HD-DVD and Blu-Ray AACS DRM Cracked 432
EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?"
Warning: this link contains video.
Re:Cheers! (Score:5, Insightful)
Well and good... (Score:4, Insightful)
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Older systems make Trusted Computing their bitch. Oh yeah.
Actually... (Score:2, Insightful)
Why this may be good... (Score:5, Insightful)
If this hack proves to be valid, I would actually consider investing in the technology as it opens the format up to Linux/Unix/OSX/etc.
Re:It takes a while... (Score:5, Insightful)
So was DVD CSS...
Would you care to guess how well that worked?
HDCP (Score:5, Insightful)
A) Place-shift HD-DVD content (despite current storage constraints)
B) Pirate HD-DVD content (despite current bandwidth constraints)
when I see the much more immediately relevant issue being that of HDCP: If this crack can be rolled into something on the order of a VLC plugin, there's a chance I'll actually be able to use my technically-more-than-capable, yet not-a-member-of-the-HDCP-club LCD display to view commercial 720p content.
Re:Mmm but would you do it? (Score:5, Insightful)
To put it in prespective: My old 486 had a hard disk with less than 400 MB of space. But it also had a CD-ROM drive. Your average CD back then held 650MB. Yes, it had an optical drive that was bigger than its hard disk. Nobody ever thought to even include copy protection on the CD because storing that much data was insane, and transmitting it over the internet even more so. With the advent of MP3 and bigger storage and broadband it became commonplace to trade music online.
My brother got one of the first computers that came equipped with a DVD drive, which has a capacity of 4.7 GB (I'm ignoring the whole multi-layer DVD format for sake of simplicity). It also came with a hard disk that could hold up to 2 Gigabytes. Now your average DVD can be recompressed without too much quality loss to, say, 1.5GB, and modern hard disks will store hundreds of them with ease, and you can download them in an hour or two on a good connection, or maybe a day on an okay one. Are you noticing a recurring theme here?
The truth is that Blu-ray isn't all that big compared to the hard disks of today, especially not when you look at previous optical formats and how big they were in comparison to the hard disks of the era in which they were first made. Heck I could fit a Blu-ray disk or two on my iPod and have some space left over.
Such is the progress of technology (by which I mean mostly storage space and bandwidth, but also compression technology and the processor power to implement it). A digital movie standard such as Blu-ray or HDDVD should be expected to last a decade. They will probably last even longer than that because hi-def technology has matured to the point where users couldn't possibly need higher resolution or more pristine sound effects. Where do you think magnetic storage will be in ten years? Heck, where do you think solid-state storage will be in ten years?
The point is that technology changes, and people invent things like MP3 that let you squeeze more into smaller space. Which means movie format won't stop piracy because it's "too big".
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Then, they'll just not give the keys to PowerDVD.
Note to all future hackers. Wait till you have critical mass before you release a crack.
Will every player key be cracked? (Score:5, Insightful)
Seems like the whole house of cards will fall down.
Re:Sort of Cracked (Score:4, Insightful)
While it's certainly a move in the right direction, unfortunately, it's far from ideal. The reason I feel no moral compunction about saying this is because of your astute observation that this DRM scheme utterly fails to prevent piracy and instead is unfairly limiting how legitimate customers can use the products they buy. It's likely that this was the primary intent all along.
Re:Wrong conclusion... (Score:1, Insightful)
It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
"I don't like the DUI laws, so drink and drive I shall!"
"I think I deserve more pay, so embezzle I shall!"
"I don't have a problem with heroin, so deal it i shall!"
The most basic acceptance test of any moral or social philosophy is whether it can be applied generally. Yours boils down to: I do what I think is correct. Okay, but please don't call the cops when someone punches you in the face and takes your wallet, because I am sure that it was a perfectly acceptable action to the perpetrator. After all, they really needed the $20 and it's an insignificant amount of $$$ to you, and your nose will heal.
I don't like the way things are going either, but your only morally defensible position is to not purchase your Star Trek movie in the first place if you do not like the implicit agreements attached to it. Go ahead and violate the agreement, your not in the minority in doing so, but please, leave out the lame justification for your actions.
Re:Cheers! (Score:5, Insightful)
I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.
It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.
The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.
Piracy not equal to Losses (Score:5, Insightful)
The only way there is a real loss is if some one is SELLING copied DVDs as if they are original. That is not what we are talking about here. We are in this insane mindset that if we see or hear something that we owe money to some one for it.
Utter stupidity if you really think about the concept.
The only way there is a real loss, is if you counterfeit the media and sell it to some one that actually WANTS to pay for it.
This whole issue of IP ownership makes no sense if one steps back and clearly thinks about it.
Cheers
Re:Wrong conclusion... (Score:3, Insightful)
Uh... if you really think that drunk driving, embezzlement, and drug dealing are on par with activities which are technically illegal under DMCA, but actually covered within exceptions to copyright (what the OP is talking about is analogous to making a cassette tape of a CD so you can play it in your car), I gotta wonder where you get your crack.
Re:Please improve the source code (Score:5, Insightful)
Why would those things matter at all? 99% of your time will be spent in the java-provided AES decription routines. Optimizing a single hash lookup will make about 0 difference.
Lookup premature optimization is and learn from others mistakes.
Re:Mmm but would you do it? (Score:2, Insightful)
They aren't just going to stop selling DVD's anytime soon, and a good DVD is as good as it gets on 720x576 pixels. No MP4 compressed material (700M or even 1.4G) comes close to originally compressed MP2 on a DVD.
The friggin' point of HD format is to enjoy it on a 100" DLP projected full HD projector.. not on a computer monitor downscaled to 1080p or even 720p.
Re:Piracy not equal to Losses (Score:5, Insightful)
Who is to say that those who buy cheaper illegal copies of movies would actually pay full price to see them in the first place?
Re:Wrong conclusion... (Score:5, Insightful)
You make a good argument, and I've heard it before. However, black and white interpretation of the law tends to fail (especially when you equate morality and law). I'll fall back on an analogy here: If you drive, do you ever speed? The law says that you cannot drive at a rate higher than the posted speed limit. However, on most major US highways, traffic tends to move at around 5% higher than the posted speed limit. Driving at the posted speed limit would cause a dangerous situation, whereas operating your vehicle in a manner consistent with the flow of traffic is a safer way to travel. Is speeding immoral? If so, should we just not drive until everyone else slows down?
Many people make informed decisions to break the law. Whether or not this is a conscious act of civil disobedience, it is (in many cases) still a form of civil disobedience. Putting this into the context of the American alcohol prohibition, a large scale amount of civil disobedience fueled organized crime to fulfill the demand for alcohol, and the law was eventually shown to be unreasonable. A freedom limiting law was abolished because sufficient numbers of people chose to break that law. This did not cause any crumble of society, and did not turn morality upside down.
In any case, I respect your position, but disagree with your absolute reasoning. IP license violation isn't the same as DUI, and it's not punching someone in the nose and running off their wallet. Laws like the American DMCA have unjust provisions. The grandparent poster is acting in good faith, and harming nobody. Perhaps the gpp is partaking in a phenomena of culture redefining law.
Re:Wrong conclusion... (Score:3, Insightful)
Hey, ignoring the stupid law worked for Prohibition!
It just goes to show that there's a huge difference between some nominally illegal act being acceptable to a few people and being acceptable to nearly everyone. In the long run the DMCA cannot stand, because breaking it is indeed acceptable to nearly everyone.
Re:Cracker actually working for HD-DVD Consortium? (Score:5, Insightful)
The poor hardware sales are due to the following factors:
1) Hi-def content is only of interest to the small minority of consumers who have a TV capable of displaying it, a screen big enough to notice any difference from up-scaled DVDs, and the requisite inputs, i.e. HDMI if they don't want to risk having future content down-scaled to a level that's worse than DVD.
2) Even those who fall into (1) above are wary of the fact that there are two competing formats, so many will inevitably wait and see which of them finally wins (or alternatively, wait for a player that's compatible with both).
3) Prices are extremely high at the moment -- for less money, one can buy a decent stand-alone DVD recorder with an integral DVR and editing system, which appeals to far more consumers due to being usable with a much wider range of TVs. The fact that DVD players are now available for less than the cost of newly released media for them does nothing to help this situation.
4) A shortage of blue lasers means that even those early adopters who want HD-DVD or Blu-Ray players have difficulty finding one.
5) There isn't a vast range of compelling titles in Hi-def formats, and some of those that are available don't actually look any better than the DVD version (in some cases they're worse). Furthermore, the fact that certain studios are aligned with HD-DVD while others favour Blu-Ray means that it's rare to see a movie released on both, meaning that those who opt for one format cannot view movies that only get released on the other one, thereby bringing us back to (2) above. By contrast, a $25 DVD player gives people access to a gigantic library of content, much of which is available for around $5, or can be rented, pirated, or made by individuals using cheap and readily available equipment.
6) Early adopters with money to burn tend to read lots of reviews, and will therefore know about the problems each of the small number of available players have with some disks. These issues might be acceptable with a $25 no-name DVD player, but those who spent between $500 and $1000 on a new hi-def system will be feeling very pissed off indeed if one of the only five movies they want to watch on it doesn't play properly.
Problems (3) and (4) will disappear fairly quickly because the lack of blue lasers is a short-term phenomenon, and once production ramps up, competition between manufacturers will progressively lower prices and ensure that dual-standard players come on to the market, possibly (i.e. not definitely) some time during the next year, and this competition will also mean problem (6) won't be (much of) an issue in a year's time. Even so, realistically speaking, the requirement for a large high-definition TV set will mean that adoption rates will remain low for a few years yet, so the range of titles will be significantly more limited than those for DVD, and sales / rental outlets will therefore devote less shelf space to them than their DVD equivalents, as indeed was the case with DVDs when VHS was the dominant format. However, unlike the VHS / DVD situation, it's easy and cheap for manufacturers to equip blue laser players with the ability to read standard DVDs, so those with existing collections aren't forced to re-buy everything in the new format, and this will probably help adoption rates once the price drops to an acceptable "impulse buy" level (i.e. below $150/Euros) and equipment is supplied with "dongles" (internal or external) that ensure output doesn't become degraded when connected to non-HDCP compatible displays (the fact that no media have HDCP yet is a short-lived phenomenon, because the media companies wouldn't have insisted it be there unless they intended to use it).
So the probability of this crack having been unofficially sanctioned by the industry (hardware or media) is very remote indeed, because the slow hardware sales aren't in any way linked to DRM, and even if they were, hardware companies in particular could easily circumv
Re:Not really cracked, more like circumvented (Score:5, Insightful)
If they decide to do so, I can tell you that the whole scheme will go down. There will be people with bought and paid hardware made useless. This will be a very good example when explaining to people why DRM is a problem.
Also, if I have learned something in this thread is that if you hack a player, you just have to keep it secret and only release the disk keys for every disk that comes out to the market. If the RIAA doesn't know what player has been hacked, they can't revoke its key. Having one player hacked will invalidate the whole schema as long as the RIAA doesn't know wich one is it.
I am the owner of a High Definition 50 inches TV, with only DVI input. That I see as a good thing. I will not be tempted by the new High Definition *paid* content. There is no way I will be paying another 3000 for a new set just because the content providers refuse to show their content on my perfectly good one. This is also a good way to explain people what DRM is about.
Re:Not really cracked, more like circumvented (Score:4, Insightful)
Re:Sort of Cracked (Score:5, Insightful)
So now the next step is to disallow running software in a debugger, just like in The Right to Read [gnu.org]
Re:Not really cracked, more like circumvented (Score:2, Insightful)
Re:Cheers! (Score:5, Insightful)
Re:Not really cracked, more like circumvented (Score:5, Insightful)
Not really... Even without any better strategy, you can narrow the potential range down QUITE a bit (within one process' address space), and exhaustively try every machine-aligned keylength-block in just a few seconds. And it would surprise me greatly if we can't do a whole lot better than that
and revoke keys in future pressings and force upgrades to software users.
Revocation accomplishes nothing (except, as with most DRM, annoying legitimate users) if the cracker can get the key dynamically. This problem WILL result in the eventual blacklisting of XP for HD content, at which point the protection of AACS will reduce to the security of Vista's kernel (ie, already cracked).
It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.
Bingo. Although it does look like they at least tried to make it somewhat hard this time, no solution (not even quantum) exists to the cryptography problem where "Bob" and "Carol" (the "man-in-the-middle") count as the same entity.
Re:Cheers! (Score:5, Insightful)
Re:Cheers! (Score:3, Insightful)
Yes, but I guess nowadays most people are assuming that consumers won't want to get involved in a corporate battle for format control like they did not then, not knowing that their newly purchased betamax machines would be shiny pieces of garbage as they had to buy a second VCR. I think acknowledging this as Betamax/VHS is to acknowledge the fact that it's wise not to get involved while the two respective companies duke it out. Which is exactly what a lot of people will do, while continuing to buy DVDs.
OK. . . (Score:4, Insightful)
- Take advantage of Fair Use (make backups, format-shift to my PocketPC, keep copies of the movies on my HDD)
- Play DVDs on Linux
- Not worry about downsampling output on non-HDCP video cards
Now the Blu-Ray vs. HD-DVD format war does not matter so much. Does anyone here care WHICH one wins now that both have been cracked?
Thanks guys, you rock!
Re:Cheers! (Score:2, Insightful)
danpsmith wrote and included with a post:
Unfortunately, the video companies did not learn one of the factors that made CD a success: a single format. Although many formats were proposed, only one was chosen and accepted by the music industry. They saw what happened with Quad (seven incompatible formats), and were determined that CD not meet the same fate.
Due to the format war going on between the two DVD successors, I will stay with DVD and sit out the war until long after there is a victor. For me, DVD is good enough for now and I have no pressing reason to move to either format. It is the same reason that I am staying with CD, versus going with either of the CD successors.
I wouldn't be surprised if the above paragraph reflects the views of many people concerning the new formats.
Re:It takes a while... (Score:5, Insightful)
Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.
Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.
Nothing yet Proven (Score:2, Insightful)
The program takes a title key as input.
This is nothing special - any student given the spec could write this.
For the whole thing to work, needs a title key.
He did not include those keys - as someone here pointed out, what looks like a key are infact hash-indici to associate the discs with the keys - the keys are however nulled out.
He now claims that it is easy to find the keys if you're looking in the memory.
Case 1: He is right:
According to AACS rules, you need to keep the keys highly confidential. The robustness rules would explain this, I assume you have to hide things from debuggers and not keep keys clean in one memory location, etc... Black art of tamper-resistance is required.
If the player vendor didn't do that, they face serious consequences in addition to the key being revoked.
Case 2:
He wants that others try to find the keys, because he could not do it himself.
Case 3:
This is a hoax and on January 2nd, when he offers us the update, he will laugh at us all
Case 4:
Someone is trying to badmouth something here, be it HD DVD, AACS or PowerDVD
Anyway, I guess we need to wait. Until then, nothing has been proven....
Comment removed (Score:3, Insightful)
Re:Cheers! (Score:3, Insightful)
Re:Cheers! (Score:5, Insightful)
Re:Not really cracked, more like circumvented (Score:4, Insightful)
Perhaps in the US where the consumer watch dogs are less fierce than those in my neck of the woods you can cripple a paid for product. But here in Denmark the company would be forced to ship replacement units should the key be revoked, and let's see how many times you can go do that until the consumers demand their money back (yeah, you can do that here if the product is broken for up to two years).
Even with the trusted hardware paths it's only a matter of time until the consumers realize what a bad thing DRM is. It's a lost fight, they should spend their money on making a better product rather than trying to find the holy grail.
Re:Cheers! (Score:3, Insightful)
One could say that the OS wars have confirmed this. Remember, the common cold is very popular too, that doesn't mean it's good...
Re:Cheers! (Score:5, Insightful)
The problem with play-only formats is exactly that: they are play-only, and so there can come a point where nobody is making any new material to play on them.
Re:Not really cracked, more like circumvented (Score:3, Insightful)
Re:Not really cracked, more like circumvented (Score:2, Insightful)
That's actually quite an insightful comment.
No matter how much DRM they try to cram down our throats, the fact remains that CD-audio, MP3, and other older formats will forever remain out of their grasp.
The new formats just can't compete with the old formats, because the old formats have the overwhelming advantage of being non-crippled.
The pirates are circumventing DRM; but the rest of us are doing something that's much more devastating: we're ignoring DRM. Try releasing a new player that doesn't support MP3 -- it will be dead on arrival.
Old versus New: it simply isn't a fair fight. Old wins without even trying.
Re:Cheers! (Score:4, Insightful)
Re:Wrong conclusion... (Score:4, Insightful)
What the company that manufactured that disc thinks is irrelevant. They accepted payment for it; it's not their property anymore. According to the Law of the Land, what anybody does with it from that moment on is None Of The Manufacturer's Damn Business.
No, but consumer protection law is quite clear on the matter. Your right to use any article purchased at retail by you for its Rightful Purpose is protected by the Law of the Land. If you purchase a DVD at retail, its Rightful Purpose includes private home viewing by the owner, their friends and family and for which an admission fee is not charged. If the goods you have purchased are not fit for their Rightful Purpose, then you are entitled to return it to the place of purchase and receive a full refund of the purchase price paid.
You paid money for it. It's your property.
That would be called Theft.
Not necessarily. It is your property and you are generally responsible for taking proper care of it. However, unauthorised, deliberate damage by a third party may constitute Criminal Damage.
Watching the contents of the disc would be considered the Rightful Purpose of the disc. Your right to use your own property for its Rightful Purpose is protected by the Law of the Land. You do not need any other licence to watch it.
You do not need any licence to view the contents of the disc. Your right to do so stems directly from your ownership of the disc. If the disc is covered by an insurance policy, the original disc will become the property of the insurer when they pay out (and therefore you would no longer have the right to view its content) -- however, they may give it to you anyway, in order to transfer any obligations regarding proper recycling of waste onto you.
You do not need any licence to view the contents of the disc. Refer to established case law regarding viewing of recordings. Generally, it is OK to show it to your friends and members of your family if an admission fee is not charged; and a licence can be arranged for a small fee (payable through a royalties collection agency) to allow showing it in a workplace or to members of a club or society (which is deemed beyond Rightful Purpose, and so requires permission from the copyright holder or their authorised agent [i.e. a royalties collection agency]).
You have to obtain a special licence for exhibition other than to friends and members of your family or for which an admission fee is charged. A licence permitting the general Public to attend the viewing (which certainly exceeds Rightful Purpose) is generally more expensive than a licence for a viewing restricted to a workplace or members of a club or society.
Yes, if you are properly licenced to do so. See above.