New AACS Fix Hacked in a Day

VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2

[Anonymous Coward]

Just for the record.

Re:If it's viewable, it's hackable

[FauxPasIII]

> You know, they say the definition of insanity is doing the
> same thing over and over again, expecting different results.

And Bartcop's second law [bartcop.com] says that if someone makes a "mistake" that makes them a whole heap of money, then they will make the same "mistake" again and again and again. They keep making new protection scheme revisions, the content providers keep buying in and hardware manufacturers keep upgrading.

These protection schemes aren't a failure as you seem to think. They're accomplishing exactly what they're intended for.

DRM is futile

[pavera]

We all know this, I just think its funny that these media execs can't figure it out. I will never forget a story I heard from Westwood Studios back before they were bought out by EA (96-97 timeframe). On Red Alert 2, they spent a large fraction of the budget of the game, had 4 PhD contractors come in, trying to build a DRM system that would keep people from copying the game. It was cracked within 10 minutes of release.

After that they vowed never to try to put DRM on a game ever again, it cost way too much, and it didn't do anything. Besides that they got people all the time filling out their registration cards saying "I bought this game after I played the hacked version and I liked it".

DRM hurts sales, it hurts acceptance of a system, and it is expensive and pointless to deploy.

Re:The other side of the coin

[UF00]

The only thing I disagree with is that it's trivial to copy DVDs. Even the least technically savvy person can put a music CD into their computer and press the Copy Disc button that's built in to the operating system now. DVDs are more difficult, and the new breed of discs seem to be harder to copy still (not that I have a high def drive to say for sure, nor the desire to support the anti-consumer technology).

AACS won't stop actual piracy, but even CSS stops (or slows) casual playground/sneakernet piracy, so in that regard I think the actions of the AACS-LA are appropriate. People talk about the millions of dollars and years of time to develop the system that is broken in hours for free, but if it keeps 80% of the movie buying population from switching to the mindset that "movies are free like music is" then a cost/benefit analysis will probably say to implement the technology.

In any case, the aftermath is fun to watch.

Re:Maybe I'm in the minority, but...

[0123456]

"AACS is broken."

No it's not, because they'll release yet another key next week. People have to keep breaking it until the underlying algorithm is broken.

CSS, on the other hand, is totally, utterly and irrevocably broken.

Re:AACS v. RSA/TLS

[nuzak]

The algorithms underlying AACS are quite strong. However, in order to be able to play, AACS not only delivers the encrypted content on the disk, it delivers the key itself, in an encrypted format. And they deliver the key for that in the guts of every single player. Kind of daft, isn't it?

The AACS algorithm itelf hasn't been cracked. The encryption itself is based on AES, and it has no known practical attacks against it. The industry was smart about it this time, and made the spec fully open for review. What is happening is that they keep hiding the key under the mat, and we keep finding out where it is.

Re:AACS v. RSA/TLS

[tppublic]

Very little (read: nothing)

RSA is based on a computationally difficult calculation (factoring large numbers). The difference is that there is a secret key and a public key (same with SSL/TLS). Reconstructing the secret key from the public key is computationally difficult (NP-complete).

AACS is a form of a symmetric key system. There is some complicated math in calculating the derivative keys and allowing key revocation (the AACS encryption method is available on the net), but fundamentallly, they have a problem: The key to decode the disk must be present on the disc. Because this is a symmetric system (again, requiring some calculation from the master key in a hardware device doesn't complicate it that much), it simply cannot be made to be as secure as a system with a secret key. "Hacking" AACS doesn't actually require re-derivation from the master key, since there are so many opportunities to intercept the derived keys when they are "in flight" (in software decoders, for example)

Re:Okay... How do we use a crack?

[Ngwenya]

Now that multiple keys are out, how does someone legitimately use a key to view a HD disc on Linux?

https://help.ubuntu.com/community/RestrictedFormat s/BluRayAndHDDVD [ubuntu.com] is one method which can help; but a few caveats. The problem for Linux play is no longer the video codecs (recent ffmpeg builds have VC-1 support pretty much down pat, and H.264 has been fine for ages if you have a sufficiently powerful rig).

The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.

--Ng

Re:Haiku?

[abb3w]

I couldn't find that Haiku

The article is misleading; the hacker posted the comment [freedom-to-tinker.com], not the site [freedom-to-tinker.com] or its editors. I quoted the "Own Integers" Haiku ((copyright 2007 by Edward W. Felten) [freedom-to-tinker.com]) as part of an Educational Post [slashdot.org] on the actual encryption. The F2T blog with the original seems to be Slashdotted... again. Imagine that.

I do admire BtCB sense of technical style.

Re:If it's viewable, it's hackable

[smellsofbikes]

It's also a delaying action until the time when they can reasonably expect to sell video playback devices that are always connected to a network, at which point they can do crypto exchange of passwords with a remote server and the consumer is, officially, screwed. It's just that right now not enough consumers will buy stuff that demands connectivity before it'll work.

Re:If it's viewable, it's hackable

[duerra]

Oh get off your high horse. The wealthiest 1 percent of earners in this country pay 37% of tax revenue. How that got modded as Informative is beyond me.

Re:If it's viewable, it's hackable

[linguae]

The Libertarian solution to every problem doesn't always work, and in this case, it won't work

The truly libertarian solution would be to get rid of copyright. Copyright is a governmental construct, not a natural right. We wouldn't have all of these issues of the MPAA trying to increase copyright length if there were no copyright to increase in the first place.

Re:If it's viewable, it's hackable

[TheoMurpse]

The Libertarian solution to every problem doesn't always work, and in this case, it won't work.

Under a pure Libertarian philosophy, the DMCA wouldn't exist. Probably copyright wouldn't exist. That would solve all these RIAA problems, becase there'd be no law under which to sue.

Re:If it's viewable, it's hackable

[Anonymous Coward]

Learn some history. During the economic boom times of the fifties, the highest tax rate was 90% and that didn't seem to slow down the growth. Boo fucking hoo, 37%? My god, what a big whiner.

I'm pretty sure that saying 1% of the population pays 37% of taxes does not mean that their tax rate is 37%.

So... yer an idiot. Or at least comprehension-ally-challenged.

Re:If it's viewable, it's hackable

[spun]

You are so wrong, and I have the data [taxfoundation.org] to prove it.

California and New York both receive $0.79 in Federal funds for every dollar in federal taxes paid.

Re:If it's viewable, it's hackable

[moderatorrater]

Just for clarification, the parent was speaking of voting with your wallets being the libertarian solution.