Feeds

DVD Jon hacks Media Player file encryption

Repeat performance

High performance access to file storage

Norway's best known IT export, DVD Jon, has hacked encryption coding in Microsoft's Windows Media Player, opening up content broadcast for the multimedia player to alternative devices on multiple platforms.

Jon Lech Johansen has reverse engineered a proprietary algorithm, which is used to wrap Media Player NSC files and ostensibly protect them from hackers sniffing for the media's source IP address, port or stream format. He has also made a decoder available.

Johansen doesn't believe there is a good reason to keep the NSC files encrypted, because once you open the file with Media Player to start viewing the stream, the IP address and port can be revealed by running the netstat network utility that is included with most operating systems.

The hacker hopes his move will make content streamed to Media Player more widely available to users of alternative players on non-Windows platforms.

Johansen achieved notoriety when he was tried and re-tried in a Norwegian court for creating a utility that enabled him to play DVDs on his Linux PC. Prosecutors, acting in the interests of the beloved US Motion Picture Association of America (MPAA), argued he had acted illegally by distributing his DeCSS tool to others via the internet. This, the prosecution, claimed, made it easier to pirate DVDs.

However, the court ruled in his favor, saying he had not broken the law in bypassing DVD scrambling codes that had stopped him from using his PC to play back DVDs.

Earlier this year Johansen developed a work around to bypass digital rights management (DRM) technology in Apple Computer's iTunes.

His latest hack was done to make Media Player content available to the open source VideoLAN Client (VLC) streaming media player. VLC is available for download to 12 different operating systems and Linux distributions and has seen more than six million downloads to Mac. Apple is even pre-loading VLC on some Macs destined for high schools in Florida.

Johansen told The Register he'd acted following requests for NSC support in VLC. One developer is already hard at work integrating Johansen's decoder into the VLC.

Johansen said: "Windows Media Player is not very good and Windows and Mac users should not be forced to use it to view such [NSC] streams."

The NSC file contains information about the stream, such as the name and address of the stream server. When the file is opened in Media Player, the file is decoded and then connected to the stream server specified.

Johansen said claims made by companies like Cisco Systems, who ship products with NSC support, that the encoding he cracked protects the media don't make much sense. "It's more likely that the purpose is to prevent competing media players from supporting the NSC format," he observed. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.