Slashdot Mirror

← Back to Stories (view on slashdot.org)

First AACS Blu-Ray/HD-DVD Key Revoked

Posted by CowboyNeal on from the changing-the-locks dept.

Thomas Charron writes "An update posted for Intervideo WinDVD 8 confirms that it's AACS key has been possibly revoked. WinDVD 8 is the software which had its device key compromised, allowing unfettered access to Blu-Ray and HD-DVD content, resulting in HD movies being made available via many torrent sites online. This is possibly the first known key revocation which has taken place, and little is known of the actual process used for key revocation. According to the release, 'Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled,' which pretty much confirms that the key revocation has already taken place for all newly released Blu-Ray and HD-DVD discs."

13 of 254 comments (clear)

  1. I don't completely get it. by yagu · · Score: 5, Interesting

    I don't completely understand what's going on here. And that's exactly my point. I don't want to understand. Does this breach disable any user's player until they update their hardware? Will some disks play and others not? (I'm kind of making this up, but I'm role-playing what most consumers are experiencing based on my limited anecdotal observations).

    I don't want to know the ins and outs of the security of the media. I want it to work like the old CD players. I insert a disk, I watch a movie. Simple. Easy. Done.

    I think above and beyond the hurdle of introducing a new format, ahem, two new formats, for DVDs this kind of hiccup could be fatal to the rollout. People are annoyed enough with little things (cables plugged in wrong way, audio/video receivers improperly configured, etc.), when it comes to having to update firmware to be able to play stuff they've paid for, they're going to be mad. And maybe some, maybe many are going to rethink their upgrade plans and find regular DVD okay enough. And maybe people who have been considering HD DVD will stay away in droves. Fingers crossed.

    1. Re:I don't completely get it. by scottnews · · Score: 5, Informative

      It means *NEW* HD-DVD and Bluray discs won't work on WinDVD 8. The key for WinDVD 8 has been revoked. Other players use different keys. Those have not been revoked. WinDVD has released a free update with a new key, and presumably an attempt to encrypt it.

      This is why HD-DVD and Bluray players require a network jack. It allows for old keys to be removed and new ones to be implemented, among other things.

    2. Re:I don't completely get it. by Kjella · · Score: 4, Informative

      What this means is that *NEW* HD-DVD and Bluray discs won't work on old players, unless patched.

      Actually:
      1. New discs won't play on the players who has had their keys revoked. Just to make that clear, this only has any effect for users of the WinDVD software player.
      2. If I remember correctly, the player will keep a version of the revocation keys. So from what I've understood, once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.

      For a software player, this isn't more than what it just said - a required software update. It doesn't get nasty until hardware keys are found...

      --
      Live today, because you never know what tomorrow brings
    3. Re:I don't completely get it. by SiliconEntity · · Score: 5, Informative
      once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade. This myth appears to have originated...

      It's not a myth at all. Try reading section 4.8 of the AACS Introduction and Common Cryptographic Elements spec:

      An AACS licensed drive shall retain in non-volatile storage, the most recent Host Revocation List (HRL) data which it encounters and has verified. To do this, for the first AACS drive authentication to the media inserted, the drive shall read an MKB recorded on the media to check if its version is higher than the version of HRL that it has stored in its non-volatile memory... If the version of MKB recorded on the media is higher than the version of HRL that the drive has stored in its non volatile memory, the drive verifies the signature in the Host Revocation List Record of MKB as specified in section 3.2.5.2. If the signature is successfully verified, the drive shall replace the previously stored HRL data, if any, with the newly read HRL data.
      What this means is that disks are distributed with Host Revocation Lists on them, cryptographically signed by AACS. Whenever a disk is inserted, the drive checks to see if the HRL on the disk is newer than the one it has in nonvolatile memory, and if so, it checks the AACS signature on the new one and stores it in memory. This allows a drive to refuse to talk to a given host software. Likewise there is a drive revocation list that the hosts are supposed to hold which tells them not to talk to certain drive versions, in case an attack is found in some models of drives.
  2. Awesome by Vexorian · · Score: 4, Funny

    No one can deny how convenient this is for the customers. The companies love us.

    --

    Copyright infringement is "piracy" in the same way DRM is "consumer rape"
  3. Great! by Bri3D · · Score: 5, Insightful

    And the update must have the new key in it!
    And we know how smart InterVideo have been about protecting the keys so far...

    The fact of the matter is that if it can be decrypted and the user has physical access, there is *no way* to make "unbreakable" DRM. None. At all.
    Especially on most modern CPU architectures where memory and the bus are unencrypted. The data *has* to go through RAM and over the bus.
    Therefore there *is no protection*
    It takes *one* decrypt to defeat their supposed purpose "keeping them dirty pirates from getting it" and this decrypt will *always* happen. But yet they waste millions in R+D money making ridiculously bad systems to try to prevent something that's physically impossible to prevent.

    1. Re:Great! by Nasarius · · Score: 4, Interesting

      And the clever cracking groups will grab a key and not tell anyone, just keep using it to make releases. It'll be amusing to watch and see what happens, though. Will they keep playing whack-a-mole when they can find which key has been extracted? Will they finally realize it's just not worth the effort? Or will they end up revoking all software player keys and forcing you to buy and use the hardware players? I'm betting on the latter.

      --
      LOAD "SIG",8,1
  4. Re:Copyedit? by Anonymous Coward · · Score: 5, Insightful

    ... and for G*d's sake, it's "its," not "it's"!

    (World's easiest job: slashdot "editor.")

  5. Re:PS3 by ivan256 · · Score: 4, Insightful

    It's a networked device. They'd just put out a firmware update. Sorry to shatter your dreams.

    It would be more interesting to find out what would happen if the key to the Sony standalone BluRay players was discovered.

  6. It's hard to upgrade hardware by jfengel · · Score: 4, Insightful

    It should be a lot more difficult to get the keys for a hardware player than for a software player. WinDVD made an easy target because it is running on a general-purpose computer, which means that the key is sitting there in memory at some point to be snooped out. It's not easy, I'm sure, to find that key among the many megabytes of code, but it's there.

    A hardware player isn't a general purpose computer. I'm sure it's possible for somebody with the right hardware to snoop inside its memory (say, inserting a special thingamabob between the memory and the mother board that allows you to read all reads/writes as they go past), but it's not going to be readily available.

    Presumably somebody will be the first one to do this, and that is sure going to be a bad day for both formats. People are prepared to upgrade their software; it happens all the time and it's a relatively painless process for most people. Upgrading your hardware is not going to be easy, and it may not even be possible. (I used to own a DVD player which was "upgraded" by downloading a patch, burning it onto a CD, and putting that in the machine, but I don't know if every DVD player supports that.)

    If they start denying keys on hardware players, there will be a world of pain, but I don't expect this to shatter the world. They'll just advise everybody to download a patch with a new key.

  7. First AACS Blu-Ray/HD-DVD Key Revoked by denmarkw00t · · Score: 4, Insightful

    ...and certainly not the last. Beware, HD-DVD/Blu-Ray consumers, you're in for a bumby road of software patches and exploits that move twice as fast!

  8. Ahh, certainty by Moridineas · · Score: 5, Funny

    "confirms that it's AACS key has been possibly revoked"

    Well, I'm glad that's been confirmed...

  9. New use for PS3 Linux by supabeast! · · Score: 5, Funny

    If anyone really wants to piss off Sony, start a PS3 Linux project to build a PS3-based supercomputer that can be used to crack all of the Blu-Ray keys.