CD/DVD copy protection

CD/DVD copy protection is a blanket term for various methods of copy protection for CDs and DVDs. Such methods include DRM, CD-checks, Dummy Files, illegal tables of contents, over-sizing or over-burning the CD, physical errors, and bad sectors. Many protection schemes rely on breaking compliance with CD and DVD standards, leading to playback problems on some devices.

Protection schemes rely on "distinctive features" that
* can be applied to a medium during the manufacturing process, so that a protected medium is distinguishable from an unprotected one.
* can not be faked, copied or retroactively applied to an unprotected medium using using typical hardware and software.

Technology

Illegal filesystems / Dummy files

Most CD-ROMs use the ISO9660 filesystem to organize the available storage space for use by a computer or player. This has the effect of establishing directories (ie, folders) and files within those directories. Usually, the filesystem is modified to use extensions indended to compensate for limitations in the ISO9660 filesystem design. These include Joliet, RockRidge, and El Torito extensions. These are, however, additions to the underlying ISO9660 structure, not complete replacements. The most basic approach for a "distinctive feature" is to purposely fake some information within the filesystem. Early generation of software copied every single file one by one from the original medium and re-created a new filesystem on the target medium.

Illegal sectors

A "sector" is the primary data structure on a CD-ROM accessible to external software (including the OS). On a Mode-1 CD-ROM, each sector contains 2048 bytes of user-data (content) and 304 bytes of structural information. Among other things, the structural information consists of
* the sector number, the sector's relative and absolute logical position
* an error detection code (EDC), which is an advanced checksum used to detect (if possible) read-errors
* an error correction code (ECC), an advanced method of detecting and correcting errors

Using the EDC and ECC informations, the drive can detect and repair many (but not all) types of read-errors.

Copy protections can use these fields as a "distinctive feature" by purposely crafting sectors with improper EDC/ECC fields during manufacture. The protection software tries to read those sectors, awaiting read-errors. As early generations of end-user soft/hardware were not able to generate sectors with illegal structural information, this feature could not be re-generated with such soft/hardware. If the sectors forming the "distinctive feature" have become readable, the medium is presumed to be a copy.

Modern soft/hardware is able to reproduce "raw" sectors, therefore this approach cannot be used to give protection any more.

A modification of this approach uses large regions of unreadable sectors with small "islands" of readable ones interspersed. Most software trying to copy protected media will skip intervals of sectors when confronted with unreadable ones, expecting them all to be bad. In contrast to the original approach, the protection scheme expects the sectors to be readable, supposing the medium to be a copy when read-errors occurs.

Illegal sub-channels

Beside the "main-channel" which holds all of the user-data, a CD-ROM contains a set of "sub-channels" where certain meta-information can be stored. One of these channels — the "Q-channel" — states the drive's current position relative to the beginning of the CD and the current track. This is a leftover from Audio-CDs, where this information is used to keep the drive on-track; nevertheless the Q-channel is filled even on Data-CDs.

As every Q-channel field contains a 16-bit checksum over its content, copy protection can yet again use this field to distinguish between an original medium and a copy. Early generations of end-user soft/hardware calculated the Q-channel by themselves, not expecting them to carry any valuable information.

Modern software and hardware are able to write any information given into the subchannels Q and P.

"Twin sectors"

This technique exploits the way the sectors on a CD-ROM are addressed and how the drive seeks from one sector to another. On every CD-ROM the sectors state their logical absolute and relative position in the corresponding sector-headers. The drive can use this information when it is told to retrieve or seek to a certain sector. Note that such information is not physically "hard-wired" into the CD-ROM itself but part of user-controlled data.

A part of an unprotected CD-ROM may look like this (simplified):

When the drive is told to read from or seek to sector "6553", it calculates the physical distance, moves the laser-diode and starts reading from the (spinning) disc, waiting for sector "6553" to come by.

A protected CD-ROM may look like this:

As you can see, a sector was inserted ("Mary") with a sector-address identical to the one right before the insertion-point ("6553").When the drive is told to read from or seek to sector "6553" on such a disc, the resulting sector-content depends on the position the drive starts seeking from.
* If the drive has to seek forwards, the sector's original content "Jill" is returned.
* If the drive has to seek backwards, the sector's twin "Mary" is returned.

A protected program can check whether the CD-ROM is original by positioning the drive behind sector "6553" and then reading from it - expecting the "Mary" version to appear. When a program tries to copy such a CD-ROM, it will miss the twin-sector as the drive skips the second "6553"-sector, seeking for sector "6554".

Note that there are more details about this technique (e.g. the twin-sectors need to be recorded in large extents, the SubQ-channel has to be modified etc.) that were omitted.

Although protection-vendors using this technique say it's "physically impossible" to copy this kind of protection, specialized software can produce perfect clones of such CD-ROMs. However, this process is very time-consuming.

Data position measurement

Stamped CDs are perfect clones and have the data always at the same position, whereas writable media differ from each other. Data Position Measurement (DPM) detects these little physical differences to efficiently protect against duplicates. SecuROM 4 and later uses this protection method.

Current situation

The Red Book audio specification does not include any copy protection mechanism. Starting in early 2002, attempts were made by record companies to market "copy-protected" non-standard compact discs. Philips has stated that such discs are not permitted to bear the trademarked "Compact Disc Digital Audio" logo because they violate the Red Book specification. It also seems likely that Philips's new models of CD recorders will be designed to be able to record from these "protected" discs. However, there has been great public outcry over copy-protected discs because many see it as a threat to fair use. For example, audio tracks on such media cannot be easily added to a personal music collection on a computer's hard disk or a portable (non-CD) music player. Also, many ordinary CD audio players, e.g. in car radios, have problems playing copy-protected media, mostly because they use hardware and firmware components also used in CD-ROM drives. The reason for this reuse is cost efficiency.

In late 2005, Sony BMG Music sparked the Sony CD copy protection scandal when it included a form of copy protection called Extended Copy Protection ("XCP") on discs from 52 artists. [http://cp.sonybmg.com/xcp/english/titles.html] Upon inserting such a disc in the CD drive of a computer running Microsoft Windows, the XCP software would be installed. If CD ripper software were to subsequently access the music tracks on the CD, XCP would substitute white noise for the audio on the disc.

Technically inclined users found that XCP contains a root kit component. After installation, XCP went to great lengths to disguise its existence, and it even attempted to disable the computer's CD drive if XCP was forcibly removed. XCP's efforts to cloak itself unfortunately allowed writers of malware to amplify the damage done by their software, hiding the malware under XCP's cloak if XCP had been installed on the victim's machine. Several publishers of antivirus and anti-spyware software updated their products to detect and remove XCP if found, on the grounds that it is a trojan horse or other malware; and an assistant secretary for the United States' Department of Homeland Security chastised companies that would cause security holes on customers' computers.

Facing apparently unanimous resentment and class action lawsuits [http://news.bbc.co.uk/1/hi/technology/4424254.stm] Sony BMG issued a product recall for all discs including XCP, and announced it was suspending use of XCP on future discs. On November 21, 2005 the Texas Attorney General Greg Abbott sued Sony BMG for XCP [http://www.oag.state.tx.us/oagnews/release.php?id=1266] and on December 21, 2005 sued Sony BMG for MediaMax copy protection. [http://www.oag.state.tx.us/oagnews/release.php?id=1370]

Notable copy protection schemes currently in circulation

Commercial CD protections

*CD-Cops
*DBB
*SafeDisc (versions 1-4)
*SafeCast
*SecuROM
*StarForce
*TAGES

Commercial DVD Protections

*RipGuard
*SecuROM
*SafeDisc (version 3)
*Sony ARccOS
*TAGES

Commercial Audio CD/DVD Protections

*Cactus Data Shield
*Key2Audio
*MediaMax CD3

Console CD Protections

*Dreamcast GD-ROM
*PlayStation CD-ROM
*Xbox DVD RSA, CSS (Content-scrambling system)

Protected DVD Copiers

*DVD Decrypter
*CloneDVD
*DVD X Copy

External links

* [http://www.cdmediaworld.com/hardware/cdrom/cd_protections.shtml CDMediaWorld's CD protection page]