HD-DVD and Blu-Ray AACS DRM Cracked

← Back to Stories (view on slashdot.org)

HD-DVD and Blu-Ray AACS DRM Cracked

Posted by samzenpus on Wednesday December 27, 2006 @05:45PM from the that-didn't-take-long dept.

EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?" Warning: this link contains video.

16 of 432 comments (clear)

Min score:

Reason:

Sort:

Not really cracked, more like circumvented by sith · 2006-12-27 17:51 · Score: 5, Interesting

As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.

We'll see. I think it's good news for us though, no matter what.
1. Re:Not really cracked, more like circumvented by Myen · 2006-12-27 17:57 · Score: 5, Interesting
  
  Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.
  
  If this is a crack for the DRM, then GPG is a crack for PGP.
2. Re:Not really cracked, more like circumvented by Rufus211 · 2006-12-27 18:10 · Score: 5, Interesting
  
  As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?
  
  Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.
  
  Now the interesting thing I found from the "pre-recorded video book" spec were these two quotes (page 18):
  A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.
  and
  Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.
  
  So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
3. Re:Not really cracked, more like circumvented by Junta · 2006-12-27 19:06 · Score: 4, Interesting
  
  Looks like from his FAQ that he figured a deterministic way a particular piece of HD-DVD software stores the key in memory. Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain.. Wonder how he knew what to look for so quickly... Well, suppose he did have a couple of distinct movies, he probably had a set of addresses that obviously changed between discs or titles, and probably some tell-tale strings...
  
  So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.
  
  Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....
  
  BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.
  
  Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.
  
  Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
4. Re:Not really cracked, more like circumvented by Anpheus · 2006-12-27 19:46 · Score: 3, Interesting
  
  It's an infinite regression of cats and mice, not turtles! But seriously, it seems to me a lot easier to find the function that performs the decryption, which should be easy to find because AES is a common algorithm, see which argument is the input key, and then insert assembly to output that key somehow, store it in a known location in memory, etc. Of course, then it would be their turn to respond by either revoking the key in new releases, or obfuscating the decryption function at a low level, etc. However, it still seems to me that it would be much easier to edit the machine code than to screw around with context switching and hoping to grab a useful pointer or the key itself. It sounds like the first battle was won, but it'll be interesting to see what the DRM guys do next.
5. Re:Not really cracked, more like circumvented by deroby · 2006-12-27 21:38 · Score: 3, Interesting
  
  Not quite sure I understand how this works then =(
  
  If each disk contains a (limited) set of keys, one for each model like you say, what will then happen when a new model comes out next year and I put my 'old' DVD-HD disk in there ?
  => the model didn't exist yet, hence, there is no key, hence, my 'newest' player can't play my 'oldest' movies anymore ? Or did they just foresee 10.000 keys and assign them to models as they get released ? (plenty of space on these shiny disks after all).
  
  Additionally, wouldn't finding 1 private key (say for example from PowerDVD) allow for a (maybe not so brute as it seems ?) exhaustive search for all the other private keys of all the other players ? They might decide to 'disable' a certain key from a certain model, but I very much doubt they can keep on doing this ... I think.
  (I guess if someone set something up like Distributed.Net for finding these keys, it wouldn't take that long to decrypt them all. After all, if you know the result, it's just a matter of trial & error. Yes it will be HUGE task (not sure how many bits the key holds, didn't watch TFA, nor am very educated on the subject) but the amount of CPU-power allocated to it might be tremendous here... Finally a "good" use for all those botnets =)
  
  (I might be missing something (or even a lot) here ... )
  
  --
  If there is one thing to be learned on slashdot, it has to be sarcasm.
6. Re:Not really cracked, more like circumvented by afidel · 2006-12-28 02:53 · Score: 4, Interesting
  
  Nope, unlike CSS keys AACS keys are revocable, so the keys for the cracked version of PowerDVD (or whatever player has been compromised) can be denied by new media. Basically they encrypt the media's decryption key with the public keys of all of the licensed devices and once a player has been compromised they no long use that tainted key (It's actually kind of the reverse of this process, but it gives you an idea of what they accomplish and the general idea of how). Of course if many players are compromised it is unlikely that the content companies will be able to revoke all of their keys, because that would lead to a backlash against the format as consumers devices suddenly stop playing new titles. What I'm personally waiting for is an industrious hacker to expose the key of a popular hardware player, forcing an upgrade of a software player is one thing, requiring naive users to upgrade the firmware of their hardware player is going to be labor intensive. Either they will need lots of helpdesk type staff, or lots of depot technicians to actually do the upgrades for the users. Either way lots of users won't figure out what the problem is and will simply blame the hardware vendor/format.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Wrong conclusion... by im_thatoneguy · 2006-12-27 18:02 · Score: 5, Interesting

The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'

I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:

"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.

It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
1. Re:Wrong conclusion... by spire3661 · 2006-12-27 20:51 · Score: 3, Interesting
  
  Again here we are. The gulf between media and licenses. He paid for legal license to watch said performance. Why on earth should he be charged full price to watch the same performance in a different format. If we could find a way to separate license and format, the digital age could truly begin. But the media companies dont want to make the license and the media separate. If I buy a HD-DVD, and I want a DVD copy of it, I should be able to get one at the cost of manufacturing the MEDIA , not the media AND the license. I could go on and on, but the point is, beyond value added pieces to new formats, the license should be sufficient to be able to watch that performance anywhere, in any format.
  
  --
  Good-bye
Cracker actually working for HD-DVD Consortium? by BenJeremy · 2006-12-27 18:06 · Score: 4, Interesting

Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?

The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?

If true, it's brilliant.... if not, then they missed the boat.
Re:It takes a while... by interiot · 2006-12-27 18:14 · Score: 4, Interesting

I don't really know much about it, but keys included in the package are title keys (eg. download the source code, see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?
Re:It takes a while... by qbwiz · 2006-12-27 18:15 · Score: 3, Interesting

Wouldn't it suck to have your HD-DVD player stop working for new titles, because someone was using its key? Or are all HD-DVD players networked, so their keys can be changed at any time?

--
Ewige Blumenkraft.
Great job with the title keys by Myria · 2006-12-27 19:56 · Score: 4, Interesting

The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.

The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.

A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.

The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).

DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.

Melissa

--
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Re:Cheers! by Ironica · 2006-12-27 21:31 · Score: 3, Interesting

Anyone over the age of 40 I've talked to about the two formats has said, "What, you mean like Betamacs and VHS?" Just keep telling people that that's what this reminds you of, and wait for someone to start selling a less draconian product.
Um, except, VHS became the dominant format for many years, until (the more draconian) DVD unseated it. So the Betamax/VHS issue doesn't really serve to predict the failure of both formats, nor the rise of a new format which is more open.

--
Don't you wish your girlfriend was a geek like me?
Exactly! by Dion · 2006-12-28 04:04 · Score: 3, Interesting

I've been saying this for a while.

The way this will work is that undiscovered player keys are used to decrypt title keys and the title keys them selves are then distributed.

As long as everybody keeps his piehole shut the collection of title keys just grows and grows, maybe even by dynamically requesting a title key before playing a movie.

If a player key is discovered and disabled by the goonsquad then that player key is simply published along with the title keys that it can't be used to obtain, that way the whole key package shinks every time the evil content overlords disable a key.

It's likely that player keys will be discovered with some frequency, so the freedom fighters might choose to publish player keys on their own just to shink the key package.

Someone needs to put together the infrastructure to support title key distribution and some dynamic way of decrypting an encrypted title key.

--
-- To dream a dream is grand, but to live it is divine. -- Leto ][
Re:Cheers! by KingArthur10 · 2006-12-28 04:04 · Score: 4, Interesting

The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.

--
I came, I saw, She conquered.