Slashdot Mirror
New AACS Crack Called "Undefeatable"
Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."
Blu-ray will be effected too, since it uses AACS. Of course, Blu-ray has an added layer of protection which they've never actually used before. This will prompt Sony to tout Blu-ray to studios as a solution to the crack. It will also prompt Sony to cry when, exactly 5 minutes after it's first used, a hacker cracks it too.
SJW: Someone who has run out of real oppression, and has to fake it.
Basically this crack relies on using a Microsoft HD-DVD drive for the XBox 360, with a special firmware patch (which requires you to remove the firmware chip, flash it, and then solder it back in). With a hacked drive, you can apparently get the Volume ID, which is one of the parameters used in the encryption, directly off of the disc. Normally the Volume ID isn't passed to the host computer, I think.
Anyway, in the bizarro-world that the people who write DRM systems inhabit, I think that this will probably just push them to make the drives harder to "tamper" with; I fully expect that they'll eventually just pot the circuit boards in epoxy or something, to keep you from desoldering the chips.
So if you're interested in this stuff, you might as well go out and get one of the MS drives or other first-gen drives, because I suspect the hacking possibilities may decrease over time; it's going to be these early drives which are the most hackable.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
For a real laugh, check-out the formerly-known-as Secret Number as Photoshop art. My personal favorite is #12. The funniest part of all was as I went through the list, an animated ad for Blu-Ray high-definition movie playback popped in after image #9. It doesn't get better than that!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You're missing the point here. Everybody doesn't have to do this. One person does this and posts Volume Keys for each new release, allowing everyone else to simply decode with the volume key. If this truly can't be revoked, then it doesn't matter it they make it inaccessible tomorrow. Not until every existing modded player breaks beyond repair would it be secure again.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
i wonder why they didnt use a zero knowledge protocol http://en.wikipedia.org/wiki/Zero-knowledge_proof to defend them disks, bundling the keys with the cds is only delaying the inevitable
I've always had my personal favorite...c id=11170090
http://linux.slashdot.org/comments.pl?sid=133782&
The article is a little old, the links to the doom9 forum go to posts from early last month. Within a few days of those posts, there was a link to xboxhackers where they were able to accomplish the same thing without having to patch the firmware, ie, no desoldering.
That's pretty interesting. (In TFA the [hack|crack]er is quoted as saying that one of their goals is to eventually be able to pull the Volume Unique Key from the drive without a hardware hack, but he made it seem pretty far off.) I didn't know they had gotten to that point already.
Slightly OT: I'm really hoping that someone will write up a good introduction to how AACS works, in semi-layman's terms. I've read the official AACS documentation (as much of it is public, anyway) and it's not the easiest thing in the world to get your head around, if it's not your field already. It's obvious these Doom9 guys know their shit, but it would be nice if somebody made some documentation just so the rest of us know what the hell is going on; AACS has so many keys and keyblocks and keys-within-keys-within-keys that I'm never quite clear what exactly they've cracked, or which key is required to read the actual content without any other intervention from the player.
It would really be good if Wikipedia handled that, but right now the AACS article is just a lot of news-bites about the progress of the hacking, and it's very light on the technical stuff (and it's currently locked due to some pissing contest or other).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I own 2 legitimately, untampered-with DVD players, several computers with DVD drives, and an old XBox. When I rent or purchase a DVD that I am unable to play on any of these devices, nothing makes me more livid (especially when I'm already moody because I'm hungry and planned to eat while watching the DVD). It's actually to the point now where I look at the back of the DVD to see who the publisher is before renting or purchasing it, because I've found my devices especially have trouble with Sony DVDs, of course. I've never even made a copy of a DVD or pirated any DVDs, but I can honestly say that as it becomes more painful for me to legitimately watch my DVDs, I will eventually be driven to circumvent their DRM entirely as that would be less painful of a process. It just pisses me off, but there are some movies I would really enjoy watching and owning a legitimate copy of, but I simply won't spend a penny of mine if Sony's name is on it. Furthermore, Sony's BS about hardware manufacturers needing to keep up-to-date with their latest DRM mechanisms doesn't bode well either - I'm not replacing any of these devices which work perfectly fine with the exception of their purposely fouled media.
When you have access to the replay hardware, no "encryption" can ever be secure.
Exactly!
Software has long been sold as a license transaction, not a physical item or intellectual property transaction.
Entertainment products are still treated as physical items, when really the manufacturer would prefer it be a license but without the right to back up the "software". By keeping the distinction fuzzy, the argument can be left unresolved.
Because of this, my biggest fear with all the fires stoked by the *AA orgs is not that they actually expect to be able stop casual or large-scale copying, but that they keep the argument alive long enough to scream that it can't be stopped. Then they say that because of that, they should be subsidized by taxes on blank media (like what happened with DAT or what happens now with blank discs in Canada). In essence, control the argument so that your point can't be refuted, then say the problem is endemic and find a "solution" that generates revenue but still leaves you with your original "problem" that can be trotted out anytime someone raises a valid point about your original argument.
There is no practical insulating material that is also a good conductor of heat. Electrical insulators are always pretty good thermal insulators. Of course, nobody says you couldn't embed a metal slug into the epoxy -- that's how we cool chips. There is also no good reason to encase the whole board. A much simpler solution would be to integrate the decryption hardware into one chip, and encrypt the firmware or put it inside the chip. Not much of a chance of anyone cracking that.
I wonder why the HD-DVD people don't get together with the satellite people? Satellite TV is extremely secure and has never really been cracked successfully. Most cracks involve emulating a smartcard, which is easy since the smartcards still use early 80s technology. Even then, nobody has really done a crack that wasn't fixed within a week.
Millions of people have experienced DRM and are most likely annoyed by it. Ever watched a DVD with unskippable adverts? Or unskippable anything? This is due to the DRM in DVDs. People know what DRM is like, but they don't know what it's called.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
"I thought the *real* pirates where the guys who were doing bit for bit copies of the disks, encryption and all, so they could sell them? Cracks mean nothing in that context."
Nope, trading HD-DVD movies via BitTorrent with links you found on The Pirate Bay is piracy, too. The relevant definition of "pirate" is pretty broad -- dictionary.com has it as "a person who uses or reproduces the work or invention of another without authorization." Nothing about how it's copied, how it's distributed, or whether it's sold.
My unsolicited advice is not to worry too much about others' perception of your actions; I don't think there's a need to call sellers of pirated DVDs "real pirates" to justify your own piracy. If you enjoy using cracking software to create "back ups" to share, or if you enjoy torrenting HD-DVDs, then don't sweat it. All that matters is your own moral compass, and not some arbitrary third person's. Enjoy your movies, and enjoy the money you've saved.
Sitting in my day care, the art is decopainted.
If I were a studio, I would ask for some sort of guarantee the protection would not be crackable easily. Like a financial penalty if the format is cracked within __ years of its release. Maybe Sony would work a little harder at their DRM if they had to pay out the nose for being flimsy.