Slashdot Mirror
AACS Hack Blamed on Bad Player Implementation
seriouslywtf writes "The AACS LA, those responsible for the AACS protection used by HD DVD and Blu-ray, has issued a statement claiming that AACS has not been compromised. Instead, they blame the implementation of AACS on specific players and claim that the makers of those players should follow the Compliance and Robustness Rules. 'It's not us, it's them!' This, however, does not appear to be the entire truth. From the Ars Technica article: 'This is an curious accusation because, according to the AACS documentation reviewed by Ars Technica, the AACS specification does not, in fact, account for this attack vector. ...
We believe the AACS LA may be able to stop this particular hack. While little is truly known about how effective the key revocation system in AACS is, in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated. As such, if the hole can be patched in the players, the leak of volume keys could be limited to essentially what is already on the market. That is, until another hole is found.'"
Did anybody really expect the AACS LA to say anything other than what they did? (Besides, maybe "we give up"?)
Part of me wants them to find a proper fix for these holes. My CableCo phoned me because I've already gone way over my quota this month.
Trolling is a art,
Of course it's not your fault. Your highly paid engineers are WAY smarter than anyone else.
You give them the lock.
You give them the key.
You hope that they can't figure out how to put one into the other.
High fives.
Powered by Web3.5 RC 2
It's a widely known fact that Canada is responsible for 50% of the HD DVD piracy.
Even worse, the AACS specification does not, in fact, account for this large sparsely populated country.
A12A.713 is the root of ASC('evil')
if the hole can be patched in the players
It cannot, ever, unless they disallow software players from any platform not running on Trusted Computing enabled hardware and a Trusted Computing enabled operating system.
Until then, no DRM scheme works.
None.
It's that simple.
it's in my head
Since July of last year I have basically cut out the mass media from my life. I sold my TV, gave away my DVD player, and donated my CDs and DVDs to a charity auction. For entertainment, I've taken up a number of sports, including basketball and skiing. I also now listen to local bands live at pubs and restaurants, rather than listening to the radio or CDs. I never had any gaming consoles to begin with, and I uninstalled and gave away the few computer games I do have. I do rely on the BBC for news, but even that's become limited these days.
I'm glad I made that decision. All this new crap involving DRM and frivolous from the entertainment industry just goes to show you how full of horseshit they are. I'm very pleased that my money does not go to them. They don't deserve it. Not only that, but now that I play sports rather than just watching them on TV, I've become much more fit and far healthier. Getting away from the mainstream media was one of the best things I've ever done.
...for this fight at freedom-to-tinker.com. The whole series on AACS is worth reading, as is every single thing he posts.
Carousel is a lie!
If they are really going to use the device revocation option, things are going to get way fun.
Players which will only play certain discs and not others, instant obsolescence for entire classes of $1000 players.
This makes the format wars look like a sales promotion!
If the players are non-patchable:
1) We will live in a universe in which, every year or so, an unknown number of players will play discs produced up to, but not after, a certain date.
Consider the sales/support implications of customers selecting products for Christmas 2008: "Well, sir, this Foobar-1000 plays discs up produced in 2006-2007, a Foobar-1130 plays discs produced from 2006-2008, and a Fonybaz-1900 plays discs produced from 2006 to August 2008."
If the players are patchable, it's even worse for the industry:
1) Your Foobar 1000 will play discs produced in 2006 and 2007. It ceases to work for discs produced between February 2007 until you buy a disc produced a few months later that happens to contains some code that query the player whether it's a Foobar 1000... and if so, to automatically/silently patch the firmware. Then all your discs work again.
That's a good thing for the user, and a bad thing for the industry, because as soon as you've got a firmware patch on a DVD, the obvious thing for an enterprising hacker to do is to put his own firmware patch on his own DVD, and your Foobar 1000, all of a sudden, ceases to implement the DRMish crap which the MPAA crammed onto it...
In short, if players can be patched in the field (and this applies to both hardware/firmware-based players in embedded systems and to PC-based disc-playing software), it's a long-term battle of the rootkits, and that's a battle that MPAA is likely to lose.
Why is Ars saying they believe they can stop this hack by revoking the player key? The original person who cracked it specifically didn't release the key I thought and was only releasing TITLE keys which will be much more dangerous to revoke yes?
Not that it matters much either way because this attack vector will always exist for any kind of system they come up with. Since it will always exist someone will rip it and post the movie on bittorrent.
They are actually probably pretty happy that this is the only possible hack anyways since it isn't anywhere near as useful as DeCSS.
Dear consumer:
Please check our website so you can download a patch and intall it on your DVD player.
BWahahaha..
That will go over like a lead balloon.
as will a machine that no longer playing new movies every few months so you have to buy a new player.
Which is good. DRM is just causing more consumer frustration and less value.
The Kruger Dunning explains most post on
I don't understand the point of revoking a hacked key. Now the key has been found and discs have been hacked, the output of the process is an unencrypted file with no key. Until something like AnyDVD comes out that just silently and automatically strips encryption on the fly, the primary use of the program will be to get unencrypted content onto P2P networks.
Why bother revoking the key? I must be missing something. Sure, don't use the same key on future discs, but pirated copies will have no encryption - key revocation only seems to affect legitimate users of the disc.
Oh yeah, I'd forgotten, DRM isn't about piracy...
The express purpose of "Trusted" Computing is to distinguish an OS running on bare hardware from a virtualized OS. The virtualized Trusted Platform Module is issued not from a recognized mainboard manufacturer's keyspace but from VMware's.
All the focus, and for good reasons, has been on software-based DVD players. They're easy for any hacker to play around with. However there are plenty of people out there who happen to be hardware hackers as well. I wonder how long (probably just a matter of time) before some hardware/firmware hacker disects a standalone HD player and is able to extract keys from that. Hardware hacking hasn't been as glamourous as software hacking in recent years, but a mere 20 years ago it was all about hardware hacking. Read a book like the Cuckoos Egg - a sysadmin physically tapped into communication lines and directed the output to line printers so that a hacker he'd been hunting wouldn't know he was being tracked. I'd be willing to bet that some hardware/firmware gurus with the right tools would be able to hack a standalone HD player if they had the desire to do it. And if they can pull that off it'd be a LOT harder for the AACS LA to plug that hole.
They talk about this on Security Now, Episode #76 (http://www.grc.com/securitynow.htm)
It seems muslix64 just had a snapshot of the entire .exe running in memory, then used selective keying - serially trying bytes 1-4, then 2-5, 3-6 etc as the keys until the mpeg frame decrypted. (which, of course this is much faster than a pure brute force attack, and took only seconds).
So as long as a software player has the key in the clear and is loaded in memory 'somewhere', this type of attack will continue to work.
AACS is still 'unbroken' but like many failed encryption schemes, it was circumvented due to poor implementation.
Open letter to the MPAA: I hope a true "CSS" style hack is found. Otherwise, I'm remaining on the sidelines and I won't be buying any HD-DVD or Blu-Ray discs.
Hear that, MPAA!?!?! I said BUYING. You claim piracy costs sales, but you MUST then subtract the lost sales due to your overbearing copy protection. I have about 2000 CDs and about 600 DVDs in my collection. I have no HD-DVD or Blu-Ray discs. And I don't plan on it either unless things change.
It's a new world. And in this new world, I have an expectation of device portability. That means when I buy a 5" media-containing silver platter, I expect to be able to store it on a server in my house to stream it to my living room or my computer or my bedroom. I expect to be able to re-compress it for my laptop or my ipod (or -like device) for watching when traveling. I have no desire to be tied to a specific (and expensive) playback device in a specific location. You're terrified of future storage capacity that will reach into the terrabytes on small devices, but to me, that's the thing that's keeping me interested at the moment in the stuff you have to sell... the knowledge that I can have that portability in movies and TV the same way I have it for the music that I've collected over the years. The RIAA freaked out when MP3's came along, but to be honest, my interest in music had waned significantly. But now, with so much available at my fingertips, I'm VERY interested in hearing new things and I'm buying probably more than ever before (though none through the DRM-crippled iTunes store).
I will gladly buy the media, but I expect that at that point, our relationship is OVER. Thanks, goodbye. Now if I want to extract images from the movie, print them out, and wall-paper my room with them, that's MY business, not yours.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
It warms my heart to know that there are people out there watching out for my fair use rights. If it weren't for them, the people who (blah blah blah) my entertainment would be able to prevent me from taking actions which are supposedly explicitly protected by law, based on legislation which they bought and paid for. Now I don't have to worry about that happening, and I can do the things I'm supposed to be able to do with my entertainment collection.
There, fixed that for you.
I bet you are in favor of banning water since it's possible to drown someone in it, too.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So magine the shit-storm when customers start flooding the Best Buy customer support aisle thinking that their machine is broken, when if fact it "works" just fine and the movie industry has shut down your player because some hacker is using its AACS key.
I can't wait.
The Hindenburg did not catch fire, it was merely the hydrogen in the Hindenburg that caught fire.
The Titanic did not sink, it was just that Captain Smith did not adhere to the specifications as to how the Titanic should be operated (it says clearly on page 216, "Do not allow icebergs to rip open more than four of the water-tight compartments.")
And talk of "blunders" in the Battle of Balaclava are hogwash.
"How to Do Nothing," kids activities, back in print!
If they admitted this was in fact a miss in the AACS specification about protecting the keys, AACS LA could have their algorithm face a quite severe dent in its reputation. By blaming it on player implementations, it's not their problem. However, the real problem still remains despite whatever they say -- it's the end result that matters, not whom's fault it is.
Beware: In C++, your friends can see your privates!
As programmer, I can tell that it work both ways. Any deficiency (or bug) can be blamed on poor implementation. At the same time, big companies which actually looked and benchmarked development process (e.g. IBM) claim that 75% bugs are caused by erroneous specifications.
IOW, players were implemented as good as AACS has told what/how to implement.
Somehow, I doubt that documentation from AACS would be much better than that of Microsoft.
All hope abandon ye who enter here.
Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.
Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.
The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.
However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?
Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
>north
You're an immobile computer, remember?
TPMs. To make sure you, as the owner of the machine, can't see what a "trusted app" is doing.
I'm positive someone will find a way around THAT, too. Even if it means applying a soldering iron to a motherboard. Some people are very creative. And the fun part is, you only ever have to hack it ONCE, and the internet does the rest...
Seven puppies were harmed during the making of this post.
I'm fairly certain that if at some point the **AAs ever visited slashdot that it didn't take long to figure out that this isn't the place for them to visit. Why don't you try actually sending them your thoughts DIRECTLY, as I have done in the past. If more people did, maybe they wouldn't think that the public actually wants DRM. Otherwise, you're just doing what the network exec in South Park said "please direct any further complaints to the brick wall over there". You're being just as effective.
today is spelling optional day.
DRM *is* a pain the ass. Even on DVDs, with copies you don't have to sit through those annoying ads and logos or the annoying main menu (which always leads to the movie). On the real-McCoy you must suffer. How many people with legal copies of Windows are using volume keys just because they don't want to call up Microsoft for permission whenever they change their config?
The MPAA (and Microsoft) are fighting the way their enemy fights best. If you make DRM inconvenient, and it *is* inconvenient, hackers will find a way around it. If you overcharge, or having play-one-time-only restrictions, people won't use it. If you make any system harder to use than what is out there already, people will go around it! And I'd bet my money on a bunch of teenager hackers over any boring, Microsoft wage serf.
My suggestion: make movies cheaper and drop DRM altogether. PC game companies are realising this. My Oblivion DVD says 'we didn't include any copy protection so please don't copy this'... and I didn't. They've got my goodwill. Some hackers probably did copy it, but DRM doesn't make it any more or less likely. Maybe even more?
Your parent's point is that if you obtain the player key for HDVision-1000 serial number ABCDE, just revoking the key for serial number ABCDE is not enough. Since you can obtain the key from one HDVision-1000, you can easily do it to any other amount of the same model, thus they keys for ALL of that model must be reversed, since the design* has been compromised.
Suffice it to say, the design of all of them is flawed from the get-go, so whatever.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
All you need is one very pissed-off average geek that can't watch their bought-n-paid-for movie and the whole non-DRM'ed movie is likely going to be out there for everyone else, that can't watch their own copy, to download it. In fact, the more players that they "revoke" the keys for, then the more pissed-off geeks there will be, and the more movies that will likely be available for download. Its a loosing proposition any way you look at it. With DRM the "fix" becomes "the problem". The only people that win are the ones writing the DRM and spoon feeding the Board room executives that don't know that DRM can't work.
When will they ever learn that you can't solve a SOCIAL PROBLEM using technology of any kind. In fact they should wise up and realize that its the professionals that build specialized hardware that copy the "protected" disk bit-by-bit, then burn a thousand copies, and are making big bucks off of all the boot-leg copies. Those are the ones they should go after, not the average people that paid for the movie and just want to watch what they paid for, when and where they want to. So, RIAA/MPAA, take it from a security geek, know thy enemy! You can't fix a problem if you don't even try to understand what the problem is!
Two separate but important points:
1. The most devastating attack that can be done against software players would be to use malware to extract keys. There are many, many zombies out there. The malware could search for installed HD-DVD/Blu-Ray player software on the victims' machines that it knows how to break, extract the unique key from such software, and send to the malware author. There would then be enough keys known that only revocation of the entire product line's keys could get around the problem. I wonder whether they've considered this scenario. (However, one mitigating factor is that malware is done for profit, and this wouldn't be profitable. For-profit pirates just copy disks outright without bothering to decrypt.)
2. The reason the AACS made that wording about the players not following the "Compliance and Robustness Rules" is probably so that they can invoke the parts of the contract allowing them to fine the licensee millions of dollars.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
This can be foiled by 'encrypting' the key by swapping the bytes and using a bit of assembly to 'decrypt' the key in a register before use and making sure the key never leaves the register at any time. Not really encryption I know, but it's not difficult (if you know the arcane art of assemly) to foil this type of attack.
Listen to my music.
The problem with this assumption is twofold.
A. It assumes that the key will be the last possible one in the key space.
B. It assumes that the only method used will be 'pure' brute force.
A. is almost certainly not true. And while it might be optimistic, it's quite possible that it'll be discovered that due to some brain dead maneuver the keys themselves have been generated weakly in a fashion where all 128 bits don't really come into play.
B. might be true for now, but I refuse to believe that there aren't already people out there working on more elegant methods of brute forcing the keys which would allow the space to be narrowed down to specific areas 'quickly'. I also refuse to believe there isn't one.