HD DVD's AACS Protection Bypassed

Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."

Dupe

[rrohbeck]

http://hardware.slashdot.org/article.pl?sid=06/12/ 28/0259244

The source is not for the "break"

[plover]

The source code provided is simply code to decrypt the stream. It's an implementation of the AACS published standard for decrypting a stream. What it does not do is provide a way to extract the keys from the disks.

The author is waiting till some time in the new year to reveal how he got the keys, but the evidence suggests to me that he used some kind of debugging hook into Power HD-DVD.

Re:The source is not for the "break"

[Workaphobia]

Actually that's true of most dvd drives these days. The industry made a major push a few years ago to make sure newer drives enforce region codes in hardware, so it's not just that one brand that's defective by design. I don't know if it violates the CSS specs or not.

From http://en.wikipedia.org/wiki/Regional_lockout

"DVD Video discs are the most infamous and visible example of regional lockout. Computer DVD drives come from the factory with RPC (Regional Playback Control), either RPC-1 (older drives) or RPC-2 (newer drives). The difference between the two is that RPC-1 means the player software has the responsibility of enforcing the region control, while in RPC-2, it is enforced by the drive's firmware.

It means that RPC-1 drives can play DVDs from any region (0-7) while RPC-2 drives play only from a particular region (although the region code can be changed 5 times after which it is locked)"

Sucks, doesn't it. After those five times are up, you're screwed unless you can reflash the firmware. That's your money at work.

Re:And the winner is..

[Workaphobia]

Why?

http://en.wikipedia.org/wiki/AACS

"The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc."

Blu-ray IIRC had room for additional DRM methods as well.

Hey MPAA/RIAA cretins!

[kimvette]

Now that it's cracked, I might consider buying your media in HD-DVD and Blu-Ray formats, since now I can take care of Fair Use when it comes to format shifting and making backups. Until it was cracked there was absolutely ZERO possibility that I would ever consider purchasing HD-DVD and Blu-Ray media.

Don't you think it's high time that you quit trying to block Fair Use now, especially since the real pirates in China are totally unaffected by DRM in the first place?

Thanks for listening.

Signed,
A paying customer

HD-DVD is -NOT- cracked

[derrickh]

Unlike DVDs, HD-DVD's have dual keys, 1 for the title, and 1 for the player. At the most, this guy has managed to make 3 titles playable on a single player. What will happen next is Cyberlink will have it's PowerDVD keys revoked and new keys will be provided with a patch.

So at most, you'll be able to 'back up' (or Pirate) the current batch of Full Metal Jacket HD-DVD's to play on an older version of PowerDVD.

So dont go around yelling about how HD-DVD is cracked, cuz it's not.

Here's an article that has a few more facts and less sensationalism.
http://videobusiness.com/article/CA6403011.html

D

Re:HD-DVD is -NOT- cracked

[DamnStupidElf]

Unlike DVDs, HD-DVD's have dual keys, 1 for the title, and 1 for the player. At the most, this guy has managed to make 3 titles playable on a single player. What will happen next is Cyberlink will have it's PowerDVD keys revoked and new keys will be provided with a patch.

And when PowerDVD is re-released it will have to load its brand new decryption key into memory and use it to decrypt the data from the disk. If they're smart-asses, they'll only use the decryption key for key setup or even completely skip the AES 128 key and directly build the AES decryption key schedule by some other obfuscated process. If they really want to get wild, they'll continually decrypt and reencrypt the key schedule so that its never fully intact in memory at any given point in time, and integrate the last decryption steps into the first huffman decoding steps for the mpeg process (since it's just a bunch of XORs) to further annoy crackers. Unfortunately, the fact that unencrypted material ever exists in PowerDVD proves that they must have the entire AES decryption key schedule available for any given decryption, and it will be relatively trivial for crackers to pull the key schedule out and just pick the first 128 (or 192 or 256) bits of the key schedule which is the original AES key. Trying to hide encryption keys within an executable's memory space is probably one of the silliest ever conceived. All an attacker has to do is try every K-bit (K is the size of the key) sequence of memory as a test key at several points in the program. That is in fact what this article's attack accomplished. The key schedule can be dynamically encrypted and decrypted as each word is required, but this is just a stopgap measure and slows encryption down significantly.

Re:Dance Dance Revocation

[Watson+Ladd]

The disk keys *cannot* be revoked as they are burned into the disk. That is what is being used to decrypt.

2ndMIX

[tepples]

The disk keys *cannot* be revoked as they are burned into the disk.

They can be revoked in future titles and in remasters of existing titles. What use is circumvention software that can break only a few months of releases?

Re:Dance Dance Revocation

[Workaphobia]

This point has been mentioned a lot in this article's comments and the last one on this topic, but I'll karma whore and reiterate it:

There's a difference between the title key and the player key. The title keys are used to directly decrypt the contents of the dvd (or hddvd or blu-ray), and differ between discs. They are not revoked because they are never reused to begin with. The player key is what's licensed to the companies and stored in players. This is the key that allows access to the title key, and if compromised, this key can be revoked by simply not allowing it to decode any more title keys on future discs. So if this guy has obtained a player key, he can continue to decrypt future title keys up until the powers that be catch on, which may never happen if he doesn't publish it.

But he may not even have a player key. He might have just read the title keys, after they were decrypted by powerdvd, out of memory. I think that's what the GP meant.

I heard a suggestion in another thread that the title keys alone might be useful enough - the idea was that they could be exchanged freely across a p2p network, but the player keys that yielded them would remain in private hands to ensure their usefulness. I think the people discussing that missed one important point (although I could be wrong): the title keys should be unique not just to each movie, but to each disc containing that movie, as they are derived from the serial number in the disc. So your title key is useless to anyone else. It's a shame if that's true.

Guess the only thing to do is go back to trading gigabytes of movie data over bittorrent illegally, instead of a couple kilobytes of key data so you can view a legal copy. ;)

Re:Dance Dance Revocation

[tepples]

But if that were not the case, wouldn't it be trivial to make an image and distribute this rather than the unencrypted movie data, since people can just burn the image illegally and play it in a liscensed player to accomplish the same goal?

Even in DVD-R, the consumer burners can't burn the player key block, which is preset to the unencrypted state on all consumer blanks. Special "authoring" burners are prohibitively expensive for the typical low-scale pirate's business model.