Forgot your password?
typodupeerror
Media Movies Hardware

AACS Hack Blamed on Bad Player Implementation 272

Posted by Zonk
from the finger-pointing-but-no-porn dept.
seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ... We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"
This discussion has been archived. No new comments can be posted.

AACS Hack Blamed on Bad Player Implementation

Comments Filter:
  • To be expected (Score:5, Insightful)

    by Iphtashu Fitz (263795) on Friday January 26, 2007 @06:00PM (#17776548)
    Did anybody really expect the AACS LA to say anything other than what they did? (Besides, maybe "we give up"?)
    • Re:To be expected (Score:4, Interesting)

      by purpledinoz (573045) on Friday January 26, 2007 @06:35PM (#17777116)

      I wonder what they're going to say when it's brutally apparent that ALL software players can be compromised. From what I can see, they have a few options, and none of them are pretty.

      - play the cat and mouse game, and have the keys updated on the players while revoking the old keys.

      - disallow software players all together.

      - admit defeat and forget about revoking keys.

      • Re:To be expected (Score:5, Informative)

        by MoxFulder (159829) on Friday January 26, 2007 @07:53PM (#17778312) Homepage

        I wonder what they're going to say when it's brutally apparent that ALL software players can be compromised.
        In my mind, we're already there :-) The logical next step is to allow only hardware and partial-hardware players. For a PC, this would mean having some kind of "trusted" chip on your motherboard which can encrypt and decrypt data using keys that are hard-wired in.

        Of course, hardware solutions can be broken too. I can envision a couple of ways this will happen:
        • If the keys are truly embedded in the "trusted" ASIC: Making custom chips is expensive. There are substantial setup costs for each new mask, so there will be enormous economic pressure to only have one or a few versions of the chip. This means once one version gets cracked, millions of computers will be freed. What will it take to read the keys off an ASIC? A scanning electron microscope, that's what. As a bored physics grad student currently sitting 10 feet away from an SEM, I can tell you it'll happen :-)
        • If the keys are somehow individualized to each computer, they'll be stored on a flash-based FPGA, or in some kind of microcontroller's flash memory. Manufacturers of such flash-based devices go to great lengths [microcontroller.com] to make it so that the code stored in flash can't be read off of the device, but this is nothing more than the same ol, same ol security through obscurity... figure out the magic voltage that you need to apply to pin 12, and oops there goes the security. Smart card hackers [brouhaha.com] have already figured out ways around the protection in the common PIC16C84 microcontroller.


        Bottom line: DRM is futile because it requires the distribution of a SECRET PIECE OF DATA (the decryption keys) in UNENCRYPTED form (the keys themselves must of necessity be unencrypted). All the crap interposed between the user and the keys is merely security through obscurity. QED.
        • Re: (Score:3, Informative)

          by dr_labrat (15478)
          yup, and there it is folks.

          For the uninitiated, (i.e. non-security chaps), fundimentally when it boils down to it, its irrelevant how good the encryption mechanism if someone is sitting over your shoulder reading the information.

          I really wish the DRM happy crowd would understand that if it gets to be decrypted by a bit of kit that can be in "hostile" hands it is not going to be "secure" for more than 2 months (see DeCSS, Fairplay, Microsofts thingy, BlueRay, um.... Wait... all DRM thus far has been cracked
        • Re: (Score:3, Interesting)

          by Lumpy (12016)
          And how will that stop a well equipped Hacker or a 12th year grad student hacker at the MIT electronics engineering labs from ploping a hardware player on the desk and reading the contents of the ram directly?

          Hacking a software player is only a bit easier if you have the tools. Hacking hardware players is as simple if you are equiped with the right analyzers and equipment.

          Hell if they fudged up and used sram you can halt a processor and read the contents of ram between each processing cycle pretty easily..
        • Re:To be expected (Score:4, Insightful)

          by alienw (585907) <alienw...slashdot@@@gmail...com> on Saturday January 27, 2007 @01:45AM (#17780998)
          First, ASICs are not expensive. They are in fact extremely cheap to produce, and the development costs are not that high and are easily justified in a mass-market application. Nobody in their right mind would use an FPGA in a consumer application -- they are far too expensive.

          Second, I don't think you will be able to read off keys with any kind of microscope. I don't think you'd be able to find out the key even if you had a complete wall-poster-size plot of the chip. I don't think you quite appreciate the complexity of a chip. Even low-end ASICs push millions of transistors these days. About the only method that can be used to steal keys is wafer probing, and that's pretty hard to do with modern chip densities.

          Reading data from a flash EEPROM is even harder. Engineers who design chips are generally much smarter than people who try to break them, and there are plenty of tamperproof chips available. Most tamper-resistant chips now incorporate self-destruct features that erase the data when you try to probe the chip or screw around with its supply voltages or clocks. The industry has come a long way since the 16C84, which wasn't even intended to be tamperproof.

          I am also not sure what your point is with regard to keys. Any secure system ultimately depends on the security of its keys.
          • Re: (Score:3, Informative)

            by smallfries (601545)
            ASICs are not expensive if you're designing a high-priced piece of consumer electroncis where you can absorb the cost into your fat generous margins. If you're aiming at the disc player market then you're competing against cheap imports. DVD players are now so cheap here that you can't give them away (about £30 last time I looked).

            But we're not talking about a common ASIC for each player - you've twisted the GPs point. We're talking about a unique ASIC for each player, and making runs of 1 ASIC would
        • Re: (Score:3, Interesting)

          by MemoryDragon (544441)
          Good morning mc fly

          almost every pc sold in the last three years has this chip, it is called TCPA and
          one of the key areas this chip should be used for was BlueRay and HD-DVD
          it is just thatthere are lots of PCs nowadays which do not have those chips.

  • by grub (11606) <slashdot@grub.net> on Friday January 26, 2007 @06:01PM (#17776568) Homepage Journal

    Part of me wants them to find a proper fix for these holes. My CableCo phoned me because I've already gone way over my quota this month.
  • by bhamlin (986048) on Friday January 26, 2007 @06:01PM (#17776576) Homepage
    Of course it's not your fault. Your highly paid engineers are WAY smarter than anyone else.
  • DRM is silly (Score:5, Insightful)

    by tfinniga (555989) on Friday January 26, 2007 @06:01PM (#17776580)
    You give them the lock.

    You give them the key.

    You hope that they can't figure out how to put one into the other.

    High fives.
    • Re:DRM is silly (Score:5, Insightful)

      by Abnormal Coward (575651) on Friday January 26, 2007 @06:32PM (#17777074)
      I agree. The only way to show that this DRM protected is shite is for people not to buy. Copying media in my option has never been a problem, I've had a a lot of tape copys from people and went and brought the cd/tape because I really like the music. Same with movies and TV, I've brought DVD's and TV boxed sets after downloading DIVX copys from the 'net. If the boys at the top (RIAA/MPAA) ensure there music is cheap enough its a no brainer. The real battle is here is that 'they' want to tell you want to buy and set any price they like. Its all about control (time to put on your tin hat). Well fuck them, where the consumers we should decide what to buy, and what is an accecptable price. So back to my orginal point, the only way to show is with your wallet ....
    • Then it is Not That Bad Because I Can Waste Time Burning And Reripping. Don't forget about this important exception!
    • Putting the lock deep in silicon, where no software can touch it (or only specifically authenticated/authorized software), does not count as "giving them the key." This is the direction DRM is moving.
      • Re: (Score:3, Informative)

        by et764 (837202)
        Still, the machines are made up of electrical pulses moving across the chip. These electrical pulses can be observed and manipulated. As long as you have physical access to the playback device, which won't go away as long as you can use your media at home, there exists some way to get the hardware or software to reveal the key. It may take a whole lot of creativity, trial and error, but it can be done.
  • by euri.ca (984408) on Friday January 26, 2007 @06:02PM (#17776596) Homepage
    It's a widely known fact that Canada is responsible for 50% of the HD DVD piracy.

    Even worse, the AACS specification does not, in fact, account for this large sparsely populated country.
  • Never! (Score:5, Insightful)

    by Troed (102527) on Friday January 26, 2007 @06:02PM (#17776606) Homepage Journal
    if the hole can be patched in the players

    It cannot, ever, unless they disallow software players from any platform not running on Trusted Computing enabled hardware and a Trusted Computing enabled operating system.

    Until then, no DRM scheme works.

    None.

    It's that simple.
    • Re:Never! (Score:5, Insightful)

      by CrystalFalcon (233559) * on Friday January 26, 2007 @06:09PM (#17776720) Homepage
      It cannot, ever, unless they disallow software players from any platform not running on Trusted Computing enabled hardware and a Trusted Computing enabled operating system.

      And at that point, virtualization kits will become commonplace that run Windows in a sandbox so that Windows thinks it's in a Palladium environment, but where it's really not.

      If it can be played, it can be copied. Playing is copying. Any manipulation of digital data is copying it. Trying to make bits not copyable is trying to make water not wet.
      • by tepples (727027) <{tepples} {at} {gmail.com}> on Friday January 26, 2007 @06:19PM (#17776840) Homepage Journal

        And at that point, virtualization kits will become commonplace that run Windows in a sandbox so that Windows thinks it's in a Palladium environment, but where it's really not.

        The express purpose of "Trusted" Computing is to distinguish an OS running on bare hardware from a virtualized OS. The virtualized Trusted Platform Module is issued not from a recognized mainboard manufacturer's keyspace but from VMware's.

        • by AuMatar (183847)
          Then people will just write open source virtualization kits, that fake it from whatever keyspace we want.

          If we own the physical hardware, DRM is never going to work. Period.
        • by CrystalFalcon (233559) * on Friday January 26, 2007 @06:31PM (#17777066) Homepage
          And would you bet money on the impossibility of spoofing a specific motherboard identity?

          Similar things have been done before in so many different scenarios... Just to take a trivial example, MAC addresses were supposed to be unique for each network card, too.
          • by Rich0 (548339)
            Yes, but MAC addresses aren't kept secret.

            The private key for your motherboard will be - it will never leave a single chip. Sure, if you have the hardware you can in theory obtain it, but this will require stuff like electron microscopes.

            You can't make it impossible - but you can make it REALLY hard.
            • by paeanblack (191171) on Friday January 26, 2007 @08:05PM (#17778506)
              The private key for your motherboard will be - it will never leave a single chip. Sure, if you have the hardware you can in theory obtain it, but this will require stuff like electron microscopes.

              How do you account for this hole:

              1) Asus' servers get "hacked".
              2) The keys to all Asus motherboards get posted on the web
              3) Sales of Asus motherboards skyrocket.
              4) Asus issues a press release to the effect of: "It was the fault of those damn dirty hackers. We have no idea how this happened. Excuse us; we must return to sifting through this mountain of cash".

              The hardware manufacturers have no incentive to play nice with the Trusted Computing scheme. This is just a repeat of DVD Region Coding. The manufacturers just started producing players that ignore the region code, because they outsold the locked players. Of course the first few on the market were "accidents", "mistakes", and "test designs".

              In a Trusted Computing world, machines with a broken TC implementation will be cheaper to make and command a higher price in stores. What do you think will prevail?
              • 1) Asus' servers get "hacked".
                2) The keys to all Asus motherboards get posted on the web
                3) Those keys are revoked.
              • Re: (Score:3, Interesting)

                by asuffield (111848)

                The hardware manufacturers have no incentive to play nice with the Trusted Computing scheme. This is just a repeat of DVD Region Coding. The manufacturers just started producing players that ignore the region code, because they outsold the locked players. Of course the first few on the market were "accidents", "mistakes", and "test designs".

                It's a little more subtle than that.

                In the first round, all the "major" manufacturers produce compliant devices (modulo bugs), which are locked down.

                Then the Asian boot

            • Re: (Score:3, Insightful)

              by The Warlock (701535)
              Doesn't matter. If a piracy group cracks one key, they can turn any movies into an unencrypted format, and then that's it. Once that one copy has been FXPed and BitTorrented and etc., it's over; there's no putting that cat back in the bag.
        • by Cheesey (70139) on Friday January 26, 2007 @08:28PM (#17778770)
          Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.

          Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.

          The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.

          However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?

          Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html [cam.ac.uk]
      • Re: (Score:3, Interesting)

        by mugnyte (203225)
        There are ways combat this - like requiring timing that only hardware can satisfy, but virtualization is a tough thing to hide from. In the end, it will require an dual-key system from each piece of hardware that the system accepts. You cannot write a virtual one because you cannot provide a valid key. Yes, yes, I know this is a terrible design.

        Then you degrade the problem to a Man in the Middle, where your microcode simulates a processor and performs some operations before/after sending to same
      • And at that point, virtualization kits will become commonplace that run Windows in a sandbox so that Windows thinks it's in a Palladium environment, but where it's really not.

        But will these virtualization kits have the TCPM-enabled BIOS? What about open source virtualization kits? IIRC, Mac OS X can run in a virtualized environment only once the checks for the hardware DRM are removed by a hack. It seems like there would be copyright or patent issues that would prevent a FOSS virtualization kit from run

        • by Rich0 (548339)
          Mac OS X can run in a virtualized environment only once the checks for the hardware DRM are removed by a hack,

          And this only works because MacOS X needs to be able to run offline.

          Once your HD-DVD player is required to be hooked up to the internet to work, that hack will stop working. The key to your DVD won't be stored on the DVD - instead you'll download it each time you play it. However, the server hosting the key won't provide it unless you pass a TCPM check - if the hashes of the bios/OS/player aren't
    • So the marketing department is telling the engineers to do something impossible. Sounds like a scene from a Dilbert comic.
  • by Anonymous Coward on Friday January 26, 2007 @06:04PM (#17776634)
    Since July of last year I have basically cut out the mass media from my life. I sold my TV, gave away my DVD player, and donated my CDs and DVDs to a charity auction. For entertainment, I've taken up a number of sports, including basketball and skiing. I also now listen to local bands live at pubs and restaurants, rather than listening to the radio or CDs. I never had any gaming consoles to begin with, and I uninstalled and gave away the few computer games I do have. I do rely on the BBC for news, but even that's become limited these days.

    I'm glad I made that decision. All this new crap involving DRM and frivolous from the entertainment industry just goes to show you how full of horseshit they are. I'm very pleased that my money does not go to them. They don't deserve it. Not only that, but now that I play sports rather than just watching them on TV, I've become much more fit and far healthier. Getting away from the mainstream media was one of the best things I've ever done.

  • by Saint Aardvark (159009) * on Friday January 26, 2007 @06:05PM (#17776654) Homepage Journal

    ...for this fight at freedom-to-tinker.com [freedom-to-tinker.com]. The whole series on AACS [freedom-to-tinker.com] is worth reading, as is every single thing he posts.

  • by monopole (44023) on Friday January 26, 2007 @06:06PM (#17776672)
    If they are really going to use the device revocation option, things are going to get way fun.
    Players which will only play certain discs and not others, instant obsolescence for entire classes of $1000 players.
    This makes the format wars look like a sales promotion!
    • Re: (Score:3, Informative)

      by Sircus (16869)
      I'm no fan of the content mafia, but all they're talking about at the moment is disabling certain software players which the publishers could easily offer free updates for. The current crack isn't applicable to hardware players.
      • by Rich0 (548339)
        The current crack isn't applicable to hardware players.

        Well, sure it is - but it would be a lot harder to pull off.
    • Don't forget that if you drink the *AA koolaid and bend over properly for them then you've hooked up your DRM infested HD-DVD or Blu-Ray player to the internet not only so that they can track what you watch but so that the players can automagically download updated keys so that you'll never even see any non-functioning disks. That, and monkeys may fly out of their respective butts.
    • by H0ek (86256) on Friday January 26, 2007 @06:24PM (#17776940) Homepage Journal
      This is also a sure-fire way to kill a format. Usually technology is promoted via word-of-mouth, and when the drive of the early adopters begin to fail, the word will spread that you can't trust either Blu-Ray or HD-DVD.

      In short, AACS is doomed if it does, doomed if it doesn't.
      • Re: (Score:3, Interesting)

        by sdo1 (213835)
        Agreed. If one of my friends asks me about these formats (and they do, knowing what a home theater and media junkie I am), I roll through all of the DRM hoops that they'll have to jump through in order to play the things the way they want it.

        The industry NEEDS the word-of-mouth. And as it stands, that word-of-mouth is negative. It's "yea, the picture is great, but then there's all this other stuff you'll have to deal with." That's not going to fly.

        -S
    • If one hacker's player gets revoked, it won't affect regular users at all. And the hacker will probably just buy another one.
      • by Rich0 (548339)
        How many keys does the system support? They'd need an awful lot of them if they're going to encode every disc with one unique key per copy of software / hardware sold.

        A billion keys isn't all that unrealistic a number. Sure, I guess it could be done, but it sure is an interesting approach.

        Plus, in this particular case they wouldn't know the key for the piece of hacked hardware - they didn't disclose the software key - only the media keys.
        • Yes, AACS supports billions of keys.

          Obviously AACS LA will have to know which players to revoke, but I suspect hackers will start leaking player keys soon, since they're more useful than title keys.
        • A paper describing the hardware revocation used to be findable for keywords "AACS player revocation". You don't brick entire brands, just single models, and it's easily possible to do that with the new method. The graphical description looks kind of like a binary search tree.
          • You don't brick entire brands, just single models, and it's easily possible to do that with the new method

            I meant to say something like this:

            "You don't brick entire brands or even just single models, you brick single players. It's easily possible to do that efficiently with the new method."
      • by Joe5678 (135227)
        They don't generate unique decryption keys for each and every player. Individual players are NOT revoked. It is at least a class of players (in this case we're only dealing with software players as a sibling post has pointed out) and I wouldn't be surprised if they keys were only unique on the manufacturer level (i.e. Sony has one key for all the players it makes).

        Even if each player did have a unique decryption key though, they would have no way of knowing which key to revoke. This is the reason the per
        • They don't generate unique decryption keys for each and every player.

          My interpretation of the spec is that every individual player has unique keys. Software players may be a little more relaxed, though.

          It is at least a class of players (in this case we're only dealing with software players as a sibling post has pointed out) and I wouldn't be surprised if they keys were only unique on the manufacturer level (i.e. Sony has one key for all the players it makes).

          The software players may have one set of keys for
    • No, not entire classes. Single players can be revoked, and other players of the same model won't be.
  • by Tackhead (54550) on Friday January 26, 2007 @06:11PM (#17776758)
    > While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players [emphasis added], the leak of volume keys could be limited to essentially what is already on the market.

    If the players are non-patchable:

    1) We will live in a universe in which, every year or so, an unknown number of players will play discs produced up to, but not after, a certain date.

    Consider the sales/support implications of customers selecting products for Christmas 2008: "Well, sir, this Foobar-1000 plays discs up produced in 2006-2007, a Foobar-1130 plays discs produced from 2006-2008, and a Fonybaz-1900 plays discs produced from 2006 to August 2008."

    If the players are patchable, it's even worse for the industry:

    1) Your Foobar 1000 will play discs produced in 2006 and 2007. It ceases to work for discs produced between February 2007 until you buy a disc produced a few months later that happens to contains some code that query the player whether it's a Foobar 1000... and if so, to automatically/silently patch the firmware. Then all your discs work again.

    That's a good thing for the user, and a bad thing for the industry, because as soon as you've got a firmware patch on a DVD, the obvious thing for an enterprising hacker to do is to put his own firmware patch on his own DVD, and your Foobar 1000, all of a sudden, ceases to implement the DRMish crap which the MPAA crammed onto it...

    ...until, of course, a few months after that hack, where the firmware-updating discs are modified to downgrade any hacked players to MPAA-compliant revisions of the firmware (or even to self-destruct)...

    ...and someone else comes up with a better hack to make the hacked firmware indistinguishable from the "approved" firmware...

    In short, if players can be patched in the field (and this applies to both hardware/firmware-based players in embedded systems and to PC-based disc-playing software), it's a long-term battle of the rootkits, and that's a battle that MPAA is likely to lose.

  • by Jartan (219704) on Friday January 26, 2007 @06:14PM (#17776788)
    Why is Ars saying they believe they can stop this hack by revoking the player key? The original person who cracked it specifically didn't release the key I thought and was only releasing TITLE keys which will be much more dangerous to revoke yes?

    Not that it matters much either way because this attack vector will always exist for any kind of system they come up with. Since it will always exist someone will rip it and post the movie on bittorrent.

    They are actually probably pretty happy that this is the only possible hack anyways since it isn't anywhere near as useful as DeCSS.
    • Since it will always exist someone will rip it and post the movie on bittorrent.

      And that's the lynchpin to the whole DRM debacle. All it takes is one individual somewhere on the planet to manage to crack or circumvent the encryption on any given movie to make it available to everybody. It may take some time but it's likely to happen eventually.
  • bwa.ha.ha. (Score:3, Interesting)

    by geekoid (135745) <{moc.oohay} {ta} {dnaltropnidad}> on Friday January 26, 2007 @06:16PM (#17776806) Homepage Journal
    Dear consumer:
    Please check our website so you can download a patch and intall it on your DVD player.

    BWahahaha..

    That will go over like a lead balloon.
    as will a machine that no longer playing new movies every few months so you have to buy a new player.

    Which is good. DRM is just causing more consumer frustration and less value.
  • You can play around with keys so that the same player won't play both old and new discs, but that doesn't change the fact that the old software will continue to be out there and will continue to be able to play old discs. And next time someone screws up, all the discs up to that point will be compromised, and on and on.
  • by asc99c (938635)
    I don't understand the point of revoking a hacked key. Now the key has been found and discs have been hacked, the output of the process is an unencrypted file with no key. Until something like AnyDVD comes out that just silently and automatically strips encryption on the fly, the primary use of the program will be to get unencrypted content onto P2P networks.

    Why bother revoking the key? I must be missing something. Sure, don't use the same key on future discs, but pirated copies will have no encryption
    • Not everyone can afford to download 20GB files. Plenty of people rip DVDs that they own/rent even though the same movies are available for download, and those same people will want tools to locally rip HD-DVD and Blu-ray discs.
    • Re: (Score:3, Interesting)

      by dtfinch (661405) *
      They thought of that.
      http://en.wikipedia.org/wiki/ROM-Mark [wikipedia.org]

      I'm not sure if HD-DVD has a similar feature, or if this is Blu-ray only.
  • "to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated."

    wasnt this attack based on being able to extract the title-key from the disc, then run it through stock AACS decryption libraries? they could revoke whatever keys they wanted, but wouldnt the existing un-retractably released software still have to read the key (making it visible, unencrypted, in ram....) before it could deny playing it?

    The way i understand it t
  • by Iphtashu Fitz (263795) on Friday January 26, 2007 @06:24PM (#17776950)
    All the focus, and for good reasons, has been on software-based DVD players. They're easy for any hacker to play around with. However there are plenty of people out there who happen to be hardware hackers as well. I wonder how long (probably just a matter of time) before some hardware/firmware hacker disects a standalone HD player and is able to extract keys from that. Hardware hacking hasn't been as glamourous as software hacking in recent years, but a mere 20 years ago it was all about hardware hacking. Read a book like the Cuckoos Egg - a sysadmin physically tapped into communication lines and directed the output to line printers so that a hacker he'd been hunting wouldn't know he was being tracked. I'd be willing to bet that some hardware/firmware gurus with the right tools would be able to hack a standalone HD player if they had the desire to do it. And if they can pull that off it'd be a LOT harder for the AACS LA to plug that hole.
  • by russ1337 (938915) on Friday January 26, 2007 @06:29PM (#17777028)

    They talk about this on Security Now, Episode #76 (http://www.grc.com/securitynow.htm)

    It seems muslix64 just had a snapshot of the entire .exe running in memory, then used selective keying - serially trying bytes 1-4, then 2-5, 3-6 etc as the keys until the mpeg frame decrypted. (which, of course this is much faster than a pure brute force attack, and took only seconds).

    So as long as a software player has the key in the clear and is loaded in memory 'somewhere', this type of attack will continue to work.

    AACS is still 'unbroken' but like many failed encryption schemes, it was circumvented due to poor implementation.

  • by sdo1 (213835) on Friday January 26, 2007 @06:32PM (#17777072) Journal
    Open letter to the MPAA: I hope a true "CSS" style hack is found. Otherwise, I'm remaining on the sidelines and I won't be buying any HD-DVD or Blu-Ray discs.

    Hear that, MPAA!?!?! I said BUYING. You claim piracy costs sales, but you MUST then subtract the lost sales due to your overbearing copy protection. I have about 2000 CDs and about 600 DVDs in my collection. I have no HD-DVD or Blu-Ray discs. And I don't plan on it either unless things change.

    It's a new world. And in this new world, I have an expectation of device portability. That means when I buy a 5" media-containing silver platter, I expect to be able to store it on a server in my house to stream it to my living room or my computer or my bedroom. I expect to be able to re-compress it for my laptop or my ipod (or -like device) for watching when traveling. I have no desire to be tied to a specific (and expensive) playback device in a specific location. You're terrified of future storage capacity that will reach into the terrabytes on small devices, but to me, that's the thing that's keeping me interested at the moment in the stuff you have to sell... the knowledge that I can have that portability in movies and TV the same way I have it for the music that I've collected over the years. The RIAA freaked out when MP3's came along, but to be honest, my interest in music had waned significantly. But now, with so much available at my fingertips, I'm VERY interested in hearing new things and I'm buying probably more than ever before (though none through the DRM-crippled iTunes store).

    I will gladly buy the media, but I expect that at that point, our relationship is OVER. Thanks, goodbye. Now if I want to extract images from the movie, print them out, and wall-paper my room with them, that's MY business, not yours.

    -S
    • Re: (Score:3, Funny)

      by suv4x4 (956391)
      Hear that, MPAA!?!?! I said BUYING.

      I think MPAA just pissed its pants.
    • Re: (Score:2, Funny)

      by ClamIAm (926466)

      when I buy a 5" media-containing silver platter
      They hand you the keys on a silver platter...
    • by ruiner13 (527499)
      I'm fairly certain that if at some point the **AAs ever visited slashdot that it didn't take long to figure out that this isn't the place for them to visit. Why don't you try actually sending them your thoughts DIRECTLY, as I have done in the past. If more people did, maybe they wouldn't think that the public actually wants DRM. Otherwise, you're just doing what the network exec in South Park said "please direct any further complaints to the brick wall over there". You're being just as effective.
  • Bring it on! (Score:4, Insightful)

    by nobodyman (90587) on Friday January 26, 2007 @06:38PM (#17777140) Homepage
    This is starting to get interesting.


    In theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated.
    Personally, I can't wait for this key revocation to happen. The thing is, 95% of consumers have no idea what the hell DRM is. I'd wager that 95% of the people that own a hi-def player are blissfully unaware of the implications of key revocation are. Send out the key revocation lists and all that is about to change.

    So magine the shit-storm when customers start flooding the Best Buy customer support aisle thinking that their machine is broken, when if fact it "works" just fine and the movie industry has shut down your player because some hacker is using its AACS key.

    I can't wait.

  • by dpbsmith (263124) on Friday January 26, 2007 @06:45PM (#17777252) Homepage
    The Hindenburg did not catch fire, it was merely the hydrogen in the Hindenburg that caught fire.

    The Titanic did not sink, it was just that Captain Smith did not adhere to the specifications as to how the Titanic should be operated (it says clearly on page 216, "Do not allow icebergs to rip open more than four of the water-tight compartments.")

    And talk of "blunders" in the Battle of Balaclava are hogwash.
  • quoting the weasels,

    "in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players.."

    which roughly translated into English means

    "anybody hacks the Belchfire player, we just lock out new titles. Belchfire fixes it for you, or you pound tar, customers. Bwa-ha-ha-ha-ha!"

    just what we all needed to hear to make us want to run out
    • by PitaBred (632671)
      I'll bet Belchfire will be much less willing to keep making players, too. Way to alienate even your cohorts, MPAA!
  • by Jugalator (259273) on Friday January 26, 2007 @06:55PM (#17777470) Journal
    If they admitted this was in fact a miss in the AACS specification about protecting the keys, AACS LA could have their algorithm face a quite severe dent in its reputation. By blaming it on player implementations, it's not their problem. However, the real problem still remains despite whatever they say -- it's the end result that matters, not whom's fault it is.
  • by ThePhilips (752041) on Friday January 26, 2007 @07:21PM (#17777884) Homepage Journal

    AACS hack is blamed on bad player implementation

    As programmer, I can tell that it work both ways. Any deficiency (or bug) can be blamed on poor implementation. At the same time, big companies which actually looked and benchmarked development process (e.g. IBM) claim that 75% bugs are caused by erroneous specifications.

    IOW, players were implemented as good as AACS has told what/how to implement.

    Somehow, I doubt that documentation from AACS would be much better than that of Microsoft [slashdot.org].

  • by hAckz0r (989977) on Saturday January 27, 2007 @01:00AM (#17780766)
    Give me any HD-DVD or Blue-Ray hardware player using AACS and any old cheap logic analyzer and I could (but don't bother asking) hand you any hardware or volume key you want. DRM does not work because the whole concept of DRM is flawed. If you give someone the data, and also give them the key so they can play it, then they can copy it. Period. Any "magic" that is applied to keep you from knowing the key is merely a speed bump to an average geek.


    All you need is one very pissed-off average geek that can't watch their bought-n-paid-for movie and the whole non-DRM'ed movie is likely going to be out there for everyone else, that can't watch their own copy, to download it. In fact, the more players that they "revoke" the keys for, then the more pissed-off geeks there will be, and the more movies that will likely be available for download. Its a loosing proposition any way you look at it. With DRM the "fix" becomes "the problem". The only people that win are the ones writing the DRM and spoon feeding the Board room executives that don't know that DRM can't work.

    When will they ever learn that you can't solve a SOCIAL PROBLEM using technology of any kind. In fact they should wise up and realize that its the professionals that build specialized hardware that copy the "protected" disk bit-by-bit, then burn a thousand copies, and are making big bucks off of all the boot-leg copies. Those are the ones they should go after, not the average people that paid for the movie and just want to watch what they paid for, when and where they want to. So, RIAA/MPAA, take it from a security geek, know thy enemy! You can't fix a problem if you don't even try to understand what the problem is!

  • by Myria (562655) on Saturday January 27, 2007 @01:19AM (#17780862)
    Two separate but important points:

    1. The most devastating attack that can be done against software players would be to use malware to extract keys. There are many, many zombies out there. The malware could search for installed HD-DVD/Blu-Ray player software on the victims' machines that it knows how to break, extract the unique key from such software, and send to the malware author. There would then be enough keys known that only revocation of the entire product line's keys could get around the problem. I wonder whether they've considered this scenario. (However, one mitigating factor is that malware is done for profit, and this wouldn't be profitable. For-profit pirates just copy disks outright without bothering to decrypt.)

    2. The reason the AACS made that wording about the players not following the "Compliance and Robustness Rules" is probably so that they can invoke the parts of the contract allowing them to fine the licensee millions of dollars.

"Just Say No." - Nancy Reagan "No." - Ronald Reagan

Working...