Profile cover photo
Profile photo
Andy March
66 followers -
Code monkey, paintballer, eternal student
Code monkey, paintballer, eternal student

66 followers
About
Posts

Post has attachment
Add a comment...

Post has attachment
Add a comment...

Post has attachment
Add a comment...

Post has attachment
Come see Entrust on G45 at Infosec for free popcorn and a strong mobile auth demonstration
Photo
Add a comment...

Finally got around to finishing up the first cut of my new WordPress theme and site refresh for andymarch.co.uk
Add a comment...

Post has attachment
Final day of Mobile World Congress
Photo
Add a comment...

Post has shared content
Beware of the complexity of "RANDOM_STRING"
I bought a digital video download today that required a video player from Leaping Brain. As usual, the proprietary player wasn't great and to transfer it to my iPhone I'd need another proprietary player. Ugh. But I browsed around and found that the video had been downloaded into a hidden directory as a bunch of .mov files. Great, except none of the files would play.

It turned out the actual player, launched from their compiled app, was a Python wrapper around some VLC libraries. Nothing funny going on, as far as I could tell, but when I tried to launch the player directly, nothing happened. The compiled app was modifying the .mov files right before they were loaded into the player, and then reverting the file on disk. According to http://leapingbrain.com/mod-machine/faq/:

 "We apply our BrainTrust™ proprietary video encryption to your movies before we upload them to our servers. If someone ever was able to gain access to your content, the files would be useless and unplayable, because they are stored in a scrambled, encrypted format. Once downloaded to the user’s hard drive, the files are still encrypted and only readable via the MOD Machine Player by a legitimate owner. We are not aware of a better DRM scheme than ours. Where Windows Media DRM is easily crackable, and doesn’t run on Macs, BrainTrust™ works great on Windows 8, Vista, Windows XP and Mac, and is virtually uncrackable."

Virtually uncrackable? Well, since they load the file from a Python script, it's easy to make a copy of the "decrypted" file before it's reverted. Having done so, I was curious to see the encryption scheme. By comparing the binary files, I discovered the "proprietary video encryption" algorithm: for the first 15kB, each 1kB block has its initial bytes xor'd with the string "RANDOM_STRING". That's the "scrambled, encrypted format" that leaves these files "useless and unplayable".
Add a comment...

Post has attachment
Posted the analysis of the twitter traffic I captured during the opening ceremony last night
Add a comment...

Post has attachment
I got a Sony NEX5 the other week trying to step up my photography...so here is an adorable sleeping Rufus
Photo
Add a comment...

Post has shared content
Now this is how legal issues of software should be determined.
As a counter to this, I present exhibit A: Judge Alsup from the Oracle vs Google case, from the GrokLaw transcript today:

Alsup tells Boies Oracle's only doing damages because they haven't won anything else and they're in a fix. "This is a fishing expedition."...
Alsup says he's been writing code since this trial started. He's written rangeCheck code a "100 times". Incredulous Oracle claiming damages...

----
Yes, the Judge in the case has been learning Java code. :)

Now here is a later followup where the Judge slams Oracle:

Judge: We heard the testimony of Mr. Bloch. I couldn't have told you the first thing about Java before this problem. I have done, and still do, a significant amount of programming in other languages. I've written blocks of code like rangeCheck a hundred times before. I could do it, you could do it. The idea that someone would copy that when they could do it themselves just as fast, it was an accident. There's no way you could say that was speeding them along to the marketplace. You're one of the best lawyers in America, how could you even make that kind of argument?

Oracle: I want to come back to rangeCheck.

Judge: rangeCheck! All it does is make sure the numbers you're inputting are within a range, and gives them some sort of exceptional treatment. That witness, when he said a high school student could do it-- ---

Maybe it's a good idea for people to learn programming to make better judges and juries if our whole society is going to be based on information and computing in the future?
Add a comment...
Wait while more posts are being loaded