New AACS Fix Hacked in a Day

VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

If it's viewable, it's hackable

Blu-ray discs with a further layer of copy protection called BD+ are rumored to be nearing delivery

You know, they say the definition of insanity is doing the same thing over and over again, expecting different results. Somewhere I picture entertainment execs, having been sold a big and expensive line of B.S. by the firm that developed BD+ (just as they had been sold the exact same line by the companies that developed CSS and AACS), sitting in some board room saying "Don't worry, THIS time it's going to work!" They just don't get it. If it's viewable, it's hackable--period.

Re:If it's viewable, it's hackable

You're not looking far enough down the road to where this all leads. Hell, you're not even looking back on the road we've all be travelling where all of this is concerned. They know there is no knot that cannot be untied. What they are winning is the sympathy of lawmakers who are increasingly adding to the penaties of copyright infringement, writing new laws around the globe and generally extending copyright indefinitely. It's the quicksand they have us trapped in that they are after. The more people resist, the more legislative backing they receive. How long before whistling a tune as you walk down the street will get you arrested?

Music [and the arts] may have charms that will soothe the savage beasts in all of us, but these people want you to pay for the remedy and will do anything to make sure you do!

Re:If it's viewable, it's hackable

My *next* letter to Sen. Patrick Leahy will have 3 focal points...
1: I like the work he's currently doing on Judiciary with the investigations. This stuff is IMPORTANT!
2: As far as copyright law goes, these days it's not really "all about the artists," as he has told me in letters in the past. If he really believes that, he's being sold a bill of goods by the mafiAA, and I need to dig up substantiation for his.

And the point germane to this thread...
3: Passing ever-more-draconian copyright/DRM legislation is HURTING our media industry. We will NEVER get a regimen this tough forced around the world, no matter how hard we try, and no matter that there are some early exceptions. NONE of this stuff has done spit to stop widespread violation in China and it never will.

Like it or not, the world is changing, and the mafiAA had darned well better learn to cope with it. The current legislative path in the US is coddling them, and allowing them to not cope with a changing world, and at some point they will be completely incapable of playing on the world stage. (figuratively and literally) For an analogy, a favorite on Slashdot is how the movie industry grew up in California, in order to get around the protective laws the stage industry had in New York. If the mafiAA doesn't learn to adapt, world entertainment WILL move elsewhere, it's just a matter of time.

Which is a harder problem - cracking the Chinese copyright violation problem, or teaching Bollywood to make good movies?

Re:If it's viewable, it's hackable

Except the less you buy, the more the industry claims that those losses are due to piracy. It's a never ending cycle.

Re:If it's viewable, it's hackable

Why should we have to completely ignore our culture just because of some assholes at the top? The Libertarian solution to every problem doesn't always work, and in this case, it won't work. People are ignorant of the issue, and even if they knew about it, they'd rather continue indulging in their culture and entertainment rather than "fight the power". We need to think of a different solution, and continuing to break all the rights-restricting DRM they throw at us is, in my opinion, a good start.

If the law wasn't bought and paid for by them, a boycott might work, but since they are able to extend copyright to cover anything and everything for as long as they want, we cannot just vote with our wallets; they've got much bigger wallets than us.

Re:If it's viewable, it's hackable

Oh get off your high horse. The wealthiest 1 percent of earners in this country pay 37% of tax revenue. How that got modded as Informative is beyond me.

Re:If it's viewable, it's hackable

> You know, they say the definition of insanity is doing the
> same thing over and over again, expecting different results.

And Bartcop's second law [bartcop.com] says that if someone makes a "mistake" that makes them a whole heap of money, then they will make the same "mistake" again and again and again. They keep making new protection scheme revisions, the content providers keep buying in and hardware manufacturers keep upgrading.

These protection schemes aren't a failure as you seem to think. They're accomplishing exactly what they're intended for.

Re:If it's viewable, it's hackable

Well, you're right that the key-revocation scheme was designed to deal with this, however where the problem lies is in certain assumptions that the people designing the revocation system made.

I don't think they ever thought that the keys would get compromised this quickly. The AACSLA is fighting an asymmetric war. It takes them, what, about six months to revoke a key? Maybe they could get that down to a few months, but it's still going to be difficult. They have to realize that a key is compromised, decide to revoke it, make up a new MKB, master a new disc, send that disc master to Taiwan or China for pressing, and import and distribute the new disc. There's only a certain amount that a process like that can be expedited by.

The revocation scheme was designed to deal with insecure players, basically as a one-off process. Player gets compromised? Revoke it. It's not getting them any security in its current state. Right now, they revoke existing key. New key is compromised after one day in circulation. They begin revoking it. Six months later, they revoke new key. Rinse. Repeat. What's the steady state of this system? The hackers win, because at any given time, they probably have the keys to all the extant discs.

Now, you do bring up an interesting point about blocking software players, and just eliminating them altogether. Setting aside the problems this would cause with the likes of Microsoft and other players heavily invested in the concept of HTPCs, it might slow things down. However, I don't think there's any reason to think that they keys can't be extracted from the hardware -- that's just too good of a technical challenge to pass up. And again, if the rate at which keys get compromised is much, much faster than the rate at which compromised keys can be revoked, then the AACS loses control.

Re:If it's viewable, it's hackable

I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented.

Yes - just a small matter of implementation :)

You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.

Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).

And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.

Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.

All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.

I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.

--Ng

45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2

Just for the record.

Haiku?

the site posted the 128-bit key as a method of decrypting a small haiku that they placed on the same page, noting that it just might accidentally (wink, wink) be the same key that will decrypt new high-definition discs as well

I couldn't find that Haiku... Was it:

Broken it is now
Silly little execs
More Free DVD's

It's painful to watch...

My cat does this with spiders. Once he's got one of the hairy buggers pinned, he just sits there and waits for it to make a dash for "freedom". Then he chews another leg off it, and goes back to waiting.
Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly. If I can live with it in my own home, I can live with it in the media market...

The other side of the coin

From the summary:

One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

Indeed...one could argue that a company would better serve its shareholders and its long term interests by eliminating copy protection completely. After all, at this stage of the game, anyone who wants a pirated copy can either make it themselves, or knows some techie guy who can. Eliminating all copy protection would save money otherwise pissed away on ineffective measures that only serve to annoy legitimate users, and would build a measure of good will and consumer loyalty that is worth more than anything deterring piracy could realize.

Re:The other side of the coin

"...anyone who wants a pirated copy..." (emphasis mine)

Aha, but that's the key. Most people don't necessarily want a pirated copy. They just want a copy. If the copy protection can be difficult enough to get around to not make it worth the average person's time, then they won't bother getting a pirated version. People who make a conscious effort to pirate the material cannot be stopped, but if you can make it difficult enough to pirate nobody else will bother. I think the movie industry massively failed in that regard with DVDs. It became far too easy to pirate them. I also think they'll also fail here, but I do see why they keep trying. If they can just make it hard enough, most people won't bother.

DRM == FRAUD

When will the legal system in this country catch on to the fact that DRM is a garden variety fraud, perpetrated by shady "engineers" on gullible content producers?

There has never been a working DRM system in the history of mankind. There will very likely never be a working DRM system. And I only say "very likely" because the rest of history is a very long time - but it is impossible to imagine how any such system can be built in the future, regardless of technological progress.

The roster of DRM vendors is a list of failed charlatans, with a track record of consumer ire, ruined reputations (the vendors' own, and their customers), legal liability (remember Sony?), and of course, enormous costs for their customers - their true victims.

I wonder if the spectacle of AACS' failure will finally begin to wake them to the fact that no one can sell DRM, because it doesn't exist - and the people who claim it does are no better than those selling magic weight loss via email spam.

Neverending story, eh?

This reminds me of a famous song... [wikipedia.org] let's see what we can do with it.

*ahem* *ahem*

Turn around
Look at what you see
In their face
The keyword of your dreams
Make believe they're everywhere
Just encrypted in the lines
Written on the DVD's
Is the answer to our never ending story
ah ah ah

See the cracks
In their fantasy
crush their dream
show them what they'll be
Codes that keep their secrets
Will unfold behind a yarr
zero nine eff nine one one...
Is the answer to our never ending story
ah ah ah

Show no fear
For they may fade away
In your hands
The birth of a new age
Codes that keep their secrets
Will unfold behind a yarr
zero nine eff nine one one...
Is the answer to our never ending story...
ah ah ah
Never ending story...
ah ah ah
Never ending story.

Maybe I'm in the minority, but...

I would have already bought an HD-DVD player had there not been DRM in place. If I knew I could make copies for myself, rip to a portable or my laptop easily, etc., I would already own an HD-DVD player an several movies for it. I guess the Industry doesn't take my demographic into account as it must be a minority, but surely there has to be some up-side to playing nice with consumers and letting us make copies/rips of their movies. I used to buy music, too, when I knew I could copy/mix/etc.
  Would they lose a sale here and there because somebody copies a movie for a friend/family/neighbor? Yes, of course. Are they going to anyway? Yes. But...are they losing sales because of DRM in place? I think lots.

It's still doing it's primary job

AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet.

That's really what the content cabal are most interested in. Piracy of their content is a foregone conclusion. It's been happening for decades, and in some countries, almost the entire market for their content is based on counterfeit copies. They've long since priced their "losses" into the cost of their product.

What AACS (and CSS before it) is really about is enforcing the other forms of DRM they've implemented, like user-operation prohibition (preventing you from skipping the pointless FBI notice, company credits, and best/worst of all, advertising) and region coding. Note that neither of those DRM schemes have anything to do with piracy prevention - they're just another route for indirectly extracting revenue from the consumer, by force-feeding advertising or by exploiting the arbitrage created when they don't release their content simultaneously around the world.

dvd sales

I know this has been mentioned before a million times, but...have dvd sales really been hurt that bad by the encryption for dvd being broken years ago? Those that will rip, will find a way to rip. The rest will buy the blueray/hd dvds.

Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?

Watch the news spread using Google

At the time of posting, this gives 973 results. Click the link [google.com] see how much further the news has spread.

2 down...

Just (2^128 - 2) more to go!

Re:Bad system

But, you know, most of these hackers aren't even doing this because they desperately want to watch Pirates of the Opening Weekend IV: At Wits End, since most people have better things to do than watch Kiera Knightley and Orloomdo Bland do their best dining furniture impression.

No, these guys break AACS simply because it's _there_, and the movie industry *dared* them to do it.

And you know what? By making it more complicated than DeCSS, they made BD+ and AACS simply become *even more fun* to hack.

These guys should befriend some supply-side economists to learn about incentives and how they work.

Re:Blank Stare

I'm sure you thought that was deep, but dude, put down the stick, exhale, and re-read your lines.

There isn't anything deep about it, it just happens to be true.

You know, like this...

            The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country.
            We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society.
            Our invisible governors are, in many cases, unaware of the identity of their fellow members in the inner cabinet.
            They govern us by their qualities of natural leadership, their ability to supply needed ideas and by their key position in the social structure. Whatever attitude one chooses to take toward this condition, it remains a fact that in almost every act of our daily lives, whether in the sphere of politics or business, in our social conduct or our ethical thinking, we are dominated by the relatively small number of persons--a trifling fraction of our hundred and twenty million--who understand the mental processes and social patterns of the masses. It is they who pull the wires which control the public mind, who harness old social forces and contrive new ways to bind and guide the world.

By the Creator of the Public Relations Industry, and Nephew of Sigmund Freud, Mr. Edward Bernays

Re:AACS v. RSA/TLS

The algorithms underlying AACS are quite strong. However, in order to be able to play, AACS not only delivers the encrypted content on the disk, it delivers the key itself, in an encrypted format. And they deliver the key for that in the guts of every single player. Kind of daft, isn't it?

The AACS algorithm itelf hasn't been cracked. The encryption itself is based on AES, and it has no known practical attacks against it. The industry was smart about it this time, and made the spec fully open for review. What is happening is that they keep hiding the key under the mat, and we keep finding out where it is.

Re:Okay... How do we use a crack?

Now that multiple keys are out, how does someone legitimately use a key to view a HD disc on Linux?

https://help.ubuntu.com/community/RestrictedFormat s/BluRayAndHDDVD [ubuntu.com] is one method which can help; but a few caveats. The problem for Linux play is no longer the video codecs (recent ffmpeg builds have VC-1 support pretty much down pat, and H.264 has been fine for ages if you have a sufficiently powerful rig).

The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.

--Ng