Re: hacksdmi?

["Everhart, Glenn (FUSA)" <GlennEverhart () FIRSTUSA COM>]

Interesting. It is clear that the watermark is adding audible
frequencies (note the +1, -1, -1,+1 pattern in diffs) to
"watermark". This is not the kind of steganography that will
merely and inaudibly change the "hiss"; it is adding something
that people will be able to hear. That's not watermarking
sound; that's polluting it and detecting the pollution.

Thanks; I prefer my Brahms unmixed, if you don't mind, folks.


-----Original Message-----
From: Jord Sonneveld [mailto:jsonneve () FORCE STWING UPENN EDU]
Sent: Wednesday, October 11, 2000 1:55 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: hacksdmi?


Hi,

I was actively persuing this hacksdmi challenge, doing research into audio
watermarking etc.

I wrote a program that stupidly twiddled the bits in the business part of
the wav, to each 16 bit short it randomly added between 1 and 4. That
didn't work at all, and the watermark was still recognized.

Conversion to mp3 @ 128kb/s and then reconverting it to a .wav was still
recognized as being watermarked. As this was one of the requirements for
the SDMI algorithm, I didn't really think it would work. And it
didn't. I'm sure that mp3 64 kb/s would get rid of the watermark, but
would ofcourse greatly degrade the quality of the music.

Taking a smarter approach, I wrote a program to do a discrete wavelet
transform on blocks of 1024 pcm samples, and then throwing away between
25-50% of the wavelet coefficients. Sadly, the contest closed before I
could submit a sample. However, I think that this way might have actually
proved successful, as the watermark is usually encoded in parts of the
wav that are, for lack of a better term, 'low information'. What I think
my method does is that it strips out these 'low information' areas,
keeping only the most important parts.

What sdmi needs to do, if they are really interested in having people try
to defeat the watermark, is publish some form of the watermark verifier
that doesn't take 5 hours to run, and doesn't require you to upload a 20mb
file each time.


As always, please feel free to tell me that I'm full of excrement.


Cheers,

Jord.

On Tue, Oct 10, 2000 at 10:34:09PM -0700, Blue Boar wrote:
> Did anyone else download the hacksdmi.org challenges, and take a look
> at them?  I did briefly.  The contest is over, and I think they are
> announcing something tomorrow.  The terms of their agreement were
> more reasonable that I would have thought.  You could have
> the materials... and you really only had to agree to terms if
> you planned on going after the money.  You could release your
> findings, you'd just forfeit any prize.
>
> So, I figure anyone who wanted to play for the money has done so,
> and since the thing is over, we won't be interfering with any
> contest by discussing.  naturally, I have my own political agenda,
> but that part is off-topic.
>
> OK, onto the fun stuff..
>
> For example, for watermark 1, they give 3 files.  samp1a.wav which
> is an untouched .wav, samp2a.wav is the same file, but with a watermark.
> samp3a.wav is a different sound file, but with the same watermark.
>
> So, take a look at this:
> Comparing files samp1a.wav and samp2a.wav
> 00000004: E0 24
> 0000004E: A8 A7
> 00000050: 0E 0F
> 00000056: A4 A5
> 00000058: 4A 49
> 0000006E: 71 70
> 00000074: 93 94
> 00000080: EB EC
> 00000086: 5A 59
> 0000008E: 40 41
> 00000094: 28 29
> 00000098: 94 93
> 000000AA: 2E 2D
> 000000B0: 8B 8A
> 000000B2: BC BD
> 000000BA: 7B 7A
>
> Starting at 4E, the watermarked file has some bytes either 1 larger or
> one smaller than the unmarked file.  I.e. the low-order bit has
> been flipped.  Note that it's only on even bytes.
>
> That's a bit of a short sample, but I don't want to dump any huge files
> on anyone.
>
> The original challenge was to strip the watermark so that the detector
> program (not provided) wouldn't be able to spot the watermark, and that
> some minimum sound quality be maintained.
>
> Anyone else fiddled with this?  Later, I'll write some code as an
> experiment to just zero the low-order bit and see what that does to
> the sound.
>
>                                       BB
>
> P.S. Yes, the whole premise of "secure music" is fundamentally
> broken.  Yes, the minute someone figures the algorithm, the
> watermark is gone.  Yes, converting it to an MP3 would hopelessly
> destroy the watermark.  Yes, this is copy protection, and we know
> that can't be made to work.  At least one story on this whole
> thing says that unnamed techies associated with the SDMI
> initiative pushed for this hacking contest to prove these
> exact points.  Should the SDMI people actually pick some
> technology to try this, I fully expect we will crack it
> within a few days of having code in hand.

--
In a display of perverse brilliance, Carl the repairman mistakes a room
humidifier for a mid-range computer but manages to tie it into the network
anyway.
                                                         -- The 5th Wave