Slashdot Mirror
HD-DVD and Blu-Ray AACS DRM Cracked
EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?"
Warning: this link contains video.
As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?
In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.
We'll see. I think it's good news for us though, no matter what.
The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'
I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:
"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.
It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
How exactly are their DRM schemes any more restrictive than DVD's?
Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?
The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?
If true, it's brilliant.... if not, then they missed the boat.
I think Hollywood has a slight edge here. Consider this: Ripped DVDs came around to 4 - 4.5GB and while this isn't a huge amount of diskspace, it is still a considerable amount of space. Even so, a 250GB HDD (you can get this for
Now coming to HD-DVDs (the screenshots from the article show approximately 24GB of space being used or 24GiB, whatever tickles your fancy). This means a 250GB will be able to hold
The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and store it on your fileserver for the next year or two. This is awesome news but i am not sure i'll be ripping HD-DVDs/Blu-ray disks like i used to rip DVDs. These things take way too much space. Hollywood would have an edge if they priced the stuff at around 15-20$ - i'd buy one than let a movie take up 30GB on my machine.
I don't really know much about it, but keys included in the package are title keys (eg. download the source code, see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?
Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key? Or are all HD-DVD players networked, so their keys can be changed at any time?
Ewige Blumenkraft.
I recall reading (a long time ago) that teh intarnet pirates had already ripped about 3/4 of Net Flix's catalog. I imagine that they've upped that percentage significantly since.
IMO, once the knowledge behind grabbing disc keys spreads, every single HD title that comes out will promptly have it's disc key ripped out & uploaded to some gracenote style database.
Release groups are very dedicated to what they do.
[Fuck Beta]
o0t!
The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.
The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.
A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.
The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).
DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Don't you wish your girlfriend was a geek like me?
That key is then encrypted repeatedly with all of the device keys that are currently authorized to play that disc.
This is a classic error in cryptographic software implementation, that can lead to revealing of all keys.
once you know the title key, you can then get all the player keys by using a known plaintext attack... and instantly crack all keys encoding your title key
Yes, but in this case you don't have one legal user for every compromised key, you got thousands, if not millions potential users of a single key.
Welcome to Europe, where no-one wants to be unable to import films from the US.
With the new formats I expect it to be less of an issue eventually; at least we've lost PAL speedup now that our discs are 1080p/24 as well. But my US HD-DVD owning friends have now gone import crazy - HD-DVD's lack of region encoding is a huge bonus, and from a copy protection point kills at a stroke the need to bother with chipping for most people.
Although I've heard nothing other than rumours, I think Lions Gate at least are going to have to go dual format at CES, simply because all the (currently Blu-Ray exclusive) jewels in their US catalog keep coming out on HD-DVD through Canal+ and others in Europe and Japan. Once the money men start seeing the exclusivity is losing them money, I expect things to change.
"I Know You Are But What Am I?"
Actually, if they are title keys then it probably is NOT enough to finger the player. The player key is used to decrypt the title key, which is used to decrypt the content. The content is only encrypted with one title key, and has no relation to the player key. So as long as you only release title keys there is no way for them to know what player(s) have been compromised. Of course most hackers will probably release their findings as cracks to the software program, but eventually a smart one will simply setup a CDDB style database with title keys and any program will be able to read the media ID, download the title key, and use the reference decoder implementation to decrypt the content. THAT is how you get around key revocation =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I've been saying this for a while.
The way this will work is that undiscovered player keys are used to decrypt title keys and the title keys them selves are then distributed.
As long as everybody keeps his piehole shut the collection of title keys just grows and grows, maybe even by dynamically requesting a title key before playing a movie.
If a player key is discovered and disabled by the goonsquad then that player key is simply published along with the title keys that it can't be used to obtain, that way the whole key package shinks every time the evil content overlords disable a key.
It's likely that player keys will be discovered with some frequency, so the freedom fighters might choose to publish player keys on their own just to shink the key package.
Someone needs to put together the infrastructure to support title key distribution and some dynamic way of decrypting an encrypted title key.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.
I came, I saw, She conquered.
Not me baby....you ever try to carry TWO 32" CRT's??
Hehehe..seriously....I am completely over CRT's....no matter the cost....just too bulky and heavy. This is especially true for computer monitors...but, also true for television.
My preference? DLP Projectors....that that expensive...with a screen, less than many large LCD or Plasma tv's...are HD resolution compatible...and take up very little room, and are easily transportable. Hell...I can grab my projector...take to a friends house and hook to their dvd player, and have 'portable' movie night just about anywhere.
For a bit over a grand...100" picture and great resolution, and taking up very little room.....I don't think they can be beat.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........