AACS Hack Blamed on Bad Player Implementation

seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ... We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"

No AACS, Blu-ray, HD-DVD for me.

Since July of last year I have basically cut out the mass media from my life. I sold my TV, gave away my DVD player, and donated my CDs and DVDs to a charity auction. For entertainment, I've taken up a number of sports, including basketball and skiing. I also now listen to local bands live at pubs and restaurants, rather than listening to the radio or CDs. I never had any gaming consoles to begin with, and I uninstalled and gave away the few computer games I do have. I do rely on the BBC for news, but even that's become limited these days.

I'm glad I made that decision. All this new crap involving DRM and frivolous from the entertainment industry just goes to show you how full of horseshit they are. I'm very pleased that my money does not go to them. They don't deserve it. Not only that, but now that I play sports rather than just watching them on TV, I've become much more fit and far healthier. Getting away from the mainstream media was one of the best things I've ever done.

Ahh... the fun begins!

[monopole]

If they are really going to use the device revocation option, things are going to get way fun.
Players which will only play certain discs and not others, instant obsolescence for entire classes of $1000 players.
This makes the format wars look like a sales promotion!

I need to buy, rip, and store the content

[sdo1]

Open letter to the MPAA: I hope a true "CSS" style hack is found. Otherwise, I'm remaining on the sidelines and I won't be buying any HD-DVD or Blu-Ray discs.

Hear that, MPAA!?!?! I said BUYING. You claim piracy costs sales, but you MUST then subtract the lost sales due to your overbearing copy protection. I have about 2000 CDs and about 600 DVDs in my collection. I have no HD-DVD or Blu-Ray discs. And I don't plan on it either unless things change.

It's a new world. And in this new world, I have an expectation of device portability. That means when I buy a 5" media-containing silver platter, I expect to be able to store it on a server in my house to stream it to my living room or my computer or my bedroom. I expect to be able to re-compress it for my laptop or my ipod (or -like device) for watching when traveling. I have no desire to be tied to a specific (and expensive) playback device in a specific location. You're terrified of future storage capacity that will reach into the terrabytes on small devices, but to me, that's the thing that's keeping me interested at the moment in the stuff you have to sell... the knowledge that I can have that portability in movies and TV the same way I have it for the music that I've collected over the years. The RIAA freaked out when MP3's came along, but to be honest, my interest in music had waned significantly. But now, with so much available at my fingertips, I'm VERY interested in hearing new things and I'm buying probably more than ever before (though none through the DRM-crippled iTunes store).

I will gladly buy the media, but I expect that at that point, our relationship is OVER. Thanks, goodbye. Now if I want to extract images from the movie, print them out, and wall-paper my room with them, that's MY business, not yours.

-S

Thankyou (parent is right)

[Cheesey]

Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.

Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.

The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.

However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?

Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Making life hard for customers doesn't mean more $

[BillGatesLoveChild]

DRM *is* a pain the ass. Even on DVDs, with copies you don't have to sit through those annoying ads and logos or the annoying main menu (which always leads to the movie). On the real-McCoy you must suffer. How many people with legal copies of Windows are using volume keys just because they don't want to call up Microsoft for permission whenever they change their config?

The MPAA (and Microsoft) are fighting the way their enemy fights best. If you make DRM inconvenient, and it *is* inconvenient, hackers will find a way around it. If you overcharge, or having play-one-time-only restrictions, people won't use it. If you make any system harder to use than what is out there already, people will go around it! And I'd bet my money on a bunch of teenager hackers over any boring, Microsoft wage serf.

My suggestion: make movies cheaper and drop DRM altogether. PC game companies are realising this. My Oblivion DVD says 'we didn't include any copy protection so please don't copy this'... and I didn't. They've got my goodwill. Some hackers probably did copy it, but DRM doesn't make it any more or less likely. Maybe even more?