Skip to content

Two new F4I license infringements found

Third update for today! I swear I'm not making this stuff up but we've found two additional potential license infringements.

Rolf from Sabre Security was kind enough to point out that we had missed a giant copyright string.

000C48C0 4641 4143 202D 2046 7265 6577 6172 6520 FAAC - Freeware 
000C48D0 4164 7661 6E63 6564 2041 7564 696F 2043 Advanced Audio C
000C48E0 6F64 6572 2028 6874 7470 3A2F 2F77 7777 oder (http://www
000C48F0 2E61 7564 696F 636F 6469 6E67 2E63 6F6D .audiocoding.com
000C4900 2F29 0A20 436F 7079 7269 6768 7420 2843 /). Copyright (C
000C4910 2920 3139 3939 2C32 3030 302C 3230 3031 ) 1999,2000,2001
000C4920 2020 4D65 6E6E 6F20 4261 6B6B 6572 0A20   Menno Bakker. 
000C4930 436F 7079 7269 6768 7420 2843 2920 3230 Copyright (C) 20
000C4940 3032 2C32 3030 3320 204B 727A 7973 7A74 02,2003  Krzyszt
000C4950 6F66 204E 696B 6965 6C0A 5468 6973 2073 of Nikiel.This s
000C4960 6F66 7477 6172 6520 6973 2062 6173 6564 oftware is based
000C4970 206F 6E20 7468 6520 4953 4F20 4D50 4547  on the ISO MPEG
000C4980 2D34 2072 6566 6572 656E 6365 2073 6F75 -4 reference sou
000C4990 7263 6520 636F 6465 2E0A 0000 312E 3234 rce code....1.24

Yeah. Apparently FAAC code was used too. I positively identified several functions myself. For starters: The function at virtual offset 0x1007BA80 is known as WriteFAACStr in the file bitstream.c of the FAAC project. You can work yourself through other FAAC functions from there. I don't know for sure if that's GPL or LGPL. I think it's LGPL though.

And while we're at it. Matti found mpg123 references. In his opinion this is how the mpglib code made it into the OCX. It still needs to be determined if there's more mpg123 code in the OCX except the mpglib stuff. If that's the case another GPL infringement can be added to the list.

Trackbacks

xslf.com on : קריאת סופשבוע- הפרה נויה גועה

Show preview
פ×××¡×§× ×¡×× ×- ×××¤× × ×¢××× ××ר×ת ××××××? ×צפ××, ××רסת ××ק ××¢×ררת סער×, ××ר×ת ש××פע×× ××× ××× ×ת. ×××¨× ×©×ת××× ×©×ר××ק×× ×©× ×¡×× × ×פר ×ת ×רש××× ×©× LAME, נר×× ×©×ת×××× ×××ש ×רשת ××× ××צ×× ×××× ×¢×× ×¨×©××× ×ת ס×× × ×פר×. ××¢× ×× ××, ×ש...

Lost Wolf Productions on : Is Sony in violation of the LGPL?

Show preview
Apparently a german programmer has found evidence that the code used in Sony’s root kit fiasco was stolen in violation of the LGPL License. The anti-piracy program, called XCP, was created for Sony BMG by the UK-based company First 4 Internet. ...

GuiGui2's weblog on : Vous en aviez rv, Sony l'a fait.

Show preview
Oulà, la mauvaise campagne de pub pour Sony BMG. Non content d'installer un rootkit lorsqu'on écoute un de leurs CDs dans un lecteur de PC, ils ont aussi utilisés du code sous licence GPL et LGPL, sans la respecter, cette licence. Cette histoire fait...

Stephen Laniel’s Unspecified Bunker on : Sony’s rootkit DRM and open-source licenses

Show preview
I really really really hope that someone in the open-source community sues Sony’s ass for copyright infringement. (Felten’s post reproduced below.) (Incidentally, if you wonder why I include articles in my posts so much, try searching for a

Comments

Display comments as Linear | Threaded

warp on :

hurray for gpl and people like you.
we, the people are now fighting back.
them, the bad people are probably scared shitless.
someone needs to get this slashdotted

STW on :

Wow, this is pretty unreal (expression of amazement, not doubt). You guys have done an amazing job here.

After this you may want to get out F4I's other product and see if they've screwed anyone else over with their imaging software.
Good job guys, I hope you're proud of the work you've done.

rjamorim on :

FAAC (the encoder) is LGPLd. FAAD (the decoder) is GPLd.

http://www.audiocoding.com

Darius on :

It should be pointed that if some parts of mpg123 are included in the code, it raises even more security concerns about F4I software, since, according to its homepage, "The project is not maintained at the moment and there are some serious security problems in the latest player versions. It is highly recommended to not use the source code you can download from this site."

Aghast on :

What I'm understanding here is that not only has Sony surreptitiously tried to foist this software on it's customers in an attempt to protect their copyrights but could be guilty of copyright infringement themselves?

philip on :

It seems to me that companies that do this get special protection as opposed to individuals who do this and go to jail.

hit them where it hurts on :

Nice work.
We need to slam their asses with a lawsuit.

My little site containing sasquatch, hobos, chupacabra, fish yarns and more is cryptostenchies.com .

John on :

Collect up the copyright holders, get an FSF lawyer, and take the creators of the DRM rootkit to court. Force the DRM rootkit open-sourced, take the code.

If Sony outsourced to another company, they're not responsible for the infringement; the company who 'wrote' the software is. So if these F4I people are a separate entity from Sony, they're the target for copyright infringement. Remember, it's perfectly reasonable to hire an outside source to write your software and not actually know what goes into it; in this case that would be Sony and F4I.

anonymous coward on :

I don't know if Sony can avoid all responsibility. The Chilling Effects Web site says that "Vicarious liability, a form of indirect copyright infringement, is found where an operator has (1) the right and ability to control users and (2) a direct financial benefit" from allowing the infringement. Why did Sony use XCP if not for financial benefit? Did Sony's contract with F4I include a "hold harmless" IP infringment clause? What about a "warrant and representation" clause regarding the originality of the work or incorporation of other work(s) by permission? Hopefully this will all come out in court. If Texas has law prohibiting confidentiality clauses in public contracts (and a settlement agreement is a contract), the Texas suit may shed a lot of light on this regardless of how it actually comes out.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Form options

Submitted comments will be subject to moderation before being displayed.