By now everyone is familiar with DVDs—originally an acronym for “Digital Video Disc,” later changed to “Digital Versatile Disk” for pointless marketing reasons. DVDs are similar to CD-ROMs in many ways, with a crucial difference that commercial DVDs can hold about 8 GBytes, or more than ten times as much data as a CD. The tracks and the bits in the tracks are packed closer together on a DVD, which is why DVD players can read CDs but not vice-versa. If you use a suitable compression technology, you can actually squeeze up to 133 minutes of high-resolution video with several soundtracks and subtitles onto a DVD. The compression is essential, and the movie industry uses the MPEG-2 algorithm that was designed for this purpose, and which provides 40-1 compression. The more efficient MPEG-4 (DivX) compression, which provides another fivefold reduction, is also being introduced.
However, since the movie industry doesn't want to be Napstered (have their content ripped off and broadcast for free on the Internet), they encrypt the MPEG-2 files using an algorithm called the Content Scrambling System, or CSS. If you do a directory listing of a DVD, you'll see some large .VOB files. These are Video OBjects, a fancy name for content-scrambled .MPG2 files. Every maker of DVD players on the planet is supposed to license the decryption algorithm from the DVD Copy Control Association (DVD-CCA) for a fee, and they impose several restrictions on the player. DCC-CCA is believed to be a subsidiary of Matsushita, the company mainly responsible for the development of DVD and CSS. Some of its restrictions take away rights that consumers have long enjoyed under copyright law. They seem more geared towards controlling what consumers can do, rather than dealing with problems of rip-offs and piracy.
So what are the restrictions that licensed DVD players have to impose? CSS encryption allows the DVD industry to force region restrictions into all DVD players. There are six geographic regions (North America, Europe, etc.) and in 1999 they added a seventh for DVDs intended for airplanes. A player in region one will refuse to play disks labelled as belonging to any other region. Region restrictions allow the movie industry to sell the same DVD at different prices in different markets. It prevents any DVDs you buy on business trips outside your region from being played on your home system. The CSS encryption also prevents you from fast-forwarding past the copyright warning or advertisements or any other content the producer wants you to see. You can sell preview commercials for a much higher price if people cannot skip past them. Some people speculate that CSS is also paving the way for more restrictions such as DVDs with a limited lifetime or limited number of viewings. The movie industry blows a lot of smoke about CSS preventing large-scale piracy, but CSS does nothing whatever to prevent pirates from copying DVDs. Its only purpose is enforcing use limitations that take away the legal rights of consumers.
For a long time, there was no software to play DVDs available for Linux. If you had a shelf full of DVDs that you had bought, you could play them all on your TV or Windows box, but because of the CSS restrictions, not on your Linux or Solaris system. The CSS restrictions were the equivalent of a book publisher enforcing a restriction that you could read a book under incandescent lighting but not under fluorescent lighting or daylight. No one in the Linux community had the means to pay the “CSS tax” to the DVD-CCA. Then, in October 1999, anonymous German hackers reverse-engineered CSS. The source code to decrypt DVDs was published on the web by a 15-year-old boy from Norway. The program was called “deCSS” because it reverses CSS, turning the encrypted files into ordinary MPEG-2 files.
There then followed an extraordinary game of “whack-a-mole” as the DVD-CCA and the Motion Picture Association of America (MPAA) tried to chase the source code around the web and sue it out of existence. That game continues today. The 15-year-old boy was hauled off by the foolish Norwegian police who also seized his PC and his cell phone. The cell phone was a lucky guess on the part of the cops, because he did actually have a back-up copy of the source stored in it. Cell phones these days are effectively quite powerful computers, and a quarter of a billion cell phones (2004 figure) contain a JVM. After lengthy legal proceedings, the kid was eventually found not guilty.
The U.S. movie industry had the foresight (and the impudence) to get a law passed so that it is illegal to write, publish, possess, debug, talk about or run code like deCSS. The Digital Millennium Copyright Act (DMCA) made it illegal to circumvent a “technological protection measure” put in place by the copyright owner. That means the deCSS program is illegal. Write a program to play a DVD that you own, and you could go to jail! The DMCA is a poorly constructed law, written by the movie industry to advance its own interests at the expense of consumers. It will eventually be replaced by something more sensible but it all takes time. This is not theoretical. A software developer was arrested under the DMCA by FBI agents in Las Vegas in July 2001 one day after he publicly pointed out copyright protection weaknesses in Adobe software.
Hackers started to vie with each other for the most imaginative way to publish the deCSS code. America has very strong guarantees concerning freedom of speech, and there are long-standing precedents saying that printed text (even source code) counts as speech. Programmers embedded the code in JPEG files, put the algorithm in plain English, and one person even wrote the deCSS steps in the form of a haiku (Japanese poetry)! There is a whole gallery of these deCSS publications at www.cs.cmu.edu/~dst/DeCSS/Gallery/ (assuming it hasn't been sued off the net yet).
My absolute favorite deCSS code exists in the form of a prime number. Computer scientist and number theory fan Phil Carmody found a prime number which expresses the deCSS code! Phil felt strongly that the Motion Picture Association was acting in bad faith, and to oppose this he wanted to make sure that the DeCSS code was archived somewhere beyond the reach of the law. Somewhere where the number would be allowed to be printed because it had some property that made it publishable, independent of whether it was “illegal” or not. Phil had done a lot of work with prime numbers and prime number proving. It can't be illegal to possess a prime number, can it? Or can it? Basic common sense says no, but the DCMA says yes!
Phil took the deCSS source file, which contains about 100 lines of C code, and gzipped it to make it smaller. That resulted in a binary file about 600 bytes long. Then Phil considered the file as, not a 4-byte integer or an 8-byte long integer, but a ~600-byte binary super-long integer, and he looked for a small number he could append so that the whole thing would be a prime number. In character terms, say the code gzipped to the string “100,” Phil was looking for an odd number suffix like “9” that would make the whole string (in this case “1009”) a prime number. That kind of search is quick and easy to program.
Number theory told Phil that his chances were about 1 in 1600 of finding a one or two byte suffix that would make the entire number prime. There wasn't a one byte suffix, so he went on to look for a two-byte suffix. Even though the chances were very slim, he found one! If he had not found one, he would have simply gone on to test longer suffixes and change variable names in the code until eventually a prime number was reached. The resulting prime number is shown Figure 17-6. It is 1,401 digits long.
Following is a little Java program that takes a large number stored as a string (such as the one in Figure 17-6, hint, hint), turns that string into a super-long binary integer, and then writes that out as a gzip file.
You could then use standard tools like gunzip to turn it back into C source. Gunzip will balk at the wacky double-byte that Phil added at the end. Alternatively, you can easily use a Java program like the expandgz example shown earlier in this chapter to expand the gzip file into a C source code file. But remember, that would be the source code to deCSS and it is illegal to have or compile or run such a source code file under American law prevailing since 1998.
// Convert a big number into binary and write it out
// Peter van der Linden, June 2001
import java.io.*;
import java.math.*;
public class togz {
static String illegalPrime =
"4856507896573978293098418946942861377074420873513579240196520736" +
"plug the rest of the number in here... " ;
static BigInteger b = new BigInteger(illegalPrime);
static final BigInteger two_five_six = new BigInteger("256");
static byte[] result = new byte[illegalPrime.length()];
public static void main (String args[]) throws Exception {
BigInteger d_r [];
if (b.isProbablePrime(3))
System.out.println("b is probably prime (good)");
else System.out.println("b is probably not prime (bad!)");
int i=0;
do {
d_r = b.divideAndRemainder(two_five_six);
b = d_r[0]; // the multiple
result[i++] = (byte) d_r[1].intValue(); // the remainder
} while ( b.compareTo( two_five_six ) >= 0);
result[i] = (byte) b.intValue();
System.out.println("writing bytes.gz");
FileOutputStream fos = new FileOutputStream("bytes.gz");
DataOutputStream dos = new DataOutputStream(fos);
for (int j=i; j>0; j--) {
dos.writeByte( result[j] );
}
fos.close();
}
}
What's wrong with this picture? The CSS descrambler that you get is just three or four utility routines, not a main program. To play DVDs on your Linux or Solaris box, you'll need to download the (allegedly illegal) software from one of several open source DVD players. I like the one at www.videolan.org.
Finally, you can try rewriting deCSS in Java for fun. Just don't blame me if the FBI knocks on your door with an MPAA warrant and seizes your debugger. Illegal code! The very idea! Next thing you know, they'll be declaring T-shirts illegal.