Forgot your password?
typodupeerror
Encryption Security Hardware

HD-DVD and Blu-Ray AACS DRM Cracked 432

Posted by samzenpus
from the that-didn't-take-long dept.
EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?" Warning: this link contains video.
This discussion has been archived. No new comments can be posted.

HD-DVD and Blu-Ray AACS DRM Cracked

Comments Filter:
  • by sith (15384) on Thursday December 28, 2006 @01:51AM (#17384734)
    As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

    In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.

    We'll see. I think it's good news for us though, no matter what.
    • by Myen (734499) on Thursday December 28, 2006 @01:57AM (#17384760)
      Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.

      If this is a crack for the DRM, then GPG is a crack for PGP.
    • by FuturePastNow (836765) on Thursday December 28, 2006 @02:05AM (#17384802)
      According to the program's creator:

      I was very surprise to realize that the title key is there, in memory!

      Older systems make Trusted Computing their bitch. Oh yeah.
    • As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?


      Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.

      Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):
      A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.
      and
      Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.

      So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
    • by Junta (36770) on Thursday December 28, 2006 @03:06AM (#17385074)
      Looks like from his FAQ that he figured a deterministic way a particular piece of HD-DVD software stores the key in memory. Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain.. Wonder how he knew what to look for so quickly... Well, suppose he did have a couple of distinct movies, he probably had a set of addresses that obviously changed between discs or titles, and probably some tell-tale strings...

      So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.

      Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....

      BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.

      Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.

      Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.
      • by pla (258480) on Thursday December 28, 2006 @08:32AM (#17386220) Journal
        Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain

        Not really... Even without any better strategy, you can narrow the potential range down QUITE a bit (within one process' address space), and exhaustively try every machine-aligned keylength-block in just a few seconds. And it would surprise me greatly if we can't do a whole lot better than that



        and revoke keys in future pressings and force upgrades to software users.

        Revocation accomplishes nothing (except, as with most DRM, annoying legitimate users) if the cracker can get the key dynamically. This problem WILL result in the eventual blacklisting of XP for HD content, at which point the protection of AACS will reduce to the security of Vista's kernel (ie, already cracked).



        It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.

        Bingo. Although it does look like they at least tried to make it somewhat hard this time, no solution (not even quantum) exists to the cryptography problem where "Bob" and "Carol" (the "man-in-the-middle") count as the same entity.
    • by Bios_Hakr (68586) <xptical.gmail@com> on Thursday December 28, 2006 @03:07AM (#17385078) Homepage
      It's pretty early in the rollout. The execs will kill off the format and release a new system within a year. HD-DVD-2 or something like that.

      Then, they'll just not give the keys to PowerDVD.

      Note to all future hackers. Wait till you have critical mass before you release a crack.
      • by dtfinch (661405) * on Thursday December 28, 2006 @03:55AM (#17385238) Journal
        They have many keys now, one for each model of player. I don't remember the exact terminology, but the player private keys are used to decrypt the disk key stored on the disk. There are many copies of the disk key, each encrypted with a different player's public key. If they want to revoke a player, they just don't include a copy of the disk key encrypted with that player's public key on future disks. So that player can play old disks, but they'll need to replace it to play new disks.
        • Re: (Score:3, Interesting)

          by deroby (568773)
          Not quite sure I understand how this works then =(

          If each disk contains a (limited) set of keys, one for each model like you say, what will then happen when a new model comes out next year and I put my 'old' DVD-HD disk in there ?
          => the model didn't exist yet, hence, there is no key, hence, my 'newest' player can't play my 'oldest' movies anymore ? Or did they just foresee 10.000 keys and assign them to models as they get released ? (plenty of space on these shiny disks after all).

          Additionally, wouldn't
        • by javilon (99157) on Thursday December 28, 2006 @06:50AM (#17385816) Homepage
          When a couple or three keys for _hardware_ players leak the content providers will have to make their minds up and decide if they revoke them.

          If they decide to do so, I can tell you that the whole scheme will go down. There will be people with bought and paid hardware made useless. This will be a very good example when explaining to people why DRM is a problem.

          Also, if I have learned something in this thread is that if you hack a player, you just have to keep it secret and only release the disk keys for every disk that comes out to the market. If the RIAA doesn't know what player has been hacked, they can't revoke its key. Having one player hacked will invalidate the whole schema as long as the RIAA doesn't know wich one is it.

          I am the owner of a High Definition 50 inches TV, with only DVI input. That I see as a good thing. I will not be tempted by the new High Definition *paid* content. There is no way I will be paying another 3000 for a new set just because the content providers refuse to show their content on my perfectly good one. This is also a good way to explain people what DRM is about.
          • Re: (Score:3, Interesting)

            by Kjella (173770)
            When a couple or three keys for _hardware_ players leak the content providers will have to make their minds up and decide if they revoke them.

            If I recall correctly, the decision tree is very large (possibly down to a single player) so no, a few hardware keys released means only a few players will die. Of course, if you have a credible threat that you can keep posting new keys (should be too hard if you've found a method) then it's pretty much shot.
  • It takes a while... (Score:5, Informative)

    by FuturePastNow (836765) on Thursday December 28, 2006 @01:56AM (#17384754)
    The site's Farked, Digged, and everything else already, but here's the forum this was first posted to: http://forum.doom9.org/showthread.php?t=119871 [doom9.org]

    It contains a download link to the program.
    • by interiot (50685) on Thursday December 28, 2006 @02:03AM (#17384794) Homepage

      Duggmirror [duggmirror.com] has a copy of the doom9 thread, as well as a link to the source code [rapidshare.com].

      As another poster said, the package contains several title keys already extracted via some method. It's not clear how the author extracted the keys, or whether it's possible for the AACS people to revoke a player in order to prevent future keys from being leaked the way they currently are.

      • by minus_273 (174041)
        AACS was designed so that keys could be revoked fro future titles.
        • by interiot (50685) on Thursday December 28, 2006 @02:14AM (#17384844) Homepage
          I don't really know much about it, but keys included in the package are title keys (eg. download the source code [rapidshare.com], see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?
          • by IamTheRealMike (537420) <mike@plan99.net> on Thursday December 28, 2006 @10:01AM (#17386812) Homepage

            Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.

            Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.

            • Re: (Score:3, Interesting)

              by afidel (530433)
              Actually, if they are title keys then it probably is NOT enough to finger the player. The player key is used to decrypt the title key, which is used to decrypt the content. The content is only encrypted with one title key, and has no relation to the player key. So as long as you only release title keys there is no way for them to know what player(s) have been compromised. Of course most hackers will probably release their findings as cracks to the software program, but eventually a smart one will simply set
        • by qbwiz (87077) * <`moc.ylimafnamuab' `ta' `nhoj'> on Thursday December 28, 2006 @02:15AM (#17384848) Homepage
          Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key? Or are all HD-DVD players networked, so their keys can be changed at any time?
          • by interiot (50685)
            Most likely the author was using a PC-based software player, so most likely, legitimate end-users just need to download an update to be able to play new movies. (the update would both include new player keys, and an attempted fix for whatever way people are pulling title keys from the software)
            • by skiflyer (716312)
              oooo yeah, that's going to be a great way to help the adoption of HD-DVD/BluRay right now.

              Sorry your brand new laptop with a built in drive won't play the newest movies, but some people have hacked the software on your laptop, yes that's right the software we licensed and approved, and now you must update the same software with new keys to watch new movies.

              AKA, you're on an airplane, you have no connection, and things just plain don't work.
            • by Datasage (214357)
              True, but whats to stop a key from a hardware based player from being compromised? You could release a firmware update, but how many people would expect to install it?

              If a large number of device keys become compromised, revoking all of them would be a nightmare. I don't see how its possible to keep a key secret forever. Especially in software.
          • by bigberk (547360) <bigberk@users.pc9.org> on Thursday December 28, 2006 @04:18AM (#17385322)

            Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key?
            Sure it might suck, but it's one of those little annoyances we live with because we know that Theft is Theft. We're only too happy to pay for a product and then have it cripple apart before our eyes. Sure, I might no longer be able to use the equipment I paid big money for, but will sleep comfortably at night knowing that at least the companies have protected their profits, just a little bit.
        • by evilviper (135110) on Thursday December 28, 2006 @02:18AM (#17384868) Journal
          AACS was designed so that keys could be revoked fro future titles.

          So was DVD CSS...

          Would you care to guess how well that worked?
          • Re: (Score:3, Funny)

            by minus_273 (174041)
            i love these slashdot replies where smartass idiots reply with the dumbest stuff. Read a little about AACS the people who made the thing are not idiots.
      • by Anonymous Coward on Thursday December 28, 2006 @02:14AM (#17384846)
        By giving out the actual per-disc keys, the guy has avoided the fate of the original decss hack which used a player key that was "revoked". Unless the "AACS people" can figure out what player key he used to get those disc keys, they can't revoke it, though they can re-author the disc with a different disc key for the next batch (which one supposes could be leaked the exact same way as the first, whatever that way is).

        (For those that don't know, every disc's content is encrypted with a key particular to that disc. That key is then encrypted repeatedly with all of the device keys that are currently authorized to play that disc. Presumably there are dozens or hundreds of spare unassigned device keys in there for future use, as well. Thus, the player uses it's device key to decrypt the matching copy of the disc key, then uses the disc key to decrypt the disc. In the DVD days, device keys wouldn't be "revoked" as such, they would simply quit being used on new discs, so the device could play all old discs, but would be unable to get a disc key for new ones. Not sure if AACS actually added an actualy revocation list for device keys that would completely disable the device, as it is apparently able to do for other cryptographic keys like the HDCP keys)
    • P2P links then... (Score:2, Informative)

      ed2k://|file|BackupHDDVD.zip|17964|4860e9248663d52 dc47bfc98d61ec6d7|/ magnet:?xt=urn:bitprint:ZHZI65X7J4NIX7TU7KLDIZXIJA 62SXX7.OBRERVSGGVO4OMWW7JN7BPC2BPDCE2U5NBUVU3Y&xt= urn:ed2khash:4860e9248663d52dc47bfc98d61ec6d7&dn=B ackupHDDVD.zip&xl=17964
  • Well and good... (Score:4, Insightful)

    by Ekhymosis (949557) on Thursday December 28, 2006 @01:59AM (#17384774) Homepage
    But I would like to know how this will affect the customer as well. I know short term that DRM is bad and all, especially with the "where there's a will, there's a way" mentality in cracking it, but seeing as how these companies invest (or rather waste) millions in copy protection schemes, will they jack the prices up to cover the cost of their mistakes? I think this practice has become mainstream, no?
    • They set the price to maximize their profit, it doesn't have anything to do with the cost. If they could make more money by raising prices, they would (in reality people would probably by less DVDs).
    • by Tweekster (949766)
      at 30 dollars a title they wont have all that much raising prices and being a successfull format. hell hd dvd and bluray are both up for grabs whether they will even be relevant in a couple of years.
  • Wrong conclusion... (Score:5, Interesting)

    by im_thatoneguy (819432) on Thursday December 28, 2006 @02:02AM (#17384784)
    The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'

    I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:

    "Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.

    It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
    • Re: (Score:3, Interesting)

      by Paul Jakma (2677)
      Sure it's illegal,

      Actually, no, that's not sure at all.
      • Re: (Score:3, Interesting)

        by spire3661 (1038968)
        Again here we are. The gulf between media and licenses. He paid for legal license to watch said performance. Why on earth should he be charged full price to watch the same performance in a different format. If we could find a way to separate license and format, the digital age could truly begin. But the media companies dont want to make the license and the media separate. If I buy a HD-DVD, and I want a DVD copy of it, I should be able to get one at the cost of manufacturing the MEDIA , not the media AND th
  • Damn it! (Score:5, Funny)

    by fahrbot-bot (874524) on Thursday December 28, 2006 @02:03AM (#17384796)
    Cracked already? I had December 29th in the pool.
  • by BenJeremy (181303) on Thursday December 28, 2006 @02:06AM (#17384804)
    Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?

    The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?

    If true, it's brilliant.... if not, then they missed the boat.
    • by Weedlekin (836313) on Thursday December 28, 2006 @06:49AM (#17385800)
      "given lackluster sales of hardware"

      The poor hardware sales are due to the following factors:

      1) Hi-def content is only of interest to the small minority of consumers who have a TV capable of displaying it, a screen big enough to notice any difference from up-scaled DVDs, and the requisite inputs, i.e. HDMI if they don't want to risk having future content down-scaled to a level that's worse than DVD.

      2) Even those who fall into (1) above are wary of the fact that there are two competing formats, so many will inevitably wait and see which of them finally wins (or alternatively, wait for a player that's compatible with both).

      3) Prices are extremely high at the moment -- for less money, one can buy a decent stand-alone DVD recorder with an integral DVR and editing system, which appeals to far more consumers due to being usable with a much wider range of TVs. The fact that DVD players are now available for less than the cost of newly released media for them does nothing to help this situation.

      4) A shortage of blue lasers means that even those early adopters who want HD-DVD or Blu-Ray players have difficulty finding one.

      5) There isn't a vast range of compelling titles in Hi-def formats, and some of those that are available don't actually look any better than the DVD version (in some cases they're worse). Furthermore, the fact that certain studios are aligned with HD-DVD while others favour Blu-Ray means that it's rare to see a movie released on both, meaning that those who opt for one format cannot view movies that only get released on the other one, thereby bringing us back to (2) above. By contrast, a $25 DVD player gives people access to a gigantic library of content, much of which is available for around $5, or can be rented, pirated, or made by individuals using cheap and readily available equipment.

      6) Early adopters with money to burn tend to read lots of reviews, and will therefore know about the problems each of the small number of available players have with some disks. These issues might be acceptable with a $25 no-name DVD player, but those who spent between $500 and $1000 on a new hi-def system will be feeling very pissed off indeed if one of the only five movies they want to watch on it doesn't play properly.

      Problems (3) and (4) will disappear fairly quickly because the lack of blue lasers is a short-term phenomenon, and once production ramps up, competition between manufacturers will progressively lower prices and ensure that dual-standard players come on to the market, possibly (i.e. not definitely) some time during the next year, and this competition will also mean problem (6) won't be (much of) an issue in a year's time. Even so, realistically speaking, the requirement for a large high-definition TV set will mean that adoption rates will remain low for a few years yet, so the range of titles will be significantly more limited than those for DVD, and sales / rental outlets will therefore devote less shelf space to them than their DVD equivalents, as indeed was the case with DVDs when VHS was the dominant format. However, unlike the VHS / DVD situation, it's easy and cheap for manufacturers to equip blue laser players with the ability to read standard DVDs, so those with existing collections aren't forced to re-buy everything in the new format, and this will probably help adoption rates once the price drops to an acceptable "impulse buy" level (i.e. below $150/Euros) and equipment is supplied with "dongles" (internal or external) that ensure output doesn't become degraded when connected to non-HDCP compatible displays (the fact that no media have HDCP yet is a short-lived phenomenon, because the media companies wouldn't have insisted it be there unless they intended to use it).

      So the probability of this crack having been unofficially sanctioned by the industry (hardware or media) is very remote indeed, because the slow hardware sales aren't in any way linked to DRM, and even if they were, hardware companies in particular could easily circumv
  • Link (Score:5, Informative)

    by h4rdc0d3 (724980) on Thursday December 28, 2006 @02:07AM (#17384812)
    If anyone wants to try it out, here is a link to the executable and source code (Java)...

    http://forum.doom9.org/showthread.php?t=119871 [doom9.org]

    There is more detailed info in the included FAQ. The bad news is, the program itself isn't actually "cracking" anything. The author used publicly available AACS documents to write his own decrypter (e.g. just as PowerDVD or WinDVD would). The catch is, you must provide the decryption keys to this software in order to rip the movies from the disk.

    However, the good news is, it looks like he may have found a way to extract the needed decryption key(s) from the HD-DVDs. He doesn't explain how in the documentation or provide any keys, but if he figured it out I'm sure others will - and that means more advanced and powerful tools shouldn't bee too far off.
  • I think Hollywood has a slight edge here. Consider this: Ripped DVDs came around to 4 - 4.5GB and while this isn't a huge amount of diskspace, it is still a considerable amount of space. Even so, a 250GB HDD (you can get this for
    Now coming to HD-DVDs (the screenshots from the article show approximately 24GB of space being used or 24GiB, whatever tickles your fancy). This means a 250GB will be able to hold
    The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and
    • Yes, but who keeps their ripped DVDs in their original format? Most people use XVID or similar compression to get them down to 700-800MB (or, I should say, most P2P downloads are that size and format).

      A dual-layer HD-DVD is 30GB, similar compression would get that down to about 5GB. That's $2 worth of hard drive space.
    • Re: (Score:3, Interesting)

      by BenJeremy (181303)
      True, but you could also use a better compression algorithm and knock the size down... say, use a new version of RatDVD, call it "RatHD" and preserve all of the menuing and features, but compress it down to 8 or 9 GB and save to DL. Even better, if you don't have 1080p, compress it down to 720p and save more space, but still get higher def than DVD as a backup of your movie discs. Store your retail HD discs away some place safe and use your backups for playback (or keep on the HTPC HD for easy retrieval)
    • Multi Terabyte harddrives are on the way. There was once a time that ripping a DVD was considered ubsurd because of the amount of space it consumed. Before that, ripping uncompressed CD audio was considered ubsurd for the same reason. With new developments like vertical storage, I don't think space will stay an issue for long.
    • by TexasDex (709519) on Thursday December 28, 2006 @02:54AM (#17385048) Homepage
      The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and store it on your fileserver for the next year or two. This is awesome news but i am not sure i'll be ripping HD-DVDs/Blu-ray disks like i used to rip DVDs. These things take way too much space. Hollywood would have an edge if they priced the stuff at around 15-20$ - i'd buy one than let a movie take up 30GB on my machine.
      Wait 5 years and read that post again. I bet you'll laugh. "Only 24 gigs?" you'll say. "That's nothing!" I guarentee it.

      To put it in prespective: My old 486 had a hard disk with less than 400 MB of space. But it also had a CD-ROM drive. Your average CD back then held 650MB. Yes, it had an optical drive that was bigger than its hard disk. Nobody ever thought to even include copy protection on the CD because storing that much data was insane, and transmitting it over the internet even more so. With the advent of MP3 and bigger storage and broadband it became commonplace to trade music online.

      My brother got one of the first computers that came equipped with a DVD drive, which has a capacity of 4.7 GB (I'm ignoring the whole multi-layer DVD format for sake of simplicity). It also came with a hard disk that could hold up to 2 Gigabytes. Now your average DVD can be recompressed without too much quality loss to, say, 1.5GB, and modern hard disks will store hundreds of them with ease, and you can download them in an hour or two on a good connection, or maybe a day on an okay one. Are you noticing a recurring theme here?

      The truth is that Blu-ray isn't all that big compared to the hard disks of today, especially not when you look at previous optical formats and how big they were in comparison to the hard disks of the era in which they were first made. Heck I could fit a Blu-ray disk or two on my iPod and have some space left over.

      Such is the progress of technology (by which I mean mostly storage space and bandwidth, but also compression technology and the processor power to implement it). A digital movie standard such as Blu-ray or HDDVD should be expected to last a decade. They will probably last even longer than that because hi-def technology has matured to the point where users couldn't possibly need higher resolution or more pristine sound effects. Where do you think magnetic storage will be in ten years? Heck, where do you think solid-state storage will be in ten years?

      The point is that technology changes, and people invent things like MP3 that let you squeeze more into smaller space. Which means movie format won't stop piracy because it's "too big".
  • by mitchell_pgh (536538) on Thursday December 28, 2006 @02:16AM (#17384854)
    Basically HD-DVD and Blu-Ray aren't even options for me at this point as the DRM associated with it has me shaking my head. While I'm willing to pay $20+ for a movie, I want to be able to use the movie on my terms after the initial purchase.

    If this hack proves to be valid, I would actually consider investing in the technology as it opens the format up to Linux/Unix/OSX/etc.
  • Sort of Cracked (Score:5, Informative)

    by Jah-Wren Ryel (80510) on Thursday December 28, 2006 @02:16AM (#17384858)
    It sounds like he didn't "crack" AACS, he just extracted the disc keys for certain titles.

    A quick and dirty and probably somewhat inaccurate description of the way AACS works is that each disc is encrypted with a single 'disc key' and then that key is encrypted once with every known 'player key,' and each of those is stored on the disc. So, if you have an authorized player, it will find the version of the disc key that it knows how to decrypt and then use that to decrypt the disc for playback.

    My guess is that he used one of the software players like WinDVD or PowerDVD that now sort of support HD-DVD and BLU-RAY. But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.

    The studios thought that they would be able to 'revoke' disclosed player keys by just not using them on any discs pressed after the disclosure was made public. This guy's approach seems to be to distribute disc keys and then anyone with the same disc can decrypt that specific title, thus making it harder for the studios to guess which player keys need revoking.

    I think that this guy's approach will be most useful to widescale pirating because all it takes is for one person to decrypt a movie and share it with a billion of his closest friends. But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.

    So, I now look forward to various HD titles from disc (rather than from broadcast, which are already common if you know where to look) showing up on P2P and elsewhere, I'm still not purchasing any AACS playback system since the "crack" is not (yet) useful enough for me to exercise typical fair-use rights of format shifting and personal editing.
    • Re: (Score:3, Interesting)

      by TubeSteak (669689)

      But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.

      Maybe I misunderstood you, but you seem to be suggesting that in the future, not all disc keys will be available.

      I recall reading (a long time ago) that teh intarnet pirates had already ripped about 3/4 of Net Flix's catalog. I imagine that they'

    • Re:Sort of Cracked (Score:4, Insightful)

      by Dachannien (617929) on Thursday December 28, 2006 @03:38AM (#17385192)
      If that's how he's doing it - by distributing disc keys - then the studios will just start making shorter runs of the discs from the same master. There'll be, say, a hundred different disc keys for the same movie, and you won't know which one you have until you try them all. An individual or group would have to get hold of all 100 discs (or at least the portions of each that store the disc keys) to compile a complete list.

      While it's certainly a move in the right direction, unfortunately, it's far from ideal. The reason I feel no moral compunction about saying this is because of your astute observation that this DRM scheme utterly fails to prevent piracy and instead is unfairly limiting how legitimate customers can use the products they buy. It's likely that this was the primary intent all along.

    • Re:Sort of Cracked (Score:5, Insightful)

      by RAMMS+EIN (578166) on Thursday December 28, 2006 @07:45AM (#17386036) Homepage Journal
      ``But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.''

      So now the next step is to disallow running software in a debugger, just like in The Right to Read [gnu.org]
  • Just a clarification because BoingBoing is confused. The zip file from doom9 does NOT contain any keys. All it contains is lines like:

    CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-00000000000000000000000000000000

    That's the sha1 hash of the file F:\aacs\VTKF000.AACS, a human readable name, and where the title keys should be. Notice the title key is all 0's, which is obviously wrong.

    Also the fact that BoingBoing ran the program and it slightly changed the file is meaningless. Trying

  • HDCP (Score:5, Insightful)

    by StreetStealth (980200) on Thursday December 28, 2006 @02:21AM (#17384902) Journal
    It seems to me most people are seeing this as a means to:

    A) Place-shift HD-DVD content (despite current storage constraints)
    B) Pirate HD-DVD content (despite current bandwidth constraints)

    when I see the much more immediately relevant issue being that of HDCP: If this crack can be rolled into something on the order of a VLC plugin, there's a chance I'll actually be able to use my technically-more-than-capable, yet not-a-member-of-the-HDCP-club LCD display to view commercial 720p content.
  • BackupHDDVD FAQ (Score:5, Informative)

    by Black Acid (219707) on Thursday December 28, 2006 @02:54AM (#17385050)
    B a c k u p H D - D V D F A Q

    -What is "Backup HDDVD" for?
    It can do backup copies of HD DVD movies that YOU OWN! I don't want anyone to do piracy here! This software is a good way to protect your investment, because I have notice that this type of media seems very fragile, if it's scratched a little or dirty, it won't play. It seems less tolerent than DVD format. (Higher density!)

    -What "Backup HDDVD" is doing exactly?
    This is a java based command line utility that decrypt video files (.evo) from a HD DVD disk that you own, to your hard drive and you can play them back with a HD DVD player software.

    -What are the system requirements to use "Backup HDDVD"
    1 - A Windows based system
    2 - A HDDVD disk drive
    3 - A HDDVD player software (like PowerDVD)
    4 - A HDDVD movie(s)
    5 - Java rutime 1.5
    6 - The possibility to access the content of the disk with a drive letter under windows.
    (you may need UDF 2.5 file system driver for this)
    7 - A lot of free hard disk space to backup your movies!

    -Was your first HDDVD movie hard to decrypt?

    It took me around a week to do. But I have wasted few days
    trying to work on too complicated approach. In fact, it is very simple.

    -How do you do that?

    The program itself has nothing special. It simply implement the AACS decyption protocol. I have followed the freely available documents about AACS
    Have a look at: www.aacsla.com The trick, is to find what they call the "Title keys". So I figure out how to extract them.

    -How do you extract the "Title keys"?

    I won't explain it in detail. Read the AACS doc first. You will understand. The title keys are located on the disk in encrypted form, but for a
    content to be played, it has to be decrypted! So where is the decrypted version of the title key? Think about it...

    -What kind of crypto algorithms are involved?
    Standards algorithms:
    ECC-160
    AES-128
    Look in the AACS doc for more details.

    -What is the TKDB.cfg file?
    This is the Title key Database file. It holds the decryption keys for the movies.

    -What is the format of this file?
    Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
    Next fields are pipe "|" delimited.
    -Movie Title
    -A variable number of Title key, pipe delimited
    You have a key number followed by the key value like:
    12-08A3DC61910280F2...

    Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.

    -The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
    Here is my TKDB.cfg:

    CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-0000000000000000000000
    0000000000
    486198E3855B57CD40F6DC0C60645BDE8E1E9AC5=Van Helsing |19-0000000000000000000000
    0000000000
    3D357B0653A66176583C5218FD0149EAF8832FB0=The Last Samurai | 1-0000000000000000000000
    0000000000

    -What do you think of the technical aspects of AACS?

    The design is not that bad, but it's too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs
    to get the keys! There will always be insecure implementations of a player somewhere! And the "Revocation system" is totaly useless if you use
    the Title key directly.

    -Is there any known problems with the decryption?
    Yes. I call this problem the "Nav chain" bug. I realize that I have a lot of frame skipping at playback after the decryption, so I hunted down the problem. To avoid the frame skipping, I patch the video file. This fix allows smooth playback of the movie, but there are some side effects.

    -What are the side effects of the "Nav chain" bug fix?

    You cannot do fast forward, or backward using the round dial, but you can still use the progress bar to navigate through the film. So it's not that bad... For some reason, the sub-titles don't seems to work anymore. It may be a side
  • by dave1g (680091) on Thursday December 28, 2006 @03:23AM (#17385142) Journal
    So the player key is hard to get at, so this guy worked around it and just copied the title key from memory, which is encrypted on disc with every player key. Since you have the plain text (of the title key) and each of the cypher texts(the encrypted title key), aren't there attacks to figure out all the player keys? And actually its worse since you have many(possibly all?) title keys and all their corresponding encrypted versions that has to extremely limit the search space for the player keys. This would be an even worse problem since they cant just revoke every key. All the hardware would break! Lawsuits galore!

    Seems like the whole house of cards will fall down.
    • Re: (Score:3, Informative)

      by Kjella (173770)
      Since you have the plain text (of the title key) and each of the cypher texts(the encrypted title key), aren't there attacks to figure out all the player keys?

      The short answer: No, AES is a strong crypto (though fundamentally broken when applied as DRM) and there's no known way to extract the player key no matter how many title key plain/ciphertext pairs you have. A typical example would be a SSH connection where you don't know the key, but can send plaintext, it doesn't help you. It might possibly help in
  • by Myria (562655) on Thursday December 28, 2006 @03:56AM (#17385240)
    The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.

    The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.

    A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.

    The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).

    DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.

    Melissa
    • The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system.

      I see no one here has read the AACS spec. Each individual player has a different key, not each model. When The Man revokes an individual player, millio
  • OK. . . (Score:4, Insightful)

    by kimvette (919543) on Thursday December 28, 2006 @09:30AM (#17386608) Homepage Journal
    NOW I am willing to buy hi-def DVDs since I can:
      - Take advantage of Fair Use (make backups, format-shift to my PocketPC, keep copies of the movies on my HDD)
      - Play DVDs on Linux
      - Not worry about downsampling output on non-HDCP video cards

    Now the Blu-Ray vs. HD-DVD format war does not matter so much. Does anyone here care WHICH one wins now that both have been cracked?

    Thanks guys, you rock!

Swap read error. You lose your mind.

Working...