Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

'DVD Jon' Breaks Google Video Lock

Posted by CmdrTaco on Wed Jun 29, 2005 08:09 AM
from the this-guy-cracks-me-up dept.
Businesses Google The Internet
WillemdeMoor writes "Yahoo News runs a story on Jon Johansen, aka DVD Jon, cracking Google's in-browser video player. Addict3d.org has some more details, including links to Johansen's patch (Win32 executable) and Jon's blog entry at nanocrew.net."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

'DVD Jon' Breaks Google Video Lock 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • whaaaaa? (Score:5, Insightful)

    by Zone-MR (631588) * <slashdot@nOsPAm.zone-mr.net> on Wednesday June 29 2005, @08:10AM (#12940591) Homepage
    "'DVD Jon' Breaks Google Video Lock

    Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

    The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers."

    ROFLMAO!?! Ahahahahaha :p ... Talk about a sensational news article :)

    Jon made a modification to an OPEN SOURCE media player, removing a trivial protection, and Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

    Awww, come on... I've made countless little mods to open-source apps in order to get them to behave the way I'd like. I've never gotten news coverage for adding "//" before an 'if(condition)' statment.

    • Re:whaaaaa? (Score:4, Funny)

      by BladeMelbourne (518866) on Wednesday June 29 2005, @08:12AM (#12940607)
      Did you comply to the GPL and relase the source? :p

      • Re:whaaaaa? (Score:5, Informative)

        by djlowe (41723) on Wednesday June 29 2005, @08:16AM (#12940635)
        Per the GPL, if he's making the changes only for his own use, and not for distribution, then he doesn't have to.
      • My source code is never able to acheive coherency, so it never lased in the first place, making "re"lasing impossible.

        (Mod hint: Physics joke.)

    • Re:whaaaaa? (Score:5, Funny)

      by Anonymous Coward on Wednesday June 29 2005, @08:12AM (#12940609)
      "I've made countless little mods to open-source apps in order to get them to behave the way I'd like. I've never gotten news coverage for adding "//" before an 'if(condition)' statment"

      Hi, I'm from Yahoo News. Please tell us more about this "//".

      • Re:whaaaaa? (Score:5, Funny)

        by justforaday (560408) on Wednesday June 29 2005, @08:19AM (#12940654)
        Hi, I'm from Yahoo News. Please tell us more about this "//".

        This is slashdot gawdammit! You're looking for slashslash [slashslash.com]...
        • You're looking for slashslash ...

          Isn't slash slash stories where Hemos and CmdrTaco... well, I'll leave the rest to your imagination.

      • Re:whaaaaa? (Score:5, Funny)

        by Zone-MR (631588) * <slashdot@nOsPAm.zone-mr.net> on Wednesday June 29 2005, @08:26AM (#12940716) Homepage
        A little-known hacker secret known as "//" or comment sequence is being used to illegally remove protections in computer software

        "It's a nightmare for the industry, the // sequence is being used to defeat protections in hundreds of thousands of software programs, costing the industry trillions of dollars in lost revenue" said Robert Holleyman, president of the Washington-based Business Software Alliance (BSA).

        While Linus Trovalds confirmed that the // sequence may be a powerful tool for removing protections, he downplayed the threat, stating that only software for which the code is freely availble can be cracked using the method.

        Various anti-piracy groups are pressuring congress to pass an extention to the DMCA laws, which will effectively outlaw commenting out parts of computer code. Under the new law it will also be illegal to manufacture a computer keyboard with the forward slash '/' key.

        • What a fabulous idea! (Score:5, Funny)

          by Anonymous Coward on Wednesday June 29 2005, @08:30AM (#12940735)
          Various anti-piracy groups are pressuring congress to pass an extention to the DMCA laws, which will effectively outlaw commenting out parts of computer code. Under the new law it will also be illegal to manufacture a computer keyboard with the forward slash '/' key.

          What a fabulous idea! I'll get right on it!

          Thanks,
          Sen. Orrin Hatch

            • Re:What a fabulous idea! (Score:4, Funny)

              by KDR_11k (778916) on Wednesday June 29 2005, @02:35PM (#12944012)
              A statement issued by Microsoft Corp. insists that "We knew all along that the backslash (\) is far superior to the UNIX alternative. This proves again: Windows has a lower TCO than Linux or any other UNIX".
        • NOP
          NOP

        • Re:whaaaaa? (Score:5, Funny)

          by ded_guy (698956) on Wednesday June 29 2005, @09:17AM (#12941029)
          Clever hackers are now avoiding detection by using the nearly undetectable /* */ sequence instead.

        • Re:whaaaaa? (Score:4, Funny)

          by sapped (208174) <mstore1.yahoo@com> on Wednesday June 29 2005, @10:39AM (#12941741)
          Under the new law it will also be illegal to manufacture a computer keyboard with the forward slash '/' key.

          Finally! Microsoft's evil plan to eliminate Linux becomes clear. Go ahead and try to use your Linux box without the '/' key.

    • Re:whaaaaa? (Score:3, Insightful)

      by Sketch (2817)
      > Jon made a modification to an OPEN SOURCE media player, removing a trivial protection, and Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

      Another potentially interesting way of putting this: Yahoo posts a news story about their biggest competitor's protection mechanism being broken less than 24 hours after release.

      Hmm...

      • Re:whaaaaa? (Score:5, Insightful)

        by Momoru (837801) on Wednesday June 29 2005, @09:02AM (#12940925) Homepage Journal
        BAH!!! Yahoo News is not a News Agency, cripes it just grabs a feed from the freakin' AP and Reuters, I can't believe how many posts like yours have been modded up! Yahoo creates no more original news content then Google does, its just wire feeds...except in Yahoo's case they actually host the context. It doesn't even give precedence to stories based on their own politics, it shows stories in order of popularity, cripes.

    • Re:whaaaaa? (Score:5, Funny)

      by Alphabet Pal (895900) on Wednesday June 29 2005, @08:44AM (#12940814)
      I've never gotten news coverage for adding "//" before an 'if(condition)' statment.

      Well, it's obvious that you "hackers" don't know what you're talking about. I tried using this so-called "hacker technique" to hack into a password protected website, but changing "iexplore.exe" to "//iexplore.exe" did nothing. I guess Microsoft has found a way to defeat this hacker exploit.

    • Yahoo news posts a story about him cracking yet another protection mechanism, implying parallels with his past work. This news then spreads to Slashdot.

      Funny, I found this via my Google homepage [google.com] - top story, middle column

      Never even looked at Google video, never cared. For some reason I *need* to now. Good job Google.
  • You can skip the articles they don't tell you much other than what is in the Slashdot Summary. However, the blog entry has the code part on it. Here are all the articles including code entry...

    Story:

    Ryan Naraine - PC Magazine Tue Jun 28,10:49 AM ET

    Norwegian hacker Jon Lech Johansen has cracked the lock on Google's new in-browser video player.

    Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

    The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers.

    Johansen said the patch, which requires the .Net run-time framework, will remove Google's restriction and allow the playback of video files that aren't on the video.google.com server.

    The 21-year-old hacker, who faced two trials in Norway in 2002 and 2003 for his role in the release of the
    DeCSS decryption software, is a hero to many for his efforts to defeat DRM (digital rights management) mechanisms built into media player technology.

    He has been involved in a public cat-and-mouse game with Apple Inc., releasing several tools to bypass the DRM software used to encrypt music sold on the iTunes Music Store. LINK TO: PyMusique Unlocks iTunes Copy Protection. Again. http://www.extremetech.com/article2/0,1558,1779526 ,00.asp [extremetech.com]

    Johansen has also cracked Apple's AirPort Express's encryption and released a proof-of-concept program that allows
    Linux users to play video encoded with Microsoft's proprietary WMV9 codec. The proof-of-concept is based on the VideoLan code.

    Addict3d.org more details:

    Jon Lech Johansen, "DVD Jon", took just one day to build a crack to allow you to play video on your website using Google's VLC-based player.

    This means you can publish video that will play on your webpage and will work for anyone who has Google's player installed.

    Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.

    Crack can be found here -

    http://nanocrew.net/wp-content/GVVPatch.exe [nanocrew.net]

    http://nanocrew.net/?p=114 [nanocrew.net]

    Blog Entry:

    Google has released Google Video Viewer, a browser plugin based on VLC. Here's one of the features they've added:

    + // Google mods
    + const char* allowed_host = \"video.google.com\";
    + char * host_found = strstr(p_sys->url.psz_host, allowed_host);
    + if ((host_found == NULL) ||
    + ((host_found + strlen(allowed_host)) !=
    + (p_sys->url.psz_host + strlen(p_sys->url.psz_host)))) {
    + msg_Warn( p_access, \"invalid host, only video.google.com is allowed\" );
    + goto error;
    + }

    This "feature" prevents you from playing videos that are not hosted on Google's servers. Download and run this patch I wrote to remove this restriction. Running the patch requires a .NET runtime.

    • Gah! It's not even useful for most! (Score:5, Interesting)

      by LincolnQ (648660) on Wednesday June 29 2005, @08:21AM (#12940673)
      Quote:
      This means you can publish video that will play on your webpage and will work for anyone who has Google's player installed.

      That part is highly misleading! The people who want to view video on your website each individually need to download the patch! It's not very useful to content providers with this restriction.

      How about users? Who would download this patch? Well, people who want to watch videos tagged with application/x-google-vlc-plugin that aren't from google. Not too many of these...

    • goto considered harmful !!! (Score:5, Funny)

      by scovetta (632629) on Wednesday June 29 2005, @08:29AM (#12940731) Homepage
      + // Google mods
      + const char* allowed_host = \"video.google.com\";
      + char * host_found = strstr(p_sys->url.psz_host, allowed_host);
      + if ((host_found == NULL) ||
      + ((host_found + strlen(allowed_host)) !=
      + (p_sys->url.psz_host + strlen(p_sys->url.psz_host)))) {
      + msg_Warn( p_access, \"invalid host, only video.google.com is allowed\" );
      + goto error;
      + }
      I'm disappointed by Google's use of the 'goto' keyword. As was clearly described in this paper [acm.org], the use of 'goto' leads to "swiss-cheesing" of the brain, the inability to think logically, and a plethora of other problems, leading eventually to brain-rot and inability to write code in anything but Perl.

      I think we should all remember that just because Google is the pinnacle of success and is second only to (insert your diety here), Google too can make mistakes.

      • Re:goto considered harmful !!! (Score:5, Insightful)

        by grumbel (592662) <grumbel@gmx.de> on Wednesday June 29 2005, @09:12AM (#12940984) Homepage
        ### I'm disappointed by Google's use of the 'goto' keyword.

        While goto is often better avoided, a call like "goto error;" is among the perfectly valid uses of goto, since it actually can make code more clear and logical then code without goto. Such use of goto is really no different then exceptions in C++, simply a way to get to the place that handles the error conditions without having to painfully drag error-variables through the code.

  • Yeeeeah (Score:5, Insightful)

    by HyperChicken (794660) * on Wednesday June 29 2005, @08:11AM (#12940602)
    So, in other words, he modified the source code, which was being distributed. They didn't attempt to obfuscate that they didn't allow it from other hosts. They didn't entangle the code or anything. The code was wide open.

    In other words, big friggin deal. All you had to do was grep the code of an error message and a little snipping of the code. Any fool could have done it. Or even screw that, it was domain-based. Setup an HTTP server, modify your hosts file to alias "video.google.com" (or whatever the domain was) to 127.0.0.1, and you're done. Or just modify VLC to know the MIME type "application/x-google-vlc-plugin" and you can play your heart away.

    What "crack" will he do next? Take the VLC code to dump the file/stream you're playing, add it to Google's code, and create a Google Stream Ripper? Wow... how... amaz... ing. Or maybe add some awesome skins to the Google player? Yeah, that'd be great. Best part of all, he'll do it in 48 hours, while standing on his head, without sleeping, pizza, or coffee, and while playing the banjo!!!

    • In Defense... (Score:5, Informative)

      by BioCS.Nerd (847372) on Wednesday June 29 2005, @08:42AM (#12940803) Homepage
      In his defense though, it's the news source, Yahoo, sensationalizing his mods and not his own blog entry (i.e. he doesn't claim that this is some grand crack). His candor in his blog entry doesn't even hold up to the grandiose imagery of a scheming, brilliant hacker striking another blow against "the man" as painted by Yahoo. I actually feel sort of sorry for the guy given the magnitude of the patch being so inflated.

  • Ironically (Score:3, Funny)

    by kc0re (739168) on Wednesday June 29 2005, @08:11AM (#12940603) Journal
    Ironically, there is nothing on Google News concerning it.

    Anyone else notice that Yahoo Search looks and acts EXACTLY like Google's? (That's probably redudant...)

    I am just waiting for Revenge of the Sith to hit Google Video.
  • From the article, the only protection was limiting the allowable sources to video.google.com and adding a new mime type.

    Not to undermine Jon, just noting why it took him 24 hours to break this - It was not designed to withstand much of an attack.

    Nontheless, most users won't patch, so it will work anyway.

    Michael
  • Windows 2000 or later with latest updates installed; Firefox 1.0+ or IE 5.0+. DirectX 9.0c End-User Runtime.

    Cmon Google.

  • Google and Windows (Score:5, Interesting)

    by aarku (151823) on Wednesday June 29 2005, @08:16AM (#12940639) Journal
    What's up with Google releasing all these Windows-only apps, anyways? Really, now.

  • Macrovision (Score:4, Funny)

    by Overzeetop (214511) on Wednesday June 29 2005, @08:18AM (#12940649) Journal
    It's a good thing he didn't try to tangle with Macrovision. As lightning-uk almost found out, it's hard to code when you're fingers are broken and your eyes have swollen shut from contusions.

  • Hold Your Horses (Score:5, Insightful)

    by taskforce (866056) on Wednesday June 29 2005, @08:18AM (#12940651) Homepage
    Before everybody starts criticizing Jon... please remember that he's actually not publicising this as being a huge crack operation, it's the sites which are publicising his hack which are. He's just made a minor fix to a program, nowhere on his Blog does he say "OMGZ I HAX0R J00!" Infact he documents the exact way he did it to show that he didn't actually do anything complex.
  • Of course, you'll need to be locked into .NET to do so.

    Yay.

    Uhh, good sir, could you please put the shackles back on? My ankles are getting cold. Thank you.

  • Of course... (Score:3, Insightful)

    by Dunkirk (238653) <david@davidkr[ ]r.com ['ide' in gap]> on Wednesday June 29 2005, @08:27AM (#12940723) Homepage
    Of course Yahoo News is running an article on how something Google made got hacked.

  • Not much of a hack RTFA (Score:5, Insightful)

    by TheLoneCabbage (323135) on Wednesday June 29 2005, @08:28AM (#12940725) Homepage
    all DVD Johny did was remove an if statement that checks is the URL is from google or not...

    the upshot is you get a VLC plugin that can read some propriatary MS formats (thanx to google paying the bill for those software royalties)

    it seems so easy that it's as if Google was just waiting for someone to come in and hack it.

      • Re:Source code? (Score:5, Informative)

        by KillerBob (217953) on Wednesday June 29 2005, @08:55AM (#12940878)
        http://code.google.com/patches.html [google.com]

        With that link, and a little knowhow, you, too, can crack the code and make your own Google Video viewer. The upshot is that you can compile it for Linux (Google has only released it for Windows). The downshot is that I'm surprised it took Jon so long to make the change. :)

        It's not like it was hard to find... go to http://video.google.com/ [google.com] click on "Install", and then click on "Get the source code". It's under "patches".

  • It's really disappointing (Score:4, Interesting)

    by Anonymous Coward on Wednesday June 29 2005, @08:30AM (#12940733)
    If you check out the blog, you'll see that there's a nice goto at the end of the if statement.

    Supposedly Google only hires top-coders, so what's up with that?
    • goto when used correctly can simplify code and make it easier to read.

      Most colleges just say never use it because so many people turn out horrible code by using too many or misusing the goto statement.

  • "DVD Jon cracks MythTV to record video from a TV Tuner"

  • Interesting (Score:5, Funny)

    by Sheepdot (211478) on Wednesday June 29 2005, @09:18AM (#12941038) Journal
    Google RSS feeds:
    Google releases Google Maps
    Google releases Google Desktop Search
    Google releases Google Web Accelerator
    Google releases Google Video

    Yahoo RSS feeds:
    Are Google Maps an invasion of your privacy?
    Is Google Desktop Search working *too* well?
    All about your privacy and Google Web Accelerator: The secret agenda.
    Google Video cracked within 24 hours. And privacy.

  • Matrix Revolutions is available (Score:5, Informative)

    by chancycat (104884) * on Wednesday June 29 2005, @11:04AM (#12941973) Journal
    Did anyone notice the entire Matrix Revolutions is available there in Google Video? Pretty cool. You might think it's just 30-second clips, but hit "Play whole video" and off it goes. Whole movie. Wondering if this is a special "show-off" case google snuck in, or a black-hat's upload?

    see this link [google.com] for the video

    • Re:True Colors (Score:5, Insightful)

      by mindstrm (20013) on Wednesday June 29 2005, @08:23AM (#12940684)
      Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

      Do you really think google doens't understand open source?

      • "Do No Evil" (Score:5, Insightful)

        by FreeUser (11483) on Wednesday June 29 2005, @08:47AM (#12940836) Homepage
        Or they will more intelligently do neither saying "Anyone can modify our open source client to do whatever they want, for whatever reason they want."

        Do you really think google doens't understand open source?

        I think you make a very good point. This is perhaps more of an example of Google "doing no evil", creating a tool that, by default, for most casual users, promotes their video feed, while at the same time using a good free software project that allows those who want to, to bypass this setting.

        If most people find the restriction onerous, they'll download a patched version (probably from websites that are also offering video). Social and market dynamics can take care of the rest. It seems a fairly reasonable position for Google to take ("we'll try this restriction, and if people really find it offensive, they'll modify the source and outcompete our offering, and we can write it off to experience and not try imposing these sorts of restrictions again. Either way, it probably won't affect our video feed business much.")

        I doubt very much it is incompetence--google has much of the best talent around--nor is it a lack of understanding opensource/free software on the part of google, as they've been active in the community for many years.

    • Re:Gone too far? (Score:5, Insightful)

      by dfghjk (711126) on Wednesday June 29 2005, @09:07AM (#12940949)
      Who are "we all"? You think you're a member of some kind of team? Who's to say who's honorable and who are the good guys? This guy did something of interest to him and nothing more. His ideology is simply different than yours and, in his view, google did something sufficiently "evil" (in your words) to merit a response. He doesn't answer to you or to some imaginary "geek community".

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.