CD/DVD Copy Protection

Tim Guneysu
02/12/2004

Advanced Seminar for ITS

Ruhr-Universitat Bochum

Chair for Communication Security

Advisor: Andr
e W eimerskirch

Contents

1. Introduction

2. Specifying the Medium

2.1. Characteristics of an Optical
2.2. CD Specications . . . . . .
2.2.1. Red Book . . . . . .
2.2.2. Yellow Book . . . . .
2.3. DVD Specications . . . . .
2.3.1. DVD-ROM . . . . .
2.3.2. DVD-Video . . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

2
2
3
4
4
5
6
6

3. Copy Protection in Theory

3.1. Target Applications and Business Areas . . .
3.2. Classication of Protections . . . . . . . . .
3.2.1. Abusing the Medium Specication .
3.2.2. Injecting Read Errors Intentionally .
3.2.3. Verication of the Original . . . . . .
3.2.4. Digital Signatures and Cryptography

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

8
8
8
9
10
10
10

4. Protection Implementations
4.1. Protecting Data on CD-ROMs . . . . . . . . . . . . . . .
4.1.1. Suitable Approaches for Data Protection . . . . .
4.1.2. Implementations providing Data Protection . . .
4.1.3. Eciency of recent Data Protection Mechanisms .
4.2. Protecting Audio Content on CD-DAs . . . . . . . . . .
4.2.1. Suitable Approaches for Audio Protection . . . .
4.2.2. Implementations providing Audio Protection . . .
4.2.3. Eciency of recent Audio Protection Mechanisms
4.3. Protecting Data on DVD-ROMs . . . . . . . . . . . . . .
4.3.1. Suitable Approaches for Data Protection . . . . .
4.3.2. Implementations providing Data Protection . . .
4.3.3. Eciency of recent Data Protections . . . . . . .
4.4. Protecting Video Content on DVD-Video Disks . . . . .

.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.

11
11
11
11
14
14
15
15
15
17
17
17
17
18

Data Medium
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .

ii

Contents
4.4.1. Suitable Approaches for Video Protection . . . . . . . . .
4.4.2. Implementations providing Video Protection . . . . . . . .
4.4.3. Eciency of recent Video Protection Implementations . . .

18
18
18

5. Legal Aspects
5.1. Digital Rights Protection in Germany . . . . . . . . . . . . . . . .
5.2. Circumventing Copy Protections . . . . . . . . . . . . . . . . . . .

20
20
20

6. Conclusions

21

A. Appendix
A.1. Listing of CD Protections . . . . . . . . . . . . . . . . . . . . . .
A.2. Listing of CD & DVD Protections . . . . . . . . . . . . . . . . . .

22
22
28

1. Introduction
This paper was written for the advanced seminar CD and DVD Copy protection
accomplished during the authors ITS master studies at the Ruhr-Universitat
Bochum. It represents an overview about mechanisms, technologies, and available
implementations for protecting optical media discs as a widespread commodity
against further and uncontrolled replication.
It will further outline options how to circumvent and deactivate copy protections
of optical media - but of course without giving details. This report denitely
refuses to be considered as some sort of a hackers guide to rip contents illegally
from Compact Disks (CD) and Digital Versatile Disks (DVD).
As a rst step in the jungle of protection systems, this paper will commence
to classify and assess the operation and performance of several copy protection
schemes.
But to do so, it is required to start with introducing the reader to the limitations and specication of the considered media. This information will barely
be necessary for understanding the dierent variants of hardware based copy protections.
The next topic is dedicated to available protections suitable for preventing a
CD from being duplicated without authorization. This chapter will also discuss diverse implementation approaches to assess their means and eectiveness.
This includes a presentation of ways how to break inecient CD based protection mechanisms. To accommodate with the dierent options for CD contents like
data and audio, an evaluation will be performed separately of both content types.
Accordingly, the DVD as second medium is analyzed using same criteria as already determined for CD evaluation.
As a last important fact, the legal aspects of making copies of protected and
unprotected media and the employment and development of tools to support this
action is highlighted in a separate chapter. The discussion of regulations in public laws will give a clue if authors and originators of content and software will
receive backup support by a countrys legislative. For simplicity, this part will
only relate to German laws.
Finally, the employment of copy protections for optical media will be discussed
as a whole in respect to options what needs to be improved and if it makes sense
to ship products with copy protections.

2. Specifying the Medium

2.1. Characteristics of an Optical Data Medium
It is evident to have a closer look onto the medium itself. This basic information
will help to get a more thorough understanding of protection mechanisms and
their technical operation.
Both, the Compact Disks (CD) and Digital Versatile Disks (DVD) are disks with
normally 12 cm diameter and 1.2 mm thickness. In common, the physical body
of such an optical medium is called dye.
The disk dye itself comprises a sandwich of a polycarbonate substrate containing
pits molded into the upper surface and coated with aluminum. This layer is then
protected by a lacquer on which the disk label is printed.
The dye for CDs and DVDs measures 15mm diameter centric hole. The audio
or computer data is stored between two disk circles of 25 mm (after the lead-in)
and 58 mm maximum where the lead-out starts. The basic layout of a CD/DVD/
is depicted in Figure 2.1. Data on an optical disk media is stored using two states

Figure 2.1.: CD/DVD Layout

which are represented on the surface, the so called pits and lands [Ser02a].
A laser beam is required to focus on the data lane consisting of pits and lands
through the clear optical grade polycarbonate plastic.

2.2 CD Specifications

The data on the disk is divided into three main areas:

Lead-in (from 23 mm to 25 mm on disk) which contains digital silence in the
main channel plus the Table of Contents (TOC) in a subcode Q-channel. It
also allows the laser pickup head to follow the pits and to synchronize to the
audio or computer data before the start of the program area. The length
of the lead-in is determined by the need to store the Table of Contents for
up to 99 tracks. A track is a data segment which is placed in one sequence
on the disk and represents a logical data group.
Program area (from 25 mm to at most 58 mm) contains up to about 80
minutes or 700 MB of data divided into a maximum of 99 tracks.
Lead-out contains digital silence or zero data. This denes the end of the
CD program area.

2.2. CD Specications
On a CD the data is stored in a helix of pits and lands where pits are about
0.12 microns deep and their length varies from 0.8 microns minimum (3 units in
length) to 3 microns maximum (11 units in length) depending on the data. The
laser which will read out the bits represented by pits and lands operates on a
wave length of 780 nm [Ser02a].
The data is arranged in sectors which are the smallest addressable unit for a
CD-ROM device operating according to Yellow Book specication. Each sector
itself is composed out of 98 frames which build a subunit containing basic data
segments like a laser synchronization area, a set of subchannels or control code,
24 bytes of data payload and an error correction code. Frames are intricately
interleaved so that damage to the disk will not destroy any single frame, but only
small parts of many frames [Sto00].
An important role for copy protection systems is due to the subchannels. They
are dened as eight separate one bit channels, each designated by a character
from P to W. The subchannels are important for dening the Lead-In, Lead-Out
and Track areas of a disk (P-Channel) as well the complete TOC or the remaining
time index (Q-Channel). It should be annotated that not all subchannels are in
use (R-W are usually empty for most formats).
After having shortly discussed the physics of the disk dye, it is evident to highlight
the logical disk structure next. Several dierent formats for arranging data on
CDs have been dened. Those books of the Compact Disk family were named
for the color of the binder covers in which the specication was issued. Red
Book is the specication for CD Audio, Yellow Book is CD-ROM, Orange Book
is CD Recordable, Green Book is CD interactive (CD-i), Blue Book is Enhanced
CD, and White Book is Video CD. All of these books are based on the Red

Specifying the Medium

Book physical disk specication, but some also dene the types of content the
disk may contain, such as 44.1 MHz PCM audio for Red Book, and MPEG 1
video for White Book. Other disk formats, such as Mixed Mode or HFS, do not
have books, but are logical variations of one or more of the book formats. For
example, the Yellow Book denes CD-ROM as far as the physical characteristics
of the disk, addressing schemes, and error correction are concerned, but the le
system and type of content can be user dened. A Yellow Book disk could use the
HFS le system, the ISO 9660 le system, or a user-dened le system, and could
contain text, raw data, or multimedia elements. As copy protections are usually
only deployed on Red and Yellow Book CDs, those standards will be subject of
investigation in the following.

2.2.1. Red Book

The Red Book, which denes CD-Audio, is the compact disk pioneer. The CD
was created, after all, to be nothing more or less than a universal delivery medium
for one type of content only, namely music digitized at 44,100 samples per second
(44.1KHz) in a range of 65,536 possible discrete values (16 bits). The resulting
logical format, the Red Book, or Compact Disc-Digital Audio (CD-DA), was
dened by Philips N.V. and Sony Corporation in 1980.
Data on an audio disk is organized into frames in order to ensure a constant
read rate. Each frame consists of 24 bytes of user data, plus synchronization,
error correction, and control and display bits. One of the rst crucial things to
understand about CD-Audio is that its data is not arranged in distinct physical
units. Instead, one frame is interleaved with many other frames so that a scratch
or defect in the disk will not destroy a single frame beyond correction. Rather, a
scratch will destroy a small portion of many frames, all of which can be recovered.
It is important to note that at this point the frame-to-sector grouping has not
taken place [Ser02a].

2.2.2. Yellow Book

If Red Book is the father of all CD formats, Yellow Book is the mother. Red Book
is actually the basis for and an integral part of Yellow Book, which denes CDROM, or Compact Disk-Read Only Memory, announced by Philips and Sony in
1983. CD-ROM was originally seen as a way to allow digitized content including
but not limited to audio to benet from the capacity, durability, and economies
of scale that were rapidly making compact disk audio a big success. Yellow Book
is the disk specication that gave birth to all the variations on a CD scheme that
make CD formats so versatile and confusing.
Rather than redening the physical format, it was decided to adapt the physical format of Red Book for storage of computer data. At its lowest level, Yellow
Book specication for CD-ROM is nearly identical to RedBook, in that it retains

2.3 DVD Specifications

the TOC, Lead In, Program area, Lead Out, and basic error correction. But the
next level of Yellow Book reorganizes the frames dened in Red Book into sectors
(98 frames, or 2,352 bytes per sector) and adds another layer of error detection
and correction. The extra error correction information, at 288 bytes per sector,
plus 12 bytes of sync and 4 bytes of header, reduces the available sector space for
user data to 2,048 bytes. Addresses of sectors are expressed as minutes, seconds,
and sectors (MM:SS:SS). Yellow Book stops there, however, leaving it up to the
CD-ROM developer to decide how to arrange sectors into logical blocks and logical blocks into les. And that is the rst step into the complexity of CD, in the
form of Mode 1 and Mode 2.
The Yellow Book specication denes two data structures: Mode 1 and Mode
2. The mode byte, which is included in the header eld of a CD-ROM sector,
describes the type of data contained in the data eld. Mode 1 denotes CD-ROM
data with Error Correction Code (ECC), which provides space for 2,048 bytes of
user data in each frame. It is the mode used to store data that is unforgiving of
error, like computer programs or databases. Mode 2 denotes a sector with data
stored without ECC, which provides more room (2,336 bytes) for user data, but
which is typically used for data that is more tolerant of error, like audio, video,
or graphics [Ser02a].
It is important to note the ability of Yellow Book to manage multi-sessions.
Multi-session means to continue writing data to a CD though a previous recording
session was already applied and nished. This feature is very useful especially
considering when appending additional les to a le system residing on an optical
disk later on.

2.3. DVD Specications

The Digital Versatitile Disk (DVD) is a high capacity CD-dimensioned disk for
video, multimedia, games and audio applications. Physical dimensions are in
principle identical to compact disk except a bonding of several layers of polycarbonate instead of a single one. Capacities for the read-only disk are by far larger
than for a CD and range from 4.7GB to 17.1GB [Ser02b].
With the success of the compact disk there has been a clear need for a higher
capacity format to meet additional application requirements like the following.
DVD-Video, which was launched in 1997 in the USA, has become the most
successful of all the DVD formats, as it has proved to be an ideal vehicle for
distributing video content from the movie industry. It can store a full-length
movie of high quality video with surround sound audio.
DVD-ROM is beginning to replace the CD-ROM and provides a new high
capacity disk format for the computer industry. New PCs are now provided

Specifying the Medium

with DVD drives instead of CD drives. The entertainment industry has
developed new game consoles (e.g. Sonys PS2 and Microsofts X-Box)
which incorporate DVD-ROM drives for more sophisticated and realistic
games.
DVD-Audio, which was launched in 2000, is slowly gathering momentum to
become the format for very high quality, surround sound music, oering the
music industry new revenue opportunities. Thus, it will not play a major
role in further investigation of copy protection mechanisms.
Recordable formats such as DVD-RAM, DVD-RW and DVD-R are now being extensively used in PCs for computer backup and in standalone products
such as video recorders and camcorders.

2.3.1. DVD-ROM
The DVD-ROM was designed to have logical characteristics similar to the CDROM. The main intention for the development process was to achieve a medium
with more capacity than a CD-ROM but the same features. But it is not that
simple. The lesystem ISO 9660, which is commonly used for CD-ROMs, is capable of addressing 4GB of sectors. At 2,048 bytes of user data per sector, that is
around eight terabytes of addressable data in a single volume. Furthermore, ISO
9660 is capable of addressing a maximum le size of 4GB. However, in the realworld implementations of ISO 9660, drivers and redirectors such as MSCDEX
and CDFS are capable of addressing only 2GB of data, and les of up to 2GB in
size. This 2GB limitation is not exclusively the property of CD-ROM, however,
most operating systems are limited to reading 2GB as a restriction of a 32-bit
system.
The new le system that DVD-ROM uses is a ocially dened as ISO 9660
and Micro UDF; however, there may be good reasons to leave ISO 9660 behind
when making the move to DVD. UDF is capable of addressing 18 quintillion, or
18 billion bytes of data. That seems sucient for nowadays, and most of our
future needs, certainly. But the real beauty of UDF is that it can oer the true
cross-platform universality that ISO 9660 attempted.

2.3.2. DVD-Video
DVD Video is identical to DVD ROM up to the application level. For DVD
Video, the application layer is dened as the type of video codec, audio compression, navigational commands, auxiliary les, and other data types it may contain.
Only a DVD disk that conforms to these denitions will play on a DVD Video
player. If a DVD-ROM disk not developed to the DVD Video application layer

2.3 DVD Specifications

was inserted into the player, the player would not recognize it as a DVD.
The DVD Video specication is by far the most detailed, largest, and most restrictive of the DVD format books, and far beyond the scope of this report to
cover in detail. The format denes MPEG 2 variable bit rate video, alternate
camera angles, multiple aspect ratios, interactive menus with chapter breaks,
parental, presentation, and navigational controls; Dolby AC-3, MPEG 2, or Linear PCM audio; Stereo or Surround Sound; up to eight sound tracks (for foreign
languages); and 32 subpicture streams (for subtitles). The output from a DVD
Video disk is not an MPEG 2 digital video stream, but a stream of all of these
elements multiplexed together. In addition, most DVD Video discs use Macrovision Colorstripe encoding for digital to analog copy protection, and CSS (Content
Scrambling System) encryption to prevent digital to digital copying. The latter
type of copy protection will be highlighted more thoroughly in the next chapters.

3. Copy Protection in Theory

3.1. Target Applications and Business Areas
What is the reason that copy protection is required? Software piracy grew from
37 percent in 2000 to 40 percent in 2001 around the world, according to the Business Software Alliances (BSA) seventh annual survey on global software piracy.
It is expected that software and content privacy will cause a major impact on the
income of owners as stated by the following gures. The Recording Industry Association (RIAA) says they were more successful in holding up illegal operations
in 2001 than they were in 2000. Raids on more than 230 distribution operations
and more than 145 manufacturing operations led to the seizure of 2.8 million
unauthorized CD-Rs. Raids aside, the RIAA says the music industry loses more
than $1 billion per year from the illegal activities conducted in the worlds four
leading pirate marketplaces: Brazil, China, Russia, and Mexico. Not including
losses resulting from Internet piracy, the sale of pirate recordings exceeds $4.2
billion worldwide.
It is obvious, that some sort of mechanism needs to be found to reduce the impact of losses caused by uncontrolled content duplication and software piracy.
So, what are the areas of business in which copy protection against unauthorized
replication and distribution is supposed to help?
Audio (CD-DA)
Video (DVD-Video)
Games (CD-ROM, DVD-ROM)
Commercial Software Products (CD-ROM, DVD-ROM)
Copy Controlled Data (CD-ROM, DVD-ROM)

3.2. Classication of Protections

Although it is an obvious necessity for protecting systems to minimize piracy
with CDs and DVDs, this is not a trivial task. The following requirements apply:
First, an original compact disk must always permit reading to allow access to the
stored data. Second, it is clear that a duplication of content means that the data

3.2 Classification of Protections

is read as well from the original with the only dierence that this operation is
dedicated to create another copy. But how is it possible for the optical system to
detect if the data is just used for its intended purpose or is going to be replicated?
A second requirement is that the copy protection must guarantee availability of
the medium, this means the protection may not inuence its compatibility in
respect to be played in various environments and devices.
Third, due to the fact that a CD is considered as a commodity, a protection mechanism may not increase the production costs in a signicant manner. Otherwise,
if the nancial additional burden to aord the protected CD for a customer is
unacceptably high, he or she might feel especially forced to obtain the content
illegally by private duplication.
It is rather obvious that all requirements contradict each other resulting in a
need for a trade-o between protection benets, nancial eorts and compatibility issues. Having highlighted the requirements for protection mechanisms, the
next step is to classify the dierent types and ways how to reduce the threat for
undesired medium replication.
The techniques for protection can be organized to four dierent avors and
protection classes, respectively:
Abusing the Medium Specication (A)
Intentionally Injecting Read Errors (B)
Verication of the Original (C)
Digital Signatures and Cryptography (D)
The protection classes will dier in their eciency and additional cost - in
monetary and computational sense. The means to apply such a copy protection
class to an optical disk is described by the following sections.

3.2.1. Abusing the Medium Specication

The integrity and structure of an optical medium like a CD or DVD is described
by a standard like the Red, Yellow or other colored book and DVD-5/9/10/17
specications. A lot of copy protections are based on the idea that some content
replaying devices are more intelligent than others. A digital trap will prevent
smarter ones to use their built-in advantage for creating a copy.
Exactly this is the situation for CD-DA disks specied after the Red Book standard. They are being manipulated in a way that they will work ne with (at
least most of) all CD audio players which only know reading Red Book CDs but
will probably fail when being inserted into CD-ROM drives which are capable
to deal with Yellow Book CDs, because those more advanced features from the
Yellow Book standard have been disrupted and cause the smarter device to get

10

Copy Protection in Theory

stuck.
This is denitely the most naive approach to protect a medium, but of course it is
on the other hand a rather cheap way as it just requires some minor modications
to the format of the original disk. By the way, this protection type using format
deviation is a very simple technique and is usually only applied for protecting
Red book or audio CDs.

3.2.2. Injecting Read Errors Intentionally

Another scheme to prevent disk copying is to inject errors on the disks in less
important areas which should cause a copy process reading the entire disk for a
full one-to-one copy to fail. This protection type is usually employed with data
bound media (CD-ROM, DVD-ROM). Usually, it requires a software on the disk
that can check for the presence of these security characteristics, namely defective
sectors. If those could not be found as the disk is an unauthorized replica on
which the disk errors were corrected during the replication process, the software
should complain about the copy and exit.
To inject read errors into media requires the usage of specially crafted devices
and software capable to modify the frame format or designated parts of it. In
general, this demands more sophisticated systems or even specially equipped CD
reproduction facilities to produce such modied disks.

3.2.3. Verication of the Original

This type of protection relies basically on ngerprinting techniques which will
identify a master or original disk from a copy. There are some aspects in the
CD/DVD production process which might be used to distinguish between media
incorporating the same content uniquely. Again, this technique is only suitable
for disk containing software which is capable to scan for the required security
characteristics.

3.2.4. Digital Signatures and Cryptography

Another option for copy prevention is the application of digital signatures and
cryptography. Although the employment of cryptographic mechanisms might
look to be the most promising idea, it should be clear that the only medium which
could hold the signature or the key, is the disk itself. Thus, as the cryptographic
element is placed on the disk, it might be an easy subject of compromission in
case that its exact location is known.
Of course, this option requires a verication engine which performs a check of
the signatures validity. The validation process can occur either by hardware
(DVD-Video) or software (CD-ROM, DVD-ROM).

4. Protection Implementations
The following chapter will discuss recent implementations of copy protections.
For a better overview it will highlight protections for CDs and DVDs separately.

4.1. Protecting Data on CD-ROMs

As a rst step, the protection of Compact Disks created according to the Yellow
Book standard are being discussed. This includes the media for data and le
system oriented content like software products and games.

4.1.1. Suitable Approaches for Data Protection

Common techniques to protect data disks make use of all protection classes as
stated in chapter 3.2, i.e. format deviations, read errors, the verication of the
original and the application of cryptography.

4.1.2. Implementations providing Data Protection

The most simple implementation which can be applied to Yellow Book compliant CDs to reduce the risk for unauthorized duplication is the manipulation of
the disks le system on which the software or data is written. This should be
considered as a class (A) protection.
Here, it is common practice to create either too large les which seem not to t
onto the medium (e.g. 6 GB) when attempting a copy by just faking the le size
in the catalog or by using doubly referenced blocks or even by storing more data
on the CD as it would be expected. There are original CDs which show a total
capacity of data greater than the available size of common recordable disks (e.g.
706 MB) [Gra03]. This type of copy protection is suitable to prevent the user
from copying the contents of the disk on a le per le basis.
The class (B) protection, the creation of unreadable areas, is intended to doom
an attempt for a one-to-one copy. This defective sectors which were injected
to the discs are usually part of unused space or les. The creation of defective
blocks can be either take place by manipulating the error correction code in a
fashion that a correction by hardware is not possible and just results in triggering
an error escalation mechanism. A more profoundly approach is the disruption

12

Protection Implementations

of entire frames by playing around with the sync pattern of each frame which
will cause the disk drives laser to lose synchronization while following the data
helix. Where an unqualied correction code might still be copied using a raw
copy mode of a replication device, a loss of synchronization on the medium will
usually cause a failure of the copy process when a sequential read is attempted.
Another technique of class (B) protection is the use of so called Weak Sectors.
At rst sight weak sectors look like a collection of useless data. The data consists
of a sequence of zeros but it also has special sector groups containing a regular bit pattern. Reading this data with a CD-ROM will work perfectly in all
CD-ROMs and CD-recorders. A regular pattern like this will appear similar to
XYXYXYXYXYXY.

Figure 4.1.: Weak Sectors on Optical Media

But when trying to write out these regular bit patterns there are a lot of
recorders that do not support this operation. A CD recorder has to produce the
same patterns using its EFM encoder. When a regular bit pattern goes through
the EFM Encoder it is converted to a smaller value by converting bits to bytes
(8 bit = 1 byte) in a predetermined way. But exactly this lookup will fail for a
series of widespread CD recorders. Figure 4.1 shows the futile process of weak
sector copying. There are rumors that this is a secret arrangement between copy
protection and CD recorder manufactures about the implementation of write failures when a special bit pattern occurs in the input stream [CDF03].
Third class (C) of protection mechanisms includes unique ngerprints on the original disk which allows the software to identify the master with great probability.
A rst variant provides a check routine verifying the physical angle between the
rst and last accessible logical block on a CD. This information can be used as
input to generate a hash code from the angle information which can be checked
by a software routine against the CD to prove that it is an original. This method
works due to the fact that the angle between rst and last logical block is dierent
for every disk written by a CD-R writer, due to variably-sized laser calibration

4.1 Protecting Data on CD-ROMs

13

areas, dierent CD-R types, etc. This kind of protection was published and implemented by the CD-Cops protection from the Link Data Security Labs [Gam03a].
A quite simple but eective approach is taken in Sonys SecuROM [Son03]. A
specic check routine probes for the existence of a so called pregroove area which
is only present on CD-recordables. The pregroove for CD-R is used to dene
its size, vendor, maximal recording speed, etc. If such an information block is
found, it is for sure that the underlying medium is a CD-R copy. Another class
(B) option yields the usage of prepared masters containing already a precompiled
session which cannot be copied by conventional techniques. A software module
again can check for the presence of this session and in case that it is not found
instantly exit with an error message. This technique is implemented by the Hexalock copy protection [Hex03].
But an immediate shutdown is not the only possible way for a copy protection
mechanism to behave. The Fade protection is preferring a gradual loss of features after the rst time a startup from a duplicated disk was performed [Cod01].
Thus, a game based on the Fade protection system, will rst show up all features
and will then reduce its options with the time, e.g. suddenly it is not possible
to raise more funds in an economic game or to trigger the grenade launcher in
an Ego-Shooter game. Psychologists promise this to be the more annoying and
sustaining type of copy protection causing the owners of the replica to buy the
game with a greater probability than without the gradual loss of features. An
abrupt termination is considered to provoke more eorts to break the copy protection than this silent way.
The protection class (D) is concerned about digital signatures and cryptography. It is important to emphasize that all keys and signatures must be placed
on the medium itself reducing its security quite dramatically. For common and
standardized CD-ROM devices with no support to advanced cryptography, this
will only represent a rather weak solution to protect the disk content, because
it means that the key encrypting the content must be placed somewhere on the
medium in plain text. The only option to complicate a direct extraction of the
cryptographic element from the medium is to hide it away very securely either
in the disk subcodes or between defective sectors. A specic software wrapper is
responsible to extract the hidden key from the disk and thereafter decrypt the
content using that gathered code.
Currently, there are some implementations available incorporating this type of
protection mechanism. SafeDisk [Mac01] and Securom [Son03] are the most famous representatives of this kind.

14

Protection Implementations

4.1.3. Eciency of recent Data Protection Mechanisms

Copy protections which rely on abusing the medium or le system specication
are in general rather inecient and simple to deactivate. The security mechanisms of those products can easily be circumvented by simply creating so called
1:1 Disk-At-Once (DAO) copies. This is a special recording mode of a CDrecorder which does not read the original CD per le or track but as a whole.
Thus, the le system is not being analyzed and thus the copy process will not
detect any problems due to a le-based copy protection.
Protections of class (B) are harder to fool. Due to the reason that the intentionally injected read errors will be checked by software, two option remain to
make a copy. First, the CD is duplicated one-per-one using raw data copy by a
duplicator which is enabled to skip defective errors quickly. This process might
work very eciently if the frame format is intact and if only the error correction
codes are subject to errors. But this process is likely to last several hours as the
extraction of totally corrupted sectors and frames is quite time consuming.
As a second step, the software checking for the disk errors requires to be patched.
If the check routine is nally eliminated from the code, missing read errors of the
copy will not have any eect to the execution of the program. This is exactly
the way to handle the verication mechanisms of class (C) protections. As all of
them rely on unique physical characteristics of a medium, the only way to work
around the protection is to remove the checking routine from the software.
Digital signatures and other cryptographic elements of class (D) will also be
mainly dependent on software. Usually, wrappers or loaders are existing on such
copy protected CDs encapsulating the actual content. Only when the cryptographic element was successfully found, the applications startup or content extraction is granted. The most promising way to circumvent this problem is to
substitute the wrappers or loaders with patched versions which either do the job
without requiring the digital signature or by introducing a new le (replacing
the information from the hidden sectors) in which the key for data decryption is
stored.

4.2. Protecting Audio Content on CD-DAs

Audio CDs or Compact Disk Digital Audio (CD-DA) are manufactured according to the Red Book specication. As already mentioned, the Red Book does
not encompass all of the features provided by later standards like multisession
recording, multiple TOCs, etc. On the other hand, Audio CDs are played by a
stand-alone player device with no additional software involved which could be
adapted to inhabit some avors of copy protection mechanisms.

4.2 Protecting Audio Content on CD-DAs

15

4.2.1. Suitable Approaches for Audio Protection

As mentioned in the introduction, the missing capability to employ software based
protections like class (C) and (D) is a delimiting factor and will restrict the CDDA to rely on simple TOC manipulations in order to confuse Yellow Book capable
CD-ROM devices. This may include the following techniques from class (A):
Invalid TOC: Incorrect Track Size
Invalid TOC: Not exisisting succeeding TOC
Multisession: Illegal second session

4.2.2. Implementations providing Audio Protection

Due to the reason that only protection class (A) is available for CD-DA, there
are only quite a few imaginable implementations.
First it is possible to manipulate the TOC in the Q-Subchannel of the CD-DA
with extended features borrowed from the Yellow Book which a standardized
audio device is supposed to ignore. But these advanced features are invalid
causing a CD-ROM device getting confused and stuck.
A rst way to trick CD-ROM devices is to manipulate the actual track size of
each audio track. Most audio player ignore the track size in the Q-Subchannel
and just read the data from the track. A more intelligent CD-ROM drive will
make use of this falsied information and refuse to copy the huge track.
Another option yields the multisession option of the Yellow Book standard. A Red
Book compliant CD-DA will be extended by an invalid additional session. This
extension can either consist of a corrupt TOC entry pointing to a non-existing
session or a session which contains only totally scrambled data causing the reading
device to look for the session somewhere in nirvana. The latter approach is quite
heavily used, a good example is Sonys Key2Audio copy protection [Son02].

4.2.3. Eciency of recent Audio Protection Mechanisms

As stated in the introduction, members of protection class (A) as employed on
CD-DAs do not claim to be the hardest to handle. There are quite a bunch of
possibilities how to disable the copy protection on CD-DA.
A rst way is to use the feature in recording programs called Ignore Illegal TOC.
This option will analyze the track structure without considering the poisoned
information from the copy-protected audio disk. A further strategy could be to
duplicate the original CD one-by-one using a raw data copy mode including any
subchannel information. In most cases this will just copy the illegal information
without making a big deal about it. However, the most famous option is the so
called felt-tip or post-it attack. Here, the illegal information which is sometimes

16

Protection Implementations

stored in a visible circle on CD can be easily defeated by lling and deactivating it

using a felt-tip (Figure 4.2) or covering it with post-its (Figure 4.3). It should be

Figure 4.2.: Felt-tip Attack

mentioned that the felt-tip variant should be considered as the preferred method
when attempting to eliminate the protection. Due to strong radial forces which
act on the CD within the reading device, the post-it may peel away causing
damage to the CD drive.

Figure 4.3.: Post-It Attack

To solve the secret why this type of circumvention works: when the defective
sessions which contain some scrambled data are covered entirely or partially either
by a post-it or by a felt-tip line, the CD-ROM drives will decide to stick with
the rst session or TOC as this is the only one readable. As the device cannot
extract a single bit from the succeeding session it cannot fall into the trap of the
nonsense contents in an appended session.

4.3 Protecting Data on DVD-ROMs

17

4.3. Protecting Data on DVD-ROMs

In general, the CD and DVD do not dier much. Thus, most of the mechanisms
except any kind of format deviations introduced in context with the CD would
principally work with a DVD as well. The only reason for DVD protections not
being that popular is their novelty; there are currently quite a few vendors and
software distributors which propagate their software or data products on DVDs.
Thus, the margin of products is not big when considering to reduce unauthorized
disk duplication.

4.3.1. Suitable Approaches for Data Protection

As already stated, variations with the disk format specication will not be applicable for DVDs in general. But it is imaginable to make use of all other possible
techniques which have already been introduced for the CD. This includes the
injection of bad and/or weak sectors, specic verication techniques which might
again engage on the physical sector geometry as the deployment of hidden digital
signatures and cryptographic elements. Please refer to Section 4.1.1 for further
information.

4.3.2. Implementations providing Data Protection

DVD protections are based in general on protection categories (B) to (D).
Thus, it is possible to inject defective sectors to avoid simple one-to-one copies
from the original. This is also true for the employment of weak sectors, because
the SafeDisk protection from MacroVision is also available for DVDs employing
the same techniques [Mac01]. Implementations tting in protection class (C)
however seem not to be on the market. This might be a direct eect that DVDs
containing software or games have not been established in greater dimensions in
the markets. For most purposes, CD-ROMs are still in use. But this is probably
just a matter of time until rst implementations tting class (C) will arise.
But there are already protections of class (D) for the DVD. Again, the SafeDisk
implementation is a sample for the employment of digital signatures.

4.3.3. Eciency of recent Data Protections

Because the same protection mechanisms are used for DVDs as for CDs their
eciency will not dier much. Therefore, the evaluation of eectiveness looks
quite the same. For estimating the scope of a protection, please gather further
information from Section 4.1.3.

18

Protection Implementations

4.4. Protecting Video Content on DVD-Video Disks

Nowadays, the DVD is broadly used as a medium to carry movies from the productions studios to the end-user at home. The device manufactured for this purpose, the DVD-player, has already found its way into many homes. This device
provides cryptography and thus an advantage to the copy protection developers
as seen in the following sections.

4.4.1. Suitable Approaches for Video Protection

Most DVD-Video discs are encoded in a scrambled format. The scrambling was
performed prior to burning and requires a descrambling in hardware before the
video content becomes visible again. The content descrambling is usually performed by dedicated players, commonly known just as DVD player, and a disk
key. The current state-of-the-art in this eld is discussed in the following.

4.4.2. Implementations providing Video Protection

The Content Scrambling System (CSS) is the most popular system used to scramble the audio/video data on the DVD-Video disk. Each video title set (VTS) can
be selectively scrambled using a unique key. Each unique title is assigned to one
disk key and up to 99 title keys (one per VTS), which are stored on the disk in
encrypted form.
In the decoder or DVD player, the original keys are obtained by decryption
of the disk key using appropriate keys which have been incorporated to each
players and these are nally used to descramble the data. For DVD-ROM drives,
the MPEG-2 decoder challenges the drive and receives the necessary keys for
decryption. This ensures that only approved hardware/software can be used.
The keys used should be unique for every disk title and are encrypted by the
CSS Licensing Authority and, usually, the initial scrambling is performed, as already stated, during glass mastering. Security is vital and the keys used and the
encryption algorithms must be kept secret. Only those companies involved in
designing hardware and software for CSS encoding and/or decoding need information on the algorithms and systems used.

4.4.3. Eciency of recent Video Protection Implementations

Although the CSS makes use of a multitude of keys which might indicate a complex encryption and a decoding scheme strongly preserved as secret, the system
is completely insecure. The disk key, which is relevant to deduce the title keys,
only uses a 40 bit encryption, which is itself not an impossible problem when
initiating a brute force key search. Using cryptanalytical methods it is possible
to break down the total computational complexity further to 216 which is barely

4.4 Protecting Video Content on DVD-Video Disks

19

Figure 4.4.: CSS Key System

nothing in todays processing power. So it is very easy to break the encryption of
the video/audio content and convert the video content into a new format [Gra03].
And it is even worse. As described above, the disk key is decrypted using a set
of player keys stored in each DVD player device. Using a similar attack, it is
possible to extract all player keys from a playing device which enable an easy
deciphering of the latest DVDs. There is no need to break the disk keys by brute
force any more.

5. Legal Aspects
5.1. Digital Rights Protection in Germany
Since September 2003 the German legislature has released new laws to protect
copyright holders. This act was mandatory to meet the previously adopted European directives to improve the legal situation for intellectual property [dJ03].
Although not all postulated details by the EU were already realized in this change
of statutes, copyright holders may be pleased nevertheless.
The balance of what is allowed and prosecuted since September 2003 has been
denitely shifted in their favor, cutting o rights of the end-user.

5.2. Circumventing Copy Protections

The new law also encompasses the creation of disk duplicates for backup purposes.
When an end-user is willing to replicate his original media with protected content
to avoid a disaster in case that the original is accidentally devastated, he or she is
allowed to do that as far as no copy protection is circumvented. This is denitely
true for CD-DA and other content (95a to 95d UrhG), for CDs with software
and raw data content this does not have any eect (69a Abs.5 UrhG). Thus, it
is allowed to create up to seven backup copies of your favorite computer games,
but of course, you may not pass it on or even sell it to third parties. The same is
true for discs with other contents, as long as they are not aected with any copy
protecting mechanisms. Thus, circumventing copy protections will be prosecuted
in case that the underlying medium is of any other type like audio, video or
photo CD. Furthermore, not only the act of duplication itself is prohibited, even
the employment and development of tools to support the operation of copying
those disks has been declared to be illegal. This includes the use of programs
like CloneCD, BlindWrite Suite, and lots of more. The legal situation with copy
protection faking and emulation utilities like the DAEMON Tools or other virtual
image managers are yet unknown and will be matter of precedence cases in the
future.

6. Conclusions
Drawing a nal conclusion about the facts, it will reveal that copy protection, in
spite to what their names might imply, does only represent a way to complicate
the creation of a working duplicate. Therefore, some vendors avoid the terminology of copy protection and use a weaker expression of copy control systems
instead.
The actual intention is only to frustrate most people who attempt to create a
simple one-to-one pirate copy from a borrowed medium. It is true that most
copy protection mechanisms have already been broken, for many of them even
exist generic patches or step-by-step circumvention strategies which mean only
insignicant additional eort for a common user who considers a medium replication.
The analysis of this situation clearly shows that only a complete framework of security measures may create a solution which is absolutely secure against copying.
The greatest problem of the current approach is that the authorization infrastructure based on stand-alone players with no secured interfaces is absolutely
inadequate to support an unbreakable solution. It is easily possible to rip o the
music from a CD-DA using a digital output of the CD-player which is plugged
into the digital input jack of a computers sound card. A solution to this might
come with the Content Protection System Architecture as proposed by the 4C
(IBM, Intel, Matsushita, Toshiba) including encrypted interfaces and connections
combined with a better key management than CSS is currently using [Ent00]. As
long as such an or similar approach will be realized, optical disk media are hardly
to prevent from becoming subject of piracy. Another point of criticism is the
realization of compatibility. As postulated by a requirement in the beginning
of this paper (compare chapter 3.2), copy protection should be designed to keep
compatibility to every type of replaying hardware. This is unfortunately not true,
especially for class (A) protections. There are quite a signicant number of player
implementations on the market which are getting dazed by copy protections as
well as resulting in reasonable enragement of customers. Besides the fact that
copy protection are only useful in very limited dimensions, there are known facts
that they even change the customers attitude when considering to buy a copyprotected CD when he or she might risk that the newly aorded disk will not
operate in his or her environment.

A. Appendix
A.1. Listing of CD Protections
CD-Cops
CD-Cops is an envelope protection which is added to the CDs main executable.
Minute dierences are measured to establish the CD-ROMs ngerprint and to
ensure that copies are not accepted. This ngerprint is usually expressed as an
8-digit code or key number. The CD-Cops software which recognizes and either
accepts or rejects the CD is protected by Links Code Security, a system which
has been in use since 1984 [Gam03b].
Protection Class: C
Backup Solution: Use CD-Cops Decryptor to determine new CD-Code from backup copy
Vendor: Link Data Security
Website: http://www.linkdata.com

CD-Protect
CD-Protect works on the principle of direct hardware coding on the CD-ROM.
While trying to read a CD master treated as described, unreadable sectors are
reported. These areas cannot be copied to the hard drive without further intervention of the operating system (Windows 9x/Me/2000/XP). The attempt to
read the CD with a copying software is either directly terminated or takes up
to several hours. Copying to a blank CD is thus hardly possible with the copy
protection [Gam03b].
Protection Class: B
Backup Solution: Use DAO-Copy with defective sector skipping and patch the software accordingly
Vendor: Software & Protection Beisheim e.K.
Website: http://www.holgerbeisheim.de

A.1 Listing of CD Protections

23

CD-Shield SE
CDSHIELD protects/modies a CD-Image by adding sector-errors before it is
burned to a CD-R. This prevents people from making a backup [Gam03b].
Protection Class: B
Backup Solution: As this is a very low-budget solution most advanced backup software should
work
Vendor: Mindestworx
Website: http://www.mindestworx.fr.st

DBB (Dont Bother Burn)

DBBs exact functionality is of course surrounded by strict secrecy, but briey,
the protection comprises several separate security modules which work together
to create the complexity that crackers encounter in their attempts to break the
protection. Among other things, DBB contains instructions that register any
changes made, add a dynamic process that changes the protection sequence between each production and parts of the secret behind DBB and DBB PS is revealed. A strong encryption should ensure that the exact instructions and codes
remain secret [Gam03b].
Protection Classes: B, D
Backup Solution: Not yet published
Vendor: Enet
Website: http://www.enet.com

FADE
Codemasters anti-piracy initiatives receive an additional push with the introduction of FADE, a PC-based piracy protection system that can degrade gameplay
if a counterfeit copy of the game is identied as being played. Codemasters has
equipped the computer game Operation Flashpoint with embedded coding that
can recognize the dierence between counterfeit and real copies of the games CD.
If a pirate CD is identied, the game automatically disables key gaming features
[Gam03b].
Protection Class: C
Backup Solution: Software patches will be required to remove/disable the protection.
Vendor: Codemasters
Website: http://www.codemasters.com

24

Appendix

HexaLock CD-RX
HexaLock CD-RX media are specially made CD-Rs that contain a precompiled
session, which includes security elements that make the disks copy protectable.
The program les are linked to these security elements during the recording process, thus creating a copy-protected CD-R. The authorized mastering process
can be done in one-o mode, or in an automated mode in selected duplication
systems [Gam03b].
Protection Class: C
Backup Solution: Software patches will be required to remove/disable the protection.
Vendor: HexaLock
Website: http://www.hexalock.com

LaserLock
Laserlock uses a combination of encryption software and unique laser marking
on the CD surface made during the special LaserLock mastering procedure, in
order to make copying practically impossible. Every CD-ROM application has
a unique locking parameter that provides a complete protection against illegal
re-mastering and reproduction. LaserLock oers protection for every application
dierently as each application package is characterized by a unique encryption
parameter that is specied during LaserLocking procedure [Gam03b].
Protection Classes: C, D
Backup Solution: Use either a generic LaserLock reader or simply copy the disk using a raw data
mode
Vendor: MLS LaserLock International
Website: http://www.laserlock.com

LockBlocks
The LockBlocks protected CDs have 2 circles, one about 5 mm, the other 3 mm,
which cause a CD-Reader/Writers to lockup when being read. Unfortunately,
more is not known about this type of copy protection [Gam03b].
Protection Classes: B, C
Backup Solution: Software patches are needed to get around this protection.
Vendor: Dinamic Multimedia
Website: http://www.dinamic.com

A.1 Listing of CD Protections

25

Phenoprotect
Phenoprotect produces read errors directly on the CD-ROM in areas which do
not contain any game data, but can be checked by programs. CD Writers report
these as unreadable sections. These areas cannot be copied to the hard drive.
The specic software, e.g. the game and the InstallShield used for installation
can, however, contain instructions from the software manufacturer to check this
erroneous data, if this data is not found when the program starts, it is not an
original version and the game or installation is terminated.
Windows 9x operation systems cannot read the erroneous sections. Any attempt to copy will result in the operation system aborting the process [Gam03b].
Protection Class: B
Backup Solution: Raw disk copy and software patches are required.
Vendor: CodeCult
Website: http://www.codecult.com

RingProtect
A visible circle is added to the CD, with which users can distinguish between an
original and a pirated copy at a glance.
Several checks are added in order for the software to be able to check the les
in the visible circle, and when not found the application should deny to function. The les which are located inside the visible circle are designed not to be
copied, since the circle origin cannot be exactly replicated on known CD-R media.
Furthmore, it will take many hours for a CDRW to read the Ring PROTECH
protected CD, and eventually it will malfunction [Gam03b].
Protection Class: B
Backup Solution: Raw disk copy mode of advanced backup software is required to copy those
CDs.
Vendor: ED-CONTRIVE
Website: http://www.ed-contrive.co.jp

Roxxe
Roxxe CD protection is a combination of hardware and software protection that
should make it impossible to run software from illegally copied CDs [Gam03b].
The vendor of Roxxe promises the following basic requirements:
The original software is modied so that it will not run, without the specic
action of the guard module.

26

Appendix
The guard module recognizes the original CD-ROM, without this detection
the application will not run or will run under considerable restrictions.
Physical key is present on the CD-ROM. This key should not be reproducible, either by disk copying using a CD writer or professional remastering to a silver CD.

Protection Classes: B, C, D
Backup Solution: Not yet published
Vendor: Electronic Publishing Association LLC
Website: http://www.roxxe.cz

SAFECAST
Macrovision SAFECAST is designed to help developers and publishers protect
their pre-release software from unauthorized copying. It uses a software-based
encryption toolkit that is made available to the publisher in order to allow complete control of the encryption process. When a publisher encrypts the gold disk
they can distribute it directly to end users who are then required to contact the
publisher directly or via a web site to obtain access keys to play the program.
The access keys are a cheaper substitute for hardware dongles or other security
mechanisms which often interfere with playing a particular pre-release program
[Gam03b].
Protection Class: D
Backup Solution: Not yet published.
Vendor: MacroVision
Website: http://www.macrovision.com

A.1 Listing of CD Protections

27

SmarteCD
The SmarteCD technology is designed to encrypt and embed an identifying black
hole within the content of each individual product CD resulting in technology
that should distinguish an original, properly licensed CD from a forgery. At the
point of CD replication or duplication, SmarteCD physically alters the CD media
preventing it from duplication or digital reproduction [Gam03b].
Protection Classes: C, D
Backup Solution: A one-to-one backup will seem to be working at once, but requires additional
software patching as the protection will recognize the duplicate at some point during execution.
Vendor: Smarte Solutions
Website: http://www.smartesolutions.com

SoftLock
SoftLock aects each CD-ROM title with a unique locking parameter, namely a
protection code and special mark, consisting of defective errors.
SoftLock uses a combination of:
Encryption software
Unique serial marking on the CD made during mastering procedure.
Special arrangement of les in TOC.
This type of protection makes use of virtually all protection classes [Gam03b].
Protection Classes: A, B, C, D
Backup Solution: Not yet published
Vendor: Assel
Website: http://www.soft-lock.com

28

Appendix

A.2. Listing of CD & DVD Protections

DiscGuard
DiscGuard is an anti-piracy system that eects two basic changes to the software
package:
The main executable les on a DiscGuard-protected CD-ROM are encrypted.
A special digital signature is inscribed onto a pressed CD-ROM, and mapped
into a software decryption key. The digital signature has been designed to
be hardly reproducible by either counterfeiting (re-mastering) or disk burning.
When such an authentic disk is used, a signature decryption occurs rst and,
if successful, the application will be executed [Gam03b].
Protection Class: D
Backup Solution: No generic software patch exists. Thus individual patching is required.
Vendor: TTR Technologies Inc.
Website: http://www.ttrtech.com

DVD-Cops
The DVD-Cops protection is added directly to the main executable before the
actual DVD is pressed. After this a unique access code is extracted from the DVD
which enables the user to install the DVD. From then on, the software should
run only when the original DVD is present in the drive [Gam03b].
Protection Class: C
Backup Solution: Not yet published, but probably similar to CD-Cops mechanism.
Vendor: Link Data Security
Website: http://www.linkdata.com

SecuROM
SecuROM is a CD-ROM and DVD copy protection technology that identies a
genuine CD-ROM or DVD using a special authentication mechanism. During
Sony DADCs mastering process an electronic ngerprint is applied onto the glass
master which assigns a unique number to each CD-ROM title.

A.2 Listing of CD & DVD Protections

29

The most recent version also detects if it is being run from a CD-R media
(V-Rally 2), to solve this just use a CD-ROM, instead of a CD-Writer, to play
the game from.
The latest SecuROM New revision includes Trigger Functions which allow the developer to program multiple and customizable authentication checks
throughout the entire application, providing a stronger copy control than systems
with only one check at program start [Gam03b].
Protection Classes: B, C, D
Backup Solution: First perform a raw data copy, then apply generic patches available on the
Internet
Vendor: Sony
Website: http://www.sony.com

SaveDisk v1-v3
SafeDisc v3 uses an key to encrypt the main executable (EXE or DLL) and
creates a corresponding digital signature which is added to the CD-ROM/DVDROM when they are replicated. The size of the digital signature varies from 3
to 20 MB depending how good the encryption should be. The authentication
process itself takes about 10 to 20 seconds [Gam03b].
Protection Classes: B, D
Backup Solution: First perform a raw data copy, then apply generic patches available on the
Internet (v1, v2) or patch the executable individually (v3).
Vendor: Macrovision Corporation
Website: http://www.macrovision.com

TAGES
TAGES uses new encryption and authentication technologies compatible with
standard multi-media PC computers and drives (a ring of 1 MB secured content)
[Gam03b].
Protection Classes: B, D
Backup Solution: Replacing the protected executable by a xed executable.
Vendor: MPO & THALES
Website: http://www.thalesgroup.com

List of Figures

2.1. CD/DVD Layout . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.
4.2.
4.3.
4.4.

Weak Sectors on Optical Media

Felt-tip Attack . . . . . . . . .
Post-It Attack . . . . . . . . . .
CSS Key System . . . . . . . .

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

2
12
16
16
19

Bibliography
[CDF03]

CDFreaks. Safedisc 2 explained and defeated. Internet Website, 2003.

http://www.cdfreaks.com/article/52.

[Cod01]

CodeMasters. Codemasters fade system. Internet Website, 2001.

http://www.codemasters.com/news/displayarticles.php?showarticle=500.

[dJ03]

Bundesministerium der Justiz.

Gesetz u
ber urheberrecht
und verwandte schutzrechte.
BGBl I 1965, 1273, 2003.
http://bundesrecht.juris.de/bundesrecht/urhg/.

[Ent00]

4C Entity. Content protection system architecture.

http://www.4centity.com/data/tech/cpsa/cpsa081.pdf.

PDF, 2000.

[Gam03a] GameCopyWorld.
Cd-cops copy.
Internet Website, 2003.
http://www.cdmediaworld.com/hardware/cdrom/cd protections cdcops.shtml.
[Gam03b] GameCopyWorld. Listing of copy protections. Internet Website, 2003.
http://www.cdmediaworld.com/hardware/cdrom/cd protections.shtml.
[Gra03]

TTD Graphics. Kopierschutzverfahren f

ur cd und dvd. Internet Website, 2003. http://www.webwitch.de/media/kopierschutz/.

[Hex03]

Hexalock.
Hexalock cd-rw.
http://www.hexalock.com/cd-rx.html.

[Mac01]

MacroVision. Macrovision safedisk v1-v3. Internet Website, 2001.

http://www.macrovision.com/products/safedisc/index.shtml.

[Ser02a]

Deluxe Global Media Services. CD Specication. Internet, 2002.

http://www.disctronics.co.uk/technology/cdbasics/cd intro.htm.

[Ser02b]

Deluxe Global Media Services. D VD Specication. Internet, 2002.

http://www.disctronics.co.uk/technology/dvdintro/dvd intro.htm.

[Son02]

Sony.
Key2audio homepage.
http://www.key2audio.com/.

Internet

Internet

Website,

Website,

2003.

2002.

32

Bibliography

[Son03]

Sony.
Sony securom.
Internet
http://www.securom.com/solution disc.asp.

Website,

[Sto00]

Search Storage.
Compact disc.
Internet Website, 2000.
http://searchstorage.techtarget.com/sDenition/0,,sid5 gci507072,00.html.

2003.