Slashdot Mirror
HD-DVD and Blu-Ray Protections Fully Broken
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
Can this be fixed by revoking a player key? Or is this a more extensive breach like what happened with DECSS? Will this work on all future discs, or does it just work on the discs that are currently being produced?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
So what is the industry's response to all this? Can they deal with the problem without breaking every DVD player in existence? Is the encryption completely symmetric? Can they start releasing DVDs with new keys, without creating a situation where some DVD players can read old dics, and others can read new ones? Are different keys used in Europe, U.S., etc.?
Find free books.
Now we get to see how effective the key revocation system (that forms part of aacs) is going to be.
Should be interesting...
Ian Ameline
The same method used to acquire this key can be used to acquire future keys. All it takes is one determined hacker willing to rifle through his memory addresses for the key.
I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not.
Correct. And there are plenty of things that can be done to make this a lot harder. What was broken was a poor implementation of a decoder. I suspect that not only will that key be revoked, but also that player author may lose their right to future keys until they show that they have fixed this problem adequately.
This is not remotely "fully cracked". However, IF the cracker had not revealed what player was involved, and instead just provided a website for obtaining the disc keys, THEN you could call it "fully cracked", since that would provide the ability to decode without the ability to revoke. As long as the crackers feel the need to prove that they really cracked the DRM by providing all the details of how it was cracked, it can never be "fully cracked".
In hindsight, we may see that the downfall of DRM crackers is the same hubris that brought about the downfall of DRM.... *sigh*
And because of that, when I put my iPod shuffle through the wash I was able to replace it with a good AAC-playing MP3 phone and flip the bird to Steve Jobs. Same thing with these...I want my media in formats I can move around and use to my liking.
I'm not going to pay for the same content twice, ever. And if I can't get my content in a cracked DRM or DRM-free format, I'll just pirate it. That'll show 'em.
Steve Jobs mentioned that iTunes DRM cannot be shared with others since sharing would compromise the integrity of DRM. The DVD DRM was cracked and now the HD-DVD and Blu-Ray are cracked as well. This doesn't mean that DRM is not helping. Even though, the DRMs are cracked, the DMCA protects these cracked DRM systems and prevents commercial products from taking advantage of the cracks. Without the DRMs (even the broken ones) and DMCA, there would have been cheap legal DVD duplicators in the market.
The very fact that they put any sort of lock on it, means you have to pick that lock to get the content. Getting the content isnt illegal (fair use). Picking a lock is (DMCA). They still have the "legal framework" for pursuing copyright violations.
They'd have stuck with CSS, but to attract new investors they needed a "shiney new more unhackable scheme". It's impossible to implement such a scheme without complete control over all the hardware. But, in the end, the very act of protecting the content is, legally, protection enough.
The only good turnout for "us" (the consumer, fair use advocate, or even casual pirate) is if the industry decides it's not worth it to set the lock in the first place.
There was never a doubt that it'd be possible to extract the data.
I don't need no instructions to know how to rock!!!!
Once upon a time I worked at a company encrypting CDs for digital data. This was over ten years ago... We too had a staged security, weak protection on key store, stronger protection on packages and data. We knew that the cost involved in high security was too high, from a functional and complexity cost POV.
First, making the volume information secure, and file content, was pretty pointless because if you had strong security on it, it would be too slow to do anything useful. For the data, you could wait longer, but at the end of the day, all of it was moot because once either catalog or data is decrypted... its there. So, you decrypt on the fly, or use adaptive methods that attempt to hide information, it all leads to...
The Cost of protection geometrically increases to the linear Time to break it.
And in the end, all the protection does is buy you a little bit of time, because for every couple of guys thinking up the next best protection scheme, once it hits the world, you have 100+* the resources trying to break it.
In the end, the best protection we came up with was something everyone hates... a hardware key that imlpemented the decryption, and sell that key with the media. Economically not viable to copy, but still does nothing once unprotected.
/\/\icro/\/\uncher
Everyone talks about the big problem being that you have to give the key to the fellow who's going to watch the movie, but even that understates the difficulties facing DRM schemes.
Recently, I put up a GeoCache puzzle cache. The idea was that folks would have to figure out the puzzle to find out the GPS coordinates of the cache. I was very clever and devious. I was humbled when the thing was found within 6 hours of publication.
How was it done?
To make a long story short, it was a "known plaintext attack." Since I am required to publicize a pair of coordinates somewhere within a couple miles of the cache (to make the geocache site's search engine work correctly - so that folks from New York won't solve the puzzle and get screwed when the cache is 2000 miles away), this lets attackers look for solutions that result in numbers "near" the posted coordinates.
This is what makes movie DRM untenable. Since the format of the disks is publicly known (to insure that UNencrypted disks operate correctly), attackers know that they can discard solutions after decrypting very little of the ciphertext (probably just one byte).
With sufficiently large keys, even that becomes a huge problem, but the fact that the format of the plaintext is known is still a huge advantage for the attackers.
Good thing Intel put in those nice debugging registers that let you dump the contents of SSE registers at arbitrary intervals (e.g. after every SSE operation by the debugged process).
I am TheRaven on Soylent News
You underestimate the problem:
Lots of media/volume/whatever keys are known.
If a new (Windows XP) player arrives, with new title keys, it's decryption function will create the same output.
All you have to do is to look for that output - and you are near the decryption function. Hiding it registers won't help, you might run Windows XP in an emulator, or you could write a kernel driver that generates an insane amount of interrupts and check from every interrupt.
The only thing that might help is to abandon the idea of
- Windows XP software players
- Windows Vista players that play the movie at all if there is a single piece of untrusted software (debugger, performance logging, whatever) or hardware (RDMA capable nic).
The whole tilt-bit and degrade quality stuff won't help - as far as I see the keys are identical, the degradation happens later.
Let's wait what happens.
And the problem with TPM is that you still have access to the hardware. If you've got that and enough time and skill, TPM eventually won't matter, either.
Presumably you don't even need access to the hardware - just emulate all the hardware (including the TPM) and you can poke around at the hardware's innards all you want then.
http://blog.nexusuk.org
"I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not."
Ummm, how about no more new keys for software players. As long as there are software players it seems obvious that it will be possible to reverse engineer what they are doing to shake out the keys. But if the industry decides that SW players are too weak, they simply revoke keys for them and don't issue new ones. The end of software players and the end of the risk.
Now I can buy any format and just rip it to another one, great idea for sure!
My goodness, you're right.
Is there *nothing* that Google can't find an answer for?
-It is more expensive to print out or photocopy most books than it is to buy them.
-Prints are inferior because they are hard to bind well.
-Electronic copies don't appeal to most readers because the display is uncomfortable (though I'm fine with it.)
In the few areas of book publishing where book prices exceed the cost to print up a tolerable copy, or where the original is incovenient to buy, book piracy is common. Most university textbooks and many reference volumes are available online. You can download complete archives of many comic book series.
Piracy aside, book publishers aren't exactly doing well in our economy. What the music industry can do that the book industry has trouble with is convince millions of people they have to own *this CD*, not any other CD. What has music industry execs terrified is the fear that the children who are five years old today will have too many choices available from their PCs in seven years, and they won't enter into the teen music mentality that dominated the late 20th century and trained most adults to keep buying RIAA titles. Restricting choice through DRM or whatever else they can dream up is their only hope.
I think it would look much better arranged thus:
09 F9 11 02
9D 74 E3 5B
D8 41 56 C5
63 56 88 C0
though preferably with a font that won't confuse Ds with 0s, Bs with 8s, Es with Fs, and As with 4s due to fading. Using lowercase letters you only have confusion between bs and 6s:
09 f9 11 02
9d 74 e3 5b
d8 41 56 c5
63 56 88 c0
Then a few variant forms depending on the direction your language traditionally reads, but also allows for other glyphs with less confusion.
(Interesting that there are no As in the key.)
If the key changes, we could refer to this key (and disks encoded with it) with the shorthand FDebDCC, named for the alphabetic hexits in the key. Other keys' alphabetic contributions should be sufficiently random for reference.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
The problem will be that they stop releasing HD players for non-TPM boxes. They will simply drop support, and tell you that if you want to play HD movies, to "upgrade" your hardware to their satisfaction. The only thing that will stop them from doing so is if they realize that the customers are on to them, are specifically avoiding TPM hardware, and that there are enough of them out there that they are cutting into the bottom line in a way that significantly comprimises their long-term market position.
The record companies, for example, are taking the long view of DRM for music: they are willing to wait for the CD to become obsolete while forcing DRM on the next generation (digital distribution), even though forcing DRM on digital distribution severely hampers adoption of digital distribution. The only thing that will change their strategy is if they realize that the market will *never* go digital enough for them to not have to release their content on CD until they drop DRM.
I doubt that the market for non-TPM boxes will be "_HUGE_" enough for the MPAA to abandon their plan to require it unless every-day consumers feel the sting of DRM in their every-day use.
The best way for this to happen is for devices to proliferate the market wich take advantage of the crack-ability of CSS: players that take ripped DVDs, store and organize them, and are as simple and intuitive as Apple products: it has to be an appliance.
...because "hacker" sounds way sexier than "code drone."
The problem is you are confusing analog with digital.
Making analog copies (of a book) is time consuming and impractical.
Making digital copies of a book - like a PDF - is easy and is done all the time. Nobody buy e-books, you just download it for free. Because one person paid for it and decided (conciously or not) to eliminate the profit from any future purchases by making it available to everyone for free.
The problem with digital copies is there will always be someone that is hell-bent on destroying the ability of the original publisher to derive profit from future sales. Happens with software, happens with music and it will be happening more with movies.
Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.
Unless you change the laws of physics it is completely impossible to build a secure TPM chip. TPM is an inconvenience, nothing more, just like DRM. DRM, no matter how implemented, involves supplying the same person with:
a) the ciphertext
b) the plaintext
c) the decryption key
All of those things must be present on the user's system for DRM to work. TPM etc are merely means to try to make it hard for the user to access the key, and they never work. One way of thinking about it is: a TPM chip "hides" certain details inside a little bit of plastic. It is security through obscurity and nothing more, and so long as the chip emits any EM radiation the internal details will ultimately be inferable, although it is doubtful that going so far as reading internal bits via EM fields will be required.
But if it is, we can all take comfort in the fact that Maxwell's equations aren't just a good idea: they're the law.
Blasphemy is a human right. Blasphemophobia kills.
The contract for software players could require that players work just like Firefox... when a new version is found, they automatically and silently download it, and when the player is started the next time, they offer to seamlessly install it for the user. From what I've heard, this may be built in to all/most software players, making it relatively painless to force-upgrade software players at least.
(which would mean that hardware keys are actually more valuable to extract, so maybe that's the hacker community's next step?)
BTW, that sounds like it would be an awesome case mod for all the overclockers out there. Maybe someone at MIT could turn the whole ocean tank at the New England Aquarium into a supercomputer!
We hope your rules and wisdom choke you / Now we are one in everlasting peace
No, but they could very easily put the update on newly released discs....with all the space they have, I think they can spare a few zeros and ones to include software that updates the system.
I wouldn't be suprised if this has already happend at least once or twice.
Living With a Nerd
That put security by obscurity in a very bad light. First of all, there's the "security by non-locateability", if you couldn't find the safe you couldn't break into it. Now, there's two ways of doing this - one is to have a well hidden safe which is using obscurity as an extra safeguard, the other is a hiding place which relies on security by obscurity. Secondly, you have "security by non-reproducability" which is for example custom tripwire systems and the like. Unless you know what it triggers on, you don't know how to avoid it. However, this kind of security is completely moot if you can pick up a similar item on any street corner, pick it apart and see how it works. It also relies on the implementer having a clue and on the attacker only having a limited number of attempts.
Basicly there are many good reasons security by obscurity works when you're trying to guard off a few unique installations like military bases or valuable servers, temporary information like troop movements, covert information like recon capabilities and such. Everything from the classification system to camouflage suits is security by obscurity - you'd be just as dead in a pink bunny suit as army green if the bullet hit you wrong. Hell, even body armor probably counts because it only makes the vunerable parts more obscure to hit.
However, most of all security by obscurity isn't good to hide a system. If I see one military unit moving, it's a small piece of tactical information. If I from that could deduce how every other military unit was moving, it'd be a disaster. Particularly with computers, which you can poke and prod until you've figured out how it'd respond to almost anything. If they try to ban software players (I'd like to see them try when HTPCs, Windows Media Center and FrontRow is taking off), it'd still be picked apart because one break can decrypt every disc since the last break, it's like a jackpot that keeps growing. Right now it's reset and won't start counting again until the keys are revoked. But the higher the number of movies get, the more effort someone will put into it. Even with the most tamper-resistant TPM chip around, I think there'll always be someone...
Live today, because you never know what tomorrow brings
I like Bruce Schneier's aphorism: trying to make bits not copyable is like trying to make water not wet.
Done with slashdot, done with nerds, getting a life.