December 13, 2011 at 15:17“Protect” mp3 files at amazon.com
Hello.
Not so long ago they gave at work a task to study the fact of the presence of any hidden information in the required mp3 files. Because it was not exactly known whether there was something in them or not, the task seemed almost unsolvable. At one time, he wrote a diploma on the topic of hiding information in audio files (audio steganography) and imagined that if you wanted to hide something, it would be almost impossible to detect. First of all, I began the search by reading the ID3 tag fields, I remembered that there was, in particular, the Lyrics tag (which serves to save the lyrics), the contents of which are not displayed in the same winamp.
In fact, this field turned out to be empty.
After some time talking with Google, I first came across an article about Amazon MP3 ( http://en.wikipedia.org/wiki/Amazon_MP3), and then on the songs on amazon.com, which contain a certain “unique purchase identifier”. The article will be devoted to the study of this identifier.
Let's go in order.
September 25, 2007 amazon.com launches a public beta version of the online music store, which in early 2008. became the first music store to sell music without digital copyright protection (DRM). We learn from the same article on the wiki that, initially, Amazon did not sign the mp3 files it sells with a digital watermark, some files were signed with labels to identify the seller, but not the buyer.
Since 2011, the company’s policy has changed and for some compositions they began to explicitly write that they contain a unique identifier for the purchase.
A couple of these tunes:
http://www.amazon.com/Silent-Night/dp/B0047E6AR2/ref=pd_sim_dmusic_t_5?tag=acleint-20
http://www.amazon.com/gp/product/B005I0DKPO/ref=dm_dp_trk1
Official information on the site Amazon:
http://www.amazon.com/gp/help/customer/display.html/ref=dm_adp_uits?ie=UTF8&nodeId=200422000
If in Russian: the downloaded file will contain a unique purchase identifier, purchase date / time, etc. information about which below.
Download data on the forehead of the composition did not work (Amazon swears and says that he can only sell them in the United States). I had to ask my American friends and after a while I had the same song on my hands, but downloaded independently by two different people from different accounts in Amazon. In appearance, the files were exactly the same, the size coincided to a byte.
But since Amazon wrote that it included a download identifier in each mp3 and decided to check two existing files bit by bit and found differences immediately.
At the beginning of each encrypted file there is a private frame starting with PRIV and then xml.
Here is an example:
Separately xml:
(Part of the data was deliberately changed)
And what do we see:
C2br1vaR - Amazon random numbers assigned to
Amazon.com order - Amazon.com store name
2011-12-08T03: 10: 50Z - Date and time of purchase Songs
00011805301110 - Apparently this is an identifier for the album (Universal Product Code)
USAG21130102 - International Standard Number for Audio / Video Recordings
KRXaw + vu1wr8bB2cCNxJScKWcFKk7fDg - the number of the sales transaction that are linked to the credit card number, address, etc. in the Amazon database
user-name - customer identifier (initial part of the customer email)
Next are a few more parameters. Most likely this is a digital signature by which it will be possible to determine whether the file was modified or not.
Having this information on hand, you can clearly determine who, from whom and when bought this composition. And if this record is later posted somewhere ... then it will be clear where the legs grow from.
According to our own observations, this PRIV section, together with xml, occupies about 8kb of mp3-file (more precisely, the directly needed information takes less than 1kb, the rest is supplemented with zeros)
...
...
In this case of information hiding, non-destructive audio data steganography takes place, i.e. the embedded data does not affect the audio data themselves, but hides in the service fields, which are not displayed in the most common ID3-Tag scanners.
In one foreign blog, a craftsman has already posted a program that removes "Amazonian information" - http://invertedsky.net/desiccate/ .
It can work in batches, it can analyze files at first and tell the user whether these fields are in the file or not.
Googling, I came across another import blog, the owner of which made an ID3-Tag viewer, able to read all frames in an mp3 file according to standards - http://glassocean.net/perrys-id3-tag-viewer/ .
Thus, the most common at first glance (and rumor) mp3-cabinet can contain a lot of useful and even confidential information.
Listen to good music and be careful when sharing music!
Not so long ago they gave at work a task to study the fact of the presence of any hidden information in the required mp3 files. Because it was not exactly known whether there was something in them or not, the task seemed almost unsolvable. At one time, he wrote a diploma on the topic of hiding information in audio files (audio steganography) and imagined that if you wanted to hide something, it would be almost impossible to detect. First of all, I began the search by reading the ID3 tag fields, I remembered that there was, in particular, the Lyrics tag (which serves to save the lyrics), the contents of which are not displayed in the same winamp.
In fact, this field turned out to be empty.
After some time talking with Google, I first came across an article about Amazon MP3 ( http://en.wikipedia.org/wiki/Amazon_MP3), and then on the songs on amazon.com, which contain a certain “unique purchase identifier”. The article will be devoted to the study of this identifier.
Let's go in order.
September 25, 2007 amazon.com launches a public beta version of the online music store, which in early 2008. became the first music store to sell music without digital copyright protection (DRM). We learn from the same article on the wiki that, initially, Amazon did not sign the mp3 files it sells with a digital watermark, some files were signed with labels to identify the seller, but not the buyer.
Since 2011, the company’s policy has changed and for some compositions they began to explicitly write that they contain a unique identifier for the purchase.
A couple of these tunes:
http://www.amazon.com/Silent-Night/dp/B0047E6AR2/ref=pd_sim_dmusic_t_5?tag=acleint-20
http://www.amazon.com/gp/product/B005I0DKPO/ref=dm_dp_trk1
Official information on the site Amazon:
http://www.amazon.com/gp/help/customer/display.html/ref=dm_adp_uits?ie=UTF8&nodeId=200422000
If in Russian: the downloaded file will contain a unique purchase identifier, purchase date / time, etc. information about which below.
Download data on the forehead of the composition did not work (Amazon swears and says that he can only sell them in the United States). I had to ask my American friends and after a while I had the same song on my hands, but downloaded independently by two different people from different accounts in Amazon. In appearance, the files were exactly the same, the size coincided to a byte.
But since Amazon wrote that it included a download identifier in each mp3 and decided to check two existing files bit by bit and found differences immediately.
At the beginning of each encrypted file there is a private frame starting with PRIV and then xml.
Here is an example:
Separately xml:
(Part of the data was deliberately changed)
And what do we see:
C2br1vaR - Amazon random numbers assigned to
Amazon.com order - Amazon.com store name
2011-12-08T03: 10: 50Z - Date and time of purchase Songs
00011805301110 - Apparently this is an identifier for the album (Universal Product Code)
USAG21130102 - International Standard Number for Audio / Video Recordings
KRXaw + vu1wr8bB2cCNxJScKWcFKk7fDg - the number of the sales transaction that are linked to the credit card number, address, etc. in the Amazon database
user-name - customer identifier (initial part of the customer email)
Next are a few more parameters. Most likely this is a digital signature by which it will be possible to determine whether the file was modified or not.
Having this information on hand, you can clearly determine who, from whom and when bought this composition. And if this record is later posted somewhere ... then it will be clear where the legs grow from.
According to our own observations, this PRIV section, together with xml, occupies about 8kb of mp3-file (more precisely, the directly needed information takes less than 1kb, the rest is supplemented with zeros)
...
...
In this case of information hiding, non-destructive audio data steganography takes place, i.e. the embedded data does not affect the audio data themselves, but hides in the service fields, which are not displayed in the most common ID3-Tag scanners.
In one foreign blog, a craftsman has already posted a program that removes "Amazonian information" - http://invertedsky.net/desiccate/ .
It can work in batches, it can analyze files at first and tell the user whether these fields are in the file or not.
Googling, I came across another import blog, the owner of which made an ID3-Tag viewer, able to read all frames in an mp3 file according to standards - http://glassocean.net/perrys-id3-tag-viewer/ .
Thus, the most common at first glance (and rumor) mp3-cabinet can contain a lot of useful and even confidential information.
Listen to good music and be careful when sharing music!