As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player? In any case, it will be interesting to see how this is dealt with, and whether
As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?
Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.
Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):
A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.
and
Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.
So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
Not really cracked, more like circumvented (Score:5, Interesting)
In any case, it will be interesting to see how this is dealt with, and whether
Re:Not really cracked, more like circumvented (Score:5, Interesting)
Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.
Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):
and
So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
RFC compliance language (Score:1, Funny)