Slashdot Mirror
HD-DVD and Blu-Ray Protections Fully Broken
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
Can this be fixed by revoking a player key? Or is this a more extensive breach like what happened with DECSS? Will this work on all future discs, or does it just work on the discs that are currently being produced?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
So what is the industry's response to all this? Can they deal with the problem without breaking every DVD player in existence? Is the encryption completely symmetric? Can they start releasing DVDs with new keys, without creating a situation where some DVD players can read old dics, and others can read new ones? Are different keys used in Europe, U.S., etc.?
Find free books.
Now we get to see how effective the key revocation system (that forms part of aacs) is going to be.
Should be interesting...
Ian Ameline
The same method used to acquire this key can be used to acquire future keys. All it takes is one determined hacker willing to rifle through his memory addresses for the key.
I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not.
And because of that, when I put my iPod shuffle through the wash I was able to replace it with a good AAC-playing MP3 phone and flip the bird to Steve Jobs. Same thing with these...I want my media in formats I can move around and use to my liking.
I'm not going to pay for the same content twice, ever. And if I can't get my content in a cracked DRM or DRM-free format, I'll just pirate it. That'll show 'em.
Steve Jobs mentioned that iTunes DRM cannot be shared with others since sharing would compromise the integrity of DRM. The DVD DRM was cracked and now the HD-DVD and Blu-Ray are cracked as well. This doesn't mean that DRM is not helping. Even though, the DRMs are cracked, the DMCA protects these cracked DRM systems and prevents commercial products from taking advantage of the cracks. Without the DRMs (even the broken ones) and DMCA, there would have been cheap legal DVD duplicators in the market.
Once upon a time I worked at a company encrypting CDs for digital data. This was over ten years ago... We too had a staged security, weak protection on key store, stronger protection on packages and data. We knew that the cost involved in high security was too high, from a functional and complexity cost POV.
First, making the volume information secure, and file content, was pretty pointless because if you had strong security on it, it would be too slow to do anything useful. For the data, you could wait longer, but at the end of the day, all of it was moot because once either catalog or data is decrypted... its there. So, you decrypt on the fly, or use adaptive methods that attempt to hide information, it all leads to...
The Cost of protection geometrically increases to the linear Time to break it.
And in the end, all the protection does is buy you a little bit of time, because for every couple of guys thinking up the next best protection scheme, once it hits the world, you have 100+* the resources trying to break it.
In the end, the best protection we came up with was something everyone hates... a hardware key that imlpemented the decryption, and sell that key with the media. Economically not viable to copy, but still does nothing once unprotected.
/\/\icro/\/\uncher
Everyone talks about the big problem being that you have to give the key to the fellow who's going to watch the movie, but even that understates the difficulties facing DRM schemes.
Recently, I put up a GeoCache puzzle cache. The idea was that folks would have to figure out the puzzle to find out the GPS coordinates of the cache. I was very clever and devious. I was humbled when the thing was found within 6 hours of publication.
How was it done?
To make a long story short, it was a "known plaintext attack." Since I am required to publicize a pair of coordinates somewhere within a couple miles of the cache (to make the geocache site's search engine work correctly - so that folks from New York won't solve the puzzle and get screwed when the cache is 2000 miles away), this lets attackers look for solutions that result in numbers "near" the posted coordinates.
This is what makes movie DRM untenable. Since the format of the disks is publicly known (to insure that UNencrypted disks operate correctly), attackers know that they can discard solutions after decrypting very little of the ciphertext (probably just one byte).
With sufficiently large keys, even that becomes a huge problem, but the fact that the format of the plaintext is known is still a huge advantage for the attackers.
Good thing Intel put in those nice debugging registers that let you dump the contents of SSE registers at arbitrary intervals (e.g. after every SSE operation by the debugged process).
I am TheRaven on Soylent News
You underestimate the problem:
Lots of media/volume/whatever keys are known.
If a new (Windows XP) player arrives, with new title keys, it's decryption function will create the same output.
All you have to do is to look for that output - and you are near the decryption function. Hiding it registers won't help, you might run Windows XP in an emulator, or you could write a kernel driver that generates an insane amount of interrupts and check from every interrupt.
The only thing that might help is to abandon the idea of
- Windows XP software players
- Windows Vista players that play the movie at all if there is a single piece of untrusted software (debugger, performance logging, whatever) or hardware (RDMA capable nic).
The whole tilt-bit and degrade quality stuff won't help - as far as I see the keys are identical, the degradation happens later.
Let's wait what happens.
"I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not."
Ummm, how about no more new keys for software players. As long as there are software players it seems obvious that it will be possible to reverse engineer what they are doing to shake out the keys. But if the industry decides that SW players are too weak, they simply revoke keys for them and don't issue new ones. The end of software players and the end of the risk.
The problem is you are confusing analog with digital.
Making analog copies (of a book) is time consuming and impractical.
Making digital copies of a book - like a PDF - is easy and is done all the time. Nobody buy e-books, you just download it for free. Because one person paid for it and decided (conciously or not) to eliminate the profit from any future purchases by making it available to everyone for free.
The problem with digital copies is there will always be someone that is hell-bent on destroying the ability of the original publisher to derive profit from future sales. Happens with software, happens with music and it will be happening more with movies.
Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.
Unless you change the laws of physics it is completely impossible to build a secure TPM chip. TPM is an inconvenience, nothing more, just like DRM. DRM, no matter how implemented, involves supplying the same person with:
a) the ciphertext
b) the plaintext
c) the decryption key
All of those things must be present on the user's system for DRM to work. TPM etc are merely means to try to make it hard for the user to access the key, and they never work. One way of thinking about it is: a TPM chip "hides" certain details inside a little bit of plastic. It is security through obscurity and nothing more, and so long as the chip emits any EM radiation the internal details will ultimately be inferable, although it is doubtful that going so far as reading internal bits via EM fields will be required.
But if it is, we can all take comfort in the fact that Maxwell's equations aren't just a good idea: they're the law.
Blasphemy is a human right. Blasphemophobia kills.
The contract for software players could require that players work just like Firefox... when a new version is found, they automatically and silently download it, and when the player is started the next time, they offer to seamlessly install it for the user. From what I've heard, this may be built in to all/most software players, making it relatively painless to force-upgrade software players at least.
(which would mean that hardware keys are actually more valuable to extract, so maybe that's the hacker community's next step?)
No, but they could very easily put the update on newly released discs....with all the space they have, I think they can spare a few zeros and ones to include software that updates the system.
I wouldn't be suprised if this has already happend at least once or twice.
Living With a Nerd
I like Bruce Schneier's aphorism: trying to make bits not copyable is like trying to make water not wet.
Done with slashdot, done with nerds, getting a life.