This comment exhibits a clear lack of understanding. A byte of data is 8 bits and requires *two* "hex digits" when stored in text format. So for each key, you're looking at 32 ascii characters.
Now consider that 16 bytes is 128 bits (16*8). So we're looking at 2^128, or 3.402823669e+38 possible keys. Multiply that by 32, and you'll have the total size of the text file containing all possible AACS keys.
Now consider attempting to brute force the AACS key for _ONE_ AACS-protected title using the above text file as a dictionary. Assuming a gross oversimplification of the AACS protocol -- that it includes _ONLY_ AES encryption, runs _ONLY_ on x86, and uses the fastest FOSS AES implementation (Gladman) -- we're looking at about 13000 instructions for a full implementation.
Assuming a machine rated at 5000 MIPS (essentially a high-end modern desktop PC), we can test about 385,000 keys per second assuming a known-plaintext attack.
You're looking at 899190255900501182414210763 years to find _ONE_ key. Assuming that the universe is 13.7 BYO, we're looking at 65634325248211765 times the age of the universe to find _ONE_ key.
Apple stole the BSD Mach kernel to build OS X. They regularly fuck their own developers (anyone remember how Apple took possession of that freeware utility that one of their developers wrote IN HIS OWN TIME?) and customers. I know this opinion isn't popular and that there are hundreds of Mac fanboys who read slashdot. But what did you really expect?
Does anyone remember how Steve renigged on his promise that iTunes content is the property of the purchaser, and that songs purchased from iTunes belonged to the person doing the purchasing? How about when the closed the kernel source code?
Apple is in the same league as Microsoft. Is it really news that they are fucking over their own customers... again?
This is actually quite scary considering the size of Office documents. Store the executable code embedded in the metadata where user-supplied text would normally exist, using a nop slide of several kilobytes at the start. You have at least 26 kilobytes after all... imagine what could be done with 10k of executable code.
The gdb backtrace shows that the crash occurs in SwIoSystem::IsFileFilter (). EIP may not have been overwritten; the value points into what appears to be a valid function (i.e. not the stack or heap):
Assume for a moment that your system is implemented. The key would be at least partially based on your own personal credit card number/name/whatever. Assuming that this information is passed throught a hashing algorithm and used as the basis for the decryption key, all it takes is one person to reverse engineer the player's DRM code and it becomes trivial to write a keygen. This keygen could then be distributed en masse along with a reimplementation of the decryption software.
This can be improved in a number of ways. You can add a salt, but this is only useful for preventing brute-force attacks. Since the key is stored in your computer's memory anyway, this becomes a moot point (by the definition of DRM). You could add an initialization vector to the cryptosystem, but this would have to be stored right alongside the decryption key. Since (again) the key is in the computer's memory somewhere, it becomes trivial to retrieve once you understand how the system works.
But this second hypothesis can't be the case, since your system would allow the content to be moved from computer to computer. The end user would have to re-enter his personal credentials on each system. But by the definition of DRM, he cannot know either the password salt OR the initialization vector, since those are internal components of the cryptosystem. In order to make your system workable, the key MUST be able to be regenerated on a new computer using only the personal credentials. As I mentioned above, once the hashing algorithm was worked out and any static IVs or salts were extracted, it would become incredibly easy to write and distribute a key generator.
The very concept of "digital rights management" is in an of itself flawed since the decryption key must be stored with the content. All it takes is ONE person to reimplement the DRM system and release a crack.
Disclaimer: I've never worked with video-out hardware in any sort of broadcasting environment.
In playing around with various video sources, I've come across a couple of very good, high quality pieces of software that are able to transcode video from almost any source. If you do not need client-side playback and just want to pipe re-coded a/v streams to a tv-out device, consider using transcode:
I've never heard of SDI, but transcode's documentation states that it supports yuv4mpeg output. Transcode is really an excellent piece of software and should fill your need quite nicely.
You might also consider mplayer, as it explicitly supports yuv4mpeg output as well. You can use mencoder (a part of mplayer) to transcode video in the same way that you would use transcode.
As for the automatic scheduling of content to be played.. cron would do the job if your needs are simple. If, however, you need to insert content in the middle of a video during playback (read: a commercial) it will probably be insufficient. I'd suggest preprocessing the video for the next day each night. You'd need a list of timestamps where it is reasonable to stop playback of video content and then split out each video, writing yuv output to a (large) storage device.
You'd then be left with a day's worth of preprocessed video in yuv format that can be fed directly to your digital broadcast hardware in real-time. I'd imagine then that you could just feed the video directly into your output device using something like 'cat `cat video-sources.list` >/dev/video-out'.
I live in Silicon Valley. I often hear anti-prop 87 ads on the radio and TV. One day as I was driving to work I decided to listen to the ad carefully. At the end, as required by law, they state their sponsors. They (quickly) list a number of individuals, the last 2 or 3 of which are actually oil companies. It is for this reason that I decided to look into the issue.
This tax will be levied on the oil companies. They will be forbidden by the law to pass the cost on to consumers, so this will NOT raise gas prices. So, to recap:
1) oil companies have to pay their fair share to improve the environment;
2) the tax cannot be passed on to cunsumers;
3) This will benefit researchers and universities
Do not be fooled by the anti-prop 87 propoganda.
You would think so, but that isn't the case. This hardware is designed to be separated from the PC hardware, and as such will probably not have access to system memory. If you can't read memory allocated to the game, you can't figure out where the enemy is running around...
while true
do
wget http://i.tuxgames.com/lgpcomp/comp.jpg
sleep 1
done
They did say that they would update it *every* *second*.
Slashdot users: start your terminals!
Don't you get it? Much of this happened BECAUSE OF Bush. BUSH is the terrorist. Yeah, you heard me. This whole article probably wouldn't have even made the front page -- ever -- if Bush hadn't pushed America into this terrible position. Now we are seen (rightfully so) as the international terrorists.
I'm tired of hearing about Al Quaeda and Bin Laden's latest sob story. It sickens me that Bush uses these types of media frenzies to maintain his power base.
What was the gossip during the last election? I seem to remember some of my (right-wing) co-workers mentioning that you can't change your president mid-war. OK, so then it is in Bush's interest to keep the war going in order to maintain his power base for another 4 years.
Try pulling the cotton out of your ears and the wool from over your eyes. Tomorrow is Bush's 1984.
No, I didn't RTFA. Why should I? It will just be more sensationalist crap the Media has hounded out. How is this news? Every day I see more evil things happening on the 5 o'clock news -- why? Is there a reason that news has to include blood and gore?
Think about it. In 1984, Orwell declared that "War is Peace" in Oceania. How is this different from today? Bush says that in order to have "peace" (i.e. not be at risk of terrorism), we must go to war with a random country. A country that did not have any part in the attack on 9/11.
I love how the Bush administration keeps the Terrorist "threat" at the forefront of the American peoples' lives. It really makes me wonder if we are not moving closer to an Orwellian future. "War Is Peace" is beginning to sound more and more like Bush's rhetoric every day.
This is not the case. You are bottlenecked by the SATA real-world throughput of 100MB/sec. I already get about 45-50MB/sec out of my 2-year-old IDE drives. With the newer drives you might even get better, possibly upwards of 60MB/sec. So right there you're getting less than a 2x speed increase. Your swap partition won't do well, because adding the memory to your system will likely negate the need for a swap partition anyhow (assuming you use a sane operating system that doesn't come from anywhere near Redmond). The tiny size of this drive coupled with the high cost of buying 4GB of RAM negates its usefulness at the current time for most usages.
Jesus christ. 4.53 terabytes and 500 watts power draw. What one person could possibly use that much space as of today? And I wonder how much his electric bill is... doubtless at least $300/month
Now I have a reason to explain to my wife why I spend $1500 on hardware upgrades every 6 months. After all, we don't want to fall victim to the evil fingerprinting scheme, do we?!:)
Does anyone remember the golden days of PGP? There were key signing events where a "trust" network was established. Could this not be applied to code signing? i.e. there is a single master key that is controlled by the lead developer that is used only to sign individual developer keys. The lead developer would have his own key as well -- like I said, the master key is *only* for signing. Then some sort of revision control system could verify the trust relationship of the developer's key versus the master key and allocate permission based on that.
This would also allow key revocation. I see this as a perfect solution; can anyone comment?
Now I know that many people enjoy music as a form of entertainment. However, consider also what the politics behind this entertainment are. What kind of companies are you supporting by listening to / buying this music?
When the RIAA started these lawsuits a few years back (what was it? 1999? 2001?), I was shocked and outraged. I couldn't believe what lengths these corporations would go to in prosecuting what amounts to a few cents' worth of theft per song. The defendants, while they did execute illegal act(s), are being punished far beyond the damages they caused.
What can one do, then? I decided to stop buying music CDs. I no longer listen to the radio, and hardly ever download music from p2p. I believe that since these lawsuits started several years ago, I have bought a total of about 3 CDs. Instead, I spend my time with more productive activities such as programming or spending time with my wife.
I know this isn't an option for many people, but it works for me. By refusing to purchase CDs, I vote against the RIAA with my wallet. By not listening to the radio, I don't support the stations that license the same music. You, as a reader of slashdot, might do well to try to find something like this to voice your disapproval. Heavy-handed tactics used as a business model = lost customers.
Slashdot Mirror
This comment exhibits a clear lack of understanding. A byte of data is 8 bits and requires *two* "hex digits" when stored in text format. So for each key, you're looking at 32 ascii characters.
Now consider that 16 bytes is 128 bits (16*8). So we're looking at 2^128, or 3.402823669e+38 possible keys. Multiply that by 32, and you'll have the total size of the text file containing all possible AACS keys.
Now consider attempting to brute force the AACS key for _ONE_ AACS-protected title using the above text file as a dictionary. Assuming a gross oversimplification of the AACS protocol -- that it includes _ONLY_ AES encryption, runs _ONLY_ on x86, and uses the fastest FOSS AES implementation (Gladman) -- we're looking at about 13000 instructions for a full implementation.
Assuming a machine rated at 5000 MIPS (essentially a high-end modern desktop PC), we can test about 385,000 keys per second assuming a known-plaintext attack.
You're looking at 899190255900501182414210763 years to find _ONE_ key. Assuming that the universe is 13.7 BYO, we're looking at 65634325248211765 times the age of the universe to find _ONE_ key.
I'll be sending your wife and children burned copies of my DVD collection to include in your casket. May you be infuriated by them for eternity.
Apple stole the BSD Mach kernel to build OS X. They regularly fuck their own developers (anyone remember how Apple took possession of that freeware utility that one of their developers wrote IN HIS OWN TIME?) and customers. I know this opinion isn't popular and that there are hundreds of Mac fanboys who read slashdot. But what did you really expect?
Does anyone remember how Steve renigged on his promise that iTunes content is the property of the purchaser, and that songs purchased from iTunes belonged to the person doing the purchasing? How about when the closed the kernel source code?
Apple is in the same league as Microsoft. Is it really news that they are fucking over their own customers... again?
Interesting that you get a different result than I did. Here's a full trace of what I get:
http://rafb.net/paste/results/Jki6Ds85.html
This is actually quite scary considering the size of Office documents. Store the executable code embedded in the metadata where user-supplied text would normally exist, using a nop slide of several kilobytes at the start. You have at least 26 kilobytes after all... imagine what could be done with 10k of executable code.
The gdb backtrace shows that the crash occurs in SwIoSystem::IsFileFilter (). EIP may not have been overwritten; the value points into what appears to be a valid function (i.e. not the stack or heap):
eip 0xb7286b4d 0xb7286b4d osl_getVolumeInformation+4487
Of course, this is probably because the exploit was designed to crash MS Word in the first place, not execute arbitrary code.
I tried to open the PoC with OpenOffice 2.0.4 and it crashed. Can someone confirm?
/usr/lib/openoffice/program/soffice: line 236: 12793 Segmentation fault "$sd_prog/$sd_binary" "$@"
ooffice2 12122006-djtest.doc
This may not be a code execution bug; I'll try to trace it with gdb to see what happens.
Wonderful idea. Let's think about this, shall we?
Assume for a moment that your system is implemented. The key would be at least partially based on your own personal credit card number/name/whatever. Assuming that this information is passed throught a hashing algorithm and used as the basis for the decryption key, all it takes is one person to reverse engineer the player's DRM code and it becomes trivial to write a keygen. This keygen could then be distributed en masse along with a reimplementation of the decryption software.
This can be improved in a number of ways. You can add a salt, but this is only useful for preventing brute-force attacks. Since the key is stored in your computer's memory anyway, this becomes a moot point (by the definition of DRM). You could add an initialization vector to the cryptosystem, but this would have to be stored right alongside the decryption key. Since (again) the key is in the computer's memory somewhere, it becomes trivial to retrieve once you understand how the system works.
But this second hypothesis can't be the case, since your system would allow the content to be moved from computer to computer. The end user would have to re-enter his personal credentials on each system. But by the definition of DRM, he cannot know either the password salt OR the initialization vector, since those are internal components of the cryptosystem. In order to make your system workable, the key MUST be able to be regenerated on a new computer using only the personal credentials. As I mentioned above, once the hashing algorithm was worked out and any static IVs or salts were extracted, it would become incredibly easy to write and distribute a key generator.
The very concept of "digital rights management" is in an of itself flawed since the decryption key must be stored with the content. All it takes is ONE person to reimplement the DRM system and
release a crack.
Disclaimer: I've never worked with video-out hardware in any sort of broadcasting environment.
/dev/video-out'.
In playing around with various video sources, I've come across a couple of very good, high quality pieces of software that are able to transcode video from almost any source. If you do not need client-side playback and just want to pipe re-coded a/v streams to a tv-out device, consider using transcode:
http://www.transcoding.org/cgi-bin/transcode
I've never heard of SDI, but transcode's documentation states that it supports yuv4mpeg output. Transcode is really an excellent piece of software and should fill your need quite nicely.
You might also consider mplayer, as it explicitly supports yuv4mpeg output as well. You can use mencoder (a part of mplayer) to transcode video in the same way that you would use transcode.
http://www.mplayerhq.hu/design7/news.html
As for the automatic scheduling of content to be played.. cron would do the job if your needs are simple. If, however, you need to insert content in the middle of a video during playback (read: a commercial) it will probably be insufficient. I'd suggest preprocessing the video for the next day each night. You'd need a list of timestamps where it is reasonable to stop playback of video content and then split out each video, writing yuv output to a (large) storage device.
You'd then be left with a day's worth of preprocessed video in yuv format that can be fed directly to your digital broadcast hardware in real-time. I'd imagine then that you could just feed the video directly into your output device using something like 'cat `cat video-sources.list` >
I live in Silicon Valley. I often hear anti-prop 87 ads on the radio and TV. One day as I was driving to work I decided to listen to the ad carefully. At the end, as required by law, they state their sponsors. They (quickly) list a number of individuals, the last 2 or 3 of which are actually oil companies. It is for this reason that I decided to look into the issue. This tax will be levied on the oil companies. They will be forbidden by the law to pass the cost on to consumers, so this will NOT raise gas prices. So, to recap: 1) oil companies have to pay their fair share to improve the environment; 2) the tax cannot be passed on to cunsumers; 3) This will benefit researchers and universities Do not be fooled by the anti-prop 87 propoganda.
You would think so, but that isn't the case. This hardware is designed to be separated from the PC hardware, and as such will probably not have access to system memory. If you can't read memory allocated to the game, you can't figure out where the enemy is running around...
haha, thats the first thing I thought of when I saw the parent comment
while true do wget http://i.tuxgames.com/lgpcomp/comp.jpg sleep 1 done They did say that they would update it *every* *second*. Slashdot users: start your terminals!
Don't you get it? Much of this happened BECAUSE OF Bush. BUSH is the terrorist. Yeah, you heard me. This whole article probably wouldn't have even made the front page -- ever -- if Bush hadn't pushed America into this terrible position. Now we are seen (rightfully so) as the international terrorists.
I'm tired of hearing about Al Quaeda and Bin Laden's latest sob story. It sickens me that Bush uses these types of media frenzies to maintain his power base.
What was the gossip during the last election? I seem to remember some of my (right-wing) co-workers mentioning that you can't change your president mid-war. OK, so then it is in Bush's interest to keep the war going in order to maintain his power base for another 4 years.
Try pulling the cotton out of your ears and the wool from over your eyes. Tomorrow is Bush's 1984.
No, I didn't RTFA. Why should I? It will just be more sensationalist crap the Media has hounded out. How is this news? Every day I see more evil things happening on the 5 o'clock news -- why? Is there a reason that news has to include blood and gore?
Think about it. In 1984, Orwell declared that "War is Peace" in Oceania. How is this different from today? Bush says that in order to have "peace" (i.e. not be at risk of terrorism), we must go to war with a random country. A country that did not have any part in the attack on 9/11.
I love how the Bush administration keeps the Terrorist "threat" at the forefront of the American peoples' lives. It really makes me wonder if we are not moving closer to an Orwellian future. "War Is Peace" is beginning to sound more and more like Bush's rhetoric every day.
This is not the case. You are bottlenecked by the SATA real-world throughput of 100MB/sec. I already get about 45-50MB/sec out of my 2-year-old IDE drives. With the newer drives you might even get better, possibly upwards of 60MB/sec. So right there you're getting less than a 2x speed increase. Your swap partition won't do well, because adding the memory to your system will likely negate the need for a swap partition anyhow (assuming you use a sane operating system that doesn't come from anywhere near Redmond). The tiny size of this drive coupled with the high cost of buying 4GB of RAM negates its usefulness at the current time for most usages.
Jesus christ. 4.53 terabytes and 500 watts power draw. What one person could possibly use that much space as of today? And I wonder how much his electric bill is ... doubtless at least $300/month
For those of us who want to see the article, but don't have the ability to open Word documents,
http://www.css-auth.com/gen_adv/
Although this being called a "crack" is laughable.
Now I have a reason to explain to my wife why I spend $1500 on hardware upgrades every 6 months. After all, we don't want to fall victim to the evil fingerprinting scheme, do we?! :)
Does anyone remember the golden days of PGP? There were key signing events where a "trust" network was established. Could this not be applied to code signing? i.e. there is a single master key that is controlled by the lead developer that is used only to sign individual developer keys. The lead developer would have his own key as well -- like I said, the master key is *only* for signing. Then some sort of revision control system could verify the trust relationship of the developer's key versus the master key and allocate permission based on that.
This would also allow key revocation. I see this as a perfect solution; can anyone comment?
Please send me the audio here:
akihana at gmail dot com
TIA
Mike
Heh, looks like you beat me to the punch. I just put my own converted doc up:
http://www.css-auth.com/Unclassified.html
Don't forget that the artist get something like 0.5% of the final sale price of the album. Don't be so naive.
Now I know that many people enjoy music as a form of entertainment. However, consider also what the politics behind this entertainment are. What kind of companies are you supporting by listening to / buying this music?
When the RIAA started these lawsuits a few years back (what was it? 1999? 2001?), I was shocked and outraged. I couldn't believe what lengths these corporations would go to in prosecuting what amounts to a few cents' worth of theft per song. The defendants, while they did execute illegal act(s), are being punished far beyond the damages they caused.
What can one do, then? I decided to stop buying music CDs. I no longer listen to the radio, and hardly ever download music from p2p. I believe that since these lawsuits started several years ago, I have bought a total of about 3 CDs. Instead, I spend my time with more productive activities such as programming or spending time with my wife.
I know this isn't an option for many people, but it works for me. By refusing to purchase CDs, I vote against the RIAA with my wallet. By not listening to the radio, I don't support the stations that license the same music. You, as a reader of slashdot, might do well to try to find something like this to voice your disapproval. Heavy-handed tactics used as a business model = lost customers.