Slashdot Mirror

← Back to Stories (view on slashdot.org)

HD-DVD and Blu-Ray AACS DRM Cracked

Posted by samzenpus on from the that-didn't-take-long dept.

EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?" Warning: this link contains video.

10 of 432 comments (clear)

  1. Not really cracked, more like circumvented by sith · · Score: 5, Interesting

    As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?

    In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.

    We'll see. I think it's good news for us though, no matter what.

    1. Re:Not really cracked, more like circumvented by Myen · · Score: 5, Interesting

      Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.

      If this is a crack for the DRM, then GPG is a crack for PGP.

    2. Re:Not really cracked, more like circumvented by Rufus211 · · Score: 5, Interesting
      As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?


      Exactly. I've read the source code he released and it's less than 500 lines of Java. All it does is open each file on an HD-DVD and call the built-in Java AES decryption functions on each "pack" of HD data. There's a slight bit of handling for the pack format and all, but it's straight from the AACS spec.

      Now the interesting thing I found from the "pre-recorded video book" spec were these two quotes (page 18):
      A licensed product shall treat its Device Keys as highly confidential, as defined in the license agreement.
      and
      Except where otherwise provided for in these specifications, the values used to enable playback of AACS content (e.g. Title Keys and Volume ID) shall be discarded upon removal of the instance of media from which they were retrieved. Any derived or intermediate cryptographic values shall also be discarded.

      So it seems that PowerDVD (or whatever player was used) was fully within the spec to no protect the Title Keys that are assumed to have be swipped by this prog.
    3. Re:Not really cracked, more like circumvented by Junta · · Score: 4, Interesting

      Looks like from his FAQ that he figured a deterministic way a particular piece of HD-DVD software stores the key in memory. Of course, it's always going to be the case the key is in memory during playback, finding the address would be the pain.. Wonder how he knew what to look for so quickly... Well, suppose he did have a couple of distinct movies, he probably had a set of addresses that obviously changed between discs or titles, and probably some tell-tale strings...

      So he probably doesn't have the program's key (it would be in memory a short time probably if well implemented, but ultimately probably gettable, if the program can read it's own key, anyone can). However, expect content providers to audit how easily the key material is locatable in memory (i.e. how deterministic the key memory address is relative to program base address) and revoke keys in future pressings and force upgrades to software users.

      Of course, with a few keys out it becomes problematic to hide the locations. Ultimately, the program has to know the offset to the key to use it, so there are going to be hoops to jump through, but using a known title with known key means the address of the key can be found and sampled over a few playback attempts, the memory address of the program analyzed to see if some pattern emerges or some variable points the right way....

      BTW, if it was PowerDVD (which he never explicitly said), he is cocky actually showing that program running in his demonstration. PowerDVD is going to be under careful analysis now and his job will be made more difficult likely.

      Of course, he could be more clever than I'm guessing, but the indications seem to be memory analysis of HD-DVD playback software.

      Anyway, beyond making more hoops to go through, content providers cannot be so stupid as to think the problem technically insurmountable. It's all about demonstrating clear intent to violate DMCA and take legal rather technical measures to 'deal' with the problem.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    4. Re:Not really cracked, more like circumvented by afidel · · Score: 4, Interesting

      Nope, unlike CSS keys AACS keys are revocable, so the keys for the cracked version of PowerDVD (or whatever player has been compromised) can be denied by new media. Basically they encrypt the media's decryption key with the public keys of all of the licensed devices and once a player has been compromised they no long use that tainted key (It's actually kind of the reverse of this process, but it gives you an idea of what they accomplish and the general idea of how). Of course if many players are compromised it is unlikely that the content companies will be able to revoke all of their keys, because that would lead to a backlash against the format as consumers devices suddenly stop playing new titles. What I'm personally waiting for is an industrious hacker to expose the key of a popular hardware player, forcing an upgrade of a software player is one thing, requiring naive users to upgrade the firmware of their hardware player is going to be labor intensive. Either they will need lots of helpdesk type staff, or lots of depot technicians to actually do the upgrades for the users. Either way lots of users won't figure out what the problem is and will simply blame the hardware vendor/format.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  2. Wrong conclusion... by im_thatoneguy · · Score: 5, Interesting

    The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'

    I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:

    "Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.

    It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.

  3. Cracker actually working for HD-DVD Consortium? by BenJeremy · · Score: 4, Interesting

    Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?

    The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?

    If true, it's brilliant.... if not, then they missed the boat.

  4. Re:It takes a while... by interiot · · Score: 4, Interesting

    I don't really know much about it, but keys included in the package are title keys (eg. download the source code, see Readme.txt and TKDB.cfg, and see the list of keys for specific titles: Full Metal Jacket, Van Helsing, Tomb Raider 1, Apollo 13, The Last Samurai, and The Fugitive). Those keys probably can't be revoked (those specific titles are already mastered and are in release). But do the included keys give the AACS people enough information to identify the specific player that the author is using to extract the title keys from?

  5. Great job with the title keys by Myria · · Score: 4, Interesting

    The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.

    The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.

    A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.

    The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).

    DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.

    Melissa

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
  6. Re:Cheers! by KingArthur10 · · Score: 4, Interesting

    The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.

    --
    I came, I saw, She conquered.