.png)
4 months ago
6
C source code
The code was subsequently included in an unsealed (whoops!) legal filing by John Hoy, president of the DVD-CCA, in the California trade secret lawsuit against Andrew McLaughlin and 92 other defendants. Guess it's not a trade secret anymore. More about that here.
or
or
or
A group of computer scientists from the ?cole Centrale Paris have produced an open source DVD player called Videolan; its decryption module is here.
shorter
or
faster
Cotton version:
order the t-shirt
Two Perl implementations courtesy of MIT Student
Information Processing Board members Keith Winstein and Marc Horowitz.
The shorter one, qrpff, is 472 bytes
(discounting newlines). The faster one,
531 bytes long, caches the permutation corresponding to CSStab1, and
is actually fast enough to use to watch a movie. The program takes a
five-byte title key on the
command line (five decimal numbers in least to most-significant order,
separated by colons) and an MPEG2 Program Stream VOB file on stdin,
and outputs a decrypted version of the VOB file. Title
keys can be obtained using VobDec.
To play a movie whose title key is 0xcd302010fe, do:
cat file.vob | perl -I 254:16:32:48:205 qrpff | extract_mpeg2 | mpeg2dec -
This work grew out of Keith's preparation for a 6-hour seminar on DVD decryption taught at MIT in Jan-Feb 2001. Suggestions for further shortening the code should be sent to [email protected]. Recently featured in Wired, Slashdot, The Register, and ZDNet / USA Today / MSNBC. And now you can order the t-shirt.
The tiniest
known C
implementation
This tiniest known C implementation, now
just 434 bytes (discounting newlines), is also plenty fast. It
originated with Charles M. Hannum,
who then shrunk it further, and got additional suggestions for
shrinkage from Phil Carmody.
Mr. Hannum writes: "on my Mac G4 cube (running NetBSD, not MacOS),
it can descramble in excess of 15MB/s [better than 10 times
maximum DVD bit rate], ... without even particularly trying to
optimize the I/O. This makes it pretty insignificant compared to the
rest of the decoding process." He performed these measurements
using artificial data; he would of course be in violation of 17 USC
1201(a)(1) if he used the code to watch a movie he had lawfully
purchased. Author
interview; article in The
Register.Here's an ASCII art version of efdtt.c by Alex Bowley.
SML code
description
and
Another mathematical
description of the decryption algorithm, by Charles M. Hannum, who writes:
"The mathematical description ... is very similar to how things
like FFT algorithms are presented in journals. These are clearly
scholarly works, and are vital to progress -- e.g. in the area of
signal processing. And yet, even an average programmer can easily
translate such a description directly into code."Hannum's description inspired Ralph Loader to use the LEGO proof development system to generate a proof that any CSS-encrypted text can be decrypted. According to Loader: "a deep mathematical result called the Curry-Howard isomorphism ... relates mathematical proofs and computer programs. Applied to the theorem I proved, Curry-Howard states that any proof of that theorem is in fact a program implementing CSS. The theorem proving tool I used (LEGO) can actually run this program - albeit very inefficiently." Maybe theorem provers should be illegal too.
explain Hannum's
decryption formula:
Javascript or
VBScript
These Javascript and VBScript routines use animated
Microsoft Agents Merlin and Robby to explain Charles Hannum's CSS decryption formula to you. You must
access these pages using Internet Explorer after having downloaded the
agent software and character definitions from here. Maximize the browser
window for best effect. Animation courtesy of anonymous contributor
anniepoo. If you don't run Windows, just view the source files
to see the dialog.
css_descramble.java
DiatriBe's Java code
css_descramble.js
css_descramble.php
css-auth.pascal.zip
or
descrambler written
in Brainfuck
This translation of
css_descramble.c into the Scheme programming
language was contributed by John R. Hall. Scheme is a
variant of Lisp popular among academic computer scientists. Here
is a Java version
contributed by Gavin Hall,
and another Java version by anonymous author DiatriBe.
And here is a JavaScript version by
Shlomi Fish and Chen Shapira of Hackers-IL,
along with some HTML code to activate it.
This PHP version, based on their work,
was sent in by Tom Stepleton.
And Bruce Christensen
sent in a Pascal translation of
the css-auth routines.An anonymous author contributed a CSS descrambler in pure lambda calculus, where even integers are represented as functions. Is this "code"? Or is it pure mathematics?
The same author also produced a descrambler written in Brainfuck, a Turing machine-like language with only eight operators. A truly minimalist description of the algorithm.
page2.gif
page3.gif
Screen dump of the CSS descrambling code. This is not the source code; it's a picture of the source code. These GIF files are not directly readable by a C compiler.
However, a human looking at these images could certainly type the C code into a text file. Or the files could perhaps be converted automatically, by an OCR program.
Are these page images considered an illegal "circumvention device" under the DMCA? Or, since they're not executable, are they protected speech?
A description of the descrambling algorithm in plain
English, written by Dave Touretzky. This description is not machine
readable, but it can easily be translated into C code by a
knowledgeable C programmer. It could not be translated by a
non-programmer, or a machine. Is it therefore protected speech?If natural language processing technology advances to the point that a machine could translate this English text into executable code, could the text then be suppressed under the DMCA?
and
Another C-to-English-to-C tool, called BabelBuster, has been released by Jonathan M. Baccash of Princeton University in April, 2001. This work was Jonathan's senior thesis. Here is his version of css-auth in English.
Another version of the descrambling algorithm in plain English,
but this time each line is annotated with the equivalent statement
written in the C language. This description is not directly machine
readable because the C code is interspersed with English text and HTML
formatting instructions. But the C code can easily be extracted from
the document, and this requires less skill than translating the
English into C. Can this text document therefore be suppressed under
the DMCA?
DeCSS Haiku: this ingenious poem by Seth Schoen is both a
commentary on the DeCSS situation and a correct and complete
description of the descrambling algorithm. Truly inspired.
(Original version February 12, 2001, published anonymously; minor
revisions sent by author on February 23.) You can read about the poem
in this Wall
Street Journal article, or read Seth's own account of its
history now that he's dropped anonoymity. of CSS
This is an analysis of the
CSS algorithm by Frank Stevenson, along with a description of various
attacks on the encryption scheme. Please see our Frank
Stevenson archive for more documents and program examples.And here is a more accessible tutorial on CSS by Gregory Kesden. Should these lecture notes, taken from a course taught at Carnegie Mellon University, be declared illegal? What about this case study on CSS by Jason Cherry?
or
qrpff t-shirt
from CopyLeft
qrpff tie
from
The Digital Group
The source code for css_descramble.c was available on the back of this t-shirt from CopyLeft. (Don't try ordering from them now.) Copyleft was sued for their trouble. Also offered: "I am a circumvention device" t-shirt with the qrpff Perl code on the front.
The Digital Goroup was offering this qrpff tie, with the Perl decryption code. Click here for a close-up view.
Are sales of these clothing items banned under the DMCA?
Would merely wearing one of these in public constitute "trafficking in a circumvention device" as defined in section 1201 of the DMCA?
or
or
A dramatic
reading of the file css_descramble.c, read by Xader Vartec. This is a
3.5Mbyte MP3 file; it runs 7 minutes and 20 seconds.Joe Wecker of the band Don't Eat Pete recorded a musical version of my "plain English" rendition of the source code, with musical accompaniment. This is a 7.2Mbyte MP3 file that runs 7 minutes 28 seconds. Transcript courtesy of Keith Dawson of tbtf.com. Shane Killian later did a hilarious square dance version. Both songs have been banned from MP3.com. Are these kinds of "artistic performances" covered by Judge Kaplan's injunction?
Jeff Schrepfer turned the code directly into music, as a MIDI file. The file was created by starting with the source code and "removing all the white space, then transforming each ASCII character into a single 32nd note of its midi equivalent (midi notes, like ASCII characters, are coded into values ranging from 1 to 127.)" Mike Castleman improved on this by encoding whitespace and newlines in the note lengths.
inspired
audio CD
A CD called Circumvention
Device offers "an MP3 compilation of sound artists and
musicians from around the world using the css_descramble.c source code
as an artistic element in their work," courtesy of Chicago-based
art and technology center Deadtech. Tracks may also be
downloaded directly from the web site.and
Left: DeCSS The Movie, by Samuel Hocevar and friends.
Watch the code scroll by in a Star Wars-like MPEG animation. This is
method #40 in Hocevar's list of 42 ways to distribute DeCSS.
Right: Stairs of Freedom,
by Anders Sandberg, another
DeCSS animation.in css-auth source
This DVD logo formed out of
the characters in the css-auth source was generated by someone using
the MosASCII tool
created by Robert DeFusco. The intensity changes are accomplished by
changing the font color every few characters.To view the entire source, click on "Select All" from your browser's Edit menu.
implementation
in Verilog,
with pictures
Highly optimized
implementation
(very few gates)
Verilog
is a hardware description language. Here is the Verilog
source for an actual circumvention device, contributed by
anonymous author DAH, who writes: "not only can a human read the
source, and a simulator interpret it, but with other quasi-pushbutton
tools you could configure an FPGA (or fab
an ASIC)
with it. The README.txt explains
more." This is not a device; it's just a description of a
device. Should it be illegal to distribute this circuit description?
Here's another Verilog
implementation by an anonymous author.Tony Bybell contributed a highly optimized Verilog implementation based on the mathematical formulation of the decryption algorithm by Charles Hannum.
High School
yearbook
Erik Michaels-Ober included
a piece of the css-auth source in his 2001 Onteora High School yearbook entry, along with a quote from
Thomas Jefferson: "The people are the only sure reliance for
preservation of our liberty." What's remarkable is that Erik
didn't sneak the code into the yearbook; he explained his motivations
and received official permission from the school to publish
it.
