New AACS Fix Hacked in a Day

VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

DRM == FRAUD

[Concern]

When will the legal system in this country catch on to the fact that DRM is a garden variety fraud, perpetrated by shady "engineers" on gullible content producers?

There has never been a working DRM system in the history of mankind. There will very likely never be a working DRM system. And I only say "very likely" because the rest of history is a very long time - but it is impossible to imagine how any such system can be built in the future, regardless of technological progress.

The roster of DRM vendors is a list of failed charlatans, with a track record of consumer ire, ruined reputations (the vendors' own, and their customers), legal liability (remember Sony?), and of course, enormous costs for their customers - their true victims.

I wonder if the spectacle of AACS' failure will finally begin to wake them to the fact that no one can sell DRM, because it doesn't exist - and the people who claim it does are no better than those selling magic weight loss via email spam.

It's still doing it's primary job

[Dachannien]

AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet.

That's really what the content cabal are most interested in. Piracy of their content is a foregone conclusion. It's been happening for decades, and in some countries, almost the entire market for their content is based on counterfeit copies. They've long since priced their "losses" into the cost of their product.

What AACS (and CSS before it) is really about is enforcing the other forms of DRM they've implemented, like user-operation prohibition (preventing you from skipping the pointless FBI notice, company credits, and best/worst of all, advertising) and region coding. Note that neither of those DRM schemes have anything to do with piracy prevention - they're just another route for indirectly extracting revenue from the consumer, by force-feeding advertising or by exploiting the arbitrage created when they don't release their content simultaneously around the world.

Watch the news spread using Google

[giafly]

At the time of posting, this gives 973 results. Click the link [google.com] see how much further the news has spread.

Silent cheer for cracked DRM

[raw-sewage]

Does anyone else silently cheer whenever you read a headline about DRM being cracked?

I mean, I'm not an anarchist or cheering for piracy. I just think that DRM strips or at least greatly hinders fair use and artificially inflates the cost of media. The latter is particularly irksome: part of the cost of your CDs, DVDs, HD-DVDs, Blueray Discs is to pay for the research, development and deployment of DRM. I'm sure that's not a trivial cost.

The more I think about this, the more worked up I get: it's paying for features that nobody wants. We are literally paying more to get less.

Making personal copies of media, I believe, should be totally within our fair use rights. I know lots of people with young children who make copies of their DVDs. Their kids watch the DVDs over and over again, and their grubby little hands aren't well-suited for handling the somewhat fragile media. Solution: make a cheap copy of a DVD, and let the kids use that one. Likewise, I copy and encode all the DVD movies I own to my hard drive for a movie-on-demand system. I still own the DVD, so why can't I copy it? (Maybe I should thank the DRM pushers for trying to combat my laziness?)

Just out of curiosity... how big are HD-DVD and Blueray movies? Last I recall, the media sizes were 30 and 60 GB, respectively. Do most movies take up all that space? I mean (in my experience), most 480p DVD movies seem to average just under 9 GB (the full capacity of a dual-layer DVD).

Re:Blank Stare

[notque]

I'm sure you thought that was deep, but dude, put down the stick, exhale, and re-read your lines.

There isn't anything deep about it, it just happens to be true.

You know, like this...

            The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country.
            We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society.
            Our invisible governors are, in many cases, unaware of the identity of their fellow members in the inner cabinet.
            They govern us by their qualities of natural leadership, their ability to supply needed ideas and by their key position in the social structure. Whatever attitude one chooses to take toward this condition, it remains a fact that in almost every act of our daily lives, whether in the sphere of politics or business, in our social conduct or our ethical thinking, we are dominated by the relatively small number of persons--a trifling fraction of our hundred and twenty million--who understand the mental processes and social patterns of the masses. It is they who pull the wires which control the public mind, who harness old social forces and contrive new ways to bind and guide the world.

By the Creator of the Public Relations Industry, and Nephew of Sigmund Freud, Mr. Edward Bernays

crapflooding with keys

[nuzak]

We all know how to google for "09 F9". Some of have that key committed to memory. Or emblazoned on a sticker. Or you can google for "digg revolt". How many people know to google for "45 5F"? How many tshirts will have that? How many hits are on the front page of Digg?

After a dozen more iterations, how visible will those keys be? Easily available, yes. News, no. They go back to being "eeeeevil underground hacking codes" they can more easily legislate against.

Re:DRM == FRAUD

[ravenshrike]

You could make a DRM system work, but you would have to completely black box the media and player, and booby-trap it so when the case was cracked it would fry the DRM components. Even then it could theorectically still be done. But with an industry-wide standard this CANNOT be done. And therefore truly effective DRM will not be possible for a very long time, if ever.

Go total digital

[sobolwolf]

They should have learned by now from the music industry - they need strip down all expenses, ie packaging, etc and just provide the content digitally. They could then distribute to selected centers such as blockbuster, etc where people buy a blank dvd and get it burned for a few bucks, and get to keep it as well. Make it so much easier / and cheap for people to get it from offical outlets than to download. I tell you, I would rather stroll around the blockbuster then sift thru shady torrents, plus I can't download pringles... - they could also give away a free toy with kids movies as well... (this seems to work for McDonalds..). They also have one distinct advantage over music in regards to movies - people only watch a movie a few times at most anyway before they are after their next fix. This should be the main focus of a new paradigm in movie distribution. They need to get this infrastructure in place now, as opposed to waiting, for as bandwidth speed increases it is inevitable that people will start to download movies like they do music.

Re:If it's viewable, it's hackable

[kinglink]

Exactly. Humans are analog creatures. We can't interpret digital signals in real time. Anything that is produced into a analogy copy will be capturable. Digital formats like Blue ray must be inevitably be converted into an analog form for our enjoyment. Trying to protect your product isn't going to change these facts. Want to sell more? Give us a reason to buy a new version of the product, and higher resolutions isn't selling it (uprezed DVDs still look amazing on my 50 inch TV).

Re:If it's viewable, it's hackable

[Kadin2048]

Well, you're right that the key-revocation scheme was designed to deal with this, however where the problem lies is in certain assumptions that the people designing the revocation system made.

I don't think they ever thought that the keys would get compromised this quickly. The AACSLA is fighting an asymmetric war. It takes them, what, about six months to revoke a key? Maybe they could get that down to a few months, but it's still going to be difficult. They have to realize that a key is compromised, decide to revoke it, make up a new MKB, master a new disc, send that disc master to Taiwan or China for pressing, and import and distribute the new disc. There's only a certain amount that a process like that can be expedited by.

The revocation scheme was designed to deal with insecure players, basically as a one-off process. Player gets compromised? Revoke it. It's not getting them any security in its current state. Right now, they revoke existing key. New key is compromised after one day in circulation. They begin revoking it. Six months later, they revoke new key. Rinse. Repeat. What's the steady state of this system? The hackers win, because at any given time, they probably have the keys to all the extant discs.

Now, you do bring up an interesting point about blocking software players, and just eliminating them altogether. Setting aside the problems this would cause with the likes of Microsoft and other players heavily invested in the concept of HTPCs, it might slow things down. However, I don't think there's any reason to think that they keys can't be extracted from the hardware -- that's just too good of a technical challenge to pass up. And again, if the rate at which keys get compromised is much, much faster than the rate at which compromised keys can be revoked, then the AACS loses control.

Garbage in Garbage out

[DarthVain]

I had the same problem with DVD's. Unless the movie was made using the technology (in this case HD), what is the point? I look at the movies that were posted, and I mean FF4 sucked, and while I never watched Crank, I think I can safely say that it also sucked and I have no intention of watching it free or not. The last movie Reservoir Dogs was a great movie, but it was made like what.... 15 years ago! Somehow I doubt it uses HD technology. Which begs the question, other than to just offer it on yet another media and suck profits up why bother. If it was filmed at a particular resolution, using a particular quality film, what more can be done. Digital magic can be done to it, but it is all just interpolation, and anyone that bought a digital camera that only has 3x digital zoom can tell you that generally speaking it helps, but basically it sucks balls. The big excuse last time around (normal DVD) was that why you could fit all these extras on the disk, in addition to the movie, what a deal! Well by and large I don't know about you, but I ignore most of these as they are pretty pathetic for the most part. So now we have HD and Blu-Ray, 15GB and 25GB respectively (approximately), whereas the lowly DVD was only like 3GB and change or 6GB and change. How much extra freakin' content do they think we need on these things? Sure new stuff that is filmed in HD, on an HD disc, on an HD player, on an HD TV, using HD cables ad connectors will look great. However everything else, or skip one of the HD steps, and you have to ask, is this just another profit grab (notice that Sony and they rest make all these devices), and if so, after all the media changes, does this industry deserve to have protection in this respect? Anyway my rant was a bit longer than expected, but this cycle just keeps going and going. I understand the need for profit, it is the number one goal of any company. However at some point you have to take a step back, and look at what is being done to the consumer and ask is this right? (and by that I don't mean the consumer or the company, although that would be nice... The law makers who provide law for society should be the ones thinking about this. Though the current trend that I see, it could be hard for them to think coherently when they are swimming in a bathtub of money given to them by lobby groups associated with this issue, or see their opponents swimming it it)

Re:Bad system

[PainKilleR-CE]

I find that most people need to understand the link between the encryption and the "features" that irritate them before they will actually realize why this is a big issue to a small number of people. For instance:

- Not being able to fast forward (or skip) through the FBI anti-piracy warning that everyone skipped on their VHS copies of the same movie.

- Not being able to fast forward (or skip) through the previews on all of the Disney movies they bought for their kids (therefore leading to their kids wanting all of the crap on the previews; and their kids complaining that the movie hasn't started yet).

- Not being able to copy the movie to their laptop hard drive before they go on a trip to prevent having to take that stack of DVDs through airport security and possibly damaging the disc in transit.

If they understood the reason for the things they have problems with, rather than just blaming it on their DVD player or a shortcoming in their computer, perhaps more people would be irritated by what the movie industry is doing. Instead, the focus of most press on DVD encryption breaks is piracy and copying movies, when the reality is that most people would be happy just to break the format restrictions and keep buying movies.

In a lot of ways I see the same issues with CDs, where the RIAA shot themselves in the foot by saying people were stealing their product by downloading MP3 files when they could have emphasized (and increased) the benefits of the CD format vs. MP3 files. Anyone that listens to a lot of Pink Floyd and hasn't listened to it in any format other than MP3 in a while should throw the CD in the drive and hear what's missing from their MP3 files. Instead, though, we get the music industry trying to make people buy their product again, in a more limited format, and trying to find a way to wrap the older product in a layer of encryption to keep people from ripping the files to use elsewhere.

Re:Watch the news spread using Google

[MartinJW]

14,200 and rising.

Re:If it's viewable, it's hackable

[jZnat]

Why should we have to completely ignore our culture just because of some assholes at the top? The Libertarian solution to every problem doesn't always work, and in this case, it won't work. People are ignorant of the issue, and even if they knew about it, they'd rather continue indulging in their culture and entertainment rather than "fight the power". We need to think of a different solution, and continuing to break all the rights-restricting DRM they throw at us is, in my opinion, a good start.

If the law wasn't bought and paid for by them, a boycott might work, but since they are able to extend copyright to cover anything and everything for as long as they want, we cannot just vote with our wallets; they've got much bigger wallets than us.

Re:If it's viewable, it's hackable

[spun]

Free will, independent thinking, privacy, security, and liberty are ideals of socialism and communism. Wherever did you get the idea they weren't? Communism in practice leads to oligarchy, granted. That is because communism is meant to be a transitional form of government. It is meant to lead people from where they are to true anarchism, but because it assumes they can not lead themselves, it becomes paternal and hierarchal, just like the system it replaces. Socialism is not meant to lead anywhere, and can exist alongside the free market. I'm not sure what exactly you think socialism is, but it certainly doesn't preclude any of those things you mentioned, in theory or practice. In fact, it can easily be argued that in practice, it is more effective at bringing those things to a lrger number of people than a strictly market based system.

And to be honest, what we have in the USA is socialism. We redistribute the wealth all the time, from rich states to poor states, but from poor people to rich people. Think about all the government pork for the well connected. That's a form of socialism, only its socialism for the wealthy.

Re:If it's viewable, it's hackable

[dpilot]

My *next* letter to Sen. Patrick Leahy will have 3 focal points...
1: I like the work he's currently doing on Judiciary with the investigations. This stuff is IMPORTANT!
2: As far as copyright law goes, these days it's not really "all about the artists," as he has told me in letters in the past. If he really believes that, he's being sold a bill of goods by the mafiAA, and I need to dig up substantiation for his.

And the point germane to this thread...
3: Passing ever-more-draconian copyright/DRM legislation is HURTING our media industry. We will NEVER get a regimen this tough forced around the world, no matter how hard we try, and no matter that there are some early exceptions. NONE of this stuff has done spit to stop widespread violation in China and it never will.

Like it or not, the world is changing, and the mafiAA had darned well better learn to cope with it. The current legislative path in the US is coddling them, and allowing them to not cope with a changing world, and at some point they will be completely incapable of playing on the world stage. (figuratively and literally) For an analogy, a favorite on Slashdot is how the movie industry grew up in California, in order to get around the protective laws the stage industry had in New York. If the mafiAA doesn't learn to adapt, world entertainment WILL move elsewhere, it's just a matter of time.

Which is a harder problem - cracking the Chinese copyright violation problem, or teaching Bollywood to make good movies?

Re:If it's viewable, it's hackable

[spun]

I'm using the term anarchism in the sense that Proudhon and Bakunin used it, so yes, what it meant in the 19th century. Sure, any economic system can be used to oppress people. I think that's a key point, economics can oppress just as surely as politics can. Do they automatically oppress? That's what we're debating here, I think, not whether they can, but whether they must. I'd say capitalism by its very nature creates an oppressed class. Communism will lead to a non-communistic structure that creates an oppressed class. Socialism won't necessarily. That's my take anyway. Although for me, a cooperative structure like that found in the Mondragon Cooperative in Spain sounds even better than socialism as practiced in, say, France.

Re:If it's viewable, it's hackable

[Aceticon]

If i still remember correctly, from what i learned in my Philisophy classes:

In the original concept:
- Communism is the final status where everybody is equal to everybody else and has the same amount of things
- Socialism is one way to reach Communism. Socialism says that to reach Communism one must first have a revolution which establishes a "Dictatorship of the Proletariat" (The proletariat is basically the group name for all common workers). Under that Dictatorship, property will be redistributed until everybody has the same and Communism is achieved.
- Social Democracy is another way to reach Communism. Social Democracy says that richer people must be taxed more heavilly than poorer people which will eventually lead to the situation where everybody has the same, eg Communism.

All so called Communist countries actually started with Socialist revolutions (more preciselly, variants of Socialism such as Maoism and Marxism/Leninism), only they all stopped at the stage of "Dictatorship of the Proletariat" (surprise, surprise)

Most Western European countries adopted a variant of Social Democracy in the sense that in most of Western Europe taxes are progressive (eg, the bigger the income the higher the percentage of tax), though the aim is to increase social equality, NOT achieving Communism.

Re:If it's viewable, it's hackable-Another Importa

[Nom du Keyboard]

Another important point to your excellent post:

Whether a key is cracked the day the first disc containing it is sold, or weeks/months later, once cracked it's cracked permanently. This means that all discs will be available unencoded sooner or later.

So the question becomes, is the industry striving for a few weeks of exclusivity for their product that's worth this high cost and customer anger? I think the answer is yes, and that's why they continue to go through this long, arduous exercise. After all, people aren't very patient. Many (too many, IMHO) have to buy new discs the day they're released, rather than wait for a DRM-free solution that lets you decide which parts and how you'll watch the disc (skip that redundant FBI warning), rather than them.

I also think they tried -- very unsuccessfully -- to scare away the hackers by saying, it's all wasted effort on your part. Even if you ever break our much stronger than CSS encryption, we'll just revoke the key on you anyway. Didn't work, but then their real goal was maybe to just hold the fort for the first 3 weeks of sales.

As for the BD+ extra security for BluRay -- talk abut one way to lose the format wars quickly as everyone moves to HD-DVD to avoid it.

I'm sorry but you're wrong

[BLKMGK]

Ripping DVDs has become commonplace. I've been surprised more than once while working on someone's computer to find that they not only have DVD ripping software but several movies ON their computer. Generally I'm working on these computers because the person was too clueless to know how to stop spyware from installing itself and they have come to me for help. Don't know how to protect their computer but many savvy enough to rip DVDs and nearly all capable of ripping CDs. If I had a dollar for every parent that asked me how to copy DVD so their kids wouldn't damage the originals or how to rip DVD to a laptop or PSP for traveling I'd be rich. If you think this isn't in demand you're fooling yourself or not getting out enough. It's become so common that one day when my SO bought a movie in the grocery store the clerk behind the counter went on and on to tell her how she could rent and rip DVDs for "practically free" and that it was "legal". She knows better and we buy our DVDs (I promptly rip them to the NAS) but she got quite the chuckle telling me about the guy behind the counter. He was even telling her what software to download! (lol)

Like it or not ripping media for use on computers, iPODs, PSP, and other devices has become pretty mainstream. There are lots of advantages to being able to do this with the media when you've bought it and this hasn't escaped notice by Joe Consumer, taking that ability away from them will NOT make them happy.

P.S. And yeah, not being able to forward past the FBI warnings and previews DOES piss people off - they do not simply accept it. I help moderate a tech forum for both the knowledgable and the novice techy types - whenever the subject of DVD players comes up the Chinese models that allow you to forward past those warnings (and upscale) are always highly recommended\sought after. No one likes to be force fed and that stupid FBI warning is bitched about a great deal!

Re:If it's viewable, it's hackable

[Ngwenya]

Who says the chip has to be a standard, off-the-shelf device?

Economics of interoperability. If each device manufacturer goes with their own way for encryption then the devices will cost too much. As for ICEs not working against modern hardware, I think you may be incorrect there. Just as the crypto chips have got faster and harder, so have the ICEs. To take an example: TPM chips for PCs tend to come from one of three manufacturers - Infineon, Atmel and Nat Semi. Of course, HP, Dell, Sony, IBM, Toshiba and so on could all invent their own chips, their own bus controllers, etc, but then the interoperability costs become huge. So to make HD-DVDs/BDs work on all platforms, you'd basically be asking for each major manufacturer to spin custom silicon in each instance. The cost of that would be massive.

As far as attacking the HDMI stream: good luck doing real-time encoding of a raw, uncompressed HDTV stream. Currently, that requires extremely expensive hardware (if it even exists).

It does exist, and it is expensive. But were the demand higher, then those costs would come down. Secondly, it doesn't have to be real-time at all - you can do it frame by frame if you will. Or would you also authenticate and encrypt the control channels (ie, the remote controlling the player)? Pretty soon all of those encrypted channels start to require extra margins in the price of the device. It's not just a matter of signal security - it's a matter of signal security at a cost the market can bear.

The only reason that HD capture devices are so expensive is because it's much cheaper to decrypt the signals at source rather than the decoded ones. You've already demonstrated knowledge of this, but it's worth repeating - you have to protect the signal at all points, and protect it to an economically viable level. Honestly, if Sony thought it could pull the same stunt that it did with MiniDisc except for HD video, then I'm positive they would have done. They (and Toshiba) have got their own fab plants. Since they didn't do it, I don't think it was because they were stupid - it was because they didn't think it worth it.

--Ng

Re:DRM is futile

[johno.ie]

Rubbish. Red Alert 2 was not cracked. Even 10 years after release. I have 2 copies of Red Alert 2 and 2 copies of Yuris Revenge on the shelf right beside me here and I played it regularly for years after its release. There was a nocd crack available for it, but it didn't work. It appeared to work for the first 5 minutes of the game, then all your units blew up. That was a clever move on the part of Westwood.
This 'story' that you 'heard' is highly suspect because Red Alert 2 is the only game I know of that never had a working nocd crack.

Re:If it's viewable, it's hackable

[russ1337]

>>> When the next generation of iPod owning kids get into power, most of the copyright laws will be scrapped.

Problems is... these kids are going to University/College and being taught to a curriculum that says you must 'protect your copyright at all costs', because 'the consumer is a criminal' and 'DRM, patents and copyright are the way to protect your IP'.

It will take some pretty big balls / tenured professors to start lecturing main stream business classes about alternative 'consumer friendly' ways to sell products, along with some very good and well proven alternative business models.

Only once these kids graduate and reach 'lawmaker' age, will things start to change. I give it 50 years from now. I see a depression & rebirth of the USA in 25.