Page 5

from Where I'm From (Arista/Sony 2005)--and three albums that used MediaMax version 5--Peter Cetera,

You Just Gotta Love Christmas (Viastar, 2004); Babyface, Grown and Sexy (Arista/Sony, 2005); and My

Morning Jacket, Z (ATO/Sony, 2005). Unless otherwise noted, statements about MediaMax apply to both
version 3 and version 5.

Installation

Active protection measures cannot begin to operate until the DRM software is installed on the user's system.

In this section we consider attacks that either prevent installation of the DRM software, or capture music
files from the disc in the interval after the disc has been inserted but before the DRM software is installed
on the computer.

4.1

Autorun

Both XCP and MediaMax rely on the autorun feature of Windows. Whenever removable media, such as
a floppy disc or CD, is inserted into a Windows PC (and autorun is enabled), Windows looks on the disc
for a file called

autorun.inf

; if a file with that name is found, Windows executes commands found in

it. Autorun is commonly used to pop up a splash screen or simple menu, for example, to offer to install
software found on the disc. However, the autorun mechanism will run any program that the disc specifies.

Other popular operating systems, including MacOS X and Linux, do not have an autorun feature, so this

mechanism does not work on these systems. XCP ships only Windows code and so has no effect on other
operating systems. MediaMax ships with both Windows and MacOS code on the CD, but only the Windows
code can autorun. The MacOS code relies on the user to double-click an installer on the CD, which few
users will do. For this reason, we will not discuss the MacOS version of MediaMax further.

Current versions of Windows ship with autorun enabled by default, but the user can choose to disable it.

Many security experts advise users to disable autorun to protect against disc-borne malware [6]. If autorun is
disabled, the XCP or MediaMax active protection software will not load or run. Even if autorun is enabled,
the user can block autorun for a particular disc by holding down the Shift key while inserting the disc [13].

This will prevent the active protection software from running.

Even without disabling autorun, a user can prevent the active protection software from loading by cov-

ering up the portion of the disc on which it is stored. Both XCP and MediaMax discs contain two sessions,

with the first session containing the music files and the second session containing DRM content, including

the active protection software and the autorun command file. The first session begins at the center of the
disc and extends outward; the second session is near the outer edge of the disc. By covering the outer edge
of the disc, the user can prevent the drive from reading the second session's files, effectively converting the
disc back to an ordinary single-session audio CD. The edge of the disc can be covered with nontransparent
material such as masking tape, or by writing over it with a felt-tip marker [27]. Exactly how much of the
disc to cover can be determined by iteratively covering more and more until the disc's behavior changes,
or by visually inspecting the disc to look for a difference in appearance of the disc's surface which is often
visible at the boundary between the two sessions.

4.2

Temporary Protection

Even if the copy protection software is allowed to autorun, there is a period of time, between when a
protected disc is inserted and when the active protection software is installed, when the music is vulnerable
to copying. It would be possible to have the discs immediately and automatically install the active protection
software, minimizing this window of vulnerability, but legal and ethical requirements should preclude this