Thursday, January 19, 2006

Nothing Is Sound

First off, I found this alleged MENSA test on digg. Either (1) this is a fake or (2) MENSA is lowering their "genius" standards, becuase let's face it, I'm no genius. While I found it a fun little pattern-matching puzzle, I don't think it's a very broad test. So far I have 28/33. The ones I don't have yet are 14, 16, 17, 30, and 31. For the longest time all I could make of number 28 was, "23 pounds of chocolate in the hershey's bunny", but then the real answer dawned on me and I was like, "of course!". There's an error or at least an inconsistency in number 20 (compare to number 27), so I'm not sure what to make of 16. "100 cents in a euro" would fit, but it's not accepting that.

Note (1/27/2006): someone seems to have moved the page here, removed the references to MENSA, and corrected the errors I was trying to allude to above without giving anything away.

I'm sure you're all aware of the music industry's recent efforts to combat piracy by trying to make CDs harder to rip into MP3's and share online via P2P networks (as if that were the only reason to rip CDs). A few months ago, it was discovered that one such Digital Restrictions Management (DRM) technology employed by Sony BMG called XCP, was found to install itself onto any Windows computer into which a protected CD was inserted (unless autoplay had been disabled).

The CD would pop up a dialogue when inserted asking if the user wanted to install the software that would enable them to store protected copies of the songs onto their computer. If the user clicked "yes" then it would install itself, and copy the files. If the user clicked "no" then it would install itself anyway without the user's knowledge or consent and then remain installed on the computer until the hard drive was wiped. There was no way to uninstall it.

The software basically took over the CD drivers, disguised itself as an operating system service that runs whenever the computer is on, and then changed the operating system such that any file or program beginning with "$sys$" was totally invisible. It was quickly discovered that any program running on a computer could be rendered invisible to detection by simply prepending $sys$ to its name, and this invisibility was exploited first by online gamers in order to run cheat programs without being detected and then by virus writers to hide from antivirus software.

Public outcry, as well as pressure from Microsoft, the antivirus companies, and privacy advocate organizations (and threats of litigation) soon forced Sony to stop production of and then later recall the effected CDs.

[If you think you have been infected by this "rootkit" DRM, click here to download an uninstaller. Sony has made a list of effected CDs, and a form you can fill out to send in your infected CD in exchange for a clean one (free of charge--you can print a prepaid UPS label). In addition to replacing your infected CD, they will also (optionally) e-mail you a link where you can download the album in MP3 format once they receive your infected CD.]

Knowing all this, I decided it would be a fun thing to play with. No DRM technology has ever prevented me from ripping a CD into unencrypted MP3 before, and plus I had heard good things about Switchfoot's newest album (or, at least, the music on it).

I knew Amazon had stopped selling the CDs (and even offered to replace them with the uninfected DualDisc versions for those that had previously bought them), so I had to find a disreputable seller of music who was willing to peddle anything, even if the contents were tantamount to a computer virus to an ignorant and trusting public. Sure enough, I found my dealer at! It was heavily discounted (almost as if there were an overstock--I wonder what happened to Amazon's inventory...), so I ordered it along with a few other albums that were also on sale.

Don't try this at home.

When it finally came, the first thing I did was stick it into my stereo. There was no sense in trying to rip something that wouldn't even play in a regular CD player. Sure enough, it played. Next, I double-checked my computer's Autoplay settings, making sure the feature was turned off. Once the CD was inserted, the DVD drive's icon changed to the album cover and I opened the drive as a folder using right-click, "open" (in stead of double-click, which may have launched the software and infected my computer). There were several files and folders, among them were several executables and some fake audio tracks that did nothing when I attempted to extract them. I tried opening Media Player, but it didn't recognize that there was an audio CD in the drive. I read online that there are certain CD ripping programs that will actually rip these disks from Windows, but I didn't want to download and install (and even possibly have to purchase) them. Nothing else I tried seemed to be working, so I decided this was a job for Athena, my trusty computer in the living room running the Gentoo distrobution of the Linux Operating System.

I placed the album into my Linux box's CD tray and inserted it. Then I logged in to my desktop (using KDE) and there was an audio CD icon on my desktop. This was the first time I had put an audio CD into my Linux box, and so I didn't know what to expect. Apparently, KDE presents an audio CD to the user as a set of folders containing the music in every format that you can extract it as (GNOME doesn't do this, though). There was a folder called MP3 with all the tracks inside in MP3 format. Another called OGGVORBIS with the tracks in OGG format, etc. You could extract the tracks individually, or the disk as a whole, and all you needed to do was drag the files you wanted into the folder where you wanted to store them. They would then be "copied" (ripped) into that folder using the configuration settings from the KDE Control Menu. Pretty slick if you ask me.

I decided I still wanted to rip the CD using my Windows laptop, because that's where I normally play them from and I wanted the pretty cover art to be the way WMP likes it, and plus there was no CDDB info on this album (hmm.. wonder why that was) and I didn't want type it all in or figure out how to custom configure the search just yet. What I ended up doing was using a tool called Gnome CD Master to rip the audio content into a .bin file containing raw data and a .toc file that told where the track boundaries were. (Note to self: use this to remove the "E-mail of the month" bit from the first BarlowGirl CD.) From that pair of files, I burned a bit-perfect copy of the audio session to a blank CD-R, and then ripped from there to my Laptop. (To top it all off, I also copied the new MP3 files back to my Linux box with the rest of my music collection.)

I also later extracted the Audio CD tracks using KDE, and made a backup of the whole disk using Nero just to save the DRM intact for posterity and later fiddling. Then I filled out Sony's little form, printed out my UPS label, and sent it off (or at least I will do so when I have time).


  1. RFH Speaking:

    Actually, Tim was not quite accurate in his analysis. After his glorious Linux box (he liked to call it \\Athena) failed miserably and completely to do anything he wanted to do with the disc (including ripping and copying) I put his disk in my oh so glorious Windows XP desktop and ripped the disk for him into the Nero image, ripped the audio, and made a bit disc copy for backup purposes. Ah, Windows!

    P.S. No rootkits were installed in the practice of this service.

  2. My analysis is perfectly accurate. What you call into question are the details of my narrative, particularly this part:

    "I... made a backup of the whole disk using Nero..."

    Yes, you, RFH, were the one who physically made the copy using your computer. However,

    (1) I did not want to complicate my narrative beyond the essentials, and chronicling your involvement would have meant adding a layer to the narrative.

    (2) It is absolutely false that Athena "failed miserably and completely to do anything he wanted to do with the disc (including ripping and copying)". In fact, while you were making the Nero copy, you may have noticed that the CD was playing in the living room from the .bin file that I had extracted before you ever got involved.

    (3) In no way did I suggest that you did get infected. In fact, I didn't even mention you (and perhaps that's why you're all upset). If you meant to imply that Windows XP is secure, then you are sadly mistaken. Might I call to memory certain recent events surrounding your laptop and a WMF exploit which necessitated the reformatting of your hard drive (which, by the way, you totally deserve for using MSIE over Firefox when you KNEW there was an unpatched exploit in the wild).

    (4) The copy was made at my behest. Furtermore, I did NOT rip the audio from an audio-only disk provided by you as you suggest. I ripped it from a bit-perfect copy of the DRMed disk (which, since you seem to care that it be known, was in fact burned by you). The only reason the copy was used was that the original seemed to be producing read errors toward the middle of the last track. most of the disk (11 tracks) was already ripped to athena in CD Audio format.

    (5) You had previously expressed your displeasure at being referred to as "RFH", so I was deterred from mentioning you on my blog.

    (6) I have NEVER referred to my linux box as "\\Athena". I use "Athena" or "athena". "\\Athena" implies that (a) you are using the SMB networking protocol to access it from a Windows machine, and (b) that the network name is known to the machine that you are accessing it on.
    (a) is not true most of the time, because I log on to athena directly quite often, and I also often use SSH or SFTP from windows boxes in addition to SMB.
    (b) has not been true ever since you got that second network-attached storage drive and I kindly removed the second ethernet cable (the one that was using DHCP and reported the network name "athena" to the router). Since then, to access athena over SMB from within our home network, you need to use "\\".

  3. RFH:

    Actually I was having fun. There are far too many points to respond to. I will hit the highlights.

    1) With much usage comes much irresponsibility (ie Firefox/IE WMF)
    2) The Athena name was a joke on my and my Windowsness.
    3) You can do \\Athena and it does seem to work again
    4) Humor... it is your friend

  4. OOoohh...

    Fight! Fight! Fight! Fight!

  5. Wow. And I don't even understand most of the agrument. I suppose it's just as well.