Slashdot Mirror
HD DVD's AACS Protection Bypassed
Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."
http://hardware.slashdot.org/article.pl?sid=06/12/ 28/0259244
thegodmovie.com - watch it
This also just in...
slashdot seems to be posting stories more than once to demonstrate
the real effect of deja vu on the jolt drinking, halo playing, pornography
downloading whacked out crowd it caters to.
I guess HD DVD just won the war against blu-ray!
The author is waiting till some time in the new year to reveal how he got the keys, but the evidence suggests to me that he used some kind of debugging hook into Power HD-DVD.
John
Doesn't Blu-Ray use AACS as well? Sounds like a blow to both formats w/r/t crippling the use of their discs.
How about AACS-Hole?
Feel free to back up your hd-dvds once you get some.
When you have Alzheimer's, dupes are fantastic!
An unbroken copy-protection scheme makes for a far better incentive for people not to buy the DRM laden shit.
That source code does nothing without title keys.
rapidshare...ugh...i p.html
http://rapidshare.com/files/8318838/BackupHDDVD.z
the mfg's won't understand of course.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
It's right here: http://malfy.org/
Every encryption/DRM scheme that the companies think up will inevitably be cracked/hacked. All they need to do is realize that and then they can save money instead of pursuing a futile effort. I, for one, would buy the stuff if it was worth the money they charge.
Maybe they could charge less if they didn't take the time or spend the money developing newer DRM?
"Every encryption/DRM scheme that the companies think up will inevitably be cracked/hacked. All they need to do is realize that and then they can save money instead of pursuing a futile effort."
I agree. That's why I've stopped trying to secure my Linux server.
Feel free to start backing up your HD DVD's whenever you feel the need
Not only do we skip RTFA quite often, the article submitters seem to as well.
What he says in that quote is simply not possible; you still need the keys, and that hack doesn't cover that problem.
We may have something for that too in the future, but this is not the hack for piracy-at-will.
Beware: In C++, your friends can see your privates!
But sometimes people miss stories. Now, if it is a dupe of a dupe, then that's something else (it does happen). It should be no surprise the copy protection is broken. For every team of programmers coming up with this stuff, there are 40 million teenagers in basements hacking it. Law of averages says someone will stumble on to something. The crack is not very good right now. So what? Someone else will refine it. The chain gun was once a flintlock. If the associated groups were smart, they would do away with the protections and just factor in the cost of losses into the end product.
Oh, wait, there isn't any! Nevermind.
Marketplace http://marketplace.publicradio.org/shows/2006/12/2 9/PM200612294.html
No excuse for the Big Media companies not to know - DRM will not work!
The winner is HD DVD.
Sorry Sony. Servers you right for using better crypto people.
Coming in the near future...
It will require a drop of your blood to authenticate the customized drm. As an added bonus, it will also perform a pregnancy test, which will be handy seeing as how you've just been fucked...
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
He should have sat on the public notice for another year to let the fools get really entrenched in their latest sheme to protect themselves. ;-)
Now that it's cracked, I might consider buying your media in HD-DVD and Blu-Ray formats, since now I can take care of Fair Use when it comes to format shifting and making backups. Until it was cracked there was absolutely ZERO possibility that I would ever consider purchasing HD-DVD and Blu-Ray media.
Don't you think it's high time that you quit trying to block Fair Use now, especially since the real pirates in China are totally unaffected by DRM in the first place?
Thanks for listening.
Signed,
A paying customer
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
It does not even contain the actual decripting code, but simply calls some system routines.
This was just a backup of the last article.
paintball
Every day the kids say they cracked AACS and every day the reality is they didn't even scrach it. Is it because they know they can't win and are desperate to sound like they own AACS?
The first time, they discovered how to use JMF to play a BD movie on a BD player, as if the whole idea of BD-J wasn't a trick to keep them busy thinking they cracked it. Now they claim to have at least part of an AACS decryption algorithm, assuming it isn't just another JMF call they got out of a BD player.
It still sounds incredible that the IPod generation even knows what an AACS decryption algorithm is. You wouldn't think, being infactuated with big corporations, CEOs, and marketing, they would want to break encryption like the Walkman generation did with DVD.
Now all you need is 50 years to reverse engineer one of the millions of keys.
Unlike DVDs, HD-DVD's have dual keys, 1 for the title, and 1 for the player. At the most, this guy has managed to make 3 titles playable on a single player. What will happen next is Cyberlink will have it's PowerDVD keys revoked and new keys will be provided with a patch.
So at most, you'll be able to 'back up' (or Pirate) the current batch of Full Metal Jacket HD-DVD's to play on an older version of PowerDVD.
So dont go around yelling about how HD-DVD is cracked, cuz it's not.
Here's an article that has a few more facts and less sensationalism.
http://videobusiness.com/article/CA6403011.html
D
The first, last, and only tech news site on the net
Is it really cost-effective to do so at this point? HDDs seem to be at around $0.25/GB best case, so we are talking about $7+ per movie. That means 1/3 of your collection would have to be destroyed just to break even, assuming you value your time outside the office at $0/hr.
Maybe people are backing these up for other reasons such as skipping the 10 second FBI warning or saving the 20 seconds it takes to locate a disc and physically place it in the player?
I really don't see the utility, especially when giganews et al have 90 days retention now.
Sheesh, I hope my internet provider steps up my bandwidth so I can download one of these things within a reasonable time. 24 gigs isn't something to turn the other cheek to. Plus I need to upgrade my 400GB drives in RAID 1 to something over 2TB
Remember how Dinsey was only going to releas on DIVX, as it provided better DRM and other control than DVD?
But, no a Disney lockout made no difference.
Part of the reason some early adopters liked DVD was because they new it was MPEG2, so possibly transferable.
The idea of a black-box format is less appealing.
Yes, the mass market does not care about the format. But they won't buy the next Laser Disc either.
If I paid for the content, I feel I'm entitled to play it when and where I want. That includes on my cell phone, my mp4 video player, streaming onto one of my pc's from my server, or even on a monitor that's attached with a VGA cable instead of a HDRM cable. And I feel I'm entitled to keep it safe from harm, watching the related movie while the shipping container disc is secure in its plastic box. I'm also entitled to watch just the content and skip the advertising, FBI threats, extras, menus and other crap that detract from the movie experience I paid for. Being threatened with prison for exercising my rights under fair use is distasteful to me, and doesn't leave me in a good mood to enjoy the dramatic experience.
People are backing these things up to their USB external HDDs so they can take their movies with them, or watch them how they like. The cracks for both of these formats will be available and people will transcode them to open formats. That's the way it is because the studios won't sell us content in the format we want, or their terms are otherwise unacceptable. I don't approve of people sharing the content with people who haven't paid for it, but, well, the penalty doesn't get any worse does it?
Oh, and usenet was cool once. I wonder what it's like to download a 25GB movie. That SSL encrypted subscription looks like a winner. Maybe it's time to look into that again.
Help stamp out iliturcy.
I like how that article just blatantly copied the wikipedia page on AACS:e nt_System
http://en.wikipedia.org/wiki/Advanced_Access_Cont
Look under System Overview. It is possible that the text may have come from a common source, but wikipedia cites no references and a google search for the text takes you to the wiki page. Still no direct indication that the author of the text is the same person who put it in wikipedia, but still interesting.
The key and the content has to be decrypted at some point. I don't think it's going to be long before
someone figures it out and automates the retrieval of the key or the content from memory. In either case it will make key revocation much more difficult for the studios.
'if attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it. An attacker can use his/her player key to get title (or media) keys of several movies, and publish the title/media keys or the decrypted movies, without risk of revoking of his/her player key.' http://en.wikipedia.org/wiki/Advanced_Access_Conte nt_System#System_overview
Which will be the first revoked key.
The article in Videobusiness is correct in what can be done to revoke keys, but it's wrong in what that means.
It only takes a single compromised player to copy content, and once compromised, that player can be used in perpetuity to rip any and all disks published up to that point. There is no way to undo that.
Furthermore, if players like this get compromised every few months, we know that it's a fairly high probability event. Together with the previous observation, that means that pretty much every disc will be perfectly rippable by pirates using simple software (no need even to hack into hardware).
What this sort of nuisance DRM protects against is consumers backing up their HD-DVDs, watching them on iPods, etc. That's a shame, really. But I think, in the end, that will just mean that the formats are at great risk of simply being overtaken by on-line distribution. If people have to put up with DRM anyway, they might as well go to iTunes and other sites like that. And downloaded content at least can be backed up even if it is protected by DRM.
Tell that to people trying to pirate DirecTV signals. Have the P4, D1, and D2 access cards been broken yet?
Windows Vista has a mechanism where media files can request decryption in the video card. See Protected Video Path User Accessible Bus.
That will come later. Each piece of AACS shall be disclosed and disseminated in its own time, on a schedule that limits the ability of the MAFIAA to enforce the standard form contracts encoded in the DRM system against customers.
Even if 1201(f) does allow embodying the capacity for circumvention for interoperability purposes into a device and distributing it, the US Court of Appeals for the Second Circuit ignored it in Universal City Studios v. Reimerdes .
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title [17 U.S.C.A. S 1 et seq.] in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
In patent case law, "manufacturing" has been interpreted to include installing on a hard drive, transforming a general-purpose computer into a machine that performs a patented process. Likewise, installing circumvention software would "manufacture" a circumvention device from raw materials that include a computer. The allofmp3 case is based on an interpretation of "importing" that includes downloading a copy from a foreign server across the Internet. "Otherwise traffic in" appears intended to encourage courts to interpret the restriction on the rights of users broadly rather than narrowly. "Another acting in concert" would include someone on IRC who gives you a link to optical disc authentication and decryption software. "A right of a copyright owner under this title" is defined in 17 USC 106 to include the right to exclude reproducing or preparing derivative works and in 17 USC 602 to include the right to exclude importing copies from another region.
I am not a lawyer; nothing you read on Slashdot is legal advice. I encourage other people to look over my analysis and point out errors. If you plan to sell something, talk to your attorney first.
Unfortunately, there any number of people in the world who feel perfectly empowered to use litigation against others who reuse their material in critical ways, to withdraw material from distribution, and to make material that has been distributed useless. What, exactly, is the public - who spends millions upon millions to preserve this content - supposed to do to try to prevent this?
A problem occurs when the conditions imposed by digital restrictions management interfere with the public's right to make parodies and other fair uses that would be protected under 17 USC 107 were it not for 17 USC 1201. A problem occurs when the conditions imposed by digital restrictions management interfere with libraries' and archives' right to make backup copies that would be protected under 17 USC 108 were it not for 17 USC 1201. A problem occurs when the conditions imposed by digital restrictions management interfere with users' right to resell copies that would be protected under 17 USC 109 were it not for 17 USC 1201. A problem occurs when the conditions imposed by digital restrictions management interfere with users' right to platform-shift computer programs that would be protected under 17 USC 117 were it not for 17 USC 1201. If the MAFIAA wants to run a legit business, how can it help preserve the traditional balance between the rights of the copyright owner and the rights of users?
From my personal perspective it is more likely than not that you do not have single-digit-year-old children. They tend to watch the same G-rated (or foreign counterpart) animated film once a week or more often. The use case that the MAFIAA member studios want to prevent is that someone buys a copy of Pinocchio in Outer Space on an HD format and backs it up to DVD-R for the smaller SDTV or EDTV set in the kids' room.
They can be revoked in future titles and in remasters of existing titles. What use is circumvention software that can break only a few months of releases?
That's what happens when Slashdot articles are not protected by DRM. You get dupes, lots of them!
w00t
...but I honestly believe that piracy has divine will behind it. That's why no matter what protection scheme or form of encryption is implemented, it always gets broken. It gets broken because the greater majority of the human population depends on it being broken.
The GNU/advocates on this site need to understand something about me. I don't oppose you people because I oppose your underlying cause in many instances; quite the opposite. I oppose you because I feel that your leader and his second, Bradley Kuhn, are themselves authoritarian megalomaniacs...I also disagree with the level of fear I see among people within the FSF and its' supporters. I feel there needs to be a lot more faith expressed...faith in human beings, and faith in the concept that if the cause is just, its' justice will be self-evident and will prevail naturally for that reason.
Bluray has as you said an extra layer of gunk before you get to the content: B+
As far as I can tell it's an extra bunch of code that can be used to further check the player for compliance before finally decrypting the AACS title key.
That means that bluray is more complicated to play because you have to implement an extra virtual machine to fool the B+ code into thinking that it runs on a real player.
The reason that HDDVD will win, is that it's easier to play for Open Source players and other user-loyal players.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
"Hey, turn on JavaScript!"
Um, yeah right...
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I heard those discs can hold about 50GB so back them up all you want, you sure can't save more than a very few images. I'm not a big fan of disc to disc backups cuz the point is to back it up to a medium that isn't easily destroyed or scratched so maybe the best DRM is making the movie too big to save. Combine that with super-protection against players playing burned discs (or don't make a 'civilian' burner for the disc format at all) and movie pirating is over.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
So somebody could squash PS3 and subsequently Blu-Ray by getting existing models' keys revoked? Repeatedly?
For those who can't be bothered reading all the articles and threads (38 pages and counting). The application works by implementing acss to decrypt the data, it was written using the specifications found on the AACS website.
The two things that are required to decrypt a dvd, a disk key (specific to a printing run of a disk) and a player key. Both have a revoke system in place.
A disk key can be revoked by future disks you use in your player, the player must store a list of revoked disks, when you insert a new disk the revoke list must be updated. If the disk key was revoked it would cause consumer backlash as their disks would not work anymore, they could get everyone to replace their disks that could be a hassle. Keys for several movies have been found, some released. One flaw with this is If the disk key is found and is public It is still possible to use the backuphddvd to decrypt the disk.
A player key can be revoked by not encrypting the disk with a compromised player key anymore. Once a player key is compromised all future disks will not work on that player but all current disks will still decode. A software player would need to be updated but this may not be possible if a player key for a hardware device is compromised. A key for windvd (japan) may have been found but not released yet. It is likely that this will be revoked and an update released.
In post 691 are the keys for Serenity, King Kong, and 12 Monkeys. More are most likely found but not posted. They where found using windvd (japan as the english version is not yet released). It is likely that they also have the player key. There have been confirmations that it does work.
There are a few problems with this hack, it does not work out of the box, instead you need to find a working volume or device key. It is not going to be fast finding ether key once they start revoking device and disk keys as each update of the player needs to be compromised. Also redistributing the keys could also become a problem, there would need to be a website that keeps track of keys for each printing of the disk, it could be a central website that the decrypted checks or a peer to peer system but it is something that would need to be worked out in the future. Another problem is you need the same disk as those people that finding them, there is no automated solution currently and they have a limited selection of disks.
To prevent future releases from being uploaded to Usenet in the same way. DRM that revokes player keys that have been broken contains the damage caused by those broken keys.