Forgot your password?
typodupeerror
Media Privacy

DVD Jon's Code In Sony Rootkit? 585

Posted by Zonk
from the when-will-it-end dept.
An anonymous reader writes "With some help from Sabre Security, Sebastian Porst and Matti Nikki have identified some stolen GPL'd code in Sony's rootkit. Ironically the code in question seems to be VLC's demux/mp4/drms.c -- the de-DRMS code which circumvents Apple's DRM, written by 'DVD' Jon Lech Johansen and Sam Hocevar."
This discussion has been archived. No new comments can be posted.

DVD Jon's Code In Sony Rootkit?

Comments Filter:
  • Re:Nice link, guys. (Score:3, Informative)

    by BushCheney08 (917605) on Thursday November 17, 2005 @10:00AM (#14051641)
    He was referring to the fact that the original link was "http://slashdot.org/ahref="
  • Re:Wow. Just WOW. (Score:5, Informative)

    by iainl (136759) on Thursday November 17, 2005 @10:07AM (#14051696)
    The string is there because it's part of DVD Jon's code for stripping the DRM out of iTunes files, but yes - it's there all right. Matti Nikki points out the relevant offset in the article.
  • by schon (31600) on Thursday November 17, 2005 @10:17AM (#14051773)
    he work was preformed by First4Internet as agents of Sony

    BZZT! Thanks for playing.

    This software is First4Internet's *PRODUCT*, which they are licensing to Sony. They will license it to anyone who pays for it.

    These both seem to indicate they are liable.

    Liable for what, exactly?

    Did Sony knowingly violate the LGPL? No.
    Did Sony intend to commmit copyright infringement? No.
    Is Sony still distributing the software? No.
    Did the software authors register their copyright? No.

    Sony is not legally liable for any copyright violation, and as they didn't know that the code wasn't First4Internet's, then they're not even in violation of the *spirit* of the LGPL, either.
  • by Anonymous Coward on Thursday November 17, 2005 @10:20AM (#14051813)
    Comence email:

    http://www.first4internet.co.uk/contact.aspx [first4internet.co.uk]

    By Email
    info@first4internet.co.uk
    sales@first4internet.co.uk
    webmaster@first4internet.co.uk

    By Phone
    Tel: +44 (0)1295 255777
    Fax: +44 (0)1295 262682
  • Sony's apology (Score:5, Informative)

    by RandoX (828285) on Thursday November 17, 2005 @10:22AM (#14051826)
    Get it here. [sonybmg.com]
  • Re:Wow. Just WOW. (Score:5, Informative)

    by Sam H (3979) <sam@zoy.org> on Thursday November 17, 2005 @10:34AM (#14051937) Homepage
    I have to make sure everyone understands why this string is here. To be fair with Sony (or whoever they mandated), it is not an attempt from them to hide the code theft. Rather, it is an attempt by Apple to prevent not only code theft but also clean-room reimplementations.

    Apple's encryption scheme includes the generation of a key. The important parts of this key come from the machine's unique hardware information. But to prevent (at least that's my only plausible explanation for it) people from reimplementing the scheme by using the same information, they also add this copyright string to the key generation. Reimplementing their protocol means the string has to be used.

    We just store it ROT13'ed in VLC because it would be confusing to have an Apple copyright in our code. Although technically the string itself is created by Apple, it is too short to qualify for copyright.
  • by mzwaterski (802371) on Thursday November 17, 2005 @10:35AM (#14051942)
    BZZBZZT! Thanks for playing.

    Is "intent" an element of copyright infringment? No.

    Do you have to register your copyright to claim damages? No.

    Confirming Source: http://www.copyright.gov/circs/circ1.html#cr [copyright.gov]

  • by Thud457 (234763) on Thursday November 17, 2005 @10:48AM (#14052059) Homepage Journal
    Sony CDs banned in the workplace [boingboing.net]

    I've been chasing down several accounts of government agencies, companies, educational institutions and others banning the use of Sony CDs on their PCs, due to the security risks of having Sony's rootkit DRM infecting their PCs. One government ministry, Alberta Agriculture, has banned the use of music CDs altogether, since Sony is hardly the only music company crippling its CDs with sneaky, malicious software. Here are a couple examples:

    It has been brought to our attention that there is significant risk to the security and the operation of UC computers in using Sony BMG produced CDs. For this reason, the use of Sony BMG produced CDs in University of Canberra computers is prohibited.

    Here I thought this would only happen for "secure" workplaces. Sorta makes you feel sorry for SCO, they can't get anyone to even look at the crazy they're selling when Sony's got such a superior line of insane self-destructiveness.

  • Mainstream spin (Score:4, Informative)

    by resprung (410576) on Thursday November 17, 2005 @10:53AM (#14052092) Homepage
    Didya notice... the spin that - possibly - Sony has managed to put on the story

    CNN Europe and other mainstream media providers carried it like this:

    The trouble with the Sony software is that it makes your computer VULNERABLE TO VIRUSES.

    The mainstream spin is that the Sony software just opens the door to the bad guys. The word "rootkit" is not offered.

    It makes out as though Sony blundered and issued some insecure software, and how big a deal is that?

    This story deserves to grow and become a defining moment, but there's a long way from the tech community to the mainstream media.

  • And BTW... (Score:5, Informative)

    by Pakaran2 (138209) <windrunner.gmail@com> on Thursday November 17, 2005 @11:10AM (#14052281)
    He knows [nanocrew.net]
  • Re:PS3 vs. XBOX360 (Score:3, Informative)

    by xmodem_and_rommon (884879) on Thursday November 17, 2005 @11:38AM (#14052608)
    You might care about PS3's DRM. Apperently Sony is trying to figure out a way to prevent used games from being played on it. And they are apparently working on preventing you from playing your games on any other system than your own (so you can't take your game to a friends place and play there). SCEA is just as scummy, greedy and paranoid as Sony Music is.

    Sony stated that they did not intend to use the patent they filed on this for the PS3.
  • by Sique (173459) on Thursday November 17, 2005 @11:45AM (#14052696) Homepage
    According to both LGPL and GPL the one you get the software from is the distributor. He is the one responsible for adhering to the licenses. He can of course sue his own software provider later, but for now it's Sony that distributed the programs.

    If Sony is providing the source code for the programs and restates that the software is unter GPL (thus giving you the right to modify and distribute your modification), then everything is fine between Sony and you though.

    There have been several similar cases in Europe about this, and in every case the GPL has been found valid, and the violation of the license has been considered healed, if the final distributor was able to get hold of the source code and distribute this one too under GPL.

    Check GPL v2.0 section 4:
    4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

    For Sony this means: They lost the right to distribute the Program, and they will be in violation of the GPL until they start to comply with the GPL themselves (e.g. distributing the source and allowing modifications and redistribution under GPL).
  • by Arend (170998) on Thursday November 17, 2005 @11:56AM (#14052811) Homepage
    Did you know copyright infringement is a crime?

    Well, it is.

    Or at least, it should be in all countries that singed the TRIPs agreement. It says so in article 61:

    http://www.wto.org/english/tratop_e/trips_e/t_agm4 _e.htm [wto.org]

    --

    SECTION 5: CRIMINAL PROCEDURES

    Article 61

            Members shall provide for criminal procedures and penalties to be applied at least in cases of wilful trademark counterfeiting or copyright piracy on a commercial scale. Remedies available shall include imprisonment and/or monetary fines sufficient to provide a deterrent, consistently with the level of penalties applied for crimes of a corresponding gravity. In appropriate cases, remedies available shall also include the seizure, forfeiture and destruction of the infringing goods and of any materials and implements the predominant use of which has been in the commission of the offence. Members may provide for criminal procedures and penalties to be applied in other cases of infringement of
    intellectual property rights, in particular where they are committed wilfully and on a commercial scale.

    --

    So, commercial copyright infringement, as is obviously the case here, is to be regarded a criminal offence in all countries that signed the TRIPs agreement. And if it is a criminal offence, the government is responsible to take the offender to court and throw him in jail should he be found quilty!

    All you gotta do is go to the police and hand over all evidence you can find regarding this alleged crime. Then the police should start investigating in order to bring these criminals to justice!

    This is great! This is the key to enforcing the GPL globally without having to be the author or copyright owner of the code of which the copyright has been violated. That's the beauty of criminal offences. These are prosecuted by the government on behalf of the public.

    Let's take a look at what I could find on this in the US law, since these disks have been sold in the US, haven't they?

    What I found out is that -- for me -- over the ocean, they have the "Anticounterfeiting Act of 2004":

    http://www.publicknowledge.org/issues/hr2391 [publicknowledge.org]

    "Provides penalties and jail sentences for trafficking in "counterfeit labels, illicit labels or counterfeit documentation or packaging" of records, software, movies, etc. The original bill also provided penalties for filing false information with Internet registrars, but that portion wasn't picked up in the omnibus. Passed the House Sept. 21, 2004."

    As far as I can see, this is the law text that applies and apparantly is in act:

    http://www.law.cornell.edu/uscode/html/uscode18/us c_sec_18_00002318----000-.html [cornell.edu]

    --

    TITLE 18 > PART I > CHAPTER 113 > 2318 Trafficking in counterfeit labels for phonorecords, copies of computer programs or computer program documentation or packaging, and copies of motion pictures or other audio visual works, and trafficking in counterfeit computer program documentation or packaging

    Release date: 2005-08-03

    (a) Whoever, in any of the circumstances described in subsection (c) of this section, knowingly traffics in a counterfeit label affixed or designed to be affixed to a phonorecord, or a copy of a computer program or documentation or packaging for a computer program, or a copy of a motion picture or other audiovisual work, and whoever, in any of the circumstances described in subsection (c) of this section, knowingly traffics in counterfeit documentation or packaging for a computer program, shall be fined under this title or imprisoned for not more than five years, or both."

    --

    "or a copy of a computer program"

    Looks like those criminals copying GPLed software can be sent to jail!
  • by lpevey (115393) on Thursday November 17, 2005 @12:01PM (#14052884)
    Product liability law is a bit different from standard negligence law. If liability can be attached, the law specifically allows claimants to recover damages from any part of the supply chain, not just the manufacturer or original supplier. I.e., even Best Buy could be held liable. This common law feature is called strict liability of torts, I think, and probably evolved to prevent passing of the buck.
  • by Peaker (72084) <gnupeaker@yahoo.DEGAScom minus painter> on Thursday November 17, 2005 @01:15PM (#14053749) Homepage
    Is the correct term.

    Sure, you could redefine theft to include the lack of transfer of funds as may be required by the combination of law and license, or other definitions, but please don't.

    The word theft is more useful when it refers to the act of reducing an owner's posession in order to increase someone else's.

    When copying, you are merely increasing the posession of one, and not decreasing the posession of another.

    Sure, you're violating what he demanded of you.
    Sure, you're violating the law.
    Sure, you're doing something many consider wrong.

    But you're not stealing. Stop changing English in non-useful ways!
  • by jbolden (176878) on Thursday November 17, 2005 @01:26PM (#14053881) Homepage
    The problem with you analysis is that Sony didn't just use the software but rather copied and distributed it themselves. Now clearly Sony could argue that they had no intent to violate copyright law and thus damages should be small or nil but they cannot argue that they didn't violate it. They copied distributed a copyrighted piece of software without the holder's permission to do so, they are guilty.
  • by muzzy (164903) on Thursday November 17, 2005 @01:57PM (#14054204) Homepage Journal
    It indeed doesn't make much sense to include all these things there. Most likely, they just stole some bigger piece of code and got all the little features as an extra bonus. That'd be the most simple explanation, anyway, and it'd make sense too.

    These pieces are definitely not for identifying or disabling software, they're linked into the executables just like all other libraries normally are. There are execution paths throughout the thing. I was just able to find an execution path from a function that has a string "CDXCP3" to the DeDRMS code. I'd say this first one is XCP specific, although it'd take more research to find out how exactly the code uses this stuff.

    Reverse engineering takes times, especially since I don't have access to latest and greatest commercial tools that exist for tasks like this. The only reason this stuff is staying unanalyzed is because the protection is used on a CDs that very few computer experts would ever buy. Or at least I wouldn't :)
  • by muzzy (164903) on Thursday November 17, 2005 @02:02PM (#14054271) Homepage Journal
    I can confirm that there exists an execution path between XCP code and DeDRMS. However, navigating executables isn't like using road maps, so I have no idea under which conditions this execution path activates. It exists, however, which means the code really uses it directly or indirectly. Now it's up to the data flow to determine when it gets triggered, and analyzing that will take longer...

Adding manpower to a late software project makes it later. -- F. Brooks, "The Mythical Man-Month"

Working...