Slashdot Mirror
AACS Device Key Found
henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."
Will they actually do it?
Will they actually revoke these software players from all new disks?
Its time for them to put their money where their mouth is and actually block access to these broken players.
If they allow it to continue, all their movies will be piratable (insert oh noes! here).
I wonder how pissed off people will be if they can't play their new movies?
liqbase
I'm sure all this cracking of DRM by snooping memory will result in hardware protection being rolled out. Of course it woud need to be in the chipset and CPU.
Of course such restrictions would make debugging your own programs harder if it was always on.
I think the time has come for to give up on encryption and move to plan B, and no they don't mean plan A + panic, they mean they will be forced to randomly post armed gaurds on customers DVD player's.
Sure it will be somewhat inconvienient and more expensive for customers, but that's the price they are choosing to pay when they turn a blind eye to piracy.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
This was only a matter of time.
You can't sell a product with a "secret" key inside it to tech-savvy consumers and expect it to remain secret for any extended period of time.
It just won't work. It's time for this incovenience to end (not that it will).
Legalize recreational marijuana. Seriously.
Narrator: In A.D. 2007, war was beginning.
....
MPAA: What happen ?
RIAA: Somebody set up us the bomb.
RIAA: We get signal.
MPAA: What !
RIAA: Main screen turn on.
MPAA: It's you !!
J.Q. Public: How are you gentlemen !!
J.Q. Public: All your video are belong to us.
J.Q. Public: Your revenue stream are on the way to destruction.
MPAA: What you say !!
J.Q. Public: Your business model have no chance to survive make your time.
J.Q. Public: Ha Ha Ha Ha
RIAA: MPAA !! *
MPAA: Take off every 'Lawyer' !!
MPAA: You know what you doing.
MPAA: Move 'Lawyer'.
MPAA: For great injustice.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
Would someone PLEASE explain once and for all how AACS works? How is this any different from the previously found keys?
How many keys are there? Why aren't there just one? What's the difference? IS there any difference?
Is this better than the last key uncovered? Are there more keys to uncover?
What is the final ACCS "key"? How many levels are there?
I'm not being ignorant, I'm just confused, and I'm sure I'm not alone.
Thank you.
If the idea is to "stick to the man", they are doing the right thing disclosing what is the player in question. But if the idea is to actually use they key, they should keep them in the dark and not to specify what player got corrupted, so the keymakers cannot revoke the key.
I've got one of those 30" dell monitors. Problem is it does not have the fancy encrypted link, so 'useless' as a blueray/hd-dvd monitor. With this stuff getting cracked, I am looking forward to VLC playing not only my stack of DVD and whatever the next generation of movies I end up buying and re-encoding.
+++ UGUCAUCGUAUUUCU
My parents bought a DVD with a narrated tour of some ruins they visited on vacation outside the country in order to show their friends. It wasn't region 1, so they couldn't play it. They, like the average non-geek, had no idea about region coding, and of course didn't know that they had to look for a certain "type" of DVD.
When I explained to them why their disc wouldn't play, they were mad. When I gave them a working copy of the disc, they were happy.
What do you mean, "will result?" It already has resulted in hardware DRM -- if you have Vista and a machine with a TPM, it's already there!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Within 5-10 years, if DRM is still popular, you will need to have a dongle that does the decrypting of DRM'd materials. The dongle, in conjunction with "protection" circuitry in the video and audio channels, will provide a revocable key between the media player and the video output device.
It will work something like this:
There will be two channels of data, one from the media source to the dongle, and one from the dongle to the playback device.
The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.
The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.
The dongle will be a "black box," protected by hardware features and possibly legal protection: "Tamper with this for the purposes of understanding it and go to jail."
The dongles will be handed out like candy for little or not profit, but they will be revoked individually if any one is compromised. People concerned about privacy and tracking implications will trade dongles or simply buy them by the bucketful.
I don't know if these dongles will be USB dongles or if they will be on a faster bus or maybe even connected directly to the video playback circuitry.
Mark this post, it may prove useful in challenging future dongle patents.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...DRM just ain't all its cracked up to be.
Atari must be doing really bad after releasing NWN2 to start hacking DRM keys.
That's a good point ... of course, if you make modifications of sufficient magnitude to frustrate existing decryption tools, odds are you just created a whole new set of security holes. Those will also be found. Also, like CSS before it, the technology will have to be implemented by every video hardware and software maker on the planet (well, in China anyway) and sooner or later the details will get out. Furthermore, if (and it's currently a big "if" given the childlike manner this whole media war is being played out by the likes of Sony, Microsoft and the rest) either HD-DVD or Blu-Ray actually does take off and manage to replace the DVD, they'll find themselves in the same situation they were in with CSS. Not that it matters: as the MPAA has admitted the goal is to keep the bar high enough that the vast majority of consumers have no way to bypass the DRM. There's a certain acceptance by these people that there will always be a some degree of infringement going on, they just don't want it too widespread.
Ultimately, the only real way to protect content is going to have remote-controlled content-monitoring LCD shutters surgically implanted in everyone's eyes as soon as they are old enough to enjoy TV (and these creeps would do just that if they could get away with it.) Anything else will be circumvented sooner or later, which they know perfectly well. It's also why the content companies are pushing so damned hard to export US/EU-style IP law around the world and have copyright infringement treated as a heinous crime akin to murder. Once the cops (everywhere) are accustomed to treating copyright infringers as serious criminals, the MPAA and their ilk are hoping and praying that people won't do it anymore.
I think they will be disappointed. I hope they will. There aren't enough jails to hold everyone that ever violated a copyright, or exercised fair-use rights in countries that support them.
The higher the technology, the sharper that two-edged sword.
Good luck playing that DVD overseas. Good luck playing that DVD in Linux. Good luck with your new fancy disks if your player gets revoked. And all of this while the people who really ARE doing things they shouldn't are just double-clicking their unrestricted .avi file.
I don't think this is as good as you think it is. I'm all for breaking DRM (and was extremely pleased when they broke the AACS process key), but I think releasing a player key was a BAD idea. I'm betting the MPAA's logic in regards to this will look like one of these two:
- WinDVD is not handling its device key in a secure manner
- WinDVD cannot be trusted
- WinDVD won't be getting another player key
Or even worse:
- WinDVD did its best to protect its device key
- It's impossible to protect a device key in a program that people can reverse-engineer [true]
- We'd better not allow any software to read AACS-protected content
Although this may all be moot anyway, as they can extract future process keys with relatively little effort (though it'll be a lot more effort if hackers have to break hardware systems instead of software).
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
Revocation, obfuscation, TPM chips, hardware tricks ? Whatever, DRM is provably insecure.
So, am I not "supposed" to watch my DVDs on my old TV? The macrovision protection makes the picture nearly unwatchable. The TV is very nice, and does the job well. Why should I have to throw away a perfectly good TV and buy a new one just to watch a DVD? It doesn't make any sense - if I have to buy a new TV, that's less money for me to spend on DVDs, so the copy protection would actually reduce their sales.
Likewise, have you never bought a DVD from another country? If you're not supposed to do that, then why can I buy DVDs from another country? Sure, you can get region-free DVD players, but not everybody has one - and with "RCE" protection, some titles won't even work on some region-free players. And region-free players are technically illegal in some places.
I also like to watch movies but some titles won't let me go straight to the movie, and instead force me to sit through unskippable ads and FBI warnings. I even had one disc that I bought, which made me sit through a quite long lecture about the evils of piracy, telling me how people who copy DVDs are funding terrorism and destroying the industry. Ironically, it was quite simple to make a copy of that DVD, with the anti-piracy ad removed. If they didn't have that unskippable propaganda at the beginning. If I ever get another disc with that ad, I'm going to return it as defective. I paid to watch the movie, not to be lectured by propaganda.
... and then they built the supercollider.
I know that personally, I refuse to upgrade anything for Blu-Ray or HD-DVD. Even if it weren't for the content 'protection,' what's the real point? Sure, it's nice to put more per disc for PS3 or XB360, but should that really determine the format of movies, or music? The 'truth' that the xxAAs don't understand is that physical medium are on the way out.
So, of course; don't buy them. Tell your friends not to buy the, and spread the word. If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience. Most often they like whet their friends have, they like what they already have, and sometimes? They just follow the pr0n industry (uh oh, did i just predict the HD-DVD?) THe point being, this one is easy to 'nip in the bud.'
Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.
If you're trying to demonstrate that DRM is futile waste of energy, it's in your best interests to release as early as possible.
Releasing an exploit a couple of years after the technology is first released gives people the impression that the DRM was "good" for those two years. On the other hand, releasing the exploit a week later drives home the point that the copy-protection racket is selling nothing but snake oil.
http://outcampaign.org/
Or it's people who expect to be able to exercise their fair-use rights getting together and forming some kind of, you know, community in order to achieve that.
At some point between the information and your eyes and ears, the information must be in "plaintext." (Otherwise you can't see it or hear it.) At that very point, the information stream can be intercepted and stored. This is true even if we have jacks in the backs of our heads to accept personal AV signals.
Here's another way to look at it: in the theoretical environment in which the decryption takes place, the person playing the part of consumer also plays the part of adversary. DRM systems give information to the adversary in plaintext. Alice wants to send a message to Bob. But she wants to send it to Bob in a way that Bob can't comprehend it... but he can, but he can't...
Yeah, so it's brain-dead. But there you go.
Most cracks happen earlier than between the emitter and the eyeballs. As long as the digital signal is converted to an analog signal in an environment that can be totally observed, the process of decryption can be observed and replicated. If someone ever designs a perfect black box, we'll possibly have no way to capture the digital signal. But we'll still be able to capture it before it reaches the eyeballs.
This is as close to a proof as you're likely to get on Slashdot.
I got my Linux laptop at System76.
A well designed hardware cryptographic solution presents an extremely hard barrier if implemented well. The original X-Box failed because short cuts were taken in the architecture and keys were transmitted across a high speed bus but the same does not apply to the X-Box 360. It has thus far resisted all of the attempts to circumvent it, the minor hacks achieved to date have done little to break down the core security of that system despite significant efforts on the part of the X-Box hacking\mod community. Forget about separate TPM's in chipsets - the "ideal" solutions are now being rolled out pre-built into consumer CPUs. Apart from the clever crypto parts of the X-Box 360's CPU, both Intel's LaGrande and AMD's Presidio provide robust "Trusted Computing" features that (could) fully prevent the type of attacks that have been used in the WinDVD key discovery attacks. All three systems implement in-cpu protected key storage and secure memory for key dependent operations. Even without the absolute control that the XBox 360 enforces through its trusted boot process the LaGrande\Presidio technologies allow developers to build DRM solutions that are effectively invulnerable to key discovery attacks on any OS.
Of course there is a formal proof, just ask any cryptographer or cryptanalyst. A basic sketch of it is that DRM makes use of conventional cryptography. However conventional cryptography has never been designed to prevent attacks in a threat model where the attacker has illimited physical access to the device performing the decryption operation.
But then, I'm not trying to do something with it that I shouldn't, like copying it when the purchase agreement clearly says I'm not suppose to...
What purchase agreement? I agreed to nothing when I bought it. And I'll do whatever the hell I want with the property that I own. Much like I don't use CDs anymore when playing audio content, I don't want to use DVDs when playing movies. So I rip and watch on a HTPC. The process is much more complex than ripping an audio CD, mostly because of the DRM.
The physical media that we buy can become scratched and broken, even when we take care of it. And thanks to the convenient duplicity of ideology that is held by the content companies, we are said to be buying only a license to the content, which happens to have a copy along with it on the media. Good luck getting replacement media so you can exercise that license if a disc happens to get scratched. They want to have their cake and eat it too, so we get, "You should take better care of your discs." and DRM protecting the content.
This is BULLSHIT. There's really no way to get the message across to them, so no more. I won't buy another movie on DRM-protected media. Until they change, or offer a (paid for) download of the video without DRM, I won't be buying another movie. I'll rent from an online source and rip to a media server. Yeah, I'll still watch them and get the content, but I won't purchase the discs anymore.
Illegal? Probably. Unethical? I don't think so, and really, I don't care.
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
You're not owed a damned thing. We own the discs. We'll reverse engineer them. This is the way the universe works. You don't get a say in what we do with things that we buy. Your connection to my home is not welcome.
And I believe player pianos were supposed to break musical profits. and TV was supposed to break movies' business model. and cassettes were supposed to destroy record companies. And Valenti compared VCRs to the Boston Strangler. And music and movie downloads are supposed to break the RIAA and MPAA members. Both outfits are making more money today than they did last year, and the year before.
You are wrong. And you've bought laws to invade our lives and put grandmothers in prison. The least we can do is break your balls, over and over and over.
and please, do, go out of business.
Ok, I'm by a DVD player. What are you all doing?
...there will now shortly be a new media format announced that supercedes blu-ray and HD-DVD.
Now that picture and audio quality is already better than humans can perceive, I wonder what new marketing bullshit feature they'll come up with this time to persuade the public they really need spend thousands more on yet newer hardware just because it has even more restrictive DRM and no bacwkard-compatability.
Look out for super ultra mega HD resolution media and players with 12.1 audio and smellyvision coming to your local store soon!
If only they had peer-reviewed AACS before releasing it like the RIAA did with their Secure Digital Music Initiative, then none of this would have happened!
Rip the disc, disable Macrovision, and burn it back out to a blank DVD. Problem solved.
You can also get rid of the obnoxious "No UOP" functions, and other garbage. If you're like me, you can just do a title rip, and strip out all the crap besides the movie itself, and pretend you're in a theater. (Well, without the 15 minutes of ads and previews. So basically, not like a theater at all, anymore.)
I used to do this to most of my DVDs, but then I built a MythTV box, and started using its built-in DVD player, which is a beautiful little thing* that doesn't do anything besides just play the main title, sans mandatory-previews, menus, and other shit normally foisted off on the viewer by the studio. I tried testing a scratched disc in a regular player after getting used to it, and I wanted to claw my eyes out, just waiting for it to craw though the mandatory-view crud.
* I think it's MPlayer. If you really want, I think you can use Xine instead and get the menus back, but I'd sooner shove a hot poker in my eye.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Simple on a computer today, sure. But if you follow the path laid by DRM and the desires of the studios and media companies, I'm not sure it would be so simple in a decade or so.
First they'll just make precompiled debuggers illegal. And then when that doesn't work, they'll make compilers illegal. And when people go after the hardware, they'll pot the whole motherboard in epoxy, doped with iron filing and wired with self-destruct mechanisms. And only signed code will run as root or system, so even if you do get a compiler, you'll have to somehow forge Microsoft Central Control's signature to run it on the bare metal. Oh, and the whole thing will probably brick itself if it doesn't dial in for re-verification and updates on a weekly basis. Hell -- don't even let the user install any software: if they want something, they can call Microsoft with their MasterCard in hand, pay for it, and it'll get downloaded to their machine overnight.
There's precedent for most of this already; the US government has already mandated that all VCRs look for and cripple themselves if they detect Macrovision signals, so it's really not much of a hop from there to a "full length" mandatory HDCP. Since the only way you can make DRM stick is by not letting the user actually do anything, that's the obvious solution. Just lock them out.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Region Coding seems to be the future for HD-DVD, however. Save your current player if you have one.
Socialism: a lie told by totalitarians and believed by fools.
You *do* know you can buy a RF encoder for like $20 and hook your DVD player in through that, right? Not thet you should have to, but things being what they are it might be handy.
Socialism: a lie told by totalitarians and believed by fools.
I was on my school's shooting team here in the UK. We had an armoury on the school grounds, with a load of .22 target rifles and L89s and a couple of LSWs (both SA 80 variants. I used to shoot a couple of times a week. I haven't touched a gun since I went to university though; after a while they just got a bit boring (squeeze trigger, make hole in far-away thing gets old quickly).
I am TheRaven on Soylent News