Slashdot Mirror

← Back to Stories (view on slashdot.org)

'DVD Jon' Breaks Google Video Lock

Posted by CmdrTaco on from the this-guy-cracks-me-up dept.

WillemdeMoor writes "Yahoo News runs a story on Jon Johansen, aka DVD Jon, cracking Google's in-browser video player. Addict3d.org has some more details, including links to Johansen's patch (Win32 executable) and Jon's blog entry at nanocrew.net."

11 of 384 comments (clear)

  1. whaaaaa? by Zone-MR · · Score: 5, Insightful

    "'DVD Jon' Breaks Google Video Lock

    Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

    The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers."

    ROFLMAO!?! Ahahahahaha :p ... Talk about a sensational news article :)

    Jon made a modification to an OPEN SOURCE media player, removing a trivial protection, and Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

    Awww, come on... I've made countless little mods to open-source apps in order to get them to behave the way I'd like. I've never gotten news coverage for adding "//" before an 'if(condition)' statment.

    1. Re:whaaaaa? by Momoru · · Score: 5, Insightful

      BAH!!! Yahoo News is not a News Agency, cripes it just grabs a feed from the freakin' AP and Reuters, I can't believe how many posts like yours have been modded up! Yahoo creates no more original news content then Google does, its just wire feeds...except in Yahoo's case they actually host the context. It doesn't even give precedence to stories based on their own politics, it shows stories in order of popularity, cripes.

  2. Yeeeeah by HyperChicken · · Score: 5, Insightful

    So, in other words, he modified the source code, which was being distributed. They didn't attempt to obfuscate that they didn't allow it from other hosts. They didn't entangle the code or anything. The code was wide open.

    In other words, big friggin deal. All you had to do was grep the code of an error message and a little snipping of the code. Any fool could have done it. Or even screw that, it was domain-based. Setup an HTTP server, modify your hosts file to alias "video.google.com" (or whatever the domain was) to 127.0.0.1, and you're done. Or just modify VLC to know the MIME type "application/x-google-vlc-plugin" and you can play your heart away.

    What "crack" will he do next? Take the VLC code to dump the file/stream you're playing, add it to Google's code, and create a Google Stream Ripper? Wow... how... amaz... ing. Or maybe add some awesome skins to the Google player? Yeah, that'd be great. Best part of all, he'll do it in 48 hours, while standing on his head, without sleeping, pizza, or coffee, and while playing the banjo!!!

    --
    Free of Flash! Free of Flash!
  3. It wasn't protected much, anyway by mgv · · Score: 4, Insightful

    From the article, the only protection was limiting the allowable sources to video.google.com and adding a new mime type.

    Not to undermine Jon, just noting why it took him 24 hours to break this - It was not designed to withstand much of an attack.

    Nontheless, most users won't patch, so it will work anyway.

    Michael

    --
    There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
  4. Hold Your Horses by taskforce · · Score: 5, Insightful

    Before everybody starts criticizing Jon... please remember that he's actually not publicising this as being a huge crack operation, it's the sites which are publicising his hack which are. He's just made a minor fix to a program, nowhere on his Blog does he say "OMGZ I HAX0R J00!" Infact he documents the exact way he did it to show that he didn't actually do anything complex.

    --
    My 3D Texturing Skinning work (under construction)
  5. Re:True Colors by mindstrm · · Score: 5, Insightful

    Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

    Do you really think google doens't understand open source?

  6. Not much of a hack RTFA by TheLoneCabbage · · Score: 5, Insightful

    all DVD Johny did was remove an if statement that checks is the URL is from google or not...

    the upshot is you get a VLC plugin that can read some propriatary MS formats (thanx to google paying the bill for those software royalties)

    it seems so easy that it's as if Google was just waiting for someone to come in and hack it.

    --
    I would rather be ashes than dust!
  7. "Do No Evil" by FreeUser · · Score: 4, Insightful

    Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

    Do you really think google doens't understand open source?

    I think you make a very good point. This is perhaps more of an example of Google "doing no evil", creating a tool that, by default, for most casual users, promotes their video feed, while at the same time using a good free software project that allows those who want to, to bypass this setting.

    If most people find the restriction onerous, they'll download a patched version (probably from websites that are also offering video). Social and market dynamics can take care of the rest. It seems a fairly reasonable position for Google to take ("we'll try this restriction, and if people really find it offensive, they'll modify the source and outcompete our offering, and we can write it off to experience and not try imposing these sorts of restrictions again. Either way, it probably won't affect our video feed business much.")

    I doubt very much it is incompetence--google has much of the best talent around--nor is it a lack of understanding opensource/free software on the part of google, as they've been active in the community for many years.

    --
    The Future of Human Evolution: Autonomy
  8. Re:Too many clicks and chunks there by Eccles · · Score: 4, Insightful

    A single ampersand will do a bitwise AND with 0 -- which is always 0 -- so you can actually do it with just two added characters.

    Does this make me a master hacker?

    --
    Ooh, a sarcasm detector. Oh, that's a real useful invention.
  9. Re:Gone too far? by dfghjk · · Score: 5, Insightful

    Who are "we all"? You think you're a member of some kind of team? Who's to say who's honorable and who are the good guys? This guy did something of interest to him and nothing more. His ideology is simply different than yours and, in his view, google did something sufficiently "evil" (in your words) to merit a response. He doesn't answer to you or to some imaginary "geek community".

  10. Re:goto considered harmful !!! by grumbel · · Score: 4, Insightful

    ### I'm disappointed by Google's use of the 'goto' keyword.

    While goto is often better avoided, a call like "goto error;" is among the perfectly valid uses of goto, since it actually can make code more clear and logical then code without goto. Such use of goto is really no different then exceptions in C++, simply a way to get to the place that handles the error conditions without having to painfully drag error-variables through the code.