Slashdot Mirror
AACS Specifications Released
An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
What the heck is this:3 00.asf
mms://ifilm.wmod.llnwd.net/a65/o1/portal/2667017_
The main difference appears to be that AACS can revoke an entire player model if a hack appears against it
In that case, why would any manufacturer in their right mind produce anything under such terms? That would just be insane
The revolution will not be televised. It won't be on a friggin blog either
Click here to get the specification without agreeing to the terms of access.
"The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
Player model? What if a hack comes out for PC that allows you to circumvent the copy protection: Does it revoke PCs altogether, only certain disk drives, or what?
Creative Demolition
>> These documents are preliminary drafts and are subject to change without notice. To download the v0.90 specifications, please accept the above terms and conditions.
/.
No Thanks. I'll just wait for it to get posted to
http://request-header.info
This scheme will not be broken for at least 20 years.
There's no way they'll make the same mistake twice. DirecTV upgraded all their smart cards 2 or 3 years ago and it has yet to be broken. Bell Canada's expressvu is adopting the same technology because _everybody_ and their mom is pirating the signals.
http://aacsla.org/specifications/AACS_Spec-Common_ 0.90.pdf
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
You have your work cut out for you!
Just kidding. :)
unixkb.com -- articles on practical Unix issues.
I, for one, welcome our new DRM encryption overlords! Perhaps they'll do better than our previous overlord, Chief General CSS. It only took seven lines of code to bring him down...
Why don't they get it.. If it can be played back it can be ripped.
It's not magic...
Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?
And by "up," I mean "Funny," of course.
Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?
Even worse : you have no way of knowing if the player you are going to buy is on the list of players shortly-to-be-revoked, or worse yet : allready revoked.
How's the "you should be able to use a bought commodity for a reasonable time"-law come in play here ?
Go Blu-Ray!
Albuquerque PC
It may be the strongest encoding out there, but who cares? What stops me from plugging the video output of a dvd player into my video capture card and recording off of it? Sure, the quality won't be as good, but it will still work.
I wish they simply wouldn't scramble content in the first place. 99.9% of the people who buy the dvd and would need to break the encoding have a LEGITIMATE reason to break said encoding (backup, copying to laptop so it's not necessary to carry discs on trips, etc).
In many countries (such as will probably be with Canada soon), there will be laws stating that bypassing DPM's (digital protection measures) is allowed, and legal, if it is of legal intent. SUch as fair use, backing it up, etc.
So, if you use it fairly in a country where its legal to do so, and they "block you", is that legal too? Is their EULA more powerfull than non-American laws?
It was supposed to be unduplicatable...
If something can be played, it can be ripped, make no mistake about it. Also, if PC-based players are allowed, it'll just be a matter of monitoring their activity and reverse-engineering them once again.
The real issue here is the possibility of revoking a certain player model. How will users accept a format with this limitation? I wouldn't be too eager to buy a HD DVD reader only to have it revoked a few months later.
João Pinheiro
I expect future DVD players will have USB ports so you can boot them off a key drive and flash the latest firmware, and keeping up-to-date firmware will be required for all DVDs to play
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Content Scrambling System = CSS.
AACS= Advanced Access Content System.
Maybe I am an idiot but i had to actually read the article to know what the posted article was talking about.
drop big bucks on equipment hoping someone does happen on a hack? Yea right and they wonder why only the sheeple fall for this shit.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
If they can revoke keys, then we can DoS the keyspace. There's no need to crack any crypto. All we gotta do is trick them into deprecating keys.
How many people are still running windows 98? How many people know how to set the clock on their vcr?
You DoS the keyspace eventually people won't be able to play commercials. Then the productions don't get their money. Then the system does either of 2 things. 1: every screen goes black and there is no tv or 2: they give up and take off the crypto so the ads work again.
Key revocation is a bigger security risk than keys in software dvd players because you can do more than opening up a file to everybody. You can lock everybody out of it as well.
This idea (starting with hdcp I guess) just opens up more vectors for attack. Now we have a social engineering vector and a keyspace vector in additon to a locally stored key vector (css).
In that case isn't the cat already out of the bag? Not like they can on the fly say that all your HD-DVDs won't work in the morning... The only thing that they can do is prevent future media from playing on that model of HD-DVD player.
We have seen that play before, cripple the next hot DVD to hit the market and what do you get? A ton of product returns and pissed off customers. The encryption may be more advanced, but when you want to give everyone consumer devices with the universal key to the castle... It's only a matter of time before someone figures out a way to copy it.
They should use open source crytographic methods. That way the whole community would be able to contribute towards the effectiveness of copyright security, and they would be protecting not only the consumers' best interests, and also the consumers' best interests.
Here's analysis of AACS that was blogged last December. One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins. They can revoke keys whenever they want, publicly claim it was due to hackers, and stimulate new equipment sales any time they want.
It's not only player models that can be revoked, but this goes down to individual players.
There's a ton of people out there who never buy the content to begin with, because they download it themselves.
There's a huge difference. I know that the Betamax defense is the obvious counterargument, but that was way before one could make indefinite copies without massive quality loss. The idea that one would make really good copies available to a massive amouont of people wasn't covered in that case.
Seems to me that a manufacturer could sabotage another manufacturer's products by hacking them (under cover, of course) while they're still available new. That would make the players almost impossible to sell.
Aaah, now I see their dastardly plot... in order to avoid this, manufacturers will be forced to make their products hack-proof. Tricky, eh?
Remember Apple IIe games that wrote bad sectors or extra sectors and other such nasties to try and stop people copying 5-1/4 inch floppies?
Remember SecureROM and others making CD copy protection by intentionally leaving broken sectors on CDs - making them unburnable in nearly all of the burners at that time?
Remember that DVD's were once uncopyable?
Remember when Pay TV signals were encrypted by obfuscating their signal with some analogue hardware?
Remember when they started using proprietary digital encryption for Pay TV (Irdeto)?
Every time someone offers up content in some protected form, someone is going to break it. Period. Even if they can't break it, someone will use a legitimate DVD player and screen/sound grab their favorite movies using a capture card.
The only difference I see now is that the companies implementing these measures are monopolies whereas they used to smaller players in their respective markets. This might mean that they can push some legislation through to discourage copying but nothing will ever stop it IMHO.
Not to mention it would just kill DVDs period. Once the medium becomes reliably unreliable there's no reason not to pirate exclusively. A move like this could end up with a US court kicking all similar contrivances out of the US.
Keeping on doing the same thing, and expecting a different result.
ha .. good thing I still have my BataMax ...
..
oH and I dont give a dam really
I wont be letting one of those things in my house.
If we dont buy this Crap wont fly.
Remember DIVIX ?
why is the usa to blame for what australia does?
your cynicism only seems to make you out to be the biggest victim of the evils you dislike
i don't know how it works in australia, but i would think that any red-blooded australian would consider you to be a sell out
because you have to believe very little in australia in the first place to consider it to be the kind of victim you imagine it to be, but which in fact only you are
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The Aussi-Gringo FTA fucked allot of things for the Aussi's (though they thankfully avoided the worst on their government prescription drugs program). From what I saw and heard, the FTA has little to nothing in it for Aussi's (loss of domestic TV programs, lingering threats to their PBS, etc). And the DCMA-esque copyright "equivalents" required by the FTA are headed their way (if not already implemented, life +70 years anyone?). The FTA is the only reason Australia has troops on the ground in Iraq, because the misguided "head jerks" wanted that fucking thing so damned bad for whatever reason ("Oh, oh, we can mitigate problems between the US and China because of our relationships with the two countries!" - so what? When two elephants dance, all you can do is get the hell out of the way).
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
Wow, if you read the spec regarding the streaming portion, publishers are going to be able to tell every title you ever watch and the IP address you authorized from.
Crazy.
see subject
So, now when (hopefully I don't regret writing "when" instead of "if") the technology fails, they can see that it wasn't due to not having enough restrictions on the media.
[I havn't read the spec but..]
This is assuming the people who break the system release their key (notice a lack of an if clause, it will be broken, either by reverse engineering or by someone on the inside of a player manufacturer), I think a monopoly on the HDDVD copying business would be more attractive instead.
Also, manufacturers are lazy, they will have a generic model with some sort of rom socket that will include the key (most likely encrypted again), once this is broken, they'll just keep selling the same model with a new key in rom, which will be extracted in the same way, rinse and repeat.
No trees were harmed in the posting of this message. However, a great number of electrons were terribly inconvenienced.
well i guess it's back to the old school - telecini a projection of the dvd onto an HD recorder. if it can be seen and heard, it can be copied. and one open copy is enough.
I used to have a better sig than this, but I got tired of it
It's the customers that are insane for buying that crap.
Take a break from all the MPAA and RIAA content, and you'll fine that you have a happier life, with countless hours of time that you never realized you were wasting on those expensive habits.
If this is like CSS, then it is only about making exacy copies and doesn't have anything to do with ripping the video to Divx or Xvid or some other format and there's nothing here preveniting a player manufacturer from including alternative codecs in their products. So, while you might not be able to produce an exact copy of the disc, you could produce a nearly exact copy of the content and even expect that to play on a low cost recordable in a low cost player. All of that can be possible without even bothering with this AACS stuff. So, I think this is, like CSS, more of a pacifier for content executives who really don't understand how the game is played.
Just add that server to your /etc/hosts with an IP address of 0.0.0.0 :)
China will use an army of 20000 math geniuses to crack it just so they can make their own standard HDDVD to rival the USA standard ;-)
Liberty freedom are no1, not dicks in suits.
If you live in a suburb where a cracked player was found, you too will loose the ability to play discs.
Futures: block based on iris scans of people sitting on the couch. Or, a partial fingerprint match from the side of the disc.
to piss of sony, after all they are part of the consortium , ahhaahahahha
Liberty freedom are no1, not dicks in suits.
The eternal optimism of youth...
Wouldn't downloadable/duplicated movies have all the keys and encryption stripped out anyway?
It's like the coin box on the Ms. Pac Man machine where I used to work; fancy round key, bulletproof case, freeze resistant... and 2 exposed phillips screws holding the hinge on the other side.
That is to say, DVD player models that get cracked, in theory they're supposed to stop using those keys in future DVDs. Just like they're describing with AACS.
It's just that it didn't make a difference because a flaw was found in the way the CSS keys worked (or something like that) which meant that once you found a single key, you could brute force all the others really quickly. So the original DeCSS people found a single key, then broke about 100 more... which meant that none ever really got revoked since they'd have to revoke all of them to make any difference.
The other thing I'm wondering. This won't make much difference if the market winds up going with Blu-Ray instead of HD-DVD. Given the people involved, of course, I can't imagine the bluray "protection" will be too much nicer, I'm just curious. I'm sticking with my normal TV and DVD player anyway.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
So I have a popular player. Someone hacks it. They revoke the key. I buy a new DVD. It doesn't play. I return it to the shop as faulty - it is clearly a faulty disc as my player plays all other discs fine. This bounces back on the producers as retailers don't want the hassle - I can't see them wanting to deal with the flood of customer returns.
Trading standards [insert the name of your country's equivalent consumer protection agency] could take the view that the retailer is knowingly selling faulty goods. The retailer would just refuse to stock any revoked discs in future.
I think the risks of revoking keys are just too great for them to actually do.
If they were dumb enough to do it, I can see huge global hacking effort to compromise as many players as possible, which would make the scheme unworkable.
If a major player maker's keys are revoked, they could easily appease customers by slipping them a firmware upgrade with alternate keys - maybe in the guise of a firmware disc intended for a new model that 'just happens' to also work on the older units.
IBM put out an ad for a firefox developer (for their own software) -- IBM are good.
IBM try to lock people into/out of a technology -- IBM are bad.
I for one hate IBM, lock in is their way and no number of flashy pro-linux ads will change that. When will people realise this?
- force hardware player vendors to secure their boxes (their keys really)
- ignore (!) breaks on hardware boxes
- force software player vendors to include online key updates
- trigger online key updates as soon as a key leaks
That way, if you gat a new DVD which does not play on your software (hardware will always work), you need an online update, not more. Sure, for SuperDeCSS you can (very probably) get the key again and again, but if you put online security updates on top of online key updates, you may have to do the whole reverse engineering part again and again. Its not getting impossible, but tedious. What more can they want?Just think about it: to which extend can you abuse consumers? To the point where they discover they don't like the product.
At that point the bottom will fall out of the market.
Proof: see what DVD players sell best: those with zone restrictions or those without. The irony is that that does not happen because of piracy (pirated DVD appear to be generally set to zone 0 so zone selection is irrelevant) but because of legitimate purchases made elsewhere in the world.
So, in summary, let them progress down this route. Eventually the market will die as alternatives pick up the revenue.
As an example: how many of you buy protected contents or media in non-Open formats?
I have looked at pirated DVDs and they are indeed not worth the money - if you're in a country with sane media prices. If they really, really, really wanted to address piracy all they need to do is become more sensible with the prices, that has already proved to work (hello MS, are you listening?). The increase in revenue more than offsets the expenditure they have to put in on lobbying, researching formats that don't work or get broken in a rainy weekend by a couple of bored teenagers.
Hell, it'll probably even keep them in cocaine and limos.
Insert
Hack them before they're completely out of the maufactures inventory chain. So they have the nightmare of sucking all the inventory out of the retail chain, all the inventory that the retail chain won't take, and all the inventory they're producing. Bury them in new boxes. That would put a noticeable dent in Sony's earnings. And if you do that let me know first so I can invest appropriately.
And the best way for a manufacture to prevent a catastrophe like this would be to make their device super easy to hack. Like download this file to a cd-writer to automagically install the latest firmware all DVD's will work with. And such a setup, if it was setup to be super simple to manage would mean it would be super simple for hackers to make their own customized versions.
They don't care about piracy. This isn't, and never has been, about piracy.
What they care about is control.
They care about linux distributions adding support to play HD-DVD movies, but not paying license fees to the DVD forum.
They care about HD-DVD players cropping up that allow you to fast-forward past the trailers at the beginning of the movie, the ones where a licensed player, when you say "fast forward", says "no".
They care about people making players behind their back which openly flaunt the "region locking" mechanisms that make regional price discrimination possible.
They care about products like DVDXCopy which allow consumers to exercise their fair use rights and do God knows what with the products they purchase.
These are the things they're trying to stop or hinder. Their choice of technology simply reflects that. AACS will do little in the short run and nothing in the long run to prevent piracy. But the legal barriers the media companies paid to erect will allow AACS to keep all four of the above things off of the general commercial market.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Page 24: Each compliant device is given a set of secret Device keys when manufactured. ...The set of device keys may either be unique per device, or used commonly by multiple devices. ...The [Media Key Block] system is based on a large master tree of keys, with each set of Device Keys being associated with a leaf node of the tree... Further, corresponding to every sub-tree in the master tree is another set of system keys... Thus, the subset-difference tree has to store one encryption per Device Key set revoked, and occasionally additional encryptions to pick up non-revoked sets not covered by the smaller sub-trees. On average, there are 1.28 enrcryptions per revocation.
The document goes on to mention around pages 27 and 28 that devices obtain key conversion data by mechanisms called out in the AACS liscense, and recording devices must verify the signature and determine by its version number field whether a Media Key Block is more recent than the one currently on the media. "Each time the AACS LA changes the revocation, it increments the version number and inserts the new value in subsequent Media Key Blocks."
This says to me that the DVDs you buy will in fact be the transport mechanism for updated revocation keys, and presumably your player will be able to store a lot of them. So movie production companies and distributors must conspire to continually subvert the functionality of a consumer's device, and this does not require the player to be online nor will a firewall help. Once you get yourself locked into the prison of this coded delivery system, your own buying habits will keep adding additional chains to your cage. It is quite insidious, not only are they using military-level technology to control movies, the system is founded on the complicity of the entertainment industry, the electronics industry, and consumers themselves (and the consumer's PC if used) with constant policing and injection of targeted death-messages into the distribution channel. It also looks like the drive can potentially disable media (page 41) and even report hacked hosts/drives by recording onto the media (it seems kind of vague but it is writing a concatenation of the "Binding_Nonce", "Drive_Nonce" and "Host_Nonce" to the protected data area, whatever these things are), which if this is indeed true would I suppose be reported through other PCs/drives of people to whom you lend the media, or maybe through even a shared Internet connection, if you want to try extrapolating this.
Sorry I got ahead of myself. Page 55 talks a lot about online connections, online enabled content and streamed content. It talks about Title Keys and says "the word 'title' is often overloaded. For example a title can refer to a full-feature movie, a TV program, a music album, etc. ... however [we] .. define Title to be a distinct path.. That is, a Title is a logical grouping of content material to be presented in a specific order in time." It also mentions an "Enhanced Device" that is online and can then provide full access to Enhanced Titles that require online connections or extended player functionality. Page 56 mentions a Cacheable Permission that expires after a certain amount of time or include a "do not play until" date, and the XML based Title Usage File is based on global, not local time, which if used must be based on a "secure clock" whatever that is. Oh yeah, on page 59 it mentions the default connection protocol can operate (by https) over Ethernet, firewire, WLAN, etc. so you know this is not just about an HD DVD format but looks like it is trying to take over every device in the vicinity as well. How much you want to bet this will police titles not actually loaded in the player?
I think the cutest part is page 61, where it shows how you can go online with a PIN number and a remote Clearing House server can offer a title
Now having new DVDs automatically update the firmware is easy, stealthy, evil, and effective. I think some DRM systems use such an idea.
The new master key must then be on the disk. You run into the exact same problem with trying to protect others from reading that key as with the content. You need a trusted device, and a compromised device is obviously not trusted.
Imagine your Linux box was rooted, SSH host key compromised. To update the firmware would be like uploading a new host key encrypted using the old key (or in plain text). See the problem here? The new key is instantly compromised.
And a hack would never be "uncompromised" by a firmware update. The key (compromised) and discs (read-only) are both outside their control. The only thing they can do is not include it on new discs. They could retract the players and repatch the key (securely). But if it is still vunerable to the same compromise that caused it in the first place, that doesn't do much good.
In short, I think they're asking for the impossible when they want to produce a mass market device with millions in volume, yet still have it secure against one dedicated person with a lab where he can use inert gas, electron microscope and whatnot to open it up and study it.
Kjella
Live today, because you never know what tomorrow brings
i'm assuming it's revoking by including a list of revoked players on the discs. if that's the case, what's stopping someone from modifying that key or whatever they use to track players to emulate or mimic another player's key?
the only other way i can think of is by including a list of verified players. if it's that case, then whenever a new player comes on the market, it won't be able to play any old hd-dvds. then again, they could've included a long list of keys which they can slowly distribute to vendors which I guess would work.
HD Trailers
There must be decoded framebuffer somewhere to be blitted (and which can be memcpy to somewhere else, frame by frame). This can be then converted and repacked from raw. If going hardcore, then stepping some dvd player in debugger. Same goes for sound. I guess we won't see computer implementation of the thing.
The main difference appears to be that AACS can revoke an entire player model if a hack appears against it
So hacks appear which let the players identify themselves as a non-hackable model....
With that in mind, it's clear that you can read what you quoted in the above sense, and indeed it's the plausible way to read it: it's not "causes a compromised device to be unable...", it's "causes a device with the compromised set of Device Keys to be unable...". Any device using this set of keys--whether it's superDeCSS or any particular machine of the sort that was compromised, or any other machine that shares the same set of keys--will no longer be able to view content--presumably only new content created after the revocation.
To me, this seems to be a golden opprotunity for organized crime, assuming they hire hackers good enough to reverse engineer a particular DVD player.
For example, say Sony make a really popular player, so organized crime get the AACS code hacked and then turn around and extort Sony - give us a lot of money or we'll release the key. If they release the key and this device blocking kicks in, Sony are going to have a lot of angry custumers demanding their money back.
At some point, somewhere, the entire internet will be found to be illegal.
Expect sanity to prevail when the reality of how dumb this would be in practice is finally hammered home to those who hope use this system.
IIRC, DVD-Audio already uses a similar system.
Of course no one's noticed yet because of how, ahem, popular DVD-Audio has been.
At some point, somewhere, the entire internet will be found to be illegal.
Here is why using a stronger crypto or longer keys is not always the answer. The design of the system around it matters too.
)9TSS
...it's not a question of if anyone *can*. There's simply nothing that valuable to steal. To make that work, you need to have an instant crack, instant distribution. Last weeks TV shows have already been on bittorrent for close to a week.
;)), codes were usually lagging with an hour.
Whereas with DVDs, it doesn't really matter how long it takes you. If you can decrypt all DVDs up to that point, the "prize" just keeps getting bigger. And they can't easily undo that, while TV cards can be changed at any time.
That is the big difference, even within the same card the codes keep changing. I know here there was a big uproar when they changed the codes between first and second half of an important football match (that's soccer to you wierdos
So, to sum it up I think TV is pretty safe (unless they actually manage to implement a working broadcast flag), wheres as the new DVDs will be broken. Simply because of the cost/benefit ratio.
Kjella
Live today, because you never know what tomorrow brings
Why not? The player stores the keys in FLASH or something. If a hacked key appears on the net, the content-providers put the revoke-key for it on the next edition of "Digitally Improved Superman XIV" and thats it.
Got that info from a post above. See for yourself.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
If only one person breaks the encryption and creates a 'cleartext' version of the data, whatever data that is, then the non-copyright respecting parts of the world will have their low-cost copies.
So they think they need to have a system so restrictive that not even one person in the world can circumvent it, at a cost is that nobody in the world can then use their fair-use rights of whatever the data is, whether that's putting the soundtrack of a DVD on your ipod, watching a DVD on a laptop on a coach trip, whatever. So we all hate them.
Here's the rub: they probably still don't have a system good enough. So they don't stop pirating.
Finally, when someone, somewhere hacks it, their planned response is to penalise users who own a model which has been compromised...?! How does that effect the hacker?!
These guys are seriously failing to develop a working business model to me.
Justin.
You're only jealous cos the little penguins are talking to me.
I can't imagine hardware vendors would accept that kind of technology abuse. In almost all European countries there is legally enforcable 2 years warranty for hardware products. Even if non-Europe manufacturer provides less time for warranty, retailer shop must comply with full time period.
So, that would be a legal massacre of retailers/vendors/manufacturers by consumers/consumers organisations.
There you are, staring at me again.
See this paper.
Give me a board with two HDCP connectors, an FPGA and a USB port and I'll spoof any commercial HDCP display in a day or two.
Pirate Party UK
The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player.
Which is exactly what CSS also offers. Except they never actually had the nerve to invoke it, because it would be utterly, utterly illegal.
Because HD-DVD was designed to be produced using existing pressing infrastructure, its per unit cost will (at least initially) be much lower than Blu-Ray (which requires new fab plants).
And HD-DVD does not require a caddy. Though several companies have announced coating products for Blu-Ray discs, I don't believe any of them have released additional production costs for using them, which will force Blu-Ray costs even higher.
The studios that support HD-DVD are going to have much better profit margins from HD-DVD releases than they would from Blu-Ray.
As someone else noted, there are more variables than just storage capacity that come into play.
As an aside, HD-DVD can hold a maximum of 60gigs per disc, while Blu-Ray tops out at 50.
Also BLu-Ray players will most likely be more expensive as it is harder to build one that will also play legacy DVDs.
In the consumer space, particularly in these days of $40 name-brand players, cost is everything.
-David
* As is generally the case, my opinions do not reflect those of my employer.
This Aussi-Gringo...
Umm...you do realize that, by virtue of the fact that the Aussies are not of a Spanish-speaking country, they are, by definition, gringos as well, right? Here, read about how it generally refers to Europeans (of whom many Australians are descended), but can actually refer to any foreigner; after all, it is derived from "griego", the Spanish word for "Greek".
...is long dead in my eyes. Online distribution is the way to go. CD discs, DVD discs and any other type of discs for that matter cause huge amounts of pollution. So do their players. Computers obviously also pollute, but the overall amount of damage to earth is less if you buy a player (computer) and download the media to it as opposed to the old, polluting distribution model where the media is delivered using something solid. I will never by solid media again, ever, not because industries who sell the products are evil, but because I care about the future of the planet. Less importantly, something tells me this new DVD-HD thing will not play on my Linux entertainment system, which kind of makes it unthinkable for me to buy it anyway.. (I do not own or want to own a television set, I view it as a limited and outdated device from the dark ages where polluting was accepted.. yes, I know damaging the earth for profit is still accepted, but hey. We are still in the dark ages).
9/11: Never forget it was a false-flag operation
Load the PDF and take a look at page 22 {absolute page number 32 if you're using KPDF or similar non-spyware-infested readers}.
..... The table shows the "nonce number" X is 16 bytes long, which is an awful lot of suspects if you ask me.
"A properly formatted SKB shall have exactly one nonce record. The nonce number X is used in the Variant Data calculation as described below. The nonce record will always precede the Calculate Variant Data Record and the Conditionally Calculate Variant Data Records in the SKB, although it may not immediately precede them."
Looks like they'll be tracking you if you try to watch kiddie porn then
Je fume. Tu fumes. Nous fûmes!
Hmmm, better get started on that framegrabber with the same API as a Windows video card driver...
How the fuck did parent message get modded 4 Insightful? I guess goatcx is insightful for some...
Won't this encourage one manufacturer secretly hacking other manufacturer's devices and leaking the keys to ruin them. A few million to strip the chip or whatever methods are needed would be quite affordable.
It seems that this will just create a really annoying cycle of hackers releasing keys and the movie studios releasing new movies that will not work on systems with compromised keys. Who really thinks that the hackers are not smart enough to stay ahead of this. All this will accomplish is that people may not be able to play new movies with their "blacklisted" player - or people will be required to perform firmware updates if their player has been compromised.
I do not see why any manufacturer would support this scheme since their hardware may be rendered inoperative if the device's key has been compromised. I can only imagine the headaches from pissed off customers.
Geezz, this won't work. They once added a resistor to a phone card so it could read but not 'write' credits used. So easy to trap a write line going high, or muck about with addresses. PGA's are cheap.
There are other flaws, but the most insidious one would be dvd maker a puts out a fake distro of a blockbuster that disables all of makers B keys - with a 6 month delay timebomb. The outcome is certain - lots of angry consumers.
Note definition of a virus worm/trojan - silently sabotaging electronic items with injurious intent
The monopoly given to content owners to determine what others can do with content is subject to some "fair-use" caveats.
Isn't it about time that we, the people who are paying for this content get our fair use rights looked after. Anyone putting DRM controls in place should have a legal obligation to ensure that if if a customer has paid for the right to have access to the content that they also get their fair use rights as well.
It seems to me that the sorts of controlling technologies that are being envisaged here do not safeguard those rights. Isn't it about time we pressurised our democratic representives to ensure that we don't lose them?
Thank you for the clarification. I was seriously wondering why new DVDs would need style sheets. At first I thought it was a typo.
If I can't find a non-DRMed (read: uncrippled) recording of the movie, I won't be watching it.
If I release a DVD where some of the master keys have been removed, then a higher percentage of the DVDs get returned.
Think about it. For most people, their first DVD player is their *last* DVD player. Which is only replaced if something wears out or breaks. Now, with this nifty key-expiring system, the DVDCCA can "break" DVD player's by edict.
What better way to keep people purchasing hardware than to force obsolescence?
The new encryption may complicate making "backups" of movies rented from Netflix, but as far as internet piracy is concerned, this changes nothing. People will simply download the movies with even less hassle, just like they're doing right now. It only takes one hacking group to compromise one key in order to decode the disc or capture the output, repackage the movie to .avi and release it on the Internet. The movie industry wouldn't even know which key or which device is compromised, hence they wouldn't know which license to revoke.
Jesus Christ. AACS sounds like a complete goat-fuck, just waiting to happen. I'm buying front row seats for this one. It's going to be good . There's going to be poor marketing bastards committing suicide over this, just like all the stock brokers jumping out of windows in the early 30's and 80's.
We're going to need an order of body bags and those inflatable moon walks, to go please. Thank you, drive-though!
They care about people making players behind their back which openly flaunt the "region locking" mechanisms that make regional price discrimination possible.
Isn't this against WTO rules? I believe there is a regulation that states that you can't price the same product differently in different economic markets.
Anyone know anything about this?
Absolutely you should. One of the most oft cited reasons for the limiting of rights in the US was to bring US copyright law in line with the Berne Convention. As a matter of fact that was the very reason given for doing away with the registration requirement which has just about killed our public domain because there is no sure way for the average person to determine if whether or not a work is copyrighted.
Time is what keeps everything from happening all at once.
I'm guessing new firmware could be placed on new-release DVDs, which could then automatically flash the DVD player when they are inserted into the drive.
Is this firmware cleartext? If so, super: anyone can just read the new set of device keys straight off the disk.
Or is the firmware encrypted? So what? The entire assumption behind the problem is that someone's already hacked your model and so can decrypt anything it can.
Cool. That's yet another new gizmo I won't be buying. Which will leave me more money for other stuff !
Sky subscribers are morons. They pay to be advertised at !
We all understand that new formats require new hardware (most of the time). I think most people are OK with that, and fortunately such events are few and far apart because the corps understand that consumer won't put up with that too often.
This has nothing to do with this scheme. Revoking a key has no similarities with releasing a new format. The format has not changed, it's just that someone has decided that your 3 month old player should not play disks released from now on. The hardware manufacturers WILL get slammed on that by the consumers, and by the consumer protection agencies. The hardware manufacturers will then start a nasty legal fight against the MPAA (or whatever front they will have for HD-DVD) and the sh*t is gonna hit the fan big time.
There's also a procedure for updating a protected area on the disk using the media key - it looks like pre-recorded media may include a small writable area that can be accessed by approved drives, maybe to store the user's audio and subtitle preferences and the current playback position before the disk is ejected? Or to store your doubleclick cookies before you take the disk back to Blockbuster. ;-)
Here's a question for someone who understands this better than me:
Say I buy an AACS player and an few AACS movie titles in 2006. 2008 rolls around and Tivo decides to start selling AACS players, so they get their AACS key and start selling.
Will my 2006 discs know that they're allowed to be played on a player from a manufacturer whose keys weren't on the old discs?
I'd expect some major class-action lawsuit. Imagine tens or hundreds of thousands of consumers purchasing a product which the RIAA then renders useless without refund. I don't see how any group, even one as powerful as the RIAA, could come out on top of such a lawsuit.
It would be trivial to show that the consumer purchased the player with the intent and expectaction to be able to purchase and play media with it for at least the next several years, and that the player was marketed with exactly that use, and that the consumer was harmed by the revocation of the key for their model of player.
I work for the Department of Redundancy Department.
not sure if all non-UK readers would have got that one.. Apologies to those I am underestimating, but for those of you who don't watch enough BBC, a "nonce", is a colloquial term which originated in prisons to describe a child sex offender.
That should be the first rule in hacking stuff like this. Premature hacks (err optimization) is the root of all evil.
What could possibly go wrong here:
Putting a battery powered electronic trigger locking device on a police officer's sidearm that can be remotely disabled.
Making a consumer product with a built in self destruct mechanism!
Creating a Movie player that can be disabled by using it to watch a movie!
Making a DVD player where you can buy a disc and watch it three times! Profit$!
Let's make a product with known defects and then not back the warranty!
-- $G
I think hacking the revocation keys could be more interesting.
A: Dude, I got this great new movie, wanna see it?
B: Yeah!
[A puts in an HD-DVD-R with all major revoke keys on it]
A: Oh shit, its not working man.
[A enjoys the little prank he played on B who will never be able to watch a movie again on his player...]
The previous sig has been removed due to
And I actually have a suspicion this is as much about 'region-less players' and whatnot as it is about copy protection.
In that case, what are they going to do about the governments of New Zealand and Australia, which are said to have enacted consumer protection laws that forbid region lockout devices?
Everyone is bleating about how the laws of their country will forbid this and how manufacturers will be sued into oblivion. That much appears to be obvious. The technology, while probably crackable, is reasonably interesting. However, neither of these two things are what we should be looking at.
No, in my mind the real interesting thing will be the all-out assault on existing warranty and other laws necessary to make this pig fly. I'd start watching for proposed law changes in [insert legislative body here] that enable something like this to actually go on the market w/o the makers facing huge legal claims.
No manufacturer in their right mind would ever take the risk of getting put out of bussines by one little hack making all their DVD players a piece of trash. AACS is too high of a risk for manufacturers to even consider and is already nothing but a dead proposal.
This description make it sound like there's nothing stopping a content producer from targeting anybody else's player. So then, Sony Studios could use its movie releases to permanently cripple the players from manufacturers that compete with Sony on hardware?
And what about software players? Microsoft is a content producer and they could also produce a player. What's to stop them from disabling Apple players?
Tastes Like Chicken
So the only plausible thing I can think of is that the DVD will write to your firmware saying that your DVD is now FUBAR and you can't play anything making YOUR DVD the ONLY DVD that can't play anything. So I don't see where you guys see EVERY other DVD there being obsolete, I just don't see how...
In Australia it now is, we are not allowed to create any copy protection circumvention mechanisms. To all you Americans: thanks for nothing.
Last I checked US troops aren't marching house to house in Australia, or occupying the Australian parliament.
Blame your own gutless politicians for your own mess. I don't blame Aussies for Bush being in office, despite the fact that one right-wing Aussie happens to own FOX and had no small part in running the propoganda machine that conviced approximately 50% of the US voters to vote the moron back into office.
You're responsible for your own mess, and the sooner you take your own leaders to task for it, rather than blaming a foreign power, the sooner you'll get it fixed. The same goes for us, by the way. The sooner we start blaming our own leaders for the current mess, rather than boogeymen in caves and Al Q'aide, the sooner our mess here in the states will get sorted out.
I don't expect either country's population to do this anytime soon, however.
The Future of Human Evolution: Autonomy
Now we have AACS, which you could pronounce "A-A-C-S", or maybe "Aks" or "Axe".
Or we could all decide to use a soft "C" sound and just call them "Ssss" and "Ass".
;-)
coding is life
Couldn't the industry use the lockout system to attempt to find hackers? Let's say a company has 100,000 DVD players out there. A single player gets cracked. They shut that lock that player out from new releases and the public starts calling. They offer to fix the problem by sending a new player (or just a disc to re-key the firmware?) Couldn't they then send out different versions of the upgrade - so they could start whittling down who is hacking the players by process of elimination? I admit it sounds far-fetched, but there must be something we are missing here, I can't imagine the hardware producers would go for this. People would riot - or even worse, sue!
Jim - your name is Jim...
How long until there are key release groups whose primary goal is the release of the keys to the scene. Sounds like an extension of the cracker groups of today.
Also, this is not going to stop movie release groups. They will be able to get at least one unreleased key which will never get shut down since the industry does not know which one it is.
All this scheme seems to do is arm the scene with tools to combat drm on an even broader scale.
2*31*37*263
The idea of locking out a player sounds harsh, but I wouldn't put it past them. I think in response to that kind of behavior, only a scorched earth policy would be effective. So don't just hack one player, hack them all. Every time a new player is released, someone needs to crack and and release the keys. The idea of player lockout work if you only do it to a select number of models, but once you have to do it to a significant number of the population, your product turns to crap.
A quick read of the specs leads me to believe those wacky MIT students have been running SCIgen again
The grinding sound you hear is a legion of assault lawyers sharpening their weapons.
The first time a "player is revoked" the revoker will get sued out of existence.
If someone were to crack the root of the tree, if they invalidated that one key, all other keys in the heirarchy would also have to be revoked.
It seems like they are going to be extremely reluctant to revoke keys in hardware players. They will be way less reluctant to revoke keys in software players, and might even do it on a regular schedule. If you have a legitimate copy, you can download an update from the same place as you got it. It's certainly a lot easier to extract the key from a software player -- although maybe the key will be in the drive, and not in the software. Emulating and whatnot doesn't help then.
Also, they might put hundreds of keys on each machine. If it's equally hard to extract each one after the previous one is revoked, then people might stop bothering after a while. Revoking a key doesn't hurt the vendors at all, then, so they'll do it freely, maybe even on a regular schedule, as above. They might go through a dozen per year, per player -- every time a hit movie comes out, a key from each player (or each player whose keys they have seen compromised) is revoked. Then, the impact of free downloads on sales is delayed for a few key weeks or months until somebody gets around to extracting the next key and distributing it to everybody who needs it.
There's no absolute security, but there can be enough. Safes are designed not to keep people out indefinitely, but to keep them out longer than they can afford to take trying to get in.
Ok, so you're getting out uber-high quality video. No degradation from the DVD compression.
I've got an uber-high quality video capture card (or i'm grabbing the raq HD-TV digital signal)...i've got a near-perfect copy - one that's still HIGHER quality than the decrypted DVD rip.
Oh - you though they would every stop selling movies on DVD? Ha...PC games still come on CD after all!
So with volume production runs of hardware aes implementations I guess buying crypto asics will get much cheaper. This might get fun... well, unless you're the fbi or the nsa.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Chapter 5 is titled "Uses of On-line Connections".
It details how they can send out titles that don't have the keys on the media, then use an online transaction to get the key.
Section 5.1.1.3 talks about "Cacheable Permissions", which means the device can get the key via an online transaction, which can be stored on the player and "may contain an expiration period after which the device must destroy the permission..."
Wow! It's DIVX all over again! Heaven knows that was OH SO SUCCESSFUL last time...
It was never used, for the same reason that HD DVD can never use it. If someone wants to make an unlicensed player, they will steal a key ouf of a licensed player. Now, in order to stop that unlicensed player from working, you need to stop all those licensed players from working. And then you lose your customers.
Thought experiment: if you're going to make a bootleg player, Who's key are you going to steal? If you steal Sony's key, what are the chances they will turn off this key? Discuss.
I really wish companies would stop treating thier customers as criminals. I've stopped buying Music and DVD's altogether. I got netflix for Movies and Music Choice on my DirectTV for music.
"It's not like your minds are as open as the source you love..." - Me to the majority of Slashdot.
The manufacturers probably love and hate it. As long as they can convince the studios to wait until the players cannot be returned, they just get to sell a new player. You can expect that, by some strange coincidence, every model will get "hacked" two or three years after they stop making them. On the other hand, the studios have a pretty heavy hammer. As far as I can tell, there is nothing stopping them from shutting out a device (even a brand new one) simply because the manufacturer failed to accede to some arbitrary and unrelated demand.
I'm curious how will this affect retail media sales. Right now the usual policy is that they will exchange the media if it is defective but you cannot return it or exchange for a different title. We've already seen situations where entire titles are deliberately released with defects (in that they are not actually redbook CDs). This is different: even if the media is not defective, it still may not play. I'm really wondering how the courts are going to look upon a situation where you have a licensed player and licensed compatible media yet cannot play the media on the player especially if the store refuses to accept your return.
Progressive key revocations will essentially splinter device compatibility, making each brand have differing compatibilities. Given that several of the manufacturers are either content producers or tightly coupled with the same, it is possible that if the revocation is contested they might generate media with non-revoked keys.
Even without this outcome, interoperability would become a nightmare. Lack of compatibility would completely throttle widespread adoption.
Lack of a PC based player would be even worse, in that, in my opinion the DVD format largely caught on as a result of use of PC players with a later transition to standalone players after increasing volume made the units affordable.
Unless [emulator developers] take countermeasures against [detection of an emulated or debugged environment] (which there are).
And then there are counter-countermeasures, one of which has been called Treacherous Computing. Watch HD DVD Video titles be viewable only on set-top players and those PCs with a working TPM. What's the counter-counter-countermeasure against that?
You have to remember that of all the player manufactorers, Sony also has the largest CONTENT distribution. It's almost like they're selling players to sell DVD's, some of which are likely to be from a Sony distributer.
Thus, the content people pressure the hardware people to not have hacks available.
I don't read AC A human right
The keys will be one per model, or something like that (i.e. model 11235a may have the same key as 11235b, but not many models will share if any). Then if that model was compromised, it would disable the key. There may be multiple keys, who knows. But if it were a unique, per-model key, there would be too much to keep track of, and no way of telling if it had been hacked.
I hate grammar Nazi's.
I'm a cryptographer, posting belatedly. I don't know if anyone will see this or read it but I had to comment.
_ no_fig.pdf. I will describe an over-simplified version.
Almost all of the assumptions in this thread are wrong. The system does not work cryptographically in the way people imagine. The technology makes it possible to efficiently revoke INDIVIDUAL DEVICES, not entire model lines. Every device can have a unique key, even if there are millions of them. There is no necessity or desire to make people's non-hacked players stop working. As others have pointed out, this would be INSANE. That's not how it works!
Cryptographically, this system allows the data to be encrypted to any of millions or even billions of devices, using a very short encrypted key block. What happens is that if some of those (individual!) devices get revoked, the size of the key block increases. Amazingly, the size is dependent on how many devices get revoked, not on how many devices there are. If extracting keys from a device is complicated and expensive, and not too many need to get revoked over the lifetime of the system, it will be a success.
The cryptographic technique is described in a paper from Crypto 2001 called Revocation and Tracing Schemes for Stateless Receivers by Naor et al and is available from http://www.wisdom.weizmann.ac.il/~naor/PAPERS/2nl
Imagine creating a binary tree with enough leaf nodes to hold all of the devices (again, this is individual devices, not model lines). Each device is associated with a particular leaf node of the tree. Now we assign a random AES key to every node of the tree, leaf nodes and internal nodes.
At manufacture time, each device is given all of the keys corresponding to its branch of the tree; that is, the key for its leaf node, and the keys for the parent, grandparent, etc. of that node, all the way back to the root node of the tree. As long as the disk is encrypted to one of these keys, the device can play the disk. Note that even if there are a billion device nodes in the tree this is only about 30 keys that a device has to hold, which is trivial.
Now, to create a disk, initially it is encrypted to the root node of the tree. All devices have the key for that node so all devices can play it. The key block is very short. But now suppose that someone manages to extract the secret device keys in their device, they get published on the internet (as happened initially with DeCSS), and everyone is able to use them to decrypt HD-DVDs. (BTW this system is also being used for Blue-ray! Don't think that's going to be any different!) Now what do we do?
What happens is that new disks are no longer encrypted to the root key. Instead, we partition the tree into subtrees that include every leaf node except the one which got its keys published. Now we encrypt the disk data to the root nodes of those subtrees, rather than to the root node of the whole tree. This will allow every other device still to decrypt the data, but that one hacked device can no longer decrypt new disks. The size of the key block grows based on the number of hacked players.
This is an oversimplified version because the size of the key block is bigger than desired. The paper above shows a more complex system, which is actually being used, which makes the size of the key block linear in the number of hacked systems. Assuming that hacking them remains relatively difficult, this should be an effective and efficient content protection system.
Basically this is the same method being used in current satellite TV systems, and for the past few years it has been successful enough that satellite piracy in the U.S. at least is largely a thing of the past.
So the plan to combat this is to create hacked copies of DVDs containing flash updates that would break their player. Stealthfully replace actual DVDs at your local Blockbuster with your hacked version. Laugh maniacally while local chaos ensues...
There may be no "I" in team, but there's also no "F" in way.
I guess we'll have to wait till the first consumer players come out, and hopefully DVD jon or another savior to the fair use terms of copyright, comes along. Maybe the companies should let him test it before they come out with it to the public. The insane amount of encryption being placed on this sort of media is not going to make a large impact. Personally, I do not have a need for HD dvds. Regular DVD's are high enough quality. Consumers cannot keep taking the back seat on things like these, we have rights too and we ultimately control the markets in which these companies thrive. We need to quit buying their products, and launch boycotts of the companies who produce these encryption schemes. I can only hope some sort of class action lawsuit will ensue for the companies who implement this technology in their dvd players and in their dvd content.
As soon as a legit player is prevented from playing something it's "supposed to" play, the manufacturer will be in deep trouble with the fair-trade-enforcement government agencies.
Wanna bet the industry will forsee this and craft a special exemption for themselves, or at least try to legitimize "call us and we'll fix it" programs even when such programs mean you can't use your player for several days or weeks while waiting for it to be fixed?
If this technique only disables modified systems, then they are legally in the clear. As soon as it disables one that's unmodified, they'll have egg on their face.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Ok, from the sound of it, this is how this works: The players each have a 128 bit code The discs have several sets of code, one for each set of players, plus extras for expansion and replacement, presumably. Hacker gets a key from his player and puts it in a DCSS program. Controllers of disc printing (entertainment firms) have that code pulled from the discs. This creates the situation of all discs after that point not being playable in that set of players, and not decodable by that particular iteration of decoder. So this raises the issue of what users of that player do? Will there be a special kind of warrenty for this? Because if they will not replace my player when someone hacks it's 128 bit code, I am sticking with DVD and will pirate whatever I can't get from that format.
This system is clearly not about copy protection. This is system is clearly created to enforce new business models under the guide of copy protection. Copyright law allows the First Owner of the work to, for a limited period, dictate how copies may be passed between owners.
The two different books of this standard provide methods ('Usage Rules') beyond the scope of what copyright law allows, and is, criminally (in most countries), enforceable because the system flies under the guise of a copy protection system, (which arguably erode what is intended by copy right law anyway).
Time to step up to the plate, people.
My cynicism (excuse me?) comes from the fact that the U.S. screwed us over with a "free trade" agreement that basically reduced our freedoms.
You can shut up about me believing in Australia now, as you are evidently wrong and (to put it bluntly) ignorant.
XML is like violence. If it doesn't solve the problem, use more.
Why not? Folks like them keep suing their customers, proving their greed, lying, and generally making people hate them time after time. They were very short-sighted about their previous "protection", which indicates to me that they have little time for the opinion of their "techie" staff. I bet this'll be equally flawed, and figured out soon enough.
If you are an 800 pound gorilla who gives me some "encouragement" by pushing me off the cliff, then yeah, you bear responsibility. HTH.
XML is like violence. If it doesn't solve the problem, use more.
The Cali-Spanglish definition pretty much is "a mild derogatory term for Americans". Though it's nice to know the whole linage behind the phrase, Muchos Danke!
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!