Slashdot Mirror
AACS Device Key Found
henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."
It's a ludicrous game, and the industry has been told that over and over again by security experts. There is simply no way they're going to come up with a DRM scheme that isn't going to make life miserable for the average consumer, and still won't be cracked by someone with patience and know-how to do it. It's a colossal joke on the entertainment industry. They keep pouring money into this crap, and it just keeps getting flushed down the toilet.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Yes, it's only a software player. Intervideo will work on better hiding the device key, and release a patch for all the current WinDVD8 owners whose players won't be able to play future disks. Breaking a major hardware player is a big deal, however breaking a software player is fairly trivial in the long-run as long as it can be upgraded.
I'm sure all this cracking of DRM by snooping memory will result in hardware protection being rolled out. Of course it woud need to be in the chipset and CPU.
Of course such restrictions would make debugging your own programs harder if it was always on.
I think the time has come for to give up on encryption and move to plan B, and no they don't mean plan A + panic, they mean they will be forced to randomly post armed gaurds on customers DVD player's.
Sure it will be somewhat inconvienient and more expensive for customers, but that's the price they are choosing to pay when they turn a blind eye to piracy.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Now we go one baby-step down the path where debugging tools like the ones used by these "hackers","pirates", and "anti-establishmentarians" require a license to own and use, because tools like this can apparently cause more damage to our society than an unlicensed firearm can do in a school...
From The Right To Read:
--jeffk++
ipv6 is my vpn
But any update will only be a temporary fix. ANY software player will have to put their key in memory at some point while it's running, the new key will be found quickly. And the keys for almost all software players will be found.
Assuming they keep their word, and revoke the keys as they're found, software players will become nearly unusable, with patches every few weeks to update the key, attempt to obfuscate it more, and make it usable with new disks again. If they go that route, it's only a matter of time until software HD-DVD/BR players are permanently blacklisted and cease to exist. Consumers won't like that much. We'll see special cables running from new drives to new video cards, because consumers will not put up with a lack of being able to play HD discs on their computers. And the ones that bought software players will be ROYALLY pissed.
If they let it slide, or just sue the people who found the key in the memory dumps, but do not revoke software player keys there's STILL no way to put the cat back in the bag - HDDVD/BR content protection is finished.
Which way will it go?
Legalize recreational marijuana. Seriously.
Within 5-10 years, if DRM is still popular, you will need to have a dongle that does the decrypting of DRM'd materials. The dongle, in conjunction with "protection" circuitry in the video and audio channels, will provide a revocable key between the media player and the video output device.
It will work something like this:
There will be two channels of data, one from the media source to the dongle, and one from the dongle to the playback device.
The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.
The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.
The dongle will be a "black box," protected by hardware features and possibly legal protection: "Tamper with this for the purposes of understanding it and go to jail."
The dongles will be handed out like candy for little or not profit, but they will be revoked individually if any one is compromised. People concerned about privacy and tracking implications will trade dongles or simply buy them by the bucketful.
I don't know if these dongles will be USB dongles or if they will be on a faster bus or maybe even connected directly to the video playback circuitry.
Mark this post, it may prove useful in challenging future dongle patents.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That's a good point ... of course, if you make modifications of sufficient magnitude to frustrate existing decryption tools, odds are you just created a whole new set of security holes. Those will also be found. Also, like CSS before it, the technology will have to be implemented by every video hardware and software maker on the planet (well, in China anyway) and sooner or later the details will get out. Furthermore, if (and it's currently a big "if" given the childlike manner this whole media war is being played out by the likes of Sony, Microsoft and the rest) either HD-DVD or Blu-Ray actually does take off and manage to replace the DVD, they'll find themselves in the same situation they were in with CSS. Not that it matters: as the MPAA has admitted the goal is to keep the bar high enough that the vast majority of consumers have no way to bypass the DRM. There's a certain acceptance by these people that there will always be a some degree of infringement going on, they just don't want it too widespread.
Ultimately, the only real way to protect content is going to have remote-controlled content-monitoring LCD shutters surgically implanted in everyone's eyes as soon as they are old enough to enjoy TV (and these creeps would do just that if they could get away with it.) Anything else will be circumvented sooner or later, which they know perfectly well. It's also why the content companies are pushing so damned hard to export US/EU-style IP law around the world and have copyright infringement treated as a heinous crime akin to murder. Once the cops (everywhere) are accustomed to treating copyright infringers as serious criminals, the MPAA and their ilk are hoping and praying that people won't do it anymore.
I think they will be disappointed. I hope they will. There aren't enough jails to hold everyone that ever violated a copyright, or exercised fair-use rights in countries that support them.
The higher the technology, the sharper that two-edged sword.
Good luck playing that DVD overseas. Good luck playing that DVD in Linux. Good luck with your new fancy disks if your player gets revoked. And all of this while the people who really ARE doing things they shouldn't are just double-clicking their unrestricted .avi file.
I don't think this is as good as you think it is. I'm all for breaking DRM (and was extremely pleased when they broke the AACS process key), but I think releasing a player key was a BAD idea. I'm betting the MPAA's logic in regards to this will look like one of these two:
- WinDVD is not handling its device key in a secure manner
- WinDVD cannot be trusted
- WinDVD won't be getting another player key
Or even worse:
- WinDVD did its best to protect its device key
- It's impossible to protect a device key in a program that people can reverse-engineer [true]
- We'd better not allow any software to read AACS-protected content
Although this may all be moot anyway, as they can extract future process keys with relatively little effort (though it'll be a lot more effort if hackers have to break hardware systems instead of software).
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
Revocation, obfuscation, TPM chips, hardware tricks ? Whatever, DRM is provably insecure.
I know that personally, I refuse to upgrade anything for Blu-Ray or HD-DVD. Even if it weren't for the content 'protection,' what's the real point? Sure, it's nice to put more per disc for PS3 or XB360, but should that really determine the format of movies, or music? The 'truth' that the xxAAs don't understand is that physical medium are on the way out.
So, of course; don't buy them. Tell your friends not to buy the, and spread the word. If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience. Most often they like whet their friends have, they like what they already have, and sometimes? They just follow the pr0n industry (uh oh, did i just predict the HD-DVD?) THe point being, this one is easy to 'nip in the bud.'
Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.
If you're trying to demonstrate that DRM is futile waste of energy, it's in your best interests to release as early as possible.
Releasing an exploit a couple of years after the technology is first released gives people the impression that the DRM was "good" for those two years. On the other hand, releasing the exploit a week later drives home the point that the copy-protection racket is selling nothing but snake oil.
http://outcampaign.org/
They dont care about software players, people those people can always download a new "security fix" and not even know the difference. What we need is to have the keys for the most popular hardware players to be released, after there is widespread adoption.
I fear the Y2038 bug
You're not owed a damned thing. We own the discs. We'll reverse engineer them. This is the way the universe works. You don't get a say in what we do with things that we buy. Your connection to my home is not welcome.
And I believe player pianos were supposed to break musical profits. and TV was supposed to break movies' business model. and cassettes were supposed to destroy record companies. And Valenti compared VCRs to the Boston Strangler. And music and movie downloads are supposed to break the RIAA and MPAA members. Both outfits are making more money today than they did last year, and the year before.
You are wrong. And you've bought laws to invade our lives and put grandmothers in prison. The least we can do is break your balls, over and over and over.
and please, do, go out of business.