Slashdot Mirror
DVD Jon's Code In Sony Rootkit?
An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."
The string is there because it's part of DVD Jon's code for stripping the DRM out of iTunes files, but yes - it's there all right. Matti Nikki points out the relevant offset in the article.
"I Know You Are But What Am I?"
Get it here.
I have to make sure everyone understands why this string is here. To be fair with Sony (or whoever they mandated), it is not an attempt from them to hide the code theft. Rather, it is an attempt by Apple to prevent not only code theft but also clean-room reimplementations.
Apple's encryption scheme includes the generation of a key. The important parts of this key come from the machine's unique hardware information. But to prevent (at least that's my only plausible explanation for it) people from reimplementing the scheme by using the same information, they also add this copyright string to the key generation. Reimplementing their protocol means the string has to be used.
We just store it ROT13'ed in VLC because it would be confusing to have an Apple copyright in our code. Although technically the string itself is created by Apple, it is too short to qualify for copyright.
God, root, what is difference ?
I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:
Here I thought this would only happen for "secure" workplaces. Sorta makes you feel sorry for SCO, they can't get anyone to even look at the crazy they're selling when Sony's got such a superior line of insane self-destructiveness.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Didya notice... the spin that - possibly - Sony has managed to put on the story
CNN Europe and other mainstream media providers carried it like this:
The trouble with the Sony software is that it makes your computer VULNERABLE TO VIRUSES.
The mainstream spin is that the Sony software just opens the door to the bad guys. The word "rootkit" is not offered.
It makes out as though Sony blundered and issued some insecure software, and how big a deal is that?
This story deserves to grow and become a defining moment, but there's a long way from the tech community to the mainstream media.
Now is the winter of our disco tent
He knows
You might care about PS3's DRM. Apperently Sony is trying to figure out a way to prevent used games from being played on it. And they are apparently working on preventing you from playing your games on any other system than your own (so you can't take your game to a friends place and play there). SCEA is just as scummy, greedy and paranoid as Sony Music is.
Sony stated that they did not intend to use the patent they filed on this for the PS3.
According to both LGPL and GPL the one you get the software from is the distributor. He is the one responsible for adhering to the licenses. He can of course sue his own software provider later, but for now it's Sony that distributed the programs.
If Sony is providing the source code for the programs and restates that the software is unter GPL (thus giving you the right to modify and distribute your modification), then everything is fine between Sony and you though.
There have been several similar cases in Europe about this, and in every case the GPL has been found valid, and the violation of the license has been considered healed, if the final distributor was able to get hold of the source code and distribute this one too under GPL.
Check GPL v2.0 section 4:
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
For Sony this means: They lost the right to distribute the Program, and they will be in violation of the GPL until they start to comply with the GPL themselves (e.g. distributing the source and allowing modifications and redistribution under GPL).
Product liability law is a bit different from standard negligence law. If liability can be attached, the law specifically allows claimants to recover damages from any part of the supply chain, not just the manufacturer or original supplier. I.e., even Best Buy could be held liable. This common law feature is called strict liability of torts, I think, and probably evolved to prevent passing of the buck.
Is the correct term.
Sure, you could redefine theft to include the lack of transfer of funds as may be required by the combination of law and license, or other definitions, but please don't.
The word theft is more useful when it refers to the act of reducing an owner's posession in order to increase someone else's.
When copying, you are merely increasing the posession of one, and not decreasing the posession of another.
Sure, you're violating what he demanded of you.
Sure, you're violating the law.
Sure, you're doing something many consider wrong.
But you're not stealing. Stop changing English in non-useful ways!
It indeed doesn't make much sense to include all these things there. Most likely, they just stole some bigger piece of code and got all the little features as an extra bonus. That'd be the most simple explanation, anyway, and it'd make sense too.
:)
These pieces are definitely not for identifying or disabling software, they're linked into the executables just like all other libraries normally are. There are execution paths throughout the thing. I was just able to find an execution path from a function that has a string "CDXCP3" to the DeDRMS code. I'd say this first one is XCP specific, although it'd take more research to find out how exactly the code uses this stuff.
Reverse engineering takes times, especially since I don't have access to latest and greatest commercial tools that exist for tasks like this. The only reason this stuff is staying unanalyzed is because the protection is used on a CDs that very few computer experts would ever buy. Or at least I wouldn't
-- Matti Nikki
I can confirm that there exists an execution path between XCP code and DeDRMS. However, navigating executables isn't like using road maps, so I have no idea under which conditions this execution path activates. It exists, however, which means the code really uses it directly or indirectly. Now it's up to the data flow to determine when it gets triggered, and analyzing that will take longer...
-- Matti Nikki