AACS Hack Blamed on Bad Player Implementation 272
seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ...
We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"
Ed Felten writes about an economic model... (Score:5, Informative)
...for this fight at freedom-to-tinker.com [freedom-to-tinker.com]. The whole series on AACS [freedom-to-tinker.com] is worth reading, as is every single thing he posts.
Re:Ahh... the fun begins! (Score:3, Informative)
TPM is anti-virtualization (Score:5, Informative)
The express purpose of "Trusted" Computing is to distinguish an OS running on bare hardware from a virtualized OS. The virtualized Trusted Platform Module is issued not from a recognized mainboard manufacturer's keyspace but from VMware's.
Selective keying using the whole .exe from memory. (Score:5, Informative)
They talk about this on Security Now, Episode #76 (http://www.grc.com/securitynow.htm)
It seems muslix64 just had a snapshot of the entire .exe running in memory, then used selective keying - serially trying bytes 1-4, then 2-5, 3-6 etc as the keys until the mpeg frame decrypted. (which, of course this is much faster than a pure brute force attack, and took only seconds).
So as long as a software player has the key in the clear and is loaded in memory 'somewhere', this type of attack will continue to work.
AACS is still 'unbroken' but like many failed encryption schemes, it was circumvented due to poor implementation.
Re:Another blow struck for free entertainment (Score:1, Informative)
When you can separate honest entertainment interest from pure and erated business interest then you may pull your head from your backside.
Re:Hmmm i swear thats not the way i read it.... (Score:1, Informative)
Vicious circle of blame (Score:3, Informative)
As programmer, I can tell that it work both ways. Any deficiency (or bug) can be blamed on poor implementation. At the same time, big companies which actually looked and benchmarked development process (e.g. IBM) claim that 75% bugs are caused by erroneous specifications.
IOW, players were implemented as good as AACS has told what/how to implement.
Somehow, I doubt that documentation from AACS would be much better than that of Microsoft [slashdot.org].
Re:DRM is silly (Score:3, Informative)
Re:To be expected (Score:5, Informative)
Of course, hardware solutions can be broken too. I can envision a couple of ways this will happen:
Bottom line: DRM is futile because it requires the distribution of a SECRET PIECE OF DATA (the decryption keys) in UNENCRYPTED form (the keys themselves must of necessity be unencrypted). All the crap interposed between the user and the keys is merely security through obscurity. QED.
Re:And in other news: (Score:5, Informative)
I agree with your main point though. Their statement was pretty silly.
Re:TPM is anti-virtualization (Score:3, Informative)
Please bear in mind that I'm only arguing this point because I think it's important that people are well informed about what we're up against here. It's not going to be easy to get around TCPA, really it isn't. Virtualisation and man-in-the-middle attacks are exactly what TCPA is intended to prevent, and it's been designed by people who understood what sort of work would need to be done to enforce DRM as required by the entertainment industry.
However, citations. Anderson [cam.ac.uk] says that current (2003) TCPA chips are on the motherboard, not the CPU, but: He also notes that some portions of TCPA are already in your CPU: With the chip on your motherboard, yes, you can do a MITM attack on the bus lines. That and cost saving is exactly why it'll be part of your CPU, if it isn't already.
Re:To be expected (Score:3, Informative)
For the uninitiated, (i.e. non-security chaps), fundimentally when it boils down to it, its irrelevant how good the encryption mechanism if someone is sitting over your shoulder reading the information.
I really wish the DRM happy crowd would understand that if it gets to be decrypted by a bit of kit that can be in "hostile" hands it is not going to be "secure" for more than 2 months (see DeCSS, Fairplay, Microsofts thingy, BlueRay, um.... Wait... all DRM thus far has been cracked in less than 2 months.).
Frankly its absurd. You employ a team of 50 programmers to make the next greatest hack proof DRM schema, however you are (if you make anything worth viewing/listening to/playing) up against at least 1,000 times that in terms of people that are interested in breaking it.
The worst thing is: The crackers only need to find one way to break it.
Hey ho. The reality of the situation is that DRM is costing the media conglomerates more to implement than the potential losses.
Its like putting a $200 lock on a $20 bike.
If I like I buy. If I can I take. If had taken, it doesn't mean I would have bought it.
If I like something I have taken I will buy it.
Re:Updated? Battle of the Rootkits! (Score:3, Informative)
Suffice it to say, the design of all of them is flawed from the get-go, so whatever.
Re:To be expected (Score:3, Informative)
But we're not talking about a common ASIC for each player - you've twisted the GPs point. We're talking about a unique ASIC for each player, and making runs of 1 ASIC would be unimaginably expensive. Hence the FPGA route would need to be taken to avoid a single key across the players.
Reading keys off with a microscope has been done. That is how the 2048bit Xbox private key was compromised. Of course the gradstudent that did it couldn't tell anyone what it was, and had a Microsoft goon at each one of his seminars, but it still prooves that it can be done.
Nobody has ever made a tamper-proof device. There are many approximations on the market - things that will resist X amount of tampering before they fail, but any tamperproof box will fall to a determined adversary. When tamperproof casing are designed, the measure used is how much effort / cost can we force the adversary to use before they gain access.
The GPs point was that, by necessity, DRM requires unencrypted information to be hidden in plain sight. Furthermore, this "secret" is common. So there is a single point of attack in the system, which when breached compromises the entire system. This is his point with keys that yuo missed. DRM cannot work unless the the secret keys are available in plaintext. Hence the system is always screwed, by design.