Slashdot Mirror
Blu-ray Protection Bypassed
ReluctantRefactorer writes with an article in the Register reporting that Blu-ray copy-protection technology has been sidestepped by muslix64, the same hacker who bypassed the DRM technology of rival HD DVD discs last month. From the article: "muslix64's work has effectively sparked off a [cat]-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public." WesleyTech also covers the crack and links the doom9 forum page where BackupBluRayv021 was announced.
...lasted a bit longer than CSS...maybe next time they might make it last a whole 6 months, maybe even ***gasp*** a whole YEAR before "pirates" start enjoying their blowjob while consumers just get a spiked dildo in the ass.
Living With a Nerd
Sounds like Muslix is doing his part to help keep the entertainment industry regular.
This guy's the limit!
That's an awesome hackername! Sorry....just had to....
"Ha - ha."
What was that, like, 12 minutes?
Why does it sound suspicious that a BD player is keeping a decrypted key in main memory?
"Oh boy"
Microsoft and Apple are smart. Disk based DRM is doomed since you can't actually upgrade disk drives and disk media that easily, even with encryption programs written dynamically on the disk.
So as disk-based DRM is consistently wrecked, but can't be updated until the next hardware cycle (~7-8 years at least), which alternative becomes obvious?
Software based DRM via network downloads. You can update the DRM-ed player in the next software patch, automated via Internet distribution. Apple is covered with their iTunes store, and Microsoft has been working frantically on heavy DRM in Vista and WMP.
Now you know why.
That these cracks and counter DRM attempts cause enough compatability problems that the Consumer electronics industry gives up on DRM, and the studios would have to follow if they wanted there content sold at hi def prices....
One can dream that they'll come to there senses. There is nothing more annoying than petty restrictions on the content you buy..
Why shouldn't I be able to watch my dvd/hd movie on my ipod OR computer OR TV. This is getting stupid. The thing is the studios are unified in there stance by the MPAA, maybe consumers should start lobbying or just stop buying..
He has definitelly got an invite.
HA HA
Does any one remember when the PS2 was anounced, and they said their security method could not be broken? Atleast they don't try and make those types of claims any more.
All this really does is show (yet again) that DRM only hinders honest customers, as any one who WANTS to pirate something, can. The best you can do is force the pirate to do some rather annoyign things to get it all working (think Starforce).
Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
Anybody that buys DRM infected media or hardware is "cracked".
From the article "The early version of this utility only supports the decryption of Blu-ray discs whose CPS unit key is known." ... "A powerful crypto attack was used to analyze the memory dump obtained from a Blu-ray Disc software player (such as WinDVD or PowerDVD). The crypto attack helped to identify the encryption keys that are needed for decrypting the video files."
So it has not been cracked as the keys still need to be found. This just decodes the contents once the keys are found.
Again, as with HD-DVD, all that's happened so far is: - he has implemented decryption using the fully public specs - he has recovered some per-disk keys (using a clever technique) by finding them in the memory of software players Neither format should be considered cracked until a standalone software player could play all disks (independent of an online key database) a la DeCSS. That said, major props to him for actually getting done what he got done. The plaintext attack he used to recover the software keys, as described in one of the forum posts, was a nice touch.
"Honey, I have to reboot the TV because it's just gotten a security bios update and TiVo won't record until it sees the update. Oh, and I'm sorry the DVD player doesn't work: the last automatic update turned it into a spam-bot and I had to turn it off or get sued under CAN-SPAM 2.1"
668: Neighbour of the Beast
How about checking out a previous story. HD-DVD and Blu-Ray. Not quite the same, but similar principal.
Muslix gives new meaning to the term "blueballs".
Err, "bluballs".
Nevermind, you guys can finish the joke properly.
The Register article has this amusing and quite appropriate typo in it:
muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry
Yes, I would say that pretty well fits. The DRM-mouse can neither catch nor flee a car. It's just roadkill at will. HD-DVD roadkill. BlueRay road kill.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
FTA:
"Blu-ray and HD DVD both allow for decryption keys to be updated in reaction to attacks, for example by making it impossible to play high-definition movies via playback software known to be weak or flawed. So muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public."
So.... The keys will be updated, someone else will come out with a "crack," and the merry dance starts all over again. Have we truly gained anything? Methinks not. But maybe content owners might get smart and not bother with this DRM bulls**t.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
We've been saying on Slashdot for years. If it can be read, it can be copied. The only possible way to deal with that is to completely lock down all players. But the results of doing that too effectively always seems to end up indirectly reducing consumer demand.
And it's pointless. Most people are happy to pay for DVDs. When you eliminate the people who haven't the technical knowledge to download a movie, those who wouldn't buy it if they couldn't get a free copy, and those who would snub a free DVD quality rip over a paid for HD-DVD quality rip, you're looking at pretty small numbers. Meanwhile, they're putting off a similar number of geeks who are deterred by lack of openness, or region coding, or concerns that the encryption isn't going to be compatible with their TV.
Best part about this is that this time, nobody is going to doubt muslix64. After his first crack was posted people were wringing their hands for weeks wondering if it was legit or a hoax.
Weaselmancer
rediculous.
With 20+ GB downloads of HD movies, we're going to need much faster pipes in order to continue to illegally download movies. Verizon should help fund these guys, as it will help sell the 15 Mbit FIOS intetnet option.
Andy
Maybe muslix can fix the HDDVD and bluray players so they don't downgrade component outputs.
They aren't doing this because of piracy. Piacy amounts to a drop in the bucket compared to the additional revenue they can squeeze out of honest customers thanks to the fair-use stiffling effects of DRM. The whole piracy thing is to give the honest customers someone else to blame.
"It's teh evil PIRATES wots doing this to you, not us honest content providers!"
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I was testing /.'s FireHose system earlier today and saw another submission on this - except that one made it more clear as to what was done to get around the DRM content protection. Basically, its the same thing you can do with a DVD, VCD, or any video file - xvid, h264, etc encoding in avi, ogm, or mastroska containers - that is, make frame-by-frame screen-captures of the video and stitch the resulting images together for a new video file without DRM. To my knowledge, yes, this method does result in a pretty much exact copy of the video, except that because it's basically taking those million frames in the video and saving them as raster images and putting in a fast, 25-30fps slide-show...
or at least thats how I understand how it was done anyway - btw, I think it had said it was something like the Intervideo WinDVD player used, though there are other players which I am sure can do this (from the other article I mentioned)...
The funny part is that this wasn't supposed to be funny. :)
This problem that's been used to crack both BR and HD is basically unfixable the way things are isn't it? It's an interesting read on the forum how he did it (page 2, I think). The problem is that the key is in plaintext in memory. But it HAS TO BE doesn't it? You couldn't use it if it was still encrypted, and so you'll have to decode it and put it in memory at some point. The only fix to this would be what a poster on that forum mentioned wouldn't it? You rely on a piece of silicon you control to do all the decoding and such, which would require a BluRay player card or something. You'd have to basically get rid of software players.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
What he did crack is one software based player. There's now a difference. Key holders will now revoke the keys for that particular player, so it won't play newer movies anymore. There's no crack yet that would defeat the entire protection scheme.
though to be fair the CC spec encourages your TV to do this late at night when it's pretending to be turned off
You can buy lock picking books and tools easily. Yet you don't see people leaving their homes and cars unlocked because they are suddenly made worthless. Locks are good, so is DRM, when it works properly. It needs to be open, non-intrusive (for the owner) and allow fair use. Unfortunately it seems that the **AA is more interested in forcing consumers to re-purchase every album and movie they own each time a new technology comes along. Anyone who thinks that DRM is to stop pirates is uninformed. It's to stop you from taking all those DVDs, converting them to XviD and storing them on cheap mass storage. It's more profitable to slowly kill off DVDs with Bluray and force everyone to buy both Godfather movies again (Godfather III, you're nothing to me now).
This gives the movie industry no where to run. There was the fear that when the HDDVDs had a work around that the movie industry would go bluray. Now this gives the movie industry very little room to do much of anything at the moment. They just don't get it. There will always be someone smarter than the people who are smart enough to reverse engineer things. They always think they are one step ahead but in reality they aren't. I would like to thank muslix64 for all his hard work.
The day's going to come when people will refuse to accept this. All the intelligence being added is being added in order to *limit* the user experience.
/. geek can deal with this, but others - my wife, as an example - would return the lot as defective, and demand cash back.
I can remember (old man crotchety voice on) when systems used to compete on things like S/N ratio, fidelity, color, etc. Back then (you know, this past Christmas), you bought components and high-grade (gold-plated, even) component connectors, expecting that the traffic on those connectors had everything to do with rendering the media, and nothing to do with anything else.
Now you find you have to be concerned with bios versions.
Any
668: Neighbour of the Beast
is that you can't just run the program to decrypt all your Blu-Ray(or HD-DVD) disks, you need to locate the key and use that to get the unprotected data.
This sounds like a right pain in the arse. I'm used to buying DVDs willy-nilly and just shoving films onto servers, PSPs, iPods, XBMC etc as the mood takes me. It always works, I just press a couple of buttons and away I go.
Reading these stories have made me think - I'm now even less likely to buy a HD disk than I am a standard DVD. I buy a HD disk in the shop and I've now got to worry, can I get the key for this disk? will it be for the right region? will it be the right version (you can be sure once a disk is cracked they'll shove new keys on all future pressings).
I don't think I can be arsed with all this really.. much easier just to download un-encrypted and know it'll work on everything I own, forever. FFS I'd pay more for the pirate version than the legit one given the chance.
My next prediction is the appearance of a site that'll serve keys. You put your HD disk in your machine, run a util that gets a hash from it, searches online and decrypts the disk automatically.
*scampers off to register hd-keys.com*
ELOI, ELOI, LAMA SABACHTHANI!?
that all this is is minidisk versus digital compact cassette all over again. how many minidisk or DCC players do you own
They will never stop until somebody makes the
Now that Blu-Ray can be pirated, there's a chance the format might take off. This could have a positive benefit for PS3 sales.
The crypto is only as strong as the algorithm, and the method used for key management.
The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!
Basically, it makes very little sense.
The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
In other words, while the DRM movie is playing, your spreadsheet won't.
But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.
If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.
This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).
Remember "Spaceballs": the code is: "1", "2", "3", "4".
It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.
Just another "Cubible(sic) Joe" 2 17 3061
These muslim terrorists (muslix) give us no break.. when will this madness end??
Ehh.. come on, is this such a shock? I mean, seriously. None of these schemes are safe, as long as there is time and bored hackers there will be broken protection schemes.
Smokedot.org
I was having an imagined conversation with my wife! Nice one though.
668: Neighbour of the Beast
http://hdkeys.com/
steal as many movies as we can because
Information Wants to be Free
To call it a "cat-and-mouse game" is overstating I think. Why should the content sellers care about someone cracking Blu-Ray or HD-DVD encryption? They know that piracy is inevitable. They just want to keep it underground so the average consumer doesn't participate. And for that, under the DMCA any proprietary encryption system will do just fine. The DMCA gives them the permanent legal right to go after anybody who doesn't license their decryption technology, or who tries to circumvent it in an unauthorized way.
DVD is a great example. DeCSS has been around for years, but it hasn't had a material impact on DVD sales because DVD copying isn't widespread. (At least in the USA; parts of Asia like China are a different story.) Threat of legal action backed by the DMCA has kept DVD backup software generally unavailable to Joe Consumer, despite the widespread prevalence of DVD-R drives and media.
Bottom line: You could break their encryption and print up all the geeky De-AACS T-shirts you want, but it won't materially affect content sales.
Hm, I see Sony has been singled out once again, whilst none of the other companies are mentioned (including Apple). Is it me, or is /. becoming more and more like Digg everyday? In other words, rubbish.
http://www.blu-ray.com/faq/#bluray_developers
Everything has a weakness somewhere. The guys designing this stuff have to get it to market eventually, but the guys cracking it have as much time as they need to find the oversight that winds up being the chink in the armor.
The fact that they just left the key in the clear in dram isn't something that was inevitable, just their particular implementation and something that is somewhat fixable.
So to make a quick analogy, which security measure should they they have choosen?
1. Leaving the door open to your house inviting someone that happens to be driving by to notice it and walk in...
2. Leaving your door closed but unlocked requiring them to select your door out of several on your block to open...
3. Locking your door with a 5-pin standard door lock that you would have to bump to open, but hoping the bad guys pick some other house to rob that choose security measure #1 or #2...
4. Living in a cave under a mountain with bars on your one entrance/exit...
Seems to me that they selected door #2, where selecting door #3 would have probably been a better choice in retrospect.
As a quick example, the key could have been xored with "0xdeadbeef" in memory and some inline code to un-xor it as needed into cpu registers could be done. Although this is essentially non-cryptographic scrambling, it would have required someone to find and disassemble the decryption subroutine instead of just search a 2G memory dump for a key...
I'd say DVD took off once the Playstation 2 came out. Before that, DVD players had been expensive and VHS was good enough for most. PS2 put millions of DVD players in people's living rooms as a side-effect of something they were going to buy anyway. Before PS2, DVDs were confined to a small slice of shelf space in video stores; once PS2 came out, they increased very rapidly indeed.
Things may have gone differently elsewhere, but in the UK the Playstation 2 was a major force behind mass-market acceptance of the DVD format.
I used to think that the Playstation 3 would have the same effect for Blu-Ray, but now I'm far from sure. Quite apart from the price, it's just too late; it's this generation's N64. In the NES and SNES days I was a total Nintendo fanboy, but if my parents hadn't had a fit of generosity and got a PC, I'd have given up waiting for N64 and bought a Playstation, and I'm sure many others did the same. How many people have already given up waiting for PS3 and gone out and bought a 360?
Real Daleks don't climb stairs - they level the building.
immediately upon accessing the unencrypted data on the Blu-Ray disk, muslix64's computer fell victim to a rootkit . . .
Have you ever thought, that maybe such companies intentionally hack their media themselves, to make it gain more popularity/widespread usage?
.. sorry for spelling/grammar mistakes, i'm tired and posting this in bed.
A conspiracy theory maybe, but think about it, and this is only an analogy...
DVD comes out, it's not all that popular and the uptake is slow -- so far, no one has cracked it and it's only medium is genuine purchases. You buy a DVD player and pay well over the odds as it's only just come out, as you would, you show off this hardware/media to your neighbors, but he/she doesn't really see the value in buying said hardware/media or he/she just simply doesn't have the money -- this process is circular throughout your country, it becomes a rich-toy and nothing more for those privileged enough to show off with, which equals, no mass market, no big bucks.
But, what if you allowed this to happen for a few months, the rich kids get to show off, they're happy, but then! all of a sudden! media is hacked. People can now copy these dvds, making them free/cheaper, thusly, he hardware soon gets hacked and becomes free/cheaper -- all of a sudden, this new media is becoming really popular.
People who originally couldn't afford such an amazingly over-priced piece of kit can now keep up with the neighbors and everyone is happy.
You're now thinking, how is the media vendor happy? Well, simply because, any increase in sales is better than no increase in sales. And although a percentage of people are stealing/ripping dvds, there are still a hell of a lot of people who have morals and will legally buy. This vendor can also then go and attempt to take these villains which have stolen to court/bodies to claim back said stolen money, from a customer who would never even have originally contemplated buying this media, had it not been free/cheaper/stolen. This = profit, which would never have been available had the company not hacked/allowed its media to be hacked.
Why would a company then invest so much money to prevent people hacking their media? It's all about face.
Long winded I know, just a though!
I WANT to buy, I REALLY DO! I think there is some great content out there that I WANT to own LEGALLY...
But I'll be damned if I am going to go through all the hassle of taking my ITMS DRM crap and converting it to a stardard mp3 format so I can play it on my "other" players. Same with movies... Its TOO MUCH HASSLE...
I'll just grab the pre-decrypted, ready-to-use, no DRM, no hassle, play anywhere, play anytime torrents, ftp files, usenet d/ls, etc... (hell I can automate this with a few scripts for God's sake)..and deal with the guilty conscience of cheating an artist out of a penny...
Its not that I WANT to cheat the artist out of his/her penny, but if you strip everything away it comes down to a pretty simple economic equation:
H = Hours of MY time spent converting DRM'd crap
V = Value of my time
X = Number of content files
AEC = Artist earnings per content file
So... you end up comparing H*V*X vs. AEC*X, and in MY mind the answer is always:
H*V*X > AEC*X
You go ahead and plug in your own numbers, I have, and to me, its just not worth it. My time is money, and if you think you are going to not only charge me money to buy your content, but then turn around and charge me (indirectly) to modify your content for my purposes, you're nuckin futs!
Opinion:=TMyOpinion.Create(Me);
Ah well, best of luck to him.
Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing. In other words, while the DRM movie is playing, your spreadsheet won't.
Shnap! That's got to be quite the macro!
When our name is on the back of your car, we're behind you all the way!
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
That won't help unless the DRM is in the CPU as well as every other component. There are far too many people with access to a hardware ICE to hide the keys otherwise.
The *IAA wastes so much time, energy and ultimately money on various DRM implementations and the end result is always the same. The DRM is eventually cracked so those who want to pirate material can and do yet the DRM is cumbersome enough to upset and turn off a certain percentage of legitimate customers.
My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.
Things like this only serve to alienate legitimate consumers who are already inclined to pay for the product. The pirates just wait for the DRM to be cracked.
matching a hash to a hash isn't a huge CPU intensive task - and serving 32-bit isn't going to clobber your bandwidth. You can host that site anywhere and flcik your fingers at DMCA.
now that the title keys are known for all existing disks, it will be easier to attack the vendor/player keys for other players. If a few of these are found there'll be no way back without upsetting a lot of consumers with revoked hardware.
Where people will just download the pirated versions of their favourite movies just so that they can play them without any problems. DRM technology really proves that content providers really don't care about their customers and are willing to punish a majority of legal users to get sales they probably wouldn't have gotten anyway. When are they going to realise that there is no way that they can stop piracy? I mean it's really quite obvious that you can't encrypt something give you the key to the encryption and expect it not to be cracked.
The only new catch is that the new "user" is a software/hardware/media oligopoly, and this user account has more rights than yours, even though it's on a computer that you bought and you think you own.
In other words, while the DRM movie is playing, your spreadsheet won't.
Your spreadsheet will run just fine - the sort of software that won't run is the debugger you try to attach to your movie player.
we can safely predict that DRM restrictions will be lifted from music.
Since when have publishers stopped using a DRM scheme just because it was cracked? Any audio DRM scheme can be cracked just by unplugging your speakers and plugging in a recorder, but you don't see music DRM going away, do you? For that matter, do any big commercial DVDs come with CSS turned off yet?
This is a shameless appeal for some coders with HDDVD or BluRay drives to come out of the Slashdot woodwork and finish what muslix64 started. He said he will not finish the AACS decryption tool beyond where it stands, and it has some some serious problems:
s t941169
Read this forum post for a detailed explanation of the current revision:
http://forum.doom9.org/showthread.php?p=941169#po
See Professor Ed Felten's excellent blog explaining AACS in detail:
http://www.freedom-to-tinker.com/
The official AACS specifications, straight from the source:
http://www.aacsla.com/specifications/
Your contributions will apply to both HDDVD and BluRay, of course.
(With my limited understanding of how AACS works) I predict that someone will brute-force decode all of the AACS player-specific keys and post them.
No, I will not work for your startup
MiniDisc originally came out at the start of 1992. Whether or not the MP3 spec (as part of the MPEG-1 suite) had been released then, MP3 as a standalone format for listening to (and sharing) music was rare prior to the mid-1990s. (Even the term MP3- as the file extension- was only coined in 1995). And it wasn't until the late 1990s that it *really* exploded as a mainstream phenomenon.
MiniDisc was a relative failure in North America- IIRC- because it was too expensive for the teenage-type market it was aimed at. It should be noted that it *was* a success in Asia; well, Japan at least, where it replaced the traditional cassette.
Oddly, here in Europe it seemed to enjoy a moderate level of popularity in the late 90s/early 2000s, several years *after* it first came out and prior to the rise of usable-capacity MP3 players. They seem to have disappeared in the face of the iPod and the like.
But my point is that MP3 doesn't explain their overall lack of success; it's irrelevant to MiniDisc's early life, for example.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I want to buy him a beer!
Seriously folks, the vast majority of what we call "entertainment" is simply crap. The entertainment industry needs to do some serious soul searching and come to the realization that rather than blowing all this cash on binary wizardry they need to be investing in good writing, acting, directing, etc.
Good content = more $$.
More DRM = pissed off customers.
Read the forums. You'll note that this particular DVD did not implement "BD+" which is an ADDITIONAL layer of "protection" on top of AACS.
BD+ discs are potentially going to be much harder. Why BD+ isn't used on all discs, I don't know.
retrorocket.o not found, launch anyway?
They're already testing BD+ compatibility and preparing firmware updates for the set-top boxes in BD world headquarters. There will be no more Cyberlink support.
BD+ isn't a technology. All BD+ is, is an exception in the warranty that lets them disable customer's hard earned products without getting sued. Cyberlink knew the risk in basing a business on software players and they lost.
There are at least two, and probably three, things wrong with the popularly echoed "they'll revoke the keys" response:
1) Which player gets its keys revoked? The people involved are being intentionally elusive on this topic. It's been determined that WinDVD can be used, but content providers can never be sure they eradicated the source of leaks unless they ban all software players. For all we know PowerDVD is cracked, too, despite their claims; the fact that muslix64 uses it for his demo certainly makes one wonder.
2) Even if you wipe out a player, you can still crack all the discs currently on the market. Key revocation only involves future titles, manufacturers have to change how they press discs to revoke a key and stop the hack.
I quote from Wikipedia which has all this correct: "if a given player's keys are compromised and published by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it." I'd also suggest the thread where muslix64 comments about this subject.
3) What gives you any reason to believe that the same misguided souls who believed AACS was a secure solution implemented revocation securely?
Tell that to standards groups that release their specs in Word format (3GPP, I'm looking at you).
Such a PITA if you only want to print out 1 page, but Word has to paginate the umteen pages to figure out what is the current page.
THESE KEYS CANNOT BE REVOKED !
The key that this method uses are the volume and titles key. In other words, the "password" whith which the movie data is encrypted. This cannot be revoked, it's on the media itself and that media is read-only.
What can be revoked is the *player* key. The key that the player must use in order to retrieve the volume&title keys mentionned above.
Each disc is crypted with something like a "password" : the titles and the volumes keys.
Each disc also comes with a long list of volumes keys, each time crypted with a different player key.
The AACS Logic : The method created for playing a disc needs at lest 1 valid player key that match at least 1 entry in the long list, so the player can get the "password" (volume & title keys) needed to decrypt the disc. The player key is the crucial point to protect.
If pirates manage to capture a key, we stop using the compromised key. From that moment onward, long lists contains volumes keys, crypted with every "player key" except the compromised one. Other player can still play the movie, because there's at least one entry they can play with their "player key" ; but the pirates and the compromised player can't play the movie because the only entry they could use is missing on all future disc.
The pirate logic : fuck all these player keys. Just store the individual "volume key" we need to play the movie.
That are not the key that can be revoked. They are permanent for a given disc. Even if subsequent edition change the volume key, pirate will still share the new key. If AACS tries to revoke keys, it'll only stop some player from playing the movie. It'll not prevent a movie whose volume key is known to be decrypted, and it won't stop pirates looking for keys in other software player's memory dumps and/or SIMD registers list.
This proves the fundamental error of DRM : providing both the crypted data and the key isn't secure. And you have to provide them both because they're used for playing the media. You can protect content from the user who own it.
BTW: Although Muslix64 never explained his own method, there are a few methods for obtaining keys from a couple of software mentioned in doom9 forum's thread.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
...considering the recent announcement that Sony will not allow porn on BluRay.
muslix64 isn't exactly a brilliant hacker here. Anyone who's in the software cracking scene knows about fravia's now defunct site and +ORC's set of DOS tutorials. We were ripping keys from memory in encrypted states years ago on the PC, and years before that on even older hardware.
That said, I am not impressed with what this person has done.
The HD-DVD and BluRay camps should start blacklisting the keys that they've given out to WinDVD and PowerDVD. There should be no software decoding of HD content until set-top boxes have saturated the market somewhat.
What will muslix64 and friends do when WinDVD starts using Armadillo to protect their software? What will they do when WinDVD requires a hardware dongle to run that contains a portion of the software's code, in an encrypted format itself?
There are crackers out there who can take care of such things, but it's just a matter of revoking keys again, and updating WinDVD and PowerDVD.
The sooner these stupid DRM schemes are defeated, the faster the new hi-def technologies will be adopted by the public at large. If either Blu-Ray or HD-DVD were totally and permanently cracked today, then they would become sooo much more attractive. I think it would convince more people to adopt the cracked platform. Sales would go up and lots of stuff would get pirated. But they wouldn't see the increase in sales as a result of a more flexible DRM-less platform- all we would hear about is the increase of piracy and all the money lost. But it all goes hand in hand. It's a symbiotic relationship.
Revoking the keys of a hardware player WOULD really ick off the consumers.... But WHO would the consumers get mad at?
If I understand the blu-ray scheme properly (and I might not), new commercially-sold disks with protected content on them also carry revokation lists, and updated keys. When you insert this new disk into your player, it will revoke the player's key essentially BREAKING it, so it won't even play discs that it played BEFORE you inserted the new one.
Consumers will see this: They bought Shrek 3 on blu-ray, put it in the player, and after that, the player won't work. They will think that the player is broken, and complain to the manufacturer of the player. This way, the content companies can be jerks, and the player manufacturers have to work to get the player working again for the consumer (probably by sending out a cd with a new key or algorithm in it).
The content companies are offloading the cost of piracy protection to the hardware manufacturers by making them spend WAY more money on engineers, programmers, High-speed CPUs, customer support, etc... How much do you want to be that the extra cost will be passed down to the consumer?
Personally, I believe if the content providers want to protect their content, then THEY should be paying for it directly. This might be fine for Sony, who publishes content AND makes the hardware, but I bet even they will have trouble keeping costs down.
He's a retired military guy who trims the edges of my lawn when he thinks I've let them go too long.
You know. As a sign. To get cracking. On the rest.
668: Neighbour of the Beast
Companies and their political lapdogs need to wake up and realise that ****PEOPLE DO NOT WANT THIS SHIT IN THEIR MEDIA.****** Here is a very simple English statement to media companies.
To the companies:
We buy media. We expect to watch media on any capable electronic device.
We don't like restrictions. Restrictions are bad. restrictions piss us off.
When you piss people off, they won't buy. Simple as that. Pissing people off is bad.
Pissing people off is bad for business.
To said political lapdogs:
Get the fuck out of our govt, you scumbag, sick, corrupt, vile traitors. You have betrayed the people, and you are just damn lucky you don't get your asses strung up by hordes of angry citizens of the United States.
Why are all the keys to movies from the back catalog?
Is the industry limiting HD DVD's to just old stuff? Maybe they are simply releasing old stuff to see if it gets cracked and are holding new content for after the market is established. King Kong? Enter the Dragon.. What year did that come out?
The truth shall set you free!
I think you are ontopic as it deals with DRM.
Last time I knew anything about the Sony MD players, is there are two formats and 2 modes of operation. The Data format takes data disks and can transfer stuff to and from a computer and the Music format which employs Serial Copy Protection. Your copy of a copy won't work. To prevent a computer from defeating Serial Copy Protection, a player with a music disk will not talk to a computer at all. The data port is disabled when in music mode.
The DRM of Serial Copy Protection and the segration of Music and Data modes is the reason I never bought one of the players. You probably have only one player so Serial Copy Protection is not an issue for you.
Have they changed any of the above? Can you now copy music to and from a player with a computer?
Other than analog, how the heck do you record music disks to play?
The truth shall set you free!
One of the major failings of CSS was the limited keyspace that meant that they couldn't revoke any player keys, because so many players had to share.
With AACS it's cheap and easy for them to revoke just one key and each player has a key of its own.
So if someone goes to extraordinary (lengthy + expensive) lengths to extract a key from a player then they can revoke only that key and they have to start over on a new player.
If an entire production run has a problem then that run can be disabled just as easily as disabling one player key.
What we need to do is to stop telling people how the keys were obtained and distribute decrypted title keys, that way they can't know what player key to revoke.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
I buy CDs, and I go to concerts, ALOT of concerts. The problem with the whole crowd that argues "you can go buy DRM free audio content RIGHT NOW. Yes, they're called *gasp* CDs." is that they overlook that the argument is two-fold. I often don't WANT an entire CD. Sometimes I do, but not always. Why should I pay $15 for a $.30 piece of plastic that has a whole bunch of stuff I don't want. So my alternatives are...?
Exactly... DRM'd crap.
Look... If I buy a book, can I read in in my home, car, on vacation, plane, etc... LEGALLY? Can I also copy segments of the book(say a chapter) and take those papers with me to share segments and excerpts with a classroom of kids who are having reading day? Sure I can. A book, and its contents, are available to me on my terms. Why can't music?
Opinion:=TMyOpinion.Create(Me);
Pluged ? How ? No player key were compromised during the process of hacking this stuff.
They could revoke player keys and replace them with newer one, but it won't change anything.
The only thing they could logically do, is refuse to issue newer keys to any player from which a volume key & title key has been extracted.
But then, their condition will be almost impossible to meet, because in order to un crypt the data from the disc, the volume and title key *have to be* in either memory or SIMD register so the crypto algorithme can work with it, and therefor it'll *always* be accessible to memory dumps / debugger register dumps or virtual machine dump if the player software is run in an emulator, even if that's only for a short period of time. (According to Doom9 forum threads, once the keys aren't needed anymore, they're removed from memory in some of the players they managed to extract volume keys from)
So the only reallistic way to avoid volume keys to be extrated from a software player is to stop allowing software players at all.
But I doubt that this solution will be chosen by the BD / HDVD makers, because class actions are very likely to happen ("I bought a shiny new Viiv / Live! certified home theater PC and dual BD / HDDVD drive and no players can play my movies !!!")
The key revocation scheme works in the whack-a-mole race between pirate obtaining new player keys for their players and the disc makers wanting to lock out those unlisenced player (and the genuine original one compromised). Exactly what happened with the first generation of DeCSS whith used stolen keys from Xing. Had the DVD makers revoked the CSS keys, this DeCSS wouldn't be able to decode DVD anymore (as would be also the case with the Xing player) and would need newer keys, which would then in turn get revoked, and so on... But that race didn't happen, newer version able to crack the encryption without the player key emerged (libcss2 as used in VLC).
With BD and HD DVD that race won't happen again, because muslix64's softs don't need any compromised player (revokable) key. They need a volume key, unrevokable and always available during a shot time in memory or SIMD registers. Keys that can subsequenlty be shared on the net. Keys which will be difficult to persuade some governement that they are illegal because :
- They enable a user to read a disc he has legally bought and to which he otherwise couldn't have access either because his OS doesn't have a player (Linux) or because his setup doesn't qualify for enabling full resolution.
- Pirates don't actually need them. Most of the pirated movie that'll circulate in torrents will be in unencrypted form (and maybe transcoded to some modern wavelet codec that'll be the "DivX of BD/HD DVD"). Swapping volume keys doesn't play any role in movie piracy.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Face it, you just got ass reemed by slashdotters a lot smarter than you. Take the advice of your own nickname and go away!!!!
There're no bugs to be patched. The technique doesn't use any exploit. To decrypt the data, at one moment or another you need to use the volume key.
In order to use it, you need to have it, either in memory, or in a SIMD register (and even then the register gets saved on the stack when tasks are switched).
And the key can be copied from them, no exploits involved.
Player makers may move the keys in different memory location, but because several dozens of volume keys are already known, we know which data to look for in order to determine which new location holds the volume key.
The only actual stuff that they may do is that some shoddy versions (older WinDVD version) tend to keep the keys in memory even when their aren't needed anymore, for a too long period of time. This is something that can be fixed (and I supposed is actually already done). But it won't help that much, there are already explanation how to extract volume keys from players that don't keep them in memory after they aren't needed anymore (like PowerDVD).
In fact one can imagine a completly automated processus where :
- program ask user to start playing a known disc.
- player start decrypting data
- program scans player's memory and registers/stack for known key.
- program locates candidate location for finding keys.
- steps above are repeated for several known disc.
- program determines a heuristic to find key location using previously accumulated data.
- program ask user to introduce new DISC.
- program copies key from the location determined before (and may eventually test the key to be certain).
- these last steps can be repeated for more new discs.
At no moment this procedure required using a specific player or exploiting a given bug.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]