First AACS Blu-Ray/HD-DVD Key Revoked

Thomas Charron writes "An update posted for Intervideo WinDVD 8 confirms that it's AACS key has been possibly revoked. WinDVD 8 is the software which had its device key compromised, allowing unfettered access to Blu-Ray and HD-DVD content, resulting in HD movies being made available via many torrent sites online. This is possibly the first known key revocation which has taken place, and little is known of the actual process used for key revocation. According to the release, 'Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled,' which pretty much confirms that the key revocation has already taken place for all newly released Blu-Ray and HD-DVD discs."

I don't completely get it.

[yagu]

I don't completely understand what's going on here. And that's exactly my point. I don't want to understand. Does this breach disable any user's player until they update their hardware? Will some disks play and others not? (I'm kind of making this up, but I'm role-playing what most consumers are experiencing based on my limited anecdotal observations).

I don't want to know the ins and outs of the security of the media. I want it to work like the old CD players. I insert a disk, I watch a movie. Simple. Easy. Done.

I think above and beyond the hurdle of introducing a new format, ahem, two new formats, for DVDs this kind of hiccup could be fatal to the rollout. People are annoyed enough with little things (cables plugged in wrong way, audio/video receivers improperly configured, etc.), when it comes to having to update firmware to be able to play stuff they've paid for, they're going to be mad. And maybe some, maybe many are going to rethink their upgrade plans and find regular DVD okay enough. And maybe people who have been considering HD DVD will stay away in droves. Fingers crossed.

Re:I don't completely get it.

[evilviper]

once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.

This myth appears to have originated simply by a reporter from The Register misunderstanding an out-of-context quote, from someone who didn't entirely understand AACS to begin with.

Reading about AACS from the source, I didn't see anything like this at all. So please stop spreading bullshit myths.

And don't drink coke while you're eating pop rocks, or your stomach will explode, and you'll die.

Re:I don't completely get it.

[whyde]

When I first became aware of AACS, I read what I could of the spec and pondered whether it would be possible to produce and distribute a disc which deliberately uses the properties of NVM and the MKB/HRL specification to insert a bogus "maximum value" HRL which contains a do-nothing (or nothing useful) revocation list.

The net result of this is, once inserted, the disc guarantees that all future discs will play regardless of the player codes which have ever been, or will ever be, revoked. Since it has no concept of time except for the supposedly monotonically increasing version numbers of the HRL, it should be possible to max out the HRL value so no disc can ever update the player's revocation list.

I'd be suprised to find out that this is not possible.

Re:I don't completely get it.

[smchris]

Count me confused too. So what will be _really_ cool (anarchy-wise) will be when people release hacks for consumer media hardware of the future the way people hack game consoles to play linux? How do they tell what hardware has been conpromised? Each Blu-Ray disk comes with an explicit agreement to let the industry probe your hardware?

.. but what if a hardware player is compromised?

[uncleFester]

this is what's more curious to me.. when/if a hardware player ever is compromised, what are you gonna do then? the content owner denies your access to their content.. you think the manufacturer will step up with an "oops, our bad; here's a new unit to play stuff.." har.

i don't even know if this has happened with dvd or how possible it is.. but i have to think the potential is out there, and unless the unit has some sort of design foresight to resolve some issue (firmware updates to my bluRay player? and what kinda new 'security' hole is that?!?) i'd think you could be toast. .. that might actually be one class-action suit i could hop on and enjoy, just to watch potential legal fallout. :)

-r

hardware players?

[MoOsEb0y]

What are the implications for hardware players? Will they now need to be updated, or does this key revocation only apply for WinDVD in particular. If so, does this mean that it would be possible to hack apart a hardware HDDVD/Bluray player and take its key? This doesn't seem like a very secure system if that kind of attack is possible.

PS3

[Sobieski]

Soo, what if PS3s key gets revoked? Would all the owners have to return their machine?

Re:PS3

[swillden]

It would be more interesting to find out what would happen if the key to the Sony standalone BluRay players was discovered.

Actually, it's very well-known what would happen: They would revoke the individual player that had its keys compromised. Note: Just that single unit, not the whole line. The beauty/horror (depending on your perspective) of the AACS key revocation system is that it can target individual units without affecting any other units, and it can do this without requiring huge amounts of disk space to be devoted to key blocks, and without requiring any of the devices to get updates, even if millions of individual players are revoked.

What this means is that smart hackers won't reveal the player keys they extract. Instead, they'll use those keys to compute the media keys, and then they'll publish the media keys. Your HD-DVD/Blu-Ray ripper will just have to consult an on-line database to find the key for the disk you have and then it will be able to decrypt it just fine. The media cartel won't be able to revoke the player key used to compute the media keys, because it won't know which ones they are.

Re:Great!

[Nasarius]

And the clever cracking groups will grab a key and not tell anyone, just keep using it to make releases. It'll be amusing to watch and see what happens, though. Will they keep playing whack-a-mole when they can find which key has been extracted? Will they finally realize it's just not worth the effort? Or will they end up revoking all software player keys and forcing you to buy and use the hardware players? I'm betting on the latter.

thingamabob = logic analyzer

[DeadCatX2]

Unfortunately, you're assuming that the memory holding the key is in a separate chip from the processor which will use it. These days, it's common for chips to have internal non-volatile storage (Flash). I bet (note: speculation) one of the design goals for AACS was to ensure that the key was never in-flight on a PCB trace. You can't probe a signal if it's routed internally in the silicon, never leaving the chip.

Re:thingamabob = logic analyzer

[Cassini2]

You can't probe a signal if it's routed internally in the silicon, never leaving the chip.

Keeping a signal "locked" in the silicon is more difficult than one would like to think. Most of the chips with built in non-volatile memory have built-in interfaces to program that memory. These interfaces can be abused, and people have done it. Microchip's secure chips were breached. I am not sure where the hackers are at with the latest 32-bit and 64-bit hardware. It is hard to make something that "no one can copy". It is really hard when no physical security is present. People can remove the chips from the players and expose them to out-of-spec signals and voltage levels to find out what happens next.

Re:It's hard to upgrade hardware

[evilviper]

A hardware player isn't a general purpose computer.

Actually, it is. Toshiba's first HD-DVD players are, in fact, Pentium 4 computers.

(I used to own a DVD player which was "upgraded" by downloading a patch, burning it onto a CD, and putting that in the machine, but I don't know if every DVD player supports that.)

Not ALL, but the vast majority of DVD players can be flashed in the same manner.

right of first sale?

[mrcubehead]

I was wondering, what if you bought a commercial disk and made a copy without protection (via copy circumvention in a country where fair use isn't demolished by the dmca, like in sweden), and then destroyed the original, and resold it as a "drm-free" version? No one can argue the content has changed... so doesn't this then fall under the right of first sale, which was upheld by the supreme court some time ago?

Re:Network jack??

Yep, just a few more lines. The original poster was correct. It's not a big deal like VHS->DVD was (random access, media doesn't degrade with repeated viewings, far better sound, menus and special features, no rewinding...). If you don't have a big screen TV, HD is absolutely worthless. My 27" TV is just fine with regular DVD and I don't need a theatre-sized screen in my living room.

Re:Network jack??

[mgv]

So when the key of your Samsung BD-P1000 is revoked, your player will no longer play any new disks that you buy. You will have to go out and buy a new player.

This entire thread is complete bullshit. Keys are not revoked via a network jack. Keys are revoked by the simple act of releasing new discs that don't support them.


So this bit is pretty well established

1. Player gets compromised (keys extracted somehow)
2. All new content no longer has a key for the compromised player.
      a. Your player cannot play these new disks
      b. The new content cannot be decrypted by hackers either.
      c. Anything currently released will still play fine.

Now the interesting bit is how to update the players. The key system on Blu-Ray is very clever, and allows enough keys that they will never run out, at least in practice. It was designed to allow revocation of multiple compromised players, hundreds of times over.

The real issue is that you don't want a legitimate player to stop working. A software player can easily be updated on the internet. But a hardware player cannot assume an internet connection. And consumers are going to get angry if their player stops working because someone somewhere managed to figure out its keys.

However, there is no reason why a firmware update for the hardware player cannot be included on all new titles released. There is plenty of space on a Blu-Ray disk to hold thousands of firmware patches, for every compromised hardware player. So the end users will get updated.

Which doesn't mean that a real hacker couldn't "upgrade" their program too, but its a world of difference between figuring out a single key and emulating the system through an upgrade.

However, the biggest reason for this system is that of forcing a delay.

If you stop keys being released for a few months you capture most of the sales market

Sure, you may lose the long tail of marketing, but if you can just keep the decryption keys out of circulation for a few months plenty enough people will buy the disks anyway.

And they can play this cat and mouse game for a long time to come....

My 2c worth,

Michael

Re:It's hard to upgrade hardware

[IamTheRealMike]

AACS contains traitor-tracing algorithms that allow you to locate the device key from a decrypted video, or released title key.