HD-DVD and Blu-Ray AACS DRM Cracked

EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?" Warning: this link contains video.

Not really cracked, more like circumvented

[sith (15384)]

As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.

We'll see. I think it's good news for us though, no matter what.

Re:Not really cracked, more like circumvented

[Myen (734499)]

Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.

If this is a crack for the DRM, then GPG is a crack for PGP.

Re:Not really cracked, more like circumvented

[FuturePastNow (836765)]

According to the program's creator:

I was very surprise to realize that the title key is there, in memory!

Older systems make Trusted Computing their bitch. Oh yeah.

Re:Not really cracked, more like circumvented

[Rufus211 (221883)]

As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.

Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):

A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.

and

Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.

So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.

Re:Not really cracked, more like circumvented

[Junta (36770)]

Looks like from his FAQ that he figured a deterministic way a particular piece of HD-DVD software stores the key in memory. Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain.. Wonder how he knew what to look for so quickly... Well, suppose he did have a couple of distinct movies, he probably had a set of addresses that obviously changed between discs or titles, and probably some tell-tale strings...

So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.

Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....

BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.

Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.

Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.

Re:Not really cracked, more like circumvented

[pla (258480)]

Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain

Not really... Even without any better strategy, you can narrow the potential range down QUITE a bit (within one process' address space), and exhaustively try every machine-aligned keylength-block in just a few seconds. And it would surprise me greatly if we can't do a whole lot better than that



and revoke keys in future pressings and force upgrades to software users.

Revocation accomplishes nothing (except, as with most DRM, annoying legitimate users) if the cracker can get the key dynamically. This problem WILL result in the eventual blacklisting of XP for HD content, at which point the protection of AACS will reduce to the security of Vista's kernel (ie, already cracked).



It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.

Bingo. Although it does look like they at least tried to make it somewhat hard this time, no solution (not even quantum) exists to the cryptography problem where "Bob" and "Carol" (the "man-in-the-middle") count as the same entity.

Re:Not really cracked, more like circumvented

[afidel (530433)]

Nope, unlike CSS keys AACS keys are revocable, so the keys for the cracked version of PowerDVD (or whatever player has been compromised) can be denied by new media. Basically they encrypt the media's decryption key with the public keys of all of the licensed devices and once a player has been compromised they no long use that tainted key (It's actually kind of the reverse of this process, but it gives you an idea of what they accomplish and the general idea of how). Of course if many players are compromised it is unlikely that the content companies will be able to revoke all of their keys, because that would lead to a backlash against the format as consumers devices suddenly stop playing new titles. What I'm personally waiting for is an industrious hacker to expose the key of a popular hardware player, forcing an upgrade of a software player is one thing, requiring naive users to upgrade the firmware of their hardware player is going to be labor intensive. Either they will need lots of helpdesk type staff, or lots of depot technicians to actually do the upgrades for the users. Either way lots of users won't figure out what the problem is and will simply blame the hardware vendor/format.

Re:Not really cracked, more like circumvented

[Bios_Hakr (68586)]

It's pretty early in the rollout. The execs will kill off the format and release a new system within a year. HD-DVD-2 or something like that.

Then, they'll just not give the keys to PowerDVD.

Note to all future hackers. Wait till you have critical mass before you release a crack.

Re:Not really cracked, more like circumvented

[dtfinch (661405)]

They have many keys now, one for each model of player. I don't remember the exact terminology, but the player private keys are used to decrypt the disk key stored on the disk. There are many copies of the disk key, each encrypted with a different player's public key. If they want to revoke a player, they just don't include a copy of the disk key encrypted with that player's public key on future disks. So that player can play old disks, but they'll need to replace it to play new disks.

Re:Not really cracked, more like circumvented

[javilon (99157)]

When a couple or three keys for _hardware_ players leak the content providers will have to make their minds up and decide if they revoke them.

If they decide to do so, I can tell you that the whole scheme will go down. There will be people with bought and paid hardware made useless. This will be a very good example when explaining to people why DRM is a problem.

Also, if I have learned something in this thread is that if you hack a player, you just have to keep it secret and only release the disk keys for every disk that comes out to the market. If the RIAA doesn't know what player has been hacked, they can't revoke its key. Having one player hacked will invalidate the whole schema as long as the RIAA doesn't know wich one is it.

I am the owner of a High Definition 50 inches TV, with only DVI input. That I see as a good thing. I will not be tempted by the new High Definition *paid* content. There is no way I will be paying another 3000 for a new set just because the content providers refuse to show their content on my perfectly good one. This is also a good way to explain people what DRM is about.

Re:Not really cracked, more like circumvented

[jZnat (793348)]

That's why we refer to them by the more accurate acronym MAFIAA (Music and Film Industry Association of America).

It takes a while...

[FuturePastNow (836765)]

The site's Farked, Digged, and everything else already, but here's the forum this was first posted to: http://forum.doom9.org/showthread.php?t=119871 [doom9.org]

It contains a download link to the program.

Re:It takes a while...

[interiot (50685)]

Duggmirror [duggmirror.com] has a copy of the doom9 thread, as well as a link to the source code [rapidshare.com].

As another poster said, the package contains several title keys already extracted via some method. It's not clear how the author extracted the keys, or whether it's possible for the AACS people to revoke a player in order to prevent future keys from being leaked the way they currently are.

Re:It takes a while...

[by Anonymous Coward]

By giving out the actual per-disc keys, the guy has avoided the fate of the original decss hack which used a player key that was "revoked". Unless the "AACS people" can figure out what player key he used to get those disc keys, they can't revoke it, though they can re-author the disc with a different disc key for the next batch (which one supposes could be leaked the exact same way as the first, whatever that way is).

(For those that don't know, every disc's content is encrypted with a key particular to that disc. That key is then encrypted repeatedly with all of the device keys that are currently authorized to play that disc. Presumably there are dozens or hundreds of spare unassigned device keys in there for future use, as well. Thus, the player uses it's device key to decrypt the matching copy of the disc key, then uses the disc key to decrypt the disc. In the DVD days, device keys wouldn't be "revoked" as such, they would simply quit being used on new discs, so the device could play all old discs, but would be unable to get a disc key for new ones. Not sure if AACS actually added an actualy revocation list for device keys that would completely disable the device, as it is apparently able to do for other cryptographic keys like the HDCP keys)

Re:It takes a while...

[simm1701 (835424)]

Actually thats only true in secret single key cyphers - having the plain text (the disc key) and the cypher text (the encrypted disc key) gives you a point of comparison.

Obviously if you are using something like a ceaser cypher its now trivial to get the player decryption key.

With public/private key cyphers you are given the public key. This means you can have an unlimited number of plan text, cypher text pairs and in theory it will still not get you any closer to discovering the private key than when you just had the public key.

I doubt that these data points will be particularly useful in decoding the entire collection of player keys.

However given the size of zombie networks out there.... what do you think profession dvd pirates are going to do?

Re:It takes a while...

[interiot (50685)]

I don't really know much about it, but keys included in the package are title keys (eg. download the source code [rapidshare.com], see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?

Re:It takes a while...

[IamTheRealMike (537420)]

Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.

Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.

Re:It takes a while...

[qbwiz (87077)]

Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key? Or are all HD-DVD players networked, so their keys can be changed at any time?

Re:It takes a while...

[bigberk (547360)]

Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key?

Sure it might suck, but it's one of those little annoyances we live with because we know that Theft is Theft. We're only too happy to pay for a product and then have it cripple apart before our eyes. Sure, I might no longer be able to use the equipment I paid big money for, but will sleep comfortably at night knowing that at least the companies have protected their profits, just a little bit.

Re:It takes a while...

[evilviper (135110)]

AACS was designed so that keys could be revoked fro future titles.

So was DVD CSS...

Would you care to guess how well that worked?

Well and good...

[Ekhymosis (949557)]

But I would like to know how this will affect the customer as well. I know short term that DRM is bad and all, especially with the "where there's a will, there's a way" mentality in cracking it, but seeing as how these companies invest (or rather waste) millions in copy protection schemes, will they jack the prices up to cover the cost of their mistakes? I think this practice has become mainstream, no?

Piracy not equal to Losses

[kurt555gs (309278)]

I do not agree that piracy has anything to do with losses. Who is to say that those that watch movies without paying a fee would actually pay to see them in the first place?

The only way there is a real loss is if some one is SELLING copied DVDs as if they are original. That is not what we are talking about here. We are in this insane mindset that if we see or hear something that we owe money to some one for it.

Utter stupidity if you really think about the concept.

The only way there is a real loss, is if you counterfeit the media and sell it to some one that actually WANTS to pay for it.

This whole issue of IP ownership makes no sense if one steps back and clearly thinks about it.

Cheers

   

Re:Piracy not equal to Losses

[evilviper (135110)]

Who is to say that those that watch movies without paying a fee would actually pay to see them in the first place?

The only way there is a real loss is if some one is SELLING copied DVDs as if they are original.

Who is to say that those who buy cheaper illegal copies of movies would actually pay full price to see them in the first place?

Wrong conclusion...

[im_thatoneguy (819432)]

The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'

I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:

"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.

It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.

Re:Wrong conclusion...

[j-turkey (187775)]

The most basic acceptance test of any moral or social philosophy is whether it can be applied generally. Yours boils down to: I do what I think is correct. Okay, but please don't call the cops when someone punches you in the face and takes your wallet, because I am sure that it was a perfectly acceptable action to the perpetrator.

You make a good argument, and I've heard it before. However, black and white interpretation of the law tends to fail (especially when you equate morality and law). I'll fall back on an analogy here: If you drive, do you ever speed? The law says that you cannot drive at a rate higher than the posted speed limit. However, on most major US highways, traffic tends to move at around 5% higher than the posted speed limit. Driving at the posted speed limit would cause a dangerous situation, whereas operating your vehicle in a manner consistent with the flow of traffic is a safer way to travel. Is speeding immoral? If so, should we just not drive until everyone else slows down?

Many people make informed decisions to break the law. Whether or not this is a conscious act of civil disobedience, it is (in many cases) still a form of civil disobedience. Putting this into the context of the American alcohol prohibition, a large scale amount of civil disobedience fueled organized crime to fulfill the demand for alcohol, and the law was eventually shown to be unreasonable. A freedom limiting law was abolished because sufficient numbers of people chose to break that law. This did not cause any crumble of society, and did not turn morality upside down.

In any case, I respect your position, but disagree with your absolute reasoning. IP license violation isn't the same as DUI, and it's not punching someone in the nose and running off their wallet. Laws like the American DMCA have unjust provisions. The grandparent poster is acting in good faith, and harming nobody. Perhaps the gpp is partaking in a phenomena of culture redefining law.

Damn it!

[fahrbot-bot (874524)]

Cracked already? I had December 29th in the pool.

Cracker actually working for HD-DVD Consortium?

[BenJeremy (181303)]

Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?

The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?

If true, it's brilliant.... if not, then they missed the boat.

Re:Cracker actually working for HD-DVD Consortium?

[Weedlekin (836313)]

"given lackluster sales of hardware"

The poor hardware sales are due to the following factors:

1) Hi-def content is only of interest to the small minority of consumers who have a TV capable of displaying it, a screen big enough to notice any difference from up-scaled DVDs, and the requisite inputs, i.e. HDMI if they don't want to risk having future content down-scaled to a level that's worse than DVD.

2) Even those who fall into (1) above are wary of the fact that there are two competing formats, so many will inevitably wait and see which of them finally wins (or alternatively, wait for a player that's compatible with both).

3) Prices are extremely high at the moment -- for less money, one can buy a decent stand-alone DVD recorder with an integral DVR and editing system, which appeals to far more consumers due to being usable with a much wider range of TVs. The fact that DVD players are now available for less than the cost of newly released media for them does nothing to help this situation.

4) A shortage of blue lasers means that even those early adopters who want HD-DVD or Blu-Ray players have difficulty finding one.

5) There isn't a vast range of compelling titles in Hi-def formats, and some of those that are available don't actually look any better than the DVD version (in some cases they're worse). Furthermore, the fact that certain studios are aligned with HD-DVD while others favour Blu-Ray means that it's rare to see a movie released on both, meaning that those who opt for one format cannot view movies that only get released on the other one, thereby bringing us back to (2) above. By contrast, a $25 DVD player gives people access to a gigantic library of content, much of which is available for around $5, or can be rented, pirated, or made by individuals using cheap and readily available equipment.

6) Early adopters with money to burn tend to read lots of reviews, and will therefore know about the problems each of the small number of available players have with some disks. These issues might be acceptable with a $25 no-name DVD player, but those who spent between $500 and $1000 on a new hi-def system will be feeling very pissed off indeed if one of the only five movies they want to watch on it doesn't play properly.

Problems (3) and (4) will disappear fairly quickly because the lack of blue lasers is a short-term phenomenon, and once production ramps up, competition between manufacturers will progressively lower prices and ensure that dual-standard players come on to the market, possibly (i.e. not definitely) some time during the next year, and this competition will also mean problem (6) won't be (much of) an issue in a year's time. Even so, realistically speaking, the requirement for a large high-definition TV set will mean that adoption rates will remain low for a few years yet, so the range of titles will be significantly more limited than those for DVD, and sales / rental outlets will therefore devote less shelf space to them than their DVD equivalents, as indeed was the case with DVDs when VHS was the dominant format. However, unlike the VHS / DVD situation, it's easy and cheap for manufacturers to equip blue laser players with the ability to read standard DVDs, so those with existing collections aren't forced to re-buy everything in the new format, and this will probably help adoption rates once the price drops to an acceptable "impulse buy" level (i.e. below $150/Euros) and equipment is supplied with "dongles" (internal or external) that ensure output doesn't become degraded when connected to non-HDCP compatible displays (the fact that no media have HDCP yet is a short-lived phenomenon, because the media companies wouldn't have insisted it be there unless they intended to use it).

So the probability of this crack having been unofficially sanctioned by the industry (hardware or media) is very remote indeed, because the slow hardware sales aren't in any way linked to DRM, and even if they were, hardware companies in particular could easily circumv

Link

[h4rdc0d3 (724980)]

If anyone wants to try it out, here is a link to the executable and source code (Java)...

http://forum.doom9.org/showthread.php?t=119871 [doom9.org]

There is more detailed info in the included FAQ. The bad news is, the program itself isn't actually "cracking" anything. The author used publicly available AACS documents to write his own decrypter (e.g. just as PowerDVD or WinDVD would). The catch is, you must provide the decryption keys to this software in order to rip the movies from the disk.

However, the good news is, it looks like he may have found a way to extract the needed decryption key(s) from the HD-DVDs. He doesn't explain how in the documentation or provide any keys, but if he figured it out I'm sure others will - and that means more advanced and powerful tools shouldn't bee too far off.

Why this may be good...

[mitchell_pgh (536538)]

Basically HD-DVD and Blu-Ray aren't even options for me at this point as the DRM associated with it has me shaking my head. While I'm willing to pay $20+ for a movie, I want to be able to use the movie on my terms after the initial purchase.

If this hack proves to be valid, I would actually consider investing in the technology as it opens the format up to Linux/Unix/OSX/etc.

Sort of Cracked

[Jah-Wren Ryel (80510)]

It sounds like he didn't "crack" AACS, he just extracted the disc keys for certain titles.

A quick and dirty and probably somewhat inaccurate description of the way AACS works is that each disc is encrypted with a single 'disc key' and then that key is encrypted once with every known 'player key,' and each of those is stored on the disc. So, if you have an authorized player, it will find the version of the disc key that it knows how to decrypt and then use that to decrypt the disc for playback.

My guess is that he used one of the software players like WinDVD or PowerDVD that now sort of support HD-DVD and BLU-RAY. But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.

The studios thought that they would be able to 'revoke' disclosed player keys by just not using them on any discs pressed after the disclosure was made public. This guy's approach seems to be to distribute disc keys and then anyone with the same disc can decrypt that specific title, thus making it harder for the studios to guess which player keys need revoking.

I think that this guy's approach will be most useful to widescale pirating because all it takes is for one person to decrypt a movie and share it with a billion of his closest friends. But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.

So, I now look forward to various HD titles from disc (rather than from broadcast, which are already common if you know where to look) showing up on P2P and elsewhere, I'm still not purchasing any AACS playback system since the "crack" is not (yet) useful enough for me to exercise typical fair-use rights of format shifting and personal editing.

Re:Sort of Cracked

[Dachannien (617929)]

If that's how he's doing it - by distributing disc keys - then the studios will just start making shorter runs of the discs from the same master. There'll be, say, a hundred different disc keys for the same movie, and you won't know which one you have until you try them all. An individual or group would have to get hold of all 100 discs (or at least the portions of each that store the disc keys) to compile a complete list.

While it's certainly a move in the right direction, unfortunately, it's far from ideal. The reason I feel no moral compunction about saying this is because of your astute observation that this DRM scheme utterly fails to prevent piracy and instead is unfairly limiting how legitimate customers can use the products they buy. It's likely that this was the primary intent all along.

Re:Sort of Cracked

[RAMMS+EIN (578166)]

``But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.''

So now the next step is to disallow running software in a debugger, just like in The Right to Read [gnu.org]

HDCP

[StreetStealth (980200)]

It seems to me most people are seeing this as a means to:

A) Place-shift HD-DVD content (despite current storage constraints)
B) Pirate HD-DVD content (despite current bandwidth constraints)

when I see the much more immediately relevant issue being that of HDCP: If this crack can be rolled into something on the order of a VLC plugin, there's a chance I'll actually be able to use my technically-more-than-capable, yet not-a-member-of-the-HDCP-club LCD display to view commercial 720p content.

BackupHDDVD FAQ

[Black Acid (219707)]

B a c k u p H D - D V D F A Q

-What is "Backup HDDVD" for?
It can do backup copies of HD DVD movies that YOU OWN! I don't want anyone to do piracy here! This software is a good way to protect your investment, because I have notice that this type of media seems very fragile, if it's scratched a little or dirty, it won't play. It seems less tolerent than DVD format. (Higher density!)

-What "Backup HDDVD" is doing exactly?
This is a java based command line utility that decrypt video files (.evo) from a HD DVD disk that you own, to your hard drive and you can play them back with a HD DVD player software.

-What are the system requirements to use "Backup HDDVD"
1 - A Windows based system
2 - A HDDVD disk drive
3 - A HDDVD player software (like PowerDVD)
4 - A HDDVD movie(s)
5 - Java rutime 1.5
6 - The possibility to access the content of the disk with a drive letter under windows.
(you may need UDF 2.5 file system driver for this)
7 - A lot of free hard disk space to backup your movies!

-Was your first HDDVD movie hard to decrypt?

It took me around a week to do. But I have wasted few days
trying to work on too complicated approach. In fact, it is very simple.

-How do you do that?

The program itself has nothing special. It simply implement the AACS decyption protocol. I have followed the freely available documents about AACS
Have a look at: www.aacsla.com The trick, is to find what they call the "Title keys". So I figure out how to extract them.

-How do you extract the "Title keys"?

I won't explain it in detail. Read the AACS doc first. You will understand. The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the decrypted version of the title key? Think about it...

-What kind of crypto algorithms are involved?
Standards algorithms:
ECC-160
AES-128
Look in the AACS doc for more details.

-What is the TKDB.cfg file?
This is the Title key Database file. It holds the decryption keys for the movies.

-What is the format of this file?
Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
Next fields are pipe "|" delimited.
-Movie Title
-A variable number of Title key, pipe delimited
You have a key number followed by the key value like:
12-08A3DC61910280F2...

Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.

-The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
Here is my TKDB.cfg:

CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-0000000000000000000000
0000000000
486198E3855B57CD40F6DC0C60645BDE8E1E9AC5=Van Helsing |19-0000000000000000000000
0000000000
3D357B0653A66176583C5218FD0149EAF8832FB0=The Last Samurai | 1-0000000000000000000000
0000000000

-What do you think of the technical aspects of AACS?

The design is not that bad, but it's too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs
to get the keys! There will always be insecure implementations of a player somewhere! And the "Revocation system" is totaly useless if you use
the Title key directly.

-Is there any known problems with the decryption?
Yes. I call this problem the "Nav chain" bug. I realize that I have a lot of frame skipping at playback after the decryption, so I hunted down the problem. To avoid the frame skipping, I patch the video file. This fix allows smooth playback of the movie, but there are some side effects.

-What are the side effects of the "Nav chain" bug fix?

You cannot do fast forward, or backward using the round dial, but you can still use the progress bar to navigate through the film. So it's not that bad... For some reason, the sub-titles don't seems to work anymore. It may be a side

Will every player key be cracked?

[dave1g (680091)]

So the player key is hard to get at, so this guy worked around it and just copied the title key from memory, which is encrypted on disc with every player key. Since you have the plain text (of the title key) and each of the cypher texts(the encrypted title key), aren't there attacks to figure out all the player keys? And actually its worse since you have many(possibly all?) title keys and all their corresponding encrypted versions that has to extremely limit the search space for the player keys. This would be an even worse problem since they cant just revoke every key. All the hardware would break! Lawsuits galore!

Seems like the whole house of cards will fall down.

Great job with the title keys

[Myria (562655)]

The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.

The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.

A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.

The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).

DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.

Melissa

Re:Cheers!

[by Anonymous Coward]

Not to me, it isn't. This will help speed up the adoption of these formats. I'd like them both to totally fail, due to their restrictive DRM. As long as the formats enjoy some success, the content providers will keep pushing for the strong DRM.

Re:Cheers!

[msobkow (48369)]

I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.

It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.

The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.

Re:Cheers!

[Ironica (124657)]

Anyone over the age of 40 I've talked to about the two formats has said, "What, you mean like Betamacs and VHS?" Just keep telling people that that's what this reminds you of, and wait for someone to start selling a less draconian product.

Um, except, VHS became the dominant format for many years, until (the more draconian) DVD unseated it. So the Betamax/VHS issue doesn't really serve to predict the failure of both formats, nor the rise of a new format which is more open.

Re:Cheers!

[WhatAmIDoingHere (742870)]

DVD had more to offer over VHS compared to HD-DVD and BluRay over DVD. DVD offered no rewinding, special features, easy chapter browsing.. All things that VHS lacked. That's why DVD won over VHS. All they're offering in HD-DVD and BluRay is Slightly Higher Def, which is lost on like 95% of the TV owning public. Oh, and restrictive phone-in DRM.

Re:Cheers!

[KingArthur10 (679328)]

The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.

Re:Cheers!

[aplusjimages (939458)]

Always look to the porn industry. Where is the porn industry at right now? Still on DVD and downloadable content. Downloadable content is the future. Sing it with me "Downloadable Content is the way to go."

Re:Cheers!

[NormalVisual (565491)]

It's also interesting in that the porn industry sees by far the most copyright infringement, but seems to care about it a lot less than the **AA does. Even with all that copying going on, they still somehow are able to make quite a bit of money without whining about it and suing people left and right.

Re:Cheers!

[ajs318 (655362)]

Betamax VCRs never really became "shiny pieces of garbage" in the way Blu-Ray / HDDVD machines will. The crucial thing is, video cassettes were always recordable. You can still watch all your old recordings of Charles and Di's wedding, Fawlty Towers, It's A Wonderful Life and the entire Carry On series, and even record new programmes (VHS tape is the correct width, 12.7, to be wound into worn-out Beta cassettes; but note that you do need to keep the original metallic leader tape, since Beta and VHS used different auto-stop mechanisms and clear plastic leader won't trigger it). As I've hinted elsewhere, Betamax has better resolution and better colour reproduction.

The problem with play-only formats is exactly that: they are play-only, and so there can come a point where nobody is making any new material to play on them.

Re:Cheers!

[by Anonymous Coward]

Something like "Just like the Beta-emacs vs vi-HS wars!" ?

Re:Cheers!

[ajs318 (655362)]

And the Sony C6 Betamax recorder, given a decent aerial, could record the Teletext signal along with the picture (even if your set was non-Teletext, since it's being picked up by the recorder's internal receiver). I never even realised VCRs weren't supposed to be able to do that. All those old Betamax cassettes in lofts and cupboards are hiding not only subtitles, but little vignettes of the news and sporting events of the day they were recorded.

The only problem was that in order to get that resolution better than 280 lines (think about it - that's only chucking away 32.5 of 'em, which isn't bad), a Beta machine needed more moving parts than its VHS cousin (although they moved less often. VHS laced the tape when you pressed PLAY and unlaced it when you pressed STOP. All fast-winding was done inside the cassette -- which allows you to move the tape faster, but you cannot switch to picture-search without lacing it. Betamax laced the tape the first time you pressed PLAY and unlaced it when you pressed EJECT. Fast-winding was done inside the cassette until you first pressed PLAY [to allow for rapid rewinding before watching], and thereafter, with the tape laced; making it possible to switch instantaneously from fast-wind to picture-search.) Thus, VHS recorders were easier to field-maintain. And in an era before everything was made to be disposable, that was the deal-clincher.

Re:Zip does NOT contain any keys

[Junta (36770)]

Notice the title key is all 0's

That's amazing! I've got the same combination on my luggage!

Re:Mmm but would you do it?

[TexasDex (709519)]

The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and store it on your fileserver for the next year or two. This is awesome news but i am not sure i'll be ripping HD-DVDs/Blu-ray disks like i used to rip DVDs. These things take way too much space. Hollywood would have an edge if they priced the stuff at around 15-20$ - i'd buy one than let a movie take up 30GB on my machine.

Wait 5 years and read that post again. I bet you'll laugh. "Only 24 gigs?" you'll say. "That's nothing!" I guarentee it.

To put it in prespective: My old 486 had a hard disk with less than 400 MB of space. But it also had a CD-ROM drive. Your average CD back then held 650MB. Yes, it had an optical drive that was bigger than its hard disk. Nobody ever thought to even include copy protection on the CD because storing that much data was insane, and transmitting it over the internet even more so. With the advent of MP3 and bigger storage and broadband it became commonplace to trade music online.

My brother got one of the first computers that came equipped with a DVD drive, which has a capacity of 4.7 GB (I'm ignoring the whole multi-layer DVD format for sake of simplicity). It also came with a hard disk that could hold up to 2 Gigabytes. Now your average DVD can be recompressed without too much quality loss to, say, 1.5GB, and modern hard disks will store hundreds of them with ease, and you can download them in an hour or two on a good connection, or maybe a day on an okay one. Are you noticing a recurring theme here?

The truth is that Blu-ray isn't all that big compared to the hard disks of today, especially not when you look at previous optical formats and how big they were in comparison to the hard disks of the era in which they were first made. Heck I could fit a Blu-ray disk or two on my iPod and have some space left over.

Such is the progress of technology (by which I mean mostly storage space and bandwidth, but also compression technology and the processor power to implement it). A digital movie standard such as Blu-ray or HDDVD should be expected to last a decade. They will probably last even longer than that because hi-def technology has matured to the point where users couldn't possibly need higher resolution or more pristine sound effects. Where do you think magnetic storage will be in ten years? Heck, where do you think solid-state storage will be in ten years?

The point is that technology changes, and people invent things like MP3 that let you squeeze more into smaller space. Which means movie format won't stop piracy because it's "too big".

Re:Please improve the source code

[Rufus211 (221883)]

A quickly glanced at the java sources.
They are crap. No use of NIO, using Hashtable instead of HashMap and all sorts of strange quirks.
I predict, a proper version will be *much* faster in decrypting the content.
Please, someone with time on their hands: Improve this code

Why would those things matter at all? 99% of your time will be spent in the java-provided AES decription routines. Optimizing a single hash lookup will make about 0 difference.

Lookup premature optimization is and learn from others mistakes.