Slashdot Mirror
Descrambling CSS w/ 7 Lines Of Perl A DMCA Violation?
Here's the script:
$_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a=unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9
,$_=(map{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t
^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271))
[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
A rewrite, using an extra five bytes (!) of perl code, caches a table, which apparently makes the program fast enough to decode a movie in realtime:
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
As Touretzky writes on his Gallery page, typical usage is just: cat /mnt/dvd/VOB_FILE_NAME | qrpff 153 2 8 105 225 | extract_mpeg2 | mpeg2dec -
The point is that the DMCA is blatantly unconstitutional (as interpreted by the courts [so far]). But the courts unconstituional interpretation doesn't mean that we have to sit back and pretend the king has clothes. So, we ask, again and again, is this a violation, is this a violation, to point out that these violations of the DMCA happen also to be speech, which proves the point: the DMCA (as interpreted by the courts) is Unconstitutional (it violates the first amendment).
The way Congress works, most of the people who voted for that bill never looked at it. It was a bi-partisan initiative with strong financial backing. The committee that recommended it considered that it would be another limit on fair use, but they probably never considered its effect on programmers and its conflict with the First Amendment. I tend to think they were looking at a law with powerful backers and few visible enemies and voted the way they thought would make them look good and help the country. Who would vote against a flashy name like Digital Millenium Copyright Act?
-the Pedro Picasso
(sourceCode == freeSpeech)
--
--
(sourceCode == freeSpeech)
Mine:Art is a human expression meant to evoke an emotional response.
I'm not right, really, but neither are you. I would say most code isn't art. I would also say code can be art. After all it is only a set of choppy written instructions. Are recipies art? Is command based haiku art? Is this post art?
(Answers: yes, yes, no)
-the Pedro Picasso
--
--
(sourceCode == freeSpeech)
The program itself is pretty awesome, but even more so is his use of -w. Now that takes guts.
It was on the BBC's web site, etc., a few weeks ago. The law was just passed, though presumably hasn't taken effect yet. The recording racket and friends wanted a tougher law, which made sharing files with strangers a crime, but didn't get it.
I found placing the code snippet in various email program's X-headers works great too.
With a little work, a mail program could enocde this work of art uuencoded into the Message-ID header. Why? When anyone replies or forwards your email, they will resend your CSS code!
X-Comment: ALL YOUR BASE ARE BELONG TO US
He couldn't sue himself under the DMCA any more than he could sue himself under copyright law for copying his own works.
He could try suing DVD makers, but he'd have a hell of a time getting it through court. You see, if he encrypted his DVD with CSS and his own key, then commercial DVD players wouldn't decrypt it. If he encrypted his DVD with CSS and at least one of *their keys*, then he'd have a hard time convincing a judge that the key choice wasn't implicit consent for them to perform decryption.
2^40 is what, one trillion? But there's a couple hundred DVD player keys, so only a few billion files need be generated before a legally useful one is found. So a 1 kilobyte copyrightable file would require just a few terabytes of storage for this workaround... that's not cheap, and I think you'd have a really hard time convincing His Honor that there was any purpose to all this other than pissing off the court.
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to use according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
END .SIG
I was kinda hoping to create somthing that could spell out the evils in a tolerable length/readability. Other than manditory commercial viewing and region codes what else does an open source version wreck for the MPAA?
Novel theory: Modern Man evolved from psychopath
you know, if someone did something to "encode" that little perl script, so it ended in say, pig latin, then it wouldn't be functional code anymore, no?
Then, add a script up at the top of the page, mark it "DMCA Violating PLCPS (Pig Latin Copy Protection Scheme) Script", that nicks off the last two characters... and technically, haven't you protected yourself? Because the only DMCA violation is in fact the De-PLCPS script, no? That other thing is protected under a copy-protection scheme and isn't even usable, therefor, what's there to complain about? Sure, I'm sure the owners of De-PLCPS might take offense to your violation of the DMCA, but then again, that would be THEIR problem, not the DVD-CCA's, no?
I'm sorry, but those 7 lines of perl, even as cryptic as they are, sure look a lot simpler to me than the usual DeCSS.c code that's been floating around the net. Whoever wrote the perl code must have done a great job finding the logic behind those tables of numbers. I'm sure that you could turn this perl code back into readable C, and it would be much clearer than the original DeCSS.c. What's more, it'd probably be easier to do it starting from this perl code, than starting with the C code and redoing the work of analyzing the integer tables.
...I've tried to clean up the code a bit, undid the little compression trick they did ('x' == 'pack+'), and still can't make heads or tails of it.
Would anyone care to explain exactly how this works, in english (or should I just wait until the notes from the seminar are online)?
I'm hoping the authors entered this code into the Obfuscated Perl Contest. Then they can claim this code has two uses: descrambling CSS and teaching good programming style through the use of a bad example.
Meldroc, Waster of Electrons
Of course you own something when you buy it.
... a limited monopoly in trade for opening something up for public use.
What proof do you have that you don't? The word of companies like Microsoft with their EULAs and the RIAA and MPAA who try to take away your ability to use the CD/DVD that you own?
Well, what do you think they'll say? They hope that people will believe them. And they hope they'll do what you did, pass that on to others.
Their view of copyright is incredibly short sighted. I really don't see why they deserve copyright protection anymore. Seriously. Copyright is a social contract
The MPAA/RIAA/Software publishers are trying to have the 'limited' part of the monopoly removed, and to take away all your rights to do anything with the work that they don't want you doing.
They aren't living up to their side of the bargain, thus the contract is void.
Now, they can claim anything they like, about how you'll join satan, and undermine capitalism, if you violate THEIR rights, but I don't see them saying anything about your rights. And it's not just a case of "well don't buy it." They're counting on your tax dollars funding the legal system which is granting them this unlimited monopoly, so they're taking from you and giving nothing back.
Anyways, as I see it, their laws are the product of bribery. They lobbied for those laws, which means paying politicians in "campaign funds", then they bribe judges like Kaplan (Dunno if they paid him, or if it was enough that he worked for them before and got paid then) to give weight to their laws. In my view, that's not a valid law. Like a contract for illegal activities isn't a valid contract.
I choose not to follow those laws. I honor copyright as I see it. Limited monopoly, a guarantee to the author that they'll be the first to profit from their work. I don't see it as a right for the author to control everything I do with their work, so I don't feel obligated to follow laws that they buy which say that.
I agree with your assesment of the video media. You buy it, you can use it in any way that doesn't conflict with existing law. (You can't copy and distribute it, and you can't kill someone with it (Britney Spears music...))
But you're wrong when you say you that you license software...
They only software you license if something you buy specifically from a contractor, a company that sells you a specific limited site license for a special deal, or shareware.
In the first case it's because you're paying the contrator for the product. You decide which rights you want and then bargain over the value of those. With the specific site license, that'd be like Adobe selling you 100 copies of Photoshop for an 80% discount because you could show that it was all going to be used in a way that they approved of (to teach people who might later buy their own copy for example) and you were both making concessions in the deal (them price, you in what you can do with it.)
And finally and most importantly, shareware. If you download a program off of CNET (or anywhere else) there's no payment on your part so you have no right to expect it'll do anything. You then get it and can agree to a contract allowing certain use in trade for certain payment (maybe nothing, maybe a post card, maybe $$..)
But with commercial software, you buy it at the store and take it home, where you find the 'contract'. At that point, the contract isn't valid. You purchased all required rights to the software already. It's invalid for a number of reasons.
1) You can't put limits on an existing contract (it becomes a new contract, which requires new agreement and especially, new consideration (compensation)). I can't see you a car and then call up later and say that you have to buy gas from me. I can offer you an exclusive gas contract in trade for something, free tires, a low price, whatever, but it's only an offer until you accept.
2) The 'contract' in the form of a click-through license attempts to prevent your use of *YOUR* software (you paid for it at this point) by requiring you to agree to their contract. That's duress. You're not bound by agreements made under duress. Simply click 'Yes' and ignore it...
3) That contract doesn't even offer you anything, just the ability to use your software, so you don't get anything out of it. A contract that doesn't have compensation for both parties isn't valid. Again, click 'Yes' and ignore it.
Certainly don't take the corps' word on any of this, they stand to gain by making you believe you have more obligations than you really do.
Nope, you're thinking about unlambda.
Personally, I consider that way of thinking bassackwards but that's just me. Playing Devil's Advocate I could see arguements in favor of such a viewpoint.
I don't want knowledge. I want certainty. - Law, David Bowie
Well, this is deliberately bad. If the author had used descriptive variable names with more than one letter, used whitespace, and taken other steps to make it readable, I'm sure it wouldn't be so bad.
(IMHO, though, there is no valid use for the ternary operator '?:' other than making code hard to read.)
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
xine doesn't include CSS support by default. You can get a version of Xine with libcss support at the Xine resource page (along with a DXR3-enabled version, if you have that card). OMS links to libcss as well. So neither program actually includes it, but they link to it. As well, LiVid developer Matt Pavlovich was charged under the DMCA in California court for distributing DeCSS - strange, since he isn't a California citizen, and he was really (as far as I can tell) distributing css-auth, the non-ripper version of the CSS decryption scheme.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
What worries me is that DMCA-like laws may be quietly pushed into force in other nations, like my own, which tends to bend over for any large US entity that tries to lean on it. In Canada, it would be even worse; we have no system of "fair use" up here, only a very strictly defined system known as "fair dealing", which basically says the copyright holder can set whatever limits they want on use of their work, and anything else in infringement. Just posessing DeCSS/css-auth could be very quickly made illegal up here.
Someday, you're going to die. Get over it.
Hand write your representatives and inform them of your digust with this law.
This may be more effective with new reps than incumbents, as the DMCA was unanimously passed. New reps might not have been subject to MPAA lobbying efforts yet. Some incumbents might (hell, probably did) pass the law without really understanding what it does; there was a letter in 2600 a couple issues back about a guy who runs into a southern Senator and explains to him why the DMCA is a bad thing.
Someday, you're going to die. Get over it.
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
They were dragged kicking and screaming into greater profits that time, and this time will be no different, unless you prefer a police state.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
[my emphasis]
Where I come from, If I bought the disk I own it, and the people who sold it to me can go whistle if I do something they don't like with it. But Merka, of course, is the land of the free...
I'm old enough to remember when discussions on Slashdot were well informed.
<thinks>
Another parochial Merkin </thinks>
What if the reverse engineering were done overseas, say in (just as an example) Norway? What would be illegal about that? Or did you think the DMCA somehow covered the whole planet?
I'm old enough to remember when discussions on Slashdot were well informed.
I'm not saying you're wrong, but that's the first time I've heard that; can you provide a reference? I thought this was stictly Merkin nonsense.
I'm old enough to remember when discussions on Slashdot were well informed.
> Now if you use < you have to hit up arrow,
> and do some retyping, cutting and pasting..
>but with cat you can hit up arrow,
>move to the right place, and type frob
> and a pipe!
Redirection doesn't have to go at the end
of the arg list. You're allowed to say
<file qrpff | extract_mpeg2 | mpeg2_dec
Now interpolating something before qrpff
is as simple as point + type.
-Tom Duff
See Tom's object-oriented tutorial for an example of clear perl writing. Perl is quite like a natural language. You *can* write obfuscated perl. But then again, you *can* write obfuscated English. Try this one:
Perfectly valid English, but almost impossible to read. Conversely, English can be very clear - and so can perl.perl -e 'fork||print for split//,"hahahaha"'
or you could put it in the public key section of your slashdot userinfo
Besides, let me explain what's most likely to happen now: People like Randal Schwartz and his crowd could probably reduce "War and Peace" to a JAPH. I suspect you'll see an unoffical competition among the perlites over the next few weeks to see who can chop more bytes off this code. That, in turn, will keep it in the news even longer, which is certainly a "Good Thing(TM) ".
- Read section 202.
Why? Doesn't seem relevant. Example:- Ownership of a copyright, or of any of the exclusive rights under a copyright, is distinct from ownership of any material object in which the work is embodied.
IANAL, but this looks about the most innocuous part of the DMCA to me.If you write a book, and sell a copy to me, then you retain copyright. I am bound by your copyright, and my actions are restricted in certain ways, e.g. I cannot print copies of your book and sell them myself.
If you write a piece of software / author a DVD, and sell a copy to me, then you retain copyright. I am bound by your copyright, and my actions are restricted in certain ways, e.g. I cannot cut copies of the software / DVD and sell them myself.
This code is a reimplementation of the algorithm that sits inside of every DVD player. It allows anyone to access their DVD movies with the flexibility and fair use rights that the movie studio's do not want you to have. Movie studio's do not want you to: fast forward through commercials, be able to backup your expensive movies, or be able to use imported DVD's.
If you're new to Unix, I think that orabidoo means:
/mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2dec -
qrpff 153 2 8 105 225
Hey, it's one less process!
-- You can't idiot-proof anything, because they're always coming out with better idiots.
Great. I lost the '<' in my command. I guess 'Plain Old Text' just ain't what it used to be.
-- You can't idiot-proof anything, because they're always coming out with better idiots.
It IS encrypted using rot-0 :-]
Just because you bought the disc, don't expect to use it in some way in which its owners don't approve
Since you are the owner of the disc, by copyright's first sale principle, this is a tautology, unless I suppose you have multiple personality disorder.
Yes, but it shows very nicely how absurd the DMCA is. It shows that code, in a way, really is like speech, and making such things illegal really is constraining the right on free speech.
Five lines of Russian are just as incomprehensible to me as that perl program; Does that mean books published in Russian are not covered by the right to free speech? I don't think Joe Redneck is going to argue that only English is covered..
.sig: Now legally binding!
Get real my friend. Whose fault is it that the popular media and pop culture in general doesn't understand us? I have no responsibility to explain myself and anyone else who feels that if they make something work in a nonconventional manner to the mindless masses. Thank god there still is a digital divide, thank god I'm on this side of it.
"Share your knowledge. It's a way to achieve immortality." -- Dalai Lama
Is that code isn't speech and therefore isn't bound by the the first ammendment. However, source code is primairly meant to convey meaning to other programmers (otherwise still all be writing programs by flicking a row of switches up or down and hitting enter.) Claiming code is not speech is convienent from a legal standpoint since it lets you outlaw encryption and decss and other things you don't like, but code is demonstrably speech and a court will eventually acknowledge that.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Publishing it is a crime because a judge said it was. That's really all it takes. So, you got that one wrong.
Judges do not make law. At least they are not supposed to here in the US. Judges do not have the Constitutional authority to declare anything a crime. Their function is to take laws passed by legislators, compare them to the actions of individuals, and to attempt to decide if those laws are violated by those actions.
Unfortunately, we inherited from the British the concept of "Common Law", which in effect allows Judges to -make- laws because their rulings affect the rulings of other judges. In my opinion, this is a VERY BAD IDEA(tm). It in effect allows individual judges, who may or may not have had any clue about the subject they are ruling on, to unilaterally change laws. It's like having bunches of little emperors running around each making their own laws.
Ocassionally turf wars, called appeals, occur.
When will Windows be ready for the desktop?
It won't actually fit in your sig......but you could always paste it in your post.
2 ;$ t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])$t^ =(72,@z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if ((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$ h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$t&($d>>12^ $d>>4 ^
$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q>=8)+= $f+( ~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+ /g;eval
C'mon DMCA, I'm not scared.....
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=14
----------------------------
-----------------------
Moderator's essentials
...I totally for this idea. You would need to use a different key then then one used for DVD's, but nothing prevents you from changing you $HOME/.csskey ...
Opus: the Swiss army knife of audio codec
Not anymore :-)
Welcome to the age of Digital Content, where people are slaves to content-providers and huge impersonal companies. Where you you can't really buy or own anything, only a right to use on their terms. Where you don't really have anything to say about it, because common consumers are made redundant. The workforce taken for granted and unemployment coldly calculated to the decimal. Where new laws and authority is created by demand of higher economic growth, not by belief in the people. Where most of the citizens live in apathy and docility, because they have started to believe the false fantasies spouted out from Hollywood. This is the Age of Information as it was meant to be from the start; the stuff nightmares are made of.
- Steeltoe
http://www.debunkingskeptics.com/
won't the postscript version use a *lot* of paper?
Yeah! You go first... :-)
"I have never let my schooling interfere with my education." - Mark Twain
I agree with the original post that the size doesn't matter. The only thing that is proven by this program is that perl can be extremely terse and can do just about anything. I'm willing to bet that this algorithm could be expressed in a shorter way using a different language. To bring it to the point of absurdity, I could propose a new, hypothetical language, "DeCSS/C", where a standard library call called "d()" will decode a file. We could all stand back and say "Ha! One line of code to crack the encryption! Don't you feel silly now!", but really it says nothing, as we just have chosen a more efficient/simple tool for the job.
Sure, it hit the /. radar. I'll agree that it's novel as well. But I don't believe that it should be taken as a proof that the DeCSS matter is off-base.
Programming is not an art, it's probably reached the status of craft by now and we should be aspiring to give it the status of engineering.
The objective of an artist is to produce something that is aesthetically pleasing in some way. The objective of an engineer is to produce something that is functional. As a side effect, it may also have some aethetic qualities, but these should not get in the way of the function.
The above piece of code is a prime example. To me, it's as ugly as sin (speaking as somebody who has a lot of experience of fixing bugs in ther people's code), but the objective was not to produce something beautiful, but something that would decode a DVD in the smallest possible space.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Anyway, complexity of encoder/decoder has relatively little to do with cryptographic security, so the actual line-count or complexity of the algorithm doesn't really matter. As we all know, security by obscurity doesn't work, and double rot-13 encryption isn't better than single rot-13.
Perhaps the gov't could stretch the meaning of "produce" to include a copy being made of it, even though it was only in memory or for one's own use. Heck, they did that with copyright.
Follow the link for more info on the DMCA.
Just because it CAN be done, doesn't mean it should!
You contradict yourself. You say judges are not supposed to make law, and then, yourself, point out that we have "inherited" British common law that allows them to do so.
We did not "inherit" it accidentally. In fact, the founding fathers, and myself for that matter, considered the common law one of the major advances in the field of *justice.*
They are not called clerks, they are called *JUDGES.* It is their job to exercise *judgement* in specific cases before them in the public interest.
That is a GOOD thing and is core to the entire American philosophical system. It is, in fact, the legal philosophy that gave the founding fathers the idea that they had a RIGHT to declare independence.
If there were no common law and only code, as in the code Napoleon and other essentially fascist dictatorial forms of government and law, then America itself would be illegitamate.
KFG
Jon Johanson has suffered no penalty under Norwegian law.
KFG
THAT, of course, is the $64 dollar question.
It will take a ruling of the Supremes to answer it which is not likely to take place for years yet.
The MPAA, RIAA and the like are actually themselves not in any hurry to have the Supremes make such a ruling because it could invalidate entire provisions of the DMCA. They don't want that. Until such time as those provisions might be overthrown the DMCA still has the force of law, even though they may well be unconstitutional.
I wonder, what changes might occur in the American political and legal scene if legislators could be held liable for passing laws that were unconstitutional.
Surely one could make a reasoned argument that if the legislator BELIEVED it to be unconstitutional he/she/it had commited a violation of the civil rights of nearly every resident of the United States.
KFG
If you were in California or NYS at the time. . .
in a way. Technically what you did was become civilly liable.
Note that noone from 2600 went to jail, they were just ordered to cease and desist.
If they fail to cease and desist, THEN they would be criminals. . . for violating a court order, NOT for violating the DMCA.
KFG
Public/Private Key style encryption is a *type* of encryption that has the advantage of self authentication, but isn't the entire field of encryption.
Simple number substitution for letters, i.e. a=1, b=2, etc., is encryption.
KFG
Yeah, okay... so that's some accident, but "it could happen!"
----
PointlessGames.com -- Go waste some time.
MassMOG.com -- Visit the site; Use the word.
PointlessGames.com -- Go waste some time.
MassMOG.com -- Visit the site; Use the word.
...try reading Finnegan's Wake.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
I mean why should owning or publishing this source code be a crime? Owning a CD-Burner is legal and you can use that to break copyrights too. You can even use a pen to break copyrights. What should be illegal is using this program to decrypt DVD's and copy them. But then again i'm not a lawyer.
The point is that the DMCA is blatantly unconstitutional (as interpreted by the courts [so far]).
And that gives us hope that it will someday be overturned. But in the meantime great damage can be done.
Before I moved to WA, I lived in CA. It is the stated position of the CA attorney general's office that they support and prosecute all CA laws, even if a law is widely known to be unconstitutional and is expected to be overturned in court. In other words, it isn't the police's job to interpret laws. They enforce them, blindly, and let the courts sort out the mess later.
I would be surprised if other states acted otherwise, actually. And I would be surprised if a Federal law was treated any differently. The DCMA will do a hell of a lot of damage before it is fixed, and traces of it will probably linger on forever.
Saying the perl script is 7 lines long is inane, since line breaks in code are meaningless. In a compiled program, what matters is the object code size, and in an interpreted language, it's the size of the script in bytes.
Coming soon...the Linux kernel in one line of code...
I have both the "Got Decss" and the "Open DVDCCA" shirt from copyleft I also have a pic of me wearing the open dvd shirt at my website Just thought that would add a little reality to the above post. :)
The anti-salmon
Somebody should write one of those I-Love-You/Anna-Kournikova viruses to make sure that everyone in corporate America gets a copy of this...
at first glance i'd be damned if that wasn't a perl shopping cart app.
It will have to make the mainstream news first, of course. Although I suspect that their law trolls probably have folks who monitor places like this for breaking news(?)
"It is a greater offense to steal men's labor, than their clothes"
By using the self-decrypting technique the original author uses to compress all instances of 'pack', I believe I've been able to compress it by another 15-20 characters. I save over 40 characters, but the expansion is 20.
I'll post it to David Touretsky's site once I've tested it. (It's taking for ever to decode even a few K on my old machine).
FatPhil
--
Also FatPhil on SoylentNews, id 863
Yeah, sure, like speech...
I think that program should be also protected by te DMCA; After all, it's clearly encripted
Yes, but money is the reason movie companies exist in the first place. You don't really think Hollywood is about artistic fulfillment, do you? From their perspective, less is definitely less, unfortunately.
He who joyfully marches in rank and file has already earned my contempt. - "Big Al" Einstein
That's a fscking beautiful idea! I'll have to do this everywhere. $_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a= unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+8 4])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])>8^($f=($t=255 ) &($d
>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e)^$q *8^$q>=8 )+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/ x/pack+/g;eval
Lex orandi, lex credendi.
This is the cheese that the rat that the cat that the dog chased bit ate.
I have a positive modifier on Troll. When I mod someone Troll their karma should go UP!
MPAA vs the World? I don't think so. But maybe them the MPAA could sue Microsoft to get all those nasty little security 'features' fixed.
Just a thought.
The REAL jabber has the /. user id: 13196
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Redirection doesn't have to go at the end of the arg list.
Damn, 10 years of shell usage and I never knew that... I have been enlightened!
...I'll have to take down my website's link to Slashdot again, for fear of per^H^H^Hprosecution under DMCA.
Aha! So you're the bastard who stole my bold tags. Well, I demand that you return them at once!
Most real world applications, like SSL, actually use symmetric encryptions (same key on both end) for the actual data transfers, and not public/private key (asymmetric) encryptions. Thats because asymmetric encryption schemes are usually lot less efficient that their counterparts. So secure protocols usually only use the asymmetric methods to actually exchange the session keys, after that, the symmetric version is used for the actual transfer of data!
"The point is that the DMCA is blatantly unconstitutional (as interpreted by the courts [so far]). But the courts unconstituional interpretation doesn't mean that we have to sit back and pretend the king has clothes"
Exactly right. So far DeCSS has been ruled illegal by one mis-informed, conflicted federal "judge" who made the most extreme POSSIBLE interpretation of the DMCA. I'm of course talking about the infamous Kaplan. Kaplan in so ruling ignored prior "fair use" case law, and even those provisions in the DMCA itself! In making linking to DeCSS sites illegal, he extended the law far beyond it's reach as it was written.
There really is no logical basis for Kaplan's decision, until you look at whom he used to work for in the past, in a firm that REPRESENTED one of the plantiffs...
I'm sure that if Kaplan got a case about THIS code in front of him he'd rule the same way. But turning DeCSS from hundreds of lines of incomprehensible gibberish into a mere SEVEN lines of compact code will make the DMCA a lot harder to stand up to public scrutiny.
This could turn the debate from "respectable Hollywood vs those EVIL hackers" into what it should have been to begin with:
IS it the role of the Federal government to use the force of law, and the might and guns of the government to protect industry against their own incompetent "copy protection" schemes?
=== The price of freedom is eternal vigilance
"Before I moved to WA, I lived in CA. It is the stated position of the CA attorney general's office that they support and prosecute all CA laws, even if a law is widely known to be unconstitutional and is expected to be overturned in court."
If a law is Unconstitutional, it is therefore ILLEGAL. The Constitution is the highest law in the USA, and no statutory law is allowed to contradict it. I'd think that people who enforce laws should be held liable for eforcing illegal law.
All members of the Armed Forces are held personally liable for the orders they accept and carry out. If a soldier carrys out an illegal order, they are as liable as the superior who gave them that order.
Why shouldn't that principle be applied to all other parts of government?
=== The price of freedom is eternal vigilance
"Man, sorry, but I'm afraid that, comprehensibility-wise (I just made up that word, I think), 5 lines of perl is just as bad as 10 pages of c to the general, non-coding public. If you don't code, you don't code, and you won't understand"
You miss my point. It doesn't MATTER if Joe 6-pack can understand it, what matters is that this code is about the length of a single PARAGRAPH on a piece of paper...
It will be harder to demonize. In fact, even the general public might understand the implication of the loss of freedom the DMCA entails if the law has to be so pro-coorporation to protect the MPAA from that little paragraph.
It might make people think about what other paragraph size thoughts and ideas (and code IS the expression of thoughts and ideas) might be illegal that weren't before because of that law.
=== The price of freedom is eternal vigilance
I'm not sure that it would matter to the courts whether the source code to descramble CSS was composed of 7 lines or 700... What really matters is that the MPAA scrambled the content on their DVDs and this code circumvents that.
That's an interesting point - on what basis do you draw the line? You could say that "obviously" rot-13 wasn't a serious attempt to control access but if 7 lines of Perl can be considered a circumvention device, then what about 5 lines? Or 3? Or 1?
I share your scepticism about the outcoming of trying to challenge things on that basis, but you would think there has to be some kind of definition as to how how simple a circumvention device is allowed to be while remaining "effective" (or do they intend every case to be ratified by a court? Wait, don't answer that...).
Pre-DeCSS, if you'd proposed a circumvention device that could be bypassed in 7 lines of Perl, who would have taken it seriously?
-dair
...only if you've never used APL.
It doesn't even need to be copy protection, the DMCA talks about access control. CSS doesn't really provide copy protection, but it does do access control.
I didn't mean to say that I agreed with (or conceded to) MPAA's or Xing's (it was a Xing player, right?) shrinkwrap-license-prohibiting-reverse-engineering . I was just trying to point out that some other "agreeably" illegal activity must be engaged in before use of the perl script became actual circumvention of CSS.
Whether or not what was done to get Xing keys (which, if I recall correctly, is the only part of the "Trade Secret" argument MPAA is using) is illegal shouldn't (IMHO) affect the status of this script.
Correct me if I'm wrong, but wasn't the entire DeCSS system developed originally? That the only part that was "stolen" was the Xing master key, accidentally left unencrypted in the windows program? So MPAAs argument for trade secret theft only applies to the use of those Xing keys, right? Or could they argue that DeCSS could not have been developed without aid of those keys, and so it's a derivitave work, and so tainted by the theft of the secret?
And if so, at what point, after analysis, review, scholarly discussion, and seminars, does the CSS algorithm (and various ways to implement it) pass beyond any trade secret protection, again reducing DeCSS to a key availability issue?
Probably redundant, but CSS -does- use keys. Every licensed DVD player has a different key. Admittedly, the key length is short, so it could've been brute-forced, but the real trick was the Xing didn't encrypt (or even obfuscate) their CSS key in their DVD player software. That's what allowed DeCSS to be written in the first place. They key makes up most of the C code version, though, so I'm not sure how the Perl version gets away without using it (apparently...maybe it's buried in there somewhere). Anyway, it also has public keys, I think, in the form of what the DVD itself is encrypted with. The private player keys are the only things that can decrypt it properly. If indeed the perl version doesn't use the key, then that means it's obviously weaker than I suspected.
No, this is what happens when the space key stops working on your keyboard.
Like most americans you seem to be confused as to how the law works. The law does not work the same for everybody. The intent of the DMCA was to make more money for some corporations any other use of that law will not be held up in court.
The congress critter as well as any other corporation is not answerable to this or any other law only you are. Do you know why? It's because they have more money then you.
War is necrophilia.
Disclaimer: I'm the last person on earth that knows anything about encryption technologies, so I'm just gonna pose a few questions. Talk amongst yourselves, discuss...
/. before, but is CSS really encryption? It seems that it's more of just an encoding/compression scheme. There are no public/private keys envolved. The way that I understand encryption is that if I encrypted the phrase, "All your CSS are belong to us!" it would come out different every time depending on the keys used. This is what makes it private. CSS on the otherhand would just encode the phrase the same way, every time so that anyone's DVD player can decode it. So, I could use CSS to encode my homework and send it to my teacher if I wanted to. The teacher, or anyone intercepting that homework could use DeCSS or this script to unencode it assuming they knew how it was encoded in the first place. If I encrypted it, anyone that intercepted my homework, would have no way to decrypt it, and therefore, steal my answers. The teacher couldn't decrypt it either unless he had the key. Therefore, its not really encryption but more of just an encoding scheme, kind of like "zipping" a file with pkzip, winzip or gzip. Am I correct on this, or at least heading in the right direction?
Firstly, I'm sure this has been discussed on
If this is the case, then it seems like CSS is more of a standard practice thing, than a proprietary thing, and the MPAA should just give up. I'm sure that "zip" technology was at one time proprietary, now its pretty much standard. And, if I am correct, this really doesn't hold up to the DMCA, because its not encryption that I am trying to circumvent, rather, I am just decoding what I have rightfully purchased.
If this is the case, I have no problem with the MPAA going after the individuals that are illegally copying DVD's and selling them to their 31337 friends. However, just using the scripts and code to watch a movie on your Linux box is another story entirely, and I have no problem with that.
Thoughts, comments, bitching???
Typical usage should be /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
qrpff 153 2 8 105 225
I believe posters are recognized by their sig. So I made one.
How about a COBOL version - probably the longest DeCSS app yet.
I know very little (read: nothing) about Perl but it seems like this is basically compressing that long, ugly, awkward table of values that represents the magical mystery DVD key. Am I correct?
No, because those tables aren't really needed.
Most of the tables in css-auth.c are used to work out the title key from the disc key - with this script, you provide the title key on the command line.
The other tables in css-auth.c are used to reverse the order of bits in a byte - this can easily be accomplished by code instead.
Does my bum look big in this?
It definitely is.
I bow to the superior skill of the author of those 526 bytes. I've saved it even if I don't own a DVD reader (and I don't plan buying one), just to open up the file at times and contemplate it.
Maybe one day I'll see the light.
The script circumvents access controls, doesn't it? Isn't that what the DMCA makes illegal? This isn't rocket science, folks.
Next question.
So I sez to him, I ain't givin' you no damn three-fity.
Has anyone though of writting a virus that
takes a persons files and encodes them with
CSS? It would be extremely funny if some MPAA
lawyer found himself sitting in front of his
computer and a message pops up
"Dear user: Your files have been encrypted with CSS. You may trivially decrypt these files with DeCSS unless you live in the United States in which case the use of DeCss could cost you five years in jail and $150,000 file. Have a nice day."
This nonsense of trying to lock everything down and create laws that make viewing your product illegal is not good business. Sure it maintains profit margins for now, but long term will do nothing but cause damage.
Not to sound exceedingly paranoid here, but this is not so much about money as it is about fear of losing power and face.
Pride is causing this mess, not greed.
RFC2119
I will be appending this with a brief description to my emails. Here is what I had in mind.
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to have according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
Novel theory: Modern Man evolved from psychopath
Well.. I tried to paste the unobfuscated version, but unfortunately it is caught by the lameness filter here :(
:-)
Anyway, to unobfuscate it do this:
First paste the code into your favourite editor and change eval to print
Then save the file as decss.pl and execute this command in the shell:
perl decss.pl | perl -MO=Deparse
Now it's almost readable
--
- Trond Michelsen, mike@crusaders.no
I believe you can also be sued for debugging Perl code under the DMCA.
I'm not sure that it would matter to the courts whether the source code to descramble CSS was composed of 7 lines or 700, whether it was Perl or C or VB, compiled or binary. The judge probably wouldn't understand any of those details anyway. What really matters is that the MPAA scrambled the content on their DVDs and this code circumvents that. Just because you bought the disc, don't expect to use it in some way in which its owners don't approve. Unfotunately, if the judge could really understand the details of the case I think he would agree with the opinions expressed on Slashdot, so would just about any sensible person who doesn't have some vested intrest in the MPAA's revenue stream.
The reality is that once the lawyers use the word 'hacker' to describe the people who write code like this, throw in 'circumvent' a few times, and tell everyone that this program will cause their DVD prices to skyrocket, people's heads turn. The facts of the case get lost.
Anyway, this is a nice accomplishment. 7 lines of Perl that will descramble CSS. Sad that it constitutes a circumvention device, but maybe that will change.
On second thought, you should email professor Touretzky with this suggestion. He could encrypt one of his copyrighted works and place it on a page at the site and let people know that DeCSS is necessary for them to read his words. On the other hand, this emphasizes the functional aspect of DeCSS which is different from Touretzky's focus. It would allow him to sue (under the DMCA) anyone who trafficked in (or now I think it's even possesses) a circumvention device, such as the courts have determined DeCSS to be. He could sue himself! If he placed his words on a DVD and encrypted using CSS, could he sue the DVD makers for trafficking in a circumvention device -- a DVD player. He could license his DVD as not being allowed (under his authority as a copyright holder) to be used in any DVD player with built-in CSS decryption. Then the DVD makers would be violating the DMCA vis a vis Toretzky's authority as a copyright holder.
Things that actually help:
- OpenDVD - actually learn about the DMCA and the case against it.
- Electronic Frontier Foundation - donate to the actual court case
- US Congress - Hand write your representatives and inform them of your digust with this law
Don't get me wrong. Sig files are fun and using this tiny piece of code in every post might help, but this situation isn't going to get better unless we put some real work into it.-the Pedro Picasso
(sourceCode==freeSpeech)
--
--
(sourceCode == freeSpeech)
Has anyone ever published a CSS encoder? Then people could encode their documents/articles/emails etc with this and distribute DeCSS as the mechanism for accessing the information. This usage should not fall foul of DCMA as it is being distributed by the owner of of the copyright material (you) to enable access. MPAA did not patent CSS, so can they prevent anyone from using the algorithm to "protect" their own copyright material?
slashdot, for the command line at the end of the example.
Once you write brute-force wrapper around it to bludgeon out keys, or something to derive a title key from a disk key, utilizing secrets stolen by illegally reverse-engineering other stuff, then are you violating MPAA plans?
>8^(
I think that's a portrait of the people at the MPAA.
Let's have fun, ladies and gentlement!!
.sigs and use it everyday for every form of electronic communication: Slashdot postings, Usenet, email, you name it!!
We should all add this snippet of code to our
Then stand back and watch as lawyers for the DVD Association go crazy, trying to sue everyone! Even better than linking! =)
The DeCSS case will be won, not in the court, but over the Internet -- so fire up that editor today... ROFL
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Perl has got to be the only language where its actually more readable when compiled and then disassembled!
if it was a violation, I am sure posting the script on /. is as well. :) This will make for a much better "Got DeCSS" shirt, because it will actually all fit on the shirt.
The anti-salmon