Slashdot Log In
Descrambling CSS w/ 7 Lines Of Perl A DMCA Violation?
from the this-is-just-too-funny dept.
Here's the script:
$_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a=unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9
,$_=(map{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t
^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271))
[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
A rewrite, using an extra five bytes (!) of perl code, caches a table, which apparently makes the program fast enough to decode a movie in realtime:
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
As Touretzky writes on his Gallery page, typical usage is just: cat /mnt/dvd/VOB_FILE_NAME | qrpff 153 2 8 105 225 | extract_mpeg2 | mpeg2dec -
Re:Of course it's a violation (Score:2)
Re:For the love of coding! (Score:2)
The way Congress works, most of the people who voted for that bill never looked at it. It was a bi-partisan initiative with strong financial backing. The committee that recommended it considered that it would be another limit on fair use, but they probably never considered its effect on programmers and its conflict with the First Amendment. I tend to think they were looking at a law with powerful backers and few visible enemies and voted the way they thought would make them look good and help the country. Who would vote against a flashy name like Digital Millenium Copyright Act?
-the Pedro Picasso
(sourceCode == freeSpeech) [x-omega.com]
--
Art and beauty (Score:2)
Mine:Art is a human expression meant to evoke an emotional response.
I'm not right, really, but neither are you. I would say most code isn't art. I would also say code can be art. After all it is only a set of choppy written instructions. Are recipies art? Is command based haiku art? Is this post art?
(Answers: yes, yes, no)
-the Pedro Picasso
--
Re:Art and beauty (Score:2)
--
Flags (Score:2)
EU and WIPO (Score:2)
Re:.sig!! Yay!! (Score:2)
With a little work, a mail program could enocde this work of art uuencoded into the Message-ID header. Why? When anyone replies or forwards your email, they will resend your CSS code!
X-Comment: ALL YOUR BASE ARE BELONG TO US
Not quite (Score:2)
He could try suing DVD makers, but he'd have a hell of a time getting it through court. You see, if he encrypted his DVD with CSS and his own key, then commercial DVD players wouldn't decrypt it. If he encrypted his DVD with CSS and at least one of *their keys*, then he'd have a hard time convincing a judge that the key choice wasn't implicit consent for them to perform decryption.
a few million? (Score:2)
Re:Not quite (Score:2)
Kind of like that prior use thing in patents.
Updated Suggested email .sig (Score:2)
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to use according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
END .SIG
I was kinda hoping to create somthing that could spell out the evils in a tolerable length/readability. Other than manditory commercial viewing and region codes what else does an open source version wreck for the MPAA?
sneaky trick (Score:2)
Then, add a script up at the top of the page, mark it "DMCA Violating PLCPS (Pig Latin Copy Protection Scheme) Script", that nicks off the last two characters... and technically, haven't you protected yourself? Because the only DMCA violation is in fact the De-PLCPS script, no? That other thing is protected under a copy-protection scheme and isn't even usable, therefor, what's there to complain about? Sure, I'm sure the owners of De-PLCPS might take offense to your violation of the DMCA, but then again, that would be THEIR problem, not the DVD-CCA's, no?
Re:7 lines of Perl... (Score:2)
Okay, I give up... (Score:2)
Would anyone care to explain exactly how this works, in english (or should I just wait until the notes from the seminar are online)?
Re:Terse (Score:2)
Re:Maybe (Score:2)
What proof do you have that you don't? The word of companies like Microsoft with their EULAs and the RIAA and MPAA who try to take away your ability to use the CD/DVD that you own?
Well, what do you think they'll say? They hope that people will believe them. And they hope they'll do what you did, pass that on to others.
Their view of copyright is incredibly short sighted. I really don't see why they deserve copyright protection anymore. Seriously. Copyright is a social contract
The MPAA/RIAA/Software publishers are trying to have the 'limited' part of the monopoly removed, and to take away all your rights to do anything with the work that they don't want you doing.
They aren't living up to their side of the bargain, thus the contract is void.
Now, they can claim anything they like, about how you'll join satan, and undermine capitalism, if you violate THEIR rights, but I don't see them saying anything about your rights. And it's not just a case of "well don't buy it." They're counting on your tax dollars funding the legal system which is granting them this unlimited monopoly, so they're taking from you and giving nothing back.
Anyways, as I see it, their laws are the product of bribery. They lobbied for those laws, which means paying politicians in "campaign funds", then they bribe judges like Kaplan (Dunno if they paid him, or if it was enough that he worked for them before and got paid then) to give weight to their laws. In my view, that's not a valid law. Like a contract for illegal activities isn't a valid contract.
I choose not to follow those laws. I honor copyright as I see it. Limited monopoly, a guarantee to the author that they'll be the first to profit from their work. I don't see it as a right for the author to control everything I do with their work, so I don't feel obligated to follow laws that they buy which say that.
Re:Maybe (Score:2)
But you're wrong when you say you that you license software...
They only software you license if something you buy specifically from a contractor, a company that sells you a specific limited site license for a special deal, or shareware.
In the first case it's because you're paying the contrator for the product. You decide which rights you want and then bargain over the value of those. With the specific site license, that'd be like Adobe selling you 100 copies of Photoshop for an 80% discount because you could show that it was all going to be used in a way that they approved of (to teach people who might later buy their own copy for example) and you were both making concessions in the deal (them price, you in what you can do with it.)
And finally and most importantly, shareware. If you download a program off of CNET (or anywhere else) there's no payment on your part so you have no right to expect it'll do anything. You then get it and can agree to a contract allowing certain use in trade for certain payment (maybe nothing, maybe a post card, maybe $$..)
But with commercial software, you buy it at the store and take it home, where you find the 'contract'. At that point, the contract isn't valid. You purchased all required rights to the software already. It's invalid for a number of reasons.
1) You can't put limits on an existing contract (it becomes a new contract, which requires new agreement and especially, new consideration (compensation)). I can't see you a car and then call up later and say that you have to buy gas from me. I can offer you an exclusive gas contract in trade for something, free tires, a low price, whatever, but it's only an offer until you accept.
2) The 'contract' in the form of a click-through license attempts to prevent your use of *YOUR* software (you paid for it at this point) by requiring you to agree to their contract. That's duress. You're not bound by agreements made under duress. Simply click 'Yes' and ignore it...
3) That contract doesn't even offer you anything, just the ability to use your software, so you don't get anything out of it. A contract that doesn't have compensation for both parties isn't valid. Again, click 'Yes' and ignore it.
Certainly don't take the corps' word on any of this, they stand to gain by making you believe you have more obligations than you really do.
Re:Maybe (Score:3)
That's an interesting point - on what basis do you draw the line? You could say that "obviously" rot-13 wasn't a serious attempt to control access but if 7 lines of Perl can be considered a circumvention device, then what about 5 lines? Or 3? Or 1?
I share your scepticism about the outcoming of trying to challenge things on that basis, but you would think there has to be some kind of definition as to how how simple a circumvention device is allowed to be while remaining "effective" (or do they intend every case to be ratified by a court? Wait, don't answer that...).
Pre-DeCSS, if you'd proposed a circumvention device that could be bypassed in 7 lines of Perl, who would have taken it seriously?
-dair
Re:Terse (Score:3)
Re:Is CSS encryption? (Score:3)
It doesn't even need to be copy protection, the DMCA talks about access control. CSS doesn't really provide copy protection, but it does do access control.
[re: reverse-engineering legalities] (Score:3)
I didn't mean to say that I agreed with (or conceded to) MPAA's or Xing's (it was a Xing player, right?) shrinkwrap-license-prohibiting-reverse-engineering . I was just trying to point out that some other "agreeably" illegal activity must be engaged in before use of the perl script became actual circumvention of CSS.
Whether or not what was done to get Xing keys (which, if I recall correctly, is the only part of the "Trade Secret" argument MPAA is using) is illegal shouldn't (IMHO) affect the status of this script.
Correct me if I'm wrong, but wasn't the entire DeCSS system developed originally? That the only part that was "stolen" was the Xing master key, accidentally left unencrypted in the windows program? So MPAAs argument for trade secret theft only applies to the use of those Xing keys, right? Or could they argue that DeCSS could not have been developed without aid of those keys, and so it's a derivitave work, and so tainted by the theft of the secret?
And if so, at what point, after analysis, review, scholarly discussion, and seminars, does the CSS algorithm (and various ways to implement it) pass beyond any trade secret protection, again reducing DeCSS to a key availability issue?
Re:Is CSS encryption? (Score:3)
Re:Programming as an art.... (Score:3)
Re:For the love of coding! (Score:3)
The congress critter as well as any other corporation is not answerable to this or any other law only you are. Do you know why? It's because they have more money then you.
Is CSS encryption? (Score:3)
Firstly, I'm sure this has been discussed on
If this is the case, then it seems like CSS is more of a standard practice thing, than a proprietary thing, and the MPAA should just give up. I'm sure that "zip" technology was at one time proprietary, now its pretty much standard. And, if I am correct, this really doesn't hold up to the DMCA, because its not encryption that I am trying to circumvent, rather, I am just decoding what I have rightfully purchased.
If this is the case, I have no problem with the MPAA going after the individuals that are illegally copying DVD's and selling them to their 31337 friends. However, just using the scripts and code to watch a movie on your Linux box is another story entirely, and I have no problem with that.
Thoughts, comments, bitching???
UUOC (Score:3)
Typical usage should be /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
qrpff 153 2 8 105 225
Re:Competition Time? (Score:3)
Re:Is this basically compressing it? (Score:3)
No, because those tables aren't really needed.
Most of the tables in css-auth.c are used to work out the title key from the disc key - with this script, you provide the title key on the command line.
The other tables in css-auth.c are used to reverse the order of bits in a byte - this can easily be accomplished by code instead.
Programming as an art.... (Score:3)
It definitely is.
I bow to the superior skill of the author of those 526 bytes. I've saved it even if I don't own a DVD reader (and I don't plan buying one), just to open up the file at times and contemplate it.
Maybe one day I'll see the light.
Of course it's a violation (Score:3)
Next question.
Re:CSS Encoder? (Score:4)
Has anyone though of writting a virus that
takes a persons files and encodes them with
CSS? It would be extremely funny if some MPAA
lawyer found himself sitting in front of his
computer and a message pops up
"Dear user: Your files have been encrypted with CSS. You may trivially decrypt these files with DeCSS unless you live in the United States in which case the use of DeCss could cost you five years in jail and $150,000 file. Have a nice day."
Re:Is CSS encryption? (Score:4)
Is it a crappy arrangement? You bet. The title keys are 40 bits, and the player keys are (iirc) 80 bits. This is not high encryption here. Once you get past the auth-with-drive part, the title keys are handed over anyway. But simply, yes, it is encryption - from what I've heard from cryptological experts, far from a well-designed system. But it more-or-less does what the DVD CCA intended.
_____
Re:Now the RIAA will sue everyone... (Score:4)
This nonsense of trying to lock everything down and create laws that make viewing your product illegal is not good business. Sure it maintains profit margins for now, but long term will do nothing but cause damage.
Not to sound exceedingly paranoid here, but this is not so much about money as it is about fear of losing power and face.
Pride is causing this mess, not greed.
Re:Owning is not a crime using it is (Score:4)
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
xine and LiViD, AFAIK, do not include CSS decryption tools, and can only view unprotected DVDs out of the box. There are CSS patches, but they are in countries without a WIPO law.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
True; though it is an implementation of the WIPO copyright treaty (the one everybody was up in arms about a few years ago). The EU and Australia have already criminalised circumvention devices; other nations are in the process of doing so.
Maybe someone can persuade Gaddafi to set up a data haven in those bombproof bunkers he has. Given the MPAA's panic, disseminating DeCSS may be a better way of attacking the Great Satan America than using it as a chemical weapons plant.
Suggested email .sig (Score:4)
I will be appending this with a brief description to my emails. Here is what I had in mind.
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to have according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
Re: Sure. (Score:4)
Anyway, to unobfuscate it do this:
First paste the code into your favourite editor and change eval to print
Then save the file as decss.pl and execute this command in the shell:
perl decss.pl | perl -MO=Deparse
Now it's almost readable
--
Re:Owning is not a crime using it is (Score:4)
The other thing you got wrong is that *owning* it is NOT a crime! Noone, most particularly neither a judge nor the MPAA have ever suggested that possesion is a crime, and in fact the MPAA ONLY prosecuted those KNOWN to possess it for * distribution *, not possesion.
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
I've said this a thousand times already, and I'll keep saying it until people get it:
The ONLY thing that has been ruled to be illegal about DeCSS is its *distribution.*
*Possesion* of DeCSS is legal, it has been banned neither by a judge nor by the DMCA. If you have obtained a copy of DeCSS YOU are not in violation of the law, only your *source* is.
USE of DeCSS for viewing legally obtained DVD's is not illegal.
Any illegality of DeCSS, at the moment, applies strictly only to California and New York State. It is only in these states that courts that have ruled have any jurisdiction.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
KFG
Re:Is this piece of Perl covered by the DMCA? (Score:4)
Re:UUOC (Score:4)
Useless use of cat!!
Using cat to present on stdin isn't useless! What if, after running your command line, you discovered you had to run it through your special frob script:
Now if you use < you have to hit up arrow, and do some retyping, cutting and pasting..but with cat you can hit up arrow, move to the right place, and type frob and a pipe!cat is your friend..
Maybe (Score:4)
I'm not sure that it would matter to the courts whether the source code to descramble CSS was composed of 7 lines or 700, whether it was Perl or C or VB, compiled or binary. The judge probably wouldn't understand any of those details anyway. What really matters is that the MPAA scrambled the content on their DVDs and this code circumvents that. Just because you bought the disc, don't expect to use it in some way in which its owners don't approve. Unfotunately, if the judge could really understand the details of the case I think he would agree with the opinions expressed on Slashdot, so would just about any sensible person who doesn't have some vested intrest in the MPAA's revenue stream.
The reality is that once the lawyers use the word 'hacker' to describe the people who write code like this, throw in 'circumvent' a few times, and tell everyone that this program will cause their DVD prices to skyrocket, people's heads turn. The facts of the case get lost.
Anyway, this is a nice accomplishment. 7 lines of Perl that will descramble CSS. Sad that it constitutes a circumvention device, but maybe that will change.
Re:CSS Encoder? (Score:5)
For the love of coding! (Score:5)
Things that actually help:
- OpenDVD [opendvd.org] - actually learn about the DMCA and the case against it.
- Electronic Frontier Foundation [eff.org] - donate to the actual court case
- US Congress [congress.org] - Hand write your representatives and inform them of your digust with this law
Don't get me wrong. Sig files are fun and using this tiny piece of code in every post might help, but this situation isn't going to get better unless we put some real work into it.-the Pedro Picasso
(sourceCode==freeSpeech) [x-omega.com]
--
CSS Encoder? (Score:5)
and the useless use of 'cat' goes to.... (Score:5)
Is this one actually illegal? (Score:5)
Once you write brute-force wrapper around it to bludgeon out keys, or something to derive a title key from a disk key, utilizing secrets stolen by illegally reverse-engineering other stuff, then are you violating MPAA plans?
Re:For the love of coding! (Score:5)
Under current law, you are in illegal possession of a copyright protection circumvention device (see attachment). Under the Freedom of Information Act, I demand that you retain this information and make it available to me. However, under the DMCA, I demand that you initiate impeachment proceedings against yourself for your flagrant violation of the law in receiving the attached piece of paper.
Yours truly,
(insert name here)
Anyone notice this little bit of the code? (Score:5)
I think that's a portrait of the people at the MPAA.
.sig!! Yay!! (Score:5)
We should all add this snippet of code to our
Then stand back and watch as lawyers for the DVD Association go crazy, trying to sue everyone! Even better than linking! =)
The DeCSS case will be won, not in the court, but over the Internet -- so fire up that editor today... ROFL
Terse (Score:5)
erm (Score:5)