HD-DVD and Blu-Ray Protections Fully Broken

gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."

OK, time to switch now!

The time has come to make the upgrade.

props to Muslix64 and hackers everywhere

[cpearson]

It puts a smile on my face knowing that a small group of unpaid media hackers are able to crack the AACS encryption scheme what tooks many developers and millions in R&D to create, in just a few short weeks.

Vista Help Forum

Re:props to Muslix64 and hackers everywhere

cpearson,

It has always been easier to destroy/crack something than to create it in the first place.

It is not a great undertaking to break a DRM scheme. It is not comparable to cracking strong encryption (which takes lots of horse power). The basic concept of DRM is fundamentally flawed and therefore open to attack.

DRM by its nature is both widely available and has to function on a user's local device or PC. The wide availability (unlike an encrypted message with a unique key) means the attacker has easy access both the algorithm and protected content. This mathematically greatly reduces uniqueness. One only has to setup the correct environment and observe how it functions with a legal copy. And since the DRM scheme is most likely non-unique on a copy by copy basis the affect instantly cascades. Unlike getting a randomly encrypted file you have access to the algorithm (the software) and you have access to the keys.

The big issue in DRM is how to obfuscate your algorithm and how to keep people from getting access to the stream in the clear. Both of these tasks are next to impossible to carry out effectively.

So anyone, even the very same "small group of unpaid media hackers" in question, would have to spend a large amount of effort trying to come up with better and better obfuscation schemes. While cracking the DRM will take far less resources, focus, or time.

Cracking DRM is more akin to white box QA or reverse engineering.

All that said I'm secretly glad someone stepped up and did this :-) DRM as it exists today is pointless, useless, and gets in the way of a customers fair use of something they have purchased.

I'm willing to bet 5 years from now we will see far less DRM in use and those still using it won't be selling as much music or as many movies as those not using it.

Re:props to Muslix64 and hackers everywhere

[Athenais]

Or as someone once put it, there is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.

All DRM implementations will be broken.

[MartinG]

DRM is fundamentally broken by design. Ciphers of this kind rely on the attacker not getting hold of the key. At the same time, the recipient needs the key to get the data. I can never work because the attacker is the same person as the recipient.

In effect, DRM is security through obscurity.

How much longer will we have to put up with this crap before the media companies realise this and stop inconveniencing their customers and wasting our money and time as well as their own?

Re:All DRM implementations will be broken.

[mrsbrisby]

It can never work because the attacker is the same person as the recipient.

That's why TPM is being pushed by DRM proponents: TPM means your computer no longer trusts you (its owner). It means that someone that can convince Verisign to sign their key will be able to have access to all your secrets- including the ones that you do not. It already happened.

Forget all that jibber-jabber about whether they have a right to protect their "copyrights", or even if you have any rights to copy: they clearly cannot be trusted with your secrecy and your privacy.

The inherent problem...

[sco_robinso]

...As most people know is that you're trying to copy protect an inherently open media format. Even in theory it's very difficult to copy protect media in a widely open, public format.

Until vastly different technology is available 20 or 30 years down the road, all that DRM is going to amount to doing is preventing the 'average joe' from copying en-mass. They just have to make it difficult enough for the casual user to be deterred from copying the content. Look at the copy protection scheme on the iPod - it's basically useless, but it prevents grandma from copying bulk amounts on content. It's like how photocopiers are not a danger to printed media, as it's just 'too' difficult to walk up to a copier and copy things on mass. The industry just has to make it hard enough to deter joe user.

The real problem for the recording industry comes in when now people are getting more and more saavy at copying content, and it's becoming more and more common place, and digital media sharing is now common place and digital media is now common place in the living room now. 10 years ago MP3's were just making there way on the scene and basically only very saavy users knew what an MP3 was, let alone what to do with it. What happens when 10 years from now mobile HD video players are just as common as MP3 players, and your average iPod video has a half a TB of flash storage? Copying (High-Def) DVD's at that point will be common place like MP3's are relatively common place now.

look at book publishers...

[Churla]

People still buy books, including audio books and eBooks, even though photocopier exist.

I think the recording and motion picture industries need to look at why, and follow that lead. Instead of millions in copy protection R&D, why not spend millions to improve the product? Make the product something people liked owning. (Notice how libophiles obsess over the actual tangible book?).

The one really viable way to control it would be to mandate that all players have an internet connection and it verify the purchaser has rights to the media before playing it. Of course if people have good high speed connections to the internet there's no reason to buy the physical media, which they recording and motion picture industries simply can't abide with.

Nope, it's really cracked

[suv4x4]

After reading through the article I must conclude that while the author has made decoding current discs easier, AACS has NOT been "fully cracked". The key embedded in the current software may be expired in the future, rendering this method useless for discs produced after that expiration.

In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?

Don't forget: the people who buy those already had to put up with paying premium for a HDTV, expensive players, and also make sure the TV, cable and player play together through HDMI.

If you start demanding they are hooked non-stop to Internet so they can receive the daily patches, it may just be the thing crossing the line of tolerance.

Also: the hard part is retrieving keys from pure hardware. The new keys come as firmware updates over the network.. it's even easier to update those HD-DVD/BlueRay rippers. After all, you have even the keys they encrypted the patches with: you have the player, don't you.

All in all, the "super morphing update" ability of AACS seems more like a way for the AACS developers to claim "the war it's not over", when it effectively is over.

Companies will refuse to use the new keys for their disks, since they will be incompatible with plenty of the players out there, the AACS creators will whine a bit about how "they could fix it but they don't wanna, not our fault", and this is where it'll end.

Re:Released Too Early

[zappepcs]

Wrong! Break the DRM, Break it early, and break it often. DRM is dead, in fact it was stillborn. The foundational thinking behind DRM (or CRAP if you like) was so 'not right' that it's 'not even wrong' and it isn't getting any better. The more often the *AAs have to fight back with new DRM the more likely it is that we will see who in the governments is getting paid to support DRM, and then we will really have a target to ridicule, impeach, or tar and feather.

The premise that all consumers are criminals is criminal in and of itself. Bear with me here. It defies logic and law to (analogy time) remove guns from citizens to prevent them from shooting people. It defies logic and good business sense to make .38 bullets that can only be used in guns made by one manufacturer. It defies the intent of the framers of the law in the US to presume that you are guilty until proven so, yet this is exactly what DRM is all about, the assumption that all consumers are guilty or would be if given even half a chance.

Besides this, governments should not be propping up business models that are antiquated and broken. Desktop publishing put typesetters out of work, did the governments do anything? Trains put buggy makers out of work, did the governments do anything? That is only naming a couple of examples, but the governments seem hell bent on protecting certain industries. I can only conclude that those same governments are being well paid by those industries, for that is the only logical motivation for such infringements on citizen's liberties and rights.

Now that AACS is cracked, time to follow the money and figure out who is getting paid and expose them as broadly as the DRM keys are exposed.

Re:Yes, someone walk us through this.

[hardburn]

Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.

Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.

The MPAA can revoke the processing key, but quoting from the forum:

Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.

Essentially, it becomes a known-plaintext attack.

No different than us web developers

[creativeHavoc]

Web Developers and Web Content-Maker-Guys YEARS ago gave the "no right click" a try. We quickly learned that if some one wants the content off the web site, they will get it, so there is no use in trying to introduce barriers that only hurt the casual user. You don't see "no-right-click" scripts anymore, but we are still producing tons of content for the web. Much of it copyrighted, and mostly the copyright honored.

I can't help but see this as a parent who is all too restrictive with thier child, leading the child into endless rebelion that would have been avoided if moderation was used instead of a billy club.

"...trying to get content without paying for it?"

[Anomalyst]

I have paid for every single DVD I own. No good deed goes unpunished, I am repeatedly subjected to unskippable previews, FBI warnings, commentary disclaimers and the same fscking flying logo and equally annoying jingle at 4 places before actually getting to the content I purchased. If I were stupid enough to buy into HD/BR I additionally lose my control over the resolution I want. This isn't about Imaginary Property rights, it's about THEIR control of MY property.