Slashdot Mirror
DVD Security Group Says It Has Fixed AACS Flaws
SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."
Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection.
Do they not understand, that if you can view it, you can copy it?
On the other hand, maybe they do understand, and HD-DVD/Blu-Ray 2.0 will offer only un-viewable content. Step 3, profit!
The theory of relativity doesn't work right in Arkansas.
and it will join the ranks of every other DRM mechanism devised.
Don't you just love the corporate spin: The AACS (Advanced Access Content System) just happens to be a mechanism to deny access to the content. The moniker certainly makes the technology appear benign to Joe Sixpack consumer.
If that's "fixing the flaws", then I guess whenever I fill my gas tank I'm "inventing perpetual motion".
The flaws aren't fixed. They're just papered over slightly more aggressively. Don't worry, there'll be more flaws.
Breaking Into the Industry - A development log about starting a game studio.
No no no. Let's just tidy that baby up a bit:
"Makers of software for playing the discs on computers are requiring consumers to download patches that will re-apply the product defects that computing professionals had removed in the weeks prior. Despite the fact that nothing is technically wrong with the older versions of the software, it is being intentionally rendered obsolete to force the update -- no new movies will be viewable on the old software."
Schwab
Editor, A1-AAA AmeriCaptions
ISTR that Muslix64's attack worked by identifying the keys in active RAM. So how does revoking the keys defeat this attack?
They didn't fix any flaws. They just deactivated old keys and issued new ones. Supposedly InterVideo will be patched to be more secure (aka try to hide the new key). Maybe that is what they are talking about but it still does not fix any flaws by a long shot. Just look at all the cracked versions of software out there that have all kinds of fancy safety and protection mechanisms and are still cracked daily. As long as its in memory in unencrypted form for any amount of time, it can be obtained.
What they have done is analogous to re-keying a lock that is susceptible to being picked -- it's only a matter of time before it is picked again. Lather, rinse, repeat. And how long before a hardware player is cracked? If I had one I'd bust into it to see what kind of flash it has. It probably has an on-board JTAG or other programming port to dump the memory like most consumer devices which are mass produced and then flashed assembly style, making obtaining the key quite easy. When the players come down in price I fully expect them to be cracked on a daily basis.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
I guess that nobody with VC understands that DRM is simply a VERY expensive, very stressful game of whack-a-mole.
It amazes me that so many people believe that they can do the DRM game and make huge money. Recent news tells me that if the US government is trying to influence other countries to do more about copyright infringement, well then, DRM must not work worth a damn, otherwise there would be no need for US Governmental intervention. With that bit of proof that it won't work, doesn't work, and can't work, it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.
Media and content providers simply have to get on the right bandwagon... DRM isn't it. No matter what fantastically great work they do for any particular DRM scheme it will always end up broken. There is no method that can reasonably ensure secure keys when the unencrypted content has to be present to view it. Sigh, old dogs, new tricks, bad circus experiences....
Support NYCountryLawyer RIAA vs People
Because we can. Forget about laws in books, even forget that Bill Of Rights that some of you have, they get ignored all the time. Rights are yours if you have the means to enforce your ability to exercise your right.
You're missing the point.
The benefit of all these cracks isn't to allow people to copy the movies. That ability was never in doubt -- people will always be able to do that. They'll be able to do that regardless of what the content monopolies do, short of just deciding that they won't release movies anymore (which is fine; there's enough of a demand for entertainment that other people will do it -- there's nothing special about making movies that a lot of people can't do, it just takes a lot of money).
Holding onto a crack until AACS is ubiquitous wouldn't do anything. The ultimate failure of AACS isn't, and never was, in doubt -- all DRM is flawed, and it will eventually be broken.
The question is whether it's possible to convince both the studios/content-creators, and consumers, of the utter futility of DRM in the first place, so they'll stop trying to do it, and stop wasting everyone's time. DRM is nothing but a broken window: it's millions of man-hours and probably billions of dollars of resources diverted from other, more productive, tasks, both to create it and break it. That's the real cost of DRM.
So if by releasing cracks for AACS every time they update it, as quickly as possible, it demonstrates to the studios that they're engaging in a war against a guerrilla enemy that they can't possibly defeat, regardless of how much money they spend, perhaps they'll throw in the towel sooner rather than later. It may be a slim chance, but given that Apple has started to see the light, there's some hope.
That's the real benefit of these cracks. Compared to the economic and social cost of the wasted effort, the ability of people to pirate a few movies pales in comparison.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The problem is when Joe Six pack comes home on a friday night with a case of beer, couple of mates and a latest release movie, they are going to be mighty pissed off when there player prints "please update your dvd player" or something like it.
Christ, It's not entirely difficult for someone that isn't phased by technology, but I know if I've kicked on my couch on a friday night with a beer, the last bloody thing I want to be doing is getting up, searching for my model of "insert new format player here" downloading the firmware, burning it to a disc, updating it, just to watch a movie I bought/rented.
I'm just gunna stick to DVD for the time being, My mythbox has no trouble playing those!!
# cat
Damn, my RAM is full of cats. MEOW!!
Yeah see this is what always gets me about the DRM thing. Either you make it playable or you make it secure. Pick one.
The Sony rootkit fiasco really brought home, for me, the need of consumers to assert their rights over their devices. This computer on which I'm writing this is mine. If I had the choice of hardware that would do what I told it or hardware that would obey the whims of the MPAA/RIAA, I'd choose the open hardware. Given the choice of software that does what I tell it to or software that doesn't, the choice is obvious. If there is no choice, I write my own software.
The most insulting thing about the rootkit incident, as well as many such events since, is the notion that just because I'm using my computer to play content owned by someone else they somehow they own my hardware. That's simply not the case.
Here's what I want to know. They're sending a patch to the software that plays the discs, right? It's already too late to change what's on the actual discs because too many are already in the wild, so to speak. What if I just don't update my software/firmware? Or better yet, what if I write my own?
Nah, it takes 150 Million dollars to make a Hollywood blockbuster where you spend 1/3 on whiz-bang special effects, 1/3 on salaries for "star" actors and directors, 1/4 for advertising, and the rest for actual preparation of sets and filming. You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.
And as the price of Pro HDTV cameras and computers + digital editing S/W drop, you will be able to do a pretty decent all digital-straight to video for a lot less. Sure, you'll still have substantial costs for lighting equipment, audio equipment, makeup, getting filming permits, and so on. But you won't necessarily need to spend money on film and film processing. That's going to open the door to a lot more student and amateur film-making efforts. And yeah, it will still meet Sturgeon's Law, but there *will* be a lot more good stuff mixed in the avalanche of garbage that will fill sites like YouTube.
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
Audio CDs were invented in 1983, before many people were computer proficient to make perfect digitial copies of songs. It was only in 1991 or so that digital DRM was invented.
True Audio CDs have no DRM. New "CDs" that have no DVDs hidden on them should have no DRM, since no one is making pure "CD" DRM anymore. If you buy CDs from non-RIAA labels, you should never run into DRM at all.
Now, DVDs do have DRM. So the question is, how do we get manufacturers to make Laserdiscs again?
There is a fine line between recklessness and courage... -- Paul McCartney
You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.
Indeed.
Look at Infernal Affairs - the original from which "The Departed" was remade - done in Hong Kong it had a budget of roughly 5M USD at the time. The Departed had a budget of roughly $90M and that does not take into account advertising. That's almost a 20:1 ratio and many people argue that "Infernal Affairs" is still the better movie.
Look at "Il Mare (Siworae)" - the original from which the recent Keanu Reeves/Sandra Bullock "The Lake House" was remade - a budget of under 2M USD versus roughly $40M for the remake and if IMDB's ratings are anything to go by, the original was better. Again a 20:1 ratio.
Furthermore, South Korea regularly turns out top caliber movies and yet the most expensive film they've produced, The Host, had a budget of $10M. Most South Korean productions are well under half of that, often closer to $2M, and their quality easily surpasses most of what Hollywood does.
South Korea is one of the few markets in the world where local productions regularly beat out Hollywood for ticket sales (in part because of screen quotas, but that changed recently due to the US State Department doing the MAFIAA's biding and it still didn't put a dent in local cinema). These movies focus on story rather than flash, so there are less special effects. But otherwise the movies look just as good as anything from Hollywood - professionally lit, professional wardrobe, make-up, cinematography, and of course the most important part -- great story telling.
While production costs are cheaper in South Korea and Hong Kong than they are in Hollywood, they are not necessarily less than for a lot of "run aways" where Hollywood outsources various parts of the production to cheaper parts of the world.
So, yes it is easily possible to outdo Hollywood and even produce 'blockbuster quality' (if quality is the right term) movies for far far less than Hollywood does right now.
When information is power, privacy is freedom.
If you use their software, then the software will choke when it encounters a disc produced in the future. That disc will contain a revocation list, and when your player finds itself on the revocation list, it will refuse to play all AACS-content (including stuff that previously worked), until you update. If you write your own software without a license, you violate the DMCA.
I find being offended by me offensive.
We have fixed the problem this time.
No, seriously, we did... Really.
So, unless some miscreant goes out and breaks something, yes, it is fixed.
Hackers of the world: It ain't broke, so please don't be taking it apart to find out why. Please! The fact that you can't watch movies you paid for on the equipment you own is a design feature. Please don't meddle with it, it will only make more work for us.
{We have just raised the bar and thrown down the gauntlet, so: On your mark, get set, GO!}
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...
I instead of pirating and cracking, took the other road. I voted. Anything that required a hardware dongle is and always had been rejected. The new tack is using your hardware as a dongle with online activation. This is also rejected.
It is the primary reason for my move to Ubuntu instead of Vista.
It is the reason I did not accept the free upgrade to Light Factory. The upgrade removes the dependance on MS SQL server (hurrah), but also changed from a registration key (encoded with user name) to a single hardware online auth (boo hiss). I wrote the company and let them know why I moved to Freestyler instead. I am now moving to Q-Light a Linux console as part of my move from Windows.
Anybody want Lightfactory starter edition?
Vote against dongleware with your wallet. Don't pirate, use an alternative.
What do you think is more upsetting to Microsoft? Pirating MS Office or switching to Open Office? On one they can take legal action. On the other which is more offensive to them, they can do nothing.
The truth shall set you free!
Yeah, I used to think that ripping DVD was for folks who knew computers and were geeks. That was until I worked on a few barely computer literate people's computers and found ripping software! It gets better, while my SO was buying a DVD she'd found cheap at a grocery store the clerk running the checkout starts to tell her all about how to rent and RIP DVDs - then goes so far as to tell her it's perfectly legal! He even told her what software to use - she was pretty amused and just nodded while he went on and on about it. My point is - the folks who don't live computers are doing this in amazing numbers.
:-)
Now we're talking High Def DVD and people still want that content. They have just forced a bunch of folks to patch their software. Meanwhile the guys on the Doom9 forums have hacked the HD DVD firmware for the XBOX 360 such that it ignores half the scheme and coughs up the Volume keys. http://forum.doom9.org/showthread.php?t=124294 Whoops. People will soon be flashing their drives to decrypt the media all over again. What are they going to do, revoke drives in mass? Do they think this SAME thing won't be done to Blu Ray and other hardware? The last time around they even shared keys between Blu Ray and HD DVD pressings, talk about one key to rule them all! Slysoft even released a commercial product to rip the new media...
So what do they think will happen with HD content that's ANY different than with standard DVDs? If someone can hack existing firmware to avoid these keys then what stops an offshore manufacturer from simply producing such a drive? You might have to hit a few buttons on the remote to activate it but you can bet it will happen. the biggest thing slowing it down right now i shear size of the content - 20Gigs and an hour's worth of time to rip it is going to put off a few folks I'll bet. Where are those 1TB drives being released again?
The consumers will speak - this sucker is toast. It won't be long before simply buying a fake on a streetcorner or downloading from a torrent is FAR less trouble than buying the real thing.
Build it, Drive it, Improve it! Hybridz.org
It's really important that everyone understand that AACS copy protection cannot be brute forced. They're using AES for the actual encryption - if someone wrote a program that could crack that directly the news would be a lot more significant than "DVD copy protection hacked".
Given that AES won't be cracked, any attack on AACS copy protection must be a key recovery attack. Luckily, key recovery attacks aren't that hard when you get a key with every player you buy. But... the fact that cracking AES is hard means that reading HD-DVD/BluRay disks may become completely impossible when players are no longer available.
Hacking something together to read a Beta tape is possible. Annoying. It might cost tens of thousands of dollars to build. But it's possible - it's just analog magnetic patterns on a tape. Reading an HD-DVD without a HD-DVD player won't be possible. That'll be a serious issue for historians in the future, if people don't leave enough pirated DVD-R's around with the unencrypted content on them.
-- The act of censorship is always worse than whatever is being censored. Always.