Re: DeCSS
On Sat, Mar 04, 2000 at 01:06:04AM -0700, Warner Losh wrote: Incase anyone is interested, there is a big DVD conference comming up in Dublin, and some people here are going to try to cause some noise while it is on. I can track down details if anyone is interested. Dacid. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
It seems Warner Losh wrote: In message [EMAIL PROTECTED] Kris Kennaway writes: : You know, I half want to add a note in the release notes that "FreeBSD 4.0 : now ships with DeCSS included", but that might be a bit political :-) It would be political. All things are. What could they do to us? Haul us into court? In which case our legal representative will say "Your honor, these clowns didn't do due diligence in their complaint, we have no clue why we're here. The DeCSS in our produce removes Cascading Style Sheets. Nothing at all to do with DVDs at all. Please dismiss the case and award us our court costs, plus $10M punitive damages to deter such egregious behavior in the future. Thank you." He, I have the bits ported here since november'99, I'll gladly offer them for inclusion on the CD's :) -Søren To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
It seems [EMAIL PROTECTED] wrote: He, I have the bits ported here since november'99, I'll gladly offer them for inclusion on the CD's :) -Søren drwx-- 2 sos wheel 512 Jan 5 08:06 DVD Well, I believe you, I just can't get to it :) Actually, opendvd.org still links to your site, might wanna give them a hint. Any mirrors ? I have given them hint upon hint, they just dont care :( Mirrors ? dunno, I dont think there are many that will carry the code nowadays, but if you know of one -Søren To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Mon, 21 Feb 2000 10:05:55 +0800, Peter Wemm wrote: I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Screw the cascading style sheets business, I wanna distribute the real thing. I'd like to see these wankers try to sue me. Especially if it means a free plane trip to the States. :-) Ciao, Sheldon. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Sat, 4 Mar 2000, Sheldon Hearn wrote: http://www.totse.com/DeCSS/ Screw the cascading style sheets business, I wanna distribute the real thing. I'd like to see these wankers try to sue me. Especially if it means a free plane trip to the States. :-) You know, I half want to add a note in the release notes that "FreeBSD 4.0 now ships with DeCSS included", but that might be a bit political :-) Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
Sergey Babkin wrote: Peter Wemm wrote: I would love to make a port of this, for reasons that become obvious once y ou see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. I can't help keeping wondering if this MAA is missing the point completely: why would someone need the decryption to make a _copy_ ? A copy is a copy and it appears to me that the encrypted bits written on the disk surface could be copied just exactly as well as the decrypted bits. Probably the real reason they start this activity is because otherwise they would lose some kind of royalties from the DVD-players manufacturers. As a diversion to the original topic, I'll comment on what the DVD CCA and MPAA are doing. First of all, decrypting the data is *NOT* required in order to copy the DVD. This is how 99.99% of the copying is done presently - ie: a bit-by-bit copy of the data and re-stamping a new DVD. css-auth and DeCSS are not required for this. All you need is special hardware to read it - read: a DVD drive that you have hacked the firmware in order to get at the raw bitstream. What the MPAA and DVD CCA are really up to is trying to mantain a monopoly on who can write or sell *players* of DVD's and keep those people under their control. There are 512 "player keys" that each DVD is encoded with. By licensing the CSS code etc you are really buying into the key space. The intent is that if one of the keys is compromised (eg: the Xing key) they can cease mastering DVD's with that key. As a result, all new DVD's would no longer work with that particular Xing player or things like css-auth etc which have ripped off a copy of the key. However, there is a darker side to it all. Part of the license conditions to get your foot in the door is that your player *MUST* obey things like region codes. It *MUST* play in normal speed the compulsory tracks. This means that you cannot buy a DVD in europe and play it in the US. It means you cannot fast-forward past things like piracy warnings and advertising. (That's right, you have to sit and watch Disney's Trailers in full before you can watch the rest of the DVD.) The manufacturers *MUST* include the magnavision anti-VCR distortion to prevent recording on VCRs, etc. The DVD CCA (copy control association) would probably be better named the 'content control association'. It prevents third parties from mastering DVD's as they don't have the knowledge of the player keys. They probably can make DVD's but they would be totally unprotected. What is to stop a manufacturer taking the de-css or css-auth code and using that instead of paying the fees (rumoured to be multiple millions of dollars) to get a player key allocated to them - very little in theory. The css algorithm and keys were a trade secret and it's been blown. However, in practice, the moment a manufacturer thinks about doing this, you can bet your last cent that no new DVD's will work on that machine. IMHO, what would be FAR better would be for things that use the Xing keys to go away, and something else used that exploited the weaknesses of the CSS system itself. A couple of researchers have found that CSS is *SO PATHETICALLY WEAK* that it takes merely a few seconds on a reasonably quick computer to break the session key for the DVD without having *any* knowledge of the compromised Xing key. That way the MPAA and CCA can't claim that you are using a stolen key, because you are not using any of the 512 player keys. You are simply figuring out what the session key is. The moment a hardware manufacturer (who isn't a CCA "subject") makes a DVD player using the CSS weaknesses, then all bets are off. DeCSS and css-auth will be obsolete overnight. MPAA can sue to their heart's content but will not have a leg to stand on. They can't claim it's there to enable piracy as the player does nothing but play the DVD. They can't claim the use of stolen keys as none are being used. They can't claim trade secret violation as the player manufacturer would not have been a party to he trade secret contracts. The problem that the freeware players have is that the components (eg: css-auth) are based on compromised keys and are used to decode the contents of the DVD, which *could* allow piracy (but not very cost effective piracy, as the space required to copy it costs far more than the original DVDs do). That's the straw that seems to be within the reach of the MPAA/CCA at the moment, apart from having lots of to make it very hard for the average person to fight. A binary "player program" that can't be used to seperately decode the DVD's should be theoretically immune to even that angle of attack, as long as you have the nerve and resources to stand up to the legal harassment. (Just my comments as an interested observer (from region 4) over the last few months. IANAL etc) Cheers, -Peter
Re: DeCSS
| IMHO, what would be FAR better would be for things that use the Xing keys | to go away, and something else used that exploited the weaknesses of the | CSS system itself. A couple of researchers have found that CSS is *SO | PATHETICALLY WEAK* that it takes merely a few seconds on a reasonably quick | computer to break the session key for the DVD without having *any* | knowledge of the compromised Xing key. That way the MPAA and CCA can't | claim that you are using a stolen key, because you are not using any of the | 512 player keys. You are simply figuring out what the session key is. Correct! CSS is so pathetic that breaking it in runtime is quite easily accomplished. Each DVD has a disk key, which is stored in a five byte hash on the disk. The disk key is also stored encrypted with all the various player keys. The layout looks something like this: 5 byte disk key hash Disk key encrypted with player key 1 Disk key encrypted with player key 2 ... Disk key encrypted with player key n When a disk is inserted, the player decrypts the disk key with its assigned player key, then hashes it and compares it to the 5 byte hash. Since CSS is a 40bit cipher (something to do with US export regulations I'm sure), attacking the keyspace is quite trivial to do (about a complexity of 2^25). Another interesting point is that with one player key compromised, one can derive the rest of the player keys through a similar search. -- Dan Moschuk ([EMAIL PROTECTED]) "Waste not fresh tears on old griefs." To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
It seems Sergey Babkin wrote: I can't help keeping wondering if this MAA is missing the point completely: why would someone need the decryption to make a _copy_ ? A copy is a copy and it appears to me that the encrypted bits written on the disk surface could be copied just exactly as well as the decrypted bits. Probably the real reason they start this activity is because otherwise they would lose some kind of royalties from the DVD-players manufacturers. Well, since this is another issue, I'll answer :) You cannot _read_ a DVD without having exchanged the CSS keys with the drive, it will return "not authenticated" when you try to read the protected sectors (ie not all sectors on a DVD are protected, there might be programs, pictures and stuff thats not). So you would need special HW to read the original, before you can copy. And yes I think the DVD guys are the bad ones, and they try to hide the real agenda, but the DVD hackers are not much better I'm sorry to say. -Søren To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Mon, 21 Feb 2000, Peter Wemm wrote: I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. Port committed :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: DeCSS
I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. Cheers, -Peter It's a wonderful idea! I would gladly install the port just for the sake of the cause. Thomas Uhrfelt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
Peter Wemm wrote: I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. I can't help keeping wondering if this MAA is missing the point completely: why would someone need the decryption to make a _copy_ ? A copy is a copy and it appears to me that the encrypted bits written on the disk surface could be copied just exactly as well as the decrypted bits. Probably the real reason they start this activity is because otherwise they would lose some kind of royalties from the DVD-players manufacturers. -SB To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Mon, Feb 21, 2000 at 10:31:35PM -0500, Sergey Babkin wrote: I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. I can't help keeping wondering if this MAA is missing the point completely: why would someone need the decryption to make a _copy_ ? A copy is a copy and it appears to me that the encrypted bits written on the disk surface could be copied just exactly as well as the decrypted bits. Probably the real reason they start this activity is because otherwise they would lose some kind of royalties from the DVD-players manufacturers. You're one of those people who follows instructions, are you? I'll restate what Peter said. Be sure to read it before commenting, it's not what you might think. -- Bill Fumerola - Network Architect Computer Horizons Corp - CVM e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED] Office: 800-252-2421 x128 / Cell: 248-761-7272 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Monday, February 21, 2000, Bill Fumerola wrote: You're one of those people who follows instructions, are you? You're one of those people who out words, aren't you? :) -- |Chris Costello [EMAIL PROTECTED] |Design simplicity: It was developed on a shoe-string budget. ` To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
On Mon, 21 Feb 2000, Chris Costello wrote: On Monday, February 21, 2000, Bill Fumerola wrote: You're one of those people who follows instructions, are you? You're one of those people who out words, aren't you? :) Hey! I got some cream pies, you two want to go at it? We'll all cheer! Chuck Robey| Interests include C Java programming, FreeBSD, [EMAIL PROTECTED] | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: DeCSS
Peter Wemm wrote: I would love to make a port of this, for reasons that become obvious once you see the page. (Think of all the mailing list archives and mirrors) http://www.totse.com/DeCSS/ Be sure to read it before commenting, it's not what you might think. Excellent idea. (And, no, I haven't read it. Though I know what it is... :) -- Daniel C. Sobral(8-DCS) [EMAIL PROTECTED] [EMAIL PROTECTED] "If you consider our help impolite, you should see the manager." To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message