April 24, 2014

avatar

SonyBMG DRM Customer Survival Kit

Here’s a handy bag of tricks for people whose computers are (or might be) infected by the SonyBMG/First4Internet rootkit DRM. The instructions here draw heavily from research by Alex Halderman and Mark Russinovich.

This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about from this particular DRM system. The instructions here apply to Windows XP.

How to tell whether the rootkit is on your computer: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc query $sys$aries

and hit the Enter key. If the response includes “STATE: 4 RUNNING”, then your machine is infected with the rootkit. If the response includes “The specified service does not exist as an installed service”, then your machine is not infected with the rootkit.

How to disable the rootkit: On the Start menu, choose Run. In the box that pops up, type this command:

cmd /k sc delete $sys$aries

and hit the Enter key. Then reboot your system, and the rootkit will be permanently disabled.

Note that this does not remove or disable the main anti-copying technologies. It only turns off the rootkit functionality that hides files, programs, and directory entries. The main DRM software is still present.

How to remove the DRM software entirely: Use the official uninstaller offered by the vendors. They’ll make you jump through unnecessary hoops, and give them unnecessary information, before you can uninstall. Feel free to complain to the vendors about their refusal to offer a simple uninstaller for download.

It is possible to remove the DRM software by hand, but I recommend against it – if you mess up, you can render your machine unbootable.

Probably someone will create an unofficial but easy-to-use uninstaller, but I haven’t seen one yet.

How to get songs from these discs into iTunes, an iPod, or anywhere else you can legally put them: SonyBMG will send instructions on how to do this to anyone who asks. Note that their instructions direct you to agree to their End User License Agreement; be sure to read the agreement and think about whether you want to accept it.

To save you time, I’ll quote their instructions here:

Place the CD into your computer and allow the supplied Sony BMG audio player on the CD to start. If our player software does not automatically start, open your Windows Explorer. Locate and select the drive letter for your CD drive. On the disc you will find either a file named LaunchCD.exe or Autorun.exe. Double-click this file to manually start the player.

Once the Sony BMG player application has been launched and the End User License Agreement has been accepted, click the “Copy Songs” icon/button and follow the instructions to copy the secured Windows Media Files (WMA) to your PC’s hard drive.

TIP: Once the WMA files are on your hard drive, be sure to remove the original CD from your optical drive before proceeding. The original CD is designed to only allow playback using the Sony BMG audio player software included on the disc.

Once the WMA files are on your PC, open and listen to the songs with Windows Media Player 9.0 or higher (version 10 is recommended for XP) to verify that they imported correctly. Then use Windows Media Player to burn the songs as a standard Audio CD.

TIP: By default Windows Media Player may assume that you want to create a data CD rather than an audio CD. This just creates a data CD of the audio files in their secured WMA format rather than first converting them to standard Red Book Audio format. Before creating the CD be sure to verify “Audio CD” is selected.

Having followed these instructions, you will then have a copy of the CD that is unencumbered by copy protection. You can then proceed to make any lawful use of the music, including ripping it into iTunes and downloading it onto your iPod.

You read that correctly – SonyBMG, which is willing to surreptitiously install a rootkit on your computer in the name of retarding copying of their music, will send, to anyone who asks, detailed instructions for making an unprotected copy of that same music.

Comments

  1. The PC Doctor says:

    SonyBMG DRM Customer Survival Kit

    Freedom to Tinker have posted a SonyBMG DRM Customer Survival Kit .
    I think it might be fair to say that Sony’s name will join that or Kryptonite under the category of “Worst PR Disasters”.
    Technorati Tags: SonyBMG, DRM, Sony, …

  2. Samuel Tardieu says:

    Note that the DRM-unencumbered CD will have a much poorer quality as the WMA are ripped at a low bitrate (128kbps if I remember correctly).

  3. Edward W. Felten says:

    Dan,

    This particular DRM system doesn’t do anything on Macs. The issue discussed on MacInTouch relates to another DRM system, which does ship on some SonyBMG discs. I updated the post to clarify this point.

  4. Barry says:

    You might be interested in an article someone posted deep within a Slashdot thread. Send this link through Babelfish, though, because it’s in Dutch.

    The gist: F4I violated the LGPL by using parts of LAME without complying with the license. This is a story orders of magnitude bigger than the privacy issues, because it shows just what Sony and F4I really think of copyrights.

  5. Josh says:

    Thanks for posting the copying instructions. I won’t be subject to the EULA now.

  6. hylen says:
  7. MathFox says:

    The author of the articke Barry refers to (First 4 Internet violates the LGPL) has put an english translation of his article on his own website: http://dewinter.com/modules.php?name=News&file=article&sid=215

  8. zapkitty says:

    Just a note, all solutions offered so far, either here or by antivirus companies, are just decloakers.

    Your system remains “rooted”, with the DRM rewriting the kernel of your OS to suit Sony (and no one else)

  9. Mike says:

    Thank you for posting this, I have a few friends who fell victom to Sony’s trickery and would wish to remove this from their system.

  10. sinan says:

    Can anyone comment on the implications of this for those who work for defense industry and telecommute using one of these “infected” PCs using IPSEC or VPN?

  11. Ken says:

    I realize this is an unpopular technique to suggest in today’s digital world since it involves an analog transfer but please indulge my ancientness. There are excellent CD players available as well as very good audio capturing applications.

    I prefer to avoid all Sony products because of their past as well as present chicanery, but, if you must have one of their CD titles, try this:

    Play the disc in a good standard CD player whose line output is connected to the line input of your PC. Using an application such as Cool Edit Pro, record the tracks you want and save them as WAV files. Convert them to anything you want and use them as you will. Then sell the CD to a used CD dealer.

    As the Brits say, “Bob’s your uncle”.

  12. Scott says:

    Since I first received the Sony DRM CD and it was installed on my PC, I have been unable to rip other, non-Sony discs via iTunes. These are independent label CDs that I own, anf iTunes will not import the files. I never had this problem before the Sony DRM disc installed its software onto my machine.

    Anyone else having this problem???

  13. ajs says:

    Never mind Ken’s way {which is only any good if you have a line in port ….. and how many machines have a line in port nowadays? And before you ask, no, a mic input is no good because it will be mono, too low impedance and expecting too low a signal level}. There is a way to extract the audio files with your computer even if it is already infected with the Sony rootkit! Note that this won’t remove the rootkit.

    Download a copy of Slax, which contains both cdparanoia and lame. {it’s less than 190MB, so it will only take a few minutes, and it will fit onto an 8cm. CD-R!}. Burn the ISO image to a CD-R with your favourite burning software and then switch off your PC while the recently-burned disc is still in the drive. Switch back on, and let it boot from the CD {you may need to mess with your BIOS options to do this}.

    At the boot: prompt which will appear if the Slax CD is being read right, type
    slax copy2ram
    {note! you do not have long to do this, but hitting any key will cancel the timeout} and wait for the login: prompt {which means everything is ready and Linux is up and running}. The login and password are rather helpfully displayed on-screen; enter them and you will get the # prompt {standard Unix/Linux superuser prompt}. By this stage you can swap the cd for the music CD you are interested in.
    Now type
    # cd /mnt
    # ls
    {the # is meant to be the prompt, so don’t actually type it}
    /mnt is the directory where — if you are lucky! — your hard drive partitions were mounted. The ls command lists thecontents of a directory. Directories {what Linux calls folders} show up as blue, executable files show up as green {Windows seems to think everything is executable}, non-executable files show up white and symbolic links {what Linux calls shortcuts} show up as cyan. The cd command selects a directory; use “cd ..” to go back to the next level up. Cursor up and down scroll through previously-typed commands and the TAB key tries to finish off a name if you typed just the first few letters. Note that capital and small letters are treated differently and that spaces and punctuation marks will need a in front of them — and if you are in the UK, the will actually be on the # key. Find a sensible directory to save your music files in, or create one with the mkdir command. Then just type
    # cdparanoia -B
    This will begin extracting the music tracks off the CD as a bunch of .wav files. If you want to convert them to MP3s then enter the following command {all on one line}:
    # for i in *wav; do lame -h $i; done
    If you want to delete the .wav files immediately after conversion, then use this command instead:
    # for i in *wav; do lame -h $i && rm $i; done
    You can change to a new directory and extract another CD ….. in fact you can do as many CDs’ worth of audio as you can fit on your hard disk. Once you are done, press ctrl+alt+del to reboot into Windows {if you still want to use Windows after all this!} and you can do anything you like with the .wav and .mp3 files you created earlier.

    Other Linux commands you might find useful:

    # ls
    ….. lists filenames in the current directory
    # mv filename new_filename
    ….. changes the name of a file
    # rm filename
    ….. deletes a file
    # cd dirname
    ….. changes directory
    # cd ..
    ….. changes to previous directory
    # cp filename new_filename
    ….. copies a file
    # less filename
    ….. displays a text file screen-by-screen

    Doing a permanent Linux install obviously will rid you of the rootkit for all time, I’d recommend Ubuntu for n00bs.

  14. g. says:

    You should also mention that using the official uninstaller (which is an IE-ActiveX only personalized web-page), according to Matti Nikki you are opening your computer to anyone who wants to have access to it.
    Sony/BMG has been so careless about this whole affair they have made it in my opinion very clear they do not care about the security or unharmedness of their customers, so my advice would be the exact opposite: do not use anything coming from them.
    If you still trust Sony, I know of some amazing business opportunities in Nigeria that might interest you. ;-)

  15. Arkadian says:

    It’s worrying what companies like Sony will do to combat piracy.

  16. SAW says:

    How about instructions for Windows 2000? When I ran “cmd /k sc query $sys$aries”, my computer responded “‘sc’ is not recognized as an internal or external command, operable program or batch file”.

  17. Nathan Jones says:

    Yes, they’ll send instructions on how to make an unprotected copy, but not a proper copy. You have to agree to the EULA and you have to settle for a lower audio quality than you might expect from a CD.

    Now, 128K WMV is basically transparent to my ears, or at least it is with the audio equipment I have. But wait until classical music loving audiophiles encounter this.

  18. Ken says:

    Nathan,

    You are so right about classical music. For years a mark of a good CD player has been adequate error correction. An mp3 file of a soft solo piano ripped from a CD without proper error correction can be unbearable, regardless of the chosen bit rate. In my experience with ripping applications, iTunes is the only one I have found that offers the option for error correction easily found in the preferences.

    With apologies to ajs for his machine that has no line inputs (how can they sell those? How do you put your vinyl stuff into your iPod?), I still prefer my method although his Slax method should also allow the user to easily burn a CD without Sony’s malware, then use an error correcting application (iTunes) to rip.

    I can’t imagine being satisfied with a Windows Media File either.

  19. ajs says:

    Ken,

    I do actually have a line-in port on my older machine {and a mixer with magnetic pickup inputs, for my LPs and 45s}; but they seem to be something of an endangered species on newer mobos, and extinct altogether on laptops. If you can still get separate sound cards, maybe these have line-in.

    As for error correction, cdparanoia — the standard Unix / Linux application for CD ripping — has very good error correction. It’s the engine on which CDEx was based. Read more at http://www.xiph.org/paranoia/.

    Classical music, at least when arranged for a full orchestra, is highly demanding: it needs dynamic range {difference between loud and quiet sounds} as well as bandwidth {range of pitches}, both of which any kind of lossy compression must necessarily restrict. Ever wondered why there are no classical music stations on MW?

  20. .002 says:

    Okay, maybe I’m simple minded, but given the DMCA, not even Sony should be able to document the procedure a.k.a. “traffic in … a technology” that circumvents a technical protection mechanism. Certainly Sony doesn’t have the exclusive right holding on all works protected by the various means, they are breaking the TPM for all work by all rightsholders. Even if they did hold the rights to all the works, the DMCA doesn’t provide a “publishers exemption” AFAICT. Note IANAL, but I spent a long time on dvd-discuss

    .002

  21. Phil Karn says:

    Ken’s comments about analog transfers are on the mark: I think it’s an entirely acceptable way to do it if a digital transfer isn’t possible. It’s more tedious, but quality doesn’t have to suffer.

    The hardest part of an analog transfer is getting the levels right. Get yourself one of those “audiotechnical test” CDs with test tones. Find a track with a 0 dB digitally synthesized sine wave (i.e., where the peaks of the sine wave correspond with full scale sample values) and adjust the gain of your A/D converter so that the digital output looks right. Then you should be fine as long as the frequency response of the analog sections of your CD player and sound card is reasonably flat, as it generally is with modern hardware.

    You may also have to take steps to avoid ground loops, another bugaboo of analog audio.

  22. David S Kotlyar says:

    While I am sure the rootkit program in question will have significant negative publicity for Sony, it will most likely be beneficial in deterring major companies from following suit. I believe the spreading of rootkits via instant messenging services is a more grave threat in the future however.

    http://www.eweek.com/article2/0,1895,1880026,00.asp

  23. Ron says:

    The conduct of Sony towards their customers is really outrageous and offensive. I will never buy another Sony CD! And, the Sony HDTV set I was planning on buying, forget it. I will buy another brand. I am through buying Sony products! Sony has just made the biggest “mistake” in its corporate history. And, it isn’t even a “mistake” — it is intentional wrongdoing. Shame on Sony. (“SOS”)

  24. Kurt Suma says:

    BANZAI !!

    No more SONY music for this little black duck.
    Mess with my PC and you get black balled PDQ.

    SIONARA (bows)

  25. derek says:

    hey i used audio graber to rip my cd to mp3 and it worked ok it just didnt rip the last track

  26. Deemon says:

    I have started disabling AutoPlay on all my PCs years ago for exactly this reason – a CD (esp. audio!) has no business running stuff on my computer unless I explicitly ask for it.

    If your AutoPlay is disabled, you should be able to treat this CD as normal AudioCD, right?

    Anotheq question of interest: if you do NOT agree to their EULA, do they still rootkit you to prevent from using their CD? From the articles I’ve seen, it looks like they do, however, I cannot verify this.

  27. Jeff5263 says:

    If possible, the best way to “record” an audio CD is to play it in a DVD player with optical or coaxial digital output and interface to your computer with the digital output. That should be 100% CD quality recording into your computer. Some DVD players have an audio attenuator which should be used when playing CDs or the audio might sound distorted.

  28. Krinly says:

    Whilst using an optical or coaxial digital output from a standard CD/DVD player will offer higher quality than the CD->(lossy)WMA->CD route, it may still suffer UNLESS you’ve got a very clever CD/DVD player.
    The problem is that Audio CD data doesn’t have as much error-correction as, say, computer data on a CD-ROM. The result is that a lot of CD players can and will mis-read the data from the CD and not re-read, resulting in imperfections that the CD player won’t notice (e.g. it’s very rare that a computer will read faulty data from a CD-ROM without realising, whereas CD-Audio can crackle, skip & jump without the CD-player noticing – it has to get pretty bad before most CD-players realise there is an error, and even then most will just guess and carry on).
    To get it as “right” as you can get, you’ll really need something (like CDParanoia) that reads, then re-reads the CD Audio data over and over again to be sure that anything it’s read isn’t just random noise.
    However, if you’re going to rip to a lossy format (e.g. mp3) for in-car use (as I do), you probably won’t notice.

  29. Jean says:

    I have Windows 2000 and tried the above instructions to see if the root kit is on my computer and received this message “‘sc’ is not recognized as an internal or external command, operable program or batch file” Not being very computer literate I’m wondering if anyone can give me instructions to use in Windows 2000? Also I am so glad this issue has been brought to medias attention – I swore off buying Sony after I frist encounterd their “system” several months ago and have had various issues with my computer since. thanks!

  30. Shawn says:

    I agree with everybody about NOT buying Sony products anymore. They have a long history of wanting to be the sole supplier ( memory stick, beta video, etc ). Sony need a hard lesson on this and it is too bad for they have some great products but . . . . . .

  31. Ken says:

    Shawn,

    Actually, in the case of Beta video, the video and audio quality were quite good for its day. There are a few Betacams – running at ßI speed – still being used for broadcast service. A friend once told me that their biggest problem with the Betamax was marketing. In a cleaner version of the way he put it, “Sony couldn’t sell a woman on a troop ship”.

  32. Roger says:

    I did the unistall listed here and now none of my WMA songs I have legally bought and downloaded will play. I get error message that license cant be found. HELP !!!!!!!!!

  33. Jeff5263 says:

    Here is my 2 cent which I sent to Sony via their website…

    “Between the years of 5000BC and 1999AD, people knew that when they bought something, they owned it, and they had full control over it. Now, companies like Sony market their products (CD’s/DVD’s) with the words “buy” and “own” in the ads (i.e. own it today on DVD), yet you tell me that I’m not buying nor owning it. Also, you go through sneaky and destructive means to keep me from controlling the product I “bought” and “own”, which has not only been human nature for the last 7000 years, but completely makes sense. If I don’t own it and I didn’t buy it, then stop using those terms in your marketing. Also, if you have ownership and control over the product I “bought”, then the money I gave you for it is still mine, and any profit or interest gained from it is mine as well. You can’t have it both ways. You can’t own my CD and my money. You have to let one go.”

  34. tony says:

    I have Windows XP and played my disc (Santana – All that I Am) per the instructions and program that came up. It would make sense that my computer would be “infected” with this rootkit. However, when I ran

    cmd /k sc query $sys$aries

    then

    “The specified service does not exist as an installed service”

    is returned… With Symantec Anti-Virus and the pro version of Zone Alarm running, I’m wondering if one of these caught it. Checking logs, I couldn’t readily find any evidence. I’m sure not lucky enough not to be infected…… what else can I check?

  35. Jeff5263 says:

    I’ve read in places that nothing installs until you AGREE to the license dictation. I disabled autorun on my copmuter so it never installed on my computer. Is autorun disabled on yours? Try running a virus scan on the CD.

  36. Ssuan says:

    I have the Santana “All that I am” CD. I have not seen much on what the copy protect on that CD does – it is not the one used on the now-famous list o’ twenty. How do I check my machine for sunncomm protection on my machine and how do I find out how much it has frakked my computer even though I did not agree to an install?
    Thanks.

  37. John Doe says:

    The “new” uninstaller was released today (@ http://cp.sonybmg.com/xcp/english/uninstall.html), I’m waiting until I hear from “experts” before I run it. According to “them” it is supposed to correct the problems created if you ran the “old” uninstaller.

  38. John Doe says:

    I have a “sunncomm” protected disc. I never accepted the software and when I put the disc in it still pops up the accept or not accept page. Susan If this happens to you I would guess that you don’t have the software. There is also an uninstaller available for the “sunncomm” software.

  39. Anthony says:

    Tuesday, 27 December 2005

    Thanks for the information about the “Sony rootkit!” For the last five weeks I have been telling evertone I know about Sony’s BIG mistake, and how to detect and disable the program on their computers.

    Sincerely,
    Anthony

  40. PCWorld.com - Copy Controls: How Far Will They Go? says:

    [...] Security tools such as Symantec’s Norton AntiVirus, McAfee VirusScan, and Microsoft’s AntiSpyware beta can remove XCP from your PC. Sony issued its own XCP uninstaller but pulled it because of security holes. The company has promised to provide another one; click here for its status (a complete list of XCP CDs is available here). The Rootkit Survival instructions posted on the Freedom to Tinker Blog can also provide more help. Related Topics: Cybercrime [...]

  41. Web site offers fix for "rootkit" mess says:

    [...] A Web site called Freedom to Tinker has stepped in to help CD owners find the software on their computers. The instructions are as follows: “From the Start menu, select Run. In the box that pops up, type this command: cmd /k sc query $sys$aries. Then hit Enter. If the response includes the text, ‘STATE: 4 RUNNING,’ then your machine is infected with the rootkit.” [...]

  42. youwillbeassilmilated says:

    The “copy-protection” software installs BEFORE the license agreement even pops up.

  43. Not A Monster says:

    “Whoever fights monsters should see to it that in the process he does not become a monster.”
    -Nietzsche
    By invading people’s computers in this manner, Sony is turning to the Dark Side, they are becoming the evil they said they would destroy.
    However, as a cooperation, we should always bear in mind that they are solely motivated by profit and are not there to allow us a free and fair existence, that is the responsibility of the government.
    I think it is high time that governments began legislating to make this sort of activity illegal so we can start filling lawsuits.
    (and I am sure that I am not going to be BUYING any more CD’s from Sony)