'DVD Jon' Breaks Google Video Lock

WillemdeMoor writes "Yahoo News runs a story on Jon Johansen, aka DVD Jon, cracking Google's in-browser video player. Addict3d.org has some more details, including links to Johansen's patch (Win32 executable) and Jon's blog entry at nanocrew.net."

whaaaaa?

[Zone-MR]

"'DVD Jon' Breaks Google Video Lock

Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers."

ROFLMAO!?! Ahahahahaha :p ... Talk about a sensational news article :)

Jon made a modification to an OPEN SOURCE media player, removing a trivial protection, and Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

Awww, come on... I've made countless little mods to open-source apps in order to get them to behave the way I'd like. I've never gotten news coverage for adding "//" before an 'if(condition)' statment.

Re:whaaaaa?

[Sketch]

> Jon made a modification to an OPEN SOURCE media player, removing a trivial protection, and Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

Another potentially interesting way of putting this: Yahoo posts a news story about their biggest competitor's protection mechanism being broken less than 24 hours after release.

Hmm...

Re:whaaaaa?

[Momoru]

BAH!!! Yahoo News is not a News Agency, cripes it just grabs a feed from the freakin' AP and Reuters, I can't believe how many posts like yours have been modded up! Yahoo creates no more original news content then Google does, its just wire feeds...except in Yahoo's case they actually host the context. It doesn't even give precedence to stories based on their own politics, it shows stories in order of popularity, cripes.

Re:whaaaaa?

[Momoru]

I don't see any indication that Yahoo News is automatically pulled from major sites in the same manner that Google is.

Well that's because its not. Google does not pay for AP/Reuters/Knight Ridder, etc... syndication, so Google can not publish the content of news stories on their own web pages, instead they just have a bunch of news web sites they scan the content for and link. Yahoo gets it's news in the same way as the Washington Post or your local news, but instead of rewriting it, it just post the raw news feeds. This way it can directly get advertising money on the news pages themselves.

Do you have any evidence that a human being is not involved in the story selection/ranking process or that there is no way that Yahoo News could modify as necessary?

No, though I have no evidence that Google does this either besides their "word". I would only say that if you look at the Yahoo news homepage, and the AP homepage, the stories are in the exact same order, so I am guessing that the AP gives them the importance of each news article, after all there are thousands a day, individual people can't be sorting through them. And finally Yahoo hasn't given any special high ranking to the Google hack story, it is buried down in the Tech section and is only the 4th one listed.

Re:whaaaaa?

[danila]

You are right that Yahoo and other media companies are trying to manipulate you. You are wrong about the goal of manipulation, though. They don't want to make you believe that Google has problems, they want to divert your attention from zillions of real issues in the world by regularly posting sensationalist drivel. You (and thousands of others) treat this story as if it was important. Yet, I can easily name 100 world issues that are singificantly (that is at least an order of mangnitude) more important to you than whether Google Video player is patched or not.

As far as Yahoo!'s real goals are concerned, they achieved them completely.

Re:whaaaaa?

[tqft]

" What do standards matter on code that makes no difference to the resulting program, and that no-one needs to read?"

These are known as famous last words.

Yeeeeah

[HyperChicken]

So, in other words, he modified the source code, which was being distributed. They didn't attempt to obfuscate that they didn't allow it from other hosts. They didn't entangle the code or anything. The code was wide open.

In other words, big friggin deal. All you had to do was grep the code of an error message and a little snipping of the code. Any fool could have done it. Or even screw that, it was domain-based. Setup an HTTP server, modify your hosts file to alias "video.google.com" (or whatever the domain was) to 127.0.0.1, and you're done. Or just modify VLC to know the MIME type "application/x-google-vlc-plugin" and you can play your heart away.

What "crack" will he do next? Take the VLC code to dump the file/stream you're playing, add it to Google's code, and create a Google Stream Ripper? Wow... how... amaz... ing. Or maybe add some awesome skins to the Google player? Yeah, that'd be great. Best part of all, he'll do it in 48 hours, while standing on his head, without sleeping, pizza, or coffee, and while playing the banjo!!!

It wasn't protected much, anyway

[mgv]

From the article, the only protection was limiting the allowable sources to video.google.com and adding a new mime type.

Not to undermine Jon, just noting why it took him 24 hours to break this - It was not designed to withstand much of an attack.

Nontheless, most users won't patch, so it will work anyway.

Michael

Hold Your Horses

[taskforce]

Before everybody starts criticizing Jon... please remember that he's actually not publicising this as being a huge crack operation, it's the sites which are publicising his hack which are. He's just made a minor fix to a program, nowhere on his Blog does he say "OMGZ I HAX0R J00!" Infact he documents the exact way he did it to show that he didn't actually do anything complex.

Re:Hold Your Horses

[imr]

why on earth do you need the .NET runtime in order to patch an app?

Re:True Colors

[mindstrm]

Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

Do you really think google doens't understand open source?

Escape the tyranny that is Google!

[BandwidthHog]

Of course, you'll need to be locked into .NET to do so.

Yay.

Uhh, good sir, could you please put the shackles back on? My ankles are getting cold. Thank you.

Of course...

[Dunkirk]

Of course Yahoo News is running an article on how something Google made got hacked.

Not much of a hack RTFA

[TheLoneCabbage]

all DVD Johny did was remove an if statement that checks is the URL is from google or not...

the upshot is you get a VLC plugin that can read some propriatary MS formats (thanx to google paying the bill for those software royalties)

it seems so easy that it's as if Google was just waiting for someone to come in and hack it.

"Do No Evil"

[FreeUser]

Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

Do you really think google doens't understand open source?

I think you make a very good point. This is perhaps more of an example of Google "doing no evil", creating a tool that, by default, for most casual users, promotes their video feed, while at the same time using a good free software project that allows those who want to, to bypass this setting.

If most people find the restriction onerous, they'll download a patched version (probably from websites that are also offering video). Social and market dynamics can take care of the rest. It seems a fairly reasonable position for Google to take ("we'll try this restriction, and if people really find it offensive, they'll modify the source and outcompete our offering, and we can write it off to experience and not try imposing these sorts of restrictions again. Either way, it probably won't affect our video feed business much.")

I doubt very much it is incompetence--google has much of the best talent around--nor is it a lack of understanding opensource/free software on the part of google, as they've been active in the community for many years.

Re:You can skip the articles, not much content

[TheViciousOverWind]

According to this,

+ const char* allowed_host = \"video.google.com\";
+ char * host_found = strstr(p_sys->url.psz_host, allowed_host);

Wouldn't it be possible to have a subdomain structure like:
video.google.com.whateverdomain.com
And then be able to use Google Video on your own site, without applying the patch at all?

Re:Too many clicks and chunks there

depends on the native indenting style

if the code was

if ( conditional )
{
do();
some();
stuff();
}

then a slash slash could be used to activate the code every time

//if ( conditional )
{
do();
some();
stuff();
}

Re:Too many clicks and chunks there

[Eccles]

A single ampersand will do a bitwise AND with 0 -- which is always 0 -- so you can actually do it with just two added characters.

Does this make me a master hacker?

Re:Gone too far?

[dfghjk]

Who are "we all"? You think you're a member of some kind of team? Who's to say who's honorable and who are the good guys? This guy did something of interest to him and nothing more. His ideology is simply different than yours and, in his view, google did something sufficiently "evil" (in your words) to merit a response. He doesn't answer to you or to some imaginary "geek community".

Re:goto considered harmful !!!

[grumbel]

### I'm disappointed by Google's use of the 'goto' keyword.

While goto is often better avoided, a call like "goto error;" is among the perfectly valid uses of goto, since it actually can make code more clear and logical then code without goto. Such use of goto is really no different then exceptions in C++, simply a way to get to the place that handles the error conditions without having to painfully drag error-variables through the code.

Re:Too many clicks and chunks there

[CaseyB]

I haven't got a C compiler in front of me, I think this would work. (1 character):

if(conditional); {
do();
some();
stuff();
}

Re:You can skip the articles, not much content

[dmoore]

No. Read the second clause of the IF statement.

Re:goto considered harmful !!!

No, I've seen those people. They are on ego trips. They think they know everything about everything and because they saw someone mention that "goto is evil" on teh Intarweb they think no one should use it. They are morans.

goto is an extremely useful tool. It shouldn't be abused but is useful nonetheless (exception handling in plain C code is one example).

Re:Interesting to see....

[Momoru]

Chris, are you making that statement as a representative of Google? If so you might want to be careful given what happened to Mark Jen. I'm sure you as the Open Source director agree with this hack, but perhaps the people in the Google Video dept that planned on making some money with this idea don't quite feel the same way?

Re:goto considered harmful !!!

[bgbarcus]

> Such use of goto is really no different then
> exceptions in C++
>
Using goto is a great way to create memory leaks. C++ exceptions guarantee that all objects going out of scope have their destructors invoked to allow resource deallocation.