Slashdot Mirror

← Back to Stories (view on slashdot.org)

HD-DVD and Blu-Ray Protections Fully Broken

Posted by Zonk on from the open-season dept.

gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."

14 of 682 comments (clear)

  1. Doom9's Forum by yanos · · Score: 5, Informative

    It all starts here: http://forum.doom9.org/showthread.php?t=121866&pag e=6

    Later posts seem to confirm that it works for both BR and HD-DVD

  2. Re:All DRM implementations will be broken. by TheSpoom · · Score: 4, Informative

    Indeed. These guys should have listened to Cory Doctorow when he was talking at Microsoft. Unfortunately, it seems they didn't get it either.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  3. Not Really Broken by Jah-Wren+Ryel · · Score: 5, Informative
    The guy just pulled the device keys for windvd and/or powerdvd from system memory. People have already been pulling the volume keys from memory so this was just an incremental step. The keys will be revoked (which really means that future discs will not include support for the compromised device keys, there is no actual 'taking back' of the keys as the word 'revoke' tends to imply).

    One key thing to take away from this is that the authors of the software made it really easy to pull the device keys out of memory for two reasons
    1. They kept them in variables that were physically near the variables for the volume key
    2. They zero-ed them out after use, leaving big gaping holes of zeros in memory in a place where that kind of looked funny, drawing attention to those areas
    If they are smart (and if the MPAA even give them another chance), the powerdvd/windvd authors will reimplement their AACS decryption code to never store the keys in memory. Without double-checking, I believe the keys are only 128 bits, they could be loaded into the SSE registers in encrypted form and then decrypted on chip. The authors will still need to take measures to prevent an OS context switch from storing the registers in kernel-private memory during the period in which the device keys are present, but that is not an extended period of time, presumably they can kick their priority up high enough that it won't happen without hurting the system much.

    Even that approach isn't hack-proof, but it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.
    --
    When information is power, privacy is freedom.
    1. Re:Not Really Broken by Jah-Wren+Ryel · · Score: 4, Informative

      Couldn't you still load the program into gdb and get the register values that way? Or is there something in the modern versions of MS Windows that prevents using a debugger?

      Under most versions of unix, only one debugger can attach to a process at a time. So an easy trick to prevent being debugged is to make the program attach to itself, thus locking out other debuggers. Some unices don't let a process attach to itself, but for those it may be possible to fork a child and have each process mutually debug the other. I'm not an NT programmer, but I would bet something along those lines works the same there too.

      Don't get me wrong, nothing is fool-proof (and I said so in my first post) the best these guys can do is make it difficult. So far, the windvd/powerdvd guys just wiped the device key from memory after use which is about the bare minimum - they could have done lots more without too much effort.

      --
      When information is power, privacy is freedom.
    2. Re:Not Really Broken by plalonde2 · · Score: 4, Informative
      it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.

      You've clearly never worked with a good hardware-assisted debugger. And virtualization makes this scenario possible without debugger hardware support.

      Even more, no matter what, the key has to make its way from the device to the CPU register. On every modern machine that transaction goes through memory. Which means that brute-force tracing from the device to the registers should be able to find it. Not necessarily easily, but quite doable.

      DRM is dead. Let's bury it.

  4. Re:All DRM implementations will be broken. by CastrTroy · · Score: 4, Informative

    Security through obscurity means that you hide the way your security algorithm works in order to make it seem more secure than it is. Take a safe for instance. Security through obscurity would be trying to hide how the safe was designed, and trying to stop the thief from touching the safe in order to prevent them from breaking into it. A safe that doesn't rely on security through obscurity means that you could give the plans to the safe, to show how it's made, and all the mechanisms inside, as well as give him free access to the safe to try to do a bunch of things with it, and you would still be sure that he wouldn't break into the safe, short of using brute force. Common encryption algorithms like RSA are believed to be secure, even though everybody already knows how they work. The only way people know to break them, is to try all the keys. This is like trying every possible combination on a safe, in order to open it. Instead of safes which aren't really secure, that you can break just by listening to the tumblers with a stethescope.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  5. Re:Nice. by Anonymous Coward · · Score: 5, Informative

    Editor's Note: Houston is a porno actress who was supposed to gang bang 500 men and wound up gangbanging 620 men instead. So the parent post would suggest that only 620 movies would be online in five years. I suspect that there will be many more movies online.

  6. Re:Nope, it's really cracked by FireFury03 · · Score: 3, Informative

    In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?

    You don't need the hardware to be networked in order to do key revokation - all the current discs continue to work just fine, but future discs will be encoded so they cannot be decoded with this key (this is the basis of AACS key revokation).

    This is definately not "fully broken" - fully broken is when I can use the crack indefinately *without* having to get a new player and extract a key from it every so often. i.e. it involves finding a flaw in the algorithm that allows you to decode the disc without needing to extract any data from a legitimate player to do so.

    --
    http://blog.nexusuk.org
  7. Re:props to Muslix64 and hackers everywhere by h2g2bob · · Score: 5, Informative

    Sorry everybody, but it's not.

    That said, they have got a player key now, so all disks published to date can be decoded.

    Each player has its own player key, and each disk accepts any player key in its list (the player key is used to decode the volume key which decodes the film).

    With this player key, they can decode any HD-DVD which has been printed already. However, as the key has now been compromised, future disks will not accept that player key. The software will have its player key updated, but the software will be tightened in an attempt to remove this loophole.

    Take a look at the archives of http://www.freedom-to-tinker.com/ for a detailed discussion.

  8. Re:All DRM implementations will be broken. by dpilot · · Score: 3, Informative

    I wouldn't be quite so optimistic. The difference is that at least some of the people involved in crafting TPM know something about security, as opposed to the people doing DRM and touch-screen voting machines. There has been quite a bit of art and work involved in developing tamper-resistant chips, and at least some of the TPM implementations use this art.

    Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.

    Then again, TPM isn't bad, on it's own. It really depends on who owns the TPM. As long as I own it, it just might be good. The moment someone else owns it, then I merely pretend to own my system that has it, and that's bad. Some time ago, I picked the (M) stuff for the kernel build on my Thinkpad, and have been building them ever since. I've never used them yet, but if SOMEBODY is going to be controlling that chip, I want it to be ME.

    --
    The living have better things to do than to continue hating the dead.
  9. Re:look at book publishers... by AJWM · · Score: 3, Informative

    And one of the big publishers of e-books, Baen Books, not only doesn't bother with DRM, they make the content available in multiple formats, and even offer entire ebooks free (see the Baen Free Library.) They occasionally put out a CD full of big name SF and fantasy books, and encourage copying (just don't charge money for it). Anything to get folks hooked ;-)

    The authors involved agree that this helps get their names out and generates demand for paper copies and paid-for e-copies of their work. The reduced overhead of e-publishing compared to paper publishing more than covers any "piracy", I guess. The "Baen's Universe" e-magazine pays the authors better rates than the current paper magazines (Asimov's, Analog, etc) do. (Don't know about the book payment side. I hope to find out first hand at some point ;-)

    --
    -- Alastair
  10. Re:props to Muslix64 and hackers everywhere by D3viL · · Score: 5, Informative

    You would be correct, execpt what has been relesed is not the player key. In fact the player (device) key is one of the two that have not been released, the other one being the root key held by AACS LA. The key that has just been released and reusulted in this article is the processing key which can (and probably will) be changed for any disc authored after the previous key bacame known. The key difference is that the player key is linked to the specific player whereas the processing key is specific to the hddvd/blueray discs created with it and will continue to be valid for those discs even after new ones are produced with a new key. Relasesing a device key would be counterproductive as indiviual device keys can be blacklisted meaning if you had one you would have to break a new player device (hardware or software).

  11. MOD PARENT Up! by tacokill · · Score: 4, Informative

    This is the real story here. Mod parent up.

    Essentially, what he is saying is this: while the crack is temporary, the method of attack is unassailable under the current model.

    That's whats important here. If keys get revoked, its a trivial matter to go get them again. The hard work has been done. Now all you have to do is follow procedures and -voila- you can crack AACS too.

    Despite other comments on this board, AACS IS cracked.

  12. Re:All DRM implementations will be broken. by JohnFluxx · · Score: 3, Informative

    Just FYI, use of an electron microscope is pretty cheap too. I'm charged £35 ($70) an hour.