
Leaping Brain's "Virtually Uncrackable" DRM is just an XOR with "RANDOM_STRING" - asherlangton
https://plus.google.com/101700526665328331501/posts/Yk71MgkvAXx
======
Eliezer
Maybe there's a scheme here to prevent good DRM by flooding the market with
highly inflated impressive-sounding claims attached to laughable security. The
Old Media crowd won't be able to solve the Design Paradox
(<http://www.paulgraham.com/gh.html>) well enough to tell who's lying, good
designs won't be able to charge more than laughable competition, and the DRM
field will slowly die.

~~~
NateLawson
Though there is no organized conspiracy, this is actually not far from the
truth, especially in some areas of content protection. Companies that don't
have the in-house technical expertise (music labels), working from an
unprotected distribution system (audio CD) are at a particular disadvantage.

At the other end of the spectrum, you have satellite TV. In this area, a lot
of money invested and full control of the playback platform have resulted in
some strong systems. But still, it took a long time and a lot of cracks of
intermediate systems for this industry to become the success story it is
today.

Disclaimer: I worked for a company involved in the above.

~~~
minikites
Remember DirecTV's war on smart card hackers?

<http://www.securityfocus.com/news/143>

\--------

But DirecTV reacted to that wrinkle over a year ago, by taking advantage of
their ability to remotely reprogram the set top satellite receivers, as well
as the cards. The company sent a few specific bytes of data to all the H
cards, while simultaneously reprogramming the satellite receivers to reject
cards that didn't reflect the change. This forced hackers to update the cards
manually with the new data, or to make the cards writable again.

\--------

~~~
minikites
Replying to myself, here's the much more exciting retelling of the story:
[http://www.codinghorror.com/blog/2008/05/revisiting-the-
blac...](http://www.codinghorror.com/blog/2008/05/revisiting-the-black-sunday-
hack.html)

------
mturmon
From <http://leapingbrain.com/>:

"Video content is protected with our BrainTrust™ DRM, and is unplayable except
by a legitimate owner. All aspects of the platform feature a near-ridiculous
level of security."

Near-ridiculous security seems about right.

~~~
STRML
The whole thing is a marketing "worst-of". They consistently advertise their
products as "unique, brilliant, revolutionary", "magical, user-friendly,
powerful", and "your _only_ option".

The real laugh-out-loud moment is this tagline (<http://leapingbrain.com/mod-
machine/overview/>):

"Forget crappy streaming systems and primitive, unprotected loose movie file
downloads that make your products seem like a joke."

~~~
Aardwolf
I'm actually wondering if the whole leaping brain website is just filled with
sarcasm on purpose?

I mean, even for the US, the superlatives seem a bit overdone.

~~~
mturmon
I think you're right. Their word choice about security ("ridiculous" security)
seems to be a wink-wink-nudge-nudge touch. In other words, it looks knowingly
negligent, and I wonder if that could have legal consequences?

------
hosay123
You cannot simultaneously crow "hurr, DRM is broken!" and act all smug about
this discovery. Perhaps the original developer, like you, understood this, and
did the absolute bare minimum necessary to fulfil commercial obligations, all
the while making it easier for people like himself (i.e. you) to get what they
want, and making a few bucks from the old and dying media industry all at the
same time.

Given the evidence (complex integration with a non-standard set of open source
libs, complex industry area in general), I'd say it's almost certainly an
insult to imagine the developer could not have made your life harder if he'd
chosen to.

Please, if anything commend the dear fellow, and shame on whoever considered a
momentary glimpse of Google Plus limelight worth making this guy's Tuesday
morning and ongoing professional reputation much harder earned than it
otherwise might have been.

"No good deed goes unpunished"

~~~
charonn0
_Please, if anything commend the dear fellow, and shame on whoever considered
a momentary glimpse of Google Plus limelight worth making this guy's Tuesday
morning and ongoing professional reputation much harder earned than it
otherwise might have been._

The developer(s) created a product that didn't do even 10% of what was
advertised and now must face the consequences. Why is that bad? Their
professional reputation _should_ suffer if the quality of their work is poor.

~~~
zera_holladay
That's a huge assumption.

Anyone with a few years of experience in the software field has heard the
following: I'll pay you N dollars to X but you have to finish by unrealistic
Y. I'm the sole provider of a household of 4, so in this kind of circumstances
I'll agree to minimum features or specific features plus additional features
if time allows. I'll make it very clear that the client can't have their cake
and eat it too. Sometimes it's merely a matter of economics, so don't go
hanging anyone yet.

~~~
charonn0
_the "proprietary video encryption" algorithm: for the first 15kB, each 1kB
block has its initial bytes xor'd with the string "RANDOM_STRING"._

Any minimally competent developer could have implemented this particular
design during, and for the price of, their lunch.

------
toyg
I am awed by the chutzpah of whoever is behind Leaping Brain, selling snake
oil to clueless media people.

This is why I'll never be rich: I am utterly unable to sell crappy non-
solutions to people with more money than knowledge.

~~~
noonespecial
All DRM is a non-solution really. Some are just non-er than others.

Its like the first law of "info-dynamics": _'If you can watch it, you can copy
it'_.

Anyone actually _paying_ for a DRM scheme feels to me to be of the same
caliber as someone investing in a perpetual motion machine. They're determined
to get ripped off throwing good money after bad. Why try any harder than you
have to to accept their money?

~~~
brian_cloutier
> All DRM is a non-solution really.

I know that by now it's tradition to say this, but can we please stop?

It seems to be that a law of life is 'everything dies'. Is medicine therefore
useless? Are all the people who spend money for nothing but delaying the
inevitable getting ripped off?

We all admit perfect security is impossible. Yes, you're right! Controlling
the spread of information is a very hard problem. Yes, you're right! It would
be very nice if the things I want to watch and listen to were made freely
available by their creators.

But no, you're wrong. DRM has a purpose, and it can be successful even without
perfectly achieving its goals. People tend to avoid effort, and if you can
make pirating content more difficult than obtaining it legitimately, most
people will obtain it legitimately.

There is no fundamental reason why information deserves to be free, it's just
easier to copy than physical things.

~~~
noonespecial
_DRM has a purpose, and it can be successful even without perfectly achieving
its goals. People tend to avoid effort, and if you can make pirating content
more difficult than obtaining it legitimately, most people will obtain it
legitimately._

I haven't yet met a DRM scheme that doesn't achieve this purpose backwards
_(1)_. What it really rests on is that people don't _know_ they could just get
it easier on "allmyvideos.net".

 _There is no fundamental reason why information deserves to be free, it's
just easier to copy than physical things._

Its not just easier. A copy has zero marginal cost. That makes it special and
different than anything that came before. DRM seems to just be a monkey-patch
to try to get that marginal cost to be non-zero. I'm not saying that it
_deserves_ to be free. I'm not even saying that I think it _should_ be. I'm
saying that it _IS_ free. We don't want it to be, because our economic models
don't support it (yet), but that's its natural state.

I stand by "DRM is silly". If that money were spent providing a better, easier
product, they'd make more than they do now with DRM. It seems like they're
perfectly willing to spend $3 to keep from losing $1 to piracy. It feels like
a kind of willful ignorance.

No data, of course, just a strong opinion, held loosely.

 _(1) It doesn't take long outside the US to find out that there are plenty of
things DRM makes_ impossible _to aquire legitimately._

~~~
gurkendoktor
> A copy has zero marginal cost. That makes it special and different than
> anything that came before.

I disagree that this is news. Thought experiment: You steal a car from the
local dealer, but you leave enough money behind to pay for all the materials,
transportation and manpower that went into building this one car (the marginal
cost). Would this be morally okay? Why, why not? If everyone does this, who
will pay for R&D?

Exactly the same is happening with digital copies. You are taking something
with a marginal cost of 0, but the producer has no way to pay for one-time
costs. Distributing them onto the unit price is not a new monkey-patch at all.

This will be an interesting question as 3D printing advances.

> but that's its natural state.

"Natural" is always a great word to turn an intuition into a fact. ;) There
are certainly many products that are sold at arbitrary prices that have little
to do with the marginal cost, it didn't take computers to get there.

~~~
moconnor
This thought experiment is flawed. When you steal a car from the local dealer,
he doesn't have the car any more.

The correct thought experiment is: having bought a car from Ford, you examine
it carefully then purchase all the raw materials yourself and assemble an
identical duplicate for your wife.

In doing so you save whatever markup Ford places above and beyond their
marginal cost.

Asking whether this is morally okay is the true issue.

~~~
gurkendoktor
I agree that the local dealer should be kept out of it. I am not sure if it
makes a difference that Ford wouldn't have the car anymore, they have the
marginal cost. Asking for more than the marginal cost seems to be immoral to
some.

But I agree that your experiment boils down to the problem I am pointing to,
and it is better because it is a very real problem that we see every day (e.g.
in China).

~~~
testeroni
> I am not sure if it makes a difference that Ford wouldn't have the car
> anymore, they have the marginal cost. Asking for more than the marginal cost
> seems to be immoral to some.

It does, and the cases are not comparable. Leaving an empty space (plus
marginal cost) where the car used to be requires the original owner to expend
time and effort to replace it, and they have opportunity cost as well. None of
that is true of the digital example. To be a fair comparison you'd have to
leave an atom-for-atom identical replacement for the car (or more accurately,
take an identical copy and leave the original) and I doubt as many people
would judge that unethical.

------
radarsat1
I would like to propose that DRM is not intended to be uncrackable. It's easy
to convince yourself that DRM is flawed, because fundamentally it _is_ a
flawed tool. Companies know this, they're not stupid. However, DRM is actually
not a technical tool to prevent piracy. Rather, DRM is a _legal_ tool to
provide stronger _legal_ arguments that theft has occurred.

I'm not saying this is _right_ , necessarily, but I think companies know full
well that their DRM scheme will be broken, so it's not really worth investing
in an "uncrackable" and costly solution. Instead, the role that DRM play is
purely legal -- when the company does decide to go after someone for piracy,
the DRM scheme, no matter how simple, provides them with the ability to say
that the accused person "broke a lock," rather than simply walking in through
an unlocked door. "Entering" vs. "breaking and entering." It's nothing but
legal leverage, and effective at that role even if it's not a very strong
lock.

Of course, to have this argument hold, a company would never be able to admit
that they purposefully implemented weak security -- this would be akin to
admitting that their door was unlocked afterall, and would weaken their legal
argument. Therefore, there remains a niche in the market for solutions that
_look_ secure even if they fundamentally aren't. It's all about lip service.

~~~
talmand
In the US, the DMCA more or less makes it illegal to reverse-engineer DRM
regardless of how easy it is to crack.

The DRM could be as simple as the code being "A" to bypass the DRM and if you
do so, you have broken the law. Even providing that "A" to someone else would
be illegal, look at all the silliness over the dvd copy protection fiasco.
Therefore, they don't even have to pretend that the DRM is strong, just saying
it's there is probably enough.

It's one reason printer cartridges have chips that communicate to the printer.
Reverse-engineering that to provide third-party cartridges is illegal. Well,
it used to be, I'm not sure over current policy as the DMCA has a back door
for exceptions.

For PC games, the DRM is often employed to prevent piracy for the first two or
three weeks because typically that's the highest level of sales. After that
point it is usually cracked but sales often have dipped anyway. In some cases
the DRM is removed in a patch at some point, often because the DRM causes
problems for people who paid for the game, which kills long-term sales.
Ubisoft recently changed their policies on having a seriously strict DRM to
one that is more flexible; many thinking because it hurt their sales and that
it was useless anyway.

No one thinks of DRM as a long term solution since it is only a matter of time
before someone cracks it.

~~~
stevewillows
Anyone can make a bump key, but breaking into people's houses is still a crime
:)

~~~
talmand
Actually, if it were covered, the DMCA would make creating a bump key a crime
in of itself. For instance, there was a time that simply linking to a DVD CSS
descrambler could get you in legal trouble. But considering the wide spread
availability of such things, they don't bother anymore.

------
mahmoudimus
I did a lot of reverse engineering back in the day - you'd be surprised how
many "virtually uncrackable" DRM protections used by companies like Adobe (at
the time - Macromedia) that were just stupid XORs of magic strings.

Ahh..the good old days of SoftICE and w32disassm.

Oh man, the worst was the md5 of some salt + whatever you put in.

If you ever want to see some gems of misuse of cryptography for DRM
management, let me know - email's in my profile.

Some examples: Using RSA 1024 bit keys, with exponent of 3...

~~~
pbsd
e=3 is fine, so long as you remember to pad...

~~~
NateLawson
It's not that simple. There are other attacks against e=3, and you have to
prevent them all.

~~~
pbsd
What kind of attacks remain when using proper padding (e.g. OAEP)?

~~~
NateLawson
The original commenter said, "using RSA 1024 bit keys with exponent of 3" was
a flaw in DRM systems he or she had reviewed. Your response was "e=3 is fine,
so long as you remember to pad" and then "what kind of attacks remain when
using proper padding (e.g. OAEP)?"

I feel a bit queasy any time I read "just do this" as a solution to crypto
flaws[1]. Such answers assume way too much about the system the proposed fix
applies to and make it sound trivial to secure. They also leave out all the
steps behind what things "just pad" means (e.g., receiver must verify the
padding and sender must properly generate).

When a developer hears "just pad", they think "append a string of zeros" when
implementing a sender or "skip" when writing a receiver because that's what it
means in other contexts.

In particular, your response assumed the DRM system in question:

* Was performing RSA encryption of a message, not signing or verification

* Used a public exponent e=3, not a private exponent d=3

Assuming the reader knows enough about RSA and cryptography to know what "just
pad" implies, it may still be insufficient to solve the problem.

For example, if the commenter meant d=3, "just pad" wouldn't fix Wiener's
attack.

<http://en.wikipedia.org/wiki/Wiener%27s_Attack>

Or, in the cases of RSA used for purposes other than message encryption, the
suggestion of OAEP does not apply. Consider the attacks against the TMN secret
sharing protocol and Franklin/Reiter verifiable signature sharing scheme
(sections 5.1 and 5.2 of this paper).

[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.6...](http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.6527)

The F/R scheme involves RSA encryption of signatures. But signatures must be
the full modulus size (no padding possible) unless you use a larger RSA key
for encryption than for signing. So again, OAEP would not fix this flaw.

Remember that the commenter was mentioning DRM, so jumping to the conclusion
that they were using RSA for straightforward message encryption and with e=3
was not warranted. There are lots of applications for RSA in DRM (verifying a
signature on a license key, calculations under homomorphic encryption, etc.)

For many scenarios, "just pad" would not solve the problem, even with the
generous assumption that the reader knows exactly what that means and applies
it correctly.

[1] I'm not picking on you here. The most astounding of these kinds of errors
was when Colin Percival (who I highly respect) said "use AES-CTR mode + HMAC"
and then later found he had made a fatal flaw in his own implementation of
exactly that.

[http://www.daemonology.net/blog/2009-06-11-cryptographic-
rig...](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-
answers.html)

[http://www.daemonology.net/blog/2011-01-18-tarsnap-
critical-...](http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-
security-bug.html)

~~~
pbsd
Great response, thanks; I had not even considered the d=3 possibility. I'd
just like to say in my defense that mentioning OAEP wasn't assuming the
application was encryption: it was simply the first provably secure padding
that came to mind.

~~~
NateLawson
Ok, glad to help. I agree with your defense, and e=3 is the obvious assumption
for most situations.

You're right that RSA with e=3 can be as secure as e=65537, assuming an
application where you use proper encryption/signing padding and verification.
But it is more brittle in that partial failures in padding randomness or
encryption of related messages can lead to compromise. Unless carefully
reviewed and appropriate fail-closed measures are not present, it's better to
avoid e=3.

------
pilif
This could very well be a simple bug where it's supopsed to XOR with some
really random string generated on the server, but some replacement of a
template string isn't happening which is why it XORs with RANDOM_STRING.

Of course this is only marginally better and should really have been caught,
but there's a huge difference between saying that XORing 12 bytes with
RANDOM_STRING is kick-ass DRM and actually having a kick-ass DRM
infrastructure that then doesn't work right because of a bug.

If this was any really random looking string, I would be more inclined to
assume that this was intentional. By the string being this token, I would
guess it's a bug somewhere.

Remember. If RANDOM_STRING was truly random, unique per file and account and
only transmitted from the server before playing, then this would be as good an
encryption as any.

~~~
jhuckestein
That wouldn't be better. Intercepting the decoded movie is trivial either way.
Finding the encryption scheme was just a fun exercise and discovering the
random string (even if it isn't "RANDOM_STRING") once you have the decrypted
copy is trivial as well.

------
marshray
This is apparently why the DMCA anti-circumvention provisions only apply to
bypassing "effective copy protection" systems.

Of course, if a copy protection system was "effective" it wouldn't need a law
prohibiting its circumvention. Conversely, if a copy protection system is
circumventable, it's not effective.

~~~
gizmo686
Unfourtuantly, the term "effective" is highly ambiguos. One could argue that
any system that works against non-programmers is effective, as most of the
market is a non-programmer.

~~~
nitrogen
The term "effective" is defined in the DMCA:

 _1201(a)(3)(B) a technological measure "effectively controls access to a
work" if the measure, in the ordinary course of its operation, requires the
application of information, or a process or a treatment, with the authority of
the copyright owner, to gain access to the work._

So, even trivial measures like the broadcast flag or SCMS[0] are covered by
the DMCA's anti-circumvention provisions. Similar laws in other countries have
similar definitions.

[0] <https://en.wikipedia.org/wiki/Serial_Copy_Management_System>

------
yk
This is roughly the level of programming I expect from DRM software. After
all, the content needs to be in unencrypted format at some point to view
it.[1] Therefore there are two kinds of programmers working on DRM, idiots and
liars. One kind does not understand the futility of their efforts, the other
kind wagers that there superiors do not understand the futility of their
efforts.

[1] Assuming a general computation device, not a dedicated hardware player.

------
asdfaoeu
Someone want to explain why this is less secure than other DRM methods?

~~~
lotyrin
Precisely. They've gone to an effort which should invoke the DMCA (as
ridiculous as that is) and they have a bullet point somewhere on a power point
they can show to content creators that says DRM.

Those are the practical uses of any DRM technology one might ever devise.

Sure, you could throw in more than 5 seconds of security-through-obscurity,
but why bother?

~~~
rdl
There actually are DRM schemes which were too hard to break -- DIVX from Paul
Kocher (distinct from DivX), for instance.

~~~
marshray
What uses Divx DRM? I.e., Is there evidence of anyone actually trying and
failing to break Divx?

Edit: I'd guessed we were talking about Divx (of the DivX codec fame)
<http://en.wikipedia.org/wiki/Divx> , which apparently has some DRM products
now and is owned by Rovio-formerly-known-as-Macrovision.

~~~
tptacek
Kocher's team also did BD+, which people definitely try to break, and BD+ has
been successful in its "academic" goal (if not in its business goal). They're
also behind some other notable DRM/Content Protection success stories.

~~~
kristofferR
How so? Every single BD+ update gets cracked pretty quickly by Slysoft (and
several other apps now) and most Blu-rays are cracked, reencoded and pirated
before or just after their release. It's not anywhere closed to the
"uncrackable masterpiece" its creators marketed it like. It was even supposed
to be "patchable" if flaws were found, but the patches are only stop-gap
measures which are circumvented by Slysoft and others in just days.

BD+ is mostly just an annoyance for legit customers, but is hasn't been a
major obstactle for pirates and backupers for years. The goal of BD+ was to
stop software-based piracy of Blu-Rays and it failed miserably on that front.

~~~
NateLawson
Heh, if only you knew the stories behind all this.

What if I told you that the attackers had a 2-month head start on some discs
due to insiders leaking them -- would that make a difference? What about if
you found out that there weren't as many "rippers" as it seems because for a
while, one of them was a "thin client with remote access to a competitor's
ripper"?

Also, the "uncrackable" thing came from an external analyst who had no
communication with anyone at the company and was obviously wrong.

[http://www.avsforum.com/t/871371/bd-unbreakable-
for-10-years...](http://www.avsforum.com/t/871371/bd-unbreakable-for-10-years-
says-richard-doherty-of-envisioneering-group)

BD+ _is_ renewable, meaning no single hack breaks the system for all time
(unlike DVD-CSS). There's always something you can do, and with enough
resources, it can still give attackers a challenge.

I'm not saying that BD+ is the most successful DRM scheme ever, but I do think
it's done well given the particular environment. If you want an out-and-out
success story from the same company (8 years, no hacks ever), see the
CryptoFirewall. This is an apples and oranges comparison though.

~~~
galadriel
Since HDCP has 'broken' (with master key leak), couldn't someone copy a blu-
ray bitstream without having to crack any blu-ray protection format?

~~~
josephlord
It wouldn't be the blu-ray bitstream but it would be the decoded digital video
bitstream. It would need recompressing although from such a high quality
source then generational loss should be fairly minimal.

It also would not get you any interactive elements which for some may be an
issue although for others it may be preferable in this way.

------
photorized
The business goal behind most of these "protection" methods is to make
unauthorized (unpaid) copying/sharing inconvenient. That's it. There are no
commercially feasible methods to protect video or audio content against "a
determined hacker", but that's not what these barriers are for. You can make
fun of these laughable encryption methods all you want, but they serve their
purpose by providing the desired purchase to piracy ratio.

The problem is marketing folks getting carried away when describing these
"technology solutions" to the content owner, because that's what they (as well
as VCs) want to hear.

Disclaimer: cofounded a video CDN+DRM provider more than a decade ago,
developed many content protection methods over the years.

------
joezydeco
How do we know this wasn't a non-english speaking subcontractor that took the
spec too literally?

~~~
mahmud
What the hell? That implies someone who can't implement security themselves
was tasked with the _design_ of said security. Actually, that sounds about
right ..

------
ataggart
Judging by the headline, it sounded like they tried to implement a one-time
pad, but had only heard of them by rough description.

~~~
jacques_chester
That was my thought too.

In theory, OTPs are nigh uncrackable.

In practice, they suck.

1\. The XOR text needs to be as long as the plaintext.

2\. The XOR text needs to be truly random.

3\. You have to distribute the XOR test somehow. Remember all those spy novels
where they burn the codebooks? Yeah.

~~~
cbsmith
It very much depends on the use case. If I was a CIA director having an affair
with a biographer, an OTP would seem quite helpful. During our liaisons, we
could exchange thumb drives with several GB of randomly generated data from
any of a number of reasonably random entropy sources (hardware PRNG works
pretty well by itself, but you can throw in EGD and other sources for greater
confidence) with some software whitening and the occasional bit of chaff
plaintext for good measure. At each exchange destroy any previous pads (and
yes, one would have to go to some lengths to ensure destruction without
interception, but tossing them in to an incinerator would probably work pretty
well).

Now I have a means to communicate over the internet while apart from my
paramour without any concerns about the content of the messages being decoded
while in transit (compromises at the source or destination are obviously still
in play).

Not every crypto problem involves establishing a secure connection party
selected ad-hoc without a higher-bandwidth secure channel.

------
danso
Ha, so the key really was "RANDOM_STRING", in the literal sense...was that
just the programmer giving up, or was that pseudocode that was missed during
shipping?

~~~
Eliezer
What string could possibly be more random than the one which _says_
"RANDOM_STRING"?

~~~
pwg
<http://dilbert.com/strips/comic/2001-10-25/>

~~~
chimeracoder
Related: <https://bbs.archlinux.org/viewtopic.php?id=66969>

You can even show your support:
[http://www.zazzle.com/14_is_not_a_random_number_tshirts-2350...](http://www.zazzle.com/14_is_not_a_random_number_tshirts-235047239743529386)

Or, for those who disagree:
[http://www.zazzle.com/14_is_a_random_number_t_shirts-2350463...](http://www.zazzle.com/14_is_a_random_number_t_shirts-235046315951603929)

~~~
ahelwer
The script was amazing.

------
pav3l
Can someone explain how he got a hold of the decrypted .mov files that he
compared the encrypted ones with? It's not very clear to me from the post, and
I'm not familiar with Leaping Brain.

Either way.. wow... XOR encryption with just such a short repeating string! I
bet it wouldn't be too hard to decrypt it even without the original file,
since the file signature alone would probably be longer than the string.
DISCLAIMER: I'm just speculating, I don't know the .mov specs.

~~~
asherlangton
The wrapper script is GPL'd, so I copied it here:

<http://dl.dropbox.com/u/15447644/brainplayer_py.txt>

My modifications are on lines 553-556. The compiled app "fixes" the .mov file
just long enough for it to be loaded into the player. If you have Leaping
Brain's player installed (often branded with the content owner's name), the
.mov files are in a hidden .media folder. On my Mac, they were in
$HOME/Library/Application Support/LeapingBrain/catalog/$VIDEONAME/.media

~~~
pav3l
Thanks for sharing! Hope you won't get in trouble for your post.

~~~
nacs
Not sure how he could get in any trouble from it due to the license at the
very top of the file he linked:

"# BrainPlayer is free software: you can redistribute it and/or modify # it
under the terms of the GNU General Public License

I'm sure Leapfrog hated to put that GPL license on there but were likely
forced to due to the VLC components they're using that are GPL/LGPL.

~~~
alexkus
And, as per <https://www.gnu.org/licenses/gpl-faq.html#DRMProhibited> the DMCA
cannot be applied to this software.

------
anonymous
_facepalm_ Come on, people!

First rule of weak DRM, you do not talk when you find weak DRM.

Second rule of weak DRM, you DO NOT talk when you find weak DRM.

Third rule of weak DRM, upload to pastebin, then walk away.

~~~
billpg
That's not the second rule, but the first rule repeated.

How am I supposed to take weak DRM seriously when it has a third rule but no
second rule?

:)

~~~
Tomis02
You need to learn your cultural references young man. Go watch Fight Club and
report back with your results.

------
shocks
"All aspects of the platform feature a near-ridiculous level of security."

Well... They weren't lying...

------
sigkill
To be fair, when I read the title I thought that if the string is truly random
then it's actually a very good technique. This is the core operating principle
behind the one-time pad which is provably secure.

Now that I read the article twice, I literally got a panic attack when I
realized that it wasn't a random string that they were xor'ing their data
with, but a string called "RANDOM_STRING". Although it sounds bad, one must
realize that this is not security by obscurity since the key has been leaked,
and nobody guarantees encryption against a leaked key.

~~~
Dylan16807
'very good technique' The important part of a one time pad isn't the xor, it's
the length. This does not even begin to resemble a one time pad. It's an xor
cipher.

~~~
sigkill
Yeah exactly. I cannot convey the utter disappointment I had when I realized
that it was "RANDOM_STRINGRANDOM_STRINGRANDOM_STRING...." that they were
XOR'ing with.

------
i0exception
Anyone who has taken Computer Security 101 would know that security through
obscurity is not the smartest thing to do. Calling it "near-ridiculous level
of security." is downright blasphemy.

~~~
esrauch
Except that these videos are playing on your local machine. With the most
advanced DRM mechanism possible it is nearly as trivial to simply record the
video output.

There is no reason to spend developer time making a complex mechanism that is
no more secure than a simple xor.

~~~
coin
Recording the output is not the same as extracting the DRM-free stream

~~~
esrauch
This is educational content not blockbuster films. Recording the output in
this case would be more than sufficient.

------
jcromartie
You know what's absolutely terrifying? This guy could conceivably go to jail
for this. Looks like he has kids, presumably a wife... hoping it goes well for
him.

------
damian2000
There's two software engineers and a product architect listed on the about
page - <http://leapingbrain.com/about/>

It might be a good idea to remove their names, to protect their reputation.
;-)

------
samuellevy
Tomorrow on HN: "Legislation passed to embed DRM chips into people's heads,
which automatically shut down visual input if un-authorized content is
detected playing in their vicinity. Three strikes policy before permanent
blindness."

------
tlrobinson
_"It turned out the actual player, launched from their compiled app, was a
Python wrapper around some VLC libraries"_

Isn't VLC licensed under the GPL? Or at least was until very recently?
[http://www.jbkempf.com/blog/post/2012/How-to-properly-
relice...](http://www.jbkempf.com/blog/post/2012/How-to-properly-relicense-a-
large-open-source-project)

Is/was Leaping Brain violating the license?

EDIT: the wrapper script is apparently released under the GPL too:
<http://news.ycombinator.com/item?id=4834834>

~~~
alexkus
> Is/was Leaping Brain violating the license?

No, I can't see how they are.

Here's one GPL FAQ that's vaguely relevant:-

[https://www.gnu.org/licenses/gpl-
faq.html#CompanyGPLCostsMon...](https://www.gnu.org/licenses/gpl-
faq.html#CompanyGPLCostsMoney)

But this question is very relevant:-

<https://www.gnu.org/licenses/gpl-faq.html#DRMProhibited>

" Does GPLv3 prohibit DRM?

    
    
        It does not; you can use code released under GPLv3 to develop any kind of DRM technology you like. However, if you do this, section 3 says that the system will not count as an effective technological “protection” measure, which means that if someone breaks the DRM, he will be free to distribute his software too, unhindered by the DMCA and similar laws.
    
        As usual, the GNU GPL does not restrict what people do in software, it just stops them from restricting others.
    "

~~~
leoedin
Just a heads up, but I think (assuming it's not somebody else on the page) the
formatting of your GPL quote means that it doesn't break automatically, making
the comment page very wide (at least in IE9).

------
stcredzero
Breaking repeated XOR with a string is a variant of the Vignere cipher or the
Vernam cipher, depending on how you think of it. Either way, breaking it is a
freshman cryptography exercise.

~~~
mopatches
The Vernam cipher is actually quite strong when used correctly - the key needs
to be as long as the input; it's never repeated :)

[http://en.wikipedia.org/wiki/Gilbert_Vernam#The_Vernam_ciphe...](http://en.wikipedia.org/wiki/Gilbert_Vernam#The_Vernam_cipher)

------
iandanforth
Could someone (OP?) provide more of the steps that might have gone (went) into
discovering it was an XOR operation and the original string? Seems like an
impressive intuitive leap to me!

~~~
tptacek
It's so easy to solve repeating-key XOR for the key that the solution is a
practical way to detect the scheme; you wouldn't even necessarily bother
trying to detect it, you'd just run the "solver" (even calling it a solver
sort of dignifies it a bit too much).

~~~
tekromancr
Is the solver just (cyphertext XOR plaintext)?

~~~
tptacek
No (although that's how this guy solved this system).

------
ballfrog
From their website:

Fort Knox-level security.

Video content is protected with our BrainTrust™ DRM, and is unplayable except
by a legitimate owner. All aspects of the platform feature a near-ridiculous
level of security.

------
cafard
Back in the 1990s, the revolutionary organization Sendero Luminoso was naive
enough to believe in WordPerfect's encryption. This was a grave mistake, for
that encryption (for 4.2 and 5.1 at least) was a simple XOR of the password
against the text--and in 5.1 you had 10 or so bytes of known text to compare
against in the header. The decryption of the files was not the only thing that
worked against Sendero Luminoso, but it must have hurt them.

------
nnq
...I find it extremely funny when people use the word "virtually" to mean
"practically" or "nearly" or "almost" and they turn out to be wrong but are
excused by the fact that they added the magic word "virtually" :) ...and
conversely, if someone uses the word when talking to me, I label everything
the person says afterwards as 99% weasel words...

------
etsimm
I find it curious that (after 242) there are no comments here ranting about
ir/responsible disclosure. Is this simply indicative of the readership's
unanimous hatred of all things DRM - or is there perhaps a threshold of
ineptitude beyond which we feel ethically free to fully disclose
vulnerabilities?

------
Syssiphus
Hm, anybody remember Dmitry Slyarov?
<http://en.wikipedia.org/wiki/Dmitry_Sklyarov>

As far as I recall the Adobe PDF encryption was also just some XOR with a
simple passphrase. Got him into serious trouble.

And WTH is 'virtually uncrackable'?

------
javajosh
This should be lauded just as much for being a solid little piece of citizen,
even activist, journalism. The specific issues about DRM are important, but I
think the greater willingness to really look into things and publish the
results should be encouraged.

------
px43
This is what they call this a 1024 bit Vernam Cypher in the movie "Swordfish".

------
asherlangton
The CEO of Leaping Brain (or someone pretending to be him) has now joined the
Google Plus thread, implying that the "DRM" was intended as satire...

------
seanhandley
XOR isn't insecure per se. What I'd like to know is how this "random string"
is created in the first place

~~~
SideburnsOfDoom
It looks like the phrase "RANDOM_STRING" should be taken quite literally. That
_is_ the random string. Perhaps some code was supposed to substitute in
something else, and it failed quietly.

------
loup-vaillant
The obligatory xkcd: <http://xkcd.com/221/>

------
jiggy2011
Question: Can anybody name a DRM scheme that hasn't been cracked?

