New AACS Fix Hacked in a Day 362
VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 (Score:5, Informative)
Re:If it's viewable, it's hackable (Score:5, Informative)
> same thing over and over again, expecting different results.
And Bartcop's second law [bartcop.com] says that if someone makes a "mistake" that makes them a whole heap of money, then they will make the same "mistake" again and again and again. They keep making new protection scheme revisions, the content providers keep buying in and hardware manufacturers keep upgrading.
These protection schemes aren't a failure as you seem to think. They're accomplishing exactly what they're intended for.
DRM is futile (Score:4, Informative)
After that they vowed never to try to put DRM on a game ever again, it cost way too much, and it didn't do anything. Besides that they got people all the time filling out their registration cards saying "I bought this game after I played the hacked version and I liked it".
DRM hurts sales, it hurts acceptance of a system, and it is expensive and pointless to deploy.
Re:The other side of the coin (Score:2, Informative)
AACS won't stop actual piracy, but even CSS stops (or slows) casual playground/sneakernet piracy, so in that regard I think the actions of the AACS-LA are appropriate. People talk about the millions of dollars and years of time to develop the system that is broken in hours for free, but if it keeps 80% of the movie buying population from switching to the mindset that "movies are free like music is" then a cost/benefit analysis will probably say to implement the technology.
In any case, the aftermath is fun to watch.
Re:Maybe I'm in the minority, but... (Score:3, Informative)
No it's not, because they'll release yet another key next week. People have to keep breaking it until the underlying algorithm is broken.
CSS, on the other hand, is totally, utterly and irrevocably broken.
Re:AACS v. RSA/TLS (Score:5, Informative)
The AACS algorithm itelf hasn't been cracked. The encryption itself is based on AES, and it has no known practical attacks against it. The industry was smart about it this time, and made the spec fully open for review. What is happening is that they keep hiding the key under the mat, and we keep finding out where it is.
Re:AACS v. RSA/TLS (Score:3, Informative)
RSA is based on a computationally difficult calculation (factoring large numbers). The difference is that there is a secret key and a public key (same with SSL/TLS). Reconstructing the secret key from the public key is computationally difficult (NP-complete).
AACS is a form of a symmetric key system. There is some complicated math in calculating the derivative keys and allowing key revocation (the AACS encryption method is available on the net), but fundamentallly, they have a problem: The key to decode the disk must be present on the disc. Because this is a symmetric system (again, requiring some calculation from the master key in a hardware device doesn't complicate it that much), it simply cannot be made to be as secure as a system with a secret key. "Hacking" AACS doesn't actually require re-derivation from the master key, since there are so many opportunities to intercept the derived keys when they are "in flight" (in software decoders, for example)
Re:Okay... How do we use a crack? (Score:5, Informative)
https://help.ubuntu.com/community/RestrictedForma
The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.
--Ng
Re:Haiku? (Score:4, Informative)
I couldn't find that Haiku
The article is misleading; the hacker posted the comment [freedom-to-tinker.com], not the site [freedom-to-tinker.com] or its editors. I quoted the "Own Integers" Haiku ((copyright 2007 by Edward W. Felten) [freedom-to-tinker.com]) as part of an Educational Post [slashdot.org] on the actual encryption. The F2T blog with the original seems to be Slashdotted... again. Imagine that.
I do admire BtCB sense of technical style.
Re:If it's viewable, it's hackable (Score:3, Informative)
Re:If it's viewable, it's hackable (Score:5, Informative)
Re:If it's viewable, it's hackable (Score:3, Informative)
The truly libertarian solution would be to get rid of copyright. Copyright is a governmental construct, not a natural right. We wouldn't have all of these issues of the MPAA trying to increase copyright length if there were no copyright to increase in the first place.
Re:If it's viewable, it's hackable (Score:3, Informative)
Re:If it's viewable, it's hackable (Score:1, Informative)
I'm pretty sure that saying 1% of the population pays 37% of taxes does not mean that their tax rate is 37%.
So... yer an idiot. Or at least comprehension-ally-challenged.
Re:If it's viewable, it's hackable (Score:3, Informative)
California and New York both receive $0.79 in Federal funds for every dollar in federal taxes paid.
Re:If it's viewable, it's hackable (Score:3, Informative)