Slashdot Log In
Descrambling CSS w/ 7 Lines Of Perl A DMCA Violation?
from the this-is-just-too-funny dept.
Here's the script:
$_='while(read+STDIN,$_,2048){$a=29;$c=142;if((@a=unx"C*",$_)[20]&48){$h=5;
$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$b=73;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9
,$_=(map{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t
^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271))
[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
A rewrite, using an extra five bytes (!) of perl code, caches a table, which apparently makes the program fast enough to decode a movie in realtime:
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
As Touretzky writes on his Gallery page, typical usage is just: cat /mnt/dvd/VOB_FILE_NAME | qrpff 153 2 8 105 225 | extract_mpeg2 | mpeg2dec -
Re:Maybe (Score:3)
That's an interesting point - on what basis do you draw the line? You could say that "obviously" rot-13 wasn't a serious attempt to control access but if 7 lines of Perl can be considered a circumvention device, then what about 5 lines? Or 3? Or 1?
I share your scepticism about the outcoming of trying to challenge things on that basis, but you would think there has to be some kind of definition as to how how simple a circumvention device is allowed to be while remaining "effective" (or do they intend every case to be ratified by a court? Wait, don't answer that...).
Pre-DeCSS, if you'd proposed a circumvention device that could be bypassed in 7 lines of Perl, who would have taken it seriously?
-dair
Re:Terse (Score:3)
Re:Is CSS encryption? (Score:3)
It doesn't even need to be copy protection, the DMCA talks about access control. CSS doesn't really provide copy protection, but it does do access control.
[re: reverse-engineering legalities] (Score:3)
I didn't mean to say that I agreed with (or conceded to) MPAA's or Xing's (it was a Xing player, right?) shrinkwrap-license-prohibiting-reverse-engineering . I was just trying to point out that some other "agreeably" illegal activity must be engaged in before use of the perl script became actual circumvention of CSS.
Whether or not what was done to get Xing keys (which, if I recall correctly, is the only part of the "Trade Secret" argument MPAA is using) is illegal shouldn't (IMHO) affect the status of this script.
Correct me if I'm wrong, but wasn't the entire DeCSS system developed originally? That the only part that was "stolen" was the Xing master key, accidentally left unencrypted in the windows program? So MPAAs argument for trade secret theft only applies to the use of those Xing keys, right? Or could they argue that DeCSS could not have been developed without aid of those keys, and so it's a derivitave work, and so tainted by the theft of the secret?
And if so, at what point, after analysis, review, scholarly discussion, and seminars, does the CSS algorithm (and various ways to implement it) pass beyond any trade secret protection, again reducing DeCSS to a key availability issue?
Re:Is CSS encryption? (Score:3)
Re:Programming as an art.... (Score:3)
Re:For the love of coding! (Score:3)
The congress critter as well as any other corporation is not answerable to this or any other law only you are. Do you know why? It's because they have more money then you.
Is CSS encryption? (Score:3)
Firstly, I'm sure this has been discussed on
If this is the case, then it seems like CSS is more of a standard practice thing, than a proprietary thing, and the MPAA should just give up. I'm sure that "zip" technology was at one time proprietary, now its pretty much standard. And, if I am correct, this really doesn't hold up to the DMCA, because its not encryption that I am trying to circumvent, rather, I am just decoding what I have rightfully purchased.
If this is the case, I have no problem with the MPAA going after the individuals that are illegally copying DVD's and selling them to their 31337 friends. However, just using the scripts and code to watch a movie on your Linux box is another story entirely, and I have no problem with that.
Thoughts, comments, bitching???
UUOC (Score:3)
Typical usage should be /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
qrpff 153 2 8 105 225
Re:Competition Time? (Score:3)
Re:Is this basically compressing it? (Score:3)
No, because those tables aren't really needed.
Most of the tables in css-auth.c are used to work out the title key from the disc key - with this script, you provide the title key on the command line.
The other tables in css-auth.c are used to reverse the order of bits in a byte - this can easily be accomplished by code instead.
Programming as an art.... (Score:3)
It definitely is.
I bow to the superior skill of the author of those 526 bytes. I've saved it even if I don't own a DVD reader (and I don't plan buying one), just to open up the file at times and contemplate it.
Maybe one day I'll see the light.
Of course it's a violation (Score:3)
Next question.
Re:CSS Encoder? (Score:4)
Has anyone though of writting a virus that
takes a persons files and encodes them with
CSS? It would be extremely funny if some MPAA
lawyer found himself sitting in front of his
computer and a message pops up
"Dear user: Your files have been encrypted with CSS. You may trivially decrypt these files with DeCSS unless you live in the United States in which case the use of DeCss could cost you five years in jail and $150,000 file. Have a nice day."
Re:Is CSS encryption? (Score:4)
Is it a crappy arrangement? You bet. The title keys are 40 bits, and the player keys are (iirc) 80 bits. This is not high encryption here. Once you get past the auth-with-drive part, the title keys are handed over anyway. But simply, yes, it is encryption - from what I've heard from cryptological experts, far from a well-designed system. But it more-or-less does what the DVD CCA intended.
_____
Re:Now the RIAA will sue everyone... (Score:4)
This nonsense of trying to lock everything down and create laws that make viewing your product illegal is not good business. Sure it maintains profit margins for now, but long term will do nothing but cause damage.
Not to sound exceedingly paranoid here, but this is not so much about money as it is about fear of losing power and face.
Pride is causing this mess, not greed.
Re:Owning is not a crime using it is (Score:4)
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
xine and LiViD, AFAIK, do not include CSS decryption tools, and can only view unprotected DVDs out of the box. There are CSS patches, but they are in countries without a WIPO law.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
True; though it is an implementation of the WIPO copyright treaty (the one everybody was up in arms about a few years ago). The EU and Australia have already criminalised circumvention devices; other nations are in the process of doing so.
Maybe someone can persuade Gaddafi to set up a data haven in those bombproof bunkers he has. Given the MPAA's panic, disseminating DeCSS may be a better way of attacking the Great Satan America than using it as a chemical weapons plant.
Suggested email .sig (Score:4)
I will be appending this with a brief description to my emails. Here is what I had in mind.
The following code is a PERL script capable of decoding an encrypted DVD (necessary to watch a DVD on a Linux machine) in real time. This is illegal to have according to the Digital Millennium Copyright Act, a set of laws passed by anonymous vote in congress in 1998. The MPAA feels that they must stop you from using this code to watch DVD movies because then...
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$ t=255;@t=map{$_%16or$t^=$c^=($m=(11,10,116,100,11, 122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12 *($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16.. 271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,joi n"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/. ..$/1$&/;$d=unxV,xb25,$_;$e=256|(ord$b[4])>8^($f=$ t &($d>>12^$d>>4^$d^$d/8))>8^($t&($g=($q=$e>>14&7^$e )^$q*8^ $q>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a } ';s/x/pack+/g;eval
If you are interested in learning more about how to create your own DVD decoder you can take the authors class on the subject at MIT http://www.mit.edu/iap/dvd
Re: Sure. (Score:4)
Anyway, to unobfuscate it do this:
First paste the code into your favourite editor and change eval to print
Then save the file as decss.pl and execute this command in the shell:
perl decss.pl | perl -MO=Deparse
Now it's almost readable
--
Re:Owning is not a crime using it is (Score:4)
The other thing you got wrong is that *owning* it is NOT a crime! Noone, most particularly neither a judge nor the MPAA have ever suggested that possesion is a crime, and in fact the MPAA ONLY prosecuted those KNOWN to possess it for * distribution *, not possesion.
What's more is that USING it to view any legally obtained DVD is not a crime. These things are what allow projects like xine and LiViD to exist with a relative lack of legal molestation.
I've said this a thousand times already, and I'll keep saying it until people get it:
The ONLY thing that has been ruled to be illegal about DeCSS is its *distribution.*
*Possesion* of DeCSS is legal, it has been banned neither by a judge nor by the DMCA. If you have obtained a copy of DeCSS YOU are not in violation of the law, only your *source* is.
USE of DeCSS for viewing legally obtained DVD's is not illegal.
Any illegality of DeCSS, at the moment, applies strictly only to California and New York State. It is only in these states that courts that have ruled have any jurisdiction.
The DMCA itself is strictly an AMERICAN law and has no jurisdiction * anywhere * else in the world.
KFG
Re:Is this piece of Perl covered by the DMCA? (Score:4)
Re:UUOC (Score:4)
Useless use of cat!!
Using cat to present on stdin isn't useless! What if, after running your command line, you discovered you had to run it through your special frob script:
Now if you use < you have to hit up arrow, and do some retyping, cutting and pasting..but with cat you can hit up arrow, move to the right place, and type frob and a pipe!cat is your friend..
Maybe (Score:4)
I'm not sure that it would matter to the courts whether the source code to descramble CSS was composed of 7 lines or 700, whether it was Perl or C or VB, compiled or binary. The judge probably wouldn't understand any of those details anyway. What really matters is that the MPAA scrambled the content on their DVDs and this code circumvents that. Just because you bought the disc, don't expect to use it in some way in which its owners don't approve. Unfotunately, if the judge could really understand the details of the case I think he would agree with the opinions expressed on Slashdot, so would just about any sensible person who doesn't have some vested intrest in the MPAA's revenue stream.
The reality is that once the lawyers use the word 'hacker' to describe the people who write code like this, throw in 'circumvent' a few times, and tell everyone that this program will cause their DVD prices to skyrocket, people's heads turn. The facts of the case get lost.
Anyway, this is a nice accomplishment. 7 lines of Perl that will descramble CSS. Sad that it constitutes a circumvention device, but maybe that will change.
Re:CSS Encoder? (Score:5)
For the love of coding! (Score:5)
Things that actually help:
- OpenDVD [opendvd.org] - actually learn about the DMCA and the case against it.
- Electronic Frontier Foundation [eff.org] - donate to the actual court case
- US Congress [congress.org] - Hand write your representatives and inform them of your digust with this law
Don't get me wrong. Sig files are fun and using this tiny piece of code in every post might help, but this situation isn't going to get better unless we put some real work into it.-the Pedro Picasso
(sourceCode==freeSpeech) [x-omega.com]
--
CSS Encoder? (Score:5)
and the useless use of 'cat' goes to.... (Score:5)
Is this one actually illegal? (Score:5)
Once you write brute-force wrapper around it to bludgeon out keys, or something to derive a title key from a disk key, utilizing secrets stolen by illegally reverse-engineering other stuff, then are you violating MPAA plans?
Re:For the love of coding! (Score:5)
Under current law, you are in illegal possession of a copyright protection circumvention device (see attachment). Under the Freedom of Information Act, I demand that you retain this information and make it available to me. However, under the DMCA, I demand that you initiate impeachment proceedings against yourself for your flagrant violation of the law in receiving the attached piece of paper.
Yours truly,
(insert name here)
Anyone notice this little bit of the code? (Score:5)
I think that's a portrait of the people at the MPAA.
.sig!! Yay!! (Score:5)
We should all add this snippet of code to our
Then stand back and watch as lawyers for the DVD Association go crazy, trying to sue everyone! Even better than linking! =)
The DeCSS case will be won, not in the court, but over the Internet -- so fire up that editor today... ROFL
Terse (Score:5)
erm (Score:5)