Slashdot Mirror
Decryption Keys For HD-DVD Found, Confirmed
kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"
Revoke the key. It will happen each time.
I predict that any backlash against key revokation will be addressed by very polished newsvertisements which state that the key revocation is the result of "hacking" by the "pirates" and despite the sincere regret of the problems caused, there is nothing they can do at this point.
Is it just my observation, or are there way too many stupid people in the world?
"Hello, Doom9.com's ISP? Yes, this is Microsoft. We're auditing your sofware licenses."
"Hello, Doom9.com's registrar? You're being charged with violating the DMCA. Pretty much all of it."
"Hello, little tiny country? This is the MPAA, and as official representitives of the US government, we're asking you to hand over all people involved in this post on Doom9.com's forum. If you fail to respond, we'll enact sanctions on your country and drive you into the dark ages. Just look at North Korea for an example.
You have Pr0n, cheaper hardware and blank media than Blu-ray and now you can "backup" movies, HD-DVD will be the winner of the HD format war, at least here in Argentina, Brazil or other developing countrys where piracy reigns...
Don't release the crack until after the standard is settled! Now all the studios will go Blu-Ray only.
sulli
RTFJ.
or people who want to watch movies they bought on their mythtv system
or people who like to buy movies and watch them, but don't run windows
And guns are just as useful to criminals as they are to law enforcement units and law abiding people protecting their home.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.
The point is to create as much damage as possible, so the industry learns that the only one hurt by DRM are they themselves. Revoked keys mean more work, more expense, more hassle and dissatisfied customers who have to jump the hoops. This will in turn create more awareness for DRM and the problems it creates.
We have to teach the studios that DRM is a failure. That it only generates hassle and problems for their paying customer and is no barriere or even a deterrent for the pirates. For this, the customer has to be the one hurt, too. Learn the easy or the hard way, learn about DRM by investigating or by having your tools stop working.
Yes, that's not the usual gentle way of teaching. But appearantly some people don't learn 'fore it starts to hurt.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
New disks can be pressed with new keys, and the compromised software player will have it's key revoked. As such, this is not a generally useful solution. AACS remains secure, and at best, we may see individual keys available for certain pressings of certain discs. This approach will never provide general playback as DeCSS does.
However, it is my understanding that the decryption process can be done by the TPM; once this is supported, the problem will be much more difficult. Make no mistake, the battle has only just begun. Before long, software based attacks may be rendered impossible.
comedy awards? This is hilarious. Spending all that money on DRM, implementing new media, only to have the encryption cracked before launch day (practically) must be like trying to nail jello to the wall using $100,000 nails. (Has Mythbusters tried nailing jello to a wall yet?)
The real question is not how they will respond, but when will they learn?
Support NYCountryLawyer RIAA vs People
is never underestimate a hardcore geek with a little equipment and a decent block of vacation time....
people have been xeroxing books for like 40 years and nobody ever made such a stink as the mpaa and riaa have. their whole thing is so wrongheaded, if they would spend all those legal fees and lawyer salaries on hiring better directors/writers/actors their profits would skyrocket. its not piracy that loses them profits, it's SHITTY PRODUCTS.
sometimes, i wonder if i'm the only conservative on teh intarweb. ah well, back to mah hogs and warmongerin'....
You are correct, sir. The attack vector is the same, keys being exposed in insecure memory in the decoder/player. The encryption of AACS itself is unlikely to be cracked as it's AES, and AES is very nifty and well studied. Even if the key searching approach fails, there *are* possibilities that some sort of attacks could be waged on the AES implementation which might be vulnerable. (For instance, I wrote AES for MATLAB. It's highly likely that my implementation could be exploited for various reasons, such as cache timing attacks.)
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
I thought short movie clips qualified as fair use without need for a copyright holder permission, and that YouTube video contained no more than that...
Beware: In C++, your friends can see your privates!
Even if they one day develop a perfect DRM scheme full of unbreakable secure paths, it won't be possible to avoid someone simply removing the actual LCD screen, wiring the signals instructing which pixels should turn on and off to a 3rd party device, and recording the unencrypted content in raw format.
No piracy is being stopped by these means. They're and will always be utterly useless.
Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player. They don't want to make it impossible, they simply want to make it difficult. Having to keep a key database updated is a pain in the ass. I'd go as far as to say that they don't care about an isolated crack - they'll "fix" it and go on, with updates from time to time. This is a s/w player, not a hardware player, correct? Just require an update.
The point is that they will make this about Piracy, and that its the Pirate's fault that you have to go download an update to get your machine to work. Not their fault (Say "Not my fault" in David Spade's voice an you'll get the idea). Most consumers will believe the newsvertisement they see on ther local station that blames those evil pirates for their suffering. If it weren't for the pirates, their stuff would work. Which can easily be spun at truth - pirates cracked the system, system must be safe or poor artists children will starve, so we had to change the system - all pirates fault. Your mother would fall for that, and you know it.
Right and wrong is irrelevant - it's who takes the blame for the mess that matters, and the industry has a lot of PR money to make sure the finger points at someone else.
Is it just my observation, or are there way too many stupid people in the world?
What about the early adopters, who bought high-end video cards without HDCP, or very nice HDTVs, also witohut HDCP? They now have to pray that somebody (Sony?) sees the light and doesn't trip the "artificially cripple old HDTVs" flag.
So, because the MPAA is afraid of an attack that isn't feasable, and may never be, they are forcing early to buy new hardware (for no good reason). I can't help but wonder if this wasn't a simple money grab -- force everyone to upgrade so they pay you twice for the same hardware.
Don't thank God, thank a doctor!
No, you can't. Pretty much all "HDTV cards" are taking already-encoded streams from off-air HD stations and basically extracting it into a file on your hard drive. However, if you know of a low-cost capture card that can handle HD-res DVI/HDMI, then by all means feel free to enlighten us.
The GP is correct. If you can actually capture DVI in realtime, then you're probably inside the industry already, where no form of copy protection can prevent leaks.
Also, especially referring to 1080p TVs, regardless of the signal stored on the disk, the output is pretty much 1920x1080x60fps. And, if anything, it's probably 32bpp between device and monitor.
FC Closer
Actually, I've more commonly seen it referred to Digital Restrictions Management. I think the term Digital Rights Management is just the publishers attempt to put a positive spin on something that is fundamentally designed to impose restrictions on your use of the content. The accepted and common meaning of the abbreviation of course will be determined in due time.
I'll say your nom de plume is appropriate. There are two ways to reconcile these positions logically. One is that it is not the same Slashdotters making both claims (we have diversity of opinion here, in case you failed to notice). The other way is that the "competition" the first claim refers to is between corporations, not between formats. The former fuels markets, the latter fragments them. It's true that the latter is a consequence of the former, but it is not an inevitable consequence. For instance, nearly all books published in English today have the binding on the left side, even though there are many publishers competing for your cash.
But, I wanted socialized health insurance!
``What really strikes me is how much Slashdotters go on and on about how competition is good...but then they turn around and claim HD-DVD versus Blu-ray is bad and "childish."''
I'm not sure these are the same Slashdotters. Also, I'm not sure there is a contradiction here (as you seem to suggest). Personally, I believe in competition, but I also believe in interoperability. In fact, I believe that interoperability makes competition more effective. Having two incompatible formats pollutes competition with another factor: rather than being about the quality and price of the content, it's suddenly about compatibility.
Please correct me if I got my facts wrong.
Seriously, the more and more I read about "fair use" on Slashdot in conjonction with DRM for DVDs, HD-DVDs and Blu-Ray, the more I can't help but think that it's an euphemism for "piracy". Seriously, stop kidding yourselves. The majority of people who rip and burn movies are pirating them, not practicing their fair use right to show clips in schools or make backup copies.
"By admitting DRM is useless and treating customers like clients instead of criminals?"
Customers shouldn't be treated like criminals, but they shouldn't act like criminals either. Many "customers" act as criminals then bitch and moan when they're being treated as such.
What is needed is a DRM that is advanced enough to be flexible enough to allow all "fair use" while curtailing piracy. That would be the ideal. But the reality is that DRM isn't advanced enough and won't be any time soon, if ever. So the best would be to get rid of DRM altogether. But please do NOT pretend that DRM is broken primarily for "fair use". It's broken for piracy over torrents and P2P and warez sites. In other words, it's broken for "criminal" activity, so I seen no reason why those engaged in such should be treated as "criminals".
Note: I put "criminal" in quotes, because copyright infringement is actually a "civil" offense rather than "criminal", in the US. Unless one pirates more than $1000 worth of works in 180 days, in which case it does become "criminal".
-- "I never gave these stories much credence." - HAL 9000
Round 2 is people violating copyright claiming fair use
In this case, fair use is a pretty damned good argument. The fact that the videos will refuse to play because the player software has decided that it simply doesn't like your hardware is a good enough reason to circumvent the restrictions, IMO.
And if I owned the necessary hardware and such a disc, I'd be making that argument to the secretary of state that I should be allowed access to an unprotected copy, in order to be able to access the data as is my right as a valid licensee.
What does firewire have to do with HDMI?
BTW, macs don't come with software or codecs to record, transcode or play back the HD MPEG streams available on firewire. Firewire hard drives aren't required either. You could have just as easily said firewire deck + PC + magic software. Nice try.
Linux users whose computers don't come with the software automatically will just choose Applications->Add/Remove Software and choose "HDCrack", which by then will be a graphical frontend for mplayer. Mplayer and the cracking software will be downloaded automagically and probably will access a network of online database of title keys hosted in openness friendly countries. Thereafter when they insert a supported HD-DVD, it will just play. It will, as usual, contain ripping software for translating the content into a more accessible, device shiftable and back-up possible format.
When you run Windows, freely available (and commercial) software (and even sometimes simple media!) often comes with evil code. Linux users usually don't have to deal with that. Linux users can use trusted repositories and the free choices available are an embarassment of riches. The question isn't if the software is available, but which package best suits your goal. Access to this global pool of application resources is built in to the standard interface on most distributions.
It must be tough to be a Windows only user these days. All that going to the store and giving your credit card number to anonymous websites and all... Not knowing whether you're installing something that works, doesn't work, crashes your computer or is just a trojan horse program that surrenders your computer to anonymous remote control whether you paid for it or not. So sad. And the OS comes with absolutely no real applications, except of course the world's least secure browser. And that's just the stuff you install on purpose. Stuff that installs itself unbidden or hacks that come preinstalled by the OEM (without an OS-Only install CD!) are an entirely different level of sad.
Don't worry, though. The world understands. They expect less of you because of the poverty of your tools.
Help stamp out iliturcy.
You haven't the slightest idea what you're talking about. No matter how well coded, any information used by a program is available to someone determined to extract it.
First of all, 60 fps would be interlaced. So an de-interlaced signal would be 30 fps, half the bandwidth, i.e. 170MB/sec. Then you do on-the-fly compression, you can probably reduce that by 2/3. So your final bandwidth is around 50MB/sec. You could easily achieve this with a simple raid setup.
There are presumably a thick raft of consumer-protection laws which prevent the industry from turning your shiny new $500 HD player into a shiny boat anchor because some nitwit cracked the player key. If the industry ever did that sort of thing, I'd expect either a product recall with free replacements/servicing or a class-action lawsuit against either the revoking authority or the manufacturer for not offering replacements.
Come to think of it, who is responsible when a manufacturer makes a product and a revoking authority with which they'd signed a contract turns it into a paperweight? Whose responsibility, whose fault?
Laws do not persuade just because they threaten. --Seneca