Friday 5 April 2013

My Code made it to a Hollywood Movie



One of the first things I do every morning is check the Twitter chatter about my website (@SecurityTube) . I was pleasantly surprised to see this:


I've embedded the image from the tweet:


Source: http://oi49.tinypic.com/2vnrkw8.jpg

I've verified that this really is from the movie White House Down due for release in 2013 from their YouTube trailer at 1:39


The code is question seems to be from multiple programs which I had written way back in 2007-2008 to demonstrate the use of Raw Sockets in writing Packet Injection programs. Here is a list of the code files (GIST embeds at the end of the post) :

  1. http://code.securitytube.net/Programming-an-ARP-DoS-Tool.c
  2. http://code.securitytube.net/Generic-Packet-Injection-Program.c
  3. http://code.securitytube.net/Ethernet-Packet-Injection.c
  4. http://code.securitytube.net/TCP-Packet-Injection.c
  5. http://code.securitytube.net/IP-Packet-Injection.c
I know most of code snippet in the image could have been pretty much from any low level networking tool, so I am just going to focus on the comments :)  which are almost like a programmer's signature.


/* First Get the Interface Index */  and "Error getting Interface index !\n" code is there in all the files:

 Here is the next couple of lines in the screenshot:


Most of the files listed above, contain the "Bind our raw socket to this interface */" as well followed by the sockaddr_ll structure fill:

The next part of the screenshot is partially cut:


So, I used the YouTube video to take a better shot:


"A simple write on the socket ..thats all it takes ! */" is the partial comment, which many of you may agree is an unconventional comment :)  There is there in almost all the code files as well:


The last part of the screenshot is below:



Looks like this was from the Generic Packet Injection program, if you look closely:


The special effects guys seem to have removed most of the whitespace, so you see longer lines but it is clear to identify the code if you look close enough.

[Update Added Later] More Proof that the code is mine

The original code was posted on 2 of my sites: security-freak.net and then later on securitytube.net. I eventually discontinued security-freak.net  . A quick whois search will tell you both the sites belong to me.

I used the WayBack Machine as 3rd party validation. Here is the exact code link mined from my site on June 29th 2007 by the wayback machine's spiders:

http://web.archive.org/web/20070629181430/http://www.security-freak.net/packet-injection/PacketInjection.c

The original Packet Injection basics page where this and the other code presented here are linked. The wayback machine has a copy dating back to July 9th 2007:

http://web.archive.org/web/20070708223642/http://www.security-freak.net/packet-injection/packet-injection.html

During the same time, I had even announced that I had made some free videos on Packet Sniffing, Packet Injection (this is where all the code is form) etc. and sent an email to the SecurityFocus.com mailing list.

Original email:



A few google searches led me to open source projects and even Wiki pages who have used my code. Some cited the original site (security-freak.net) while others did not.


How do I feel about this? Great :) If not me, at least my code made it to a 3 second clip in a Hollywood Movie :)  Also, the character in front of the computer seems quite excited (hands raised) as he is downloading / viewing / running my code :) What could make a developer more happy than to see his code inciting such thrill! :)

Quirks: 

  • I hope the code would be compiled before use! :) 
  • The source / destination MAC, IP, etc. are hardcoded in most of the scripts so hopefully the hacker in the movie changed them before using :)
  • The Generic Packet Injection program just sends "A"* 1024 times onto the wire. This was just to demonstrate it's possible to send arbitrary data on the wire with raw sockets, even total garbage :)

The only thing I felt a bit dissapointed about was to see a couple of open source projects use snippets of my code without any form of acknowledgement.

OK, finally here are all the Code Snippets if you want to play with them. They are pretty old so some of the #includes may have to be changed based on the platform you are using. Note that the original links on the Internet have been posted above, the Gists were created today to embed them here.




19 comments:

  1. I wish someone use my code at their movie :(

    ReplyDelete
  2. Wow, if I were you, I'd insist that they include me in the closing credits =)

    ReplyDelete
  3. Thats kewl!

    Find out the programmer of the movie and tell if he can acknowledge it for you.. if not in movie, at least on somewhere net!! :P

    ReplyDelete
  4. OF COURSE they should include you inte closing credits!

    ReplyDelete
  5. I'm impressed that their upload progress meter seems to have 11 digits of precision.

    ReplyDelete
    Replies
    1. ha, i lold hard! 11 digits of precision... no wonder why the movie name is White House Down

      code on the big screen is an esoteric but interesting topic to find out about

      Delete
    2. Why not? You think there are no programmers with sense of humor in the movies? %)))

      Delete
  6. The Skunk still plays EVE? I remember that guy from my Corp1 days in Aridia!

    ReplyDelete
  7. Nice one!
    The movie is a Roland Emmerich, BANG BOOM AMERICA FBI AGENTS WHITEHOUSE, not my favourite kind of movie, but anyways, awesome.
    Achievement Unlocked: Hollywood Movie uses your code for bogus hacker scene.
    Hope you'll be credited in the movie.

    ReplyDelete
  8. Grarr Dexx, wrong guy... Eve Skunk refers to my website, www.eveskunk.com.

    ReplyDelete
  9. Yes, it's kind of your duty as a citizen to sue them. For human rights and fairness. These chances rarely appears. You should not sue them for more than the movie has cashed in yet and theoretically will though.

    ReplyDelete
  10. Ha, that would be pretty awesome. Day after the movie goes up, WHOOPS, movie gets pulled.

    ReplyDelete
  11. Interesting... did you publish this code under a FOSS license? IANAL but I guess if your code is GPL then you could force the studio into adding you to the end credits and adding a link to the original code, to comply with the license (I won't even get into details about making profit from the code, since it's obvious they could have used any other code for the scene; something with a BSD or Apache license would be perfeclty valid).

    Now, while I'm thinking about this... the code is being used not as software per se, but as content of some sort (it's a prop for the scene). So maybe now we should also add some Creative Commons license along with the software license when we publish FOSS code, to prevent it from being used this way without permission from the author...

    ReplyDelete
  12. Chochos beat me to it on the licensing question, but I was hoping you could force them to release the movie under the GPL. :-)

    ReplyDelete