main

Software Writers Spot Open Source in Sony BMG CDs

Daniel Fleshbourne   on 18 November 2005 - 17:50 · 30 comments & 3085 views

Advertisement (Why?)
Controversial copy-protection software used by music publisher Sony BMG on music CDs appears to have tapped an open source project, raising questions about copyrights, software experts said on Friday. The XCP program, developed by British software firm First4Internet and used by Sony BMG to restrict copying and sharing of music CDs, is already highly controversial because it acts like virus software and hides deep inside a computer where it leaves the backdoor open for malicious hackers.

Sony BMG earlier this week said it would recall some 4.7 million CDs with the software, after the discovery of the first computer viruses last week that took advantage of the weakness. The XCP program will have installed itself on a Windows-operated personal computer when consumers want to play 49 title CDs from Sony BMG. The programme forces consumers to use a music player that comes with the program. This music player contains components from an open source project, an MP3 player called LAME, it emerged.

View: The full story
News source: eWeek


To all you Xbox holders...will you be rushing to the stores to get your copy of HL:2?
-Enan Hawk

Post a comment · Send to friend Comments · There are 30 additional comments
#1 russ0943 on 18 Nov 2005 - 17:52
sony is up **** creek w/o a paddle


Please do not bypass the swear filter

Last edited by 36818 on 18 Nov 2005 - 18:11
(1 reply) #2 M2Ys4U on 18 Nov 2005 - 17:52
How ironic, that in trying to stop people breaching their copyright, they're infringing on someone else's.

I smell hypocracy
#2.1 zORYn on 18 Nov 2005 - 20:18
i smell hypocrisy
#3 Adequate on 18 Nov 2005 - 17:53
Funny how big companies throw humongous fits when something is stolen from them, yet they won't hesitate to steal from open-source for their own profit...
#4 Fit4130Rider on 18 Nov 2005 - 18:04
I say down with Sony/BMG music. Their TV's are still pretty badass though. and before people start saying things like "you're supporting a horrible business!" Stop and think. Sony is freaking huge, and has many divisions. One group has no idea what the other is doing. Also, I think the worst that could happen is that sony would have to pull out from the music business.

Disclaimer: I'm very very tired so if that didn't make sense, sorry.
#5 Corona on 18 Nov 2005 - 18:09
LOL its gets worse and worse as each day pass
#6 Walk into the Sea on 18 Nov 2005 - 18:14
Not only lame. From another forum

"Rolf from Sabre Security was kind enough to point out that we had missed a giant copyright string.

000C48C0 4641 4143 202D 2046 7265 6577 6172 6520 FAAC - Freeware
000C48D0 4164 7661 6E63 6564 2041 7564 696F 2043 Advanced Audio C
000C48E0 6F64 6572 2028 6874 7470 3A2F 2F77 7777 oder (http://www
000C48F0 2E61 7564 696F 636F 6469 6E67 2E63 6F6D .audiocoding.com
000C4900 2F29 0A20 436F 7079 7269 6768 7420 2843 /). Copyright (C
000C4910 2920 3139 3939 2C32 3030 302C 3230 3031 ) 1999,2000,2001
000C4920 2020 4D65 6E6E 6F20 4261 6B6B 6572 0A20 Menno Bakker.
000C4930 436F 7079 7269 6768 7420 2843 2920 3230 Copyright © 20
000C4940 3032 2C32 3030 3320 204B 727A 7973 7A74 02,2003 Krzyszt
000C4950 6F66 204E 696B 6965 6C0A 5468 6973 2073 of Nikiel.This s
000C4960 6F66 7477 6172 6520 6973 2062 6173 6564 oftware is based
000C4970 206F 6E20 7468 6520 4953 4F20 4D50 4547 on the ISO MPEG
000C4980 2D34 2072 6566 6572 656E 6365 2073 6F75 -4 reference sou
000C4990 7263 6520 636F 6465 2E0A 0000 312E 3234 rce code....1.24

Yeah. Apparently FAAC code was used too. I positively identified several functions myself. For starters: The function at virtual offset 0x1007BA80 is known as WriteFAACStr in the file bitstream.c of the FAAC project. You can work yourself through other FAAC functions from there. I don't know for sure if that's GPL or LGPL. I think it's LGPL though.

And while we're at it. Matti found mpg123 references. In his opinion this is how the mpglib code made it into the OCX. It still needs to be determined if there's more mpg123 code in the OCX except the mpglib stuff. If that's the case another GPL infringement can be added to the list."


tututututututut.
(2 replies) #7 kaffra on 18 Nov 2005 - 18:15
wont this really be the developers fault, First4Internet?
#7.1 xTrinity on 18 Nov 2005 - 18:21
Sony licensed it. They should have at least reviewed the code.
#7.2 theyarecomingforyou on 18 Nov 2005 - 18:39
It's Sony's fault that they picked such a poorly thought through copy protection system, though there was no way they could be expected to look over the code themselves - have it checked by another company maybe. It is First4Internet's problem regarding ripping off other people's work and for flaws allowing it to be exploited by virus writers.
#8 ahhell on 18 Nov 2005 - 18:21
Hear that distant rumble???

That's a lawyer stampeed.

There's going to be some serious lawsuits over this stuff....cool.
(2 replies) #9 Airlink on 18 Nov 2005 - 19:05
Hey, whatda ya know? Yet another reaspn not to buy music CDs. Who knew?
#9.1 Walk into the Sea on 18 Nov 2005 - 19:33
This is NOT a reason to stop buying music cd's, but it is a reason for you to justify your own shortcomings.

Just a little note for all the people who have made statments akin to yours thus far -> Not all music is released by sony. thank you for listening and goodnight.
#9.2 -=MagMan=- on 19 Nov 2005 - 00:03
I totally agree with your comment Walk into the Sea... Btw, couldn't you have picked a simpler, perhaps shorter nick?

There are artists out there that do not publish their works via Sony, or any one of their related labels, so to suddenly say I won't buy any albums just because of one label's screw up is wrong.

Granted, after this, I will DEFINATELY pay much closer attention to ANY music CD I consider purchasing from now on, which is I think something all of us need to do in this day and age of DRM and corporate greed.
#10 Ironman273 on 18 Nov 2005 - 19:49
I wonder if Sony is going to use the loss of recalling almost 5 million CDs being caused by P2P. "Look how much we lost last year due to sharing music!"
#11 TC17 on 18 Nov 2005 - 20:10
Just like someone else here said, nothing like pure hypocrites. Sony is... along with the RIAA/MPAA and any other company.

And what is just a sick, is that there are plenty of people who do nothing but stick up for these companies.

I'm also sick of the stupid excuse they use for their cold hearted attitudes. Claiming they have lost some made up imaginary dollar amount of money that they never even had in the first place. In my opinion, THEY are the ones that belong in jail.
#12 toadeater on 18 Nov 2005 - 20:15
To Sony CEO:

#13 CDog on 18 Nov 2005 - 20:27
Surely in a recall of that many CDs (that I assume they're replacing with non-protected CDs) means it's costing them more to protect their CDs against piracy than they would have lost to sales through piracy on those same CDs anyway.

This news isn't good either, what a mess...
#14 chilliadus on 18 Nov 2005 - 22:37
My guess is that Sony will get away with it and leave First4Internet sinking down in a ****pool.


Please do not bypass the swear filter

Last edited by 36818 on 19 Nov 2005 - 12:47
#15 DJ Specs on 18 Nov 2005 - 23:03
Well, now that we know its ok to scream at anyone infringing on on your copyright while stealing and using someone elses... ya nice double standard, which makes all this total BS. I hope the writers of the code SONY stole sue the hell out of them and rightfully so, so this all gets exposed.
(1 reply) #16 Rfire on 18 Nov 2005 - 23:56
Perhaps if people would stop stealing and start buying CDs they wouldn't need to put this justified protection in CDs to protect intellectual property rights.
#16.1 seethru on 19 Nov 2005 - 03:55
They shouldn't be putting protection that hides itself in the KERNEL to begin with. Hell, they shouldn't be putting protection that limits the number of copies you make. That's punishing those who ARE paying for their cd's, and is NOT stopping piracy.
#17 jivemastert on 19 Nov 2005 - 03:03
The irony is fantasic. Sony = pwn3d
#18 b0b on 19 Nov 2005 - 15:07
Sony is gonna get COWNED! (Completely Owned)
(3 replies) #19 Walk into the Sea on 19 Nov 2005 - 19:37
"BARCELONA, Nov 18 (Reuters) - In an attempt to make up with consumers whose PCs have been exposed to unsecure copy-protection software which acts like malware, music publisher Sony BMG said on Friday it would swap unsecure CDs for new unprotected disks as well as unprotected MP3 files." Read More...
#19.1 toadeater on 19 Nov 2005 - 20:48
What are they going to do to make up for their theft of GPL'd software?
#19.2 El_Cu_Guy on 19 Nov 2005 - 21:45
Read it again:

In an attempt to make up with CONSUMERS......

There is really no make up with developers. Sony licensed the code and therefore loses rights granted under those licenses. Discontinuing distribution is a start.

Last edited by 40343 on 19 Nov 2005 - 21:52
#19.3 LaNcom on 20 Nov 2005 - 18:31
True. But Sony (or First4Internet) now also needs to completely open the sourcecode for XCP, as the LPGL'd libs are compiled in (not linked). That's gonna get funny, not only is the sourcecode very interesting for black-hat hackers, it also makes the whole copy-protection scheme worthless.

And no, stopping the distribution won't help, they have to release the sources as soon as the derived work gets released - and it got released, even if they swap the CDs now...!
#20 njlouch on 21 Nov 2005 - 09:43
This whole thing has been a debacle, and proven a few things to me:

1) Sony CAN NOT be trusted.
2) All copy protection is BS. Instead of making life better for the paying consumer and harder for the pirates - legit consumers are left with unsecured systems. And has any if this stopped Sony/BMG music being on P2P sites or (hush hush) newsgroups? No!
#21 LloydSev on 21 Nov 2005 - 16:14
I have officially contacted Sony and requested the source code of the XCP Copy Protection that they were distributing.

I received an email the next day stating a customer service representative had received my email.

No response as of yet, this was Saturday I received the email.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)