Breakthrough after breakthrough in the F4I case

Programming stuff

Thursday, November 17. 2005

Posted by sp

Comments (12)
Trackbacks (3)
22086 hits

Breakthrough after breakthrough in the F4I case

Ladies and gentlemen, muzzy and I made what's maybe the most significant progress since we began our little examination of the F4I binaries a few days ago. Thanks to Halvar Flake of Sabre Security who provided us with results from newer versions of BinDiff than those that were available to us, I was able to positively identify several functions from the mpglib library in the F4I code. What's significantly more important is that muzzy found actual GPL code in the files too! Yes, GPL, not LGPL! This opens up a completely different can of worms.

Let's start with the LGPL code from mpglib. I'm only listing the found functions briefly because I think there's already enough disassembly on my website.

The function decodeMP3 from interface.c can be found at virtual offset 0x10059850 in ECDPlayerControl.ocx
The function decodeMP3_clipchoice from interface.c can be found at virtual offset 0x10059440 in ECDPlayerControl.ocx
The function addbuf from interface.c can be found at virtual offset 0x10059020 in ECDPlayerControl.ocx
The function sync_buffer from interface.c can be found at virtual offset 0x10059310 in ECDPlayerControl.ocx
...

I could go on like this for quite a while as the functions mentioned already contain so many function calls themselves that it's probably possible to reconstruct large parts of mpglib from there (if not the complete library).

I'm sure you're more interested in the GPL code than in a large list of LGPL functions and where they can be found in the F4I code though.

I just want to mention that the function that can be found at virtual offset 0x10089E00 in ECDPlayerControl.ocx is the function DoShuffle from a GPL-ed file called drms.c written by Jon Lech Johansen and Sam Hocevar (Google for it). I'll leave the rest of the explanation to muzzy for now.

Trackbacks
Trackback specific URI for this entry

Indovina chi abusa del copyright
Sembra ormai chiaro che i distributori di musica hanno dichiarato guerra ai loro clienti. Paradossale, ma è così. La major Sony-BMG ha inserito un rootkit in alcuni suoi CD musicali e, una volta scoperto il malware, prima ha negato poi ha ammesso ma...
Weblog: ][ stefano maffulli
Tracked: Nov 17, 10:40
Update on Sony rootkit story, Mark claims victory, Bruce Wired article and more LGLP info
After all his hard word, Mark from sysinternals has claimed victory: "...I’m proud to announce a significant...
Weblog: Dinis Cruz
Tracked: Nov 17, 22:47
The Rootkit That Never Dies
Schneier on Security This is an excellent summary about what has been going on with the Sony Rootkit debacle right down to the complete ineptitude and sometimes indifference of the a/v companies. I have already posted about this before but this cont...
Weblog: HCS's and Gen's Place
Tracked: Nov 18, 06:00

Comments
Display comments as (Linear | Threaded)

Whatever the outcome of all the legal nonesense you guys have been doing a great job staying on top of this and resversing the code. Keep up the good work.
#1 Gavin (Homepage) on 2005-11-17 05:55 (Reply)
Just when you thought this story was going to go away ... DVD Jon's GPL code ends up in MPAA/RIAA-heavyweight Sony's rootkit. Un-fucking-believable.
#2 Rolf (Homepage) on 2005-11-17 06:48 (Reply)
Yeah, that's so incredibly ironic I can't believe it. I actually wanted to write some lines about that specific fact but backed out because I just couldn't decide which joke of the ones I thought of I should use.
#2.1 sp on 2005-11-17 06:55 (Reply)
Violations of the GPL, LGPL, and GFDL

http://www.fsf.org/licensing/licenses/gpl-violation.html
#3 Anonymous on 2005-11-17 12:32 (Reply)
The authors whose work has been stolen by Sony should sue. Is there a legal fund to support this?
#4 Anon on 2005-11-17 15:29 (Reply)
you do realise that this would simply kill off F4I and Sony would just wipe the hands ?
#4.1 Anonymous on 2005-11-17 16:03 (Reply)
Not really - just like file sharers are guilty of copyright infringement by trading copyrighted files, Sony is guilty of the same. And at an industrial scale, and for a profit. Sony is liable for infringement every bit as much as, or perhaps even more than (since they are the ones selling to stolen code for a profit) F4I.
#4.1.1 Damien on 2005-11-17 18:34 (Reply)
Takedown notice time. Someone (EFF?) needs to draft a takedown notice that looks exactly like every other takedown notice, and start sending it out.

This is a DMCA violation. It is very serious. Sony has been saying so for a long time.
#5 Anonymous on 2005-11-17 16:04 (Reply)
I think the takedown notice action would need to be done by the copyright holders (but we all can certainly help by asking for it).
#5.1 Anonymous on 2005-11-17 18:55 (Reply)
Only the copyright holders of these infringements, GPL and LGPL, can attack Sony or F4I.

As the LGPL stuff appears to have been compiled into larger binaries, even the lesser requirements of the LGPL have been bypassed and so there are no applicable differences in the licensing terms that apply between the LGPL violations and the GPL violation.

On the plus side, while F4I are very likely to be liable under the GPL and LGPL licenses for modification and distribution - it's not at all proven that the version given to Sony didn't contain the license provisions and attributions, or that they charged development fees, or that Sony doesn't have the full source code - Sony should be fully liable for the license violations, since they have definitely distributed the modified code without following the license provisions or attributions.

Possible class-challenges would likely be on the subject of illegal systems interference - which is just as illegal with a EULA as without if the EULA is not explicit about those actions which would be thusly classified - and again, whether or not 4FI can be included among the guiltly, Sony creates the actual CDs and is the paid distributor.
#6 Matthew on 2005-11-18 14:34 (Reply)
This is a good reason to generally avoid GPL base code. Do not use GPL Code, do not use Linux and shit like this. Ban GPL.
#7 xxx on 2005-11-20 16:00 (Reply)
all they had to do was adhere to the licence terms and they would have had no problem using the GPL code.

considering those terms involve no financial cost, it is simply their laziness and hubris that caused the problem, not the GPL.
#7.1 James Pilcher on 2005-11-21 14:17 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
 
Submitted comments will be subject to moderation before being displayed.
 

Frontpage - Top level

Calendar

Back June '17
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Quicksearch

Archives

Contact

142691645
AIM StatusRiijngoud
LambdaCube
sporst

Links

Top Exits

www.the-interweb.com (374)
en.wikipedia.org (144)
www.amazon.com (117)
www.slideshare.net (96)
nostarch.com (94)
the-interweb.com (64)
www.zynamics.com (39)
www.offensive-security.com (35)
github.com (34)
www.sabre-security.com (17)

Syndicate This Blog

Blog Administration

Open login screen

Powered by

Serendipity PHP Weblog

Categories



All categories