Why is that some mp3 files seem to break-up after a few seconds of normal play. That is, the song starts off OK, but after a few seconds it sounds like a cassette, when you hold the play and fast forward buttons down at the same time.
I’ve heard that it was some sort of protection, a virus/spyware/malware imbedded in the file and a corrupt file.
Anyone know what I am talking about, what causes it and how it is fixed?
It’s just sound–no virus or spyware, or anything like that. Presumably it was chosen to be as annoying as possible. It’s laid down in place of the rest of the music file, to deny users of file sharing the enoyment of their ill-gotten goods. It can be fixed by going out to a record store and buying a CD with the song on it.
Typical users, yes. But Pro-RIAA organizations and such are supposedly uploading a lot of this kind of stuff in a deliberate attempt to discourage people from using these services. Think about it – if you keep getting this kind of junk, and it happens too often, eventually you may give up too.
All the above was only a response to the quoted comment. There is no intent to accuse pcroughn of anything illegal.
Mikahw: Joke - 1] Something said or done to evoke laughter or amusement, especially an amusing story with a punch line. 2] A mischievous trick; a prank. 3] An amusing or ludicrous incident or situation.
C’mon, why do you think I mentioned the RIAA in the first place?
Keeve: When will those bastards leave us alone! Can’t the see we just want to live! (and rock-out for free)
Revtim: No, I’m using WinAmp and sometime Media Player 9. I don’t think it’s in the player.
I just wanted to say; wow, that’s a crappy checksum method. I heard there was some kind of exploit to bugger up Kazaa checksums, but I never would have imagined it would have been so pathetically simple.
There’s nothing “pathetic” about a checksum (or a CRC) which is easy to fool. By definition, they’re simple to calculate, and it’s pretty trivial to generate garbage input data that will produce a particular result when summed. The mistake is thinking that this is somehow secure.
You might think so, but I wouldn’t be surprised if a lot of users just ignore them and try again, thus leaving the bad version available to other users. In Music Match Jukebox, you can very easily (and perhaps accidentally) delete a song from your “library” of songs, while leaving the mp3 on your hard drive. If you downloaded music with Kazaa, but played it with Music Match, it would be very easy to keep propagating the files the OP describes.
The pathetic part is that the checksum is based on the file size, song length, and bit rate, but not the actual content of the file. Other P2P networks checksum the entire file, and they use stronger hashes than CRC32 (such as MD5 or SHA1), so generating a garbage file that has the same hash as a specific song is next to impossible. Checksums are obviously insecure the way Kazaa uses them, but they don’t have to be.
Actually, it looks like Kazaa uses MD5, not CRC32. It’s definitely not “trivial” to make a garbage file that has the same MD5 hash as another given file - the weak link in Kazaa’s chain is their poor choice of input for the hash algorithm, not the algorithm itself.
Definitely not. My comments were based on the earlier assertion that Kazaa uses a checksum, not an MD5 hash. You’re right that their choice of input is the problem.
BTW, just to clarify, in your 2nd to last post, you imply that basing the checksum or CRC on the entire file rather than just some metadata would make the use of a checksum or CRC stronger, but it really wouldn’t. It’s still trivial to fake unless a strong hash (e.g. MD5) is used.
Well, iMesh may as well be Kazaa… it uses the same network and has the same flaws.
I’m not sure about the SDMB’s policy about answering technical questions like this one. I’ll just say there’s a program named after a beast of burden that isn’t vulnerable to this tactic. It also protects against accidental corruption with partial hashes (it can detect a corrupt chunk before the whole file is downloaded), and protects against fake files with user ratings and comments.