AACS Hack Blamed on Bad Player Implementation

seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ... We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"

To be expected

[Iphtashu Fitz]

Did anybody really expect the AACS LA to say anything other than what they did? (Besides, maybe "we give up"?)

DRM is silly

[tfinniga]

You give them the lock.

You give them the key.

You hope that they can't figure out how to put one into the other.

High fives.

Never!

[Troed]

if the hole can be patched in the players

It cannot, ever, unless they disallow software players from any platform not running on Trusted Computing enabled hardware and a Trusted Computing enabled operating system.

Until then, no DRM scheme works.

None.

It's that simple.

Player Keys

[Anonymous Coward]

Just wait until they start finding some *player* keys (not volume keys).

Gather enough of those and you can screw revocation by subverting the master key authority. Hopefully, they'll quietly hack the player key, get them to issue a new one, hack that and....

Re:Never!

[CrystalFalcon]

It cannot, ever, unless they disallow software players from any platform not running on Trusted Computing enabled hardware and a Trusted Computing enabled operating system.

And at that point, virtualization kits will become commonplace that run Windows in a sandbox so that Windows thinks it's in a Palladium environment, but where it's really not.

If it can be played, it can be copied. Playing is copying. Any manipulation of digital data is copying it. Trying to make bits not copyable is trying to make water not wet.

Re:No AACS, Blu-ray, HD-DVD for me.

[Anonymous Coward]

Good for you. That means the only reason you would be reading an article about those things you "gave up" was so you could blow your own horn. Guess what? We don't give a shit.

I thought the player key hadn't been revealed?

[Jartan]

Why is Ars saying they believe they can stop this hack by revoking the player key? The original person who cracked it specifically didn't release the key I thought and was only releasing TITLE keys which will be much more dangerous to revoke yes?

Not that it matters much either way because this attack vector will always exist for any kind of system they come up with. Since it will always exist someone will rip it and post the movie on bittorrent.

They are actually probably pretty happy that this is the only possible hack anyways since it isn't anywhere near as useful as DeCSS.

Revocation is pointless

[asc99c]

I don't understand the point of revoking a hacked key. Now the key has been found and discs have been hacked, the output of the process is an unencrypted file with no key. Until something like AnyDVD comes out that just silently and automatically strips encryption on the fly, the primary use of the program will be to get unencrypted content onto P2P networks.

Why bother revoking the key? I must be missing something. Sure, don't use the same key on future discs, but pirated copies will have no encryption - key revocation only seems to affect legitimate users of the disc.

Oh yeah, I'd forgotten, DRM isn't about piracy...

Re:Ahh... the fun begins!

[H0ek]

This is also a sure-fire way to kill a format. Usually technology is promoted via word-of-mouth, and when the drive of the early adopters begin to fail, the word will spread that you can't trust either Blu-Ray or HD-DVD.

In short, AACS is doomed if it does, doomed if it doesn't.

Re:TPM is anti-virtualization

[CrystalFalcon]

And would you bet money on the impossibility of spoofing a specific motherboard identity?

Similar things have been done before in so many different scenarios... Just to take a trivial example, MAC addresses were supposed to be unique for each network card, too.

Re:DRM is silly

[Abnormal Coward]

I agree. The only way to show that this DRM protected is shite is for people not to buy. Copying media in my option has never been a problem, I've had a a lot of tape copys from people and went and brought the cd/tape because I really like the music. Same with movies and TV, I've brought DVD's and TV boxed sets after downloading DIVX copys from the 'net. If the boys at the top (RIAA/MPAA) ensure there music is cheap enough its a no brainer. The real battle is here is that 'they' want to tell you want to buy and set any price they like. Its all about control (time to put on your tin hat). Well fuck them, where the consumers we should decide what to buy, and what is an accecptable price. So back to my orginal point, the only way to show is with your wallet ....

Re:Another blow struck for free entertainment

[drinkypoo]

It warms my heart to know that there are people out there watching out for my right to free entertainment. If it weren't for them, the people who invested in, assisted with, created, and distributed my entertainment would be getting their greedy little mitts on my money. Now I don't have to worry about that happening, and I can have the massive entertainment collection I deserve.

It warms my heart to know that there are people out there watching out for my fair use rights. If it weren't for them, the people who (blah blah blah) my entertainment would be able to prevent me from taking actions which are supposedly explicitly protected by law, based on legislation which they bought and paid for. Now I don't have to worry about that happening, and I can do the things I'm supposed to be able to do with my entertainment collection.

There, fixed that for you.

I bet you are in favor of banning water since it's possible to drown someone in it, too.

Bring it on!

[nobodyman]

This is starting to get interesting.

In theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated.

Personally, I can't wait for this key revocation to happen. The thing is, 95% of consumers have no idea what the hell DRM is. I'd wager that 95% of the people that own a hi-def player are blissfully unaware of the implications of key revocation are. Send out the key revocation lists and all that is about to change.

So magine the shit-storm when customers start flooding the Best Buy customer support aisle thinking that their machine is broken, when if fact it "works" just fine and the movie industry has shut down your player because some hacker is using its AACS key.

I can't wait.

Their only logical option

[Jugalator]

If they admitted this was in fact a miss in the AACS specification about protecting the keys, AACS LA could have their algorithm face a quite severe dent in its reputation. By blaming it on player implementations, it's not their problem. However, the real problem still remains despite whatever they say -- it's the end result that matters, not whom's fault it is.

No more player software

[Anonymous Coward]

So there simply won't be any more PC-based player software. The outcome of this will be that no more software-based HD players will be licenced. Only stand-alone boxes, and sealed black boxes that sit between your PC/Mac and an HDCP-compliant monitor.

Otherwise the next time a programmer complains to a cryptographer that his DVDs won't play, a bypass will be found. Google "My first experience with HD content being blocked" to see this in action - about 8 days later, AACS was bypassed.

Re:TPM is anti-virtualization

[Rich0]

They would use SSL. Most likely 1024/2048 bit keys. You won't guess them.

And the manufacturer wouldn't know your key either. Most likely the chip will generate its own keypair, store it in flash, give the manufacturer a CSR, which would then be signed and returned to the chip as a certificate. At this point the only copy of the private key is in the chip - at best the vendor knows the public key, which is no good for bypassing TPM.

Now, what you could do is get the manufacturer's signing key and make your own certificates. That would certainly work. However, it hasn't really happened yet in the SSL world, and there is no reason to think that it will happen in the future - those keys would be kept under close guard.

Re:TPM is anti-virtualization

[paeanblack]

The private key for your motherboard will be - it will never leave a single chip. Sure, if you have the hardware you can in theory obtain it, but this will require stuff like electron microscopes.

How do you account for this hole:

1) Asus' servers get "hacked".
2) The keys to all Asus motherboards get posted on the web
3) Sales of Asus motherboards skyrocket.
4) Asus issues a press release to the effect of: "It was the fault of those damn dirty hackers. We have no idea how this happened. Excuse us; we must return to sifting through this mountain of cash".

The hardware manufacturers have no incentive to play nice with the Trusted Computing scheme. This is just a repeat of DVD Region Coding. The manufacturers just started producing players that ignore the region code, because they outsold the locked players. Of course the first few on the market were "accidents", "mistakes", and "test designs".

In a Trusted Computing world, machines with a broken TC implementation will be cheaper to make and command a higher price in stores. What do you think will prevail?

Re:TPM is anti-virtualization

[cibyr]

Couldn't you man-in-the middle it with a virtualisation layer that passes the decryption requests from the official software to the TPM hardware and then grabs the "plaintext" (in this case video) on the way back?

If it hasn't been said enough yet, this is why DRM can't ever work.

Re:Looks the same

[Dunbal]

TPMs. To make sure you, as the owner of the machine, can't see what a "trusted app" is doing.

      I'm positive someone will find a way around THAT, too. Even if it means applying a soldering iron to a motherboard. Some people are very creative. And the fun part is, you only ever have to hack it ONCE, and the internet does the rest...

Re:I need to buy, rip, and store the content

[fraudrogic]

dammit, I had mod points yesterday. Wish I had them for your post... This is the key. I am INTERESTED in the content, but that's it. If I have to jump through hoops to get it in a format of my choosing, then I'll find other ways to watch it. There are a TON of ways to get the content I want. To be honest I can do without the cable TV, because if I really try, I can find everything I want via the web. If I can't, then well, there is a ton of other content that will grab my short attention span. I love "The Office". I love talking about it with my coworkers and recreating the funny stuff in our own office (someone put my freakin' stapler in a jello mold for god's sake!). But if I lost bit torrent, cable, and they DRM'ed the shit out of the media they sold it on, I really could do without it. This super inflated sense of "I gotta have it" is created by the *iaa's. We don't NEED it. It's fun, but I don't "demand" it. In other words. Fuck DRM. I don't want there shit SO BAD that I would subject myself to the hoops they would like me to jump through.

Re:I'm mixed on this.

[The Warlock]

Well, the solution to that is easy. Rip keys from a very prolific hardware player.

Imagine if the keys that got leaked came from, say, the PS3. Can you imagine the shitstorm that Sony would throw if the first million or two buyers couldn't play Blu-Ray movies anymore? Those keys would never get revoked.

Re:TPM is anti-virtualization

[The Warlock]

Doesn't matter. If a piracy group cracks one key, they can turn any movies into an unencrypted format, and then that's it. Once that one copy has been FXPed and BitTorrented and etc., it's over; there's no putting that cat back in the bag.

Wrong audience, pal

[ruiner13]

I'm fairly certain that if at some point the **AAs ever visited slashdot that it didn't take long to figure out that this isn't the place for them to visit. Why don't you try actually sending them your thoughts DIRECTLY, as I have done in the past. If more people did, maybe they wouldn't think that the public actually wants DRM. Otherwise, you're just doing what the network exec in South Park said "please direct any further complaints to the brick wall over there". You're being just as effective.

Well, Is that so? Not!

[hAckz0r]

Give me any HD-DVD or Blue-Ray hardware player using AACS and any old cheap logic analyzer and I could (but don't bother asking) hand you any hardware or volume key you want. DRM does not work because the whole concept of DRM is flawed. If you give someone the data, and also give them the key so they can play it, then they can copy it. Period. Any "magic" that is applied to keep you from knowing the key is merely a speed bump to an average geek.

All you need is one very pissed-off average geek that can't watch their bought-n-paid-for movie and the whole non-DRM'ed movie is likely going to be out there for everyone else, that can't watch their own copy, to download it. In fact, the more players that they "revoke" the keys for, then the more pissed-off geeks there will be, and the more movies that will likely be available for download. Its a loosing proposition any way you look at it. With DRM the "fix" becomes "the problem". The only people that win are the ones writing the DRM and spoon feeding the Board room executives that don't know that DRM can't work.

When will they ever learn that you can't solve a SOCIAL PROBLEM using technology of any kind. In fact they should wise up and realize that its the professionals that build specialized hardware that copy the "protected" disk bit-by-bit, then burn a thousand copies, and are making big bucks off of all the boot-leg copies. Those are the ones they should go after, not the average people that paid for the movie and just want to watch what they paid for, when and where they want to. So, RIAA/MPAA, take it from a security geek, know thy enemy! You can't fix a problem if you don't even try to understand what the problem is!

Malware, and why they made this statement

[Myria]

Two separate but important points:

1. The most devastating attack that can be done against software players would be to use malware to extract keys. There are many, many zombies out there. The malware could search for installed HD-DVD/Blu-Ray player software on the victims' machines that it knows how to break, extract the unique key from such software, and send to the malware author. There would then be enough keys known that only revocation of the entire product line's keys could get around the problem. I wonder whether they've considered this scenario. (However, one mitigating factor is that malware is done for profit, and this wouldn't be profitable. For-profit pirates just copy disks outright without bothering to decrypt.)

2. The reason the AACS made that wording about the players not following the "Compliance and Robustness Rules" is probably so that they can invoke the parts of the contract allowing them to fine the licensee millions of dollars.

Re:To be expected

[alienw]

First, ASICs are not expensive. They are in fact extremely cheap to produce, and the development costs are not that high and are easily justified in a mass-market application. Nobody in their right mind would use an FPGA in a consumer application -- they are far too expensive.

Second, I don't think you will be able to read off keys with any kind of microscope. I don't think you'd be able to find out the key even if you had a complete wall-poster-size plot of the chip. I don't think you quite appreciate the complexity of a chip. Even low-end ASICs push millions of transistors these days. About the only method that can be used to steal keys is wafer probing, and that's pretty hard to do with modern chip densities.

Reading data from a flash EEPROM is even harder. Engineers who design chips are generally much smarter than people who try to break them, and there are plenty of tamperproof chips available. Most tamper-resistant chips now incorporate self-destruct features that erase the data when you try to probe the chip or screw around with its supply voltages or clocks. The industry has come a long way since the 16C84, which wasn't even intended to be tamperproof.

I am also not sure what your point is with regard to keys. Any secure system ultimately depends on the security of its keys.

Re:Selective keying using the whole .exe from memo

[kruhft]

This can be foiled by 'encrypting' the key by swapping the bytes and using a bit of assembly to 'decrypt' the key in a register before use and making sure the key never leaves the register at any time. Not really encryption I know, but it's not difficult (if you know the arcane art of assemly) to foil this type of attack.

Re:TPM is anti-virtualization

[Rich0]

Right, but what are the odds on all of the software that is signed with those public keys being bullet-proof?

No software will be signed with any of those keys. The certificate only certifies that the chip implementing TPM is genuine.

The logic is that on bootup the TPM chip will hash the BIOS and store this has, and will provide a signed attestation upon request that this BIOS was booted.

The BIOS will then hash the OS that it boots and provide its hash upon request. The OS will do the same for a piece of running software.

A remote website will ask a piece of software for a chain of trust. The software will ask the OS for its hash, and the OS will ask the BIOS for its hash, and the BIOS will ask the TPM chip for its hash. All of these signed hashes will get sent to the remote website. The remote website will check all the hashes and decide whether to provide the software with a decryption key.

If the software is found to have a vulnerability it could be revoked at the server level. Obviously this will be a pain for anybody who owns that software, but TC isn't designed to make user's lives easy.

I agree that there are a bunch of issues with TC, but it will make extracting protected content a real pain. It might also make it harder for you to open your documents in open-source software. While you could always download an unprotected torrent of the latest movie release, you won't be able to find an unlocked torrent for the spreadsheet you created in MS Excel the other day.

My feeling is that we need legislation requiring the disclosure to computer buyers of ALL keys stored within them, and any related-keys that are needed to access features on those computers (such as any signing keys needed to flash the BIOS). And by disclosure I mean the keys themselves - not just the fact that they're there. Computer owners could use TC to secure their computers against hackers/viruses/etc, but 3rd parties couldn't use TC to secure computers against their legal owners.

Re:Quantum computing

[Chyeld]

The problem with this assumption is twofold.

A. It assumes that the key will be the last possible one in the key space.
B. It assumes that the only method used will be 'pure' brute force.

A. is almost certainly not true. And while it might be optimistic, it's quite possible that it'll be discovered that due to some brain dead maneuver the keys themselves have been generated weakly in a fashion where all 128 bits don't really come into play.

B. might be true for now, but I refuse to believe that there aren't already people out there working on more elegant methods of brute forcing the keys which would allow the space to be narrowed down to specific areas 'quickly'. I also refuse to believe there isn't one.