• Login
    • 5-Nov-99

    Norwegian 15-Year-Old Breaks The DVD CSS Piracy Protection

    (A Translation From Norwegian Web site) Fifteen-year-old Jon Johansen, sitting in his bedroom in the deep woods, has broken the code that is in place to protect the film industry against pirate copying. When the powerful film industry decided to support the new DVD video format, the big movie houses were assured that all discs would be almost impossible to copy. All DVD discs were therefore coded to be impossible to copy. What the film industry had not counted on was that the 15-year-old Jon Johansen from Thor Heyerdahl High School in Larvik would sit down in front of his PC when he came home from school and had finished his homework. Jon is no beginner. He has had data as a hobby since he started with games at age 6 or 7. With two ""colleagues"" from other countries in the hacker group MoRE he has made a program that, according to the American news agency Wired, and brake the protection code on all DVD-discs. MoRE has made the program available on the Internet, so that anyone with a modern PC can start to pirate copy movies. ""I am surprised over how easy it was to brake the code that should protect the DVDs. I did not believe that a person my age could make such a program. That says something about how bad the crypting actually is,"" says Jon. He spends 3 hours every day in front of the computer screen. The specialized hacker community he has been in touch with has worked for years to crack the DVD code. The 15-year-old is quick to point out that the program can be used for legal activities also. As long as you make ""safety copies"" of movies you have bought yourself this is not illegal. Do you think this will create problems for the film companies that have the rights to the movies? ""Of course, It is obvious that this will create piracy copying. This is bad. But if we didn't brake this code, someone else would have done it. When the bandwidth on the Internet increases it will be possible to transfer the films on the Internet, then this will become big."" The program CSS makes it possible to transfer movies from the DVD to your hard drive. From there you can play them on a monitor or TV. When the DVD burners arrive you will also be able to burn the discs. Just like you can make music-CD's today. Human Error It was actually a human error that made it possible for MoRE to brake the code. All makers of DVD-players pay to get access to the key that makes it possible to ""unlock"" the movies. This key is supposed to be coded and unavailable. MoRE researched all types of DVD-players, and found one that had not coded the key. Why this was not coded, nobody knows. But with this key it was relatively easy to brake the rest of the code, and then to make it possible to copy all DVDs. The news of the braking of the DVD code was top news on Wired yesterday. A representative for Columbia Tri-Star is cautious about the news. Piracy copying is illegal, no matter if it is DVD or VHS. All pirate copying we find will be reported to the police. We will also prosecute to the full extent of the law. And while the pirate copying will grow in the years to come, the young Johansen is planning on an education as a computer engineer. Source: http://www.aftenposten.no/nyheter/nett/d108023.htm The full story will appear in the January/February Issue 36 of Widescreen Review. The DVD Hack: What Next? By Andy Patrizio, Wired.com DVD's security system was supposed to be hacker-proof. Turns out it wasn't idiot-proof. Thanks to a gaffe by one of the decryption software's licensees, a band of Norwegian programmers made it possible to make a perfect copy of a DVD film with none of that pesky encryption. It all happened because DVD playback software for Linux doesn't exist. There are numerous DVD playback utilities for Windows -WinDVD, ATI DVD, Compaq DVD, XingDVD - but nothing, nada, zip for Linux players. And if there's one thing about Linux users, they're do-ers, not whiners. The Norwegians began trying to reverse-engineer Windows players to figure out how to handle playback. But all of the players had an encrypted decryption key ... except one: XingDVD, from RealNetworks' subsidiary Xing Technologies, had failed to encrypt its key because of an oversight. Some people just wanted a DVD player, but others took it a step further. They used the decryption key to create a tiny utility to remove the encryption in a DVD movie, allowing for movies to be illegally copied. It shouldn't be surprising that an awful lot of people are upset at this week's Wired News reports about a utility to remove DVD security. But it's out there and people are using it. So what's the movie industry to do? Increasing security is definitely a start, along with changing the security system. That would mean every DVD console on the marketplace would need a firmware upgrade. But DVD vendors may just have to bite the bullet if they want to protect the format. The next issue is what to do with DVD-ROM drives, since there is now a way for pirates to easily get at the movies. This is the second time that PC accessibility has enabled content piracy. Pirating music from CDs using MP3 is easy for just about anybody, thanks to commercial ripping software like MusicMatch's Jukebox. With DeCSS, people can make illegal copies of DVD movies. Rendering CD/DVD drives for computers incapable of reading music CDs or DVD movies might be another way to go. Maybe the industry won't stop the pros but it can stop the average Joes. Then there's recordable DVD. Right now, recordable DVD drives can only store 2.6GB per side, and DVD movies are either 4.7GB or 9.4GB. People copying movies with DeCSS are turning their DVDs into low-quality VCD. Even Jon Johansen [the 15-year-old Norwegian] who was involved in the development of DeCSS, can't understand why people bother. But high-capacity recordable DVD is coming. In the first quarter of 2000, there will be 4.7GB recordable DVD drives, and DVD copying will be much easier. It may not be a bad idea to hold off on releasing the drives until the copy protection issue is sorted out. Why advocate such limitations? Because it beats the alternative, which is that movie studios will withhold future releases. And DVD enthusiasts are eagerly awaiting such film classics as ""Star Wars,"" ""Fantasia,"" and ""ET."" Better that the restrictions be on the hardware side than the content side. Copyright © 1994-99 Wired Digital Inc. All rights reserved. Why The DVD Hack Was A Cinch By Andy Patrizio, Wired.com The anonymous developers of the decryption program that removes DVD copy protection had an easy time doing it, thanks to a gaffe by a software developer and the surprising weakness of the encryption technology. Essentially, the two European hackers who developed the DeCSS utility that copies a DVD movie disc were able to break the code because one of the product's licensees inadvertently neglected to encrypt the decryption key. Industry experts were stunned by the hack because DVD as a movie-playing format is supposed to be copy-proof. In fact, DVD would not be on the market today without the permission of the motion picture industry which, sources say, is reeling from this development. Breaking DVD's encryption was considered extremely difficult, but once the first key was discovered, the rest fell with ease, since the crackers were able to use their original, valid key as a launch point to find more valid decryption keys. DeCSS is a tiny (60 KB) utility that copies the encrypted DVD video file, which has a .VOB extension, and saves it to the hard disc without encryption. Since DVD movies can range in size from 4.7 GB to 9.4 GB and recordable DVD has at best 2.5 capacity (or 5.2GB for double-sided discs), direct DVD copying is unfeasible. But starting next year, 4.7 GB recordable DVD drives will hit the market, making duplication of DVD discs much easier. DVD uses a security method called the Content Scrambling System. CSS is a form of data encryption used to discourage reading media files directly from the disc without a decryption key. To descramble the video and audio, a 5-byte (40-bit) key is needed. Every player - including consoles from Sony, Toshiba, and other consumer electronics vendors, as well as software vendors for PCs like WinDVD and ATI DVD - has its own unique unlock key. Every DVD disc, in turn, has 400 of these 5-byte keys stamped onto the disc. That way, the unlock key from every licensee, be it WinDVD or a Pioneer DV-525 unit, will read the disc. All licensees of DVD technology have to encrypt their decryption key so no one can reverse-engineer the playback software and extract the key. Well, one licensee didn't encrypt their key. The developers of DeCSS, a Norwegian group called MoRE (Masters of Reverse Engineering) got a key by reverse-engineering the XingDVD player, from Xing Technologies, a subsidiary of RealNetworks. ""We found that one of the companies had not encrypted their CSS decryption code, which made it very easy for us,"" said Jon Johansen [15-year-old], a founder of MoRE, in Norway. ""We didn't think it would be that easy, in fact."" RealNetworks did not return repeated calls requesting comment. Because the unlock key is 5 bytes long, Johansen and his two partners, who wish to remain anonymous, were able to guess a whole slew of other keys. So even if all future DVD movies remove the Xing key, DeCSS has a plethora of other keys to choose from. Johansen and his partners were able to guess more than 170 working keys by trial and error before finally just giving up to go do something else. ""I wonder how much they paid for someone to actually develop that weak algorithm,"" said Johansen. ""It's a very weak encryption algorithm."" Leaving such a weak link in the security chain surprised industry people. ""I am really surprised that they made it that easy to break into,"" said Kevin Hause, Senior Analyst with International Data Corp. ""One of the key concerns about DVD was security."" ""I don't think it's the end of the world, but it'll be interesting to see what steps the industry takes now, whether they start delaying the releases of certain titles,"" said Bill Hunt, Webmaster of The Digital Bits, a DVD news site. ""I would expect it could also delay the advent of recordable DVD, because it'll give people a medium to write these hacked video files."" Others aren't so talkative. The Motion Picture Association of America (MPAA) declined to comment. The DVD Forum, based in Japan, was unreachable due to a national holiday, but it did issue a carefully worded statement. ""The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection. Toshiba, which has led the establishment of the DVD format and is the chair-company of the DVD Forum, feels it is a great pity,"" wrote Masaki Mikura, Manager of the Strategic Partnership and Licensing Division at Toshiba Ltd. ""In the future, the laboratories will be more actively conducting strict surveillance and take counter measures against illegal, inappropriate software and hardware in the market. Moreover, we believe that, based on the recent legislation, legal measures and steps will be taken by copyright holders against such violation of intellectual properties,"" Mikura wrote. Copyright © 1994-99 Wired Digital Inc. All rights reserved. DVD Piracy: It Can Be Done? By Andy Patrizio, Wired.com The worst fear of movie studios has been realized: DVD movie encryption has been broken. A utility called DeCSS is currently floating around on the Net that will read a DVD movie disc and save the file on a hard disk, minus the encryption. All thatís required is a DVD-ROM drive - since CD-ROM drives canít read the 4.7GB DVD movie discs - and a lot of disc space. The faster the CPU, the faster it will process the file. It takes around 10 minutes to process a .VOB file on a 500MHz Pentium III. The hack opens up illicit online trading of DVD movies, although minus DVD-ROM's interactive elements and outstanding audio/visual quality. The utility, written by two European programmers requesting anonymity, uses DVD playback code found in software-based DVD playback utilities, like WinDVD, ATI DVD from ATI Technologies, and XingDVD. Every player has a DVD copy protection decoder for playback, just like the hardware decoder in DVD players from Toshiba, Sony, and other consumer electronics devices. One programmer who examined DeCSS said the utility emulates that same playback code. But instead of displaying the video and audio to screen, it simply saves it back to the disk without encryption, since there is no encryption in playback. ""The bottom line is, if you have a decoder, it has to execute somewhere. And that's always been the weak link, where you can get at the encrypted material,"" said David Moskowitz, President of Productivity Solutions, from King of Prussia, Pennsylvania. Getting the decryption code, as it turns out, is relatively easy. Using an in-circuit emulator - a device used to monitor hardware activity - Moskowitz was able to watch exactly what the DVD hardware does in decrypting the movie on his PC. ""With that information, it's no big deal to create the [cracking] application,"" he said. One programmer who had a peripheral involvement in DeCSS development thinks piracy from this utility is a non-issue. ""There have been DVD ripping tools available for months,"" said Derek Fawcus, a programmer in England. ""Among the things you can find are explicit instructions and software for making VCD copies of DVDs. DeCSS is simply the latest in a line of methods of doing this."" Some of the DVD decoder assembler code was released on the Internet, and Fawcus rewrote it in C code. That code was later used in DeCSS. Once decrypted, the DVD movie files, which have a .VOB extension, are too big to fit on a CD-ROM. movie will be in three or four files. But there are many DVD conversion utilities floating around on DVD ripping sites, like DVDigest. It has conversion tools, like DVD2MPG and VOBSplit, which can be used to convert a DVD movie into VCD format, which can fit on a CD-ROM disc. There are even sites dedicated to converting DVDs to VCD format. This means losing the interactivity of DVD-ROM and its tremendous sound and video quality, but it also means VCDs can be played on CD-ROM drives. It also makes it easier to trade the movie online. Movie piracy has been a growing problem on the Internet, with films traded in MPEG and AVI format via Web sites and private file transfer sites. Movies in MPEG format are around 600 MB in size. DVD supporters are not thrilled by the development. ""It was like pulling teeth to get the major studios to all commit to standard DVD in the first place,"" said Jeff McNeal, Webmaster of The Big Picture, a home theatre enthusiast site. ""I consider this a disturbing development and only hope that it doesn't curtail studio commitment to DVD as we know it today."" Copyright © 1994-99 Wired Digital Inc. All rights reserved.
    Recent News
    June 18, 2026
    Kaleidescape Launches Pioneering Strato K Movie Player Fully Compatible And Certified For Native 8K Content
    June 12, 2026
    StormAudio Announces New EvoOne Processor And AoIP Bridge
    June 9, 2026
    Sony Electronics Expands Professional Display Lineup With Crystal LED UNIFY, A 135-Inch All-In-One Direct View Option
    June 8, 2026
    Audio Group Denmark Debuts New Børresen A-Series Loudspeakers
    June 8, 2026
    Klipsch Rebellion Debuts The Rebellion, The First compact Heritage Loudspeaker
    June 6, 2026
    ARCAM Celebrates 50 Years With A50 Signature And Unveils CD2C
    June 6, 2026
    JBL Marks 80 Years With The Next Generation Of Summit Everest And K2
    June 6, 2026
    Bag End Introduces The Modular Bass Array-12
    Read More News