Slashdot Mirror

You can skip the articles they don't tell you much other than what is in the Slashdot Summary. However, the blog entry has the code part on it. Here are all the articles including code entry...

Story:

Ryan Naraine - PC Magazine Tue Jun 28,10:49 AM ET

Norwegian hacker Jon Lech Johansen has cracked the lock on Google's new in-browser video player.

Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers.

Johansen said the patch, which requires the .Net run-time framework, will remove Google's restriction and allow the playback of video files that aren't on the video.google.com server.

The 21-year-old hacker, who faced two trials in Norway in 2002 and 2003 for his role in the release of the
DeCSS decryption software, is a hero to many for his efforts to defeat DRM (digital rights management) mechanisms built into media player technology.

He has been involved in a public cat-and-mouse game with Apple Inc., releasing several tools to bypass the DRM software used to encrypt music sold on the iTunes Music Store. LINK TO: PyMusique Unlocks iTunes Copy Protection. Again. http://www.extremetech.com/article2/0,1558,1779526 ,00.asp

Johansen has also cracked Apple's AirPort Express's encryption and released a proof-of-concept program that allows
Linux users to play video encoded with Microsoft's proprietary WMV9 codec. The proof-of-concept is based on the VideoLan code.

Addict3d.org more details:

Jon Lech Johansen, "DVD Jon", took just one day to build a crack to allow you to play video on your website using Google's VLC-based player.

This means you can publish video that will play on your webpage and will work for anyone who has Google's player installed.

Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

Crack can be found here -

http://nanocrew.net/wp-content/GVVPatch.exe

http://nanocrew.net/?p=114

Blog Entry:

Google has released Google Video Viewer, a browser plugin based on VLC. Here's one of the features they've added:

+ // Google mods
+ const char* allowed_host = \"video.google.com\";
+ char * host_found = strstr(p_sys->url.psz_host, allowed_host);
+ if ((host_found == NULL) ||
+ ((host_found + strlen(allowed_host)) !=
+ (p_sys->url.psz_host + strlen(p_sys->url.psz_host)))) {
+ msg_Warn( p_access, \"invalid host, only video.google.com is allowed\" );
+ goto error;
+ }

This "feature" prevents you from playing videos that are not hosted on Google's servers. Download and run this patch I wrote to remove this restriction. Running the patch requires a .NET runtime.

It is legal to reverse engineer for compatibility if you don't have inside information. It is not ok if you do. It is sad, but a good move for Apple.

RIP DRM Free iTunes, Viva allofmp3 .

Haha, them giving us more freedom? What a joke.

These are some of the same politicians that signed the DMCA into law. If it weren't for people like DVD Jon fighting for our rights as consumers, we would be on the end of the leash of politicians, who in turn are on the end of the leash of big business.
It's up to us to fight for our rights, they're not going to simply hand us over a "less strict" policy out of good will.

That's exactly why the gods gave PyMusique.

You're right, digital signatures and encryption have never been cracked.

~jeff

You're right, digital signatures and encryption have never been cracked.

~jeff

I don't mean to go offtopic, but is Slashdot regularly slower than other tech sites? Are Boingboing and news.com usually so fast (at ~100 minutes)?

His server seems to be /.ed The blog entry is: The iTunes Music Store recently stopped supporting iTunes versions below 4.7 in an attempt to shut out 3rd party clients. I have reverse engineered the iTMS 4.7 crypto which will once again enable 3rd party clients to communicate with the iTMS.

It appears that they ask the application to identify itself and if it isn't iTunes 4.7, it won't download. Sort of reminds me of those websites that checked to make sure you were running IE. That led to other browsers acquiring the ability to misidentify themselves. If that's so, it'll only take a week.

> How long before someone figures out how to make
> PyMusique look like iTunes 4.7?

Already broken again!
http://nanocrew.net/blog/apple/itms47.html

"The iTunes Music Store recently stopped supporting iTunes versions below 4.7 in an attempt to shut out 3rd party clients. I have reverse engineered the iTMS 4.7 crypto which will once again enable 3rd party clients to communicate with the iTMS."

Hm, is Apple to stupid or Jon Lech Johansen just to clever for them?

According to CVS for PyMusique a workaround was checked in 12 minutes ago.

I'm not entirely convinced that legality is the issue (home-taping/burning and modification by the purchased user, if AFAIK "fair-use"). It is more the fear (and in some respects rightly so) of the RIAA and Apple of the said purchased media being deseminated.

Pure and simple, distributing copyrighted material (whether you burn CDs using iTMS tunes or you break the DRM) is illegal. However, what you do with your purchased music in private (e.g. for yourself, on your own computer) is your business, so long as you are not deseminating it to those who didn't buy it, or you are not using the said copyrighted material for public performance. Electronic media, in terms of copyright, does not disallow personal backups, remixing for fun (no profit), or any sort of arbitrary modification. You own that file, albeit, not the media therein (the music in this case).

In the cases of fair-use, home-taping has been defended (likewise photocopying library books for personal/academic/private use). There are certain rights that extend to the public over what they own.

In the case of DVD Jon and others, what they see that they are doing (and arguably they are) is cleverly extending the capabilities of the end-user in lines of usage. When exploited for desemination, profit, and piracy, it is not the process or tool that is wrong, but the use. The tool does have legitamate, legal uses (playing purchased media on your Linux box, for example).

I personally think PyMusique, Hymn, and the FairPlay mechanisms for VLC are legitimate and can (and should) be used for Fair Use. If exploited, like any other tool, for illegal ends, then the people infringing on copyrights should be prosicuted (albeit the RIAA has been in recent years more proactive is fining grandma and various 12-year olds that busting pirating rings).

I have been using Hymn for months now, for fair-use purposes. I buy from iTMS (when you ride the Boston T every morning and evening, your iPod is your best friend) and I frequently get gift cards from family. I and my fiance think it is great, however, if she buys something and I buy something and we want to make a mix CD for our car when we go on a trip, something that allows extended fair-use would be great.

I personally, and I don't think I am alone, think what DVD Jon is doing is great because it is useful to the consumer (although as a side effect, the pirate). The consumer can better enjoy the beniefits of the purchase.

This will probably be corrected by iTMS with a subsequent version of iTunes and I have no problem with that. Apple is there to make money from their sales (so preventing piracy is a good motive) and they have to protect the fidgety record labels who are still uncomfortable with digital media, although CDs themselves are not secure in any regard. Those (like DVD Jon and myself) who see a need as a consumer to modify their legitamately purchased music to use it on all computers/OS they have, should make an effort to archive their media in forms they can use, with the technology at their disposal, and if the DRM system is changed, keep up or enjoy what they already bought.

Somebody mentioned subscription services, and I don't think that subscription services are only legally de-DRMed if you currently subscribe to the service, e.g. it is blantantly illegal to rip and crack a storehouse of music and continue to use them once you no longer subscribe. However, with these models, fair-use would apply to burning CDs for your car, ripping tracks and making MP3s for your iPod or whatever. It is when the use is exploited and people are not being pais is when you have a problem.

The site is hammered, the Coral Cache is working fine though.

Links for the lazy:
Source Code: pymusique-0.3.tar.gz
Debian Package: pymusique_0.3-1_i386.deb
Windows: pymusique-setup.exe

the encryption is already hacked: http://nanocrew.net/blog/apple/revairtunes.html
There is also an C implementation of sf.net (raop-play).

Difference is, JustePort only sends MPEG4

Sure there is. It's called JustePort

huh? do you have any URL's to back up your claim? afaik, apple purposefully used a proprietary algorithm. Jon Lech Johansen (yes... DVD Jon) was the one to reverse-engineer it:
http://nanocrew.net/blog/apple/revairtunes.html

they're the first high-profile implementation of the algorithm that Jon Lech Johansen reverse-engineered:
(http://nanocrew.net/blog/apple/revairtunes.html)

and yes... this is THAT Jon... the one that got yanked into court for reverse-engineering the DVD encryption. all hail Jon! :D

what we need now is for mplayer and VLC and the others to implement airport express streaming directly in the media player...

Oh, like what "DVD Jon" did last August: http://nanocrew.net/blog/apple/revairtunes.html

-ben

... about Real reverse engineering FairPlay (more power to them)

I feel compelled to correct that: as was probably pointed out in the previous Slashdot coverage, it wasn't Real who do did the difficult reverse-engineering, it was "dvd Jon" Lech Johansen (for the open-source media player VLC -- I assume so that he could listen to iTunes-purchased music on his Linux PC, kinda like DeCSS). From a post his blog:

Q: Has the Harmony project met your expectations?
A: No, it has blown them away. We took the decision at the beginning of the year to implement Harmony. It really went back to some things we were working on before, where we've had good experience with creating technology with interoperability in the past.

... about Real reverse engineering FairPlay (more power to them)

I feel compelled to correct that: as was probably pointed out in the previous Slashdot coverage, it wasn't Real who do did the difficult reverse-engineering, it was "dvd Jon" Lech Johansen (for the open-source media player VLC -- I assume so that he could listen to iTunes-purchased music on his Linux PC, kinda like DeCSS). From a post his blog:

Q: Has the Harmony project met your expectations?
A: No, it has blown them away. We took the decision at the beginning of the year to implement Harmony. It really went back to some things we were working on before, where we've had good experience with creating technology with interoperability in the past.

Indeed. Does the book even say anything about decrypting your iTMS tunes?

http://nanocrew.net/software/
http://www.hymn-project.org/

That's DVD Jon's hi-definition brother.

good thing I disinfect my ITMS music. wow, that was really hard. try doing that with an encrypted WMA file.

The Apple Airport Express is what I use to stream my music library to my stereo system, its an amazing device which works great with linux considering it uses open standards.

Open standards? Last I heard, DVD John had to reverse engineer the Airport Express streaming encryption. Hardly an open standard.

That said, they are nice little boxes with excellent audio quality and CHEAP!

In that case, FairPlay is also open: drms.c and DeDRMS.cs. MD5 and AES.

as in:

DeDRMS.exe MyMusicFile.aac

...you mean? Get it here. It's C#, so also for Linux.

Don't tell anybody, but this must actually break the iTunes DRM good and hard

Don't tell anybody, but this must actually break the iTunes DRM good and hard

So will the EFF step in, like they did for DVD Jon? Speaking of whom, he dealt with Apple DRM a long while back, so Real haven't done anything new in reverse engineering it.

But our buddy Jon Johansen (of DeCSS fame) reimplemented it in 210 lines of C# code:

http://www.nanocrew.net/blog/apple/huntingplayfair .html

Thanks Jon!

DeDRMS
hymn

find ~/Music -iname '*.m4a' -exec perl -pi -e 'BEGIN{$b=0}if(!$b){if(s/geID\x00\x00/DIeg\x00\x00 /){$b=1}}' {} ";"

DVD Jon on VLC and Apple's iTunes singles
Jon "DVD Jon" Johansen writes, in reference to VLC's support for iTunes's M4P DRM format:

In case you didn't know, I'm a VideoLAN developer. I reverse engineered FairPlay and wrote VLC's FairPlay support. It's been available in VideoLAN CVS since January, but the first release to include FairPlay support is VLC 0.7.1 (released March 2.).

Just wanted to let you know that once you have generated the user key file(s), you can copy them to as many computers you want and play your M4P files there using VLC.

If you're having trouble playing your legally bought music, you might want to try this command:

find ~/Music -iname '*.m4p' -exec perl -pi -e 'BEGIN{$b=0}if(!$b){if(s/geID\x00\x00/DIeg\x00\x00 /){$b=1}}' {} ";"

If iTunes plays your fixed files but won't transfer them to your iPod, delete the entries from your iTunes library and then readd the files.

MD5(DeDRMS-0.3.tar.gz) = 9a3fe1940771e8b55fdf1f77d019bd8d

If you're having trouble playing your legally bought music, you might want to try this command:

find ~/Music -iname '*.m4p' -exec perl -pi -e 'BEGIN{$b=0}if(!$b){if(s/geID\x00\x00/DIeg\x00\x00 /){$b=1}}' {} ";"

If iTunes plays your fixed files but won't transfer them to your iPod, delete the entries from your iTunes library and then readd the files.

MD5(DeDRMS-0.3.tar.gz) = 9a3fe1940771e8b55fdf1f77d019bd8d

> Anyone know the guys email address?

His web address is http://nanocrew.net

Just get Jon Johansen to do the damn job!

DeDRMS does not remove the UserID, name and email address. The purpose of DeDRMS is to enable Fair Use, not facilitate copyright infringement.

DRM crackers?

"production, sale or distribution of hacking tools"

Assuming that includes DeDRMS, it's a good thing that Norway's not part of Europe!

(Oh no it isn't).

playfair might not be hosted in Norway, but DeDRMS is:

http://nanocrew.net/software/DeDRMS/DeDRMS-0.1/DeD RMS.cs

Written by DVD-Jon, who also wrote the decryption code that playfair uses.

Sorry to say this but, unlike with DeCSS where you were allowing Linux users to view DVDs, this time you've gone too far.

You may think you're doing the right thing "liberating music for one and all" but you really aren't. Thanks for fucking it up for all of us, asshole. I hope Apple, the RIAA and the BPI come down hard on your ass now that the EUCD and DMCA are in place.

Silly Roxton. Hit the preview button.

http://www.nanocrew.net/blog/apple/qtfairuse.html

I notice that Jon Johansen's blog has been down for a number of days.

This is, of course, the QTFairUse guy.

That's true, it's been all around the news for a while now.

Consult Google News.

He released the code in his blog (site is currently down, google cache is too old). I'm not sure, but his site hasn't been available for several days.

Hi,

I'm the author. Thanks for discussing my piece. Here are some points to consider.

1) Moral hazard does not mean the record industry has 'morals'. It's a technical term - like grep, or chmod. It means that one party in a contract can take hidden action - like your babysitter - because you can't effectively monitor or influence them.

2) I'm arguing that the record industry should provide free music - not the other way around. Insurance is just another form of free music - whether you get reimbursed in money that you can spend on free music, or free MP3's, or free music vouchers.

3) An efficient market is not a monopoly. An efficient market for music is what all of us really want: a place where we can pay as much for music as the value we derive from it. The problem we're all facing is that the market for music is inefficient - that the music industry can price-fix, gouge, shirk on it's contract, and earn more profits by exploiting such tactics.

4) I'm not 'trying to give control to the RIAA'. In fact, it's the other way around. Read what DVD Jon has to say about buying into DRM - iTunes is nice, but by buying into it, you're also buying into DRM. I'm trying to argue that DRM sucks - and that entirely new business models are the only thing that will work - and iTunes is just the same old model wrapped in a nice interface. I'm trying to prove why the RIAA wants the game to stay the same - so it can keep selling the same old risky contract to all of us, in exchange for greater profits.

4.1) Not all MBA's are beancounters. Get over it.

Umair

It makes piracy a hassle for whom? Certainly not the pirates. They'll just go on sharing perfectly unenecrypted files.

DRM only inconveniences the people who are paying for their music.

Exactly. In reality, there are only a few types of people out there in terms of music, and piracy in general:

• Die-hard Piraters: These people will pirate whatever they can, from whatever source. They pay for nothing, ever, be it software or music, movies, etc. VERY legally Liable
• Convenience Piraters: If it's easy, and they think that the legal way of getting it is too expensive/inconvenient/restricting, they'll pirate stuff, but only at near-zero risk of getting caught. Only really liable to RIAA, and not worth pursuing.
• Non-pirates, but Hackers (us): Won't do it because their morals actually tell them that even if it IS easy, if there is NO chance of getting caught, it's still wrong, and so they don't pirate anything because of morals, but wanting to help the little guy too.
• RIAA and MPAA Lackeys: These people are the absolute angels to people like the MPAA and the RIAA. Do what you're told, buy our things at our terms, and we'll all be happy. Ya right, but they do exist, and at least they are safe from lawsuits (probably, but DMCAv2 and other things may make even the innocent guilty).

The first group are NOT in large supply, but do provide a fair amount of content you otherwise wouldn't see, like movies out before they are in theatres, cracked full versions of expensive software tools (almost any Adobe product), etc. These people are NOT going to be stopped by anything short of MASSIVE inconvenience to pirate something, or uselessness even if they did. CD Keys for Online Play are a good example of foiling these people, at least to a degree. Games that have MOST of their value online (Quakes, *Craft, etc) will lose relatively fewer players to piracy, since the CD Keys will keep the online stuff straight (for the most part. I know that there are workarounds, etc, but this is in general).

The Second group, of what I call "Convenience Piraters" is quite a large group. Most people who download music that they didn't buy fall into this catagory. They are also the group that is most easily targeted by Online Music Services like iTunes. Most times, the things pirated by them they see as not hurting anybody, and/or that it's overpriced anyways (music fits this perfectly). A moral discussion about this is a whole topic in itself, but most of these people don't see what they are doing as really "wrong", or else they probably wouldn't do it, because they are basically good people.

The Fourth group of Lackeys is self-explanatory.

US! Some of us sometimes fall under Convenience Pirates, but most of the time we don't. But most of us believe in Fair Use, and we make many great tools that let us use our LEGALLY obtained media and other things. MPlayer should be completely legal everywhere, as any other "player" should be. Same thing as DeCSS. The first group of rampant pirates use tools like DeCSS to pirate and hurt people, but people like us use them for playing our stuff, not distributing it to 100k people.

We are the most misunderstood group, but also often the easist to target with lawsuits, like Jon Lech Johansen with DeCSS, and recently with the iTunes crack. We want to use our legally purchased stuff however we want, and even though bad apples (that first group again) will misuse it, that doesn't mean that it should be illegal.

It is ironic how Sony went to bat for the consumer in the BetaMax case with VCRs, and is now on the RIAA's side for music. These companies need to realize that if iTunes distributed music in OGG format, that piracy would not go up much, if at all. People would be HAPPY with what they have, and any distribution of such files would be 100% illegal, with NO legal middle ground. (For those who don't know, in the early da

http://www.nanocrew.net/software/QTFairUse.tar.gz

For anyone with the Jazpiper portable player John johansen (of DeCss fame) has written a driver and a command line utility fot linux called Openjaz