AACS Device Key Found

henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."

Re:Miserable?

[dangitman]

But then, I'm not trying to do something with it that I shouldn't,

So, am I not "supposed" to watch my DVDs on my old TV? The macrovision protection makes the picture nearly unwatchable. The TV is very nice, and does the job well. Why should I have to throw away a perfectly good TV and buy a new one just to watch a DVD? It doesn't make any sense - if I have to buy a new TV, that's less money for me to spend on DVDs, so the copy protection would actually reduce their sales.

Likewise, have you never bought a DVD from another country? If you're not supposed to do that, then why can I buy DVDs from another country? Sure, you can get region-free DVD players, but not everybody has one - and with "RCE" protection, some titles won't even work on some region-free players. And region-free players are technically illegal in some places.

I also like to watch movies but some titles won't let me go straight to the movie, and instead force me to sit through unskippable ads and FBI warnings. I even had one disc that I bought, which made me sit through a quite long lecture about the evils of piracy, telling me how people who copy DVDs are funding terrorism and destroying the industry. Ironically, it was quite simple to make a copy of that DVD, with the anti-piracy ad removed. If they didn't have that unskippable propaganda at the beginning. If I ever get another disc with that ad, I'm going to return it as defective. I paid to watch the movie, not to be lectured by propaganda.

Re:Okay that does it

[flooey]

How many keys are there? Why aren't there just one? What's the difference? IS there any difference?

AACS uses a bunch of different keys in a hierarchical structure. Gradually, the cracks have been revealing keys higher and higher up the food chain. As I understand it, this is a bottom-up description of AACS's key structure:

At the lowest level, every piece of content is encrypted with a Title Key, which is unique to at least an individual title, possibly a particular printing of the title. The original cracks revealed the Title Keys for individual titles one at a time. These can be used to decrypt the content, but don't break the scheme, just the encryption on an individual piece of content.

The Title Key is stored on the actual media, encrypted by the Volume Unique Key, which is unique to a given title.

The Volume Unique Key is the result of a keyed hash of the Volume ID (stored on the media) and a Media Key, which is unique per title.

The Media Key used is generated by combining the Media Key Block (stored on the media) with a key unique to the decrypting device. Each device has a different key, but generates the same Media Key.

I'm not entirely sure why so many keys are used, but that's basically how the scheme works. Previous cracks were based on revealing keys that were title-specific. This one has revealed a device-specific key, which means that until the key is revoked, which would cause all future discs to no longer play on that particular player, any piece of content can be completely decrypted.

Re:Okay that does it

[flooey]

This key doesn't really add anything to what's already done. They could already decrypt every movie by simply sticking it in the player and extracting the key, all this does is make it possible to make a standalone tool to decrypt discs (until they revoke this key, anyway). But if you don't mind breaking the DMCA in the first place, how many would have moral problems getting a copy of WinDVD to extract the key anyway? This really is non-news.

It's more news in that it could make HD content decryption as universally accessible as DVD decryption currently is. A lot of people might want to extract their HD content but not have the know-how or motivation to do anything beyond "download this program, hit start", though it's less news since I've heard there are already programs that will do that using a list of title keys that's periodically updated over the Internet.

Re:Will they actually do it?

[swillden]

Making a key per player copy is infeasible. How would you do that? Basically, every disk would need to have the data encrypted with each player's key. That number would be in the millions.

It's not only feasible, it's exactly what AACS does. Each player has about 500 keys from which it can derive billions more, all structured so that a disk only needs a small number of media keys encrypted with "processing" keys, which the players can derive from the device keys they have. The number of copies of the media key that must be present on each disk is guaranteed to be no more than 2r, where r is the number of individual players that have been revoked. On average, only 1.25r media keys are required.

Though the application is evil, the "subset-difference tree" concept used to make all this work is a very cool bit of math.

Re:Wrong verb tense!

[swillden]

What do you mean, "will result?" It already has resulted in hardware DRM -- if you have Vista and a machine with a TPM, it's already there!

No, actually, it isn't. While the TPM could be used to "seal" the HD-DVD/Blu-Ray player device keys to a given boot state, the decryption of the disk contents would still have to be done using the main processor (TPMs don't do bulk decryption, don't know anything about AACS, and aren't programmable to teach them how to do the AACS key derivation/decryption scheme).

Also, I don't know that Vista is really TPM-aware.

In the near future, it may become the case that if you have (a) Vista + some service pack, (b) a TPM and (c) a processor with hardware virtualization support (Intel VT/AMD-V), then your HD-DVD/Blu-Ray player may run on a separate virtual machine which your main OS has no access to and which you therefore cannot debug, and the TPM may be used to seal the device keys to the particular software in that VM, so that no other piece of software has any reasonable hope of retrieving them.

Collectively, BTW, (a), (b) and (c) above are known as Palladium, aka NGSCB.

Personally, I think it's more likely that your video card may gain an AACS subsystem, so your PC would feed the data stream from the disk to your video card, which will decrypt the data and display it. The video card would then have to have a way to securely transfer the audio stream to your sound card. Or maybe your sound and video card will negotiate secure data connections to your HD-DVD-ROM drive and the drive would do the AACS stuff and feed it securely to your output devices, so that your main processor never gets to see an unencrypted copy.

There are ways to make software players more secure, but a TPM alone is insufficient, unless the OS is airtight, unhackable/modifiable even by the administrator. Given Microsoft's track record with making an OS unhackable by random people around the world with no privileges on the box at all, I don't think that's going to happen.