Slashdot Mirror
LinuxDVD CSS Decrypt - Source Available
Kazparr writes "This source code was posted earlier today at Livid.
Derek Fawcus confirms that this is his decryption routine for the DVD css encoding scheme.
Hopefully, LinuxDVD is one step closer. " So, now we've got some source - but how many of the keys do it actually have in there?
But what's up with DVD? I know that the MPEG2 video compression/decompression is patented, so there are troubles with that, but what is the reasoning behind encryption? Is it to prevent piracy, or to disallow distribution in certain areas or what? I haven't followed DVD, so I'm not sure *what* the hell the whole story is... can somebody explain what exactly is involved in getting a DVD to play?
SSI -- there is the traditional copy protection in DVD that is also found in video tape, as well as region codes, and this CSS encryption. I have looked in the FAQ, but using anemic as a word to describe it would be giving too much credit.
What are the issues with liViD?
--
E2 IN2 IE?
Um, I didn't check inside the encoded data, but I did see that the sender was nobody@replay.com, which sounds kind of anonymous to me. If this is "leaked" code, would it be legal to use it in further work? It might not have a license, or it might be something unreleased, and proprietary.
main(O){10<putchar(4^--O?77-(15&5128 >>4*O):10)&&main(2+O);}
If you read through the archives (I'm on the list) you'll see that the code posted is actually the code to DeCSS - a winblows app. But it contains code written by someone else (also on the list), and it was GPL'ed - that code was originally assembler and then turned into C (the assembler was reverse engineered). The legality is a biggy - but the current feeling is now that its out there, its going to take a fair bit to stop it now. Stay tuned.
you cant copy a commercial DVD video with a dvd-RAM or a dvd-RW. last i checked, the industrial strength dvd production units are the only things capable of this. they cost arround $15k
The consideration that using crypto, and patented crypto, at that, permits constructing protocols similar to Circuit City's (now cancelled) DIVX scheme is gravy...
Of course, I stand more in the pedantic camp that prefer to use words in the ways they were designed. Thomas Bushnell wrote it well:
In short, it seems to me that the SPA has "hijacked" (hee, hee) the use of the word piracy in much the same way that the term hacker gets used and abused in the media.
If you're not part of the solution, you're part of the precipitate.
CSS is designed to stop the everyday joe from making copies of discs. The authentication (or disc locking) is what really accomplishes that. The data encryption is a second part of CSS as a whole, and it is meant to prevent raw data copying after the disc has been unlocked (since the VOB data is supposed to be always encryped when travelling over an unsecured bus).
As to making copies with DVD-RAM, not possible unless you have the CSS decryption schemes as part of the DVD-RAM burning software. While you could technically unlock the drive with an external program (to the dvd-ram burning software) and then make a copy of the encrypted data, byte for byte, you still will not be able to copy the disc or title keys without involving special drive commands and CSS authentication in the dvd burning software. Of course, now that the authentication and decryption code is public (and the disc key's likely to be brute forced in a short time with the code), it will be relatively easy to write a program that burns unencrypted copies of the discs to dvd-ram.
These routines were obviously ripped from a windows based DVD player. CSSAuth.cpp is the interesting file, for it contains the actual CSS key tables.
IIRC, there is still floating out there one key that is player specific - in other words, the key is different for each type of DVD model player. I think it's just simple lock/unlock routine however, and it should be easily hacked.
CSS was the major road block before, but not anymore. I guess all they need now is someone to leak the Dolby surround specs.
Of course, this is probably all very highly illegal, and just by downloading the code I could be in trouble. I think I will delete my copy now...
Yes this is the encryption that hides the raw mpeg-2 data (as well as AC-3 and subpicture and some navigation information).
This is not the only form of copy protection involved in DVD playback, in general, there is also regional management (although that is not a real problem now that the css code is available).
A standard mpeg player will play the data once decrypted, but some discs will be hard to watch due to the use of different camera angles and some other dvd specific features. Not to mention all the navigational features will not be available (interactive menus, playback navigational data, etc).
The only thing really preventing full playback is not having a public IFO file format spec and some of the dvd specific VOB stream fetures are still relatively unknown publicly (the features are known, how they are implemented isn't). Reverse engingeering those two things will be difficult. Much more difficult than CSS was. Even if someone tries to simply disassemble some working player it will be difficult due to how dense the information provided in the IFO files is and the ways it is used in the player. IT can be done though and I'm sure it will be done, just don't expect it all that soon.
The way i see it, there are three types of people who are going to be pirating DVDS, and none of them are going to be stopped by the current "security" methods.
Random people at home who rent DVDs from a store and make copies. Of course, things will be much more difficult for these people than the days of the late 80s (where you could just go to Randalls, rent a tape and a VCR, and copy off the rented VCR onto your home VCR..). But things won't be more difficult for these people because of CSS encryption; things will be more difficult because of the fact DVDs aren't easily writable. Of course, if these people are willing to settle for second-rate quality, the option of borrowing a VCR and making a tape copy STILL EXISTS! remember: an s-video out port has _no idea_ what happens at the other end. No system will _ever_ be devised where it is more difficult to send the video into a recording device than it is to send the video into a TV to watch it.
People on the internet who trade around copies of movies. This is pretty much similar to the first one; there's still the fact that the video-out of a DVD player can always be sent to a recording device. Of course, an entire DVD would not be fun to download over the internet, so probably any movies on the internet will be re-encoded at lower quality, making any quality loss caused by not making a byte-for-byte copy of the DVD irrelivant. And after all, there are MPEG-1 versions of movies that are in _theaters_ floating around at warez sites everywhere, and i'll bet a lot of the others come from tapes. I doubt that being able to put keys on DVD-RAMs or whatever will affect this much.
Big-time piraters, sometimes in third-world countries, which make huge numbers of exact copies and distribute them widely. These people will probably be wanting the "keys", or whatever you're talking about, as they'd want it identical to the original DVD. But these people also will probably not be using an average consumer PC. They'll be making enough money from this that they can afford to use some kind of customized hardware that will do whatever "special drive commands" they want. Even if such hardware doesn't exist at the moment, for the makers of the DVD spec to pretend such hardware will not come into existance the instant there's some amount of money in DVD pirating is just silly.
I'm pretty sure that if the DVD companies will already be losing the revenue from these people, any money _saved_ by the CSS will be pocket change..
-mcc-baka
INTELLECTUAL PROPERTY IS THEFT
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
honestly, i have to say, i personally have not done much looking into DVD encryption and copy protection, but just reading a lot of the posts here, and going over the source that was posted for this program, i am impressed with the sophistication of which DVD was developed. Unlike several other attempts at a 'secure' format, (AKA: mp3, unf*ck.exe, and other easially ripped audio formats), DVD seems to have been very well designed.
These people aren't/weren't giving out copies of the actual Matrix DVD (or any other DVD for that matter). These were simply taken by someone having the actual Matrix DVD, playing it on their screen, and using another program to capture that image, or by playing it on their own TV and then getting that image off their TV with their computer. Regardless, they weren't technically ripping the DVD.. They were just making a copy of the move stored on there.
-
aphex
I Steal Music!
Of course, if these people are willing to settle for second-rate quality, the option of borrowing a VCR and making a tape copy STILL EXISTS! remember: an s-video out port has _no idea_ what happens at the other end. No system will _ever_ be devised where it is more difficult to send the video into a recording device than it is to send the video into a TV to watch it. Actually a system called macrovision which has existed for quite some years is capable of scrambling a vcr (primarily by messing with it's automatic gain control). This system is mandatory on a DVD player. Usually macrovision doesn't scramble a display device (some projectors are susceptible though, and you might be able to see some artifacts in the top of the frame on some tvs) In europe where many (most?) purchase players modified to play any zone very often also get macrovision disabled.
Many posters here are wondering about cracking dvd keys and copying discs and generally pirating them in various ways. If my meager law knowledge isn't failing me, piracy is illegal.
My point isn't about piracy, it's about hypocracy. If there is even the hint that someone is illegally trampling on the GPL or something beloved to linuxite hearts, there is an immediate cry of bringing in the law. Is illegaly pirating DVDs more acceptable than illegally taking code from a GPLed program? They are both examples of taking something and using it in ways that are not legal.
Another semirelated point is the cry of people of "Even if it is commercial, I'll buy it! I want it for linux, open source or not!" But, judging from the immediate reaction of "Let's crack it and take all we can," it seems not many people WOULD pay for much in linux. The few that would actually buy games or apps for linux are far outweighed by the number that would simply pirate it or crack it. It seems to me that many people in the "open source" community don't give a damn about open source. They just want everything they can get for free.
All of this makes me wonder if companies are influenced by reactions like this. If I were a company pondering putting in the work to release my commercial product for linux, I would definitely think twice before I spent the time and money on porting or rewriting. Yes, I know that piracy is also rampant in the windows world, but just looking at what has been posted thus far, it seems the linux market isn't exactly filled with willing buyers of software and other replicable items. (movies, audio, etc)
* Please not that I said 'many,' not 'all.' There is a difference.
Hopefully this post will clear up some of the misconceptions here. Basically, this package is the reverse engineered version of a program called DeCSS, something which can be used to authenticate with and unlock a DVD player.
DeCSS will be available under the GPL, but as its source had not been released yet, someone decided to reverse engineer it and make the source public. The author has stated that this puts this new source under the GPL, which has a good outlook for us.
æeee!
Huh? 15k???? Maybe for a rackmount unit or
something... but PC DVD-RAM drives start at
bout $370.00...
DVD RAM and DVD ROM are different technologies. Not all DVD players can read DVD RAM. (In fact, I believe most cannot.) Not to mention the fact that the drive which you're referring to can only write at a density of 5.2 GB per disk. (2.6 GB/side). The $15K model is needed for writing the standard 18 GB DVD-ROM disks.
-------------------------------------------------- -------- -------
The line was crossed when the gov't got involved. Now it is officially censorship and can be challenged as a constitutional issue.
-------------------------------------------------
No actually what I said was that the authentication code was mine and that since it was GPL'ed, this whole source release is now GPL infected.
Derek Fawcus
Yep, you're wrong. From http://www.dvdreview.com/html/dvd_myths.html
8. DVD is a worldwide standard.
In addition to regional codes that can be used to prevent playback in different areas, DVD uses different formats for
NTSC or PAL playback. Almost no US players can play PAL DVDs. Most European players can play both PAL and NTSC
TVs, but only on a 60-Hz-capable PAL TV or a multistandard TV. Most DVD-equipped computers can play
both NTSC and PAL discs.
Devices are available (or used to be available) that would filter out Macrovision. I have one that I bought a few years back...it only works on composite video (not S-video), but I don't have anything that accepts S-video input anyway. Radio-Electronics magazine even published the design of one of these "Macrovision strippers" sometime in the mid-to-late 80s, so you could build one yourself if you wanted. (It might even be possible to modify the design to work with S-video...would the nasty stuff be hidden in the luminance signal or the chrominance signal? Maybe you could get by with just diverting the appropriate signal through this box and let the other signal go through without modification.)
Another option for computer-based DVD is something like Remote Selector that disables Macrovision on hardware-based DVD decoders. I use this with my Dxr2 instead of the abovementioned Macrovision filter.
20 January 2017: the End of an Error.
If you are the copyright holder of the authentication code, and if your code was integrated into this product, not just "bundled", you now have the right to sue the other copyright holder for breach of your license. An outcome of that may be that the other code is GPL-ed, but infection is not automatic.
This is probably moot, as they plan to GPL it anyway.
Thanks
Bruce
Bruce Perens.
Here are several different implementations of the squarexplusone() function (sxp1, for brevity) -- note that I assume x >= 0:
... scheme, anyone?):
implementation 1 (duh):
int sxp1(int x) {
return x * x + 1;
}
implementation 2 (obvious, if inefficient):
#include "math.h"
int sxp1(int x) {
return (int)rint(pow(x, 2)) + 1;
}
implementation 3 (the same, but more evil):
#include "math.h"
int sxp1(int x) {
return (int)rint(exp(2*log(x))) + 1;
}
implementation 4 (eschew multiplication):
int sxp1(int x) {
int r, sum;
for ( sum = r = x ; r > 1 ; r-- ) {
sum += x;
}
return sum + 1;
}
implementation 5 (same thing
static int _sxp1(int x, int r) {
return r ? ( x + _sxp1(x, r - 1) ) : 1;
}
int sxp1(int x) {
return x + _sxp1(x, x - 1);
}
I could go on, but I think I'm having more fun than is good for me...
Berlin-- http://www.berlin-consortium.org
DNA just wants to be free...
I tried to cut too many corners. :/
It should be:
static int _sxp1(int x, int r) {
return ( r > 0 ) ? ( x + _sxp1(x, r - 1) ) : 1;
}
Berlin-- http://www.berlin-consortium.org
DNA just wants to be free...
FWIW, the more "canonical" approach to #5 would be:
static int mult(int x, int r) {
return ( r > 1 ) : x + mult(x, r - 1) : x;
}
int sxp1(int x) {
return _sxp1(x, x) + 1;
}
Okay, okay, I'll stop now...
Berlin-- http://www.berlin-consortium.org
DNA just wants to be free...
I looked at the Sigma Designs Web site (sigmadesigns.com) and found that there is a link for suggestions.
it is: arthur_bao@sdesigns.com
I sent Mr. Bao the following suggestion via email:
Date: Tue, 26 Oct 1999 16:54:04 -0400 (EDT)
From: Timothy Lord
To: arthur_bao@sdesigns.com
Subject: Interested in Linux Support for hardware DVD decoders
Dear Sir:
My name is Timothy Lord. I enjoy DVD movies (what a great format!), but I presently must use an external player rather than one installed in one of my PCs, because I prefer Linux or another free operating system to those made by Microsoft.
I urge you to consider developing (or helping fund the development) of drivers for your company's products under Linux or other UNIX-like operating systems. There is a large market of potential buyers who would be interested in buying hardware DVD decoders, if they could run them without switching operating systems.
For evidence, I would suggest looking at the site www.slashdot.org;whenever DVD is mentioned on Slashdot, there is an active discussion, and many posters want to know "WHen can I watch my new DVD movies under Linux?!"
If you can sell a DVD player that comes packaged with drivers which let it work under Linux (especially if you are the first company to do so!), you will have an appreciative audience -- the goodwill generated by the support for Linux shown by some other companies (such as ATi) has been fantastic.
Thank you for considering this suggestion; good luck with your products and company!
Sincerely,
Timothy Lord
timothy@monkey.org
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
You aren't allowed to release the GPL section as part of it if the entire thing isn't GPL'ed.
If you don't abide by the GPL license, you loose all rights to the source including redistribution.
--
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
Let me see...
Case #1
Suppose person A held up a bank and stole $1000.
Suppose person A dropped $15 while running away.
Suppose you picked it up and donated it to charity
Just because you do something "good", "right", or "moral" with the $15 doesn't make it "moral"...
So why would it be moral to use something (the DVD decoder) that was obtained in a possibly immoral
(violated patent/licensing rules) fashion?
Case #2
To be more clear, suppose there is a piece of code (say regexp library) that is BSD licenced (old
style). Suppose you have BSD unix so you are "kosher" for using the code. However, you have a
piece of non-compliant GPL code that wrongfully stole the code and embedded it in an application
(but slightly modified). Is it moral for you to use this non-compliant package even though you
sort-of have a licence to use the code (because you are running BSD-unix)? Or by supporting this
"immoral" application, you are committing an immoral act by using it? What if you didn't know
where the code came from? What if you suspected the code came from an illegal source?
I'd be interested to see people's answer to this one... at least be honest and say it's not as
simple a dillema as some people make it out to be...
The odds are that if you admit your mistake, stop distributing, and pay a royalty for what money you've already made during the infringement, you will not lose the rights to your own code or have the GPL applied to it.
Don't worry about draconian terms (forfeit your firstborn child, etc.) because judges won't enforce them.
Thanks
Bruce
Bruce Perens.
Thanks
Bruce
Bruce Perens.
That sounds good to me!
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
So I guess what you are saying if someone "reverse engineered" a piece of code, and put it into some
software even though the original author of the code probably didn't want anyone to do that, you
feel no moral obligation to not use this "reverse engineered" piece of code even though it has been
"co-opted" for use against the wishes of the original author...
Well, that's a interesting interpretation of how a person might go about stealing GPL code and put it
into the public domain (which might be distributed against the GPL license) and still sleep at
night...
Gee I could have downloaded the GPL code anyways for free so I guess I have the right to do
whatever I want with it... I don't feel bad at all... Just because I use the package and I don't
violate the GPL then just because this package exists and many other people to violate the GPL
that's not -my- problem... I find it convenient so I'm not gonna stop using it...
You may find this a "minor" moral transgression in the scheme of things (which is ok in my book), but
to say it's completely moral doesn't seem to be entirely honest. This is a bit extreme, but this
moral dillema is not too different from using immoral nazi medical research. The only thing
different is degree and if you think violating the CSS group's rights is moral. Or that somehow the
FSF/GPL rights are somehow more sacred than the CSS group's rights or rights or nazi prisoners...
You might counter that nobody got hurt, but would you change your mind if the company who's private
key got compromized to make DeCSS gets slapped for a $1M fine, lays off all their employees and goes
bankrupt? I'm not saying this will happen, but it could...
I'd like to see proof of this "reverse engineering" before this gets release under the GPL...
I don't think I'm missing the point completely... The way I see it, it's the same as...
1. the intent of the GPL is to keep software free by forcing derivative software to also be free.
2. he downloads a public domain piece of SW that (illegally) incorporates GPL code. The code
is open source, but professes to be public domain unencumbered by the GPL. He still follows the GPL
rules for this piece of software (distributes source, sends the copyleft notice), but others do not.
3. therefore, even though the software is in violation of the GPL (because it professes not to
be restricted by the GPL), he has no problem with using it since in other circumstances he has the
right to use the same subroutines in the software...
A very simple argument, and quite sound. A perfect framework to look the other way when the
GPL is being violated... Is this what we call moral these days?
no, I just hope people would be more moral than that... sigh...