Two new F4I license infringements found

Programming stuff

Thursday, November 17. 2005

Posted by sp in Misc

Comments (4)
Trackbacks (4)

79652 hits

Two new F4I license infringements found

Third update for today! I swear I'm not making this stuff up but we've found two additional potential license infringements.

Rolf from Sabre Security was kind enough to point out that we had missed a giant copyright string.

000C48C0 4641 4143 202D 2046 7265 6577 6172 6520 FAAC - Freeware 
000C48D0 4164 7661 6E63 6564 2041 7564 696F 2043 Advanced Audio C
000C48E0 6F64 6572 2028 6874 7470 3A2F 2F77 7777 oder (http://www
000C48F0 2E61 7564 696F 636F 6469 6E67 2E63 6F6D .audiocoding.com
000C4900 2F29 0A20 436F 7079 7269 6768 7420 2843 /). Copyright (C
000C4910 2920 3139 3939 2C32 3030 302C 3230 3031 ) 1999,2000,2001
000C4920 2020 4D65 6E6E 6F20 4261 6B6B 6572 0A20   Menno Bakker. 
000C4930 436F 7079 7269 6768 7420 2843 2920 3230 Copyright (C) 20
000C4940 3032 2C32 3030 3320 204B 727A 7973 7A74 02,2003  Krzyszt
000C4950 6F66 204E 696B 6965 6C0A 5468 6973 2073 of Nikiel.This s
000C4960 6F66 7477 6172 6520 6973 2062 6173 6564 oftware is based
000C4970 206F 6E20 7468 6520 4953 4F20 4D50 4547  on the ISO MPEG
000C4980 2D34 2072 6566 6572 656E 6365 2073 6F75 -4 reference sou
000C4990 7263 6520 636F 6465 2E0A 0000 312E 3234 rce code....1.24

Yeah. Apparently FAAC code was used too. I positively identified several functions myself. For starters: The function at virtual offset 0x1007BA80 is known as WriteFAACStr in the file bitstream.c of the FAAC project. You can work yourself through other FAAC functions from there. I don't know for sure if that's GPL or LGPL. I think it's LGPL though.

And while we're at it. Matti found mpg123 references. In his opinion this is how the mpglib code made it into the OCX. It still needs to be determined if there's more mpg123 code in the OCX except the mpglib stuff. If that's the case another GPL infringement can be added to the list.

Trackbacks

Trackback specific URI for this entry

×§×¨×™××ª ×¡×•×¤×©×‘×•×¢- ×”×¤×¨×” × ×•×™×” ×’×•×¢×”
×¤×™××¡×§×• ×¡×•× ×™- ××™×¤×” × ×¢×œ×ž×• ×—×‘×¨×•×ª ×”××‘×˜×—×”? ×›×¦×¤×•×™, ×’×™×¨×¡×ª ×”×ž×§ ×ž×¢×•×¨×¨×ª ×¡×¢×¨×”, ×œ×ž×¨×•×ª ×©×”×”×¤×¢×œ×” ×”×™× ×™×“× ×™×ª. ××—×¨×™ ×©×”×ª×’×œ×” ×©×”×¨×•×˜×§×™×˜ ×©×œ ×¡×•× ×™ ×ž×¤×¨ ××ª ×”×¨×©×™×•×Ÿ ×©×œ LAME, × ×¨××” ×©×”×ª×—×‘×™×‘ ×”×—×“×© ×‘×¨×©×ª ×”×•× ×œ×ž×¦×•× ××™×–×” ×¢×•×“ ×¨×©×™×•× ×•×ª ×¡×•× ×™ ×ž×¤×¨×”. ×•×¢× ×›×œ ×–×”, ×™×©...

Weblog: xslf.com
Tracked: Nov 19, 02:56

Is Sony in violation of the LGPL?
Apparently a german programmer has found evidence that the code used in Sony’s root kit fiasco was stolen in violation of the LGPL License. The anti-piracy program, called XCP, was created for Sony BMG by the UK-based company First 4 Internet. ...

Weblog: Lost Wolf Productions
Tracked: Nov 19, 19:22

Vous en aviez révé, Sony l'a fait.
Oulà, la mauvaise campagne de pub pour Sony BMG. Non content d'installer un rootkit lorsqu'on écoute un de leurs CDs dans un lecteur de PC, ils ont aussi utilisés du code sous licence GPL et LGPL, sans la respecter, cette licence. Cette histoire fait...

Weblog: GuiGui2's weblog
Tracked: Nov 20, 10:47

Sony’s rootkit DRM and open-source licenses
I really really really hope that someone in the open-source community sues Sony’s ass for copyright infringement. (Felten’s post reproduced below.) (Incidentally, if you wonder why I include articles in my posts so much, try searching for a

Weblog: Stephen Laniel’s Unspecified Bunker
Tracked: Nov 21, 16:07

Comments

Display comments as (Linear | Threaded)

hurray for gpl and people like you.
we, the people are now fighting back.
them, the bad people are probably scared shitless.
someone needs to get this slashdotted

#1 warp on 2005-11-17 20:57 (Reply)

Wow, this is pretty unreal (expression of amazement, not doubt). You guys have done an amazing job here.

After this you may want to get out F4I's other product and see if they've screwed anyone else over with their imaging software.
Good job guys, I hope you're proud of the work you've done.

#2 STW on 2005-11-17 22:25 (Reply)

FAAC (the encoder) is LGPLd. FAAD (the decoder) is GPLd.

http://www.audiocoding.com

#3 rjamorim (Homepage) on 2005-11-17 23:43 (Reply)

It should be pointed that if some parts of mpg123 are included in the code, it raises even more security concerns about F4I software, since, according to its homepage, "The project is not maintained at the moment and there are some serious security problems in the latest player versions. It is highly recommended to not use the source code you can download from this site."

#4 Darius (Homepage) on 2005-11-18 10:00 (Reply)

What I'm understanding here is that not only has Sony surreptitiously tried to foist this software on it's customers in an attempt to protect their copyrights but could be guilty of copyright infringement themselves?

#5 Aghast on 2005-11-18 23:55 (Reply)

It seems to me that companies that do this get special protection as opposed to individuals who do this and go to jail.

#6 philip on 2005-11-20 05:13 (Reply)

Nice work.
We need to slam their asses with a lawsuit.

My little site containing sasquatch, hobos, chupacabra, fish yarns and more is cryptostenchies.com .

#7 hit them where it hurts (Homepage) on 2005-11-20 13:11 (Reply)

Collect up the copyright holders, get an FSF lawyer, and take the creators of the DRM rootkit to court. Force the DRM rootkit open-sourced, take the code.

If Sony outsourced to another company, they're not responsible for the infringement; the company who 'wrote' the software is. So if these F4I people are a separate entity from Sony, they're the target for copyright infringement. Remember, it's perfectly reasonable to hire an outside source to write your software and not actually know what goes into it; in this case that would be Sony and F4I.

#8 John on 2005-11-23 23:33 (Reply)

I don't know if Sony can avoid all responsibility. The Chilling Effects Web site says that "Vicarious liability, a form of indirect copyright infringement, is found where an operator has (1) the right and ability to control users and (2) a direct financial benefit" from allowing the infringement. Why did Sony use XCP if not for financial benefit? Did Sony's contract with F4I include a "hold harmless" IP infringment clause? What about a "warrant and representation" clause regarding the originality of the work or incorporation of other work(s) by permission? Hopefully this will all come out in court. If Texas has law prohibiting confidentiality clauses in public contracts (and a settlement agreement is a contract), the Texas suit may shed a lot of light on this regardless of how it actually comes out.

#8.1 anonymous coward on 2005-11-24 18:21 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. BBCode format allowed
	Remember Information? Subscribe to this entry
Submitted comments will be subject to moderation before being displayed.