Forgot your password?
typodupeerror
Hardware Hacking Encryption Security Technology

New AACS Fix Hacked in a Day 362

Posted by Zonk
from the oh-day-warr-ez dept.
VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."
This discussion has been archived. No new comments can be posted.

New AACS Fix Hacked in a Day

Comments Filter:
  • by elrous0 (869638) * on Friday June 01, 2007 @09:24AM (#19350635)

    Blu-ray discs with a further layer of copy protection called BD+ are rumored to be nearing delivery

    You know, they say the definition of insanity is doing the same thing over and over again, expecting different results. Somewhere I picture entertainment execs, having been sold a big and expensive line of B.S. by the firm that developed BD+ (just as they had been sold the exact same line by the companies that developed CSS and AACS), sitting in some board room saying "Don't worry, THIS time it's going to work!" They just don't get it. If it's viewable, it's hackable--period.

    • by erroneus (253617) on Friday June 01, 2007 @09:39AM (#19350799) Homepage
      You're not looking far enough down the road to where this all leads. Hell, you're not even looking back on the road we've all be travelling where all of this is concerned. They know there is no knot that cannot be untied. What they are winning is the sympathy of lawmakers who are increasingly adding to the penaties of copyright infringement, writing new laws around the globe and generally extending copyright indefinitely. It's the quicksand they have us trapped in that they are after. The more people resist, the more legislative backing they receive. How long before whistling a tune as you walk down the street will get you arrested?

      Music [and the arts] may have charms that will soothe the savage beasts in all of us, but these people want you to pay for the remedy and will do anything to make sure you do!
      • by AlHunt (982887) on Friday June 01, 2007 @10:20AM (#19351247) Homepage Journal
        Honestly, consumers just need to start voting with their dollars - don't buy copy-protected DVDs, don't buy CDs until RIAA knocks off intimidating people, don't patronize lawsuit-happy companies.

        The bottom line is that Joe Average just doesn't mind being pushed around as long as he's comfortable. Very discouraging for the future of free will, independent thinking, privacy, security, liberty and other non-socialist, non-communist ideals in the USA.

        • by c00rdb (945666) on Friday June 01, 2007 @10:34AM (#19351399)
          Except the less you buy, the more the industry claims that those losses are due to piracy. It's a never ending cycle.
          • Re: (Score:3, Insightful)

            by veganboyjosh (896761)
            If current trends continue, media sales will continue to drop (be it from piracy, or disinterest, or whatever legitimate reason/s), they'll totally crumble and go away. At that point, it won't matter what the real reason is, so long as they go away.
            • Re: (Score:3, Insightful)

              by TheGavster (774657)
              I wouldn't put it past the record companies (and the current trend of economy-controlling governments) to get the American government to buy licenses for the whole population one day, under the argument that they can't effectively license individuals. This is something that has already been done on some college campuses with music subscription services.
        • by mgblst (80109) on Friday June 01, 2007 @10:54AM (#19351709) Homepage
          Honestly, consumers just need to start voting with their dollars - don't buy copy-protected DVDs, don't buy CDs until RIAA knocks off intimidating people, don't patronize lawsuit-happy companies.
           
          Which well never happen. It makes people feel very uncomfortable to have to think about the ethical choices they make before they buy (this counts for things like clothing and coffee as well). They would rather not hurt their brains that much. Those are the ones that even cared enough to find out that buying some products are bad, which the majority won't, unless some celebrity happens to take a stance. Have you noticed the shift to more and more brain-dead celebrities these days?
        • by jZnat (793348) * on Friday June 01, 2007 @11:04AM (#19351883) Homepage Journal
          Why should we have to completely ignore our culture just because of some assholes at the top? The Libertarian solution to every problem doesn't always work, and in this case, it won't work. People are ignorant of the issue, and even if they knew about it, they'd rather continue indulging in their culture and entertainment rather than "fight the power". We need to think of a different solution, and continuing to break all the rights-restricting DRM they throw at us is, in my opinion, a good start.

          If the law wasn't bought and paid for by them, a boycott might work, but since they are able to extend copyright to cover anything and everything for as long as they want, we cannot just vote with our wallets; they've got much bigger wallets than us.
          • Re: (Score:3, Informative)

            by linguae (763922)

            The Libertarian solution to every problem doesn't always work, and in this case, it won't work

            The truly libertarian solution would be to get rid of copyright. Copyright is a governmental construct, not a natural right. We wouldn't have all of these issues of the MPAA trying to increase copyright length if there were no copyright to increase in the first place.

          • Re: (Score:3, Informative)

            by TheoMurpse (729043)

            The Libertarian solution to every problem doesn't always work, and in this case, it won't work.
            Under a pure Libertarian philosophy, the DMCA wouldn't exist. Probably copyright wouldn't exist. That would solve all these RIAA problems, becase there'd be no law under which to sue.
          • Re: (Score:3, Informative)

            Just for clarification, the parent was speaking of voting with your wallets being the libertarian solution.
      • by dpilot (134227) on Friday June 01, 2007 @11:19AM (#19352145) Homepage Journal
        My *next* letter to Sen. Patrick Leahy will have 3 focal points...
        1: I like the work he's currently doing on Judiciary with the investigations. This stuff is IMPORTANT!
        2: As far as copyright law goes, these days it's not really "all about the artists," as he has told me in letters in the past. If he really believes that, he's being sold a bill of goods by the mafiAA, and I need to dig up substantiation for his.

        And the point germane to this thread...
        3: Passing ever-more-draconian copyright/DRM legislation is HURTING our media industry. We will NEVER get a regimen this tough forced around the world, no matter how hard we try, and no matter that there are some early exceptions. NONE of this stuff has done spit to stop widespread violation in China and it never will.

        Like it or not, the world is changing, and the mafiAA had darned well better learn to cope with it. The current legislative path in the US is coddling them, and allowing them to not cope with a changing world, and at some point they will be completely incapable of playing on the world stage. (figuratively and literally) For an analogy, a favorite on Slashdot is how the movie industry grew up in California, in order to get around the protective laws the stage industry had in New York. If the mafiAA doesn't learn to adapt, world entertainment WILL move elsewhere, it's just a matter of time.

        Which is a harder problem - cracking the Chinese copyright violation problem, or teaching Bollywood to make good movies?
        • Re: (Score:3, Funny)

          by ArsenneLupin (766289)

          Which is a harder problem - cracking the Chinese copyright violation problem, or teaching Bollywood to make good movies?
          I'd say, teaching Hollywood to make good movies... *ducks*
      • Re: (Score:3, Informative)

        by smellsofbikes (890263)
        It's also a delaying action until the time when they can reasonably expect to sell video playback devices that are always connected to a network, at which point they can do crypto exchange of passwords with a remote server and the consumer is, officially, screwed. It's just that right now not enough consumers will buy stuff that demands connectivity before it'll work.
    • by FauxPasIII (75900) on Friday June 01, 2007 @09:52AM (#19350925)
      > You know, they say the definition of insanity is doing the
      > same thing over and over again, expecting different results.

      And Bartcop's second law [bartcop.com] says that if someone makes a "mistake" that makes them a whole heap of money, then they will make the same "mistake" again and again and again. They keep making new protection scheme revisions, the content providers keep buying in and hardware manufacturers keep upgrading.

      These protection schemes aren't a failure as you seem to think. They're accomplishing exactly what they're intended for.
    • Actually, there hasn't been an actual hack yet. These "hacks" are what the key revocation procedure is intended for. It isn't like DeCSS, where knowing the algorithm was enough to bruteforce thousands of keys. If the AACS LA wanted to, they could stop giving out new keys to software-only players and stop this type of hacking in its tracks.
      • Well, you're right that the key-revocation scheme was designed to deal with this, however where the problem lies is in certain assumptions that the people designing the revocation system made.

        I don't think they ever thought that the keys would get compromised this quickly. The AACSLA is fighting an asymmetric war. It takes them, what, about six months to revoke a key? Maybe they could get that down to a few months, but it's still going to be difficult. They have to realize that a key is compromised, decide to revoke it, make up a new MKB, master a new disc, send that disc master to Taiwan or China for pressing, and import and distribute the new disc. There's only a certain amount that a process like that can be expedited by.

        The revocation scheme was designed to deal with insecure players, basically as a one-off process. Player gets compromised? Revoke it. It's not getting them any security in its current state. Right now, they revoke existing key. New key is compromised after one day in circulation. They begin revoking it. Six months later, they revoke new key. Rinse. Repeat. What's the steady state of this system? The hackers win, because at any given time, they probably have the keys to all the extant discs.

        Now, you do bring up an interesting point about blocking software players, and just eliminating them altogether. Setting aside the problems this would cause with the likes of Microsoft and other players heavily invested in the concept of HTPCs, it might slow things down. However, I don't think there's any reason to think that they keys can't be extracted from the hardware -- that's just too good of a technical challenge to pass up. And again, if the rate at which keys get compromised is much, much faster than the rate at which compromised keys can be revoked, then the AACS loses control.
        • Re: (Score:3, Insightful)

          by alienw (585907)
          I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented. Granted, I wouldn't be surprised if the keys were stored in a poorly-encrypted external ROM, but hacking hardware is still orders of magnitude more difficult and expensive than hacking software, and well-protected hardware is pretty much impossible to crack. Any kid with an internet connection, a decent debugger, and a pirated copy of IDA can crack a software player, but hardware usually takes inside kn
          • by Ngwenya (147097) on Friday June 01, 2007 @11:48AM (#19352573)

            I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented.


            Yes - just a small matter of implementation :)

            You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.

            Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).

            And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.

            Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.

            All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.

            I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.

            --Ng
        • Another important point to your excellent post:

          Whether a key is cracked the day the first disc containing it is sold, or weeks/months later, once cracked it's cracked permanently. This means that all discs will be available unencoded sooner or later.

          So the question becomes, is the industry striving for a few weeks of exclusivity for their product that's worth this high cost and customer anger? I think the answer is yes, and that's why they continue to go through this long, arduous exercise. After all

    • In addition. (Score:4, Insightful)

      by pavon (30274) on Friday June 01, 2007 @10:45AM (#19351591)
      To add to erroneus's nonerroneus post, the main thing that they get out of DRM and the DMCA is the ability to dictate exactly what every electronic media device in this country can and cannot do. DVD burners are becoming as common as CD burners, but burning DVDs for your friend is not as common as burning CDs as because you cannot legally purchase software to do so. At the same time it hurts customers (especially ones with young kids) who cannot legitimately backup their DVDs. You cannot copy videos from DVDs onto portable media players, because the companies that sell them are afraid of being sued. Only one company that I know of has prevailed in court over something like this, and they had were sued despite having copy-protection mechanisms built into their device. They want you to buy multiple copies of your videos because that makes them more money.

      And it has been working. The number of people who practice wholesale piracy is and always has been fairly low - what scares them is that it might become more widespread if the general public were allowed access to technology which they might abuse. I don't think that is true, and I think it is fundamentally wrong to put restrictions on an entire country just because you fear that some might abuse their freedoms, but that is where they are coming from, and in their eyes DRM has been successful in achieving that goal.

      But the real heart of the issue is that they want control for its own sake - not just because they have specific things they want to enforce, but because they have been in control for so long and letting go of any of that frightens them. They don't know what the future holds, and so their reflex is to tighten their grip as much as possible.
    • Re: (Score:3, Interesting)

      by kinglink (195330)
      Exactly. Humans are analog creatures. We can't interpret digital signals in real time. Anything that is produced into a analogy copy will be capturable. Digital formats like Blue ray must be inevitably be converted into an analog form for our enjoyment. Trying to protect your product isn't going to change these facts. Want to sell more? Give us a reason to buy a new version of the product, and higher resolutions isn't selling it (uprezed DVDs still look amazing on my 50 inch TV).
      • Re: (Score:3, Funny)

        by bberens (965711)

        Humans are analog creatures. We can't interpret digital signals in real time.
        Speak for yourself, chump. :-p
  • by Anonymous Coward on Friday June 01, 2007 @09:25AM (#19350647)
    Just for the record.
  • Haiku? (Score:5, Funny)

    by packetmon (977047) on Friday June 01, 2007 @09:28AM (#19350669) Homepage
    the site posted the 128-bit key as a method of decrypting a small haiku that they placed on the same page, noting that it just might accidentally (wink, wink) be the same key that will decrypt new high-definition discs as well

    I couldn't find that Haiku... Was it:

    Broken it is now
    Silly little execs
    More Free DVD's
  • by erroneus (253617) on Friday June 01, 2007 @09:32AM (#19350701) Homepage

    One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment.
    Of course it will be worth their effort. With more "criminal acts" against their technology, they will win further legislation around the world criminalizing any resistance to their business model. In the end, resist their business model and lose your freedom. (Why does that somehow make me think of the east india company?)
    • Re: (Score:3, Insightful)

      by radtea (464814)
      Why does that somehow make me think of the east india company?

      Because the East India Company made a lot of money for a while and then went into decline and ultimately failed due to the huge cost of trying to maintain control of the areas it had attempted unsuccessfully to monopolize?

      At least the Company's business model didn't violate the laws of nature, which is more than can be said for the studios.

      Bits can be copied. Basing your business on the belief that some bits can't be copied, or that some bits ca
  • by tygerstripes (832644) on Friday June 01, 2007 @09:32AM (#19350719)
    My cat does this with spiders. Once he's got one of the hairy buggers pinned, he just sits there and waits for it to make a dash for "freedom". Then he chews another leg off it, and goes back to waiting.
    Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly. If I can live with it in my own home, I can live with it in the media market...
    • by Dogtanian (588974)

      My cat does this with spiders. Once he's got one of the hairy buggers pinned, he just sits there and waits for it to make a dash for "freedom". Then he chews another leg off it, and goes back to waiting. Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly.
      Let's hope he never comes across a Black Widow then.
      • by KillerBob (217953)
        Black Widow spiders are tiny. Usually less than 1/2 an inch long with very short legs. Nowhere near large enough for a cat to chew the leg off. The GF is probably talking about some of the larger spiders you see around, like dock spiders. Harmless things, but they grow to as much as 6" long around here, and other species in the family can get bigger.
    • Re: (Score:3, Insightful)

      by Abcd1234 (188840)
      something I hate being toyed with so cruelly

      Totally OT, but OOC, why the hate for spiders? Personally, I love the little buggers. They eat flies and other pests, and otherwise mind their own business. Sounds like a good deal to me...
      • Re: (Score:3, Insightful)

        by Skye16 (685048)
        I love their function, I despise their implementation.

        Just looking at them for an extended period of time gives me the gibblies and I can't stop until i /flee.

        All the same, when I do see a spider in a non-important place in my house, I just do my best to not look at it and vacate the room as soon as possible. I know they do a good job, I just wish I never had to be confronted by their existence.
  • by TripMaster Monkey (862126) on Friday June 01, 2007 @09:34AM (#19350741)
    From the summary:

    One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

    Indeed...one could argue that a company would better serve its shareholders and its long term interests by eliminating copy protection completely. After all, at this stage of the game, anyone who wants a pirated copy can either make it themselves, or knows some techie guy who can. Eliminating all copy protection would save money otherwise pissed away on ineffective measures that only serve to annoy legitimate users, and would build a measure of good will and consumer loyalty that is worth more than anything deterring piracy could realize.
    • by hal2814 (725639) on Friday June 01, 2007 @09:50AM (#19350905)
      "...anyone who wants a pirated copy..." (emphasis mine)

      Aha, but that's the key. Most people don't necessarily want a pirated copy. They just want a copy. If the copy protection can be difficult enough to get around to not make it worth the average person's time, then they won't bother getting a pirated version. People who make a conscious effort to pirate the material cannot be stopped, but if you can make it difficult enough to pirate nobody else will bother. I think the movie industry massively failed in that regard with DVDs. It became far too easy to pirate them. I also think they'll also fail here, but I do see why they keep trying. If they can just make it hard enough, most people won't bother.
      • Re: (Score:2, Informative)

        by UF00 (1099469)
        The only thing I disagree with is that it's trivial to copy DVDs. Even the least technically savvy person can put a music CD into their computer and press the Copy Disc button that's built in to the operating system now. DVDs are more difficult, and the new breed of discs seem to be harder to copy still (not that I have a high def drive to say for sure, nor the desire to support the anti-consumer technology).

        AACS won't stop actual piracy, but even CSS stops (or slows) casual playground/sneakernet piracy,
  • This could be deliberate in an effort to create a stronger DRM package by the Entertainment industry.

    Like it is actually a standard part of the development life cycle for DRM. Kind of a "throw it to the wolves and see how long it lasts" mentality. Then it's back to the drawing board to try again.

  • DRM == FRAUD (Score:5, Interesting)

    by Concern (819622) * on Friday June 01, 2007 @09:37AM (#19350773) Journal
    When will the legal system in this country catch on to the fact that DRM is a garden variety fraud, perpetrated by shady "engineers" on gullible content producers?

    There has never been a working DRM system in the history of mankind. There will very likely never be a working DRM system. And I only say "very likely" because the rest of history is a very long time - but it is impossible to imagine how any such system can be built in the future, regardless of technological progress.

    The roster of DRM vendors is a list of failed charlatans, with a track record of consumer ire, ruined reputations (the vendors' own, and their customers), legal liability (remember Sony?), and of course, enormous costs for their customers - their true victims.

    I wonder if the spectacle of AACS' failure will finally begin to wake them to the fact that no one can sell DRM, because it doesn't exist - and the people who claim it does are no better than those selling magic weight loss via email spam.
    • Re: (Score:3, Insightful)

      by Aladrin (926209)
      Other things there's never been a working system of:

      Antigravity.
      Perpetual Motion.
      Sharks with Frickin Lasers on their heads.
      Space Flight. -- Wait, we did that one.
      Pocket Computers. -- No, sorry, that one too.

      Seriously, just because it's never worked before is -not- proof that it never will. There's -plenty- of reasons, but this is -not- one of them.

      To companies, copy protection is -not- completely useless, so we'll never see content completely free from DRM. Expensive DRM is pointless, though, as it provid
      • Re: (Score:3, Interesting)

        by ravenshrike (808508)
        You could make a DRM system work, but you would have to completely black box the media and player, and booby-trap it so when the case was cracked it would fry the DRM components. Even then it could theorectically still be done. But with an industry-wide standard this CANNOT be done. And therefore truly effective DRM will not be possible for a very long time, if ever.
  • This reminds me of a famous song... [wikipedia.org] let's see what we can do with it.

    *ahem* *ahem*

    Turn around
    Look at what you see
    In their face
    The keyword of your dreams
    Make believe they're everywhere
    Just encrypted in the lines
    Written on the DVD's
    Is the answer to our never ending story
    ah ah ah

    See the cracks
    In their fantasy
    crush their dream
    show them what they'll be
    Codes that keep their secrets
    Will unfold behind a yarr
    zero nine eff nine one one...
    Is the answer to our never ending story
    ah ah ah

    Show no fear
    For they may fade away
    In your hands
    The birth of a new age
    Codes that keep their secrets
    Will unfold behind a yarr
    zero nine eff nine one one...
    Is the answer to our never ending story...
    ah ah ah
    Never ending story...
    ah ah ah
    Never ending story.
  • by SkyMunky (249995) on Friday June 01, 2007 @09:37AM (#19350779)
    I would have already bought an HD-DVD player had there not been DRM in place. If I knew I could make copies for myself, rip to a portable or my laptop easily, etc., I would already own an HD-DVD player an several movies for it. I guess the Industry doesn't take my demographic into account as it must be a minority, but surely there has to be some up-side to playing nice with consumers and letting us make copies/rips of their movies. I used to buy music, too, when I knew I could copy/mix/etc.
      Would they lose a sale here and there because somebody copies a movie for a friend/family/neighbor? Yes, of course. Are they going to anyway? Yes. But...are they losing sales because of DRM in place? I think lots.
    • Re: (Score:3, Insightful)

      by dAzED1 (33635)
      eh, not really. You buy (I'd wager) dvds, and those have DRM.

      Aside from the bad PR they get from displaying their greed, the only thing actually preventing sales is the format war itself.
      • by 0123456 (636235)
        "You buy (I'd wager) dvds, and those have DRM."

        No they don't.

        OK, technically they have CSS, but it's so totally broken I don't even understand why they bother with it anymore.

        As with the earlier poster, I would have bought a player and disks, but not until they're as 'open' as current DVDs. I have no desire to be forced to watch them the way the IP Barons want me to watch them, rather than the way I want to watch them; for example, the fucking stupid piracy ads on recent DVDs that are unskippable with a 'cl
  • Simple solution (Score:4, Insightful)

    by gr8_phk (621180) on Friday June 01, 2007 @09:41AM (#19350821)
    If the MPAA want to protect their stuff they shouldn't license the decryption algorithms to PC implementations. You'd think they would have learned that with DVD. Don't put secret algorithms on widely available hardware with lots of debuggers and hacking tools. Duh.
    This would slow down the crackers a LOT - but not entirely.
    • by pavera (320634)
      When DVD John hacked CSS wasn't it by taking apart a physical player? I thought he pulled apart an actual DVD player to do it, but maybe I heard wrong.
      • When DVD John hacked CSS wasn't it by taking apart a physical player? I thought he pulled apart an actual DVD player to do it, but maybe I heard wrong.

        Nope. The keys were pulled from a software DVD player [wikipedia.org]. A similar (but slightly more difficult) method was used for the AACS keys.
  • by Dachannien (617929) on Friday June 01, 2007 @09:43AM (#19350841)
    AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet.

    That's really what the content cabal are most interested in. Piracy of their content is a foregone conclusion. It's been happening for decades, and in some countries, almost the entire market for their content is based on counterfeit copies. They've long since priced their "losses" into the cost of their product.

    What AACS (and CSS before it) is really about is enforcing the other forms of DRM they've implemented, like user-operation prohibition (preventing you from skipping the pointless FBI notice, company credits, and best/worst of all, advertising) and region coding. Note that neither of those DRM schemes have anything to do with piracy prevention - they're just another route for indirectly extracting revenue from the consumer, by force-feeding advertising or by exploiting the arbitrage created when they don't release their content simultaneously around the world.
    • exploiting the arbitrage created when they don't release their content simultaneously around the world.

      Part of this is because the translated / adapted versions aren't ready for release at the same time. Dialogue and clips tend to get changed & tweaked up until release such that there is little point in trying to do simultaneous translations because it would be a never-ending chase. The English version can be released right away, other languages might take half a year longer.
    • by mpapet (761907)
      "Here Here!" It's refreshing to read someone who actually understands pricing models.

      I think the previous limitations on DRM will slowly fade though. Right now it _has_ to carry the private key because most playback devices are off-line.

      Once broadband is as common as television, TPM chips will be very cheap. By that time the media conglomerate execs _might_ figure out that PKI is the way to go. This also enables the media conglomerates to fully control the production of playback devices.

      As another post
  • by Anonymous Coward on Friday June 01, 2007 @09:46AM (#19350863)
    Studio Exec: [pointing to a screen with code on it] This is a crypto program, to, uh, you know, what we use on DVDs, but it's very, very special, because, if you can see...
    Hacker: Yeah...
    Studio Exec: [pointing to the parameters] ...the numbers all go to eleven. Look, right across the screen: eleven, eleven, eleven, eleven...
    Hacker: Oh, I see. And most crypto keys go up to ten?
    Studio Exec: Exactly.
    Hacker: Does that mean it's better? Is that any better?
    Studio Exec: Well, it's one better, isn't it? It's not ten. You see, most... most blokes, you know, will be coding at ten. You're on ten here, all the way up, all the way up, all the way up... you're on ten on your algorithm. Where can you go from there? Where?
    Hacker: I don't know...
    Studio Exec: ...nowhere! Exactly! What we do is if we need that extra... push over the cliff, you know what we do?
    Hacker: Put it up to eleven.
    Studio Exec: ...Eleven. Exactly. One better.
    Hacker: Why don't you just make ten better, and make ten be the top... number, and make that algorithm a little better?
    Studio Exec: [pause, blank look and snapping chewing gum] This goes to eleven.
    • Studio Exec: [pointing to the parameters] ...the numbers all go to eleven. Look, right across the screen: eleven, eleven, eleven, eleven...
      Hacker: Oh, I see. And most crypto keys go up to ten?
      Studio Exec: Exactly.
      That's why there are "F"s in: "45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2"

      Perhaps the next version will go all the way to "Z".
  • dvd sales (Score:5, Insightful)

    by dAzED1 (33635) <`brianlamere' `at' `yahoo.com'> on Friday June 01, 2007 @09:48AM (#19350881) Homepage Journal
    I know this has been mentioned before a million times, but...have dvd sales really been hurt that bad by the encryption for dvd being broken years ago? Those that will rip, will find a way to rip. The rest will buy the blueray/hd dvds.

    Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?
    • by Andy Dodd (701)
      Probably not. I didn't buy a DVD-ROM drive (or any other DVD reading mechanism) until there was decent DVD playback support for Linux.

      Guess when I bought my Xbox 360 HD-DVD drive? When the first AACS crack came out, that's when. While so far it can only be used for copying (quite inefficient), it's a matter of time before this gets used for realtime playback on unlicensed systems like my Linux box.
    • Re: (Score:3, Insightful)

      by debest (471937)

      have dvd sales really been hurt that bad by the encryption for dvd being broken years ago?

      Quite the opposite: I would not have purchased any DVDs or a DVD player until the copy scheme was broken. I have a small child in my house: you think I let her anywhere near the purchased copies of her movies? She gets the burned copies only.

      I gotta say, though: to VHS's credit, those tapes are fairly tough. My daughter can handle the video tapes all she wants. But DVDs are far more fragile: I've had to re-burn "Ma

  • by thefinite (563510) on Friday June 01, 2007 @09:53AM (#19350937)
    If I understand how the new AACS implementation will work, consumers with devices using it will need to install the new key every time it is released, if they want new movies to play. The stupidity of this is that people who want to copy a movie probably have no problem finding the new crack. No matter how often a new key comes out, within a day they can crack and copy.

    The only people inconvenienced by this system are the people who just want to watch the friggin' movie they just bought! I shudder to think of how my mom would deal with the situation if she just bought a new blu-ray movie and found it wouldn't play because she doesn't have the latest key. I hope they give up on releasing new keys soon.
  • by giafly (926567) on Friday June 01, 2007 @09:56AM (#19350973)
    At the time of posting, this gives 973 results. Click the link [google.com] see how much further the news has spread.
  • by raw-sewage (679226) on Friday June 01, 2007 @09:57AM (#19350979)

    Does anyone else silently cheer whenever you read a headline about DRM being cracked?

    I mean, I'm not an anarchist or cheering for piracy. I just think that DRM strips or at least greatly hinders fair use and artificially inflates the cost of media. The latter is particularly irksome: part of the cost of your CDs, DVDs, HD-DVDs, Blueray Discs is to pay for the research, development and deployment of DRM. I'm sure that's not a trivial cost.

    The more I think about this, the more worked up I get: it's paying for features that nobody wants. We are literally paying more to get less.

    Making personal copies of media, I believe, should be totally within our fair use rights. I know lots of people with young children who make copies of their DVDs. Their kids watch the DVDs over and over again, and their grubby little hands aren't well-suited for handling the somewhat fragile media. Solution: make a cheap copy of a DVD, and let the kids use that one. Likewise, I copy and encode all the DVD movies I own to my hard drive for a movie-on-demand system. I still own the DVD, so why can't I copy it? (Maybe I should thank the DRM pushers for trying to combat my laziness?)

    Just out of curiosity... how big are HD-DVD and Blueray movies? Last I recall, the media sizes were 30 and 60 GB, respectively. Do most movies take up all that space? I mean (in my experience), most 480p DVD movies seem to average just under 9 GB (the full capacity of a dual-layer DVD).

    • Re: (Score:3, Insightful)

      by Magada (741361)

      Does anyone else silently cheer whenever you read a headline about DRM being cracked?
      Hell no. I cheer very loudly indeed.
    • Silent? (Score:3, Funny)

      by Opportunist (166417)
      Well, no, my coworkers just looked quite puzzled at my expression of joy. And sorry, Dave, I owe you a cleaning of that shirt.

      (Note to self, don't drink coffee and read /.)
  • Now that multiple keys are out, how does someone legitimately use a key to view a HD disc on Linux? (Assuming I have a HD-DVD or Bluray drive, that is) Is there a special player or something?

    (I would like to know so that I can decide if getting a player for my media center computer is worth it.)
    • by Ngwenya (147097) on Friday June 01, 2007 @11:22AM (#19352205)

      Now that multiple keys are out, how does someone legitimately use a key to view a HD disc on Linux?


      https://help.ubuntu.com/community/RestrictedFormat s/BluRayAndHDDVD [ubuntu.com] is one method which can help; but a few caveats. The problem for Linux play is no longer the video codecs (recent ffmpeg builds have VC-1 support pretty much down pat, and H.264 has been fine for ages if you have a sufficiently powerful rig).

      The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.

      --Ng
  • DRM is futile (Score:4, Informative)

    by pavera (320634) on Friday June 01, 2007 @10:04AM (#19351057) Homepage Journal
    We all know this, I just think its funny that these media execs can't figure it out. I will never forget a story I heard from Westwood Studios back before they were bought out by EA (96-97 timeframe). On Red Alert 2, they spent a large fraction of the budget of the game, had 4 PhD contractors come in, trying to build a DRM system that would keep people from copying the game. It was cracked within 10 minutes of release.

    After that they vowed never to try to put DRM on a game ever again, it cost way too much, and it didn't do anything. Besides that they got people all the time filling out their registration cards saying "I bought this game after I played the hacked version and I liked it".

    DRM hurts sales, it hurts acceptance of a system, and it is expensive and pointless to deploy.
    • Re: (Score:3, Interesting)

      by johno.ie (102073)
      Rubbish. Red Alert 2 was not cracked. Even 10 years after release. I have 2 copies of Red Alert 2 and 2 copies of Yuris Revenge on the shelf right beside me here and I played it regularly for years after its release. There was a nocd crack available for it, but it didn't work. It appeared to work for the first 5 minutes of the game, then all your units blew up. That was a clever move on the part of Westwood.
      This 'story' that you 'heard' is highly suspect because Red Alert 2 is the only game I know of that n
  • by dgr73 (1055610) on Friday June 01, 2007 @10:05AM (#19351079)
    Usually userfriendly.org can run atleast a few strips poking fun at the inevitability of the crack before one is actually delivered. I guess in the future they should make a stock strip and replace the daily strip with it the second a new AACS fix is announced.

    Then again, considering all those pre-release movies out there, I wonder when we'll start getting pre-fix cracks.
  • When CSS was first cracked it was the beginning of the end. With the latest cracks of AACS, we're nearing the end of the DRM battle. The content producers are pretty dumb, but if you beat them enough times eventually they'll learn.

    My prediction is that this fight will wind up as a small footnote in the history of digital media. "In the late 90s through the 2000s content producers tried, and failed to protect digital content from being copied. Eventually they realized that providing easy paid access to c
  • Pretty funny (Score:3, Insightful)

    by gweihir (88907) on Friday June 01, 2007 @10:33AM (#19351391)
    Personally I believe that as long as they allow software players, they do not have a chance to lock this down. Hardware-only players, on the other hand, will be expensive and are currently not available. And then it will still be possible to record the movie, just a little more expensive and using some hardware-hacking. Nothing that a bright EE student could not do in 2-3 months of spare time....

    Will be interesting to see whether they learn that this is not the way before or after ther business will have entirely gone away.
  • by nuzak (959558) on Friday June 01, 2007 @10:38AM (#19351467) Journal
    We all know how to google for "09 F9". Some of have that key committed to memory. Or emblazoned on a sticker. Or you can google for "digg revolt". How many people know to google for "45 5F"? How many tshirts will have that? How many hits are on the front page of Digg?

    After a dozen more iterations, how visible will those keys be? Easily available, yes. News, no. They go back to being "eeeeevil underground hacking codes" they can more easily legislate against.

  • Go total digital (Score:3, Interesting)

    by sobolwolf (1084585) on Friday June 01, 2007 @10:39AM (#19351481) Journal
    They should have learned by now from the music industry - they need strip down all expenses, ie packaging, etc and just provide the content digitally. They could then distribute to selected centers such as blockbuster, etc where people buy a blank dvd and get it burned for a few bucks, and get to keep it as well. Make it so much easier / and cheap for people to get it from offical outlets than to download. I tell you, I would rather stroll around the blockbuster then sift thru shady torrents, plus I can't download pringles... - they could also give away a free toy with kids movies as well... (this seems to work for McDonalds..). They also have one distinct advantage over music in regards to movies - people only watch a movie a few times at most anyway before they are after their next fix. This should be the main focus of a new paradigm in movie distribution. They need to get this infrastructure in place now, as opposed to waiting, for as bandwidth speed increases it is inevitable that people will start to download movies like they do music.
  • 2 down... (Score:5, Funny)

    by Evil Cretin (1090953) on Friday June 01, 2007 @10:58AM (#19351779)
    Just (2^128 - 2) more to go!

"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison

Working...