| Exhibit | Description |
| Anonymous C source code Hoy filing | This is the source
code for the CSS descrambling algorithm that was posted
anonymously to the LiViD mailing list in October 1999. The C code was
supposedly written by someone who disassembled a software DVD player
to uncover the descrambling algorithm. It was this posting that led
Frank Stevenson to conduct his analysis of the CSS encryption
scheme. The code was subsequently included in an unsealed legal filing by John Hoy, president of the DVD-CCA, in the California trade secret lawsuit against Andrew McLaughlin and 92 other defendants. Guess it's not a trade secret anymore. More about that here. |
| css_descramble.c | This is a different C implementation of the descrambling algorithm. This one, by Derek Fawcus, is part of the css-auth package, which is a component of LiViD, a Linux DVD player. It is interesting to compare the two implementations to see how they differ in strategy. Among other things, Fawcus' version uses fewer tables, and unrolls one of the loops. Such a comparison is only possible by examining the source code. |
| Perl code: shorter or faster |
 Two
Perl implementations
courtesy of MIT Student Information Processing Board members Keith
Winstein and Marc Horowitz. The shorter one,
qrpff, is 526 bytes. The faster
one, 531 bytes long, caches the permutation corresponding to CSStab1,
and is fast enough to actually use to watch a movie. The programs
take a five-byte title key on the command line (five decimal numbers,
in least to most-significant order) and an MPEG 2 Program Stream VOB
file on stdin, and output a decrypted version of the VOB file. For example,
to play The Matrix: cat /mnt/dvd/VOB_FILE_NAME | qrpff 153 2 8 105 225 |
extract_mpeg2 | mpeg2dec -This work grew out of Keith's preparation for a 6-hour seminar on DVD decryption taught at MIT in Jan-Feb 2001. Suggestions for further shortening the code should be sent to sipb-iap-dvd@mit.edu. We'll let you know when a t-shirt is available. |
| Anonymous SML code |
This is a translation of the Anonymous C source code into Standard ML, a functional programming language popular among theoretically-oriented computer scientists. Since the code is purely functional, the author of this translation, a Carnegie Mellon undergraduate, says: Coupled with the ML definition, it's no stretch to think of it as a mathematical formula rather than a "device". Are mathematical formulas still protected speech? The student is taking no chances; he's asked to remain anonymous. |
| css_descramble.scheme | This translation of css_descramble.c into the Scheme programming language was contributed by John R. Hall. Scheme is a variant of Lisp popular among academic computer scientists. |
|
page1.gif page2.gif page3.gif |
Screen dump of the CSS descrambling code. This is not the source code; it's a picture of the source code. These GIF files are not directly readable by a C compiler. However, a human looking at these images could certainly type the C code into a text file. Or the files could perhaps be converted automatically, by an OCR program. Are these page images considered an illegal "circumvention device" under the DMCA? Or, since they're not executable, are they protected speech? |
| new-language.txt | Here is an implementation of the descrambling algorithm in a new programming language for which no compiler currently exists. This language, similar to C, was invented by Dave Touretzky. Since the code in this form is not executable, it is presumably protected speech. But if someone writes a compiler for this language, would Dave Touretzky then become liable for trafficking in a circumvention device under section 1201 of the DMCA? |
| plain-english.html |
 A description of the descrambling algorithm in plain
English, written by Dave Touretzky. This description is not machine
readable, but it can easily be translated into C code by a
knowledgeable C programmer. It could not be translated by a
non-programmer, or a machine. Is it therefore protected speech?If natural language processing technology advances to the point that a machine could translate this English text into executable code, could the text then be suppressed under the DMCA? |
| css-auth.eng | In October, 2000, Omri Schwarz released Perl scripts for automatically translating C to English, and English back to C. Here is the English version of css-auth.c that it produces, called css-auth.eng. |
| english-and-c.html |
Another version of the descrambling algorithm in plain English,
but this time each line is annotated with the equivalent statement
written in the C language. This description is not directly machine
readable because the C code is interspersed with English text and HTML
formatting instructions. But the C code can easily be extracted from
the document, and this requires less skill than translating the
English into C. Can this text document therefore be suppressed under
the DMCA? |
| decss-haiku.txt |  DeCSS Haiku: this ingenious poem is both a
commentary on the DeCSS situation and a correct and complete
description of the descrambling algorithm. Truly inspired.
(Original version February 12, 2001; minor revisions sent by author on
February 23.) Author is anonymous; he contacted me via anon remailer,
so I am unable to reach him. |
|
Cryptanalysis of CSS |
This is an analysis of the CSS algorithm by Frank Stevenson, along with a description
of various attacks on the encryption scheme.Please see our Frank Stevenson archive for more documents and program examples. And here is a somewhat more accessible tutorial on CSS by Gregory Kesden, based on the work of Stevenson and others. Should these lecture notes, taken from a course taught at Carnegie Mellon University, be declared illegal? |
| DeCSS T-shirt from CopyLeft: order here |
 The source code for css_descramble.c is available on the back of this t-shirt from CopyLeft. Copyleft has been sued for their trouble. Are sales of this shirt banned under the DMCA? Would merely wearing the shirt in public constitute "trafficking in a circumvention device" as defined in section 1201 of the DMCA? |
|
Dramatic reading or or |
 A dramatic
reading of the file css_descramble.c, read by Xader Vartec. This is a
3.5Mbyte MP3 file; it runs 7 minutes and 20 seconds.Joe Wecker of the band Don't Eat Pete recorded a musical version of my "plain English" rendition of the source code, with musical accompaniment. This is a 7.2Mbyte MP3 file that runs 7 minutes 28 seconds. Transcript courtesy of Keith Dawson of tbtf.com. This song has been banned from MP3.com. Are these kinds of "artistic performances" covered by Judge Kaplan's injunction? Jeff Schrepfer turned the code directly into music, as a MIDI file. The file was created by starting with the source code and "removing all the white space, then transforming each ASCII character into a single 32nd note of its midi equivalent (midi notes, like ASCII characters, are coded into values ranging from 1 to 127.)"
|
| DeCSS The Movie |  DeCSS The Movie, by Samuel Hocevar and friends.Watch the code scroll by in a Star Wars-like MPEG animation. This is method #40 in Hocevar's list of 42 ways to distribute DeCSS. |
| DVD logo in css-auth source |  This DVD logo formed out of
the characters in the css-auth source was generated by someone using
the MosASCII tool
created by Robert DeFusco. The intensity changes are accomplished by
changing the font color every few characters.To view the entire source, click on "Select All" from your browser's Edit menu. |
|
png file with concealed version of css-auth.tar.gz |  The judges in the Great
International DVD Source Code Distribution Contest decided to give
the award for best high-tech hack value to Andrea Gnesutta, whose entry
was the little banner image above. To extract css-auth.tar.gz from
her graphic file, dvd_scdc_tst.png, go to byte 0x002428 and copy the
next 0x547E bytes to another file.)
|
|
jpeg file with concealed version of css-auth.tar.gz |
 Inspired by
Ms. Gnesutta's idea, this is a JPEG image file with the source code
concealed inside it. This file should be viewable in all browsers.
|
|
"Not the DeCSS Source" |
 Click to view full image.
Joshua Shagam at NMSU created this very clever image of some C source
code. This is not the code for DeCSS. But if you compile the code in
the image and then feed it a raw pnm version of the image file as
input, you'll get a surprise. (The DeCSS source is encoded in the low
order bit of every byte in the image.) |
| get CSS-auth from a DNS server | This is a Unix shell script (/bin/sh) containing the following sequence of commands: for DVDs in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | perl -ne 's/\.//g; print pack("H224",$1) if(/^x([^z]*)/)' | gunzip. Explanation: a hex dump of the gzipped css-auth code was used to generate a bunch of host names in a DNS server. (DNS, or Domain Name Service, is how host names get mapped to IP addresses.) The dig command is used to query the server and extract the entries; the rest of the commands reformat the output to recover the C source code. |
| Yahoo greeting card | Someone sent me a Yahoo electronic greeting card with the source code for css_descramble.c as the message (plus a two-for-one coupon for a Slurpee). Yahoo greeting cards expire after 60 days, so this file would have been good through the end of October, 2000, but Yahoo pulled it on September 13 after the Salon article referenced it. |
 |
Visit our new Steganography Wing, now under construction. |
Salon
Gallery curator: Dr. David S. Touretzky,
Computer Science Department, Carnegie Mellon University
