Slashdot Mirror
New AACS Crack Called "Undefeatable"
Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."
a fitting quote might be:-
"what physical science can devise and synthesize, physical science can analyse and duplicate" - e. e. doc smith (one of my favorite authors).
sorry almost forgot the obligatory 09F911029D74E35BD84156C5635688C0!
I think that this will probably just push them to make the drives harder to "tamper" with; I fully expect that they'll eventually just pot the circuit boards in epoxy or something, to keep you from desoldering the chips.
that did not even slow me down in the 80's and early 90's with the VideoCipher II boards. After 1 week we found a easy way to "unpot" the board and continue on.
I personally hope they try it, it will be amusic to watch their attempts fail as they try things that early hackers defeated decades ago.
Do not look at laser with remaining good eye.
The article is a little old, the links to the doom9 forum go to posts from early last month. Within a few days of those posts, there was a link to xboxhackers where they were able to accomplish the same thing without having to patch the firmware, ie, no desoldering.
http://www.mhall119.com
HandBrake is your friend.
With the size of today's hard drives, carrying around physical DVDs to watch on one's Powerbook just seems silly. Rip 'em (I personally think most movies look fine using MPEG-4 2-pass, target size of 700MB) and chuck 'em on your hard drive; uses a lot less battery power and it's one less thing to have to keep in your laptop bag.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This crack relies on just one person having one of these cracked drives, and using it to expose weaknesses that can be exploited on non-cracked hardware running custom software. Whether MS took these drives off the shelf tomorrow or not, it doesn't matter. The fact at least one cracked drive exists out there, in the hands of people looking to circumvent the DRM, means this crack can't be stopped. Us normal non-firmware-hacking types will have to wait for where this current hack takes us, as this is the first step to getting an unrevokable crack in the hands of johhny-no-soldering-iron.
Sony's probably really happy about it, actually. If they can show that HD-DVD is worthless, studios will drop it in favor of the far more DRM-heavy Blu-Ray.
There are things that Blu-Ray could use (they're in the spec) but possibly aren't at the moment.
Basically, HD-DVD only has AACS to protect it. It doesn't have region coding (yet?) or other crap that just didn't work on DVD (someone at the DVD Forum saw the writing on the wall for region codes and just didn't put them in for HD-DVD). Every HD-DVD/DVD combo has the Region 1 logo, followed by "DVD Only" - implying that the region code is strictly for the DVD part. Same goes on the HD-DVD player - Region 1 logo, "DVD Only".
Blu-Ray has the BD+ protection, plus something they call ROM Mark. And of course, region codes. Though, Sony at least tried to be reasonable, and instead of the 9-odd regions of DVD, they reduced it to 3. ROM Mark protection basically says every Blu-Ray disc has to have a fingerprint that tells the type of the disc, and who pressed it. So if a flood of pressed Blu-Ray discs come out, the Blu-Ray association can find out who pressed it, pull their license and shut them down. (And discs without said mark... just don't work). It also keeps stuff like movies from being played if they're on the wrong medium (e.g., BD-R).
Blu-Ray is far more technologically advanced (25GB/layer) than HD-DVD, however, the latter makes use of existing DVD production lines (trivial upgrade, which is why HD-DVD/DVD flipper discs are around), and uses lessons learned about DVDs to produce a better product (like the uselessness of region coding). I suspect that the DVD production tools also underwent just minor changes (support for new codecs and JavaScript) since the HD-DVD releases seem to be of better quality despite the fact that they're 20GB smaller (dual layer BD vs. dual layer HD-DVD) to fit the data... (extras and everything).
Wrong. See USC title 17 sections 107 thru 109.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
http://forum.doom9.org/showthread.php?p=987050#pos t987050
Strangely, this was announced April 9th, while the article was published April 15th.
http://www.mhall119.com
Well, because DVDs (HDDVDs, BlueRay Discs) don't execute Logic, they have no CPU, they just contain data. There is no way you do zero knowledge with a dead disc, you need something that can think, or calculate. Some discreet entity you control, like a smartcard. Or a HD-DVD drive.
And then somebody cracks it.
Reading the slashdot summary, and even the article itself, you may not realize that the Volume ID is just one piece of the puzzle.
The Volume ID is a small bit of data that's stored partially in the lead-in section, and partially in some other non-data area physically on the disc (which I don't fully understand, and apparently isn't available in the public HD-DVD documentation and is only available under NDA). Compliant drives only read and provide the volume ID after completing a cryptographic handshake, which hasn't been broken yet. So now they've made a firmware patch so the drive reads the Volume ID without authorization, without going through the as-yet-uncracked crpyto authorization process.
The purpose of the Volume ID is to prevent copying a disc by simply copying all its data. Because the Volume ID isn't stored within the data sectors, it can't be read normally. Well, that is, without impersonating the software (which hasn't been accomplished yet), or without a modified drive that doesn't require the software to authenticate before reading and returning the data.
That's all. Just one piece, not a full crack of AACS.
PJRC: Electronic Projects, 8051 Microcontroller Tools
I have mod points, but what the heck. The slashdot editors strike again - posting stories without checking their facts. I've been following this since the muslix64 hack, so I do know what I'm talking about. I'm quoting the 'hacker' (arnezami - great guy) mentioned in the Ars Technica article:
QUOTE - Original post
In order to decrypt a disc you need the keys the content is encrypted with. These we usually refer to as Volume Unique Keys (although technically VUKs give Title Keys which are used to decrypt the content but this amounts to the same thing). What is important is that VUKs cannot be revoked. In other words: once we have a VUK for a disc then the AACS decryption-protection is broken for that disc. AACS cannot undo this.
So how can we get VUKs?
There are several ways to get VUKs for discs. But none of them are permanent solutions for retrieving all VUKs for all discs (released in the future).
* Get the VUKs out of "old" versions of a Software Player * Get a Volume ID (unique per movie) and a Processing Key (unique per Media Key Block version) and calculate the VUK.
The first method will expire quickly: we can now use WinDVD to retrieve VUKs out of its memory. But when new discs come out they won't work with this old version of WinDVD so you would have to install a new version. Therefore making this method obsolete for new discs.
The second method requires not one piece of information (like taking a single VUK out of the memory of WinDVD) but two pieces of information. We have several techniques now for a drive to reveal the Volume ID of a disc. So this part of the method is permanent. However the Processing Key will change every time they change to a new MKB version. And since we also need this second piece of information to calculate a VUK for a disc we always need to get the new Processing Key out of some player (whether its a Software Player or a standalone). The Processing Key (or better a Device Key) is very powerful though: if found it makes it possible to decrypt all discs released so far (assuming we can also retrieve the Volume IDs of those discs).
UNQUOTE
Moral of the story: We still need the processing key and that can be changed by the AACS, or by the abuse of language, "revoked". So the new AACS Crack is not "Undefeatable".
The only development since the time this article was written is that the firmware doesn't need to be changed anymore for the drive to reveal the VolumeID. There are some standard commands which get the job done.
Sorry to disillusion you, but the Grammar Nazi was right.
effect verb - cause to happen; bring about.
affect verb - 1 make a difference to; have an effect on. 2 touch the feelings of.
(source: Compact OED, www.askoxford.com)
So 'affect' is the closest verb in meaning to the noun 'effect', which is what 'effective' is derived from. Confusing, but that's English for you.
Preferences > Comments > Reason Modifier.
-5 Funny.
There you go.