Slashdot Mirror
Descrambling CSS w/ 7 Lines Of Perl A DMCA Violation?
Here's the script:
$_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a=unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9
,$_=(map{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t
^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271))
[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
A rewrite, using an extra five bytes (!) of perl code, caches a table, which apparently makes the program fast enough to decode a movie in realtime:
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
As Touretzky writes on his Gallery page, typical usage is just: cat /mnt/dvd/VOB_FILE_NAME | qrpff 153 2 8 105 225 | extract_mpeg2 | mpeg2dec -
Has anyone though of writting a virus that
takes a persons files and encodes them with
CSS? It would be extremely funny if some MPAA
lawyer found himself sitting in front of his
computer and a message pops up
"Dear user: Your files have been encrypted with CSS. You may trivially decrypt these files with DeCSS unless you live in the United States in which case the use of DeCss could cost you five years in jail and $150,000 file. Have a nice day."
CSS is a two-phase procedure - first being the player software (well, that's the DVD CCA's idea) authenticating to the drive (software passes player key to drive, verifies that player key is entitled to access the loaded disc's content), and then, the title keys are used to decrypt the individual streams on the disc.
Is it a crappy arrangement? You bet. The title keys are 40 bits, and the player keys are (iirc) 80 bits. This is not high encryption here. Once you get past the auth-with-drive part, the title keys are handed over anyway. But simply, yes, it is encryption - from what I've heard from cryptological experts, far from a well-designed system. But it more-or-less does what the DVD CCA intended.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
This nonsense of trying to lock everything down and create laws that make viewing your product illegal is not good business. Sure it maintains profit margins for now, but long term will do nothing but cause damage.
Not to sound exceedingly paranoid here, but this is not so much about money as it is about fear of losing power and face.
Pride is causing this mess, not greed.
RFC2119
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
xine and LiViD, AFAIK, do not include CSS decryption tools, and can only view unprotected DVDs out of the box. There are CSS patches, but they are in countries without a WIPO law.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
True; though it is an implementation of the WIPO copyright treaty (the one everybody was up in arms about a few years ago). The EU and Australia have already criminalised circumvention devices; other nations are in the process of doing so.
Maybe someone can persuade Gaddafi to set up a data haven in those bombproof bunkers he has. Given the MPAA's panic, disseminating DeCSS may be a better way of attacking the Great Satan America than using it as a chemical weapons plant.
I will be appending this with a brief description to my emails. Here is what I had in mind.
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to have according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
Novel theory: Modern Man evolved from psychopath
Well.. I tried to paste the unobfuscated version, but unfortunately it is caught by the lameness filter here :(
:-)
Anyway, to unobfuscate it do this:
First paste the code into your favourite editor and change eval to print
Then save the file as decss.pl and execute this command in the shell:
perl decss.pl | perl -MO=Deparse
Now it's almost readable
--
- Trond Michelsen, mike@crusaders.no
Publishing it is a crime because a judge said it was. That's really all it takes. So, you got that one wrong.
The other thing you got wrong is that *owning* it is NOT a crime! Noone, most particularly neither a judge nor the MPAA have ever suggested that possesion is a crime, and in fact the MPAA ONLY prosecuted those KNOWN to possess it for * distribution *, not possesion.
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
I've said this a thousand times already, and I'll keep saying it until people get it:
The ONLY thing that has been ruled to be illegal about DeCSS is its *distribution.*
*Possesion* of DeCSS is legal, it has been banned neither by a judge nor by the DMCA. If you have obtained a copy of DeCSS YOU are not in violation of the law, only your *source* is.
USE of DeCSS for viewing legally obtained DVD's is not illegal.
Any illegality of DeCSS, at the moment, applies strictly only to California and New York State. It is only in these states that courts that have ruled have any jurisdiction.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
KFG
I believe you can also be sued for debugging Perl code under the DMCA.
Useless use of cat!!
Using cat to present on stdin isn't useless! What if, after running your command line, you discovered you had to run it through your special frob script:
Now if you use < you have to hit up arrow, and do some retyping, cutting and pasting..but with cat you can hit up arrow, move to the right place, and type frob and a pipe!cat is your friend..
I'm not sure that it would matter to the courts whether the source code to descramble CSS was composed of 7 lines or 700, whether it was Perl or C or VB, compiled or binary. The judge probably wouldn't understand any of those details anyway. What really matters is that the MPAA scrambled the content on their DVDs and this code circumvents that. Just because you bought the disc, don't expect to use it in some way in which its owners don't approve. Unfotunately, if the judge could really understand the details of the case I think he would agree with the opinions expressed on Slashdot, so would just about any sensible person who doesn't have some vested intrest in the MPAA's revenue stream.
The reality is that once the lawyers use the word 'hacker' to describe the people who write code like this, throw in 'circumvent' a few times, and tell everyone that this program will cause their DVD prices to skyrocket, people's heads turn. The facts of the case get lost.
Anyway, this is a nice accomplishment. 7 lines of Perl that will descramble CSS. Sad that it constitutes a circumvention device, but maybe that will change.
On second thought, you should email professor Touretzky with this suggestion. He could encrypt one of his copyrighted works and place it on a page at the site and let people know that DeCSS is necessary for them to read his words. On the other hand, this emphasizes the functional aspect of DeCSS which is different from Touretzky's focus. It would allow him to sue (under the DMCA) anyone who trafficked in (or now I think it's even possesses) a circumvention device, such as the courts have determined DeCSS to be. He could sue himself! If he placed his words on a DVD and encrypted using CSS, could he sue the DVD makers for trafficking in a circumvention device -- a DVD player. He could license his DVD as not being allowed (under his authority as a copyright holder) to be used in any DVD player with built-in CSS decryption. Then the DVD makers would be violating the DMCA vis a vis Toretzky's authority as a copyright holder.
Things that actually help:
- OpenDVD - actually learn about the DMCA and the case against it.
- Electronic Frontier Foundation - donate to the actual court case
- US Congress - Hand write your representatives and inform them of your digust with this law
Don't get me wrong. Sig files are fun and using this tiny piece of code in every post might help, but this situation isn't going to get better unless we put some real work into it.-the Pedro Picasso
(sourceCode==freeSpeech)
--
--
(sourceCode == freeSpeech)
Has anyone ever published a CSS encoder? Then people could encode their documents/articles/emails etc with this and distribute DeCSS as the mechanism for accessing the information. This usage should not fall foul of DCMA as it is being distributed by the owner of of the copyright material (you) to enable access. MPAA did not patent CSS, so can they prevent anyone from using the algorithm to "protect" their own copyright material?
slashdot, for the command line at the end of the example.
Once you write brute-force wrapper around it to bludgeon out keys, or something to derive a title key from a disk key, utilizing secrets stolen by illegally reverse-engineering other stuff, then are you violating MPAA plans?
>8^(
I think that's a portrait of the people at the MPAA.
Let's have fun, ladies and gentlement!!
.sigs and use it everyday for every form of electronic communication: Slashdot postings, Usenet, email, you name it!!
We should all add this snippet of code to our
Then stand back and watch as lawyers for the DVD Association go crazy, trying to sue everyone! Even better than linking! =)
The DeCSS case will be won, not in the court, but over the Internet -- so fire up that editor today... ROFL
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Perl has got to be the only language where its actually more readable when compiled and then disassembled!
if it was a violation, I am sure posting the script on /. is as well. :) This will make for a much better "Got DeCSS" shirt, because it will actually all fit on the shirt.
The anti-salmon