Slashdot Mirror

← Back to Stories (view on slashdot.org)

New AACS Crack Called "Undefeatable"

Posted by kdawson on from the go-ahead-revoke-all-the-keys dept.

Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."

6 of 554 comments (clear)

  1. Re:Get 'em while you can by dave420 · · Score: 5, Informative

    This crack relies on just one person having one of these cracked drives, and using it to expose weaknesses that can be exploited on non-cracked hardware running custom software. Whether MS took these drives off the shelf tomorrow or not, it doesn't matter. The fact at least one cracked drive exists out there, in the hands of people looking to circumvent the DRM, means this crack can't be stopped. Us normal non-firmware-hacking types will have to wait for where this current hack takes us, as this is the first step to getting an unrevokable crack in the hands of johhny-no-soldering-iron.

  2. Re:At what point... by metamatic · · Score: 5, Informative

    Certainly the movie studios are obnoxiously attempting to prevent format-shifting, in order to sell you the same movie twice. But that doesn't mean they are violating any of your rights.

    Wrong. See USC title 17 sections 107 thru 109.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  3. Re:Didn't know they were there yet (mod parent up) by mhall119 · · Score: 5, Informative

    http://forum.doom9.org/showthread.php?p=987050#pos t987050

    Strangely, this was announced April 9th, while the article was published April 15th.

    --
    http://www.mhall119.com
  4. The Volume ID is just one piece by pjrc · · Score: 5, Informative

    Reading the slashdot summary, and even the article itself, you may not realize that the Volume ID is just one piece of the puzzle.

    The Volume ID is a small bit of data that's stored partially in the lead-in section, and partially in some other non-data area physically on the disc (which I don't fully understand, and apparently isn't available in the public HD-DVD documentation and is only available under NDA). Compliant drives only read and provide the volume ID after completing a cryptographic handshake, which hasn't been broken yet. So now they've made a firmware patch so the drive reads the Volume ID without authorization, without going through the as-yet-uncracked crpyto authorization process.

    The purpose of the Volume ID is to prevent copying a disc by simply copying all its data. Because the Volume ID isn't stored within the data sectors, it can't be read normally. Well, that is, without impersonating the software (which hasn't been accomplished yet), or without a modified drive that doesn't require the software to authenticate before reading and returning the data.

    That's all. Just one piece, not a full crack of AACS.

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  5. Incorrect summary once again by sat1308 · · Score: 5, Informative

    I have mod points, but what the heck. The slashdot editors strike again - posting stories without checking their facts. I've been following this since the muslix64 hack, so I do know what I'm talking about. I'm quoting the 'hacker' (arnezami - great guy) mentioned in the Ars Technica article:

    QUOTE - Original post

    In order to decrypt a disc you need the keys the content is encrypted with. These we usually refer to as Volume Unique Keys (although technically VUKs give Title Keys which are used to decrypt the content but this amounts to the same thing). What is important is that VUKs cannot be revoked. In other words: once we have a VUK for a disc then the AACS decryption-protection is broken for that disc. AACS cannot undo this.

    So how can we get VUKs?

    There are several ways to get VUKs for discs. But none of them are permanent solutions for retrieving all VUKs for all discs (released in the future).

    * Get the VUKs out of "old" versions of a Software Player * Get a Volume ID (unique per movie) and a Processing Key (unique per Media Key Block version) and calculate the VUK.

    The first method will expire quickly: we can now use WinDVD to retrieve VUKs out of its memory. But when new discs come out they won't work with this old version of WinDVD so you would have to install a new version. Therefore making this method obsolete for new discs.

    The second method requires not one piece of information (like taking a single VUK out of the memory of WinDVD) but two pieces of information. We have several techniques now for a drive to reveal the Volume ID of a disc. So this part of the method is permanent. However the Processing Key will change every time they change to a new MKB version. And since we also need this second piece of information to calculate a VUK for a disc we always need to get the new Processing Key out of some player (whether its a Software Player or a standalone). The Processing Key (or better a Device Key) is very powerful though: if found it makes it possible to decrypt all discs released so far (assuming we can also retrieve the Volume IDs of those discs).

    UNQUOTE

    Moral of the story: We still need the processing key and that can be changed by the AACS, or by the abuse of language, "revoked". So the new AACS Crack is not "Undefeatable".

    The only development since the time this article was written is that the firmware doesn't need to be changed anymore for the drive to reveal the VolumeID. There are some standard commands which get the job done.

  6. Re:Got it! by Shemmie · · Score: 5, Informative

    Preferences > Comments > Reason Modifier.
    -5 Funny.
    There you go.