Slashdot Mirror
DeCSS Reply Brief Posted
Thanks to Macki from 2600 who sent the DeCSS Reply Brief Filed on 2600. You can read it in all of the appropriate formats - the next hearing is May 1, at the 2nd Court of Appeals in NY.
← Back to Stories (view on slashdot.org)
Why do so many comments on Slashdot by people still show total misinformation and myth regarding DeCSS?
Multiple major posts on the silly descrabler perl script merely further this misinformation.
Or the uninformed post regarding prime numbers holding the descrambler.
Descramblers for CSS DVD video frames are practically worthless and unimportant and only a final small part of the challenge of extracting "protected" DVD media.
They area all related to wimpy little descramplblers that only work on pre-authorized (validated) DVD MPEG-2 scrambled keyframe blocks.
I am so mad about all this misinformation every month YEAR AFTER YEAR. Who gives a damn about various VOB decoders? They are mundane and hardly interesting nor even contraband knowledge!
The DeCSS lawsuits concern a 40 bit KEY. This KEY is the one licensed to XING as a master key. It is the one, of over 400, that is being killed on new DVDs as we speak.
It was ripped out of XingDVD VidSub Decoder, or its earlier incarnation.
It is what Jon Johansen was accused of stealing by using a WinICE shrouder, and posting on October 6, 1999. The DVD MPAA group (actually not MPAA but the DVD Copy Control Association or "DVD CCA") . Hilariously, due to legal foulups the DVD CCA was not a US group until dec 1999 and has no California, no USA jurisdiction. In fact it is really one extortionist bully at Toshiba Corporation until Dec 1999 (or July 1999 depending on who you believe) hiding behind a few other names listed as partners in the DVD FLLC alliance. The DVD CCA and MPAA are fighting over this one goddamned 40 bit key Jon Johansen distributed. Not the rest of the many many different cracks and decoders and descramblers.
Just these 40 bits.... nothing else you fools. The rest has little merit. Its not stolen object code, and certainly was not patented.
Most VOB descramblers, and MPEG-2 DeCss descrambler loops work on **VALIDATED** data files from VALIDATED devices with valid session keys. They sometimes use brute force kracking and and care less about session keys... but they all come from VALIDATED mounted media... and in Livid and other enabling players they all rely on the 40 bit stolen Xing key.
Validation is a 8 step process and just because Windows, Apple Mac OS, and Linux wipe your butt and usually have the DVD player code do it for you when you access a dvd ususally, does not mean that a solution exists.
The 8 steps are :
LU_SEND_ASF
INVALIDATE_AGID
LU_SEND_AGID
HOST_SEND_CHALLENGE
LU_SEND_KEY1
LU_SEND_CHALLENGE
HOST_SEND_KEY2
LU_SEND_TITLE_KEY
LU_SEND_RPC_STATE
You can read about it in the huge publicly available INF-8090 Specification (though it is buggy) [INF-8090 v3.6 1999 SFF Committee Information Specification for ATAPI DVD Devices 8090) section 4.7.2].
all this endless crap on Slashdot every month year after year is discussing what is done AFTER the 8 steps are completed! What idiots every single poster seems to be. Including the fools at Livid apparently, for never revealing more than one dvd key, the Xing key. There are no kracks until ALL DEVICE MASTER KEYS ARE DIVULGED!
True, there are divide and conquer crypto attacks mentioned in Oct 26th 199 at http://crypto.gq.nu/mail2.txt (Frank A. Stevenson), but frank did not provide any keys, and you NEED a key to mount and access a DVD. There is no HACK. There is no slashdot provided links or code. Its all just the Xing key 40 bit reliance, or reliance on Apple and Microsoft to do it for you.
You need a bus key and player key. The MPAA zeroes out the Xing master key on a special test CD (DVD ROBA buffer has a key wiped). If it fails, then they have proven the key is "stolen" in a player, if the test DVD works with other players using different player keys
Nobody at Livid, and nobody on slashdot, and nobody on the net HAVE EVER OFFERED another key!!! I have 600 keys, of which only 4 are relevant, but only have one goddamned bus validation key. ONE.
This crap you idiots keep talking about on slashdot is pure crap and you deserve to have to see that this little post is searchable in future archives but probably quickly forgotten despite the time of day of the entry. I post anonymously from cybercafes because thats what real hackers do, I don't give a rats ass about creating a slashdot account just to pretend to be non-anonymnous.
I don't care that moderators all seem to surf this dying LNUX site at +1 and will never mod this up past 0. The last time I posted this It was labelled a trol and never brought up past 0. I still don't care if you people never learn. I think its funny that the facts never seem to ever get out.
You can all just keep posting the same bullshit misinformation about DeCSS all you want to week after week.
All you slashdot linux losers are morons if you think that the old patent "US5917914: DVD data descrambler for host interface and MPEG interface being implemented in software" frightened the MPAA. This patent was released publicly on June 29, 1999 and does more damage to the weak "protection" of DVDs than a bunch of lame Perl-script obfuscation contests.
Ohh! impress me by encoding that patent into a Perl Script.
Wow thats so L337 and k00l and Hax0r! Wow a VOB decoder.
I Never see anyone ever talk about this issue, EVER. Not in any US court proceedings or filings. I have yet to study this newest one line by line yet.
Perhaps I am the only person than knows a damned thing about how DVDs are encoded and are validated. Maybe its because I actually did some damned hacking day and night in Sept 1999 instead of sitting on my ass speculating.
Sure I use 0xE2;0xA3;0x45;0x10;0xF4 (E2A34510F4) just like everyone else, despite the fact that I could use Microsoft or Apples keys that I refuse to share.
But E2A34510F4 (the Xing key) is dead and soon new DVDs will stop playing on Linux, and NOTHING you guys have posted here over the months will help because without the 8 step validation process, the laser head will not do a read of an encrypted DVD keyframe block.
I should not blame all you guys, the rest of the ENTIRE internet is also totally clueless.
I think I am the sole man on earth who understands that player keys and master keys are still pivotal.
Playing my DVDs on my home computers that do not seem to allow DVD playback in the OS is the only reason I care about this field. Livid is an honest and worthy cause, and despite the membership signal to noise, and the crappyness of their programming skills, Livid is worth defending. People have a freedom of speech in some parts of the world and the freedom to express themselves with source code, especially if transcribed into human readable prose for amusement. This is not an exploit nor a Krack, this is about being able to watch the movies you own on DVD on the video equipment you own from the DVD player you own. I have no interest in copyright violation at all.
If people want my list of other 400 comaptible 40 bit player keys (not a device master key, just player keys) I could post them here if enough people want them. You merely run a tool that brute force deduces them all from a conquer standpoint. Of the >400 only 4 seem to be universally perfect on all media.
But the lack of other non Zing Keys merely fuels the lawsuits and endangers all the LINUX DVD authorizers when the media changes.
The lack also fules most of the ignorant posts by poeple impressed by brute force descramblers or standard descramblers.
gabest_CRAPCRAP@freemail.hu_CRAPCRAP
http://www.copyleft.net/item.phtml?dynamic=1&refer er=%2Findex.phtml&page=product_1174_front.phtml
r er=%2Findex.phtml&page=product_271_front.phtml
http://www.copyleft.net/item.phtml?dynamic=1&refe
http://theotherside.com/dvd/
Because ANYBODY can write like this. Lawyers as a group(1) seem to like unnecessarily complicated laws and strange ways of wording things so that it's necessary to pay them piles of money to keep from getting flung in jail and/or bankrupted by silly lawsuits. In addition, I think the jargon adds to their mystique, and therefore their perceived value. (Would you feel a surgeon was worth the money if he/she said "One of your blood vessels in your heart was clogged up, so we whacked open your chest and wired in a new one"? Of course not...that's why they say "Myocardial infarction necessitated coronary bypass surgery" instead...)(2)
(1 - I say "as a group" because I know a number of individual lawyers, and none of them strike me as the type to encourage this sort of thing, at least not intentionally.)
2 - I am not a [real] doctor, and certainly not a real MEDICAL doctor and therefore may have my jargon mixed up, but you get the idea...)
---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"
Hacker Public Radio is our Friend
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
But because of the broad definition of "DeCSS" being used by the court, it includes the Open Source DVD player from LiViD as well as various perl implemetations and oprime numbers flaoting around the net these days.
DeCSS, even as a Windows program, is important because it is a proof of concept. It tells the reader how to read encrypted DVDs.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
The cryptography has been done to brute force all of the keys. I have no doubt that Frank Stevenson, for example, knows all of the keys as do many other people.
In fact, you don't even need a player key to get the title key. The player key unlocks the title key area so that you can use an IOCTL to read the title key. But the title key itself can be found by analysing the encrypted portions of the VOBs. The player keys aren't even needed anymore.
The keys are not the issue. The New York case isn't about distributing a key, it's about distributing the software that unencrypts a VOB so that it can be played on an Open Source player.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Jon Johansen's testimony and depostition was never contested during the 2600 trial. Say what you will but the reasoning he gave for why MORE did the RE the way they did was reasonable and despite the way Kaplan portrays the testimony I find no reason to think Jon perjured himself.
As for what you consider to be /. crap I suggest you read Kaplan's ruling. He uses the term DeCSS to cover a lot more than just the original code made by MORE. Oh, and there are over 400 of those 40 "bit thingies" on a DVD. MORE, after getting the Xing key, were able to RE over half of the keys before finally getting bored with it. They included only the Xing key in the original DeCSS program by choice. The newer programs out use other keys.
I'd be surprised if someone hasn't RE all of the CSS keys by now. Also what is nice about the perl code is you can use any key.
OMS, Livid's DVD player software, doesn't use DeCSS though you can add it in. And, iirc, it doesn't use the Xing key.
Your validation sentence doesn't make any sense. And I still haven't seen that closed sourced DVD player software available for purchase yet so afaic it might as well not exist and the only available linux player is closed source and the only way to watch CSS protected DVDs is to use DeCSS. And what solution are you talking about anyway?
This rant has some things right but for the most part has too much wrong and the rest incoherent.
I don't want knowledge. I want certainty. - Law, David Bowie
(now THAT's going to annoy some who are less than thrilled with anyone who disagrees with them.)
Open and fairmindedness is a dimension that's orthagonal to left-right politics. Let me clue you in: narrow minded people don't experience themselves narrow minded -- quite the contrary. In their own minds their personal viewpoint is so broad it encompasses the universe in its entirety.
As a bona fide liberal, I'm not annoyed that you disagree with me, just that you characterize me as being necessarily narrow minded because I disagree with you. Actually, I should be thrilled that somebody who disagrees with me does it so clumsily. (By the way, I support a ninth amendment based right to bear arms -- just as I support a right to privacy based on the same... so there).
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Actually, it's more a matter of when they stopped using latin exclusvely. Law has been around for many years, some of the principles of US law go back to, IIRC, the Roman Empire. Much of US law is derived from the English Common Law. The words in the brief have very specific meanings, unlike the words in English as it is commonly spoken, which can have multiple meanings. That specificity is required , else all laws could be overly broad.
Best Slashdot Co
IIRC, it went something like this....
DECSS was written on windows because at that stage there was no UDF Filesystem support in Linux, so the disk file had to be read & decoded on windows. The user could then reboot into linux to watch the movie from the hard drive. That was the only way to watch the movie in linux.
Once UDF was supported in linux this was no longer needed, and it could be done directly under linux.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
19 Q. Who wrote DeCSS?
20 A. I and two other people wrote DeCSS.
21 Q. How did this come about?
22 A. In September, October, 1999 I met a person on the Internet
23 and he was also a Linux user. We decided to investigate and
24 find out how we could make a DVD player for Linux. You'll make a fine federal judge someday.
I don't need large brains to have a good time.
Is it just me, or does anyone understand this legaleeze? At what point did lawyers stop using the English language?
Someone you trust is one of us.
How did this get modded up ? DVD Video is absolutely MPEG! There is no fucking chance that DVDs are storing uncompressed video!
Come the fuck on. Consider a 512 x 384 pixel screen, at _256_ colors (1 byte/pixel).
Consider 12 frames per second (24 interlaced fields/sec). Consider a 1 hour movie (3600 seconds).
What do we get:
512 x 384 x 12 x 3600 = 8,493,465,600 bytes
Now. DVD has better resolution, more than 256 colors, i think it stores full frames, and most DVDs are longer than 1 hour. the 8GB number is already big enough to need a dual sided or dual layer DVD... and has no audio, no menu, no extra features, no extra audio tracks. So how the _fuck_ do you think DVD is uncompressed video ?
My Pioneer DVD player gives me the MPEG bitrate of the movie im watching. Dont tell me its uncompressed video.
My opinions are my own, and do not necessarily represent those of my employer.
It wasn't the drivers. It was suport for the file system that is used on DVDs. Linux did not have support for the filesystem at the time so it was developed on Windows to see if it would indeed work.
Quite simply, what DeCSS does is read and de-encrypt the raw MPEG-2 data off of a DVD. From there, it is pretty straightforward to decode the MPEG-2 and re-encode at a lower bitrate using DivX -- and then it's the whole napster nightmare for the MPAA.
No, the sound and video is not in MPEG-2 format. It is in a raw uncompressed format. Remember that while MPEG is good compression there is a price to pay. The color is not as distinct and the images are not as clear. Not too noticable but there is a trade off to be made. Plus even with DivX, the resulting file is still around 650MB. That is not very small. Even with broad band that takes a while to download. Most people don't want to bother saturating their connection for that long. There are some but not many.
MPAA != DVDCCA. Yes, the DVDCCA is concerned that their monopoly on DVD players is in jeopardy because of the release of the key. But that is entirely separate from DeCSS, a **Windows program** to decode DVDs.
Well then what about css-auth, the Linux version of DeCSS which some of the code is used by the LiViD for playing of DVDs? I think the intent was to allow projects like LiViD to show up. Decrepting the VOBs(the files that on the DVD that contain the raw video and audio) was needed to be done before a player could be made. I followed the events of the different groups trying to break the encryption for a long time. DeCSS came on the scene and it was instantly seen as a way to play DVDs.
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
CSS is, prima facia, software designed to circumvent access controls (my hardware/software reading the disk I purchased) intended to permit me legal access to the DVD.
Why hasn't anyone filed a suit with that counterclaim? It seems like a fantastic class-action opportunity.
You can read it in all of the appropriate formats
.VOB?
Can we read it in
- qrpff: the famous perl implementation on a shirt. This is by far the best DeCSS shirt I have seen. Check it out.
- OpenDVD: Pretty cool shirt.
- Got DeCSS: Still one of my favorites. Only available in forest green for some reason. I own one, its a nice green.
Pick up a shirt, wear it and educate those around you. But remember, first educate yourself at OpenDVD.org.-- null
If 2600's move is accepted and the case is dropped, the DMCA gets the equivelent of a big hole drilled through it. And the chances of the MPAA/RIAA getting another law passed similar to this are about as good as some left-over piece of Mir slamming into the Taco Bell pad tommorow. Basically, it will become legal to circumvent encryption (if you take the right steps, such as getting somebody from Germany to send it to you or something).
OTOH, if it doesn't fly and 2600 is "convicted", then the precedence becomes that are own laws take precedence over treaties. Now that's a heavy precedent - and one I bet the judge doesn't want to make...
I can't be karma whoring - I've already hit 50!
SIG: HUP
I'm sure you guys can think of more...
--The space between my ears was intentionally left blank--
On the one hand, you've got the MPAA claiming to have the sole legal license that every DVD player must agree to. A license which mandates "region pricing." Moreover, they claim that CSS is a "trade secret" even though their own lawyers leaked the source code in public records, plus it's available on thousands of websites worldwide.
No one goes after these guys for monopolistic trade practices.
Then, you've got this 16 year old kid arrested for trying to play DVD's on his linux box, and 2600 sued for linking to him.
I keep waiting for the evil Kirk to burst into the courtroom, zap the jury and cackle hysterically...
Also, Kudos to the foreign activists who post the code on their webpages. Thank you. Things are pretty messed up over here in the States...
When in doubt, have a man come through a door with a gun in his hand.
DeCSS is code, and there is a strong argument, as well as a federal court ruling, which says that source code is speech, so the analogy fails on its face.
moreover, the case against 2600 is not that they wrote the code, but that they linked to a cite where the code was posted, so a better (but still wrong) analogy would be to arrest someone for giving them directions to where a gunshop might be found.
..but even if that analogy held, things like the anarchist's cookbook are legal publications. The Progressive even published instructions on making a hydrogen bomb and was allowed to publish this on the grounds of freedom of speech -- the ruling is still wrong(and stupid).
finally, DeCSS does not enable copying -- you can copy bit-for-bit just fine, and then press unauthorized DVD's which will play on authorized DVD players; this is happening on a mass scale in China and other foreign countries.
What DeCSS does do is allow a person/company to manufacture a DVD player without being under the thumb of the MPAA. This means that
1) MPAA can't make a buck in "license fees" on every DVD player sold.
2) it cannot control how the movie is watched -- i.e. whether you have to sit through "previews"/commercials or fast-forward through them, and
3) whether they can control price/availability. i.e. -- charge more/release sooner in the richer countries and charge less/release later in the 3rd world (via "region coding"). Also, in those countries with weaker anti-trust laws, they could conceivably license only *one* manufacturer of DVD's who would be their distributor. Then they would control the price, since if those guys didn't play ball, they'd lose their license.
It's not about preventing copying -- the "encrypting" is so trivial it can be broken by a brute force attack in seconds on average hardware. It's a technical application of an industry-written copyright law to control a hardware market.
Sorry, but this is just not an appropriate metaphor for the pro-gun crowd to hang their from.
When in doubt, have a man come through a door with a gun in his hand.