AACS Device Key Found

henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."

Re:Will they actually do it?

[MightyMartian]

It's a ludicrous game, and the industry has been told that over and over again by security experts. There is simply no way they're going to come up with a DRM scheme that isn't going to make life miserable for the average consumer, and still won't be cracked by someone with patience and know-how to do it. It's a colossal joke on the entertainment industry. They keep pouring money into this crap, and it just keeps getting flushed down the toilet.

Re:Will they actually do it?

[rsmith-mac]

Yes, it's only a software player. Intervideo will work on better hiding the device key, and release a patch for all the current WinDVD8 owners whose players won't be able to play future disks. Breaking a major hardware player is a big deal, however breaking a software player is fairly trivial in the long-run as long as it can be upgraded.

Re:Will they actually do it?

[LackThereof]

But any update will only be a temporary fix. ANY software player will have to put their key in memory at some point while it's running, the new key will be found quickly. And the keys for almost all software players will be found.

Assuming they keep their word, and revoke the keys as they're found, software players will become nearly unusable, with patches every few weeks to update the key, attempt to obfuscate it more, and make it usable with new disks again. If they go that route, it's only a matter of time until software HD-DVD/BR players are permanently blacklisted and cease to exist. Consumers won't like that much. We'll see special cables running from new drives to new video cards, because consumers will not put up with a lack of being able to play HD discs on their computers. And the ones that bought software players will be ROYALLY pissed.

If they let it slide, or just sue the people who found the key in the memory dumps, but do not revoke software player keys there's STILL no way to put the cat back in the bag - HDDVD/BR content protection is finished.

Which way will it go?

Re:Introduction of hardware DRM

[necro2607]

"I'm sure all this cracking of DRM by snooping memory will result in hardware protection being rolled out. Of course it woud need to be in the chipset and CPU."

This is crackable anyways. The original Xbox was cracked by someone building their own data sniffer hardware installed on the system bus. No kidding. People will go to pretty much any length, including hardware modification, to break out of constricting usage limitations (aka DRM)...

key in memory - on some PCs yes

[davidwr]

Within 5-10 years, if DRM is still popular, you will need to have a dongle that does the decrypting of DRM'd materials. The dongle, in conjunction with "protection" circuitry in the video and audio channels, will provide a revocable key between the media player and the video output device.

It will work something like this:

There will be two channels of data, one from the media source to the dongle, and one from the dongle to the playback device.

The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.

The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.

The dongle will be a "black box," protected by hardware features and possibly legal protection: "Tamper with this for the purposes of understanding it and go to jail."

The dongles will be handed out like candy for little or not profit, but they will be revoked individually if any one is compromised. People concerned about privacy and tracking implications will trade dongles or simply buy them by the bucketful.

I don't know if these dongles will be USB dongles or if they will be on a faster bus or maybe even connected directly to the video playback circuitry.

Mark this post, it may prove useful in challenging future dongle patents.

Re:key in memory - on some PCs yes

[rtechie]

Within 5-10 years, if DRM is still popular, you will need to have a dongle that does the decrypting of DRM'd materials.

First off, this isn't even remotely new. Dongles for copy protection are as old as the concept of copy protection. AutoCAD used a dongle. I'm sure there are dozens of other examples. But they haven't been widely implemented for the same reason this won't be. Cost.

It's too expensive to ship a sophisticated $20 part with a pressed disc that costs $1 to make and you're selling for $20. Dongles have only really been used in very expensive software packages for this reason.

Also, the whole content industry is moving to a "download over the Internet" model. Bill Gates was right when he said this is likely to be the last physical format war. Any solution that is not software only is a non-starter in this context.

The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.

If you're going to require an internet connection, what's the point of the dongle? Just make the user verify the key in real time against the server for every play. This would already have been implemented if they thought users would stand for it. They won't.

The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.

This makes no sense. The playback hardware presumably doesn't have encryption capability. If it does, and it has the encryption hardware built in, what is the point of the dongle? You're also expecting a DONGLE to decrypt, encrypt, and transfer HD video in full resolution all in real-time. That's a pretty beefy dongle. See above for the cost issues.

I think it's worth expanding on this point. Do you really understand how sophisticated the dongle you're talking about would have to be? It would have to include a CPU, memory, and storage to do the encryption. And how they're totally useless unless you ship a SEPERATE one attached to EACH video you want to play? The keys have to be individual for each "disc" (or instance of video) and ROM-burned, not flashable. The idea of some sort of "dongle vault" or multikey that allows you to used multiple stored keys is fatally flawed for a vast number of reasons. The most basic being that it would make hacking the dongles extremely attractive.

Now if you're thinking of "embedding" this dongle into the computer itself, it's been done. This is the whole concept of the TPM chip and concerns about it being used for DRM. This solution is also not feasible for any number of reasons.

I don't know if these dongles will be USB dongles

No, it will have to be a proprietary interface. USB is too easy to sniff.

maybe even connected directly to the video playback circuitry.

So users are going to have to crack their case open every time they want to play a video? I think not.

Mark this post, it may prove useful in challenging future dongle patents.

None of this is either novel or practical.

Fortunately, it's still in infancy :)

[alisson]

I know that personally, I refuse to upgrade anything for Blu-Ray or HD-DVD. Even if it weren't for the content 'protection,' what's the real point? Sure, it's nice to put more per disc for PS3 or XB360, but should that really determine the format of movies, or music? The 'truth' that the xxAAs don't understand is that physical medium are on the way out.

So, of course; don't buy them. Tell your friends not to buy the, and spread the word. If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience. Most often they like whet their friends have, they like what they already have, and sometimes? They just follow the pr0n industry (uh oh, did i just predict the HD-DVD?) THe point being, this one is easy to 'nip in the bud.'

Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.