Forgot your password?
typodupeerror
Media Movies Hardware

AACS Hack Blamed on Bad Player Implementation 272

Posted by Zonk
from the finger-pointing-but-no-porn dept.
seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ... We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"
This discussion has been archived. No new comments can be posted.

AACS Hack Blamed on Bad Player Implementation

Comments Filter:
  • by Anonymous Coward on Friday January 26, 2007 @06:04PM (#17776634)
    Since July of last year I have basically cut out the mass media from my life. I sold my TV, gave away my DVD player, and donated my CDs and DVDs to a charity auction. For entertainment, I've taken up a number of sports, including basketball and skiing. I also now listen to local bands live at pubs and restaurants, rather than listening to the radio or CDs. I never had any gaming consoles to begin with, and I uninstalled and gave away the few computer games I do have. I do rely on the BBC for news, but even that's become limited these days.

    I'm glad I made that decision. All this new crap involving DRM and frivolous from the entertainment industry just goes to show you how full of horseshit they are. I'm very pleased that my money does not go to them. They don't deserve it. Not only that, but now that I play sports rather than just watching them on TV, I've become much more fit and far healthier. Getting away from the mainstream media was one of the best things I've ever done.

  • by monopole (44023) on Friday January 26, 2007 @06:06PM (#17776672)
    If they are really going to use the device revocation option, things are going to get way fun.
    Players which will only play certain discs and not others, instant obsolescence for entire classes of $1000 players.
    This makes the format wars look like a sales promotion!
  • by Tackhead (54550) on Friday January 26, 2007 @06:11PM (#17776758)
    > While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players [emphasis added], the leak of volume keys could be limited to essentially what is already on the market.

    If the players are non-patchable:

    1) We will live in a universe in which, every year or so, an unknown number of players will play discs produced up to, but not after, a certain date.

    Consider the sales/support implications of customers selecting products for Christmas 2008: "Well, sir, this Foobar-1000 plays discs up produced in 2006-2007, a Foobar-1130 plays discs produced from 2006-2008, and a Fonybaz-1900 plays discs produced from 2006 to August 2008."

    If the players are patchable, it's even worse for the industry:

    1) Your Foobar 1000 will play discs produced in 2006 and 2007. It ceases to work for discs produced between February 2007 until you buy a disc produced a few months later that happens to contains some code that query the player whether it's a Foobar 1000... and if so, to automatically/silently patch the firmware. Then all your discs work again.

    That's a good thing for the user, and a bad thing for the industry, because as soon as you've got a firmware patch on a DVD, the obvious thing for an enterprising hacker to do is to put his own firmware patch on his own DVD, and your Foobar 1000, all of a sudden, ceases to implement the DRMish crap which the MPAA crammed onto it...

    ...until, of course, a few months after that hack, where the firmware-updating discs are modified to downgrade any hacked players to MPAA-compliant revisions of the firmware (or even to self-destruct)...

    ...and someone else comes up with a better hack to make the hacked firmware indistinguishable from the "approved" firmware...

    In short, if players can be patched in the field (and this applies to both hardware/firmware-based players in embedded systems and to PC-based disc-playing software), it's a long-term battle of the rootkits, and that's a battle that MPAA is likely to lose.

  • by Sheltem The Guardian (940038) on Friday January 26, 2007 @06:13PM (#17776778)
    I am curious. If we've, let's say, pwned a hardware player. And AACS LA revokes original keys. They don't want buyers to kill them, so they have to reissue some keys. But if we've already pwned device, can't we happily receive these freshly-reissued keys, pretending we're this device? We might know every cryptokey this device holds at this moment!
  • bwa.ha.ha. (Score:3, Interesting)

    by geekoid (135745) <dadinportland@@@yahoo...com> on Friday January 26, 2007 @06:16PM (#17776806) Homepage Journal
    Dear consumer:
    Please check our website so you can download a patch and intall it on your DVD player.

    BWahahaha..

    That will go over like a lead balloon.
    as will a machine that no longer playing new movies every few months so you have to buy a new player.

    Which is good. DRM is just causing more consumer frustration and less value.
  • by Iphtashu Fitz (263795) on Friday January 26, 2007 @06:24PM (#17776950)
    All the focus, and for good reasons, has been on software-based DVD players. They're easy for any hacker to play around with. However there are plenty of people out there who happen to be hardware hackers as well. I wonder how long (probably just a matter of time) before some hardware/firmware hacker disects a standalone HD player and is able to extract keys from that. Hardware hacking hasn't been as glamourous as software hacking in recent years, but a mere 20 years ago it was all about hardware hacking. Read a book like the Cuckoos Egg - a sysadmin physically tapped into communication lines and directed the output to line printers so that a hacker he'd been hunting wouldn't know he was being tracked. I'd be willing to bet that some hardware/firmware gurus with the right tools would be able to hack a standalone HD player if they had the desire to do it. And if they can pull that off it'd be a LOT harder for the AACS LA to plug that hole.
  • by ThePiMan2003 (676665) on Friday January 26, 2007 @06:25PM (#17776968)
    Actually that is part of the spec. They can kill your hardware player, and then blame it on a poorly made hardware and you the end user are SOL.
  • by sdo1 (213835) on Friday January 26, 2007 @06:32PM (#17777072) Journal
    Open letter to the MPAA: I hope a true "CSS" style hack is found. Otherwise, I'm remaining on the sidelines and I won't be buying any HD-DVD or Blu-Ray discs.

    Hear that, MPAA!?!?! I said BUYING. You claim piracy costs sales, but you MUST then subtract the lost sales due to your overbearing copy protection. I have about 2000 CDs and about 600 DVDs in my collection. I have no HD-DVD or Blu-Ray discs. And I don't plan on it either unless things change.

    It's a new world. And in this new world, I have an expectation of device portability. That means when I buy a 5" media-containing silver platter, I expect to be able to store it on a server in my house to stream it to my living room or my computer or my bedroom. I expect to be able to re-compress it for my laptop or my ipod (or -like device) for watching when traveling. I have no desire to be tied to a specific (and expensive) playback device in a specific location. You're terrified of future storage capacity that will reach into the terrabytes on small devices, but to me, that's the thing that's keeping me interested at the moment in the stuff you have to sell... the knowledge that I can have that portability in movies and TV the same way I have it for the music that I've collected over the years. The RIAA freaked out when MP3's came along, but to be honest, my interest in music had waned significantly. But now, with so much available at my fingertips, I'm VERY interested in hearing new things and I'm buying probably more than ever before (though none through the DRM-crippled iTunes store).

    I will gladly buy the media, but I expect that at that point, our relationship is OVER. Thanks, goodbye. Now if I want to extract images from the movie, print them out, and wall-paper my room with them, that's MY business, not yours.

    -S
  • Re:Blame Canada (Score:1, Interesting)

    by Anonymous Coward on Friday January 26, 2007 @06:33PM (#17777086)
    Unlikely. That story tells us that camcording is illegal in Canada. That the theaters are using night vision to catch people doing it. That Canadian police are arresting and convicting people who do it. And that anyone can rent the movie at blockbuster and copy it - in the US (which has ten times the population) as well as Canada.

    This little statistic was almost certainly made up, to pressure Canada into taking away more fair use rights.

    On the other hand, word has it that the guy who bypassed HD DVD's AACS encryption is a Canadian programmer. (With possible help from a NZ cryptographer. Google "My first experience with HD content being blocked", and compare his story with that of Muslix64.)
  • Re:To be expected (Score:4, Interesting)

    by purpledinoz (573045) on Friday January 26, 2007 @06:35PM (#17777116)

    I wonder what they're going to say when it's brutally apparent that ALL software players can be compromised. From what I can see, they have a few options, and none of them are pretty.

    - play the cat and mouse game, and have the keys updated on the players while revoking the old keys.

    - disallow software players all together.

    - admit defeat and forget about revoking keys.

  • Re:Never! (Score:3, Interesting)

    by mugnyte (203225) on Friday January 26, 2007 @06:35PM (#17777118) Journal
    There are ways combat this - like requiring timing that only hardware can satisfy, but virtualization is a tough thing to hide from. In the end, it will require an dual-key system from each piece of hardware that the system accepts. You cannot write a virtual one because you cannot provide a valid key. Yes, yes, I know this is a terrible design.

      Then you degrade the problem to a Man in the Middle, where your microcode simulates a processor and performs some operations before/after sending to same/different hardware. Microcode is the standard for many OS's now.

      In these cases, the OS sends a public key to the hardware, and receives one in return, you can capture them but cannot mimic these pieces. Then, each buffer in the pipeline ends up encrypted, leaving you to decipher.

      This is the gist of the whole architecture: locking down anywhere one could put custom code. The problem is, in a heterogeneous environment, there's no much stability with asking a whole market to obey these specs. Someone is going to write hardware that conforms, but has an unencrypted out channel. In fact, companies will simple comply to the Trusted Computing program but sell this out at a high price. MS creates a valued market out of it's security scheme, losing both the anti-piracy initiative, and the content providers' trust, eventually.

      Until these phases come to pass, the market moves slowly to adjust to the new formats and pricing. Content providers pour into the channels believing the issue is "solved". Then, suddenly, an unrevokeable layer is compromised (as in: you cannot re-stamp all the discs already on the market) and much of the content appears in black market format. The market floods easily because people do not believe the cost of the model is worth the output (like music today).

      If you think I'm speculating, all of this has happened before. Hacking in all it's forms has never had any different lesson.
  • by JesseMcDonald (536341) * on Friday January 26, 2007 @06:39PM (#17777162) Homepage

    Sure, but the whole point is that you can't access the keys the "trusted" mainboard manufacturers encode into the hardware. You can program the emulator with any key you want, but it won't be one of the "trusted" keys. The keys are stored and used entirely within a single IC; the only way to extract one would be, in theory, to examine the IC directly (with an STM, for example), or somehow gain access to the master copy held by the manufacturer (and risk violating trade-secret laws).

    IMHO this raises interesting legal issues, since it would tend to allow holders of one form of monopoly monopoly (copyright) to influence market shares in another industry (computer hardware). With TC the priviledged holders of media monopolies would be free to determine which hardware manufacturers succeed and which ones fail. Might not the RIAA/MPAA find themselves on the receiving end of an antitrust suit as a result of this cross-industry influence? (I don't support antitrust regulations myself, but I'm not the one they have to worry about.)

  • by sdo1 (213835) on Friday January 26, 2007 @06:50PM (#17777366) Journal
    Agreed. If one of my friends asks me about these formats (and they do, knowing what a home theater and media junkie I am), I roll through all of the DRM hoops that they'll have to jump through in order to play the things the way they want it.

    The industry NEEDS the word-of-mouth. And as it stands, that word-of-mouth is negative. It's "yea, the picture is great, but then there's all this other stuff you'll have to deal with." That's not going to fly.

    -S
  • by theelectron (973857) on Friday January 26, 2007 @06:51PM (#17777394)
    I'm not completely familiar with the TPMs, but would it be practical for me to 'guess and check' keys until I got something in a trusted namespace? How big are the keys?
  • by Jherek Carnelian (831679) on Friday January 26, 2007 @07:12PM (#17777766)
    Sure, but the whole point is that you can't access the keys the "trusted" mainboard manufacturers encode into the hardware. You can program the emulator with any key you want, but it won't be one of the "trusted" keys. The keys are stored and used entirely within a single IC;

    What is to stop a guy with a real TPM system and a virtual environment from just proxying any TPM requests/responses from the virtualized system to the real TPM module?

    The TPM is like a black box right? Nobody can see inside it, all anyone can do - including a "trusted OS" is send it inputs and read the output. So, there should be no way for the virtualized OS to tell the difference between a proxyed TPM and a "directly connected" one.

    So, now you've got a fully virtualized system that thinks it is running not-virtualized. Its memory, even its cpu registers, are ripe for harvesting supposedly protected information. If the system is going to depend on the TPM to do the actual decryption without exposing any keys, you still have easy access to the decrypted data that comes out of the TPM.
  • by Mr2001 (90979) on Friday January 26, 2007 @07:34PM (#17778074) Homepage Journal

    The keys are stored and used entirely within a single IC; the only way to extract one would be, in theory, to examine the IC directly (with an STM, for example), or somehow gain access to the master copy held by the manufacturer (and risk violating trade-secret laws).
    And as long as you're risking violating the trade secret laws, why not go all the way? I'd love to see a few dozen guys with machine guns just break down the TCPA's front door and steal the damn keys the old-fashioned way.
  • by Cheesey (70139) on Friday January 26, 2007 @08:28PM (#17778770)
    Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.

    Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.

    The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.

    However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?

    Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html [cam.ac.uk]
  • by Chyeld (713439) <chyeld@gmai l . c om> on Friday January 26, 2007 @08:32PM (#17778808)

    Sure, but the whole point is that you can't access the keys the "trusted" mainboard manufacturers encode into the hardware. You can program the emulator with any key you want, but it won't be one of the "trusted" keys. The keys are stored and used entirely within a single IC; the only way to extract one would be, in theory, to examine the IC directly (with an STM, for example), or somehow gain access to the master copy held by the manufacturer (and risk violating trade-secret laws).


    You forget the third, possibly not completely possible right now, but certainly concievable in the near future, option of obtaining the key. Brute force.

    It wasn't that long ago (in the timeframe of video formats) that RC5-56 was considered 'secure' enough. It might not be around the corner, but there is certainly the possibility that CPU power could continue to ramp up quickly enough that the keys themselves can be brute forced through a botnet version of distributed.net. And once that cat is out of the bag, it'll be out forever.
  • by dtfinch (661405) * on Friday January 26, 2007 @09:45PM (#17779470) Journal
    They thought of that.
    http://en.wikipedia.org/wiki/ROM-Mark [wikipedia.org]

    I'm not sure if HD-DVD has a similar feature, or if this is Blu-ray only.
  • by BillGatesLoveChild (1046184) on Friday January 26, 2007 @10:43PM (#17779880) Journal
    DRM *is* a pain the ass. Even on DVDs, with copies you don't have to sit through those annoying ads and logos or the annoying main menu (which always leads to the movie). On the real-McCoy you must suffer. How many people with legal copies of Windows are using volume keys just because they don't want to call up Microsoft for permission whenever they change their config?

    The MPAA (and Microsoft) are fighting the way their enemy fights best. If you make DRM inconvenient, and it *is* inconvenient, hackers will find a way around it. If you overcharge, or having play-one-time-only restrictions, people won't use it. If you make any system harder to use than what is out there already, people will go around it! And I'd bet my money on a bunch of teenager hackers over any boring, Microsoft wage serf.

    My suggestion: make movies cheaper and drop DRM altogether. PC game companies are realising this. My Oblivion DVD says 'we didn't include any copy protection so please don't copy this'... and I didn't. They've got my goodwill. Some hackers probably did copy it, but DRM doesn't make it any more or less likely. Maybe even more?
  • Re:To be expected (Score:3, Interesting)

    by Lumpy (12016) on Saturday January 27, 2007 @12:49AM (#17780700) Homepage
    And how will that stop a well equipped Hacker or a 12th year grad student hacker at the MIT electronics engineering labs from ploping a hardware player on the desk and reading the contents of the ram directly?

    Hacking a software player is only a bit easier if you have the tools. Hacking hardware players is as simple if you are equiped with the right analyzers and equipment.

    Hell if they fudged up and used sram you can halt a processor and read the contents of ram between each processing cycle pretty easily.. DRAM is a bit more difficult you simply need to supply the refreshes between processor haltings.

    HDDVD and BluRay are big enough targets that the hacking community will start taking these advanced approaches.
  • by Anonymous Coward on Saturday January 27, 2007 @03:20AM (#17781452)
    I'll be honest, I don't have a perfect idea of how this circumvention worked, but I had some thoughts about it and I would like if someone would be kind enough to access their validity.

    What this article and the others related to this story basically show that a user can gain some control over this encryption and the other comments I see seem to indicate that a user can gain local control of most drm devices in question.

    But what would happen if a greater degree of control was obtained though detailed analyses over time of the software and hardware. Say in six months, an organized group determines how revoke keys or force tainted upgrades on the user. Could you see electronics manufactures being forced to pay protection money to stop virus, or piles of HD players (I imagine they have decent computing power) being used to power a botnet?

  • by ThePengwin (934031) on Saturday January 27, 2007 @03:23AM (#17781470) Homepage
    Those keys would never get revoked.
    Or would they..... it would be quite a humorous predicament if The Xbox 360 and the PS3 had a feature forcibly removed from them :P
  • Re:To be expected (Score:3, Interesting)

    by MemoryDragon (544441) on Saturday January 27, 2007 @06:55AM (#17782240)
    Good morning mc fly

    almost every pc sold in the last three years has this chip, it is called TCPA and
    one of the key areas this chip should be used for was BlueRay and HD-DVD
    it is just thatthere are lots of PCs nowadays which do not have those chips.

  • by asuffield (111848) <asuffield@suffields.me.uk> on Saturday January 27, 2007 @12:21PM (#17783548)

    The hardware manufacturers have no incentive to play nice with the Trusted Computing scheme. This is just a repeat of DVD Region Coding. The manufacturers just started producing players that ignore the region code, because they outsold the locked players. Of course the first few on the market were "accidents", "mistakes", and "test designs".
    It's a little more subtle than that.

    In the first round, all the "major" manufacturers produce compliant devices (modulo bugs), which are locked down.

    Then the Asian bootleggers get in on the business. Their friends in the Asian device production plants that make all these motherboards slip them copies of the current keys. Mod-chips and entire motherboards start appearing on the grey market, on the streets of Hong Kong and Seoul. Not to be outdone, Japanese importers start grabbing up these devices and they appear in the back-street stores in Akihabara.

    Slow to catch on, the TCPA consortium revokes the offending keys, and the major motherboard producers are forced, at great expense, to recall all the previously sold boards and offer free replacements to anybody who wants their copy of Vista to keep working (it's impossible to securely issue a software update for this problem - the update would be equally applicable to the bootlegged devices, since there's no way to authenticate the 'genuine' ones when they're all using the same keys).

    The morning after the keys are revoked, the keys for the new devices are available on the internet (because those production plants are still run by the same people, who really don't give a damn about the demands of the American corporations). This pattern continues for a couple of months, while the corporations shuffle their staff in the production facilities - and discover that there isn't anybody they can hire in those countries who is going to run the operation securely enough to matter. Frantic board meetings are held.

    Meanwhile, alerted by media reports of the product recalls, western importers start getting hold of the bootleg devices. They begin to appear for sale in the US and Europe, via ebay and dedicated sites. The TCPA consortium flails about a bit, a bunch of stuff on ebay gets delisted, but there are too many importers and not enough time to sue them all.

    The board meetings of most of the major motherboard manufacturers come to this conclusion: "TCPA is costing us money from having to change the keys all the time, there's no way that us *and all our competitors* are going to be able to secure all our production facilities any time soon - and worst of all, we're losing sales to this bootlegged hardware, because our customers want to download videos from thepiratebay. Screw this. We're going to start selling a product that people want to buy."

    The second round of motherboards are rather less secure. Much like DVD region coding, the boards look like they do what they're supposed to at first glance, but actually there are ways to persuade the chips to give up their keys, or just sign anything you hand them. These are initially blamed on "test designs", etc. Not every manufacturer will do it at first - but those that don't will take a heavy hit in the market. Do not underestimate the desire of Americans for free porn and free violent movies.

    TCPA is now dead.

    This is basically what happened to DVD region coding - the major western production houses, faced with decss/dvdcss on the one hand and eastern import hardware eating into their sales on the other hand, quickly realised that siding with the DVD consortium was ultimately going to lose them a lot of money. The only way that TCPA could avoid this is if somehow every single approved motherboard manufacturer could manage to make their security watertight - and that just is not going to happen.

    Of course, non-Vista platforms will be buried in a legal quagmire for years, as we have been with libdvdcss - it's not strictly legal, maybe, but it's the only way we'll ever have. This is perhaps the objective of the entire TCPA concept.

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.

Working...