Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Media Encryption Operating Systems Security Software Windows

Microsoft Windows Media Player Encryption Hacked 293

Posted by Zonk from the he-sure-is-a-busy-fella dept.
NubKnacker writes "Here we go again. The Register has the story about the encryption in Windows Media Player being hacked by DVD Jon. From the article: 'Jon Lech Johansen has reverse engineered a proprietary algorithm, which is used to wrap Media Player NSC files and ostensibly protect them from hackers sniffing for the media's source IP address, port or stream format. He has also made a decoder available." This has been pending for some time now. Do you see a reason to install Windows/WMP just to be able to view a webcast?"
This discussion has been archived. No new comments can be posted.

Microsoft Windows Media Player Encryption Hacked More

Microsoft Windows Media Player Encryption Hacked

Comments Filter:

  • Why this happens (Score:3, Insightful)

    by sdirrim ( 909976 ) <sdirrim AT gmail DOT com> on Friday September 02, 2005 @11:37AM (#13464152) Journal
    You know, this only happens because Microsoft is the industry standard. Imagine a world where there are competitive OS and software markets, with no Internet Explorer phenomenon. You wouldn't get this, because developers would actually try to create secure programs. Instead, Microsoft takes programs that are more or less comparable, and incorporates them into it's products, thus killing any competition for that program! (Read: Excel and Lotus 1-2-3)

    • Re:Why this happens (Score:5, Insightful)

      by Iphtashu Fitz ( 263795 ) on Friday September 02, 2005 @11:45AM (#13464222)
      You know, this only happens because Microsoft is the industry standard


      Microsoft is the "industry standard" only because they are big & powerful & have the ability to force others to do things their way. Standards are based upon community support. What DVD Jon is doing is showing that there's little community support for Microsofts so-called "standards".

    • To paraphrase Jack Handy: "I can imagine a world with out DRM, without corrupted standards, without proprietary formats ... and then I can imagine Microsoft attacking that world, because they'd never see it coming."

  • nscdec.c (Score:5, Informative)

    by coolnicks ( 865625 ) on Friday September 02, 2005 @11:38AM (#13464154)
    http://nanocrew.net/software/nscdec.c [nanocrew.net]

    "VLC should have NSC support in the near future."
  • FTFA - "It's more likely that the purpose is to prevent competing media players from supporting the NSC format," he observed.

    Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!
    • Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!

      Ok, maybe I'm just stupid ignorant, but I haven't found a way to record Windows Media streams to my HD to watch again later. Maybe it's there and I'm such a git I can't find it. But if it's not there, maybe one reason why is to prevent people from doing that very thing. Nothing like a proprietary format to ensure you only get to see what the provider wants

      • Re:Let the best player win! (Score:2, Informative)

        by Anonymous Coward
        Downloading:
          SDP Downloader
          CoCSoft Stream Down

        Cutting editing/encoding:
          Asfbin
          VirtualDub 1.4c-asf

        Happy Googling.
      • Ok, maybe I'm just stupid ignorant, but I haven't found a way to record Windows Media streams to my HD to watch again later

        It can be a pain sometimes depending on what kind of security and encryption they are trying to use, but basic MMS (WMV, ASF) streams can be captured with SDP [ppona.com] (free! OSS!).

        I've used it a few times with varying success. I'd give it (in the last 2 years or so) about a 75% chance of success.
      • $ mplayer -streamdump -streamfile fun.wmv mms://server.domain.example.com/path/fun.wmv
      • "... a way to record Windows Media streams to my HD to watch again later."

        1) Get Firefox & use it.
        2) Goto menu item Tools
        3) Select Options...
        4) Select Downloads
        5) Click on "Ask me where to save every file" in the Download Folder section.
        5) Click on the Plug-Ins button (in the File Types section)
        6) Find the extension of the movie and click on the checkmark to disable browser support for that extension.
        7) Click ok a few times to get out of Options.
        8) View source on the page where the video is t

  • an added bonus!!! (Score:5, Funny)

    by jshaped ( 899227 ) on Friday September 02, 2005 @11:39AM (#13464161)
    "Do you see a reason to install Windows/WMP just to be able to view a webcast?"

    Well sure!!!
    But I've already installed Windows for its lovely properties of stability, speed, and beauty.

  • Uh-oh!!! (Score:4, Funny)

    by Pig Hogger ( 10379 ) <(moc.liamg) (ta) (reggoh.gip)> on Friday September 02, 2005 @11:40AM (#13464176) Journal
    Expect some Louisiana military relief effort units to be redeployed soon to Norway, for a Search-and-Destroy operation aimed at Jon!!!

  • Bring on the MS shills. (Score:5, Insightful)

    by Lellor ( 910974 ) on Friday September 02, 2005 @11:40AM (#13464180)
    If Microsoft, the MPAA, and other corporations don't want their systems hacked, they must make sure that there is a way to play the content on alternative systems easily. Vendor lock in is not acceptable and the people have spoken. Linux (and other non-MS OS) users should not be forced to run Windows to play DVDs or ASFs or whatever. That is all.
    • What separates a "shill" from somebody who simply prefers Windows?

      And why don't I hear anything about Linux "shills" here on Slashdot?

      Just because you disagree with them, doesn't mean their comments should be utterly dismissed... unless of course you're not really interested in having a debate.
      • The implication is that a shill [wikipedia.org] is payed money or employed to pipe up a the appropriate time with the appropriate response, or is otherwise in cahoots with the stage magician, three-card-monty dealer, con man, used car salseman, or other such person who employs a shill.

        So the reason that you don't hear about Linux "shills" is that there isn't any money to pay them [in the minds of those people who think people are being payed by Microsoft...].

        Of course, in actuality, organizations like Red Hat, SuSE, an

      • What separates a "shill" from somebody who simply prefers Windows?

        What's the difference between the pope and the Easter Bunny?

  • Cool but not super cool (Score:5, Informative)

    by Psionicist ( 561330 ) on Friday September 02, 2005 @11:41AM (#13464185)
    What this does is simply to take one of those files with meta info about a stream and translate it to a human readable format. The meta file looks like this:

    [Address]
    Time To Live=0x00000002
    URL=023m000000001WQ01q07G0S00w02y 0Bm1Z06y0P01b06C0Sm0k06q0QG1Z0780Rm1p06y0PW
    1q02u 0Om1l06q0Bm1f07C0OG1m06a0Bm1j0700TG1m06S0SW1X06G0P G0k06G0R01i0000
    Player Version=020m000000000MD00k0300BW0n02u0Cm0u03K0C000 00
    NSC Format Version=029G0000000008Cm0k0300000
    Channel Version=0x00000083
    Name=026G000000000UKW1b06m0QG1 X06C0OG1p07G0KW1X06G0QG1l0000
    IP Address=02EG000000000KCW0p03C0BW0p02u0Cm0k0340000
    IP Port=0x00000457
    Delivery Mode=0x00000002

    The utility translates it to this:

    [Address]
    Time To Live=64
    URL= /media/files/Cisco.asx
    Name= Demonstration Content
    IP Address=169.254.10.1
    IP Port=22593

    So you can grab the stream without using the MS program and netstat.

    The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.

    • Re:Cool but not super cool (Score:5, Insightful)

      by Tackhead ( 54550 ) on Friday September 02, 2005 @12:05PM (#13464389)
      > So you can grab the stream without using the MS program and netstat.
      >
      > The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.

      Something like it would, however, make a damn nice Firefox plugin.

      It's grown particularly galling during the Katrina disaster - if you're a TV station, and you're putting up a 2-minute clip of a news article or interview that you broadcast a few hours ago, why in God's name are you making us re-download it every time we want to view it?

      Your servers are half melted down due to Slashdotting, your bandwidth costs are through the roof. If you must use a proprietary video format (seriously, if you're scared people won't be able to get the XVID codec, what's wrong with good old MPEG?), at least let us download the damn thing.

      You stream live content. You download static content. Is the difference that hard to understand? Or is it that news broa-buffering-dcasters hav-buffering-e a strange sexual fetish for buf-buffering-fering?

      • I'm a little confused. Why would a Firefox plugin be needed to allow you to save streaming content?
        mplayerplug-in already has the option to save everything it views to a directory you specify
        ${HOME}/Desktop/mplayer_downloads for example.
        I'm pretty sure it does this whether the file was streamed to the player or pointed to the player by Mozilla.

  • Best known export! (Score:5, Funny)

    by firepacket ( 809106 ) <flameboy@firepacket.net> on Friday September 02, 2005 @11:42AM (#13464195) Homepage
    Article from theregister.com
    Norway's best known IT export, DVD Jon...

    Awsome. I didnt know they were exporting those. I wonder how high they tax. I want one.

  • Imagination run wild... (Score:4, Funny)

    by Anonymous Coward on Friday September 02, 2005 @11:44AM (#13464210)
    Girl in the wild west: "DVD Jon, you're my hero!"
    DVD Jon (disguised as the Lone Ranger): "Stay here, it's not over yet" (gets out revolver)

    Man, I need to stop watching TV...

  • Windows.... (Score:5, Insightful)

    by zappepcs ( 820751 ) on Friday September 02, 2005 @11:45AM (#13464218) Journal
    Personally, if I have to load MS products to view, read, hear, or use something, then I will never view, read, hear, or use that data... period!

    If DVD John can crack it, then it wasn't secure in the first place. In my opinion, DVD-J is making the world more secure by showing people that their encryption sucks. Go John go...

    • Personally, if I have to load MS products to view, read, hear, or use something, then I will never view, read, hear, or use that data... period!

      So you choose your information based on the format not the content. interesting, do you also only watch one News station?

      If DVD John can crack it, then it wasn't secure in the first place.

      So just because one guy in the entire world of 7 Billion could crack it makes it insecure? I'm pretty sure it will provide the service MS wanted it too despite this release.

    • If DVD John can crack it, then it wasn't secure in the first place.

      He didn't actually break any security. Even if MS has used the best encryption in the world and had implemented it perfectly, DVD John could have created this tool.

      For Media Player to read the file, it needs to decrypt it. By necessity, that means both the decryption algorithm and the key with the decryption algorithm are located in Media Player. It's just a question of finding the algorith and where the key is stored. There are no sec

  • What a shameful tabloid-press like headline (Score:5, Insightful)

    by flowerp ( 512865 ) on Friday September 02, 2005 @11:56AM (#13464316)
    A correct headline would have been:

    Proprietary encoding of Media Player Broadcast definition files successfully reverse engineered.

    The problem is, no one really makes use of NSC files anyway. Most streaming media is still done as simulcast, not as multicast.

  • Hire him (Score:5, Interesting)

    by bahwi ( 43111 ) on Friday September 02, 2005 @11:57AM (#13464323)
    I think Microsoft should just hire DVD Jon and whoever else and have him write the algorithms and encryption. I know it's counterproductive, and I know he would probably oppose it, but throw enough money under there and most morals head out the door. DRM is coming, and if this guy is going to keep cracking them, you're gonna need someone better than him to write it, or get him so he'll be on their side.

    Ah well, until then, what's the next one for him to hack? Can't be too far off now.
    • Shhhhhhh! Don't give them ideas!

    • Re:Hire him (Score:3, Interesting)

      by Alsee ( 515537 )
      I think Microsoft should just hire DVD Jon and whoever else and have him write the algorithms and encryption.

      The "problem" is that DRM is not actually encryption, it's obfuscation. You are GIVING people the encrypted content, you are GIVING people the decryption algorithm, and you are GIVING people any keys required. If you didn't then they wouldn't be able to view it at all.

      Hiring DVD Jon wouldn't make one bit of difference. No matter what algorithms and keys Jon comes up with, he'd still have to GIVE the

  • Why do they even bother? (Score:3, Insightful)

    by NetNinja ( 469346 ) on Friday September 02, 2005 @12:02PM (#13464370)
    I see the whole encryption scheme as a lesson in frustration.

    Why even bother when someone is able to defeat it in less than 24hours?

    The more you try to hold on to something the easier it is to let it slip away.

    Can someone out there please give a clear and succinct explanation to this whole encryption scheme?
    • "The more you try to hold on to something the easier it is to let it slip away."
      -NetNinja "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
      -Princess Leia to Governor Tarkin

      If an evil empire capable of star travel couldn't figure it out, then one capable of Clippy can't either.

  • It's actually a good codec (Score:4, Informative)

    by m50d ( 797211 ) on Friday September 02, 2005 @12:05PM (#13464385) Homepage Journal
    That's why I'm willing to use it. Looks a bit blocky, but compresses incredibly well - I have a wmv music video that's smaller than an mp3 of the song in question. Also, I've found it the easiest of the main video formats (windows media, real, and quicktime - ogg theora and dirac just aren't ready for primetime yet) to get working in linux - just dump the dlls in the right format and both xine and mplayer can play them flawlessly, even as streams from websites (just install gxine or kaffeine). Real is harder, at least if you don't want to use their OSS-only official client, and quicktime is an absolute nightmare. So I'm all in favour of requiring windows media player to view videos, because the alternatives are worse.
    • I dunno, avi files combined with mp3 for audio and xvid for video work quite well! (That is if we're talking downloadable video, not simulcast)

  • Windows Media (Score:4, Interesting)

    by callipygian-showsyst ( 631222 ) on Friday September 02, 2005 @12:11PM (#13464436) Homepage
    Do you see a reason to install Windows/WMP just to be able to view a webcast?"

    No! I've installed Windows Media--including the Windows Media SDK, WMP10, and the Windows Media Encoder--because it's a great encoder and is included in the price of a windows system. I prefer the sound of WMA-encoded files to MP3s at the same bitrate. And there are at least 50 music players on the market, like my Samsung, that I can just plug in to Windows and sync with Windows Media Player! No need to install any software (unlike those stupid Creative folks with their virus!). Just plug it in and it works.

    • Re:Windows Media (Score:3, Interesting)

      by NatasRevol ( 731260 )
      No need to install any software???? Except of course the 3 pieces you mentions a couple of sentences ago.

      And as for the virus....it's a Windows virus. The problem isn't with creative, it's with an OS that's so easily corrupted.
  • The FSF sends in a bodyguard team to care for DVD Jon's well being. It won't be long before assassination atempts against him by corporate minions begin.

  • They created a monster (Score:5, Interesting)

    by intnsred ( 199771 ) on Friday September 02, 2005 @12:44PM (#13464674)
    Thinking back to years ago when the corporate powers-that-be had a teenager arrested for merely figuring out CSS, I wonder if those corporate bureaucrats realize that they were creating a monster?

    I mean, if they had just left the kid alone, his curiousity might have waned and today he might be a stodgy coder writing finance apps.

    Instead, they pissed him off, highlighted the system's corruption and injustice, and created a monster.

  • Using this for years (Score:2, Interesting)

    by cz_eye ( 911763 )
    Being a non-broadbander from far far east I was forced to do so on regular basis. The streaming is no-option for me so I am forced to hack the stream server and get to the downloadable content. I can do it for cbsnew.com, comedycentral.com, foxnews.com, cnn.com, msnbc.com and bunch of other servers. Some have their content even very well indexed and sorted by date in the database behind, so someone can pick the track without even looking.. (once u get in) just change the date or increment the story ID and f

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close