From derek@spider.com Mon Oct 25 16:39:11 1999 Date: Mon, 25 Oct 1999 14:35:54 +0100 From: Derek Fawcus To: livid-dev@livid.on.openprojects.net Subject: Re: [Livid-dev] css On Mon, Oct 25, 1999 at 01:08:28AM -0700, Dave wrote: > > I hate to be a party-pooper, but any dimwit can tell this came from NT, on > VC++.. does the open source community have the right to use this code? Actually this looks a lot like the source to DeCSS. Have a look at CSSauth.cpp and compare it to my css-auth package. You'll see it's basically my code, as such this whole source package has to be considered as being under the GPL. The code in css/CSSscramble.cpp is the stream decrypting code. I guessed my slow speed wrt to releasing the source for the decrypt code would result in someone else posting the code. So enjoy it. This is an old version and won't decrypt certain W.B. titles. However there is a valid key key and offset included in that code (the offset is hidden in css/CSSkeysNt.cpp:CSSgetdiskkey() and has the value of 0x235 and as such can be used to brute force the other valid keys from a disk. If you examine the two algorithms (auth and decryt) you'll see that they are both basically the same: LFSR1 -> [switchable invert] --\ \ + (Adder) -> Pseudo random bit stream / LFSR2 -> [switchable invert] --/ The two LFSR's are (I belive) the same for both algorithms, but have a different initialiser. This bit stream is then used in different ways in the two sets of code. There are 4 routines which use the above core algorithm, and each one uses a different setting for the switchable inverts. The hashing stages at the end of the two title key decryption stages are very similar (maybe identical) to the rounds in the authentication routine. i.e. there are two stages to the key decryption here each using two rounds, whereas the authentication code uses 6 rounds. At the moment I'm working at combining the two code blocks and eliminating some look ups. I've already removed one table lookup in the stream decryt code - another may follow. One other thing to note - the code posted is valid on little endian machines only. DF -- Derek Fawcus derek@spider.com Spider Software Ltd. +44 (0) 131 475 7034 PGP/GnuPG Keys available [ Part 2, Application/PGP-SIGNATURE 236bytes. ] [ Unable to print this part. ]