Slashdot Mirror


DVD Security Group Says It Has Fixed AACS Flaws

SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

12 of 388 comments (clear)

  1. Serious Question by Anonymous Coward · · Score: 3, Interesting

    "Corel has told users of its software that failure to download the free patch will disable the ability to play high-def DVDs."

    Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?

  2. Even more reason to have nothing to do with it by Marcion · · Score: 5, Interesting

    I read this bit:

    "New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed."

    No one gives my computer instructions but me. So I will have nothing to do with either of these formats at all. I am just gonna say no and take my business elsewhere.

    DVD is quite fine, and where it doesn't then there are hard drives. Hollywood can give me movies in a format I'll accept or they can e2fsck off.

    1. Re:Even more reason to have nothing to do with it by QuantumG · · Score: 4, Interesting

      Best time travel movie I've ever seen. Cost of development? $10,000. Seriously.

      --
      How we know is more important than what we know.
  3. What about the lazy customer? by ibib · · Score: 3, Interesting

    I am just wondering what "normal" customer's will think, I mean - geeks and technophiles understand the the new efforts to close AACS is just not a solution, just another workaround in a loosing battle. But I wonder what normal people think, I really doubt that average Joe will think that a patch to this system is really a good thing. Most people want to be able to copy their content, make backups, etc. One of the benefits for a lot of people with the DVD format is that DVD players are available as region free players, you can copy disks from friends, etc. I'm not saying that piracy is necessarily a good thing, just that far too many (and increasing) people enjoy that and that in itself will be a problem for the next-gen media players.

  4. Re:Final Solution by pushing-robot · · Score: 3, Interesting

    Well, that teaches me for not using preview. Here's the non-HTML-formatted version (with real paragraphs!):
    --

    I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy their content without explicit licensing and permission would be the start of some file-sharing apocalypse. It's not even so much about the money with them as it is the power and control.

    And every time they hear about DRM being broken they want some new, better way of controlling their media.

    As much as I praise EMI for their actions of late, I can't help but think the people I know represent the bulk of the **AAs. The more we prove DRM is useless to a customer that has access to the hardware and software, the more appealing "Trusted Computing" will become to the Industry. Add a nanny-state government to that and you've got a recipe for disaster.

    And the "average consumer" wouldn't raise a stink about it. Even a locked-down home-phoning appliance could run Microsoft Office and QuickBooks and HALO*, so 99% of people wouldn't care. Tell them it's more "secure" and they'll buy it.

    (...wait, they already play HALO on locked-down home-phoning trusted-computing appliances...)

    --
    How can I believe you when you tell me what I don't want to hear?
  5. Re:They didn't fix anything by bhima · · Score: 4, Interesting

    Actually they (the Doom9 crowd and the Xbox360 hackers) have already discovered a method that recovers Volume Unique Keys which is completely unrelated to the method they used before. One which doesn't require reprogramming the device (Although they have already done that as well)

    So not only was AACS not really fixed (Just the key revoked) the velocity of revocation process is slower than the hacking process. And this revocation was a key for a software package, I imagine that the process for revoking the key for a hardware device, like the external Xbox360 HD-DVD drive to be slower, a lot slower.

    Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.

    I know I'd sure like to do it, if only to annoy and embarrass the AACS group.

    --
    Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
  6. how do you think the new patch adresses the issue? by viking80 · · Score: 4, Interesting

    Here is the important question:
    If you were the implementer of AACS on HD player SW, how would you hide the key? I can think of a few ways:
    1. Keep the data in CPU registers and cache.
    2. Split the keys up into smaller pieces, and spread them around when in memory.

    It seems that both is basically security through obscurity, and that has not worked very well in the future.

    If you respond to this with a clever way to do this, make sure you post the reason it will not stand up to hackers as well. Otherwise, keep it to yourself ;)

    --
    don't cut it off www.mgmbill.org
  7. Re:What about the other holes? by Anonymous Coward · · Score: 5, Interesting

    You are entirely right. The volume key hack is pretty solid. In fact, if the Microsoft HD-DVD player were to be revoked and require a firmware patch to the existing runs of drives to play new discs, it really wouldn't make any difference at all. See the thing is, now that it is understood how to bypass AACS through the volume key, AACS could in fact keep revoking keys until they're blue in the face, but the process of extracting the volume key is already known, so it makes no difference.

    Also, let me point out, I haven't read the code in its' entirety yet, but if I understand correctly, the volume key crack should actually be immune to key revokation, based on my understanding of AACS, key revokation should only effect device ids and once a method of extracting a volume ID is known, the revokation mechanism just no longer matters.

    Of course, I'd also like to point out what others have already said. If a program exists that can read the data and decrypt it, then it's 100% obvious that the program can be reverse engineered. This is not an opinion, it's fact. I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

    bypassing hardware dongles requires that you reverse engineer the driver to the dongle, this is just plain easy, all you need to do is find a disassembler that can handle the format, or if it's a kernel mode driver, then you just use a kernel mode debugger... not an issue. when you locate where the driver is being attached to from the program itself, then you just emulate the hooks. Even the most advanced dongles are easy to hack this way.

    FlexLM... well... come on... this one is just so easy it's not worth talking about

    Trial Periods... they can vary... depends on how obscure people want to make the code. But for the most part, they're not that hard. For example, I found a function reference in a DLL on PcAnyware (don't remember the version) called "TimeBomb()" which returned a boolean value. Not really that hard huh?

    As for HD-DVD and BluRay... if all else fails, run the player (really really slow) through an emulator like QEmu and trap all IDE calls. Log the previous 1000 instructions run before the hook and then log until the first picture comes up. Then just review the log and read the source code left in the log. Hardest part is making it pretty enough to read... but if it means that much to you... well no problem.

    - So... in brief... copyprotection is just a joke... laugh at it!

  8. Re:i'm not so sure... by Sique · · Score: 3, Interesting

    The same story happened to me. At first I bought an expensive Sony DVD player just to notice that this doesn't play anything beside music CDs and DVDs correctly encoded. Then it took longer and longer to recognize slightly scratched DVDs (I have little children, so DVDs get scratched very easily), and finally it didn't recognize any of the DVDs my children liked to watch.

    So I missed my parental opportunity to reduce the media consum of my children, went to an online shop and ordered the cheapest DVD player I could get for a mere 30 EUR (at the time just US$25), and - oh wonder! - all the scratched DVDs play again, additionally the DVDs my wellmeaning sister-in-law brought from the U.S., which didn't play before, and I can also look at the burned CD with all my family pictures, play MP3 CDs...

    The expensive DVD player from Sony now sits in the kitchen and occasionally plays a normal music CD, when there is nothing in the FM worth listening to.

    --
    .sig: Sique *sigh*
  9. ps3 cell folding pirates by cheekyboy · · Score: 4, Interesting

    Someone just has to write a ps3 cell code to do the key guessing just like folding@home, 100,000 pirates, and whammo, it would be cracked really fast , maybe 24hrs. Ironically, that the device player to
    make bluray popular could be used to actually crack the keys the fastest.

    --
    Liberty freedom are no1, not dicks in suits.
  10. Re:i'm not so sure... by RalphSleigh · · Score: 3, Interesting

    I am pretty sure this does not even work on regular dvds because the area that contains the CSS keys is unwritiable on blank dvds.

    --
    Come as you are, do what you must, be who you will.
  11. Re:i'm not so sure... by Technician · · Score: 4, Interesting

    so you only have to make the time cost of copying high enough to make the legal offering more attractive.

    Unfortunately, high prices and the lack of working copies/backups makes the legal offerings un-attractive for many. I have kids. I have cases that used to contain working DVD's. Lack of backups is a problem. I'm moving to a Linux Media Center PC. This new format is incompatible. A media server is a much better solution for most families than a shelf of out of order/broken/lost DVD's. The inability to make a backup/working copy is a crime. DVD's in the home make as much sense as a CD player tethered to your iPod instead of a hard drive. Kids don't take CD cases to school anymore. They know they get stolen, lost, broken, etc. They rip the CD's at home and load them on their iPod with the originals safely stored away.

    SONY Dreamworks doesn't get it. I bought Open Season. It has some copy protection on it besides CSS. Guess which film won't be in the Media Center? Guess which brand I'm not buying in the future? Chances are that title won't be watched much simply because it's inconvienent. It's like copy protection on CD's. The kids have iPods. They rip their CD's. CD's that don't work are remembered. That artist and label get a critical review on their next release. Kids instead of buying CD's they can't use, look elsewhere such as P-P and sneakernet. Copy protection (Defective product) sends buying consumers elsewhere.

    I remember what CD's and DVD's can't be ripped and who put them out.

    Since I did buy Open Season, I will be looking for an already ripped copy or a solution to rip it myself. So far, the rip it myself solutions seem to be mostly commercial offerings.

    --
    The truth shall set you free!