Is Sony in violation of the LGPL?
 sp <foo bar com> |
Monday, November 14 2005 10:38.29 CST |
Update: Click here
Im sure youve already heard about the Sony rootkit that was first revealed by Mark Russinovich of Sysinternals. After the Finnish hacker Matti Nikki (aka muzzy) found some revealing strings in one of the files (go.exe) that are part of the copy protection software, the rootkit is also suspected to be in violation of the open-source license LGPL. The strings indicate that code from the open-source project LAME was used in the copy protection software in a way thats not compatible with the LGPL license which is used by LAME.
On Slashot muzzy mentioned that he doesnt have access to Sabre BinDiff, a tool that can be used to compare binary files. I was in the opposite position as I have BinDiff but I didnt have the file in question (go.exe). I mailed muzzy and he hooked me up with the file.
I compared go.exe with a VC++-compiled version of lame_enc.dll but unfortunately BinDiff didnt find a single relevant matched function. A quick manual check didnt reveal any LAME functions in go.exe either.
Even though go.exe apparently does not contain any LAME code, a considerable amount of tables and constants from the LAME source files can be found in the go.exe file. Heres a list of the LAME tables Ive been able to locate. The first column shows the hex address where the table can be found in the go.exe file, the second column shows the name of the table as it appears in the LAME source code and the third column shows the LAME source file where the table can be found.
I have to add though, that not a single table actually seems to be used by the go.exe code. What does that mean? Ive asked random people and Ive heard speculation ranging between "accidentaly linked" and "encrypted code in go.exe that uses the tables and cant be found in the disassembler". Further analysis needs to be made but at this point Im leaning towards more or less accidental inclusion.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |