New AACS Fix Hacked in a Day 362
VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."
If it's viewable, it's hackable (Score:5, Insightful)
You know, they say the definition of insanity is doing the same thing over and over again, expecting different results. Somewhere I picture entertainment execs, having been sold a big and expensive line of B.S. by the firm that developed BD+ (just as they had been sold the exact same line by the companies that developed CSS and AACS), sitting in some board room saying "Don't worry, THIS time it's going to work!" They just don't get it. If it's viewable, it's hackable--period.
Bad system (Score:1, Insightful)
Is it worth their ROI? (Score:3, Insightful)
It's painful to watch... (Score:5, Insightful)
Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly. If I can live with it in my own home, I can live with it in the media market...
The other side of the coin (Score:5, Insightful)
Indeed...one could argue that a company would better serve its shareholders and its long term interests by eliminating copy protection completely. After all, at this stage of the game, anyone who wants a pirated copy can either make it themselves, or knows some techie guy who can. Eliminating all copy protection would save money otherwise pissed away on ineffective measures that only serve to annoy legitimate users, and would build a measure of good will and consumer loyalty that is worth more than anything deterring piracy could realize.
Re:Bad system (Score:5, Insightful)
No, these guys break AACS simply because it's _there_, and the movie industry *dared* them to do it.
And you know what? By making it more complicated than DeCSS, they made BD+ and AACS simply become *even more fun* to hack.
These guys should befriend some supply-side economists to learn about incentives and how they work.
Maybe I'm in the minority, but... (Score:4, Insightful)
Would they lose a sale here and there because somebody copies a movie for a friend/family/neighbor? Yes, of course. Are they going to anyway? Yes. But...are they losing sales because of DRM in place? I think lots.
Re:If it's viewable, it's hackable (Score:5, Insightful)
Music [and the arts] may have charms that will soothe the savage beasts in all of us, but these people want you to pay for the remedy and will do anything to make sure you do!
Blank Stare (Score:2, Insightful)
I'm sure you thought that was deep, but dude, put down the stick, exhale, and re-read your lines.
Simple solution (Score:4, Insightful)
This would slow down the crackers a LOT - but not entirely.
dvd sales (Score:5, Insightful)
Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?
Re:Bad system (Score:4, Insightful)
This "war on piracy" crap has to stop , all it is doing is creating a false market for companies to sell them content management (and I use the term loosely) systems.
They need to rally sit back and look at the hacks that are widely available. Satellite , software , hell even bank cards. They need to either make the system more expensive to break , so there is no point in cracking it , but just buying the disc or they need to embrace what the people want.
Since at this point you are driving your customers away I would choose the second option , don't DRM the discs and let people use the content they paid for. Why make them pay 3 times for the same content, that is just basic bad business and money mongering.
Re:DRM == FRAUD (Score:3, Insightful)
Antigravity.
Perpetual Motion.
Sharks with Frickin Lasers on their heads.
Space Flight. -- Wait, we did that one.
Pocket Computers. -- No, sorry, that one too.
Seriously, just because it's never worked before is -not- proof that it never will. There's -plenty- of reasons, but this is -not- one of them.
To companies, copy protection is -not- completely useless, so we'll never see content completely free from DRM. Expensive DRM is pointless, though, as it provides nothing extra.
Why isn't it completely useless? Because their work is covered under additional laws other than just copyright. Cheap vs Expensive DRM makes no difference here, the law doesn't differentiate.
Re:The other side of the coin (Score:5, Insightful)
Aha, but that's the key. Most people don't necessarily want a pirated copy. They just want a copy. If the copy protection can be difficult enough to get around to not make it worth the average person's time, then they won't bother getting a pirated version. People who make a conscious effort to pirate the material cannot be stopped, but if you can make it difficult enough to pirate nobody else will bother. I think the movie industry massively failed in that regard with DVDs. It became far too easy to pirate them. I also think they'll also fail here, but I do see why they keep trying. If they can just make it hard enough, most people won't bother.
They are only hurting the people who won't copy (Score:3, Insightful)
The only people inconvenienced by this system are the people who just want to watch the friggin' movie they just bought! I shudder to think of how my mom would deal with the situation if she just bought a new blu-ray movie and found it wouldn't play because she doesn't have the latest key. I hope they give up on releasing new keys soon.
Re:Maybe I'm in the minority, but... (Score:3, Insightful)
Aside from the bad PR they get from displaying their greed, the only thing actually preventing sales is the format war itself.
Re:Silent cheer for cracked DRM (Score:3, Insightful)
Re:Bad system (Score:3, Insightful)
When the customers that they're potentially driving away are a very small part of the overall base, why should they care?
The DVDs that that majority of people buy will never be used anywhere but in their DVD player. It'll work just fine in their home computer too - all DRM breaks is the ability to make copies, something that most people don't do. If the DRM doesn't break their player in some way, which it generally doesn't, they will never know no even care that it is there.
And why should they? These people aren't stupid, it's just that the encoding that is put on the disks is completely transparent to them and largely affects their ability to play the disks in not at all.
Re:If it's viewable, it's hackable (Score:4, Insightful)
The bottom line is that Joe Average just doesn't mind being pushed around as long as he's comfortable. Very discouraging for the future of free will, independent thinking, privacy, security, liberty and other non-socialist, non-communist ideals in the USA.
Re:If it's viewable, it's hackable (Score:4, Insightful)
Pretty funny (Score:3, Insightful)
Will be interesting to see whether they learn that this is not the way before or after ther business will have entirely gone away.
Re:If it's viewable, it's hackable (Score:5, Insightful)
Re:It's painful to watch... (Score:3, Insightful)
Totally OT, but OOC, why the hate for spiders? Personally, I love the little buggers. They eat flies and other pests, and otherwise mind their own business. Sounds like a good deal to me...
Re:Is it worth their ROI? (Score:3, Insightful)
Because the East India Company made a lot of money for a while and then went into decline and ultimately failed due to the huge cost of trying to maintain control of the areas it had attempted unsuccessfully to monopolize?
At least the Company's business model didn't violate the laws of nature, which is more than can be said for the studios.
Bits can be copied. Basing your business on the belief that some bits can't be copied, or that some bits can even be made quite hard to copy, is like basing your business on the belief that some mass can be made to have just a little bit less inertia than it normally would.
Perpetual motion machines are the only thing that is unpatentable because they cannot work. We will eventually see the time come when DRM systems are unpatentable for exactly the same reason.
In addition. (Score:4, Insightful)
And it has been working. The number of people who practice wholesale piracy is and always has been fairly low - what scares them is that it might become more widespread if the general public were allowed access to technology which they might abuse. I don't think that is true, and I think it is fundamentally wrong to put restrictions on an entire country just because you fear that some might abuse their freedoms, but that is where they are coming from, and in their eyes DRM has been successful in achieving that goal.
But the real heart of the issue is that they want control for its own sake - not just because they have specific things they want to enforce, but because they have been in control for so long and letting go of any of that frightens them. They don't know what the future holds, and so their reflex is to tighten their grip as much as possible.
Re:If it's viewable, it's hackable (Score:2, Insightful)
Re:If it's viewable, it's hackable (Score:4, Insightful)
Which well never happen. It makes people feel very uncomfortable to have to think about the ethical choices they make before they buy (this counts for things like clothing and coffee as well). They would rather not hurt their brains that much. Those are the ones that even cared enough to find out that buying some products are bad, which the majority won't, unless some celebrity happens to take a stance. Have you noticed the shift to more and more brain-dead celebrities these days?
Re:If it's viewable, it's hackable (Score:3, Insightful)
Re:If it's viewable, it's hackable (Score:3, Insightful)
Re:If it's viewable, it's hackable (Score:3, Insightful)
Re:It's painful to watch... (Score:3, Insightful)
Just looking at them for an extended period of time gives me the gibblies and I can't stop until i
All the same, when I do see a spider in a non-important place in my house, I just do my best to not look at it and vacate the room as soon as possible. I know they do a good job, I just wish I never had to be confronted by their existence.
Re:If it's viewable, it's hackable (Score:5, Insightful)
Yes - just a small matter of implementation
You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.
Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).
And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.
Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.
All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.
I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.
--Ng
Re:If it's viewable, it's hackable (Score:3, Insightful)
It is also useful to consider other statistics such as how much income [cbpp.org] the wealthiest one percent actually makes. When it comes to actually living life, 50% of hundreds of thousands of dollars to billions of dollars is much different than 50% of ten to twenty grand [census.gov]. It's the difference between "Am I going to be able to buy a boat upon which to stand around and drink alcoholic beverages?" and "Can I afford a place to live and food to eat?".
Re:If it's viewable, it's hackable (Score:3, Insightful)
Really.
Think about your average high schooler walking down the hall listening to his or her iPod.
Where do you see that person in 10 years? 20?
We're raising a(nother?) generation of cattle, addicted to pop culture and unaware of the world.
Like any of them will have a clue. They'll get into power and maintain the status quo.
But it's nice to have hopes!
Re:If it's viewable, it's hackable (Score:3, Insightful)
I agree. We should never re-elect an incumbent, ever. Power and influence start to grow around them. No matter how "good" they seem, send them home to live with the consequences of their actions while in office. But, it'll never happen that way because as I said earlier "The bottom line is that Joe Average just doesn't mind being pushed around as long as he's comfortable"
Truly a sad situation in America today.
Re:dvd sales (Score:3, Insightful)
Quite the opposite: I would not have purchased any DVDs or a DVD player until the copy scheme was broken. I have a small child in my house: you think I let her anywhere near the purchased copies of her movies? She gets the burned copies only.
I gotta say, though: to VHS's credit, those tapes are fairly tough. My daughter can handle the video tapes all she wants. But DVDs are far more fragile: I've had to re-burn "Madagascar" a couple of times for her, and she's really not that rough with the discs.
(Oh, and the fact that DVD Shrink lets me make discs that start playing the movie immediately on inserting the disc into the player is a huge bonus as well. If DVDs were indestructible, this feature makes the process worth it by itself.)
Re:If it's viewable, it's hackable (Score:3, Insightful)
Another relevent term might be "corporate socialism" where the redistribution is more to corporate than actual people...