[gst-devel] help

Wed May 4 06:29:20 CEST 2005

Hi,

How to remove libavcodec from ffmpeg?

Regards
Pradeep

-----Original Message-----
From: gstreamer-devel-admin at lists.sourceforge.net
[mailto:gstreamer-devel-admin at lists.sourceforge.net] On Behalf Of
gstreamer-devel-request at lists.sourceforge.net
Sent: Wednesday, May 04, 2005 8:39 AM
To: gstreamer-devel at lists.sourceforge.net
Subject: gstreamer-devel digest, Vol 1 #1848 - 1 msg

Send gstreamer-devel mailing list submissions to
	gstreamer-devel at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/gstreamer-devel
or, via email, send a message with subject or body 'help' to
	gstreamer-devel-request at lists.sourceforge.net

You can reach the person managing the list at
	gstreamer-devel-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of gstreamer-devel digest..."

Today's Topics:

   1. R: R: [gst-devel] Create a secure level (Domenico Pontari)

--__--__--

Message: 1
Subject: R: R: [gst-devel] Create a secure level
Date: Tue, 3 May 2005 20:20:00 +0200
From: "Domenico Pontari" <D.Pontari at ELIS.ORG>
To: "Thomas Vander Stichele" <thomas at apestaart.org>
Cc: "Jan Schmidt" <thaytan at noraisin.net>,
	<gstreamer-devel at lists.sourceforge.net>

Thomas, you are right.

Usually in telecomunication protocols such as TCP, we use 8 parity bit =
to verify that the information from the source it's same at the =
destination: for example you can sum all ciphers (without the last 8 =
bits) of a TCP packet obtaining 8 bit and check if this 8 bits are the =
same of the last 8. This is what I mean with parity check.

But you can also use this method with files: you can open any file and =
sum all simbols obtaining 8 bits, an hash of the program. You can write
=
for the jump to bad boy (the conditional statement that verify if you =
have the password for the program or if you have the right CD for game,
=
ecc...) something like this:

if (parity_check !=3D 204) {
	... bad boy ...
}
... go on ...

usually if you haven't source code you must use a decompiler like IDA to
=
catch the right jump (for example JMP assembler statement) and change =
JMP statement in NOP or something else. But if you do only this parity =
check changes because JMP machine code is different from NOP statement =
and so you need to recalculate parity check and change it in the =
program.

When you do this are you sure that you catch the right jump? Are you =
sure that your counts for the new parity check are rights? Often you =
have only a way to verify this: try it. But there is another parity =
check in Gstreamer API that verify not only itself, but also the player.
=
So there are 2 cases:
1) You are so smart that you can:
	a. catch the right jump in the player for the parity check of
player's =
code
	b. catch the right jump in the player for the parity check of =
Gstreamer's code
	c. catch the right jump in Gstreamer API for the parity check of
=
player's code
	d. catch the right jump in Gstreamer API for the parity check of
=
Gstreamer's code
	e. calculate in the right the new parity number in the player
for the =
parity check of player's code
	f. calculate in the right the new parity number in the player
for the =
parity check of Gstreamer's code
	g. calculate in the right the new parity number in Gstreamer API
for =
the parity check of player's code
	h. calculate in the right the new parity number in Gstreamer API
for =
the parity check of Gstreamer's code
2) You fault in 1 of previous things, but you won't know where because =
the only result is that the player doesn't work.

I hope I've been clearer.

Bye,
Domenico

-----Messaggio originale-----
Da: Thomas Vander Stichele [mailto:thomas at apestaart.org]
Inviato: marted=EC 3 maggio 2005 18.45
A: Domenico Pontari
Cc: Jan Schmidt; gstreamer-devel at lists.sourceforge.net
Oggetto: Re: R: [gst-devel] Create a secure level

Hi Domenico,

> Ok, I would like to go deeper in the short answer. What do you think =
about a security check on:
>=20
> 1) player
> 2) Gstreamer
> 3) X Windows
>=20
> in the player there is a parity check on Gstreamer and X Windows, in =
GStreamer API's there is a parity check on the player and X Windows (and
=
I could say: in X Windows there is a parity check on Gstreamer and the =
player).
> So that when you try to exploit the player it doesn't work because =
Gstreamer's parity check fails, when you try to exploit Gstreamer it =
doesn't work because the parity check of the player fails. The only way
=
to solve the trick is to patch Gstreamer and the player together: it =
should be complex because you don't know if you failed in Gstreamer or =
in the player. If you do this for XWindows too, it should be quite =
impossible.

You'll have to be clearer to have a sensible discussion.  What is this
parity check ? How does it work ? How is it technically implemented ?

If you're trying to come up with a foolproof unhackable system, I think
most people on this list will tell you that it's not possible.

So all we're left with is discussing practical difficulty.  To discuss
that you need to explain properly what it is you're asking :) And as
soon as you do I'm sure people can offer suggestions on how to break it.

So I would assume that what you would want is to get a feeling for how
difficult it is to break whatever system you are currently thinking of,
so you need to explain it some more.

Thomas

Dave/Dina : future TV today ! - http://www.davedina.org/
<-*- thomas (dot) apestaart (dot) org -*->
I've got ladyfingers baby
I've got kidgloves
baby I got heart
<-*- thomas (at) apestaart (dot) org -*->
URGent, best radio on the net - 24/7 ! - http://urgent.fm/

--__--__--

_______________________________________________
gstreamer-devel mailing list
gstreamer-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gstreamer-devel

End of gstreamer-devel Digest