HD-DVD and Blu-Ray AACS DRM Cracked 432
EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?"
Warning: this link contains video.
Not really cracked, more like circumvented (Score:5, Interesting)
In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.
We'll see. I think it's good news for us though, no matter what.
Re:Not really cracked, more like circumvented (Score:5, Interesting)
If this is a crack for the DRM, then GPG is a crack for PGP.
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Older systems make Trusted Computing their bitch. Oh yeah.
Re:Not really cracked, more like circumvented (Score:5, Interesting)
Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.
Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):
and
So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
Re:Not really cracked, more like circumvented (Score:5, Interesting)
So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.
Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....
BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.
Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.
Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Not really... Even without any better strategy, you can narrow the potential range down QUITE a bit (within one process' address space), and exhaustively try every machine-aligned keylength-block in just a few seconds. And it would surprise me greatly if we can't do a whole lot better than that
and revoke keys in future pressings and force upgrades to software users.
Revocation accomplishes nothing (except, as with most DRM, annoying legitimate users) if the cracker can get the key dynamically. This problem WILL result in the eventual blacklisting of XP for HD content, at which point the protection of AACS will reduce to the security of Vista's kernel (ie, already cracked).
It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.
Bingo. Although it does look like they at least tried to make it somewhat hard this time, no solution (not even quantum) exists to the cryptography problem where "Bob" and "Carol" (the "man-in-the-middle") count as the same entity.
Re: (Score:3, Interesting)
Re:Not really cracked, more like circumvented (Score:4, Insightful)
Re:Not really cracked, more like circumvented (Score:5, Interesting)
Re:Not really cracked, more like circumvented (Score:4, Insightful)
Perhaps in the US where the consumer watch dogs are less fierce than those in my neck of the woods you can cripple a paid for product. But here in Denmark the company would be forced to ship replacement units should the key be revoked, and let's see how many times you can go do that until the consumers demand their money back (yeah, you can do that here if the product is broken for up to two years).
Even with the trusted hardware paths it's only a matter of time until the consumers realize what a bad thing DRM is. It's a lost fight, they should spend their money on making a better product rather than trying to find the holy grail.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Muck about with the hardware. Take advantage of manufacturers' test points (they have to put in test points! If they stop putting in test points, it will be impossible to detect and correct faults; meaning anything that doesn't work first time will have to be scrapped, and that is going to drive prices through the roof). Underclock everything to manageable speeds. Gate the processor's
Exactly! (Score:4, Interesting)
The way this will work is that undiscovered player keys are used to decrypt title keys and the title keys them selves are then distributed.
As long as everybody keeps his piehole shut the collection of title keys just grows and grows, maybe even by dynamically requesting a title key before playing a movie.
If a player key is discovered and disabled by the goonsquad then that player key is simply published along with the title keys that it can't be used to obtain, that way the whole key package shinks every time the evil content overlords disable a key.
It's likely that player keys will be discovered with some frequency, so the freedom fighters might choose to publish player keys on their own just to shink the key package.
Someone needs to put together the infrastructure to support title key distribution and some dynamic way of decrypting an encrypted title key.
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Then, they'll just not give the keys to PowerDVD.
Note to all future hackers. Wait till you have critical mass before you release a crack.
Re:Not really cracked, more like circumvented (Score:5, Informative)
Re: (Score:3, Interesting)
If each disk contains a (limited) set of keys, one for each model like you say, what will then happen when a new model comes out next year and I put my 'old' DVD-HD disk in there ?
=> the model didn't exist yet, hence, there is no key, hence, my 'newest' player can't play my 'oldest' movies anymore ? Or did they just foresee 10.000 keys and assign them to models as they get released ? (plenty of space on these shiny disks after all).
Additionally, wouldn't
Re:Not really cracked, more like circumvented (Score:5, Insightful)
If they decide to do so, I can tell you that the whole scheme will go down. There will be people with bought and paid hardware made useless. This will be a very good example when explaining to people why DRM is a problem.
Also, if I have learned something in this thread is that if you hack a player, you just have to keep it secret and only release the disk keys for every disk that comes out to the market. If the RIAA doesn't know what player has been hacked, they can't revoke its key. Having one player hacked will invalidate the whole schema as long as the RIAA doesn't know wich one is it.
I am the owner of a High Definition 50 inches TV, with only DVI input. That I see as a good thing. I will not be tempted by the new High Definition *paid* content. There is no way I will be paying another 3000 for a new set just because the content providers refuse to show their content on my perfectly good one. This is also a good way to explain people what DRM is about.
Re: (Score:3, Interesting)
If I recall correctly, the decision tree is very large (possibly down to a single player) so no, a few hardware keys released means only a few players will die. Of course, if you have a credible threat that you can keep posting new keys (should be too hard if you've found a method) then it's pretty much shot.
Re:Not really cracked, more like circumvented (Score:5, Funny)
It takes a while... (Score:5, Informative)
It contains a download link to the program.
Re:It takes a while... (Score:5, Informative)
Duggmirror [duggmirror.com] has a copy of the doom9 thread, as well as a link to the source code [rapidshare.com].
As another poster said, the package contains several title keys already extracted via some method. It's not clear how the author extracted the keys, or whether it's possible for the AACS people to revoke a player in order to prevent future keys from being leaked the way they currently are.
Re: (Score:2)
Re:It takes a while... (Score:5, Interesting)
Re:It takes a while... (Score:5, Insightful)
Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.
Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.
Re: (Score:3, Interesting)
Re:It takes a while... (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
Sorry your brand new laptop with a built in drive won't play the newest movies, but some people have hacked the software on your laptop, yes that's right the software we licensed and approved, and now you must update the same software with new keys to watch new movies.
AKA, you're on an airplane, you have no connection, and things just plain don't work.
Re: (Score:2)
If a large number of device keys become compromised, revoking all of them would be a nightmare. I don't see how its possible to keep a key secret forever. Especially in software.
Re:It takes a while... (Score:5, Funny)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Re:It takes a while... (Score:5, Insightful)
So was DVD CSS...
Would you care to guess how well that worked?
Re: (Score:3, Funny)
Re:It takes a while... (Score:4, Informative)
(For those that don't know, every disc's content is encrypted with a key particular to that disc. That key is then encrypted repeatedly with all of the device keys that are currently authorized to play that disc. Presumably there are dozens or hundreds of spare unassigned device keys in there for future use, as well. Thus, the player uses it's device key to decrypt the matching copy of the disc key, then uses the disc key to decrypt the disc. In the DVD days, device keys wouldn't be "revoked" as such, they would simply quit being used on new discs, so the device could play all old discs, but would be unable to get a disc key for new ones. Not sure if AACS actually added an actualy revocation list for device keys that would completely disable the device, as it is apparently able to do for other cryptographic keys like the HDCP keys)
Re:It takes a while... (Score:5, Informative)
Obviously if you are using something like a ceaser cypher its now trivial to get the player decryption key.
With public/private key cyphers you are given the public key. This means you can have an unlimited number of plan text, cypher text pairs and in theory it will still not get you any closer to discovering the private key than when you just had the public key.
I doubt that these data points will be particularly useful in decoding the entire collection of player keys.
However given the size of zombie networks out there.... what do you think profession dvd pirates are going to do?
P2P links then... (Score:2, Informative)
Well and good... (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Piracy not equal to Losses (Score:5, Insightful)
The only way there is a real loss is if some one is SELLING copied DVDs as if they are original. That is not what we are talking about here. We are in this insane mindset that if we see or hear something that we owe money to some one for it.
Utter stupidity if you really think about the concept.
The only way there is a real loss, is if you counterfeit the media and sell it to some one that actually WANTS to pay for it.
This whole issue of IP ownership makes no sense if one steps back and clearly thinks about it.
Cheers
Re:Piracy not equal to Losses (Score:5, Insightful)
Who is to say that those who buy cheaper illegal copies of movies would actually pay full price to see them in the first place?
Re: (Score:3, Informative)
No it doesn't. It says that no one can sell copies unless those copies were lawfully made, in which case, anyone can sell them (or give them away, or in most cases, rent them, etc.) without permission.
However, cracking the encryption in order to copy the disc for backup purposes (or to transfer to a different medium) is protected by law (even the DMCA has a fair use claus
Wrong conclusion... (Score:5, Interesting)
I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:
"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.
It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
Re: (Score:3, Interesting)
Actually, no, that's not sure at all.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
No, they don't. Consumer-level copyright licenses are extremely rare, limited pretty much to the software industry, and in fact, there's no good reason for them to exist, even there. That they do is basically just inertia and misunderstanding of the legal system.
Do you actually own the disk?
Yes.
Can that ownership be revoked?
No.
Are you entitled to a copy of the disk if that disk is damaged or destroyed?
Only to your copy, unless there's some
Re:Wrong conclusion... (Score:4, Insightful)
What the company that manufactured that disc thinks is irrelevant. They accepted payment for it; it's not their property anymore. According to the Law of the Land, what anybody does with it from that moment on is None Of The Manufacturer's Damn Business.
No, but consumer protection law is quite clear on the matter. Your right to use any article purchased at retail by you for its Rightful Purpose is protected by the Law of the Land. If you purchase a DVD at retail, its Rightful Purpose includes private home viewing by the owner, their friends and family and for which an admission fee is not charged. If the goods you have purchased are not fit for their Rightful Purpose, then you are entitled to return it to the place of purchase and receive a full refund of the purchase price paid.
You paid money for it. It's your property.
That would be called Theft.
Not necessarily. It is your property and you are generally responsible for taking proper care of it. However, unauthorised, deliberate damage by a third party may constitute Criminal Damage.
Watching the contents of the disc would be considered the Rightful Purpose of the disc. Your right to use your own property for its Rightful Purpose is protected by the Law of the Land. You do not need any other licence to watch it.
You do not need any licence to view the contents of the disc. Your right to do so stems directly from your ownership of the disc. If the disc is covered by an insurance policy, the original disc will become the property of the insurer when they pay out (and therefore you would no longer have the right to view its content) -- however, they may give it to you anyway, in order to transfer any obligations regarding proper recycling of waste onto you.
You do not need any licence to view the contents of the disc. Refer to established case law regarding viewing of recordings. Generally, it is OK to show it to your friends and members of your family if an admission fee is not charged; and a licence can be arranged for a small fee (payable through a royalties collection agency) to allow showing it in a workplace or to members of a club or society (which is deemed beyond Rightful Purpose, and so requires permission from the copyright holder or their authorised agent [i.e. a royalties collection agency]).
You have to obtain a special licence for exhibition other than to friends and members of your family or for which an admission fee is charged. A licence permitting the general Public to attend the viewing (which certainly exceeds Rightful Purpose) is generally more expensive than a licence for a viewing restricted to a workplace or members of a club or society.
Yes, if you are properly licenced to do so. See above.
Re: (Score:3, Interesting)
There's nothing morally wrong with downloading the content and watching it. It's *data* - not only that, it's an element of our culture. How could accepting someone's offer to share culture be wrong?
Re: (Score:3, Insightful)
Uh... if you really think that drunk driving, embezzlement, and drug dealing are on par with activities which are technically illegal under DMCA, but actually covered within exceptions to copyright (what the OP is talking about is analogous to making a cassette tape of a CD so you can
Re:Wrong conclusion... (Score:5, Insightful)
You make a good argument, and I've heard it before. However, black and white interpretation of the law tends to fail (especially when you equate morality and law). I'll fall back on an analogy here: If you drive, do you ever speed? The law says that you cannot drive at a rate higher than the posted speed limit. However, on most major US highways, traffic tends to move at around 5% higher than the posted speed limit. Driving at the posted speed limit would cause a dangerous situation, whereas operating your vehicle in a manner consistent with the flow of traffic is a safer way to travel. Is speeding immoral? If so, should we just not drive until everyone else slows down?
Many people make informed decisions to break the law. Whether or not this is a conscious act of civil disobedience, it is (in many cases) still a form of civil disobedience. Putting this into the context of the American alcohol prohibition, a large scale amount of civil disobedience fueled organized crime to fulfill the demand for alcohol, and the law was eventually shown to be unreasonable. A freedom limiting law was abolished because sufficient numbers of people chose to break that law. This did not cause any crumble of society, and did not turn morality upside down.
In any case, I respect your position, but disagree with your absolute reasoning. IP license violation isn't the same as DUI, and it's not punching someone in the nose and running off their wallet. Laws like the American DMCA have unjust provisions. The grandparent poster is acting in good faith, and harming nobody. Perhaps the gpp is partaking in a phenomena of culture redefining law.
Re: (Score:3, Insightful)
Hey, ignoring the stupid law worked for Prohibition!
It just goes to show that there's a huge difference between some nominally illegal act being acceptable to a few people and being acceptable to nearly everyone. In the long run the DMCA cannot stand, because breaking it is indeed acceptable to nearly everyone.
Damn it! (Score:5, Funny)
Cracker actually working for HD-DVD Consortium? (Score:5, Interesting)
The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?
If true, it's brilliant.... if not, then they missed the boat.
Re:Cracker actually working for HD-DVD Consortium? (Score:5, Insightful)
The poor hardware sales are due to the following factors:
1) Hi-def content is only of interest to the small minority of consumers who have a TV capable of displaying it, a screen big enough to notice any difference from up-scaled DVDs, and the requisite inputs, i.e. HDMI if they don't want to risk having future content down-scaled to a level that's worse than DVD.
2) Even those who fall into (1) above are wary of the fact that there are two competing formats, so many will inevitably wait and see which of them finally wins (or alternatively, wait for a player that's compatible with both).
3) Prices are extremely high at the moment -- for less money, one can buy a decent stand-alone DVD recorder with an integral DVR and editing system, which appeals to far more consumers due to being usable with a much wider range of TVs. The fact that DVD players are now available for less than the cost of newly released media for them does nothing to help this situation.
4) A shortage of blue lasers means that even those early adopters who want HD-DVD or Blu-Ray players have difficulty finding one.
5) There isn't a vast range of compelling titles in Hi-def formats, and some of those that are available don't actually look any better than the DVD version (in some cases they're worse). Furthermore, the fact that certain studios are aligned with HD-DVD while others favour Blu-Ray means that it's rare to see a movie released on both, meaning that those who opt for one format cannot view movies that only get released on the other one, thereby bringing us back to (2) above. By contrast, a $25 DVD player gives people access to a gigantic library of content, much of which is available for around $5, or can be rented, pirated, or made by individuals using cheap and readily available equipment.
6) Early adopters with money to burn tend to read lots of reviews, and will therefore know about the problems each of the small number of available players have with some disks. These issues might be acceptable with a $25 no-name DVD player, but those who spent between $500 and $1000 on a new hi-def system will be feeling very pissed off indeed if one of the only five movies they want to watch on it doesn't play properly.
Problems (3) and (4) will disappear fairly quickly because the lack of blue lasers is a short-term phenomenon, and once production ramps up, competition between manufacturers will progressively lower prices and ensure that dual-standard players come on to the market, possibly (i.e. not definitely) some time during the next year, and this competition will also mean problem (6) won't be (much of) an issue in a year's time. Even so, realistically speaking, the requirement for a large high-definition TV set will mean that adoption rates will remain low for a few years yet, so the range of titles will be significantly more limited than those for DVD, and sales / rental outlets will therefore devote less shelf space to them than their DVD equivalents, as indeed was the case with DVDs when VHS was the dominant format. However, unlike the VHS / DVD situation, it's easy and cheap for manufacturers to equip blue laser players with the ability to read standard DVDs, so those with existing collections aren't forced to re-buy everything in the new format, and this will probably help adoption rates once the price drops to an acceptable "impulse buy" level (i.e. below $150/Euros) and equipment is supplied with "dongles" (internal or external) that ensure output doesn't become degraded when connected to non-HDCP compatible displays (the fact that no media have HDCP yet is a short-lived phenomenon, because the media companies wouldn't have insisted it be there unless they intended to use it).
So the probability of this crack having been unofficially sanctioned by the industry (hardware or media) is very remote indeed, because the slow hardware sales aren't in any way linked to DRM, and even if they were, hardware companies in particular could easily circumv
Link (Score:5, Informative)
http://forum.doom9.org/showthread.php?t=119871 [doom9.org]
There is more detailed info in the included FAQ. The bad news is, the program itself isn't actually "cracking" anything. The author used publicly available AACS documents to write his own decrypter (e.g. just as PowerDVD or WinDVD would). The catch is, you must provide the decryption keys to this software in order to rip the movies from the disk.
However, the good news is, it looks like he may have found a way to extract the needed decryption key(s) from the HD-DVDs. He doesn't explain how in the documentation or provide any keys, but if he figured it out I'm sure others will - and that means more advanced and powerful tools shouldn't bee too far off.
Mmm but would you do it? (Score:2, Interesting)
Now coming to HD-DVDs (the screenshots from the article show approximately 24GB of space being used or 24GiB, whatever tickles your fancy). This means a 250GB will be able to hold
The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and
Re: (Score:2)
A dual-layer HD-DVD is 30GB, similar compression would get that down to about 5GB. That's $2 worth of hard drive space.
Re: (Score:3, Interesting)
Re: (Score:2)
Re:Mmm but would you do it? (Score:5, Insightful)
To put it in prespective: My old 486 had a hard disk with less than 400 MB of space. But it also had a CD-ROM drive. Your average CD back then held 650MB. Yes, it had an optical drive that was bigger than its hard disk. Nobody ever thought to even include copy protection on the CD because storing that much data was insane, and transmitting it over the internet even more so. With the advent of MP3 and bigger storage and broadband it became commonplace to trade music online.
My brother got one of the first computers that came equipped with a DVD drive, which has a capacity of 4.7 GB (I'm ignoring the whole multi-layer DVD format for sake of simplicity). It also came with a hard disk that could hold up to 2 Gigabytes. Now your average DVD can be recompressed without too much quality loss to, say, 1.5GB, and modern hard disks will store hundreds of them with ease, and you can download them in an hour or two on a good connection, or maybe a day on an okay one. Are you noticing a recurring theme here?
The truth is that Blu-ray isn't all that big compared to the hard disks of today, especially not when you look at previous optical formats and how big they were in comparison to the hard disks of the era in which they were first made. Heck I could fit a Blu-ray disk or two on my iPod and have some space left over.
Such is the progress of technology (by which I mean mostly storage space and bandwidth, but also compression technology and the processor power to implement it). A digital movie standard such as Blu-ray or HDDVD should be expected to last a decade. They will probably last even longer than that because hi-def technology has matured to the point where users couldn't possibly need higher resolution or more pristine sound effects. Where do you think magnetic storage will be in ten years? Heck, where do you think solid-state storage will be in ten years?
The point is that technology changes, and people invent things like MP3 that let you squeeze more into smaller space. Which means movie format won't stop piracy because it's "too big".
Why this may be good... (Score:5, Insightful)
If this hack proves to be valid, I would actually consider investing in the technology as it opens the format up to Linux/Unix/OSX/etc.
Sort of Cracked (Score:5, Informative)
A quick and dirty and probably somewhat inaccurate description of the way AACS works is that each disc is encrypted with a single 'disc key' and then that key is encrypted once with every known 'player key,' and each of those is stored on the disc. So, if you have an authorized player, it will find the version of the disc key that it knows how to decrypt and then use that to decrypt the disc for playback.
My guess is that he used one of the software players like WinDVD or PowerDVD that now sort of support HD-DVD and BLU-RAY. But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.
The studios thought that they would be able to 'revoke' disclosed player keys by just not using them on any discs pressed after the disclosure was made public. This guy's approach seems to be to distribute disc keys and then anyone with the same disc can decrypt that specific title, thus making it harder for the studios to guess which player keys need revoking.
I think that this guy's approach will be most useful to widescale pirating because all it takes is for one person to decrypt a movie and share it with a billion of his closest friends. But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.
So, I now look forward to various HD titles from disc (rather than from broadcast, which are already common if you know where to look) showing up on P2P and elsewhere, I'm still not purchasing any AACS playback system since the "crack" is not (yet) useful enough for me to exercise typical fair-use rights of format shifting and personal editing.
Re: (Score:3, Interesting)
Maybe I misunderstood you, but you seem to be suggesting that in the future, not all disc keys will be available.
I recall reading (a long time ago) that teh intarnet pirates had already ripped about 3/4 of Net Flix's catalog. I imagine that they'
Re:Sort of Cracked (Score:4, Insightful)
While it's certainly a move in the right direction, unfortunately, it's far from ideal. The reason I feel no moral compunction about saying this is because of your astute observation that this DRM scheme utterly fails to prevent piracy and instead is unfairly limiting how legitimate customers can use the products they buy. It's likely that this was the primary intent all along.
Re:Sort of Cracked (Score:5, Insightful)
So now the next step is to disallow running software in a debugger, just like in The Right to Read [gnu.org]
Zip does NOT contain any keys (Score:2)
That's the sha1 hash of the file F:\aacs\VTKF000.AACS, a human readable name, and where the title keys should be. Notice the title key is all 0's, which is obviously wrong.
Also the fact that BoingBoing ran the program and it slightly changed the file is meaningless. Trying
Re: (Score:2, Funny)
Notice the title key is all 0's, which is obviously wrong.
All zeros?
That's amazing, I've got the same combination on my luggage!
Re:Zip does NOT contain any keys (Score:5, Funny)
HDCP (Score:5, Insightful)
A) Place-shift HD-DVD content (despite current storage constraints)
B) Pirate HD-DVD content (despite current bandwidth constraints)
when I see the much more immediately relevant issue being that of HDCP: If this crack can be rolled into something on the order of a VLC plugin, there's a chance I'll actually be able to use my technically-more-than-capable, yet not-a-member-of-the-HDCP-club LCD display to view commercial 720p content.
BackupHDDVD FAQ (Score:5, Informative)
-What is "Backup HDDVD" for?
It can do backup copies of HD DVD movies that YOU OWN! I don't want anyone to do piracy here! This software is a good way to protect your investment, because I have notice that this type of media seems very fragile, if it's scratched a little or dirty, it won't play. It seems less tolerent than DVD format. (Higher density!)
-What "Backup HDDVD" is doing exactly?
This is a java based command line utility that decrypt video files (.evo) from a HD DVD disk that you own, to your hard drive and you can play them back with a HD DVD player software.
-What are the system requirements to use "Backup HDDVD"
1 - A Windows based system
2 - A HDDVD disk drive
3 - A HDDVD player software (like PowerDVD)
4 - A HDDVD movie(s)
5 - Java rutime 1.5
6 - The possibility to access the content of the disk with a drive letter under windows.
(you may need UDF 2.5 file system driver for this)
7 - A lot of free hard disk space to backup your movies!
-Was your first HDDVD movie hard to decrypt?
It took me around a week to do. But I have wasted few days
trying to work on too complicated approach. In fact, it is very simple.
-How do you do that?
The program itself has nothing special. It simply implement the AACS decyption protocol. I have followed the freely available documents about AACS
Have a look at: www.aacsla.com The trick, is to find what they call the "Title keys". So I figure out how to extract them.
-How do you extract the "Title keys"?
I won't explain it in detail. Read the AACS doc first. You will understand. The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the decrypted version of the title key? Think about it...
-What kind of crypto algorithms are involved?
Standards algorithms:
ECC-160
AES-128
Look in the AACS doc for more details.
-What is the TKDB.cfg file?
This is the Title key Database file. It holds the decryption keys for the movies.
-What is the format of this file?
Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
Next fields are pipe "|" delimited.
-Movie Title
-A variable number of Title key, pipe delimited
You have a key number followed by the key value like:
12-08A3DC61910280F2...
Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.
-The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
Here is my TKDB.cfg:
CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-0000000000000000000000
0000000000
486198E3855B57CD40F6DC0C60645BDE8E1E9AC5=Van Helsing |19-0000000000000000000000
0000000000
3D357B0653A66176583C5218FD0149EAF8832FB0=The Last Samurai | 1-0000000000000000000000
0000000000
-What do you think of the technical aspects of AACS?
The design is not that bad, but it's too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs
to get the keys! There will always be insecure implementations of a player somewhere! And the "Revocation system" is totaly useless if you use
the Title key directly.
-Is there any known problems with the decryption?
Yes. I call this problem the "Nav chain" bug. I realize that I have a lot of frame skipping at playback after the decryption, so I hunted down the problem. To avoid the frame skipping, I patch the video file. This fix allows smooth playback of the movie, but there are some side effects.
-What are the side effects of the "Nav chain" bug fix?
You cannot do fast forward, or backward using the round dial, but you can still use the progress bar to navigate through the film. So it's not that bad... For some reason, the sub-titles don't seems to work anymore. It may be a side
Will every player key be cracked? (Score:5, Insightful)
Seems like the whole house of cards will fall down.
Re: (Score:3, Informative)
The short answer: No, AES is a strong crypto (though fundamentally broken when applied as DRM) and there's no known way to extract the player key no matter how many title key plain/ciphertext pairs you have. A typical example would be a SSH connection where you don't know the key, but can send plaintext, it doesn't help you. It might possibly help in
Re: (Score:3, Informative)
Great job with the title keys (Score:5, Interesting)
The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.
A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.
The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).
DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.
Melissa
Re: (Score:3)
I see no one here has read the AACS spec. Each individual player has a different key, not each model. When The Man revokes an individual player, millio
OK. . . (Score:4, Insightful)
- Take advantage of Fair Use (make backups, format-shift to my PocketPC, keep copies of the movies on my HDD)
- Play DVDs on Linux
- Not worry about downsampling output on non-HDCP video cards
Now the Blu-Ray vs. HD-DVD format war does not matter so much. Does anyone here care WHICH one wins now that both have been cracked?
Thanks guys, you rock!
Re:Cheers! (Score:5, Insightful)
Re: (Score:2)
Re:Cheers! (Score:5, Insightful)
I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.
It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.
The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.
Re:Cheers! (Score:4, Interesting)
Re:Cheers! (Score:5, Insightful)
Re:Cheers! (Score:5, Interesting)
Re: (Score:3, Interesting)
Not me baby....you ever try to carry TWO 32" CRT's??
Hehehe..seriously....I am completely over CRT's....no matter the cost....just too bulky and heavy. This is especially true for computer monitors...but, also true for television.
My preference? DLP Projectors....that that expensive...with a screen, less than many large LCD or Plasma tv's...are HD
Re:Cheers! (Score:5, Insightful)
Re:Cheers! (Score:5, Insightful)
Re:Cheers! (Score:4, Insightful)
Re: (Score:3, Insightful)
Yes, but I guess nowadays most people are assuming that consumers won't want to get involved in a corporate battle for format control like they did not then, not knowing that their newly purchased betamax machines would be shiny pieces of garbage as they had to buy a second
Re:Cheers! (Score:5, Insightful)
The problem with play-only formats is exactly that: they are play-only, and so there can come a point where nobody is making any new material to play on them.
Re:Cheers! (Score:4, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
One could say that the OS wars have confirmed this. Remember, the common cold is very popular too, that doesn't mean it's good...
Re:Cheers! (Score:5, Funny)
Re:Cheers! (Score:5, Informative)
The only problem was that in order to get that resolution better than 280 lines (think about it - that's only chucking away 32.5 of 'em, which isn't bad), a Beta machine needed more moving parts than its VHS cousin (although they moved less often. VHS laced the tape when you pressed PLAY and unlaced it when you pressed STOP. All fast-winding was done inside the cassette -- which allows you to move the tape faster, but you cannot switch to picture-search without lacing it. Betamax laced the tape the first time you pressed PLAY and unlaced it when you pressed EJECT. Fast-winding was done inside the cassette until you first pressed PLAY [to allow for rapid rewinding before watching], and thereafter, with the tape laced; making it possible to switch instantaneously from fast-wind to picture-search.) Thus, VHS recorders were easier to field-maintain. And in an era before everything was made to be disposable, that was the deal-clincher.
Actually... (Score:2, Insightful)
Re: (Score:3, Informative)
For right now, not everything has TPM. We'll see how this changes in a few years (almost all new computers do include the TPM chip).
Re:nothing is perfect (Score:4, Informative)
Trusted Computing solves this 'problem'. Debuggers won't be allowed to run on 'protected' programs, and this will be enforced on the hardware level (each program will effectively have to ask for permission to run).
Yes and no. You're right about the effect, but wrong about the mechanism.
The TPM can't control what programs can or cannot be run, so it's not correct to say that disallowing debugging of protected programs will be enforced on the hardware level.
The enforcement will be done purely in software, by the operating system. What the TPM will do, though, is to provide a place to securely store the player key, and to bind that key to a specific operating system environment. Boot a different OS, or modify some part of the OS that is considered important for security and the player key will no longer be available.
So, if you use the unmodified OS, it will note that the DVD playing software is not "debuggable" and will not allow your debugger to attach to it. If you try to patch the OS to force it to allow debugging, then the player key won't be available to the player, so you can't grab it with the debugger.
Note that in order for this to work, there must be no exploitable security holes in the OS that allow you to patch the OS after it's been booted into its fully functional state. This is because of the way that the TPM "binds" a key to a given system state.
Basically, during the boot process each chunk of code feeds data to the TPM. The TPM hashes all of this information into a Program Control Register (PCR). This hash value in the PCR is what represents the system state. To bind a key to the PCR, the TPM simply XORs the PCR with its internal master key and uses the result as an encryption key to encrypt the bound key (in this case, the player key). Retrieving a bound key works the same way: The TPM reads the encrypted bound key from disk, XORs the current PCR value with the master key and uses the result to decrypt the bound key.
If you boot into a different OS, or in any other way change the data that is fed to the TPM during boot, then you change the PCR value. Different PCR means different result when XORed with the master key, means different result when the bound key is decrypted.
So, to make such a protection system work, it is necessary that all of the software that is used to enforce the protection be part of the data that is fed to the TPM for hashing into the PCR. BUT, if you can exploit some hole to patch the software *after* the PCR has been fully initialized, then you're golden.
Another way that attackers can try to work around the TPM is by snatching the key before it's bound to the TPM, or by arranging for it to be bound to an already patched OS. Most likely, software player manufacturers will try to work around this by asking the TPM to "attest" to its configuration (meaning its PCR value) before giving out a key.
It's not clear how well that will work, though, because it means that every booted Vista system has to have bit-for-bit identical software so the player mfg can know what the "valid" PCR value is (well, large groups of Vista systems have to be identical, giving the mfg a set of valid PCR values). That doesn't seem like a problem until you realize that part of the data that has to be hashed into the TPM to make the system secure is the BIOS/EFI code. Because if an attacker compromises the code at that level, any protections the operating system tries to implement are irrelevant.
It may be possible to use a string of attestations, one for the PCR value from each stage in the boot process to work around *that* problem, but it's not clear how feasible that is.
Bottom line: The TPM will be used to strengthen DRM systems, but it seems pretty likely that it will be defeatable (and defeated) in many ways. This is because TCPA wasn't designed as a copy protection system, or to prove to third parties that the machine won't violate DRM. Rather, it was designed as
Re: (Score:3, Informative)
Re: (Score:3, Informative)
That's not a meaningful statement, I can have endless bits which will consist of nothing but random noise. As for how many lines of resolution is actually achieved by film, you can read here [filmschoolonline.com]. The actual study referred to is here (pdf) [www.cst.fr]. The summary:
Re:Please improve the source code (Score:5, Insightful)
Why would those things matter at all? 99% of your time will be spent in the java-provided AES decription routines. Optimizing a single hash lookup will make about 0 difference.
Lookup premature optimization is and learn from others mistakes.