Slashdot Mirror
HD-DVD and Blu-Ray AACS DRM Cracked
EGSonikku writes "According to this article on Endgadget, the AACS DRM used in HD-DVD and Blu-Ray has been cracked. The program allows one to decrypt and dump the video for play on a users hard drive, or it can be burned to a blank HD-DVD and played on a stand-alone player. According to the accompanying video, a source release for the program will be made available in January. Time to get that $200 Xbox 360 HD-DVD drive?"
Warning: this link contains video.
As best as I've been able to gather from what I've read today, the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys. It seems very likely from everything I've read that he is pulling the keys from the PowerDVD program - perhaps they're left unencrypted similar to the original DeCSS obtained a key from the Xing player?
In any case, it will be interesting to see how this is dealt with, and whether key revocation can/can't break this. The author thinks it can't - the cat is out of the bag and is staying that way.
We'll see. I think it's good news for us though, no matter what.
Not to me, it isn't. This will help speed up the adoption of these formats. I'd like them both to totally fail, due to their restrictive DRM. As long as the formats enjoy some success, the content providers will keep pushing for the strong DRM.
The site's Farked, Digged, and everything else already, but here's the forum this was first posted to: http://forum.doom9.org/showthread.php?t=119871
It contains a download link to the program.
Give a man fire, and you warm him for the night. Set a man on fire, and you warm him for the rest of his life.
But I would like to know how this will affect the customer as well. I know short term that DRM is bad and all, especially with the "where there's a will, there's a way" mentality in cracking it, but seeing as how these companies invest (or rather waste) millions in copy protection schemes, will they jack the prices up to cover the cost of their mistakes? I think this practice has become mainstream, no?
Fighting over religion is like seeing whose imaginary friend is best.
The correct conclusion is: 'Finally! Now I don't have to buy an HD-DVD Player.'
I don't mind purchasing an HD-DVD and then just downloading its illegal doppelganger. I DO mind purchasing an overpriced paperweight to keep me legal. I looked at Xbox Live Marketplace from the perspective of:
"Rent 44 HD movies. or Buy HD-DVD Player and a movie." I decided I would get much more HD goodness out of downloads than just a player.
It's sort of like the way I purchase Star Trek for my Xbox and then download a copy for my PC as well. Sure it's illegal, but I look at it from the perspective of: I purchased it so that I could watch it, and watch it I shall.
Cracked already? I had December 29th in the pool.
It must have been something you assimilated. . . .
Really just a stab here, but maybe given lackluster sales of hardware, the consortium hired a ringer to play "DVD Jon" for a day and "leak" the crack to the public, thus encouraging some support from a DRM-weary public?
The industry knows piracy is not really a big problem - they still make mountains of cash, and society needs a little underlying "lawlessness" (like speeding, for example) to ease pressure. Perhaps some industry insiders sick of kowtowing to the IP Lawyers decided to leak the crack to the public in a round-about manner?
If true, it's brilliant.... if not, then they missed the boat.
ed2k://|file|BackupHDDVD.zip|17964|4860e9248663d52 dc47bfc98d61ec6d7|/
magnet:?xt=urn:bitprint:ZHZI65X7J4NIX7TU7KLDIZXIJA 62SXX7.OBRERVSGGVO4OMWW7JN7BPC2BPDCE2U5NBUVU3Y&xt= urn:ed2khash:4860e9248663d52dc47bfc98d61ec6d7&dn=B ackupHDDVD.zip&xl=17964
If anyone wants to try it out, here is a link to the executable and source code (Java)...
http://forum.doom9.org/showthread.php?t=119871
There is more detailed info in the included FAQ. The bad news is, the program itself isn't actually "cracking" anything. The author used publicly available AACS documents to write his own decrypter (e.g. just as PowerDVD or WinDVD would). The catch is, you must provide the decryption keys to this software in order to rip the movies from the disk.
However, the good news is, it looks like he may have found a way to extract the needed decryption key(s) from the HD-DVDs. He doesn't explain how in the documentation or provide any keys, but if he figured it out I'm sure others will - and that means more advanced and powerful tools shouldn't bee too far off.
now that it is crack, I might buy one :)
No sig for now.
I think Hollywood has a slight edge here. Consider this: Ripped DVDs came around to 4 - 4.5GB and while this isn't a huge amount of diskspace, it is still a considerable amount of space. Even so, a 250GB HDD (you can get this for
Now coming to HD-DVDs (the screenshots from the article show approximately 24GB of space being used or 24GiB, whatever tickles your fancy). This means a 250GB will be able to hold
The point is with the Hi-Def media, it doesn't make as much sense to rip every movie you have and store it on your fileserver for the next year or two. This is awesome news but i am not sure i'll be ripping HD-DVDs/Blu-ray disks like i used to rip DVDs. These things take way too much space. Hollywood would have an edge if they priced the stuff at around 15-20$ - i'd buy one than let a movie take up 30GB on my machine.
Basically HD-DVD and Blu-Ray aren't even options for me at this point as the DRM associated with it has me shaking my head. While I'm willing to pay $20+ for a movie, I want to be able to use the movie on my terms after the initial purchase.
If this hack proves to be valid, I would actually consider investing in the technology as it opens the format up to Linux/Unix/OSX/etc.
It sounds like he didn't "crack" AACS, he just extracted the disc keys for certain titles.
A quick and dirty and probably somewhat inaccurate description of the way AACS works is that each disc is encrypted with a single 'disc key' and then that key is encrypted once with every known 'player key,' and each of those is stored on the disc. So, if you have an authorized player, it will find the version of the disc key that it knows how to decrypt and then use that to decrypt the disc for playback.
My guess is that he used one of the software players like WinDVD or PowerDVD that now sort of support HD-DVD and BLU-RAY. But instead of extracting their player key and publishing that, he played a disc in a debug environment and extracted the 'disc key' for that specific title.
The studios thought that they would be able to 'revoke' disclosed player keys by just not using them on any discs pressed after the disclosure was made public. This guy's approach seems to be to distribute disc keys and then anyone with the same disc can decrypt that specific title, thus making it harder for the studios to guess which player keys need revoking.
I think that this guy's approach will be most useful to widescale pirating because all it takes is for one person to decrypt a movie and share it with a billion of his closest friends. But the 'regular joe' who just wants to copy his BD-HDs to his hard disk for ease of playback or maybe to cut clips from it for his own home movie won't benefit because chances are, the keys for his particular discs won't be widely known enough for him to find them.
So, I now look forward to various HD titles from disc (rather than from broadcast, which are already common if you know where to look) showing up on P2P and elsewhere, I'm still not purchasing any AACS playback system since the "crack" is not (yet) useful enough for me to exercise typical fair-use rights of format shifting and personal editing.
When information is power, privacy is freedom.
It seems to me most people are seeing this as a means to:
A) Place-shift HD-DVD content (despite current storage constraints)
B) Pirate HD-DVD content (despite current bandwidth constraints)
when I see the much more immediately relevant issue being that of HDCP: If this crack can be rolled into something on the order of a VLC plugin, there's a chance I'll actually be able to use my technically-more-than-capable, yet not-a-member-of-the-HDCP-club LCD display to view commercial 720p content.
Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
Notice the title key is all 0's, which is obviously wrong.
All zeros?
That's amazing, I've got the same combination on my luggage!
XML is like violence. If it doesn't solve the problem, use more.
B a c k u p H D - D V D F A Q
-What is "Backup HDDVD" for?
It can do backup copies of HD DVD movies that YOU OWN! I don't want anyone to do piracy here! This software is a good way to protect your investment, because I have notice that this type of media seems very fragile, if it's scratched a little or dirty, it won't play. It seems less tolerent than DVD format. (Higher density!)
-What "Backup HDDVD" is doing exactly?
This is a java based command line utility that decrypt video files (.evo) from a HD DVD disk that you own, to your hard drive and you can play them back with a HD DVD player software.
-What are the system requirements to use "Backup HDDVD"
1 - A Windows based system
2 - A HDDVD disk drive
3 - A HDDVD player software (like PowerDVD)
4 - A HDDVD movie(s)
5 - Java rutime 1.5
6 - The possibility to access the content of the disk with a drive letter under windows.
(you may need UDF 2.5 file system driver for this)
7 - A lot of free hard disk space to backup your movies!
-Was your first HDDVD movie hard to decrypt?
It took me around a week to do. But I have wasted few days
trying to work on too complicated approach. In fact, it is very simple.
-How do you do that?
The program itself has nothing special. It simply implement the AACS decyption protocol. I have followed the freely available documents about AACS
Have a look at: www.aacsla.com The trick, is to find what they call the "Title keys". So I figure out how to extract them.
-How do you extract the "Title keys"?
I won't explain it in detail. Read the AACS doc first. You will understand. The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the decrypted version of the title key? Think about it...
-What kind of crypto algorithms are involved?
Standards algorithms:
ECC-160
AES-128
Look in the AACS doc for more details.
-What is the TKDB.cfg file?
This is the Title key Database file. It holds the decryption keys for the movies.
-What is the format of this file?
Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
Next fields are pipe "|" delimited.
-Movie Title
-A variable number of Title key, pipe delimited
You have a key number followed by the key value like:
12-08A3DC61910280F2...
Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.
-The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
Here is my TKDB.cfg:
CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-0000000000000000000000
0000000000
486198E3855B57CD40F6DC0C60645BDE8E1E9AC5=Van Helsing |19-0000000000000000000000
0000000000
3D357B0653A66176583C5218FD0149EAF8832FB0=The Last Samurai | 1-0000000000000000000000
0000000000
-What do you think of the technical aspects of AACS?
The design is not that bad, but it's too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs
to get the keys! There will always be insecure implementations of a player somewhere! And the "Revocation system" is totaly useless if you use
the Title key directly.
-Is there any known problems with the decryption?
Yes. I call this problem the "Nav chain" bug. I realize that I have a lot of frame skipping at playback after the decryption, so I hunted down the problem. To avoid the frame skipping, I patch the video file. This fix allows smooth playback of the movie, but there are some side effects.
-What are the side effects of the "Nav chain" bug fix?
You cannot do fast forward, or backward using the round dial, but you can still use the progress bar to navigate through the film. So it's not that bad... For some reason, the sub-titles don't seems to work anymore. It may be a side
Tired of free ipod spam sigs? Opt ou
So the player key is hard to get at, so this guy worked around it and just copied the title key from memory, which is encrypted on disc with every player key. Since you have the plain text (of the title key) and each of the cypher texts(the encrypted title key), aren't there attacks to figure out all the player keys? And actually its worse since you have many(possibly all?) title keys and all their corresponding encrypted versions that has to extremely limit the search space for the player keys. This would be an even worse problem since they cant just revoke every key. All the hardware would break! Lawsuits galore!
Seems like the whole house of cards will fall down.
The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.
The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.
A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.
The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).
DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Trusted Computing solves this 'problem'. Debuggers won't be allowed to run on 'protected' programs, and this will be enforced on the hardware level (each program will effectively have to ask for permission to run).
For right now, not everything has TPM. We'll see how this changes in a few years (almost all new computers do include the TPM chip).
I agree. We shouldn't have to risk harassment from the *AA for exercising rights that have been granted to us by precendence in different countries, especially those which find their root in UK/Commonwealth legal systems.
It's unfair to expect the individual consumer to fend off such attacks, and insulting to the intent of law to allow the attacks to occur in the first place. The *AA and the various DRM fans are responsible for developing products and solutions/proposals that are compliant with the laws of their target markets, and should not be trying to shove their vision down our throats just to protect oligopoly and monopoly economic models.
The same goes for all industries. Why else has the EU so soundly rejected US proposals to make their patent database a global starting point for managing IP? It's stuffed with speculative junk patents.
I do not fail; I succeed at finding out what does not work.
I do not agree that piracy has anything to do with losses. Who is to say that those that watch movies without paying a fee would actually pay to see them in the first place?
The only way there is a real loss is if some one is SELLING copied DVDs as if they are original. That is not what we are talking about here. We are in this insane mindset that if we see or hear something that we owe money to some one for it.
Utter stupidity if you really think about the concept.
The only way there is a real loss, is if you counterfeit the media and sell it to some one that actually WANTS to pay for it.
This whole issue of IP ownership makes no sense if one steps back and clearly thinks about it.
Cheers
* Carthago Delenda Est *
Who said the source was 320p? The source for most movies is a 35mm film print. The current digital cinema spec calls for resolutions that are essentially 1080p and 2160p.
Something like "Just like the Beta-emacs vs vi-HS wars!" ?
Why would those things matter at all? 99% of your time will be spent in the java-provided AES decription routines. Optimizing a single hash lookup will make about 0 difference.
Lookup premature optimization is and learn from others mistakes.
Don't you wish your girlfriend was a geek like me?
May contain traces of nut.
Made from the freshest electrons.
I like that, the "ease of chipping" feature as a major selling point!
That's not a meaningful statement, I can have endless bits which will consist of nothing but random noise. As for how many lines of resolution is actually achieved by film, you can read here. The actual study referred to is here (pdf). The summary: So basicly, good film is HDTV (between 720p and 1080p somewhere). Film transfered directly to digital has about 1400 lines of resolution, which is better than current direct digital productions, but not by much (most production grade is 1080 lines, and so are people's HDTVs). Of course, while this is done using 'typical' equipment it's of a resolution chart under excellent conditions, I expect an actual movie would have less.
Live today, because you never know what tomorrow brings
DVD had more to offer over VHS compared to HD-DVD and BluRay over DVD. DVD offered no rewinding, special features, easy chapter browsing.. All things that VHS lacked. That's why DVD won over VHS. All they're offering in HD-DVD and BluRay is Slightly Higher Def, which is lost on like 95% of the TV owning public. Oh, and restrictive phone-in DRM.
Not a Twitter sockpuppet... but I wish I was.
Always look to the porn industry. Where is the porn industry at right now? Still on DVD and downloadable content. Downloadable content is the future. Sing it with me "Downloadable Content is the way to go."
Can I bum a sig?
Maybe if the powers behind the format had put aside their petty squabbling and released a single format, they could have devoted their energy to finding a market for the format. Now they're busy battling each other for market share, yet this competition doesn't seem to be benefitting consumers. By the time they have a format inexpensive & useful enough, a new format will have likely come along & crptured the public's attention anyway.
HD is not a selling point. It may be useful as a marketing term. I hear many stories - and know some firsthand - of people who connect their flatscreen to a DVD or SD cable and think they have HD. Most people don't know the difference & can't be bothered to learn. Until their is one high capacity disc format, and it's affordable enough to compete against hard drives for storage or flash memory for portability, the manufacturers are wasting their time - and ours. Lack of DRM alone won't sell this.
Yes, but I guess nowadays most people are assuming that consumers won't want to get involved in a corporate battle for format control like they did not then, not knowing that their newly purchased betamax machines would be shiny pieces of garbage as they had to buy a second VCR. I think acknowledging this as Betamax/VHS is to acknowledge the fact that it's wise not to get involved while the two respective companies duke it out. Which is exactly what a lot of people will do, while continuing to buy DVDs.
Judges and senates have been bought for gold; Esteem and love were never to be sold.
And the Sony C6 Betamax recorder, given a decent aerial, could record the Teletext signal along with the picture (even if your set was non-Teletext, since it's being picked up by the recorder's internal receiver). I never even realised VCRs weren't supposed to be able to do that. All those old Betamax cassettes in lofts and cupboards are hiding not only subtitles, but little vignettes of the news and sporting events of the day they were recorded.
The only problem was that in order to get that resolution better than 280 lines (think about it - that's only chucking away 32.5 of 'em, which isn't bad), a Beta machine needed more moving parts than its VHS cousin (although they moved less often. VHS laced the tape when you pressed PLAY and unlaced it when you pressed STOP. All fast-winding was done inside the cassette -- which allows you to move the tape faster, but you cannot switch to picture-search without lacing it. Betamax laced the tape the first time you pressed PLAY and unlaced it when you pressed EJECT. Fast-winding was done inside the cassette until you first pressed PLAY [to allow for rapid rewinding before watching], and thereafter, with the tape laced; making it possible to switch instantaneously from fast-wind to picture-search.) Thus, VHS recorders were easier to field-maintain. And in an era before everything was made to be disposable, that was the deal-clincher.
Je fume. Tu fumes. Nous fûmes!
NOW I am willing to buy hi-def DVDs since I can:
- Take advantage of Fair Use (make backups, format-shift to my PocketPC, keep copies of the movies on my HDD)
- Play DVDs on Linux
- Not worry about downsampling output on non-HDCP video cards
Now the Blu-Ray vs. HD-DVD format war does not matter so much. Does anyone here care WHICH one wins now that both have been cracked?
Thanks guys, you rock!
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
danpsmith wrote and included with a post:
Unfortunately, the video companies did not learn one of the factors that made CD a success: a single format. Although many formats were proposed, only one was chosen and accepted by the music industry. They saw what happened with Quad (seven incompatible formats), and were determined that CD not meet the same fate.
Due to the format war going on between the two DVD successors, I will stay with DVD and sit out the war until long after there is a victor. For me, DVD is good enough for now and I have no pressing reason to move to either format. It is the same reason that I am staying with CD, versus going with either of the CD successors.
I wouldn't be surprised if the above paragraph reflects the views of many people concerning the new formats.
This guy wrote a Javaclient based on the open AACS spec which can decrypt the AACS format using Java AES calls.
The program takes a title key as input.
This is nothing special - any student given the spec could write this.
For the whole thing to work, needs a title key.
He did not include those keys - as someone here pointed out, what looks like a key are infact hash-indici to associate the discs with the keys - the keys are however nulled out.
He now claims that it is easy to find the keys if you're looking in the memory.
Case 1: He is right:
According to AACS rules, you need to keep the keys highly confidential. The robustness rules would explain this, I assume you have to hide things from debuggers and not keep keys clean in one memory location, etc... Black art of tamper-resistance is required.
If the player vendor didn't do that, they face serious consequences in addition to the key being revoked.
Case 2:
He wants that others try to find the keys, because he could not do it himself.
Case 3:
This is a hoax and on January 2nd, when he offers us the update, he will laugh at us all
Case 4:
Someone is trying to badmouth something here, be it HD DVD, AACS or PowerDVD
Anyway, I guess we need to wait. Until then, nothing has been proven....
The irony of that was that the format that eventually won (VHS) was technologically the worst of the three. The format that lost out the fastest (V2000) was technologically the best of the three (by far actually). If there is something to be learned from this it is that technological superiority doesn't count for much in setting global de-facto standards.
www.sjbaker.org
I've been saying this for a while.
The way this will work is that undiscovered player keys are used to decrypt title keys and the title keys them selves are then distributed.
As long as everybody keeps his piehole shut the collection of title keys just grows and grows, maybe even by dynamically requesting a title key before playing a movie.
If a player key is discovered and disabled by the goonsquad then that player key is simply published along with the title keys that it can't be used to obtain, that way the whole key package shinks every time the evil content overlords disable a key.
It's likely that player keys will be discovered with some frequency, so the freedom fighters might choose to publish player keys on their own just to shink the key package.
Someone needs to put together the infrastructure to support title key distribution and some dynamic way of decrypting an encrypted title key.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
The local Walmart has a VHS section that usually has new releases on VHS tapes. What's funny is how much cheaper a new release on VHS is over DVD. The studios kept telling us how DVD prices would come down because DVDs are cheaper to manufacture over tapes, but it never happened. The studios just sat on the extra cash and got fat and happy.
I came, I saw, She conquered.
It's also interesting in that the porn industry sees by far the most copyright infringement, but seems to care about it a lot less than the **AA does. Even with all that copying going on, they still somehow are able to make quite a bit of money without whining about it and suing people left and right.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
If there is something to be learned from this it is that technological superiority doesn't count for much in setting global de-facto standards.
One could say that the OS wars have confirmed this. Remember, the common cold is very popular too, that doesn't mean it's good...
Betamax VCRs never really became "shiny pieces of garbage" in the way Blu-Ray / HDDVD machines will. The crucial thing is, video cassettes were always recordable. You can still watch all your old recordings of Charles and Di's wedding, Fawlty Towers, It's A Wonderful Life and the entire Carry On series, and even record new programmes (VHS tape is the correct width, 12.7, to be wound into worn-out Beta cassettes; but note that you do need to keep the original metallic leader tape, since Beta and VHS used different auto-stop mechanisms and clear plastic leader won't trigger it). As I've hinted elsewhere, Betamax has better resolution and better colour reproduction.
The problem with play-only formats is exactly that: they are play-only, and so there can come a point where nobody is making any new material to play on them.
Je fume. Tu fumes. Nous fûmes!
Trusted Computing solves this 'problem'. Debuggers won't be allowed to run on 'protected' programs, and this will be enforced on the hardware level (each program will effectively have to ask for permission to run).
Yes and no. You're right about the effect, but wrong about the mechanism.
The TPM can't control what programs can or cannot be run, so it's not correct to say that disallowing debugging of protected programs will be enforced on the hardware level.
The enforcement will be done purely in software, by the operating system. What the TPM will do, though, is to provide a place to securely store the player key, and to bind that key to a specific operating system environment. Boot a different OS, or modify some part of the OS that is considered important for security and the player key will no longer be available.
So, if you use the unmodified OS, it will note that the DVD playing software is not "debuggable" and will not allow your debugger to attach to it. If you try to patch the OS to force it to allow debugging, then the player key won't be available to the player, so you can't grab it with the debugger.
Note that in order for this to work, there must be no exploitable security holes in the OS that allow you to patch the OS after it's been booted into its fully functional state. This is because of the way that the TPM "binds" a key to a given system state.
Basically, during the boot process each chunk of code feeds data to the TPM. The TPM hashes all of this information into a Program Control Register (PCR). This hash value in the PCR is what represents the system state. To bind a key to the PCR, the TPM simply XORs the PCR with its internal master key and uses the result as an encryption key to encrypt the bound key (in this case, the player key). Retrieving a bound key works the same way: The TPM reads the encrypted bound key from disk, XORs the current PCR value with the master key and uses the result to decrypt the bound key.
If you boot into a different OS, or in any other way change the data that is fed to the TPM during boot, then you change the PCR value. Different PCR means different result when XORed with the master key, means different result when the bound key is decrypted.
So, to make such a protection system work, it is necessary that all of the software that is used to enforce the protection be part of the data that is fed to the TPM for hashing into the PCR. BUT, if you can exploit some hole to patch the software *after* the PCR has been fully initialized, then you're golden.
Another way that attackers can try to work around the TPM is by snatching the key before it's bound to the TPM, or by arranging for it to be bound to an already patched OS. Most likely, software player manufacturers will try to work around this by asking the TPM to "attest" to its configuration (meaning its PCR value) before giving out a key.
It's not clear how well that will work, though, because it means that every booted Vista system has to have bit-for-bit identical software so the player mfg can know what the "valid" PCR value is (well, large groups of Vista systems have to be identical, giving the mfg a set of valid PCR values). That doesn't seem like a problem until you realize that part of the data that has to be hashed into the TPM to make the system secure is the BIOS/EFI code. Because if an attacker compromises the code at that level, any protections the operating system tries to implement are irrelevant.
It may be possible to use a string of attestations, one for the PCR value from each stage in the boot process to work around *that* problem, but it's not clear how feasible that is.
Bottom line: The TPM will be used to strengthen DRM systems, but it seems pretty likely that it will be defeatable (and defeated) in many ways. This is because TCPA wasn't designed as a copy protection system, or to prove to third parties that the machine won't violate DRM. Rather, it was designed as
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Not me baby....you ever try to carry TWO 32" CRT's??
Hehehe..seriously....I am completely over CRT's....no matter the cost....just too bulky and heavy. This is especially true for computer monitors...but, also true for television.
My preference? DLP Projectors....that that expensive...with a screen, less than many large LCD or Plasma tv's...are HD resolution compatible...and take up very little room, and are easily transportable. Hell...I can grab my projector...take to a friends house and hook to their dvd player, and have 'portable' movie night just about anywhere.
For a bit over a grand...100" picture and great resolution, and taking up very little room.....I don't think they can be beat.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Or put another way, the porn industry has a business model that is more resilent to outside influences beyond their control without having to buy off politicians. Yeah, you don't players in the porn scene that are multi-millionaires to the degree of someone like Tom Cruise, but in general they seem to do well when compared with the average American.
Please stand clear of the doors, por favor mantenganse alejado de las puertas