirements regarding code signing and things like that. I had to go through, figure out how to sign a Mac app and submit it for notarization and stuff like that, and I guess people can still turn, what is it, like a system integrity protection off and things like that, but I think most people, especially people who are using Macs in corporate settings, won't be able to turn that off, but the challenge for me in this, so I'm definitely gonna be selling on Mac because I'm developing on Mac, but I also expect people to run this on embedded Linux systems and things like that, people who are shipping 10,000 devices and things like that, so it does need to run on Linux, and you really have no control over what a Linux user does with their system, and there's not much to be done there.

The way I've been looking at it is, it keeps honest people honest and people who weren't, were gonna find a way anyway, and you can't really stress about that. Like you're saying with piracy, there's a Twitch streamer, PirateSoftware, I forget his actual name, but he's a game developer person, but he has a pretty big opinion of, piracy is just a logistics issue, or he says it a certain way, but for different markets that have different currencies and stuff like that, a $60 game would be egregious. It would be a huge amount of their monthly or yearly salary, so selling to different price points in different markets is a really big thing, and then not stressing over people who are just gonna pirate pirate the game, but a lot of it comes down to, you need to make it easy for people to get the stuff, and it has to be at a price point that they can reasonably expect to enjoy, because not everyone has the purchasing power of the US and Western Europe, but this is--

Amos Wenger: Market specific pricing is a big thing. Apparently, I learned that recently, but everyone has been using the Turkish price for YouTube Premium until they finally--

James Munns: Oh yeah, is it a lower--

Amos Wenger: 'cause was two bucks a month. I've been paying 24 like some sort of asshole, but yeah.

James Munns: I think I have a family plan, so I don't know.

Amos Wenger: I do, that's what, yeah, they keep bumping it up. It's gonna become not worth it at some point. As a YouTube consumer, I'm very angry. I'm a YouTube partner, I don't see any of the money, so I don't know what the heck's going on. You see it from YouTube? Yeah, but I don't see, like every time they bump the price, I don't see an increase in my income.

James Munns: Oh yeah, yeah, you don't get

Amos Wenger: Where's that money going?

James Munns: You don't get a bump of rev share, yeah, no.

Amos Wenger: Benefits are passed onto the shareholders. I just need to buy some YouTube stock. All right, that's all. Bye James.

James Munns : Bye, Amos.