Kemper Profile Security

  • I will preface this post by saying I am a cyber security enthusiast and will take no sides regarding the ethical debate on sharing profiles, free or commercial. This is a thread for technical discussion for the sake of learning.

    I came upon an interesting advertisement: https://www.ebay.com/itm/Offic…-JMP-Aldrich/323060279865

    I noticed at the bottom of the ad there was this:
    After purchase you'll receive a copyright protected specially encoded copy of the profile via E-mail, you will need a Kemper Profiling Amplifier with firmware 4.0 or newer to use this! If you need multiples of the same profile for multiple Kempers please let me know, please do not share these as each file is encoded to the buyer so we will know who it was sold to if it ever ends up on a pirate torrent or other type of pirate site.

    I was immediately skeptical. So a quick google led me to: http://www.groomednoodlers.com….php?f=20&t=2247&start=10
    where EXPcustom claims "I got a way to encode the file to the specific customer that buys the file so if one ends up on a torrent site or is somehow shared globally I can find out who did it..."

    My immediate thought was to embed something in a text metadata field, generate the hash and store a database of the hash to the customer. But this is just as easy to work around as it is to implement.

    Without any under the hood, Kemper implemented profile validation, eventually one has to get a single file to load into the KPA. As soon as you have that it's game over in my mind.

    Are the claims of tracking down pirates just a big bluff? Or do they do something with the hash and hope nobody changes anything? Anyone else have any thoughts?

  • Exactly. Hypothetically because kemper has no security implementations that I know of, the implementation would have to lie in the clever construction of the rig file itself. Which my limited knowledge of cryptography tells me is not possible without changing properties of the file that either render it unusable or are trivially bypassed.

  • It would be possible to put a unique rig tag, or if really ambitious, the Name of the Profile creator could be altered for each Rig sold, and it would be something that could not be edited by other users, and could theoretically be used to backtrack a shared Rig.


    A free Direct Profile prototype of this amp was initially offered by the profile seller to the first person who responded to his post. I happened to be riding home from a road gig, and looking at the forum when he posted the offer. Here is what that prototype rig sounds like, with a Tils 1960 Cabinet, miced with an SM57, added.


    External Content soundcloud.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.

  • Profile files are to some extent based on MIDI format (it is quite possible that they are just MIDI files but instead of standard MThd and MTrk section names Kemper uses KThd and KTrk). This format is not encrypted (at least metadata part) and it is quite possible that Kemper might be ignoring sections which it doesn't recognize (I didn't check that). If that is the case it would be possible to sneak in some kind of digital signature. The other possibility is to find a field in this file which Profiler understands but is not using ("reserved for future use" field, or one that is not displayed anywhere in the UI, and doesn't do anything, or is no longer used) - Kemper is very old product - I'm pretty sure that if you'd poke around long enough you would be able to find such field.


    But who would bother doing that if profiles are usually cheap? I join "BS detected" camp on this one.