Slashdot Mirror
HD-DVD and Blu-Ray Protections Fully Broken
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
In five years, when I finally buy into HD television and content, there should be an assload of free content out there to download.
Blar.
The time has come to make the upgrade.
I wish Jon Johansen would have done it so he could be called HD-DVD Jon, or maybe Blu-Ray Jon.
In a world of acronyms, the words are the real victims.
years to create, weeks to break- sounds about right.
It puts a smile on my face knowing that a small group of unpaid media hackers are able to crack the AACS encryption scheme what tooks many developers and millions in R&D to create, in just a few short weeks.
Vista Help Forum
Windows Vista Help Forum
DRM is fundamentally broken by design. Ciphers of this kind rely on the attacker not getting hold of the key. At the same time, the recipient needs the key to get the data. I can never work because the attacker is the same person as the recipient.
In effect, DRM is security through obscurity.
How much longer will we have to put up with this crap before the media companies realise this and stop inconveniencing their customers and wasting our money and time as well as their own?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Exactly.
Error 001
Security Scan and Virus Detection do not work with your operating system.
After reading through the article I must conclude that while the author has made decoding current discs easier, AACS has NOT been "fully cracked". The key embedded in the current software may be expired in the future, rendering this method useless for discs produced after that expiration.
I'm not saying that this isn't a nice event, but we have further work to do.
When will the media industry learn that DRM strategies simply don't work?
As soon as you can see or hear it, it is then possible to duplicate it. No amount of copy protection will ever be able to prevent that short of preventing consumers from accessing the material altogether.
Learn to trust your consumers a little and focus on adding value to the material, and then people will buy your content. It might also help to provide some flexibility in the content licensing model, maybe giving people the option to upgrade DVD discs to HD-DVD for the same content may encourage them to continue buying media.
Eric Sarjeant
eric[@]sarjeant.com
Can this be fixed by revoking a player key? Or is this a more extensive breach like what happened with DECSS? Will this work on all future discs, or does it just work on the discs that are currently being produced?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
It all starts here: http://forum.doom9.org/showthread.php?t=121866&pag e=6
Later posts seem to confirm that it works for both BR and HD-DVD
So what is the industry's response to all this? Can they deal with the problem without breaking every DVD player in existence? Is the encryption completely symmetric? Can they start releasing DVDs with new keys, without creating a situation where some DVD players can read old dics, and others can read new ones? Are different keys used in Europe, U.S., etc.?
Find free books.
Now we get to see how effective the key revocation system (that forms part of aacs) is going to be.
Should be interesting...
Ian Ameline
I've said before, "safemaker, safebreaker."
Hollywood gets ONE move in the game: "Protecting" the content.
The rest of the world gets as many moves as it wants to get around the ConsumerRightsArentPermitted.
So Hollywood does everything it can to make itself hated by its customers and still expects to WIN this game?
I think they've made a mistake by breaking it too early. They should have waited until it was much more widespread. Then again, I would imagine it is psychologically virtually impossible to sit on a "breakthrough" like that.
... there are developers clever enough to lie to the media companies that this can be done, and then get paid to do it over and over again. :) I kinda like the idea :) :) :)
from the open-season dept.
Of all the movies to pirate, why'd Zonk have to choose that one?!?
This guy's the limit!
...As most people know is that you're trying to copy protect an inherently open media format. Even in theory it's very difficult to copy protect media in a widely open, public format.
Until vastly different technology is available 20 or 30 years down the road, all that DRM is going to amount to doing is preventing the 'average joe' from copying en-mass. They just have to make it difficult enough for the casual user to be deterred from copying the content. Look at the copy protection scheme on the iPod - it's basically useless, but it prevents grandma from copying bulk amounts on content. It's like how photocopiers are not a danger to printed media, as it's just 'too' difficult to walk up to a copier and copy things on mass. The industry just has to make it hard enough to deter joe user.
The real problem for the recording industry comes in when now people are getting more and more saavy at copying content, and it's becoming more and more common place, and digital media sharing is now common place and digital media is now common place in the living room now. 10 years ago MP3's were just making there way on the scene and basically only very saavy users knew what an MP3 was, let alone what to do with it. What happens when 10 years from now mobile HD video players are just as common as MP3 players, and your average iPod video has a half a TB of flash storage? Copying (High-Def) DVD's at that point will be common place like MP3's are relatively common place now.
It's funny, the whole DRM thing really seemed to come on strong after Napster was busted. In an effort to thwart the hackers and file sharing people this DRM thing kicked into high gear, yet these groups of people are probably the most savvy and creative buggers out there. The only people this DRM crap will ultimately hurt is the record/movie companies because the average Joe will just get frustrated when his new $40 HD-DVD doesn't play and gives an error of "unauthorized copy" or some crap and go off and not buy stuff any more. The hackers, I am sure, welcome the challenge and probably truly enjoy this cat and mouse game.
New DRM protection methods are now in the works which were cracked last week.
The original generic sig.
One key thing to take away from this is that the authors of the software made it really easy to pull the device keys out of memory for two reasons
- They kept them in variables that were physically near the variables for the volume key
- They zero-ed them out after use, leaving big gaping holes of zeros in memory in a place where that kind of looked funny, drawing attention to those areas
If they are smart (and if the MPAA even give them another chance), the powerdvd/windvd authors will reimplement their AACS decryption code to never store the keys in memory. Without double-checking, I believe the keys are only 128 bits, they could be loaded into the SSE registers in encrypted form and then decrypted on chip. The authors will still need to take measures to prevent an OS context switch from storing the registers in kernel-private memory during the period in which the device keys are present, but that is not an extended period of time, presumably they can kick their priority up high enough that it won't happen without hurting the system much.Even that approach isn't hack-proof, but it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.
When information is power, privacy is freedom.
yes, we're all laughing because this outcome was obvious to the slashdot crowd years ago. however, the people really laughing are the blokes who sell this drm technology to the MPAA/ RIAA
why laugh at them when you can steal their money?
we need a committee of slashdot readers to compile a list of buzzwords and concerns of the RIAA/ MPAA, and then sell them some technovoodoo that doesn't protect them in any way whatsoever (nothing can, obviously), but continues the RIAA's/ MPAA's illusion that drm can or ever will work
give them their false security blanket, steal their money outright, and then continue to rip them off and drive into extinction the antiquated notion of corporate media distribution channel ownership
they need us, we don't need them. make that point explicit by bleeding them dry via all possible avenues
win win! idiots
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
People still buy books, including audio books and eBooks, even though photocopier exist.
I think the recording and motion picture industries need to look at why, and follow that lead. Instead of millions in copy protection R&D, why not spend millions to improve the product? Make the product something people liked owning. (Notice how libophiles obsess over the actual tangible book?).
The one really viable way to control it would be to mandate that all players have an internet connection and it verify the purchaser has rights to the media before playing it. Of course if people have good high speed connections to the internet there's no reason to buy the physical media, which they recording and motion picture industries simply can't abide with.
I'm a fiscal conservative, it's a pity we don't have a political party anymore
After reading through the article I must conclude that while the author has made decoding current discs easier, AACS has NOT been "fully cracked". The key embedded in the current software may be expired in the future, rendering this method useless for discs produced after that expiration.
In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?
Don't forget: the people who buy those already had to put up with paying premium for a HDTV, expensive players, and also make sure the TV, cable and player play together through HDMI.
If you start demanding they are hooked non-stop to Internet so they can receive the daily patches, it may just be the thing crossing the line of tolerance.
Also: the hard part is retrieving keys from pure hardware. The new keys come as firmware updates over the network.. it's even easier to update those HD-DVD/BlueRay rippers. After all, you have even the keys they encrypted the patches with: you have the player, don't you.
All in all, the "super morphing update" ability of AACS seems more like a way for the AACS developers to claim "the war it's not over", when it effectively is over.
Companies will refuse to use the new keys for their disks, since they will be incompatible with plenty of the players out there, the AACS creators will whine a bit about how "they could fix it but they don't wanna, not our fault", and this is where it'll end.
And because of that, when I put my iPod shuffle through the wash I was able to replace it with a good AAC-playing MP3 phone and flip the bird to Steve Jobs. Same thing with these...I want my media in formats I can move around and use to my liking.
I'm not going to pay for the same content twice, ever. And if I can't get my content in a cracked DRM or DRM-free format, I'll just pirate it. That'll show 'em.
The format war is over! We win!
Steve Jobs mentioned that iTunes DRM cannot be shared with others since sharing would compromise the integrity of DRM. The DVD DRM was cracked and now the HD-DVD and Blu-Ray are cracked as well. This doesn't mean that DRM is not helping. Even though, the DRMs are cracked, the DMCA protects these cracked DRM systems and prevents commercial products from taking advantage of the cracks. Without the DRMs (even the broken ones) and DMCA, there would have been cheap legal DVD duplicators in the market.
The very fact that they put any sort of lock on it, means you have to pick that lock to get the content. Getting the content isnt illegal (fair use). Picking a lock is (DMCA). They still have the "legal framework" for pursuing copyright violations.
They'd have stuck with CSS, but to attract new investors they needed a "shiney new more unhackable scheme". It's impossible to implement such a scheme without complete control over all the hardware. But, in the end, the very act of protecting the content is, legally, protection enough.
The only good turnout for "us" (the consumer, fair use advocate, or even casual pirate) is if the industry decides it's not worth it to set the lock in the first place.
There was never a doubt that it'd be possible to extract the data.
I don't need no instructions to know how to rock!!!!
We have the ability to copy books. Why do we not do that? Because books are cheap enough that it does not pay. Authors can still make a pile of money. Every other industry has went thru this phase. Content has to get less expensive, executives have to be reduced in number, pay cuts happen, then the industry can grow again. Resorting to DRM in any form, will be unsuccessful because, technology will overcome. The first company to recognize this, restructure appropriately, price appropriately, will win. Same as with book, computers, cars, even washing machines. My .02
Rod
Once upon a time I worked at a company encrypting CDs for digital data. This was over ten years ago... We too had a staged security, weak protection on key store, stronger protection on packages and data. We knew that the cost involved in high security was too high, from a functional and complexity cost POV.
First, making the volume information secure, and file content, was pretty pointless because if you had strong security on it, it would be too slow to do anything useful. For the data, you could wait longer, but at the end of the day, all of it was moot because once either catalog or data is decrypted... its there. So, you decrypt on the fly, or use adaptive methods that attempt to hide information, it all leads to...
The Cost of protection geometrically increases to the linear Time to break it.
And in the end, all the protection does is buy you a little bit of time, because for every couple of guys thinking up the next best protection scheme, once it hits the world, you have 100+* the resources trying to break it.
In the end, the best protection we came up with was something everyone hates... a hardware key that imlpemented the decryption, and sell that key with the media. Economically not viable to copy, but still does nothing once unprotected.
/\/\icro/\/\uncher
Everyone talks about the big problem being that you have to give the key to the fellow who's going to watch the movie, but even that understates the difficulties facing DRM schemes.
Recently, I put up a GeoCache puzzle cache. The idea was that folks would have to figure out the puzzle to find out the GPS coordinates of the cache. I was very clever and devious. I was humbled when the thing was found within 6 hours of publication.
How was it done?
To make a long story short, it was a "known plaintext attack." Since I am required to publicize a pair of coordinates somewhere within a couple miles of the cache (to make the geocache site's search engine work correctly - so that folks from New York won't solve the puzzle and get screwed when the cache is 2000 miles away), this lets attackers look for solutions that result in numbers "near" the posted coordinates.
This is what makes movie DRM untenable. Since the format of the disks is publicly known (to insure that UNencrypted disks operate correctly), attackers know that they can discard solutions after decrypting very little of the ciphertext (probably just one byte).
With sufficiently large keys, even that becomes a huge problem, but the fact that the format of the plaintext is known is still a huge advantage for the attackers.
Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.
Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.
The MPAA can revoke the processing key, but quoting from the forum:
Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.
Essentially, it becomes a known-plaintext attack.
Not a typewriter
Web Developers and Web Content-Maker-Guys YEARS ago gave the "no right click" a try. We quickly learned that if some one wants the content off the web site, they will get it, so there is no use in trying to introduce barriers that only hurt the casual user. You don't see "no-right-click" scripts anymore, but we are still producing tons of content for the web. Much of it copyrighted, and mostly the copyright honored.
I can't help but see this as a parent who is all too restrictive with thier child, leading the child into endless rebelion that would have been avoided if moderation was used instead of a billy club.
insight through the mind
Studios have put millions of $'s into this, and it is broken, the real protection is in file size. Imagine a 200+ gig movie, uncompressed with full DTS EX and DDHD, commentary and everything else that you could want. Now imagine trying to download that movie over the course of a few weeks or months, if your ISP allows that kind of transfer. The data rate should be high that modern computers stutter and playback is jerky. Compressing it down to a managable size would be defeating the idea of watching HD. This would suffice for today and maybe even a few years. Protection is in "an unmanagable file size" and "data transfer rate", for now.
"I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not."
Ummm, how about no more new keys for software players. As long as there are software players it seems obvious that it will be possible to reverse engineer what they are doing to shake out the keys. But if the industry decides that SW players are too weak, they simply revoke keys for them and don't issue new ones. The end of software players and the end of the risk.
Now I can buy any format and just rip it to another one, great idea for sure!
Now it's time to print up all those T-Shirts with the Processing Key:
;)
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0...
Available for just $19.95
Seven puppies were harmed during the making of this post.
There is a reason for DRM, even if it inherently flawed in design: to keep the average Joe buying your stuff. If they stop fighting completely, you'll end up with a flopped industry. The bigger the investment they put into DRM, the more returns they get from sales, because not everyone is computer literate. The more technical they make their schemes, the more people they get buying their product instead of stealing it. Gross value goes up, even if net stays the same. Lawsuits and copyright protection are designed to scare the AVERAGE consumer away from illegal activity and narrow the possible copyright infringement targets down to a manageable size, so they can treat it exactly like cops treat druggies: go for the dealers. Copyright protection in some form or another will never die out, because if it does, a larger percentage of the population will steal the product and it will cease being a manageable problem for them.
-It is more expensive to print out or photocopy most books than it is to buy them.
-Prints are inferior because they are hard to bind well.
-Electronic copies don't appeal to most readers because the display is uncomfortable (though I'm fine with it.)
In the few areas of book publishing where book prices exceed the cost to print up a tolerable copy, or where the original is incovenient to buy, book piracy is common. Most university textbooks and many reference volumes are available online. You can download complete archives of many comic book series.
Piracy aside, book publishers aren't exactly doing well in our economy. What the music industry can do that the book industry has trouble with is convince millions of people they have to own *this CD*, not any other CD. What has music industry execs terrified is the fear that the children who are five years old today will have too many choices available from their PCs in seven years, and they won't enter into the teen music mentality that dominated the late 20th century and trained most adults to keep buying RIAA titles. Restricting choice through DRM or whatever else they can dream up is their only hope.
I have paid for every single DVD I own. No good deed goes unpunished, I am repeatedly subjected to unskippable previews, FBI warnings, commentary disclaimers and the same fscking flying logo and equally annoying jingle at 4 places before actually getting to the content I purchased. If I were stupid enough to buy into HD/BR I additionally lose my control over the resolution I want. This isn't about Imaginary Property rights, it's about THEIR control of MY property.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
The problem will be that they stop releasing HD players for non-TPM boxes. They will simply drop support, and tell you that if you want to play HD movies, to "upgrade" your hardware to their satisfaction. The only thing that will stop them from doing so is if they realize that the customers are on to them, are specifically avoiding TPM hardware, and that there are enough of them out there that they are cutting into the bottom line in a way that significantly comprimises their long-term market position.
The record companies, for example, are taking the long view of DRM for music: they are willing to wait for the CD to become obsolete while forcing DRM on the next generation (digital distribution), even though forcing DRM on digital distribution severely hampers adoption of digital distribution. The only thing that will change their strategy is if they realize that the market will *never* go digital enough for them to not have to release their content on CD until they drop DRM.
I doubt that the market for non-TPM boxes will be "_HUGE_" enough for the MPAA to abandon their plan to require it unless every-day consumers feel the sting of DRM in their every-day use.
The best way for this to happen is for devices to proliferate the market wich take advantage of the crack-ability of CSS: players that take ripped DVDs, store and organize them, and are as simple and intuitive as Apple products: it has to be an appliance.
...because "hacker" sounds way sexier than "code drone."
Why won't I buy the $200.00 HDDVD player from MicroSoft?
Well, I've said it before, and it bears repeatin'...
I'll buy new content when those ASS-WIPES in Hollyweird stop putting advertisements in front of the movies on DVDs! GODDAMN, I'm SICK of wading through bullshit ads for movies that stopped playing in theatres years ago when I watch an old DVD.
Pull out your Matrix DVD or your 2001: A Space Odyssey DVD and insert it into your DVD player or PS2. What happens? THE MOVIE starts to play, doesn't it?
Now try that with any DVD you bought in the last three or four years. Pisses you off, doesn't it? Yeah, me too.
They can KISS MY ASS! Even though I'm not buying their HD disks I'm still laughing my ass off at this and looking forward to more penetrations of their security. (Hey, this is Slashdot. We gotta' have pron! Just not HD Pron. Pimples and hairs where they shouldn't be. YEECH!)
We have always been at war with Eurasia!
This is the real story here. Mod parent up.
Essentially, what he is saying is this: while the crack is temporary, the method of attack is unassailable under the current model.
That's whats important here. If keys get revoked, its a trivial matter to go get them again. The hard work has been done. Now all you have to do is follow procedures and -voila- you can crack AACS too.
Despite other comments on this board, AACS IS cracked.
Unless the Wikipedia article is horribly wrong, or I'm misreading that, I'm pretty sure that's not a known-plaintext attack. Known-plaintext attacks (again, assuming Wikipedia is correct; IANAC) use the ciphertext and its known plaintext to derive the information necessary to decrypt further data encrypted the same way; in this case, the processing key. It'd be a known-plaintext attack if they used a C value decrypted with the old key and the same C value encrypted with the new key to get the new processing key. The method that person proposed is much easier, instead relying on the fact that the memory location the key is stored in is unlikely to change, as it is of a fixed size and as a result only needs memory allocated for it once.
Of course, there's nothing stopping them from simply moving the key around each time, however then you merely need to find the location that the pointer to the key's location is stored to defeat that. They could also pile on more layers of obscurity of a wide variety of types in order to protect the ones below them, but they'll merely delay the inevitable, like all DRM, as you have no way of knowing if a customer could be a possible attacker and thus must allow everyone access to the content.
Speaking of Apple products, have you ever wondered why iTunes can't rip DVDs just like it does with CDs? It's due to a thing called the DMCA, which makes it illegal for Apple to provide such a function regardless of how technologically easy (and valuable for Apple) it would be to do. And that's why we'll never see what you suggest happen -- at least, not as long as the DMCA still stands.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
AACS/CSS/Security through telling people "don't do that" is trivial to implement, for as good as you can possibly get it (fundamental flaw in the design) and they STILL managed to fuck it up.
Basic concept: Encrypt a disk with a key that only the player has. If the player key is compromised, all disks are cracked.
"fix" #1: Encrypt the disk content a random key, encrypt that disk thousands of times with a library of pre-generated keys. Assign each player a key, quit putting that key on the disk when it's found to be compromised. Of course, you now have to re-encrypt thousands of keys for every title released, leading to possible exposure of the master database.
"fix the fix": Randomly create a single "production key", encrypt it with every player key, and give the 'blob' to every HD-DVD production facility. Now exposure is limited to one key that can be changed without exposing the master keylist.
Except someone was terminally lazy, and only did it ONCE. So EVERYONE USES THE SAME PRODUCTION KEY. Way to go! If you gave each studio their own, then compromises would be limited to a single studio's works (that were produced before the key was changed).
Worse, you introduce an attack vector to your management that effectively hides it's origin. Any hardware or software player could be compromised, or you could have an inside leak of the key. As long as the exploiter doesn't say "I got this key from Sony's HD-501 player" you have no idea how they aquired it. Basically, they completely and utterly shat on the key-revocation scheme, with no possible solution.
Whoops.
Dear MPAA: Please contact me before starting your next hairbrained content protection scheme. You can pay me millions rather then billions and I'll give you one that's not so embarassingly horrible. I'm no cryptogropher, but goddamn, it's not like you hired any security people for anything you've done yet anyway.
The IRS perfected it years ago... Ive been trying to decode my goddam tax return for the past two weeks and I still cant crack it.
We should just let them handle music distribution... "Put the song title from box 34 into this box, but only on a leap year that ends in an odd number...."
I have paid for every single DVD I own.
Me too, every one.
Usually in spindles of 100.
Which is the oposite effect from the one the RIAA claims to want:
Meanwhile:
I don't see how this adds up to "90% of the goodness", nor how it amounts to "5% of the annoyance".
More like 90% of the annoyance for 5% of the benefits.