Slashdot Mirror
LinuxDVD CSS Decrypt - Source Available
Kazparr writes "This source code was posted earlier today at Livid.
Derek Fawcus confirms that this is his decryption routine for the DVD css encoding scheme.
Hopefully, LinuxDVD is one step closer. " So, now we've got some source - but how many of the keys do it actually have in there?
The consideration that using crypto, and patented crypto, at that, permits constructing protocols similar to Circuit City's (now cancelled) DIVX scheme is gravy...
Of course, I stand more in the pedantic camp that prefer to use words in the ways they were designed. Thomas Bushnell wrote it well:
In short, it seems to me that the SPA has "hijacked" (hee, hee) the use of the word piracy in much the same way that the term hacker gets used and abused in the media.
If you're not part of the solution, you're part of the precipitate.
CSS is designed to stop the everyday joe from making copies of discs. The authentication (or disc locking) is what really accomplishes that. The data encryption is a second part of CSS as a whole, and it is meant to prevent raw data copying after the disc has been unlocked (since the VOB data is supposed to be always encryped when travelling over an unsecured bus).
As to making copies with DVD-RAM, not possible unless you have the CSS decryption schemes as part of the DVD-RAM burning software. While you could technically unlock the drive with an external program (to the dvd-ram burning software) and then make a copy of the encrypted data, byte for byte, you still will not be able to copy the disc or title keys without involving special drive commands and CSS authentication in the dvd burning software. Of course, now that the authentication and decryption code is public (and the disc key's likely to be brute forced in a short time with the code), it will be relatively easy to write a program that burns unencrypted copies of the discs to dvd-ram.
These routines were obviously ripped from a windows based DVD player. CSSAuth.cpp is the interesting file, for it contains the actual CSS key tables.
IIRC, there is still floating out there one key that is player specific - in other words, the key is different for each type of DVD model player. I think it's just simple lock/unlock routine however, and it should be easily hacked.
CSS was the major road block before, but not anymore. I guess all they need now is someone to leak the Dolby surround specs.
Of course, this is probably all very highly illegal, and just by downloading the code I could be in trouble. I think I will delete my copy now...
Yes this is the encryption that hides the raw mpeg-2 data (as well as AC-3 and subpicture and some navigation information).
This is not the only form of copy protection involved in DVD playback, in general, there is also regional management (although that is not a real problem now that the css code is available).
A standard mpeg player will play the data once decrypted, but some discs will be hard to watch due to the use of different camera angles and some other dvd specific features. Not to mention all the navigational features will not be available (interactive menus, playback navigational data, etc).
The only thing really preventing full playback is not having a public IFO file format spec and some of the dvd specific VOB stream fetures are still relatively unknown publicly (the features are known, how they are implemented isn't). Reverse engingeering those two things will be difficult. Much more difficult than CSS was. Even if someone tries to simply disassemble some working player it will be difficult due to how dense the information provided in the IFO files is and the ways it is used in the player. IT can be done though and I'm sure it will be done, just don't expect it all that soon.
The way i see it, there are three types of people who are going to be pirating DVDS, and none of them are going to be stopped by the current "security" methods.
Random people at home who rent DVDs from a store and make copies. Of course, things will be much more difficult for these people than the days of the late 80s (where you could just go to Randalls, rent a tape and a VCR, and copy off the rented VCR onto your home VCR..). But things won't be more difficult for these people because of CSS encryption; things will be more difficult because of the fact DVDs aren't easily writable. Of course, if these people are willing to settle for second-rate quality, the option of borrowing a VCR and making a tape copy STILL EXISTS! remember: an s-video out port has _no idea_ what happens at the other end. No system will _ever_ be devised where it is more difficult to send the video into a recording device than it is to send the video into a TV to watch it.
People on the internet who trade around copies of movies. This is pretty much similar to the first one; there's still the fact that the video-out of a DVD player can always be sent to a recording device. Of course, an entire DVD would not be fun to download over the internet, so probably any movies on the internet will be re-encoded at lower quality, making any quality loss caused by not making a byte-for-byte copy of the DVD irrelivant. And after all, there are MPEG-1 versions of movies that are in _theaters_ floating around at warez sites everywhere, and i'll bet a lot of the others come from tapes. I doubt that being able to put keys on DVD-RAMs or whatever will affect this much.
Big-time piraters, sometimes in third-world countries, which make huge numbers of exact copies and distribute them widely. These people will probably be wanting the "keys", or whatever you're talking about, as they'd want it identical to the original DVD. But these people also will probably not be using an average consumer PC. They'll be making enough money from this that they can afford to use some kind of customized hardware that will do whatever "special drive commands" they want. Even if such hardware doesn't exist at the moment, for the makers of the DVD spec to pretend such hardware will not come into existance the instant there's some amount of money in DVD pirating is just silly.
I'm pretty sure that if the DVD companies will already be losing the revenue from these people, any money _saved_ by the CSS will be pocket change..
-mcc-baka
INTELLECTUAL PROPERTY IS THEFT
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Many posters here are wondering about cracking dvd keys and copying discs and generally pirating them in various ways. If my meager law knowledge isn't failing me, piracy is illegal.
My point isn't about piracy, it's about hypocracy. If there is even the hint that someone is illegally trampling on the GPL or something beloved to linuxite hearts, there is an immediate cry of bringing in the law. Is illegaly pirating DVDs more acceptable than illegally taking code from a GPLed program? They are both examples of taking something and using it in ways that are not legal.
Another semirelated point is the cry of people of "Even if it is commercial, I'll buy it! I want it for linux, open source or not!" But, judging from the immediate reaction of "Let's crack it and take all we can," it seems not many people WOULD pay for much in linux. The few that would actually buy games or apps for linux are far outweighed by the number that would simply pirate it or crack it. It seems to me that many people in the "open source" community don't give a damn about open source. They just want everything they can get for free.
All of this makes me wonder if companies are influenced by reactions like this. If I were a company pondering putting in the work to release my commercial product for linux, I would definitely think twice before I spent the time and money on porting or rewriting. Yes, I know that piracy is also rampant in the windows world, but just looking at what has been posted thus far, it seems the linux market isn't exactly filled with willing buyers of software and other replicable items. (movies, audio, etc)
* Please not that I said 'many,' not 'all.' There is a difference.
Hopefully this post will clear up some of the misconceptions here. Basically, this package is the reverse engineered version of a program called DeCSS, something which can be used to authenticate with and unlock a DVD player.
DeCSS will be available under the GPL, but as its source had not been released yet, someone decided to reverse engineer it and make the source public. The author has stated that this puts this new source under the GPL, which has a good outlook for us.
æeee!
Huh? 15k???? Maybe for a rackmount unit or
something... but PC DVD-RAM drives start at
bout $370.00...
DVD RAM and DVD ROM are different technologies. Not all DVD players can read DVD RAM. (In fact, I believe most cannot.) Not to mention the fact that the drive which you're referring to can only write at a density of 5.2 GB per disk. (2.6 GB/side). The $15K model is needed for writing the standard 18 GB DVD-ROM disks.
No actually what I said was that the authentication code was mine and that since it was GPL'ed, this whole source release is now GPL infected.
Derek Fawcus
If you are the copyright holder of the authentication code, and if your code was integrated into this product, not just "bundled", you now have the right to sue the other copyright holder for breach of your license. An outcome of that may be that the other code is GPL-ed, but infection is not automatic.
This is probably moot, as they plan to GPL it anyway.
Thanks
Bruce
Bruce Perens.
The odds are that if you admit your mistake, stop distributing, and pay a royalty for what money you've already made during the infringement, you will not lose the rights to your own code or have the GPL applied to it.
Don't worry about draconian terms (forfeit your firstborn child, etc.) because judges won't enforce them.
Thanks
Bruce
Bruce Perens.