Sony Rootkit Phones Home

strider44 writes "Mark from Sysinternals has digged a little deeper into the Sony DRM and discovered it Phones Home with an ID for the CD being listened to. XCP Support claims that "The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities." Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!" Update: 11/07 14:21 GMT by H : Attentive reader Matteo G.P. Flora also notes that an Italian lawyer has filed suit against Sony on behalf of the Italian equivalent of the EFF. Translation availabe through the hive mind. Update: 11/07 15:18 GMT by H : It does appear that in fact Sony does see through the $sys$ - see Muzzy's comment for more details.

Comment removed

[account_deleted]

Comment removed based on user account deletion

The market provides!

[dada21]

Instead of rushing in and demanding a law to battle this "problem," just leave it alone. The market continues to provide exactly what people want.

Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.

You're responsible for checking out a product before buying it. I won't buy any music ROM disc that doesn't have the "CD" certification logo, unless it is from an indie band. I still rip eve y CD from a CD player with an optical out into my PC. Safety first.

If Sony doesn't get a lot of backlash over this system, others will adapt it. I am not buying any more Sony CDs, but I'll buy other products from other divisions.

  I see no reason to cry wolf here. You are buying their product. If you find something you don't like, someone will adapt it for your uses.

For those wanting a la , remember you likely supported the same political parties that enacted the DMCA, copyright extensions, and other tyrannical laws. Stop voting in the booth, vote in the checkout aisle.

No information

[Threni]

"No information is ever fed back or collected about the consumer or their activities."

Other then your IP address, date and time it's connected to the net, the CD you're listening to, how often you listen to it...

Why is this posted in games?

[PhotoBoy]

Is it the game of working out ways to piss off Sony by circumventing their crappy DRM?

Re:The market provides!

[Anonymous Coward]

Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.

You're responsible for checking out a product before buying it. I won't buy any music ROM disc that doesn't have the "CD" certification logo, unless it is from an indie band. I still rip eve y CD from a CD player with an optical out into my PC. Safety first.

You obviously never read the original article. Sony didn't advertise in any way shape or form that this was on the CD, so even you wouldn't have been able to "check out" the product before buying it!

Re:The market provides!

[phil reed]

Of course, this presumes that the product and the producer don't take active steps to deceive the consumer, and presumes a technically-sophisticated consumer capable of analyzing the technology involved. Your idealistic scenario kind of falls flat when it runs into the real world.

Re:The market provides!

[stinerman]

Stop voting in the booth, vote in the checkout aisle.

You know as well as I do that if you don't do the bidding of the right people, you won't find yourself with any "shelf space". Its white bread or wheat bread, anything else is illegal. Feel free to vote in the checkout aisle, just don't complain to anyone when your rye bread is nowhere to be found.

Utterly Laughable

[yakumo.unr]

These copy protection schemes are NEVER goign to work as long as the content is still available to play on regular cd players. Even if it's not, it will be hacked as long as some hacker thinks it might be an amusing way to spend an afternoon.

why are sony SO unbeleivably stupid as to think otherwise. They must be wasting hundreds of thousands of pounds on this utterly useless rubbish, that even the least technical of people can bypass.

These things are so childish no hacker would even bother with them, as stated this one even defeats itself!
It only takes one breach to distribute a copy, why piss off thousands of genuine paying clients?

The mind boggles, the only people winning are the copy protection companies living happy lives doing nothing but ripping Sony off.

aren't they supposed to do maketing studdies on things before release?
maybe employ a 16 year old to independantly test the schemes for them rather than taking the word of the people selling them this rubbish
(I'd have said 10 year old but it wouldn't be legal)

revenue lost to purchasing clients who will have to return product as it wont run. $X,0000
revenue lost to potential clients who will be scared off buying in the first place. $Y,0000
estimated reputation damage to company. priceless.

estimate of no. of pirated copies prevented. ZERO.

great...

[archen]

So you can use their own rootkit to bypass their own DRM. And exactly what level of control do you even have at the point where you are screwing with a rootkit to rip CD's on your own computer?

I hope Microsoft is paying attention here, because this could set an EXTREMELY bad trend here. Why do we have these "certified" drivers? Because a lot of them were crap. Now we have software injecting stuff directly into the OS. I can't say this is going to help MS in the security and stability department.

Re:Rip It....Rip It Good

[meringuoid]

I've never met anything that cdparanoia couldn't handle, unless it was scratched to death; IIRC, CDex uses cdparanoia as its ripping engine, so it should have the same uber ripping powers.

AFAIK, the rootkit is the only protection on this CD. As they admit, it looks like a normal CD to an Apple computer - and, of course, to a Linux computer. And, for that matter, to a Windows computer with Autorun disabled... I do enjoy a truly pathetic copyrestriction system, don't you?

Re:Utterly Laughable

[sqlrob]

estimate of no. of pirated copies prevented. ZERO.

Actually, that's probably in the negative. How many are going to pirate that weren't simply because they aren't going to trust Sony CDs not to do anything to their computer from now on?

I need to thank Sony

[melgish]

I've always been under the impression that Japanese companies (or those largly held by) were a bit more ethical than their American counterparts. Sony has proven to me that my impression was completely in error. Unless they come very clean, very quickly, I will do my utmost to avoid purchasing any Sony product ever again, be it a new cam corder, an entertianment system...or even blank media.

I got a bad feeling about this...

[altoz]

I could see Sony continuing this with their memory sticks. What's to stop them from installing a rootkit anytime you got a digital camera or an mp3 player from them?

Why would you do this? This is stupid.

[Biotech9]

Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!"

All I've seen from people on this issue are ways to get around the DRM. Yes, there are MANY ways to get around it, audio line-out to a DAT or an iPod, using linux, a mac, CDex, Audiograbber, Audiohijack-pro...

But that is all just retarded, if you're buying this CD and you use it as Sony want you to use it, it is NO different than if you buy the CD and rip it with some workaround. Sony don't SEE a difference. The MP3s will be on DC++ anyway, it's not like they will lose sales to people ripping it for their iPods or whatever.

And if you do buy the CD, (regardless of wheter you rip it or not) you have just voted. Corporations are the Governments of today and with your purchase you vote. And buying any content protected CD regardless of what you do with it is a VOTE to Sony that DRM is acceptable to you. And that means next time it won't be some crappy nobody C&W CD that is taking over your PC, it'll be the big Sony acts. And then the big EMI acts and WB acts and so on.

Vote with your cash, buy non-DRM encumbered CDs or else just steal it. I'd prefer to take the moral issues and risk of stealing rather than just be Sony's bitch and install their shitty rootkit on my computer.

Re:Rip It....Rip It Good

[ModernGeek]

If it installs this rootkit through autorun when you put the CD into your Windows machine, how is this any different from a worm? Just because it isn't spread through the internet doesn't change the fact that it is a virus.

Very backward thinking on Sony's part

[mcgroarty]

I'm no copyfighting warrior. I buy all my music because I enjoy supporting the industry that makes it available to me. That said, it sure seems to me that all Sony are doing here is removing the incentive to purchase their CDs. Not only do you face the possibility of not being able to rip as you please, but you face the possibility of screwing up your system by buying Sony CDs.

What's the goal here? To stop the people who buy CDs and rip copies for a few friends... by driving everybody to rely on safer online distribution exclusively?

Re:NO you are WRONG

[meringuoid]

It is illegal in this case, because you are bypassing Sony's DRM.

Ah, but you didn't say illegal, you said wrong. The equation of the two is perhaps the greatest threat to liberty in the modern world.

One and only one thing to fix the problem

[keraneuology]

Anybody who buys any CD or DVD from Sony before a VP at Sony is fired over this bears direct responsibility for this. The ONLY thing that Sony will understand is a loss of business. Losing a lawsuit just won't cut it because their insurance company will bear the brunt of the loss.

If you care about this, then don't buy Sony games, music or movies. If you don't care about DRM and spyware issues then by all means go out and buy more product from them.

Is sending a clear message that you will not tolerate corporate abuses worth going a few months without shelling out $18 for a CD that has two decent tracks on it?

Accept nothing less - the public firing of the VP who oversaw the department that gave the green light to this - or no purchase of any Sony game, music or movie.

Personally I don't think enough people value unhacked systems enough to make the sacrifice. My prediction is that Sony will essentially get away with it, may have their insurance company pay a few settlement checks, and make a better attempt next time around. Or simply write enough checks to MS to ensure that the DRM is included in the Colonel (weak joke about a police state... sorry). And write enough checks to Motorola and Intel to make sure that DRM is included at the chip level. And write enough checks to US Senators to make sure that the law will back them up next time.

Again, the only recourse is to refuse to buy Sony products until a VP is fired. Nothing else will work.

Re:The market provides!

[marika]

Isn't it a problem if you can't read the EULA before buying the product? And since you unpacked the CD you are actually stuck with it.

Re:The market provides!

[Haeleth]

Instead of rushing in and demanding a law to battle this "problem," just leave it alone. The market continues to provide exactly what people want.
Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.

And that's exactly why we have the responsibility to make a big fuss about it.

When someone does something bad, we, as responsible citizens, have to educate others about it. We have to make a big fuss so that people realise why they shouldn't want CDs infected with DRM. To remain silent would be to give consent for Sony and pals to keep right on shafting us.

Voting with your wallet is a good start. But we need soapboxes too. There's no point voting with your wallet if nobody knows what you're doing or why.

Don't buy Sony products?

[bigberk]

Isn't the solution pretty simple? Anyone surprised that Sony is pulling shit like this? They're one of the major members of the RIAA, MPAA, CRIA... Don't be a stupid consumer -- it's ridiculous to both spend your money on something that upsets you, only to get upset more. Warn your family against Sony products

Re:Rip It....Rip It Good

[ModernGeek]

The way I heard it, it sounded like it was copying itself from the CD to the machine without the users consent. I assumed this would be called a virus as it is replicating itself. Maybe trend micro's quiz didn't educate me very well

After finding more information about it, it sounds as if it blocks programs from accessing the CD drive that are in sony's list.

Step 1: Rename your Windows Server App to ITUNES3.EXE
Step 2: Put all the config files for that server app on a CD
Step 3: Insert Sony music CD into secondary drive
Step 4: The DRM that installed itself without your consent crashed your mission critical server. Sony is liable!
Step 5: ???
Step 6: Profit!

why is this even possible?

[egburr]

One thing I haven't seen addressed (or maybe I just misseid it?) is WHY it is even possible to implement this "feature" of being able to hide a process by adding the $sys$ prefix. That sounds like a severe bug in Windows.

This "rootkit" doesn't even have to be present now that the virus/trojan/spyware writers know it is possible. Re-implementing this feature would just be one of the first steps of installation. Shouldn't people be demanding a fix for this from Microsoft?

Re:The market provides!

[loraksus]

Lets stop pretending that retailers allow you to return CDs.

Re:One and only one thing to fix the problem

[phil reed]

Also, be sure to let Sony know why you aren't buying their product. And, tell the artist why you won't be purchasing their CDs.

Re:The market provides!

[loraksus]

Perhaps, but I'd guess that this cd would pass the tests and get the mark because it plays in everything except a windows pc w/autorun (and only then because their shitty software breaks your machine)
That said, it is a damn sleazy thing to do - both in terms of screwing the people who buy the CD and in terms of the decision to purchase this (ultimately useless) DRM.
Apparantly a lot of the higher ups in this DRM company also have high level positions in Sony. Would anyone here be surprised if any of the execs at the DRM company received bonuses around the time period that Sony chose their DRM?

If this is given enough public attention, perhaps shareholders may get pissed.

Re:The $sys$ prefixing thing was apparently wrong

[muzzy]

Btw, Since distracting CD-ROM functionality by randomizing the signal a little seems to be "OK", you can expect the record companies to target P2P apps with future DRM systems. If it's OK to screw your system and ripping software, it's going to be ok to screw your p2p if they think you're sharing their stuff. This kind of malware along with DRM is a slippery slope, and you'll never know where it ends if you tolerate it even a little.

So easy

[tcatt]

to see where this will go.. how long before your cd has to dial into an advertising scheme of some sort before you can listen to to the music you paid for.

Re:NO you are WRONG

[meringuoid]

Nice pull of the 'liberty' strings there, you got your mod points, but you are still incorrect. Ripping this CD is both illegal and wrong; if you bought this CD, you entered into a contract with Sony, and by ripping it, you are breaking your side of the contract, which is wrong in every sense.

No I didn't. I entered into a contract for sale of goods with the record store, the terms of which were that I handed over some cash and they handed over a CD. That contract was fulfilled to the satisfaction of both sides. I have no other contractual obligations of any kind.

Re:NO you are WRONG

[stephenslashdot]

Now, I didn't buy that CD (or any others in the last five or six years) but if I had, I'd like to see where the terms and conditions of the contract that I SIGNED AND AGREED to are. If they are available for viewing BEFORE I make the purchase AND they explicitly indicate everything that Sony is allowed to do to my computer if I choose to put it in my computer, then you have a point. If not, then it is nothing more than a con, equivalent to me mailing you a letter that you open to see "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts". If you feel Sony isn't WRONG, then you'd better fork over everything you own when you get that letter, because it's the same thing. Now, if I posted "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts" and you open it, well, that's fair game because you had the option, and if you weren't a dumbass, you wouldn't open it. That's the difference. Sony is not providing OUTSIDE of the purchase the terms and conditions that you are claiming binds the purchasor, and Sony is NOT refunding your money if you disagree with what you find inside.

Re:I wonder...NOT

[ball-lightning]

Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.

This article is about Sony and their creation of ill-will and lack of trust, not Microsoft. Yes, yes. Sony's rootkit is designed for windows, autoplay, etc and so on, but you really can't blame Microsoft in this case. It is just as possible to create a rootkit for any Macintosh or Linux machine, they just haven't because most of their customers use windows.

As for autoplay being a bad idea, it is and it isn't. I remember back when autoplay was first introduced (I can't beleive it was 10 years ago) the whole idea was that you would buy a product from the store, insert it into your computer, and bam, you're off. I remember thinking it was a pretty cool idea at the time, although only one program actually did it as cool as the Microsoft commercials, SimCity 2000. (You would insert the CD-ROM, and then play the game, w/out installation). While in retrospect it wasn't the best idea security-wise (at least without some sort of warning), I would be sad to see autoplay completely dissapear, since I'm lazy and enjoy my computer anticipating what I want it to do.

Re:The solution:

[pintpusher]

I thought about this and then realised that the problem is that you're still PAYING them to produce this crap. This bothers me. While its great that you can get the music you want, and its cleary "fair use" to make a "backup" of the original disc it turns my stomach to realise that they are basically getting away with this crap. What you are doing is validating their plan.

The only solution I see is to make a copy, then take the original disc(along with all packaging), along with the crufty old player that CAN'T read it back to the retailer and demand your money back as the disc won't function in your player. You'll likely have to demonstrate that. If the disc is so crippled, then it can't really meet the CDDA standard etc etc etc.

Oh, yeah. You'll want to throw away that copy you made earlier. ahem.

Why this doesn't matter in the big picture. . .

[Fantastic Lad]

It is more important that people absorb media mind-control than it is for big companies to make lots of money.

Everybody in industrialized nations will always have access to more than enough medium for their brains to drown in. Money made directly from the sale of media, is in this case, a secondary concern.

The only things people might have a more difficult time gaining access to in our DRM future are positive, un-tainted messages. Though with choice and intent, people can find those easily enough as well.

So don't sweat the reverse psychology; we'll still all be able to listen to the next pop star with relatively little trouble. --In fact, as per usual, it will probably take a degree of concentrated effort to avoid whatever dark-side, soul-draining message of slavery is being broadcast.

"Hit me Baby, one more time."

Ugh. The stuff is like nuclear fall-out. Destructive and near impossible to avoid.

-FL

Re:I wonder...NOT

[BoRegardless]

I do have to agree with your comments. I agree that other OS's can have software added in bad ways. What I would prefer to see is that the OS's that I run, never allow any install to occurr without me personally OKing the operation. Maybe that would be obtrusive, but that is what I would wish.

But what I do object to in MS Windows is the concept that Microsoft has designed their "system" with the input from their 'strategic partners' like Sony, to allow these sorts of things which have happened, which is basically designing an OS to be primarily setup behind the scenes away from the user, such that the OS is at the beck and call of Microsoft and its partners. Microsoft is thus responsible for this mess, at the 'root' of the problem. They thus deserve my dissing and scorn. They have caused a LOT of wasted hours out of my life that should never have ocurred.

This attitude has caused an incredible amount of harm on so many levels that I am surprised some enterprising attorney has not filed a suit against Microsoft and tried to get class action status to represent all individual Windows users.

Announcing: The Hider

[davidwr]

1 April 2006

PRESS RELEASE: Announcing The Hider®

The Hider® is a run-time library that your program calls during initialization. It randomizes strings of your choosing, including window names, application names as they appear in the Task Manager, and other strings. It also comes with The Launcher® which will copy your program to a random file name, encode it and add a decoding module, and run it from there.

This program enables your program to hide from "detectors" such as the infamous Sony 2005 Rootkit.

The developers license prohibits the use of this The Hider® and related programs in DRM applications, viruses, and other malicious software. Violators will be prosecuted under the DMCA and other laws.

Re:I wonder...

[Anonymous Coward]

Most people who are in apartments are so because they can't afford a house or don't have the financial accuity to understand that they CAN afford a house.

While this is very true, you have to understand that housing prices vary a great deal across the U.S. In Massachusetts, the housing prices are so high that it is sometimes very difficult for even a person with a six figure income to afford a house. We have the highest housing prices in the U.S. I live in a neighborhood which is about 40 minutes from Boston and about 10 minutes from Providence. It's also about 2 minutes from the armpit of Rhode Island - Pawtucket. You'd figure that the housing prices here should be dirt cheap, because of the location. They aren't. For instance, the other half of the duplex (i.e. two family home) that I live is being sold for almost $300,000. It has less than 1/10th of an acre and abuts a swamp. It has no garage and the driveway isn't big enough to accomodate two cars.

Now if you want to own a house with more than two bedrooms on a lot bigger than a postage stamp, you are going to have to spend more than half a million dollars. If you want to be close to Boston and not live in a slum, you are going to be spending over a million doillars.

So you have three choices, either purchase a house that you can afford in a bad neighborhood with a poor school system that will be devalued heavily when the bubble finally bursts, move, or rent an apartment to wait until housing prices come down.

Now do you see why so many middle class people are renting?

Re:Now I'd just love...

[The Master Control P]

I love their 'removal' instructions... "Go to Sony and download the newer version of the rootkit." WTF over?

Dear Symantec: To remove a rootkit does not mean to install an updated version of it. This piece of malware is no different than any other, I want it OFF MY SYSTEM.

Irony

[Kadin2048]

My favorite part, for irony:

Note: This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.

What sort of "legitimate application" needs to be hidden using a rootkit? What sort of definition of legitimate are they using, anyway?

Second favorite part:

WARNING: Removing this security risk manually may damage the compromised computer's operating system and may violate the manufacturer's end-user license agreement.

prevention

[jafac]

In the past, while working on a friend's infected laptop, cleaning out malware, I took down the names of some of the installed junk, and in frustration, I reinstalled the OS, and created 0-byte files with the same names as the spyware files, then I set them to read-only, and permissions only to the SYSTEM and a dummy admin user account. For the past year or so, she hasn't had nearly as many episodes of needing me to clear off her system. Part of that may be because of the copy of Spybot Search and Destroy, Norton, and the fact that she now uses Firefox.

But creating an 0-byte Aries.sys stub, making it read-only, may prevent the installation of the real-deal.

Re:The $sys$ prefixing thing was apparently wrong

[The Warlock]

Well, fuck, if you're using open source software anyway, rip the damn thing under Linux, and avoid the rootkit altogether.

Re:NO you are WRONG

[KitesWorld]

'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession. I also have a right that allows me to make backups - be it recording onto cassette, ripping to my ipod, making a backup/mix CD, whatever - its perfectly legal, and ICL recognises that. It's wrong for me to *Distribute* any of those copies I make, but not to make them. That's the distinction. Also, there is no contract. A contract has to be presented BEFORE the item it is attached to is given/sold/leased/whatever. To attach terms to a sale after the sale is made is simply deceit - I don't know about the U.S, but here in the UK it is actually ILLEGAL for a company to attach terms in that manner. Hence, Sony's EULA is in no way binding. The only protection the CD has is Copyright law. As long as the purchaser remains within the laws fair use constraints (I.e, not re-publishing it), there is nothing unethical, or illegal taking place. Unless you live in the USA with its shitty, overly-broad DMCA.

Re:The $sys$ prefixing thing was apparently wrong

[SiliconEntity]

Just my luck, when I make it to slashdot it's something I've analyzed wrong. I tested to rename my ripping software to begin with $sys$ and it ripped it fine, but apparently something else was the deciding factor. I can't reproduce that effect!

Too late. This is the kind of falsehood which will become true merely by repetition. It is too good a story not to tell. You will see it repeated over and over on site after site. Occasionally people will try to follow up with corrections but they will never get the attention that the original false report got.

"A lie can travel halfway around the world while the truth is still putting on its shoes." - Mark Twain

Re:NO you are WRONG

[DA-MAN]

'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession.

First of all, IANAL. Now that this has been stated, although I disagree with the music industry, I am tired of crap like this being posted. Fair use is not a legal right, it's a set condition under which you can't be prosecuted. The Fair Use doctrine states that although illegal to make copies unless you are the copyright holder, you can get away with it if you qualify under X, Y, or Z.

In addition, the 'Fair Use' doctrine is U.S. Copyright Law. It is not international copyright law. This is why iTunes is technically illegal in Australia, because it can copy cd's. Although most countries have a similar exception to the copyright law, Fair Use is by no means International Law.

Other than that I must say, I hate how the entertainment industry is screwing with my rights. I think we all need to educate ourselves better with what is going on, so that we may better fight this bullshit. It's blatantly obvious that our Government does not have the best interests of it's citizens in mind while passing these laws. Hell we are still stuck in the middle ages of art because nothing ever goes back into the public domain anymore.