Slashdot Mirror
AACS Cracked Again
EmTeedee sends us to a blog post for a summary of the latest results in cracking AACS, from the Doom9 forums (as the earlier cracks have been) — after the DVD Security Group said it had patched the previous flaws. From the DLTV blog: "This time the target was the Xbox 360 HD DVD add on. Geremia on Doom9 forums has started a thread on how he has obtained the Volume ID without AACS authentication. With the aid of others like Arnezami they have managed to patch the Xbox 360 HD DVD add on... It appears that XT5 has released [an] application that allows the Volume ID to be read without the need to rewrite the firmware. This would mean that anyone could simply plug in the HD DVD drive and obtain the Volume ID from any HD DVD without the hassle of flashing it."
When will these stuffed suits learn that the more they try to limit people, the more people will fight those limitations?
You say you want a revolution....
It seems that the /. crowd, and the tech industry in general, knew well before AACS was ever released that it would be a flop. We knew it would do nothing to prevent disks from being copied, we knew it would do nothing but hurt the consumer, and we knew it was an utter waste of money.
Yet the movie industry pushed forward, and look where it got them... exactly where we said it would, nowhere.
I can't wait until they realize that it's not worth it, and just stop concerning themselves with copy-protecting their media and instead focus on creating good movies.
Sometimes the best solution is to stop wasting time looking for an easy solution.
That's kinda my point... there is still ton's of money to be made without need for this DRM BS. They will never just pack it in and stop making movies.
However they do love to make it sound like DRM is essential for there to be any money in producing movies.
Sometimes the best solution is to stop wasting time looking for an easy solution.
While I think everybody has been making good points so far, you have to remember that in the long term copy protection is actually winning. While these measures might be meant in name to stop piracy, their true value is in taking out fair use as collateral damage. The goal of DRM is not to stop piracy, but to make it difficult enough that Joe User will not be able to convert or make backups through a point and click interface. If this copy protection has done that, then it is making them money.... shame all it does is hurt the people who legitimately buy their products.
It's not the fault of the MPAA directly. It's the fundamental flaw of DRM.
Encryption works because parties A and B exchange data that is encrypted with a key that party C does not have. In the case of DRM, you have the encrypted data and you have the keys that you need to decrypt and view the data. You are in essence parties B and C. They hide the key from you in the players and software, but it's there if you know how to find it. That's why DRM can and will never work. It's security through obscurity.
I have this mental image of a guy in overalls hauling boxes and boxes of patched DVDs out to the truck, looking up at the news-monitor in the shipping yard, and just a single tear falling.
Hmm.. I'd think he'd smile tho. nice job security for a while.
Actually.. that was disproved on Mythbusters.. you _can_ teach an old dog new tricks.
Maybe there's still hope for the MPAA... *cough*
The problem with what you describe is that the hacking groups are basically engaged in a (friendly?) competition with each other. All the hacker groups know that any copy-protection will eventually be broken, but "the fun" is in trying to do it *first*. So if one group kept quiet and tried to amass a bunch of cool hacks, they would be "beat" by another group who releases news that they've cracked device X or extracted title key Y. No matter how quiet some hacker groups decide to be, there will always be other groups who don't want to stay quiet. Hence there's no point in trying to keep it secret. If you've got a crack, you may as well take credit for it right away.
Add to this the fact that hacking these devices in general will go much faster if everyone shares what information they've obtained thus far (e.g. the open source philosophy). This also avoids wasted effort on duplicate hacks. For better or worse, it's a fact of life that these cracks will come early and often.
(Note: All of the above is pure speculation. If any of the members of said groups wish to clarify their motivations for releasing hacks early and often, please do so!)
After reading the first sentence I thought someone was making a good point, but the signature line negates it.
Keep cracking DRM schemes and all you'll get are more laws aimed at stopping you, more vigorous enforcement, and more DRM integrated into your hardware.
Stop buying DRM'd content in the first place and maybe you'll get somewhere.
"Sacrifice for the good of The State" - The State
When will they ever learn? What they can conceive, we can circumvent. Either the MPAA/RIAA will bow to consumer demand by (providing content at a much lower price) or they might as well close up shop. Really now, do actors need to be making 12 million dollars for a film? I think not. Likewise, start at the corporate top, and start making salary cuts at the CEO-level.
There's no "secret sauce" involved in making a movie; it's just very, very expensive,
no it's not. having overpaid prima donna union actors, union workers and extravagent locations, props and lunches IS expensive. making a killer good movie IS NOT expensive.
go watch El Marachi. It's better than most everything made at Hollywierd and was less than the cost of a cheap car.
a crapload of great movies are made for dirt.
Do not look at laser with remaining good eye.
This is some sweet hacking.
How ironic that we need to hack hardware that we ourselves own.
I think TV killed the movie industry. A traditional movie is a dinosaur compared to TV. The level of character and plot development in a single season of a one hour drama is so much greater than a single two hour movie can provide. If the Sopranos were a movie franchise, we'd be on maybe the third or fourth movie - roughly equivalent to 6 or 8 TV episodes. It seems like movies compensate for the lack of character and plot development by using gimmicks or bigger explosions.
I'm not a Troll, it's reverse psychology.
After reading the first sentence I thought someone was making a good point, but the signature line negates it.
My signature or the GP's?
Anyway, I think it's important to work on both fronts. First, I agree that the best bet is just to not purchase anything that's DRMed at all. But since that means basically bowing out of a large portion of our culture -- I mean, no late-model VCRs (macrovision) or tapes, no DVD players or discs, no TiVO -- I think you're going to have trouble getting enough people to follow you to make it significant. There's no point in throwing yourself in front of a tank if they're just going to run over you and nobody else is going to notice or care.
Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do, and who are more profitable as a result.
The major remaining problem is that the entertainment industry in particular has so much political influence that it's going to require a lot of vigilance and advocacy to keep them from trying to use the law to buoy themselves as they start to sink -- or barring that, pull everyone else down with them. We haven't had much luck in this in the past, hence we've seen the AHRA, the DMCA, and lately the Mickey Mouse Protection Act go through. But if we can keep the visibility of their actions high -- which is aided by putting pressure on them and forcing them to be more and more outlandish and openly anti-consumer -- while at the same time denying them revenue by boycotting DRMed products and sucking their revenue through a guerrilla campaign against the DRM systems themselves, they'll eventually be forced to quit.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
There are plenty of entertainment options. You can watch regular TV, videos on YouTube or just take a walk in the park. Why go out of the way to patronize people who are not willing to serve content the way you like it?
>The quality/budget ratio of independent films lends credence to this theory.
I'm not trying to be snide here, but I suspect you haven't seen very many independent films. Most of them *suck* *incredibly*, but the very best 0.1% are quite good indeed, competitive with the best stuff coming out of Hollywood. I think it's something like a Boltzmann distribution -- Hollywood has a very steep curve, so there's not a lot of difference between their very best movies and their worst. Bollywood's best are about as good, but their worst are much worse. Chinese films, at their best, are superb, but the worst ones I've seen have been nearly unwatcheable. Then you go to an independent film competition -- I'm not talking Sundance, I'm talking some local art scene competition -- and you begin thinking to yourself "I'd pay $30 to not have to watch the rest of this."
Money doesn't guarantee a movie will be good, but it does heavily indicate the movie won't be appallingly bad.
Nostalgia's not what it used to be.
I've heard that a lot and it does make sense to me that it would be a fundamental flaw if it was true. Unfortunately it's not. You're not both parties B and C. Your media player is party B, and it's responsible for showing (but not giving you a copy of) the unencrypted content to party C.
In terms of standard encryption, that's like you sending an encrypted file to me, with the understanding that Joe is in the room with me and will also see it on my monitor. I don't have to give the encryption key to show Joe what you sent me. I use my key, display the contents on my monitor, Joe sees it. He can take a picture, film it or whatever, but he can't get a perfect digital copy unless I allow him to get one.
Unfortunately, I do think we're getting close to unbreakable DRM. You can and will always be able to set up a camcorder on your living room and record the unencrypted content the player is showing you. Unfortunately, I think getting perfect digital copies will be a thing of the past until we have legislation to specifically protect our rights.
Warning: Opinions known to be heavily biased.
It's like saying "making software is expensive". Well, its as expensive as you want to make it. If you find programmers who want to make the software for free in their spare time, using free tools, then it's very cheap. If the programmers want to get paid $100 an hour, and want to use tools that cost $5000, then it is expensive to write software. All it takes to write software is time and a cheap computer. All it takes to make a movie is time and a video camera.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
"Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do, and who are more profitable as a result."
You're missing the point. You touch on it when you say "... the piracy that it allegedly prevents", but you make an argument about making it more expensive than they're allegedly losing to piracy.
They know they're not losing as much as they claim they are. The claims are just for the legislators. The point of DRM is not to stop piracy, but to monetize things that used to be free. Not even 'fair use', simply free, completely. You'll buy a movie, and you'll only be able to watch it on your main TV. If you want to watch it in your car, you'll have to pay for the privilege. If you want to watch it on your computer, pay them again. If you want to make a copy of it, well, too bad.
You won't make it more expensive. Reason #1: Part of the cost is being swallowed by Intel and AMD(And AMD/ATI and nVidia. And seagate and western digital. And Microsoft and Intervideo.)
Reason #2: they'll likely be able to DOUBLE if not TRIPLE their revenues by selling you playback rights you used to get for free. It won't be immediate, but they plan to grow their revenue as people become accustomed to paying for extra 'conveniences' with their DVDs.
Thanks for playing. Try again later.
Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do, and who are more profitable as a result.
... (maybe repeat a couple of more times)
You are missing some key alternatives. I agree DRM will be a continual cost center, but for companies, the real issue is how much does it cost, *to them*? If hackers keep breaking DRM, the companies won't continue to burn millions of dollars into generating new DRM if there is a cheaper alternative -- and likely alternatives are:
1. Lobby Congress to pass additional laws (such as the DMCA) protecting their "intellectual property rights", as well as their business model.
2. Lobby Congress/FBI/enforcement agencies to crack down on those who crack the DRM, making it much more risky & costly to for hackers.
With option 1, they could effectively remove any threat of competition by a company distributing non-DRM material by lobbying Congress to pass laws that effectively require DRM on any commercial content distribution. And I have faith they'd be able to find ways to be able to do this and sell it to Congress in a palatable manner.
With option 2, we've already seen some of this with the RIAA. While there will always be hackers to break the codes, it won't mean much to the movie companies if those codes only remain broken in some foreign lab or parent's basement. It's not until such utilities or methods become more widespread that it causes harm to the movie companies, and for that to happen there have to be people out there looking for it. If you put enough fear into people, they won't go looking for it, and generating fear is comparatively cheap. Of course they have to be careful to not take it too far and generate a backlash, but a few rounds of DRM cracking and they'll have a good enough history.
Think about this scenario --
Movie industry introduces new DRM (probably knowing it'd be broken eventually)
Hackers break it
Movie industry introduces fix to DRM
Hackers break it
Movie industry goes to Congress -- "Look, we tried to put in strong technological protections, but these hackers just keep breaking it! We've tried multiple times, and they are relentless. We need your help tracking these people down and persecuting them, to make an example to dissuade others"
Movie industry pours a couple of million into re-election campaigns
Congress passes laws / supports resolutions to "crack down" on hackers
FBI busts a few people and prosecutes them very publicly, which generates a "chilling effect" on the general public related to "hacking" movies.
If someone really wanted to hurt the AACS system they would find and release the playback keys for the top 10 standalone players preferably after one of the formats has achieved success. If the top 10 players suddenly couldn't play the discs anymore and a lot of people had the players, the difficulty in reflashing all those players by the common public would either hurt sales SEVERELY or cause them to not revoke the players for fear of the damage it would do to the reputation of the hi def format.
So if you really want to hurt them, pull out your soldering iron and pull those keys from the standalone players.
Money doesn't guarantee a movie will be good, but it does heavily indicate the movie won't be appallingly bad.
Except for Van Helsing. Sadly, I watched the entire thing because of a promise - trying to disprove a comment of "this movie has no redeeming value whatsoever"; I didn't think it was possible to spend $200 million and not have SOMETHING worth seeing.
I spent the last 90 minutes of that atrocity thinking up unique and interesting ways to gouge out my eyeballs.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I know what your saying and I agree with it, but having the legal right to make a copy doesn't mean that they don't have the right to try and stop you.
Actually if you were to follow the spirit of copyright law, they do not have that right at all.
After a certain time (Despite the fact right now its 100 years after the death of the copyright holder) their work MUST enter the public domain. That is the cost and price of getting a copyright on the work in the first place.
If they do not wish to pay the costs involved with getting a copyright, then I do not wish to grant them the rights a copyright would give. It's as simple as that.
Before DRM, it was morally tricky to assume that they had no intent to pay for their copyright by putting it in the public domain later. Unless you can see the future, there's no way to know for sure ahead of time.
DRM is exactly the proof that they have no intention to play by the spirit of copyright however, so they do not deserve a limited monopoly over distribution from the start.
If the public can not benifit from their creation, screw them, nether can they.
Meanwhile, the fat cat manger receives the report on how much it cost, a single tear is about to fall, as he thinks he can only buy 3 new yachts this year instead of 5, but then he remembers that actually, he can just shift the blame onto someone else and so still get his $20 million bonus, then he remembers how he would get it anyway even if he didn't fuck up. Then he cuts all all the cleaning staff's pay to make up part of the loss and he gets an even bigger bonus and can buy 7 yachts.
Then all the shareholders get their dividend report, all start crying uncontrollably as they realise their investment is paying out worse than a Scotsman on comic relief night. However instead of doing something like kicking out the board, they bleat along to the tune, The Haaaaaackers did it, BAAAAAAAAAAD hackers. Cut to fat cat manager, takes a break from Scrooge McDucking it in his pool of money and he cuts pensions and healthcare for all shipping and logistics staff. Cut back to original guy, who has to spend all his overtime money on buying his kid new braces, .
Meanwhile, the government outlaws, fair use, free speech, free thought, freedom, etc.
Capitalism at it's finest.
What if Tetris was invented by Nazis?
A more cynical view would be that character development is cheaper than action on a per-minute basis. A TV show that has to fill twenty-odd forty minute slots in a year must spend time with the characters to make budget.
Additionally, the survival of a TV show requires repeat business on a scale of weeks. Character is the only consistent way to archive this. (I think Heroes is doing a terrific job of leveraging character and plot to keep me tuning in.)
-Peter
Dear Mr HaveNoTaste,
There's many great movies without explosions. In fact most of the action packed movies with no dialogue except one line meat heads, sci-fi that's nothing but action with lasers, romance that's nothing more than repetition of Wedding Crasher, Meet the Fockers, and some crap with J Lo in it over and over again, all the CGI laden movies, with huge acting names in them.. tend to be really flat movies. They have no feeling, no passion, crap stories, crap dialogoue.
But ooh ooh.. look! Explosions! zomg. that's so cool.
Amazing movies were made on shoestring budgets. And not just cult classics. 12 Angry Men anyone? To Kill a Mocking Bird? These didn't exactly cost a fortune.Actors are overpaid, and Hollywood is too scared to try ideas that aren't sure things.
Sure we could have another 20 movies with Will Farrell or Ben Stiller in them, but I could really give a crap. Rodriguez and Tarintino could've made Grindhouse out of their pockets, and look how many actors and producers chipped in because they wanted to do something fun.
Movies need to get back to people who love to make them rather than these scientologiest nutbags who marry women doped up on too many prescribed pills while pregnant and not knowing who the daddy is.
...Until Joe pulls out his baseball bat and threatens to break your kneecaps if you don't give it to him.
Which is about the closest analogy I could get to "you open the player up and start analyzing its guts with a multimeter and logic probes", which you can do with a media player, legally, with easily available tools and a moderate knowledge of electronics.
So yes, in fact, for all intents and purposes, you are both Bob and Carol, given a reasonable amount of time.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
For sure. If I was working on cracks for this sort of thing, and I had an agenda, I would sit on any new break as long as the current ones were still working. Then once they expend the effort to patch the current ones, you have some new ones ready the next day. Release a crack early and you give the up the game by letting them counterattack all of your positions at once. :)
Why spend millions on AACS when other DRM would work?
Two reasons: 1 - Because if it's an existing scheme, SOMEONE owns it and likely it isn't the people inventing the new standard, nor can they charge "new technology" prices on the encoding/decoding hardware. You can't really go to a mfg and tell them they have to buy the same chips they've been buying for 10 years and tell them they cost more now. No, these are new chips. See the new logo?
And 2 - Because you need to give the content creators a reason to prefer your technology, enough to get them to make the initial investment in it. "It's way harder to pirate this movie. It's HD-DVD! Encryption the likes of which has never been seen. So will you use it to stop those big scary pirates?"
Hell of a sales pitch to a dying, scared industry.
Eloquently stated, and clearly thoroughly researched.
USB/Firewire is a little different than DVD technology. With Firewire, you're paying to be part of a logo consortium. You guarantee that your product will work according to their standards and you pay them a bit of money. In exchange you get to put the "Firewire" logo on your stuff. Same goes for bluetooth, and for USB. But that's because no one company controls these. They're consortia and operate differently.
But how do you suppose they enforce that payment? It's very easy to see if someone's put your logo on their product. How do you know if they used your chips or someone else's? How do you sell them multi-million dollar encryption hardware if they could just go without it? You make it required to read the discs. You could produce a non-AACS compliant HD-DVD player. But it wouldn't play commercial movies.
The purpose is for Sony or Toshiba/NEC to control who can MAKE their standard's players, recorders, and authoring hardware. It's use as a copy-protection scheme is secondary.