Slashdot Mirror
Blu-ray Protection Bypassed
ReluctantRefactorer writes with an article in the Register reporting that Blu-ray copy-protection technology has been sidestepped by muslix64, the same hacker who bypassed the DRM technology of rival HD DVD discs last month. From the article: "muslix64's work has effectively sparked off a [cat]-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public." WesleyTech also covers the crack and links the doom9 forum page where BackupBluRayv021 was announced.
...lasted a bit longer than CSS...maybe next time they might make it last a whole 6 months, maybe even ***gasp*** a whole YEAR before "pirates" start enjoying their blowjob while consumers just get a spiked dildo in the ass.
Living With a Nerd
Sounds like Muslix is doing his part to help keep the entertainment industry regular.
This guy's the limit!
Microsoft and Apple are smart. Disk based DRM is doomed since you can't actually upgrade disk drives and disk media that easily, even with encryption programs written dynamically on the disk.
So as disk-based DRM is consistently wrecked, but can't be updated until the next hardware cycle (~7-8 years at least), which alternative becomes obvious?
Software based DRM via network downloads. You can update the DRM-ed player in the next software patch, automated via Internet distribution. Apple is covered with their iTunes store, and Microsoft has been working frantically on heavy DRM in Vista and WMP.
Now you know why.
That these cracks and counter DRM attempts cause enough compatability problems that the Consumer electronics industry gives up on DRM, and the studios would have to follow if they wanted there content sold at hi def prices....
One can dream that they'll come to there senses. There is nothing more annoying than petty restrictions on the content you buy..
Why shouldn't I be able to watch my dvd/hd movie on my ipod OR computer OR TV. This is getting stupid. The thing is the studios are unified in there stance by the MPAA, maybe consumers should start lobbying or just stop buying..
From the article "The early version of this utility only supports the decryption of Blu-ray discs whose CPS unit key is known." ... "A powerful crypto attack was used to analyze the memory dump obtained from a Blu-ray Disc software player (such as WinDVD or PowerDVD). The crypto attack helped to identify the encryption keys that are needed for decrypting the video files."
So it has not been cracked as the keys still need to be found. This just decodes the contents once the keys are found.
Again, as with HD-DVD, all that's happened so far is: - he has implemented decryption using the fully public specs - he has recovered some per-disk keys (using a clever technique) by finding them in the memory of software players Neither format should be considered cracked until a standalone software player could play all disks (independent of an online key database) a la DeCSS. That said, major props to him for actually getting done what he got done. The plaintext attack he used to recover the software keys, as described in one of the forum posts, was a nice touch.
"Honey, I have to reboot the TV because it's just gotten a security bios update and TiVo won't record until it sees the update. Oh, and I'm sorry the DVD player doesn't work: the last automatic update turned it into a spam-bot and I had to turn it off or get sued under CAN-SPAM 2.1"
668: Neighbour of the Beast
The Register article has this amusing and quite appropriate typo in it:
muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry
Yes, I would say that pretty well fits. The DRM-mouse can neither catch nor flee a car. It's just roadkill at will. HD-DVD roadkill. BlueRay road kill.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
With 20+ GB downloads of HD movies, we're going to need much faster pipes in order to continue to illegally download movies. Verizon should help fund these guys, as it will help sell the 15 Mbit FIOS intetnet option.
Andy
Key has to be decrypted somewhere. Where else do you want to put it?
Sure, a hardware player could put it in a reasonably tamper-proof ROM, but what's a software player going to do?
Not a typewriter
They aren't doing this because of piracy. Piacy amounts to a drop in the bucket compared to the additional revenue they can squeeze out of honest customers thanks to the fair-use stiffling effects of DRM. The whole piracy thing is to give the honest customers someone else to blame.
"It's teh evil PIRATES wots doing this to you, not us honest content providers!"
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Nevermind, you guys can finish the joke properly.
No, I don't believe we can. Sorry.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
What he did crack is one software based player. There's now a difference. Key holders will now revoke the keys for that particular player, so it won't play newer movies anymore. There's no crack yet that would defeat the entire protection scheme.
is that you can't just run the program to decrypt all your Blu-Ray(or HD-DVD) disks, you need to locate the key and use that to get the unprotected data.
This sounds like a right pain in the arse. I'm used to buying DVDs willy-nilly and just shoving films onto servers, PSPs, iPods, XBMC etc as the mood takes me. It always works, I just press a couple of buttons and away I go.
Reading these stories have made me think - I'm now even less likely to buy a HD disk than I am a standard DVD. I buy a HD disk in the shop and I've now got to worry, can I get the key for this disk? will it be for the right region? will it be the right version (you can be sure once a disk is cracked they'll shove new keys on all future pressings).
I don't think I can be arsed with all this really.. much easier just to download un-encrypted and know it'll work on everything I own, forever. FFS I'd pay more for the pirate version than the legit one given the chance.
My next prediction is the appearance of a site that'll serve keys. You put your HD disk in your machine, run a util that gets a hash from it, searches online and decrypts the disk automatically.
*scampers off to register hd-keys.com*
It needs to be open, non-intrusive (for the owner) and allow fair use.
The only difference between some fair use and illegal copying is intent. Not a system in the world can discern that.
Now that Blu-Ray can be pirated, there's a chance the format might take off. This could have a positive benefit for PS3 sales.
The crypto is only as strong as the algorithm, and the method used for key management.
The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!
Basically, it makes very little sense.
The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
In other words, while the DRM movie is playing, your spreadsheet won't.
But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.
If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.
This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).
Remember "Spaceballs": the code is: "1", "2", "3", "4".
It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.
Just another "Cubible(sic) Joe" 2 17 3061
Almost right. Dedicated silicon would be one way.
Besides that, the only OTHER option would be for the entire system to be "secure" through things like so called "Trusted Computing". In parituclar check out the section on Memory Curtaining.
You'll notice that in this case, "Trusted Computing" has nothing to do with the User trusting the platform, but rather with the Media Companies Trusting the system to look after their interests above that of the users.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
There are ways of not doing so... for example putting bits of the key in different places in the memory map. Putting crucial bits of the key in kernel memory where userspace can't read it... deliberately obfuscating parts of the key (eg. xor the 10th byte with some value, thus invalidating it unless you know that it's been done).
:p
TPM will hold the key in unreadable (to unauthorised applications) static memory. Once that gets on your PC you've got to crack TPM first.. and that's going to set you back *at least* half an hour
http://hdkeys.com/
To call it a "cat-and-mouse game" is overstating I think. Why should the content sellers care about someone cracking Blu-Ray or HD-DVD encryption? They know that piracy is inevitable. They just want to keep it underground so the average consumer doesn't participate. And for that, under the DMCA any proprietary encryption system will do just fine. The DMCA gives them the permanent legal right to go after anybody who doesn't license their decryption technology, or who tries to circumvent it in an unauthorized way.
DVD is a great example. DeCSS has been around for years, but it hasn't had a material impact on DVD sales because DVD copying isn't widespread. (At least in the USA; parts of Asia like China are a different story.) Threat of legal action backed by the DMCA has kept DVD backup software generally unavailable to Joe Consumer, despite the widespread prevalence of DVD-R drives and media.
Bottom line: You could break their encryption and print up all the geeky De-AACS T-shirts you want, but it won't materially affect content sales.
The fact that they just left the key in the clear in dram isn't something that was inevitable, just their particular implementation and something that is somewhat fixable.
So to make a quick analogy, which security measure should they they have choosen?
1. Leaving the door open to your house inviting someone that happens to be driving by to notice it and walk in...
2. Leaving your door closed but unlocked requiring them to select your door out of several on your block to open...
3. Locking your door with a 5-pin standard door lock that you would have to bump to open, but hoping the bad guys pick some other house to rob that choose security measure #1 or #2...
4. Living in a cave under a mountain with bars on your one entrance/exit...
Seems to me that they selected door #2, where selecting door #3 would have probably been a better choice in retrospect.
As a quick example, the key could have been xored with "0xdeadbeef" in memory and some inline code to un-xor it as needed into cpu registers could be done. Although this is essentially non-cryptographic scrambling, it would have required someone to find and disassemble the decryption subroutine instead of just search a 2G memory dump for a key...
I'd say DVD took off once the Playstation 2 came out. Before that, DVD players had been expensive and VHS was good enough for most. PS2 put millions of DVD players in people's living rooms as a side-effect of something they were going to buy anyway. Before PS2, DVDs were confined to a small slice of shelf space in video stores; once PS2 came out, they increased very rapidly indeed.
Things may have gone differently elsewhere, but in the UK the Playstation 2 was a major force behind mass-market acceptance of the DVD format.
I used to think that the Playstation 3 would have the same effect for Blu-Ray, but now I'm far from sure. Quite apart from the price, it's just too late; it's this generation's N64. In the NES and SNES days I was a total Nintendo fanboy, but if my parents hadn't had a fit of generosity and got a PC, I'd have given up waiting for N64 and bought a Playstation, and I'm sure many others did the same. How many people have already given up waiting for PS3 and gone out and bought a 360?
Real Daleks don't climb stairs - they level the building.
I WANT to buy, I REALLY DO! I think there is some great content out there that I WANT to own LEGALLY...
But I'll be damned if I am going to go through all the hassle of taking my ITMS DRM crap and converting it to a stardard mp3 format so I can play it on my "other" players. Same with movies... Its TOO MUCH HASSLE...
I'll just grab the pre-decrypted, ready-to-use, no DRM, no hassle, play anywhere, play anytime torrents, ftp files, usenet d/ls, etc... (hell I can automate this with a few scripts for God's sake)..and deal with the guilty conscience of cheating an artist out of a penny...
Its not that I WANT to cheat the artist out of his/her penny, but if you strip everything away it comes down to a pretty simple economic equation:
H = Hours of MY time spent converting DRM'd crap
V = Value of my time
X = Number of content files
AEC = Artist earnings per content file
So... you end up comparing H*V*X vs. AEC*X, and in MY mind the answer is always:
H*V*X > AEC*X
You go ahead and plug in your own numbers, I have, and to me, its just not worth it. My time is money, and if you think you are going to not only charge me money to buy your content, but then turn around and charge me (indirectly) to modify your content for my purposes, you're nuckin futs!
Opinion:=TMyOpinion.Create(Me);
We are probably going to find out that posting a 32 byte encryption key for a movie on your website does count as a DMCA violation, even though the key is only useful to people who own the disc.
Common sense be damned. Could an encryption key be the world's shortest copyrighted work?
>north
You're an immobile computer, remember?
This is a shameless appeal for some coders with HDDVD or BluRay drives to come out of the Slashdot woodwork and finish what muslix64 started. He said he will not finish the AACS decryption tool beyond where it stands, and it has some some serious problems:
s t941169
Read this forum post for a detailed explanation of the current revision:
http://forum.doom9.org/showthread.php?p=941169#po
See Professor Ed Felten's excellent blog explaining AACS in detail:
http://www.freedom-to-tinker.com/
The official AACS specifications, straight from the source:
http://www.aacsla.com/specifications/
Your contributions will apply to both HDDVD and BluRay, of course.
The sooner these stupid DRM schemes are defeated, the faster the new hi-def technologies will be adopted by the public at large. If either Blu-Ray or HD-DVD were totally and permanently cracked today, then they would become sooo much more attractive. I think it would convince more people to adopt the cracked platform. Sales would go up and lots of stuff would get pirated. But they wouldn't see the increase in sales as a result of a more flexible DRM-less platform- all we would hear about is the increase of piracy and all the money lost. But it all goes hand in hand. It's a symbiotic relationship.
Revoking the keys of a hardware player WOULD really ick off the consumers.... But WHO would the consumers get mad at?
If I understand the blu-ray scheme properly (and I might not), new commercially-sold disks with protected content on them also carry revokation lists, and updated keys. When you insert this new disk into your player, it will revoke the player's key essentially BREAKING it, so it won't even play discs that it played BEFORE you inserted the new one.
Consumers will see this: They bought Shrek 3 on blu-ray, put it in the player, and after that, the player won't work. They will think that the player is broken, and complain to the manufacturer of the player. This way, the content companies can be jerks, and the player manufacturers have to work to get the player working again for the consumer (probably by sending out a cd with a new key or algorithm in it).
The content companies are offloading the cost of piracy protection to the hardware manufacturers by making them spend WAY more money on engineers, programmers, High-speed CPUs, customer support, etc... How much do you want to be that the extra cost will be passed down to the consumer?
Personally, I believe if the content providers want to protect their content, then THEY should be paying for it directly. This might be fine for Sony, who publishes content AND makes the hardware, but I bet even they will have trouble keeping costs down.
And thus this isn't a very useful crack, because the minute it is revealed, it gets plugged. Maybe earlier, if they figure it out anyway.
The only reason the software player used is visible at all right now is because the people involved are still working out the process. Once that gets nailed down and the scene goes completely underground, there will be people who crack disks and release the volume keys into the wild, and no one will have any idea how they got them. When one visits a Warez size to find out a serial number to install software, did you learn anything about the disassembler used to crack the key? Nope. Same thing will happen here.
AACS is as secure as it gets. It uses proper crypto, unlike CSS. Copy protection is a fundamentally unsolvable problem, but apart from that there is nothing wrong with AACS.
It's as secure as it gets, except for the fact that it's fundamentally flawed. I'm with you here.
And what does "implement revocation securely" even mean?
Examples of the kind of thing I think about:
a) You have two copies of a disc from successive mastering runs. The only difference between them is that the later generation pressing has removed a player key that existed on the previous version. Can you learn anything from comparing the two, given that you know how to decrypt the earlier one? Here I'd imagine AACS is genuinely secure.
b) The maker of your software player has been found guilty of releasing a hackable player whose keys can be extracted. They revoke that key and release an update with a new one. How much easier is it to find out that new key, given that you already broke the previous version and know its player key? Presumably the new release still shares a lot of code with the broken one, which reduces how many bytes need to be sorted through to discover where the new key and its related decryption code are at considerably. Each time a new player update comes out that is known to have a different key from the previous one, a bit more will be exposed about what part of the player does the decryption, making future cracks even easier.
And here's a slightly different idea to chew on, from the business side:
c) The key issuers of the content providers get so desperate that they start revoking keys given any provocation. A player manufacturer feels their key was revoked unfairly, because their player was secure (cough); they then sue the key authority for the hardship they and their customers were put through by this unfair revocation. What happens? I'm sure there's a clause about this in the licensing agreement, but this is America; we sue people in ridiculous fashion all the time here with unpredictable outcome.