Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Windows Media Player Encryption Hacked

Posted by Zonk on from the he-sure-is-a-busy-fella dept.

NubKnacker writes "Here we go again. The Register has the story about the encryption in Windows Media Player being hacked by DVD Jon. From the article: 'Jon Lech Johansen has reverse engineered a proprietary algorithm, which is used to wrap Media Player NSC files and ostensibly protect them from hackers sniffing for the media's source IP address, port or stream format. He has also made a decoder available." This has been pending for some time now. Do you see a reason to install Windows/WMP just to be able to view a webcast?"

32 of 293 comments (clear)

  1. Why this happens by sdirrim · · Score: 3, Insightful

    You know, this only happens because Microsoft is the industry standard. Imagine a world where there are competitive OS and software markets, with no Internet Explorer phenomenon. You wouldn't get this, because developers would actually try to create secure programs. Instead, Microsoft takes programs that are more or less comparable, and incorporates them into it's products, thus killing any competition for that program! (Read: Excel and Lotus 1-2-3)

    --
    Not only "land of the free" but "land of the lawyers" who love a good old 1st amendment smackdown. Shihar 153932
    1. Re:Why this happens by Iphtashu+Fitz · · Score: 4, Insightful
      You know, this only happens because Microsoft is the industry standard


      Microsoft is the "industry standard" only because they are big & powerful & have the ability to force others to do things their way. Standards are based upon community support. What DVD Jon is doing is showing that there's little community support for Microsofts so-called "standards".

  2. nscdec.c by coolnicks · · Score: 5, Informative

    http://nanocrew.net/software/nscdec.c

    "VLC should have NSC support in the near future."

  3. Let the best player win! by RUFFyamahaRYDER · · Score: 3, Funny

    FTFA - "It's more likely that the purpose is to prevent competing media players from supporting the NSC format," he observed.

    Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!

    1. Re:Let the best player win! by ackthpt · · Score: 3, Insightful
      Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!

      Ok, maybe I'm just stupid ignorant, but I haven't found a way to record Windows Media streams to my HD to watch again later. Maybe it's there and I'm such a git I can't find it. But if it's not there, maybe one reason why is to prevent people from doing that very thing. Nothing like a proprietary format to ensure you only get to see what the provider wants you to see and when they want to make it available to you.

      --

      A feeling of having made the same mistake before: Deja Foobar
  4. Re:And out come the lawyers by ackthpt · · Score: 4, Insightful
    Thanks DVD Jon. Keep the interoperbility clause of the DMCA alive!

    What's he got anyway, a red phone to the EFF? I certainly admire what he's doing, but you know he's not just knocking on the door asking for trouble, but banging with both fists.

    i wonder if i can get this to fit on a t-shirt, like my DeCSS shirt...

    --

    A feeling of having made the same mistake before: Deja Foobar
  5. an added bonus!!! by jshaped · · Score: 5, Funny

    "Do you see a reason to install Windows/WMP just to be able to view a webcast?"

    Well sure!!!
    But I've already installed Windows for its lovely properties of stability, speed, and beauty.

  6. Re:Yeah! by Pyrowolf · · Score: 3, Insightful

    ... get a job from any reputable company, unfortunately. Someone as resourceful as Jon, if given an opportunity, could be priceless.

  7. Uh-oh!!! by Pig+Hogger · · Score: 3, Funny

    Expect some Louisiana military relief effort units to be redeployed soon to Norway, for a Search-and-Destroy operation aimed at Jon!!!

  8. Bring on the MS shills. by Lellor · · Score: 5, Insightful

    If Microsoft, the MPAA, and other corporations don't want their systems hacked, they must make sure that there is a way to play the content on alternative systems easily. Vendor lock in is not acceptable and the people have spoken. Linux (and other non-MS OS) users should not be forced to run Windows to play DVDs or ASFs or whatever. That is all.

    --
    Liberal Ontarians and French Quebecers are draining Western Canada's wealth. Stop them now! Support Western separatism.
  9. Cool but not super cool by Psionicist · · Score: 5, Informative
    What this does is simply to take one of those files with meta info about a stream and translate it to a human readable format. The meta file looks like this:

    [Address]
    Time To Live=0x00000002
    URL=023m000000001WQ01q07G0S00w02y 0Bm1Z06y0P01b06C0Sm0k06q0QG1Z0780Rm1p06y0PW
    1q02u 0Om1l06q0Bm1f07C0OG1m06a0Bm1j0700TG1m06S0SW1X06G0P G0k06G0R01i0000
    Player Version=020m000000000MD00k0300BW0n02u0Cm0u03K0C000 00
    NSC Format Version=029G0000000008Cm0k0300000
    Channel Version=0x00000083
    Name=026G000000000UKW1b06m0QG1 X06C0OG1p07G0KW1X06G0QG1l0000
    IP Address=02EG000000000KCW0p03C0BW0p02u0Cm0k0340000
    IP Port=0x00000457
    Delivery Mode=0x00000002

    The utility translates it to this:

    [Address]
    Time To Live=64
    URL= /media/files/Cisco.asx
    Name= Demonstration Content
    IP Address=169.254.10.1
    IP Port=22593

    So you can grab the stream without using the MS program and netstat.

    The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.
    1. Re:Cool but not super cool by Tackhead · · Score: 5, Insightful
      > So you can grab the stream without using the MS program and netstat.
      >
      > The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.

      Something like it would, however, make a damn nice Firefox plugin.

      It's grown particularly galling during the Katrina disaster - if you're a TV station, and you're putting up a 2-minute clip of a news article or interview that you broadcast a few hours ago, why in God's name are you making us re-download it every time we want to view it?

      Your servers are half melted down due to Slashdotting, your bandwidth costs are through the roof. If you must use a proprietary video format (seriously, if you're scared people won't be able to get the XVID codec, what's wrong with good old MPEG?), at least let us download the damn thing.

      You stream live content. You download static content. Is the difference that hard to understand? Or is it that news broa-buffering-dcasters hav-buffering-e a strange sexual fetish for buf-buffering-fering?

  10. Best known export! by firepacket · · Score: 5, Funny

    Article from theregister.com
    Norway's best known IT export, DVD Jon...

    Awsome. I didnt know they were exporting those. I wonder how high they tax. I want one.

    1. Re:Best known export! by billybob2001 · · Score: 5, Funny

      He's Region 2 only - is that ok with you?

    2. Re:Best known export! by WormholeFiend · · Score: 4, Funny

      Now I know what coffee jetting through the nose feels like.

  11. Imagination run wild... by Anonymous Coward · · Score: 4, Funny

    Girl in the wild west: "DVD Jon, you're my hero!"
    DVD Jon (disguised as the Lone Ranger): "Stay here, it's not over yet" (gets out revolver)

    Man, I need to stop watching TV...

  12. Windows.... by zappepcs · · Score: 4, Insightful

    Personally, if I have to load MS products to view, read, hear, or use something, then I will never view, read, hear, or use that data... period!

    If DVD John can crack it, then it wasn't secure in the first place. In my opinion, DVD-J is making the world more secure by showing people that their encryption sucks. Go John go...

    --
    Support NYCountryLawyer RIAA vs People
  13. Re:As soon as I can figure this out.. by Astrorunner · · Score: 3, Funny

    Linus: You know, before I answer any more questions there's something I wanted to say. Having received all your letters over the years, and I've spoken to many of you, and some of you have traveled... y'know... hundreds of miles to be here, I'd just like to say... GET A LIFE, will you people? I mean, for crying out loud, it's just an operating system! I mean, look at you, look at the way you're dressed! You've turned an enjoyable little job, that I did as a lark for a few years, into a COLOSSAL WASTE OF TIME!

    [ a crowd of shocked and dismayed slashdotters.... ]

    I mean, how old are you people? What have you done with yourselves?

    [ to CmdrTaco ] You, you must be almost 30... have you ever kissed a girl?

    [ CmdrTaco hangs his head ]

  14. Poor Linus by TubeSteak · · Score: 5, Funny
    /me puts on a flame suit

    Maybe Linus is just bitter cause he doesn't have a low UID

    --
    [Fuck Beta]
    o0t!
  15. Re:As soon as I can figure this out.. by ackthpt · · Score: 3, Insightful
    [ to CmdrTaco ] You, you must be almost 30... have you ever kissed a girl?

    Actually, I think he's the only one who has...

    --

    A feeling of having made the same mistake before: Deja Foobar
  16. Re:Is it really needed ? by firepacket · · Score: 4, Insightful

    What I understand from the article is that the actual video stream isn't protected; what's encrypted is the server/file location and (perhaps) a username/password.

    Is it really so ? Or have I missed something ?     This is exactly the case. And because the address and port are so easy to find through netstat, "It's more likely that the purpose is to prevent competing media players from supporting the NSC format,"

  17. What a shameful tabloid-press like headline by flowerp · · Score: 5, Insightful

    A correct headline would have been:

    Proprietary encoding of Media Player Broadcast definition files successfully reverse engineered.

    The problem is, no one really makes use of NSC files anyway. Most streaming media is still done as simulcast, not as multicast.

    --
    --- Eat my sig.
  18. Hire him by bahwi · · Score: 4, Interesting

    I think Microsoft should just hire DVD Jon and whoever else and have him write the algorithms and encryption. I know it's counterproductive, and I know he would probably oppose it, but throw enough money under there and most morals head out the door. DRM is coming, and if this guy is going to keep cracking them, you're gonna need someone better than him to write it, or get him so he'll be on their side.

    Ah well, until then, what's the next one for him to hack? Can't be too far off now.

  19. Re:Yeah! by lou2ser · · Score: 4, Informative

    According to his wikipedia page, he's currently 22 years old.

    http://en.wikipedia.org/wiki/Jon_Johansen

  20. Why do they even bother? by NetNinja · · Score: 3, Insightful

    I see the whole encryption scheme as a lesson in frustration.

    Why even bother when someone is able to defeat it in less than 24hours?

    The more you try to hold on to something the easier it is to let it slip away.

    Can someone out there please give a clear and succinct explanation to this whole encryption scheme?

  21. It's actually a good codec by m50d · · Score: 3, Informative

    That's why I'm willing to use it. Looks a bit blocky, but compresses incredibly well - I have a wmv music video that's smaller than an mp3 of the song in question. Also, I've found it the easiest of the main video formats (windows media, real, and quicktime - ogg theora and dirac just aren't ready for primetime yet) to get working in linux - just dump the dlls in the right format and both xine and mplayer can play them flawlessly, even as streams from websites (just install gxine or kaffeine). Real is harder, at least if you don't want to use their OSS-only official client, and quicktime is an absolute nightmare. So I'm all in favour of requiring windows media player to view videos, because the alternatives are worse.

    --
    I am trolling
  22. Windows Media by callipygian-showsyst · · Score: 4, Interesting
    Do you see a reason to install Windows/WMP just to be able to view a webcast?"

    No! I've installed Windows Media--including the Windows Media SDK, WMP10, and the Windows Media Encoder--because it's a great encoder and is included in the price of a windows system. I prefer the sound of WMA-encoded files to MP3s at the same bitrate. And there are at least 50 music players on the market, like my Samsung, that I can just plug in to Windows and sync with Windows Media Player! No need to install any software (unlike those stupid Creative folks with their virus!). Just plug it in and it works.

    --
    Best Buy can have you arrested
  23. Re:And out come the lawyers by ackthpt · · Score: 3, Funny
    Since he's already won one case, he's got some precident on his side. Now they just seem to be leaving him alone.

    Could be, but this is Microsoft he's now diddling with. Their approach could be either Open the Bucket o' Lawyers or Come up with a new Windows Media format, ecoding, etc.

    Some say as soon as someone figures out Microsoft's strategy, it will immediately be replaced by a new one even more confusing and inexplicable. Others say this has already happened.

    --

    A feeling of having made the same mistake before: Deja Foobar
  24. They created a monster by intnsred · · Score: 4, Interesting

    Thinking back to years ago when the corporate powers-that-be had a teenager arrested for merely figuring out CSS, I wonder if those corporate bureaucrats realize that they were creating a monster?

    I mean, if they had just left the kid alone, his curiousity might have waned and today he might be a stodgy coder writing finance apps.

    Instead, they pissed him off, highlighted the system's corruption and injustice, and created a monster.

  25. Re:And out come the lawyers by bobcat7677 · · Score: 5, Funny

    Bucket of Lawyers? I thought lawyers came in cans? Maybe it's a costco thing. Guess I need to get a costco card again...

  26. Re:And out come the lawyers by cbiltcliffe · · Score: 4, Insightful

    This guy used to live and have a "Pot store" in the city where I live.
    While I don't agree with his views on dope, I think it's absolute bullshit that he should be arrested and sent off to a foreign country for breaking laws in a country he doesn't even live in. Everybody else around here seems to think the same thing.
    If the US doesn't want people buying pot seeds over the internet, then make damn sure they're confiscated when they come across the border.
    When are people in the US going to start being arrested and shipped off to China for not bowing to the emperor, or something stupid like that. The US would be up in arms if someone were to try to impose Chinese law on US citizens living in the US, so why the FSCK should we impose US law on a Canadian living in Canada?!

    Sorry....I got more and more pissed off as I was typing that, which I'm sure you can see by the tone......

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  27. Re:And out come the lawyers by Shakrai · · Score: 3, Insightful

    Norway has a good, civilized and modern justice system that doesn't give corporations any more weight than regular Joe.

    Neither does the American justice system. If you have money you can hire good lawyers and generally make the process really painful for the other side -- but that doesn't have anything to do with being a corporation vs a human being. One individual with a ton of money can make your life a living hell via the legal system just as easily as a corporation can.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.