Ladies and gentlemen, muzzy and I made what's maybe the most significant progress since we began our little examination of the F4I binaries a few days ago. Thanks to Halvar Flake of
Sabre Security who provided us with results from newer versions of
BinDiff than those that were available to us, I was able to positively identify several functions from the mpglib library in the F4I code. What's significantly more important is that muzzy found actual GPL code in the files too! Yes, GPL, not LGPL! This opens up a completely different can of worms.
Let's start with the LGPL code from mpglib. I'm only listing the found functions briefly because I think there's already enough disassembly on my website.
The function decodeMP3 from interface.c can be found at virtual offset 0x10059850 in ECDPlayerControl.ocx
The function decodeMP3_clipchoice from interface.c can be found at virtual offset 0x10059440 in ECDPlayerControl.ocx
The function addbuf from interface.c can be found at virtual offset 0x10059020 in ECDPlayerControl.ocx
The function sync_buffer from interface.c can be found at virtual offset 0x10059310 in ECDPlayerControl.ocx
...
I could go on like this for quite a while as the functions mentioned already contain so many function calls themselves that it's probably possible to reconstruct large parts of mpglib from there (if not the complete library).
I'm sure you're more interested in the GPL code than in a large list of LGPL functions and where they can be found in the F4I code though.
I just want to mention that the function that can be found at virtual offset 0x10089E00 in ECDPlayerControl.ocx is the function DoShuffle from a GPL-ed file called drms.c written by Jon Lech Johansen and Sam Hocevar (Google for it). I'll leave the rest of the explanation to
muzzy for now.
Sembra ormai chiaro che i distributori di musica hanno dichiarato guerra ai loro clienti. Paradossale, ma è così. La major Sony-BMG ha inserito un rootkit in alcuni suoi CD musicali e, una volta scoperto il malware, prima ha negato poi ha ammesso ma...
Tracked: Nov 17, 10:40
After all his hard word, Mark from sysinternals has claimed victory: "...I’m proud to announce a significant...
Tracked: Nov 17, 22:47
Schneier on Security This is an excellent summary about what has been going on with the Sony Rootkit debacle right down to the complete ineptitude and sometimes indifference of the a/v companies. I have already posted about this before but this cont...
Tracked: Nov 18, 06:00