Slashdot Mirror

No, I'm not confused at all, we're talking about HD-DVD and Blu-Ray, not DVD, and each individual player has a unique set of approximately 1000 keys. Many of those keys are shared across players, but no two hardware players have exactly the same set. To be precise, the scheme allows for a maximum of 2^31 players, so each player has 31^2 keys, the number required by the subset-difference tree algorithm which the AACS key revocation scheme is built on so that r individual players can be revoked with no more than 2r+1 key blocks per disk. For more details see the original subset-difference key revocation paper or for a more accessible overview of how it works try this one.

What this means is that disks are distributed with Host Revocation Lists on them, cryptographically signed by AACS. Whenever a disk is inserted, the drive checks to see if the HRL on the disk is newer than the one it has in nonvolatile memory, and if so, it checks the AACS signature on the new one and stores it in memory. This allows a drive to refuse to talk to a given host software. Likewise there is a drive revocation list that the hosts are supposed to hold which tells them not to talk to certain drive versions, in case an attack is found in some models of drives.

Unfortunately I'm using the Pinnacle Systems AV/DVE4. And no it doesn't work under Linux.

I've found the Doom9.org's Capture Guide as the best place to get information.

1. Use Virtual VCR to capture from the VCR going to the huffyuv lossless codec.
2. Use AVISynth to fix up the degraded tapes (also in the guide).
3. (Not free) Use Tmpg Encoder 4.0. It was worth the money for me because I wanted a fast, reasonably high quality mpeg2 encoder. But there are certainly free options instead.

There are, actually, enough keys in the world for every player to have its own, thanks to cryptographic trickery. That is one of the extremely clever parts of AACS. Keys can be revokes for individual players.

See for instance:
http://www.watersprings.org/pub/id/draft-irtf-smug -subsetdifference-00.txt
http://forum.doom9.org/showthread.php?t=122363

Reading some bytes from memory is not an illegal act.

That's also not how most people obtain their keys. It also has little to do with this story or the post I was replying to.

Maybe you should go read the Doom9 boards and see how this was all done [..]

How what was all done? A few people actually do the work and then everyone else just looks up the keys ( Post HD DVD Volume Unique Keys here) for "backup purposes". And that was the old way. More recent versions automatically download the keys from the web. (For what it's worth, this functionality is probably what triggered the DMCA notice.)

[..] rather than assuming some terrible illegal omgHAx0r stuff was happening.

Did I say "terrible illegal omgHAx0r stuff"? No. My point is that it's a DMCA violation, and hence, illicit. Like it or not, that's why the DMCA exists.

http://forum.doom9.org/showthread.php?t=122770&pp= 40
Coral Link

&pp=40 works on most (all?) vBulletin boards.
(The default is 20 posts per page)

http://forum.doom9.org/showthread.php?t=122363

Sorry, sources...

http://en.wikipedia.org/wiki/Advanced_Access_Conte nt_System#Processing_key_retrieval_and_Arnezami_co ntribution
http://forum.doom9.org/showthread.php?t=121866
http://www.engadget.com/2007/02/13/hackers-discove r-hd-dvd-and-blu-ray-processing-key-all-hd-t/

Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.

Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.

The MPAA can revoke the processing key, but quoting from the forum:

Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.

Essentially, it becomes a known-plaintext attack.

Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.

Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.

The MPAA can revoke the processing key, but quoting from the forum:

Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.

Essentially, it becomes a known-plaintext attack.

It all starts here: http://forum.doom9.org/showthread.php?t=121866&pag e=6

Later posts seem to confirm that it works for both BR and HD-DVD

On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdcss-style crack for these formats. I'd like to think it's only a matter of time...

There are at least two, and probably three, things wrong with the popularly echoed "they'll revoke the keys" response:

1) Which player gets its keys revoked? The people involved are being intentionally elusive on this topic. It's been determined that WinDVD can be used, but content providers can never be sure they eradicated the source of leaks unless they ban all software players. For all we know PowerDVD is cracked, too, despite their claims; the fact that muslix64 uses it for his demo certainly makes one wonder.

2) Even if you wipe out a player, you can still crack all the discs currently on the market. Key revocation only involves future titles, manufacturers have to change how they press discs to revoke a key and stop the hack.

I quote from Wikipedia which has all this correct: "if a given player's keys are compromised and published by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it." I'd also suggest the thread where muslix64 comments about this subject.

3) What gives you any reason to believe that the same misguided souls who believed AACS was a secure solution implemented revocation securely?

There are at least two, and probably three, things wrong with the popularly echoed "they'll revoke the keys" response:

1) Which player gets its keys revoked? The people involved are being intentionally elusive on this topic. It's been determined that WinDVD can be used, but content providers can never be sure they eradicated the source of leaks unless they ban all software players. For all we know PowerDVD is cracked, too, despite their claims; the fact that muslix64 uses it for his demo certainly makes one wonder.

2) Even if you wipe out a player, you can still crack all the discs currently on the market. Key revocation only involves future titles, manufacturers have to change how they press discs to revoke a key and stop the hack.

I quote from Wikipedia which has all this correct: "if a given player's keys are compromised and published by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it." I'd also suggest the thread where muslix64 comments about this subject.

3) What gives you any reason to believe that the same misguided souls who believed AACS was a secure solution implemented revocation securely?

So as disk-based DRM is consistently wrecked, but can't be updated until the next hardware cycle (~7-8 years at least), which alternative becomes obvious?

Software based DRM via network downloads. You can update the DRM-ed player in the next software patch, automated via Internet distribution. Apple is covered with their iTunes store, and Microsoft has been working frantically on heavy DRM in Vista and WMP.

What makes you think computer software based DRM is unbreakable? All DRM is software based, be it firmware in a component system player in someones living room or an OS with a video app running on their computer. For example, BOTH of the on-line download solutions you mention have ALREADY been broken:

How to strip iTunes DRM and How to strip WMP DRM

ALL DRM IS FLAWED!! Eventually the dumb ass music and movie studio execs will figure this out and will stop pissing off their customers with this bullshit!! Because the bottom line is those of us who are smart enough to copy content ALWAYS WILL be able to, so why punish legit end users because of that? DRM is a waste of time and money for content providers. These people would make more money if they just focused on creating good content and doing a good job of promoting it, and stopped wasting revenue by investing in DRM technology research. All DRM does is raise the cost of distributing content while doing nothing to stop pirating, it's a waste and a loss for the content providers and a constant annoyance for consumers...

This is a shameless appeal for some coders with HDDVD or BluRay drives to come out of the Slashdot woodwork and finish what muslix64 started. He said he will not finish the AACS decryption tool beyond where it stands, and it has some some serious problems:

Read this forum post for a detailed explanation of the current revision:
http://forum.doom9.org/showthread.php?p=941169#pos t941169

See Professor Ed Felten's excellent blog explaining AACS in detail:
http://www.freedom-to-tinker.com/

The official AACS specifications, straight from the source:
http://www.aacsla.com/specifications/

Your contributions will apply to both HDDVD and BluRay, of course.

Many people ask me more details about the known-plaintext attack. This is a very basic, but powerfull crypto attack that I have used to decrypt both format.

After reading posts of people trying to get the keys in memory, I realized, I have a different way of looking into the problem.

A lot of people try to attack the software, I'm attacking the data!

So I spent more time analysing the data, to look for patterns or something special to mount my known-plaintext attack. Because I know the keys are unprotected in memory, I can skip all the painfull process of code reversal.

I don't have any Blu-Ray equipment but I was able to recover the keys anyways... because I had access to a memory dump file and a media file.


To give you an example, let's take the Blu-Ray case.

First, I had to read the documentation about the media file format.

In the case of Blu-Ray, the media files are divided in blocks called "Aligned unit". Let's simply call them "Unit" for short. A Unit is a block of 6144 bytes. The first 16 bytes are unencrypted, and the rest are encrypted using AES in CBC mode.

A unit is composed of 32 blocks called "MPEG source packet". Each packet is 192 bytes long. The first 16 bytes of the first MPEG source packet of a Unit are decrypted.

Just to see the decrypted part of the packet, I have printed a few. Have a look:

D13BF428474000100000B0110000C100
D13C5DE84710111C6E3468D1861B8D1A
D13CC7A84710111CE3468D1861B8D1A3
D13D31684710111C1A346186E3468D18
D13D9B284710111C6186E3468D1861B8
D13E04E84710111C8D1861B8D1A34618
D13E6EA84710111CD1861B8D1A346186
D13ED8684710111C186E3468D1861B8D
D14D57924710111CFCC810FE80107F08
D14DC1524710111C1007647E401C002E
D14E2B124710111C8001880350400300
D14E94D24710111C007690DE581426A3
D14EFE924710111C80800E8081F9E081
D14F68524710111CA01300C007408C00
D14FD2124710111C005200B002E00D49

Do you see something special? Do you see any pattern?

The first byte is always D1 and the 5th byte is always 47. Can we use that to mount the known-plaintext attack? Of course!

Because we know we have multiple MPEG source packet inside a Unit, we know the decrypted version of the unit at position 192 will probably look like the sequences shown above.

In most cases, the know-plaintext attack is in fact a guessed-plaintext attack. We "assume" the data will look like something we "guessed" when decrypted. Most of the time, it works!

Knowing that, all you have to do, is to write a small program that scan a memory dump file, that comes from of a software player while it was playing the movie. The key is in that file, you have to locate it.

You just have to decrypt the first 2 MPEG source packets of the first unit until, you find a key that decrypt to something like:

D1??????47?????????????????????? at position 192.

That's it!

I also do something similar for the HD-DVD format.

Once you know the value and the position of the key in memory, you can do like people are doing here. Use "memory landmark" to locate the key.

Any questions?

For those who can't be bothered reading all the articles and threads (38 pages and counting). The application works by implementing acss to decrypt the data, it was written using the specifications found on the AACS website.

The two things that are required to decrypt a dvd, a disk key (specific to a printing run of a disk) and a player key. Both have a revoke system in place.

A disk key can be revoked by future disks you use in your player, the player must store a list of revoked disks, when you insert a new disk the revoke list must be updated. If the disk key was revoked it would cause consumer backlash as their disks would not work anymore, they could get everyone to replace their disks that could be a hassle. Keys for several movies have been found, some released. One flaw with this is If the disk key is found and is public It is still possible to use the backuphddvd to decrypt the disk.

A player key can be revoked by not encrypting the disk with a compromised player key anymore. Once a player key is compromised all future disks will not work on that player but all current disks will still decode. A software player would need to be updated but this may not be possible if a player key for a hardware device is compromised. A key for windvd (japan) may have been found but not released yet. It is likely that this will be revoked and an update released.

In post 691 are the keys for Serenity, King Kong, and 12 Monkeys. More are most likely found but not posted. They where found using windvd (japan as the english version is not yet released). It is likely that they also have the player key. There have been confirmations that it does work.

There are a few problems with this hack, it does not work out of the box, instead you need to find a working volume or device key. It is not going to be fast finding ether key once they start revoking device and disk keys as each update of the player needs to be compromised. Also redistributing the keys could also become a problem, there would need to be a website that keeps track of keys for each printing of the disk, it could be a central website that the decrypted checks or a peer to peer system but it is something that would need to be worked out in the future. Another problem is you need the same disk as those people that finding them, there is no automated solution currently and they have a limited selection of disks.

Other countries have counterparts to the DMCA.

Because if it were, wouldn't Id Software get upset?

Um, as The Pirate Bay has demonstrated already, there are three wrong with your supposition. First off, ICANN does not and will not revoke domain names at the behest of the government. As long as Doom9 has backbone (and this hasn't been their first time in this type of situation), they're not gonna crumple.

The second thing is that they might not be located in the USA. The whois dossier shows that the domain was registered by (anonymous) proxy, and it's entirely possible that he's not American. If his servers are physically located outside of the USA, then he can't be legally threatened by civil suits, and he's not subject to DMCA. (However, this is a hypothetical, and since he refuses to host DeCSS, it is my guess that he is somewhere in the USA.)

The third thing is that the website is http://www.doom9.org/ , not doom9.com.

Check this post out, might help. googled 'how do "dvd games" work'

http://forum.doom9.org/archive/index.php/t-36674.h tml

If anyone wants to try it out, here is a link to the executable and source code (Java)...

http://forum.doom9.org/showthread.php?t=119871

There is more detailed info in the included FAQ. The bad news is, the program itself isn't actually "cracking" anything. The author used publicly available AACS documents to write his own decrypter (e.g. just as PowerDVD or WinDVD would). The catch is, you must provide the decryption keys to this software in order to rip the movies from the disk.

However, the good news is, it looks like he may have found a way to extract the needed decryption key(s) from the HD-DVDs. He doesn't explain how in the documentation or provide any keys, but if he figured it out I'm sure others will - and that means more advanced and powerful tools shouldn't bee too far off.

The site's Farked, Digged, and everything else already, but here's the forum this was first posted to: http://forum.doom9.org/showthread.php?t=119871

It contains a download link to the program.

So it is left open to interpretation as to how exactly the samples should be reconstructed.

So what CoreAVC is doing isn't exactly against the spec.

Quicktime only seems to use a subset of the features of H.264.

• CABAC
• Bidirectional prediction
• Macroblock partitions
• Weighted prediction
• Deblocking

http://forum.doom9.org/showthread.php?t=99402

Ahh, I guess I was wrong.

ateme: 58.78
libav-mplayer: 58.22
moonlight: 55.48
libav-ffdshow: 52.15
libav-ffdshow_old: 52.11
nero: 50.74
elecard: 44.04

ffdshow is in the middle of the pack, behind mplayer/VLC and ahead of Nero. CoreAVC, while not tested there, is considered to be faster than all of the above.

The Doom9 site is simply one of the best sites you could go to for anything video-encoding related. Read through some of their DVD encoding guides, they'll walk you through how to get decent encodes and point you to the software you'll need.

Yes because the iSee 360i out-to-TV is a standard 640 x 480 television resolution, the picture quality is not compromised.

DRM2WMV.

(Posting anonymously to not karma whore.)

Perhaps you were joking. Video playback on Windows is flawless, provided you have the right all-in-one codec pack.

You claim that downloading and installing codecs (using a GUI) on Windows is old-fashioned. How is the command line any more modern? Pedantically speaking, the GUI(1) was developed after the command line. I apologize; this is a definitely nit-picking, but trying to say the command line is more modern than the GUI is a laughably stupid point to make. Perhaps you meant to imply that the command line is more efficient than the GUI at certain tasks; in which case, I agree.

As for the poor souls who are looking for help on the forums, you would be helping them more by pointing them to a Google search for "windows video codecs" than just haughtily replying, "I don't know; I just use Linux."

I will grant that Windows codec packs are occasionally filled with spyware, but if you weren't so busy cavalierly trumpeting the apparent dominance of Linux over Windows, you'd know about reliable sites like doom9.org.

(1)I assume, of course, you consider the Apple LISA "the GUI"; you may define it differently.

Indeed, I just found this out. No point to this at all. ...Of course, if they DID have free hi-fi tracks, I'd be the first to download them, strip out the DRM, and listen forever. But that's no reason not to do it! ;^)

http://forum.doom9.org/showthread.php?s=&threadid= 89243

I have not checked recently, but I believe MS-DRM is cracked.

To my knowledge,I havent seena single place on the internet,that had cracked DRM [ The last time I checked-4 months back.].

And a search in http://www.doom9.org/ as you said ,didnt churn out anything positive.

Windows DRM has been cracked for about a year

http://forum.doom9.org/showthread.php?t=89243

Rubbish, it's telecined from 24p to 60i. Check various doom9 posts and 100fps.com if you don't believe me.

Rubbish, it's telecined from 24p to 60i. Check various doom9 posts and 100fps.com if you don't believe me.

Rubbish, it's telecined from 24p to 60i. Check various doom9 posts and 100fps.com if you don't believe me.

I applaud your research and clever pulling out of context statements, although the one site was not out of context, it was just repeating myth of someone not understanding the difference between 'adopting' a technology and being the basis of the technology.

Again I will repeat this for the slow learners, MPEG4's codecs were not based on Quicktime Technology, and the original MPEG4 codec technology was written by Microsoft.

Everyone else, don't be trolled by the above post, do a simple freaking google search for yourself on: Microsoft MPEG-4 v3 or
MS-MPEG4 v3 or even Microsoft MPEG-4 v1.

I will also again repeat. DIVX is nothing more than a 'hack' of the original Microsoft of the MPEG4 codec technology.

Here, I will do a quick Google for the causal reader:

http://www.doom9.org/index.html?/codec-faq.htm
What's the difference between DivX and MS MPEG4 v3?
There's none, really. DivX is basically a step farther from the original hack of the MS MPEG4 v3 codec


http://www.am-soft.ru/fourcc.html
"Microsoft MPEG-4 V1, V2 & V3 Microsoft MPEG4 Frozen These codecs were developed by Microsoft by draft MPEG-4 specs and were available some time ago with their Windows Media Tools (WMT) and MS NetShow package. However Microsoft has restricted the functionality of these codecs so that only native tools from Microsoft could use these compressors. The DivX team made a binary hack of MS MPEG4 V3 codec and called it DivX.

And of course how about posting a link to MPEG Specifications Body itself, cause apparently that would have not allowed the above poster to distort facts:
http://www.m4if.org/mpeg4/

And now let's address your revisionist history of MSDOS and Stacker... You quote the Internet Myth regarding the lawsuit between Microsoft and Stac, but have you or any of your other drones actually read about the ruling 'specifically'.

If you had, you would see that it was a PATENT lawsuit, and NO CODE WAS STOLEN. PERIOD. (Go ahead and edit Wiki or keep saying it to yourself, it will not make it true.)

Let me repeat, MS did NOT use or STEAL any code from Stac. - Go read the lawsuit, for the love of God...

Here, let me give you a link to get you started if you want to find truth on the subject:

http://www.reference.com/browse/wiki/Stac_Electron ics
Stac sued Microsoft for infringement of two of its data compression patents, and won; in 1994, a California jury ruled the infringement by Microsoft was not willful, but awarded Stac $120 million in compensatory damages, coming to about $5.50 per copy of MS-DOS 6.0 that had been sold. The jury also agreed with a Microsoft counterclaim that Stac had misappropriated the Microsoft trade secret of a pre-loading feature that was included in Stacker 3.1, and simultaneously awarded Microsoft $13.6 million on the counterclaim.
While Microsoft prepared an appeal, Stac was able to obtain a preliminary injunction from the court stopping the sales of all MS-DOS products that included DoubleSpace; by this time Microsoft had already started shipping an "upgrade" of MS-DOS to its OEM customers that removed DoubleSpace

As you see, NO CODE was Stolen by Microsoft, and the reason 6.21 even had to be released was because of the injunction by Stac to 'extort' Microsoft, which worked, as Microsoft basically bought the failing company.

And if you look at the case, the only thing MS did was create a technology that 'infringed' on their PATENTS - NOT STOLE CODE as you incorrectly state.

However, Stacker Willingly used a MS Trade Secret that was disclosed to them during this time, so Stac is the company that actually STOLE anything.

And you my friend are the one that needs a history lesson, next time try to provide facts instead of bloviating about old Internet Myths...

A hack for DRM10 (what's on WMVs) has been floating around for about a year now. Basically you play it normally and it intercepts the license. It then uses the intercepted license to decode the video.

1. Buy a DVD burner for your computer.
2. Download DVD Decrypter from Doom9.net
3. Decrypt the DVD and save it to hard disk.
4. Watch the movie on your computer or burn it to DVD.
5. Profit?

DRM does NOT and will NOT hold.
If you can get some new über format encumbered with DRM, the same file but *cleaned* will be available for net leechers....

For example check the first HD releases of DVD movies (lie Terminator 3 extreme edition).
It's was pretty new & better at the time, with HD (1080p ?) video content stored on a standard dvd as WMV, *BUT* DRMed to the bone (need to acquire a license on the net every other day, must connect from U.S....)
Well folks have been tinkering with a japanese anti-WMV-DRMv2 soft and now easily manage to remove the DRM.
So now the file you can get on p2p is the same exact pristine video *WITHOUT* DRM.

As TFA says, it's obvious that the only persons not affected by DRM are freeloaders, in this case:
  * you buy the extreme edition, you get f*cked with a brain-dead copy of a movie
  * you install azureus, you get a next gen video file that can be played on *any* platform...

Now i know:

  * I'll never buy next gen dvd if they work like that,
      (what's the use for a disc that can only be played in a windows-based, internet-connected, PC platform ?)
        provided the majors come to an agreement on their prefered DRM scheme in the near future, and actually release some HD content on disc, which is not so sure right now...

  * We can get HD media for free with no hassle rigth now

Media Giants, Get A Clue !

On a side note, the tools to remove DRM are not reserved to tech savvy people, granted the drmv2 remover i mentioned above is horrible to use, but if lots of people feel a need to use it, it'll become a snap.
DeCSS, for example, was in the beginning reserved to linux geeks but quickly made it's way to *every* dvd copier, like the worldwide-used dvd shrink...

Oh, and BTW, if you need to be more persuasive against DRM, as someone posted before in this thread, reread the excellent speech to MS By Cory Doctorow

Auto Gordian Knot, one of the programs reported to crash, does have SSE3 code. And it loads some different DLLs when it finds it. That's clearly going to give trouble on a system where only some processors have SSE3.

I don't know what OS you were running, and I'm sorry that you weren't able to play your legally rented DVD on your legally owned DVD player. It's not right of the MPAA to do this. Besides anybody that is determined to bootleg the content will find a way around the copy protection. Meanwhile, the only people that are being hurt by the MPAA's decision to copy protect DVDs are the average users that are paying to legally watch the content on their legal machines. Something needs to be done about this. I think that Microsoft should bundle DVD Decryptor in the next release of Windows, and tell the MPAA to go screw. Oh course this will never happen.

Hey looks like i found out about just as much as u did .. http://forum.doom9.org/showthread.php?p=721895

"Having said that, I would like to know if anyone can point me to gui applications that use swing and are actually good and fast. I'm curious if they exist at all."

OK. Here's two.

ProjectX: http://www.doom9.org/index.html?/DigiTV/projectx-f ullguide.htm Video processing is a resource-intensive job. This program can blow the doors off.

Poseidon: http://www.gentleware.de/ - a UML design tool with fluid graphics. Once I saw how smoothly the 2-dimensional scrolling worked, I forever gave up believing that Java couldn't be a performance language.

Sign up for Netflix, buy a 100-pack of DVD+R's and visit Doom9 religiously.

wmv v2 drm is not really cracked, but can be removed thanks to WMP, it'll give you the key...

http://forum.doom9.org/showthread.php?t=89243&page =16&pp=20

More info here. Actually, I did a few rips with x264, and I'm not impressed that much. It is better somewhat than xvid or ffmpeg, but that comes at a cost: on a 2800+ Athlon XP encoding was rather slow: 2fps/sec. Of course, I used high quality settings: frameref=6, deblock, deblockalpha=0, deblockbeta=0, cabac, me=3, 4x4mv, b8x8mv, subq=5, bframes=3, b_pyramid, weight_b, direct_pred=2, chroma_me. Decoding also needs a lot more cpu cycles (2-3x) than mpeg-4.

There's a lot of good (and free) info and software for Windows systems at doom9.