HD-DVD and Blu-Ray AACS DRM Cracked

EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?" Warning: this link contains video.

Not really cracked, more like circumvented

[sith]

As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.

We'll see. I think it's good news for us though, no matter what.

Re:Not really cracked, more like circumvented

[Myen]

Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.

If this is a crack for the DRM, then GPG is a crack for PGP.

Wrong conclusion...

[im_thatoneguy]

The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'

I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:

"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.

It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.

Re:Cheers!

[Anonymous Coward]

How exactly are their DRM schemes any more restrictive than DVD's?

Cracker actually working for HD-DVD Consortium?

[BenJeremy]

Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?

The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?

If true, it's brilliant.... if not, then they missed the boat.

Re:Not really cracked, more like circumvented

[Rufus211]

As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.

Now the interesting thing I found from the "pre-recorded video book" [aacsla.com] spec were these two quotes (page 18):

A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.

and

Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.

So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.

Mmm but would you do it?

[atari2600]

I think Hollywood has a slight edge here. Consider this: Ripped DVDs came around to 4 - 4.5GB and while this isn't a huge amount of diskspace, it is still a considerable amount of space. Even so, a 250GB HDD (you can get this for
Now coming to HD-DVDs (the screenshots from the article show approximately 24GB of space being used or 24GiB, whatever tickles your fancy). This means a 250GB will be able to hold
The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and store it on your fileserver for the next year or two. This is awesome news but i am not sure i'll be ripping HD-DVDs/Blu-ray disks like i used to rip DVDs. These things take way too much space. Hollywood would have an edge if they priced the stuff at around 15-20$ - i'd buy one than let a movie take up 30GB on my machine.

Re:It takes a while...

[interiot]

I don't really know much about it, but keys included in the package are title keys (eg. download the source code [rapidshare.com], see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?

Re:It takes a while...

[qbwiz]

Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key? Or are all HD-DVD players networked, so their keys can be changed at any time?

Re:Mmm but would you do it?

[BenJeremy]

True, but you could also use a better compression algorithm and knock the size down... say, use a new version of RatDVD, call it "RatHD" and preserve all of the menuing and features, but compress it down to 8 or 9 GB and save to DL. Even better, if you don't have 1080p, compress it down to 720p and save more space, but still get higher def than DVD as a backup of your movie discs. Store your retail HD discs away some place safe and use your backups for playback (or keep on the HTPC HD for easy retrieval)

Re:Not really cracked, more like circumvented

[Junta]

Looks like from his FAQ that he figured a deterministic way a particular piece of HD-DVD software stores the key in memory. Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain.. Wonder how he knew what to look for so quickly... Well, suppose he did have a couple of distinct movies, he probably had a set of addresses that obviously changed between discs or titles, and probably some tell-tale strings...

So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.

Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....

BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.

Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.

Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.

Re:Sort of Cracked

[TubeSteak]

But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.

Maybe I misunderstood you, but you seem to be suggesting that in the future, not all disc keys will be available.

I recall reading (a long time ago) that teh intarnet pirates had already ripped about 3/4 of Net Flix's catalog. I imagine that they've upped that percentage significantly since.

IMO, once the knowledge behind grabbing disc keys spreads, every single HD title that comes out will promptly have it's disc key ripped out & uploaded to some gracenote style database.

Release groups are very dedicated to what they do.

Re:Not really cracked, more like circumvented

[Anpheus]

It's an infinite regression of cats and mice, not turtles! But seriously, it seems to me a lot easier to find the function that performs the decryption, which should be easy to find because AES is a common algorithm, see which argument is the input key, and then insert assembly to output that key somehow, store it in a known location in memory, etc. Of course, then it would be their turn to respond by either revoking the key in new releases, or obfuscating the decryption function at a low level, etc. However, it still seems to me that it would be much easier to edit the machine code than to screw around with context switching and hoping to grab a useful pointer or the key itself. It sounds like the first battle was won, but it'll be interesting to see what the DRM guys do next.

Great job with the title keys

[Myria]

The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.

The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.

A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.

The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).

DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.

Melissa

Re:Wrong conclusion...

[Paul Jakma]

Sure it's illegal,

Actually, no, that's not sure at all.

Re:Wrong conclusion...

[spire3661]

Again here we are. The gulf between media and licenses. He paid for legal license to watch said performance. Why on earth should he be charged full price to watch the same performance in a different format. If we could find a way to separate license and format, the digital age could truly begin. But the media companies dont want to make the license and the media separate. If I buy a HD-DVD, and I want a DVD copy of it, I should be able to get one at the cost of manufacturing the MEDIA , not the media AND the license. I could go on and on, but the point is, beyond value added pieces to new formats, the license should be sufficient to be able to watch that performance anywhere, in any format.

Re:Wrong conclusion...

[Chandon Seldon]

There's nothing morally wrong with downloading the content and watching it. It's *data* - not only that, it's an element of our culture. How could accepting someone's offer to share culture be wrong?

Re:Cheers!

[Ironica]

Anyone over the age of 40 I've talked to about the two formats has said, "What, you mean like Betamacs and VHS?" Just keep telling people that that's what this reminds you of, and wait for someone to start selling a less draconian product.

Um, except, VHS became the dominant format for many years, until (the more draconian) DVD unseated it. So the Betamax/VHS issue doesn't really serve to predict the failure of both formats, nor the rise of a new format which is more open.

Re:Not really cracked, more like circumvented

[deroby]

Not quite sure I understand how this works then =(

If each disk contains a (limited) set of keys, one for each model like you say, what will then happen when a new model comes out next year and I put my 'old' DVD-HD disk in there ?
=> the model didn't exist yet, hence, there is no key, hence, my 'newest' player can't play my 'oldest' movies anymore ? Or did they just foresee 10.000 keys and assign them to models as they get released ? (plenty of space on these shiny disks after all).

Additionally, wouldn't finding 1 private key (say for example from PowerDVD) allow for a (maybe not so brute as it seems ?) exhaustive search for all the other private keys of all the other players ? They might decide to 'disable' a certain key from a certain model, but I very much doubt they can keep on doing this ... I think.
(I guess if someone set something up like Distributed.Net for finding these keys, it wouldn't take that long to decrypt them all. After all, if you know the result, it's just a matter of trial & error. Yes it will be HUGE task (not sure how many bits the key holds, didn't watch TFA, nor am very educated on the subject) but the amount of CPU-power allocated to it might be tremendous here... Finally a "good" use for all those botnets =)

(I might be missing something (or even a lot) here ... )

Re:It takes a while...

[sxpert]

That key is then encrypted repeatedly with all of the device keys that are currently authorized to play that disc.

This is a classic error in cryptographic software implementation, that can lead to revealing of all keys.
once you know the title key, you can then get all the player keys by using a known plaintext attack... and instantly crack all keys encoding your title key

Re:It takes a while...

[Splab]

Yes, but in this case you don't have one legal user for every compromised key, you got thousands, if not millions potential users of a single key.

Re:Ease of chipping feature!

[iainl]

Welcome to Europe, where no-one wants to be unable to import films from the US.

With the new formats I expect it to be less of an issue eventually; at least we've lost PAL speedup now that our discs are 1080p/24 as well. But my US HD-DVD owning friends have now gone import crazy - HD-DVD's lack of region encoding is a huge bonus, and from a copy protection point kills at a stroke the need to bother with chipping for most people.

Although I've heard nothing other than rumours, I think Lions Gate at least are going to have to go dual format at CES, simply because all the (currently Blu-Ray exclusive) jewels in their US catalog keep coming out on HD-DVD through Canal+ and others in Europe and Japan. Once the money men start seeing the exclusivity is losing them money, I expect things to change.

Re:Not really cracked, more like circumvented

[Kjella]

When a couple or three keys for _hardware_ players leak the content providers will have to make their minds up and decide if they revoke them.

If I recall correctly, the decision tree is very large (possibly down to a single player) so no, a few hardware keys released means only a few players will die. Of course, if you have a credible threat that you can keep posting new keys (should be too hard if you've found a method) then it's pretty much shot.

Re:Wrong conclusion...

[Anonymous Coward]

When I buy a DVD, I buy a disk that has a movie on it - not a license.

I believe the company that manufactured that disk disagrees with you.

You might not realize this but but your statement doesn't do anything to clarify what you own -- Do you actually own the disk? Can that ownership be revoked? Are you entitled to a copy of the disk if that disk is damaged or destroyed? Do you own the contents of that disk? Are you licensed to watch the contents of that disk? Are you no longer a licensed viewer of the contents of that disk when that disk is no longer viewable (destroyed/damaged)? Are you licensed to show the contents of that disk to non-licensed viewers? Can you charge non-licensed viewers for the privilege of viewing the contents of that disk? Can you derive profit from displaying ads from showing the contents of that disk? Can you copy the contents of that disk? Can you copy and change the format of the contents of that disk? Can you destroy that disk? Can you resell that disk? Can you resell that disk after having made personal copies of that disk? Can you copy portions of that disk to create derivative works? Can you distribute dirivative works from that disk? Can you charge people to watch works created from derivative works from that disk?

By the way... you're an idiot. Think harder in the future. Thanks.

Re:Wrong conclusion...

[cpt kangarooski]

I believe the company that manufactured that disk disagrees with you.

No, they don't. Consumer-level copyright licenses are extremely rare, limited pretty much to the software industry, and in fact, there's no good reason for them to exist, even there. That they do is basically just inertia and misunderstanding of the legal system.

Do you actually own the disk?

Yes.

Can that ownership be revoked?

No.

Are you entitled to a copy of the disk if that disk is damaged or destroyed?

Only to your copy, unless there's some manner of warranty that's applicable (e.g. if it is damaged when you get it from a store, the store will have to replace the bad copy with a good one), or perhaps if someone tortiously damages it, they might have to pay damages equal to the value of the disk, which could be applied to replacing it.

Do you own the contents of that disk?

No, but then, no one does. That's impossible.

Are you licensed to watch the contents of that disk?

No, not that it's even necessary to be.

Are you no longer a licensed viewer of the contents of that disk when that disk is no longer viewable (destroyed/damaged)?

That's moot per what's directly above.

Are you licensed to show the contents of that disk to non-licensed viewers?

No, but that's not always necessary.

Can you charge non-licensed viewers for the privilege of viewing the contents of that disk?

Maybe. It largely, but not entirely, depends on what's on the disk. Alternatively, it depends on whether it'd be fair or not, which will vary according to the totality of relevant circumstances.

Can you derive profit from displaying ads from showing the contents of that disk? Can you copy the contents of that disk? Can you copy and change the format of the contents of that disk? Can you copy portions of that disk to create derivative works? Can you distribute dirivative works from that disk? Can you charge people to watch works created from derivative works from that disk?

Ditto.

Can you destroy that disk?

Yes.

Can you resell that disk?

Yes.

Can you resell that disk after having made personal copies of that disk?

Yes, but it may be taken into consideration as a relevant circumstance as to whether it was lawful to make the personal copy or not. For example, there is a very big difference between buying a disk, copying it, and reselling it, all on the same day, and buying a disk, copying it, and reselling it, all years apart from one another. What you were thinking about at the time you made the copy is important and will be determined by looking at how you acted. Simply saying 'personal copies' isn't a magic invocation that protects you.

By the way... you're an idiot. Think harder in the future. Thanks.

I wouldn't be so quick to insult people if I were you.

Re:Not really cracked, more like circumvented

[afidel]

Nope, unlike CSS keys AACS keys are revocable, so the keys for the cracked version of PowerDVD (or whatever player has been compromised) can be denied by new media. Basically they encrypt the media's decryption key with the public keys of all of the licensed devices and once a player has been compromised they no long use that tainted key (It's actually kind of the reverse of this process, but it gives you an idea of what they accomplish and the general idea of how). Of course if many players are compromised it is unlikely that the content companies will be able to revoke all of their keys, because that would lead to a backlash against the format as consumers devices suddenly stop playing new titles. What I'm personally waiting for is an industrious hacker to expose the key of a popular hardware player, forcing an upgrade of a software player is one thing, requiring naive users to upgrade the firmware of their hardware player is going to be labor intensive. Either they will need lots of helpdesk type staff, or lots of depot technicians to actually do the upgrades for the users. Either way lots of users won't figure out what the problem is and will simply blame the hardware vendor/format.

Re:It takes a while...

[afidel]

Actually, if they are title keys then it probably is NOT enough to finger the player. The player key is used to decrypt the title key, which is used to decrypt the content. The content is only encrypted with one title key, and has no relation to the player key. So as long as you only release title keys there is no way for them to know what player(s) have been compromised. Of course most hackers will probably release their findings as cracks to the software program, but eventually a smart one will simply setup a CDDB style database with title keys and any program will be able to read the media ID, download the title key, and use the reference decoder implementation to decrypt the content. THAT is how you get around key revocation =)

Exactly!

[Dion]

I've been saying this for a while.

The way this will work is that undiscovered player keys are used to decrypt title keys and the title keys them selves are then distributed.

As long as everybody keeps his piehole shut the collection of title keys just grows and grows, maybe even by dynamically requesting a title key before playing a movie.

If a player key is discovered and disabled by the goonsquad then that player key is simply published along with the title keys that it can't be used to obtain, that way the whole key package shinks every time the evil content overlords disable a key.

It's likely that player keys will be discovered with some frequency, so the freedom fighters might choose to publish player keys on their own just to shink the key package.

Someone needs to put together the infrastructure to support title key distribution and some dynamic way of decrypting an encrypted title key.

Re:Cheers!

[KingArthur10]

The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.

Re:Cheers!

[cayenne8]

"That's what I said. I only know one person with a HDTV. Everyone else sees a 32" CRT for $76 compared to a 20" HD LCD at $290, and they grab two 32" TVs."

Not me baby....you ever try to carry TWO 32" CRT's??

:-)

Hehehe..seriously....I am completely over CRT's....no matter the cost....just too bulky and heavy. This is especially true for computer monitors...but, also true for television.

My preference? DLP Projectors....that that expensive...with a screen, less than many large LCD or Plasma tv's...are HD resolution compatible...and take up very little room, and are easily transportable. Hell...I can grab my projector...take to a friends house and hook to their dvd player, and have 'portable' movie night just about anywhere.

For a bit over a grand...100" picture and great resolution, and taking up very little room.....I don't think they can be beat.

Re:Not really cracked, more like circumvented

[ajs318]

And the best programming language in which to implement that would be 63% tin, 37% lead with five cores of rosin flux.

Muck about with the hardware. Take advantage of manufacturers' test points (they have to put in test points! If they stop putting in test points, it will be impossible to detect and correct faults; meaning anything that doesn't work first time will have to be scrapped, and that is going to drive prices through the roof). Underclock everything to manageable speeds. Gate the processor's clock, put the rest of the motherboard into WAIT, and poke about with the processor directly. Park the processor on a totally separate bus, where you can read out all the registers into your own bit of private RAM. It's got no way to tell you've been poking about under the bonnet, as long as you put everything back how you found it.

Something like a Multiface [wikipedia.org], in other words.