Slashdot Mirror
AACS Vows to Fight Bloggers
Jonas Wisser writes "The BBC is carrying the story that AACS has promised to take action against those who have posted the AACS crack online. Michael Ayers, chairperson of AACS, noted that the cracked key has now been revoked, and went on to say, 'Some people clearly think it's a First Amendment issue. There is no intent from us to interfere with people's right to discuss copy protection. We respect free speech.' The AACS website tells consumers how they can 'continue to enjoy content protected by AACS' by 'refreshing the encryption keys associated with their HD DVD and Blu-ray software players.'"
Actually, as I said yesterday, ignore these threats. Go out and blog. Understand that freedom of speech is NOT a government-granted freedom, it is an inherent one that all people of all citizenship must understand. The U.S. Constitution's (Bill of Rights) 1st Amendment does not say "You are free to speak," it says that Congress shall make NO LAW restricting the freedom of speech -- NO law. Discussing encryption mechanisms is free speech, and Congress shall not abridge that. As for patents and trademark and the rest, as long as you do not mimic the mechanism in your own hardware or software, you're fine, Constitutionally. As long as you do not quote verbatim the actual code used to create this mechanism, you're not violating copyright. The DMCA is unconstitional, and regardless of what Congress, the Supreme Court, the President, or any company says, it is non-binding in terms of the moral realization that Congress, and honestly no State organization, can prevent you from freely airing your opinions. You are free to talk, but no one has to listen.
From yesterday's post I made about "legal recommendations for bloggers," go out and blog. Say what you want to say. There are more of us than there are of them -- not only can they not afford to go after everyone, they can not afford to go after even a small percentage. Let some bloggers get caught, and all it will do is show other people that non-violent actions should not be criminalized or penalized.
AACS, your days are numbered. Your salaries will end. Your powers will be diminished. It won't be because of competition from another company (that you are likely in bed with, in terms of promoting the abuse of State power), it will be because millions upon millions of people will ignore you, and all you do, in trying to revoke our inherent (and in my opinion, God-given) right to speak freely amongst ourselves.
Well, he certainly has that part right. What he fails to appreciate is that he will be on the losing end of every single one of those rounds. Even as he tries to downplay the key by saying it has been revoked, AACS has already lost the second round (as hackers have created a hack that CAN'T be revoked).
Always a step behind, buddy. But feel free to keep wasting your money and pissing people off.
SJW: Someone who has run out of real oppression, and has to fake it.
RC4; Base64 Encoding; Key = "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0"
t Ds1V97iWQxx ySmgi8BdedG AsLVTLLTc0J Yg11Y576o"j Ue7R919DRxl wzs_UvVSRhh nyCcADUH6Gf GSm7HfCs_iy BTwMZnuZYLI Wn1KXh6_Rx2 q3ZzeFJD5MQ nlxHfxzWhlj P8of4TEJU0k Fg3voVVPEpn ceesWk6v0rG oYSEXQH_Bo_ qmXGJlSjF"w wPLEWhn1kzs A1_faWxcxe
mI0mUyOUE8S24UAsIVqR12Z8_P1WveIRFqpBO4FEeH_TPGuc0
QDhXbGpiERffrXz6lvQpcOFlDY_AXJWGw7f9saosuSBDj7c4e
l4APCHQIzYXETWu"xkhR4MNnw7zI_mBf5YJOLJ3DKD6wSQ6Pv
ZAPkCzunB7xarymAJEOOu0fe"tdhy"rZZY5XOSiipi6vf_84x
rPfhQQNneUX"JGXWhN3bgRIZwIOoIUu8c282MQ5_Grb6ALolI
j7cWlf2G2V467N4EjnJbR"9j_4oDCytfpkQBFX0jGOCsjRYcL
HH7DzXzB2tPz7i"L1Unvljgh05d1qoFs2N38qWugtaUMGM9RX
yUXVAbsO9ZcD33UKD80sulFF0FiSxIr4NOiRv4EZBoIU3eY1F
yi4NfhRLz3ai50dbx0CWCJwlvti_gsXgQLJrE70ihDROzdUyj
9AM2M99"s2d"hQxtoj7yTTki2M4dK3Y8_wvSyM8fp5fyyDpJW
z3W8iYIMIObDRG1H914rayBqj3EPhUDsz2NfVhjYBIxHBPgeW
saZXht6YNavXOyFLh24D84kXC4weBrJsI598yUpFhg41NB694
vZaHrMlSDxODtGlaU5rfJkODjrCr99Rr6hgQaegXnHE6Oe6iK
DwDtOw3"khTuVWYDStjRd4w2eOt2wvl24XvC3iDQBIA40uJQh
29XXEh_9hplaGD1YBw6pW2yiuyW8ifdaS4Mm7IGdH"6JMgSFg
k8"H70be7kCOdyDSLX9jLkz"4MF_LD"yaYdWopVnoryVQ9YD5
RqZmxLv2loAoM5WFs2""qGG4yATAMz9zhyuc4wMPZZLiZJhTt
pNNm045ma6vnqBdwtEE00zdjJBhBjz5VMoqPS6EZvQbwbEyiU
KJdzO7ATz47fYRWQZNWjy7Uda1P8RPnhSd2FbrL"aOegRzUX_
Azf
Javascript + Nintendo DSi = DSiCade
I don't care how hard you fight the damn cat, it's out of the bag, and it's not getting back in.
One part of the article I find funny is this:
Isn't that the point? I'm neither trying to justify nor rebuke file sharers, but think about it, man, and be practical for a change. Among those who download and share movies, who really cares about the nitty-gritty details of how keys are cracked, who all gets them, which ones get revoked, what players are and aren't affected, and so on? Most of them only care about one thing: Can I download the HD-DVD of [insert movie titles here]?
And as long as a key out there is cracked enough for the answer to that question to be "yes," the copy protection industry has lost. They can fight all they want to, but the thing is that unless they literally shut everyone down everywhere, they're doomed. As soon as one single solitary person is able to crack a key and unlock the encrypted data, all of their massive—and expensive—efforts will be in vain.
I also thought this was funny:
To Mr. Ayers, I would say this: Get real. For one thing, how many times has it been proven that your technical efforts are futile? How much more time and money are you going to waste developing something that consumers at best don't want and at worst outright resent? For another, what exactly do you plan to legally do to people who live in places where publishing the cracked keys is not illegal? As much as people like you would love to have the U.S.'s misguided laws apply to the whole world, it will never happen, and even if it did, people would still break such laws in civil disobedience.
If only they could figure out how to fight a winning battle for the hearts and minds of paying customers instead of this inevitable losing battle against people who are much, much smarter than they are, maybe everyone could be happier. This industry could sure learn a few things about the direction the music industry is headed, finally dropping DRM after realizing how useless it is.
"There is no intent from us to interfere with people's right to discuss copy protection. We respect free speech."
A comparison comes to mind here. Here's a hint, Mr. Ayers. It comes from a bull and it ain't a steak.
The hubris of thinking they can ban the mention of a number, and then turn around and say they "respect free speech", is breathtaking doublethink. Part of free speech is the right to discuss things you don't like. Part of it is the right to discuss them in as specific of terms as anyone wants. And part of it is being able to mention any number one wants to, from zero either direction to infinity. There's not a bit of respect for free speech here.
To fight the war on terror, stop being afraid.
"Read about the trusted industry names behind AACS. "
emphasis mine...
yes, intel, microsoft and sony are three of the eight on the list...
every day http://en.wikipedia.org/wiki/Special:Random
MPAA I've got your number
I need to make your HD-DVDs mine
MPAA don't change your number
86:75:30:09
The key is out there. It's too late to suppress it. Game over. The wombats have left the chicken coop!
(Wait, that's not right. What's the real metaphor?)
#include <stdio.h>
int
main (int argc, char **argv)
{
char *blah = "\x09\xf9\x11\x02"
"\x9d\x74\xe3\x5b"
"\xd8\x41\x56\xc5"
"\x63\x56\x88\xc0";
printf("Hello AACS world! Here's a bunch of completely random non-ASCII characters: %s\n", blah);
return 0;
}
I wonder if anyone has told these guys that the idea of an uncrackable DRM scheme is fundamentally flawed. Encryption is about A sending information that B can't read, but C can. In DRM, B and C are the same person.
It's good to see the pretty even-handed way the BBC have approached this whole issue. I fear most mainstream news agencies would probably side 100% with the AACS and their media buddies, not least due to commercial interests and parent company ownership reasons.
I guess its times like these when it is good that there still are some news organizations independent of the big media conglomerates.
This just might give the Chinese EDVD or EVD or whatever its called a chance.
Which would you choose; a high-def player that just requires you to put disks in, or a crazy scheme that requires your player to stay "fully patched" otherwise risk being unable to play any disks at all?
Not to mention the possibility of something going wrong in the key revocation system, and knocking out a whole line of hardware players (requiring a recall).
Pain in the ass = loose the market.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
I like how they are threatening people with the DMCA over the "09" key, while simultaneously pretending that it isn't a big deal. Maybe they should pick a consistent stance? Also, a better choice of words than "revoked" would be "stopped using", since the "09" key will work always work for any disks pressed before May, but it won't work for any disk made after then. Hm, I wonder how many titles that actually affects, maybe it isn't a big deal after all with such a tiny market :)
I didn't RTFA, but how is this anything different from everything else they're trying to do to fight copying? When they come up with a new strategy, let me know. I'll be in my room pirating every movie ever made.
if (way_of_trying_to_shut_down_pirates == "new and different")
wake me up;
else
GTFO;
We're all going to die. i intend to deserve it.
we can all 'continue to enjoy content protected by AACS' by 'refreshing the encryption keys associated with their HD DVD and Blu-ray software players.'
we can all 'continue to enjoy being ignorant slaves' by 'reaffirming our desire to be shackled.'
the audacity to think of people as so supplicant to corporate will is incredible
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I know, they should copyright the encryption key so nobody else can post it. Or maybe they could patent the process of posting encryption keys on the internet. I'm sure the USPTO would grant that one.
Let me first say, 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Secondly let me say "Bring it on you douche bags." You can't stop us all. For every 1 you take down 10 more will pop up. It's a losing battle, just accept that.
AACS: Game over, kid. You can't beat me.
Blogger: Yeah... well maybe I can't. But we can.
AACS: Give it up kid! Just give. it. up.
Ah, those crazy hacker kids.
Meta will eat itself
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Does this effect hardware players? What if you steal a key from a hardware player, can they revoke it? Will that make your hardware player useless?
Let's wait and see...:-)
There is a spark in every single flame bait point.
They make a good point: this is not about people silencing free speech. Posting the crack online is about civil disobedience against the completely unfair DMCA. It's not about copyrighting a number. It's about keeping people from legally using copyrighted material you've legally purchased. This seems to be an important point missed by most people. It's not a First Amendment issue, it's an anti-consumer issue.
Did you ever notice that *nix doesn't even cover Linux?
What, no hex09f911029d74e35bd84156c5635688c0 tag? For shame, Slashdot, for shame.
Come on people, you know how to tag this one ; )
Someone send this man a t-shirt with the key on the front and "It's not over yet!" on the back.
the **AA will not win. They do not have the resources to win it, will not have the resources to win at this game, and in the end, trying to win at IWaM(TM) will only make them look more foolish than they do now.
... did I just say secure? ooops mea culpa. The reason that MS is working so hard to ensure that you can only use genuine MS OS products is simple, they are trying to not play IWaM, and even this attempt won't work. From what I can see, people who used illegal copies of MS products before ARE turning to Linux now. Even if that is not huge numbers yet, it is happening.
The part where he says over 700,000 pages on the Internet reference the code is fscking hilarious. I want to see AACS group try to sue 700,000 people. Before they even get started there would be 1.4 million more references to it on Google. That is how the IWaM game works and exactly why they can't win. The sheer volume of people working against their worn out DRM business model will overwhelm both their resources and those of the court systems around the world.
In the US it appears that the courts are still willing to waste time on this. Other countries, not so much. Sure, if they find commercial pirates distributing DVDs for profit they will shut those operations down, but there just are not enough law enforcement resources to stop this hack, or any other.
Playing IWaM = stupid and the more you play, the more money you lose. period.
Certainly, some will be harmed, and there will be small wins for the AACS group and **AAs of the world, but in the end all their money will be gone. The DMCA was ostensibly implemented to protect them from exactly this. Legislating DRM doesn't work, DRM doesn't work, and if your business model depends on DRM, it won't work either. It's time that Wall Street and VC groups started to act on this one principle. If their business model is DRM it's a bad investment.
Sure, you might argue that MS is an exception but I think that the sales performance of Vista is going to prove me right on this. MS has been trying to play Whack A Mole with malicious software and spam. Yeah, that has been working out well. Their new flagship DRM laden secure operating system
Back on topic, the lawyers for the AACS group must be staggeringly stupefied. Maybe if they make an example of Digg and Mr Rose they can send a message, and if they try, every new key will be poste in blog comments on every blogging system around the globe. They literally need to surrender and rethink what they are doing. DRM DOES NOT work.
Support NYCountryLawyer RIAA vs People
Surely if one key has been cracked then it will either be quicker to crack the new key as the crackers will know what sort of algorithm was used to produced the key. Or if it was a brute force attack then about the same time on average. So surely in a few weeks there will be a new Hex string doing the rounds on the internet.
The real target of this action is likely a different audience, namely Hollywood. The AACS doesn't have to make their DRM undefeatable. They do need to convince their customers - and remember, that's not us - of the value of their work. And when their DRM is broken and seen to be broken, they need to convince those who want to believe that they at least have not lost faith in the cause.
So we may talk about winning and losing, and people like use may be the targets of lawsuits. But I think we may be giving ourselves airs when we assume that for the other side it's about us. If, on the other hand, we figure out who our real audience is then we have a better chance.
I wonder how 'average' consumers are going to take to refreshing their keys every time there is a crack released?
"Let's watch this DVD I just got from the store. Oh no, I need to download a software update first, install and reboot. Why not just download the movie off P2P instead."
Any sufficiently advanced bug is indistinguishable from a feature.
And the list of known primes is published... why not just automatically try each large prime?
Oh... I've never studied cryptography, so be gentle.
Um, what, close to a million hits for the key right now on Google?
DMCA applies only in the United States.
What is that sound? A toilet flushing?
I'm not wrong. You haven't thought about it hard enough.
I wonder if he actually believes that people "enjoy" content protection. How could you even say that with a straight face? It would be like a prison warden, after a jail break, saying, "soon the escapees will enjoy protection from the free world once again."
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Slashdotters, please dont get worked up.He knows it is a stupid thing to say to a tech savvy audience. He was talking to the chumps who paid big bucks to have their movies "protected by" the DRM. Some weasel clause in the contract would say something like, "while we dont guarantee that this mechanism will never be broken, all we promise to do is to take vigorous action". He will eventually argue that issuing such ridiculous statements constitutes vigorous action. That is all.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
"There are three things you can do:
1. Kill yourself.
2. Kill your manservant.
3. Kill everybody in the whole world."
Now 2 is fine, 1 is reccomended, but 3?
Patriotism is a virtue of the vicious
That is the part that ticks me off the most. The DVDs already could be copied without the key. Their "technology" is "playback protection", not "copy protection". The only honest sentence in the quote was earlier, where he said, "Some titles could now be played on more than one software player." Yes, THAT is what your evil scheme is trying to prevent. (Not that I will ever buy HD DVDs until I can actually play them whenever/wherever I want.)
As long as "playback protection" is working, you can't actually "buy" an HD DVD. You can only rent the privilege of playing it under conditions specified by the publisher. Whatever happened to laws against false advertising?
You mean like this:
I think it was called the Manhattan project. At the end of the movie the scientist asks "What are you going to do? Make them all disappear?"
Simple fact is that it is out. It is a number. You forbid them from positing it in hex then they will octal, decimal, or binary. They will just invert it or flip the first two bytes so it is no longer the same number. I have a suggestion from now one when we post any HD keys we will just add 42 to each byte. That way we are encrypting it and any attempt to subtract 42 to prove that it is a key is a violation of the DMCA.
It is impossible to prevent the copying of audio or video if people can see it.
It is also rubs people the wrong way to try and control what they do with something they own. Yes if I BUY a DVD I own the DVD. Unless you start making me sign a contract I consider it no different than buying a piece of wood. If I want to watch it on my Ipod I will. If I want to rip it and put it on my server so I can watch it on my notebook I will.
If I sell it then yea you can sue me.
Go away RIAA and MPAA. You are boring us now. You will become irrelevant. Dear music companies I am going to write my congressman and tell them I don't want them to support you suing innocent people and getting government help for what should be civil court actions. I will also point out that you have a history of supporting drug use, profanity, and violence. Helping you is hurting the children.
Game over. The music industry can be such a jucy Judas Goat.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Here's the translation for the lazy:
While I can respect his point about the issue being a legal one rather than a free speech issue, I would argue that they took the matter too far. It's one thing to revoke the key, then prosecute the original crackers under the DMCA. (As distasteful as that is.) But once the information is in the public realm, it effectively becomes a lost "trade secret".
Those people created a world where middlemen get always the greater slice of the cake.
Well, if they are going to use their most known weapon (ie. lawyers) to fight who posts codes, then good luck to them: nobody on this planet can afford 700.000 lawsuits -and- the bad publicity it would bring.
They will back off or choose more direct (read: illegal) solutions.
In other words, they will be hit by their own system, and this will show one more time that when a new way of doing things fluorishes you have to adapt or die.
Dear helpdesk,
I am trying to ping my server at
09F9:1102:9D74:E35B:D841:56C5:6356:88C0. However,
it seems like the address is in the unallocated space.
Perhaps there's a typo somewhere?
AACS LA:
That's the Processing key. You are not allowed to publish it.
Hacker:
No sir. That's a IPv6 address. Surely you won't deny me to have links on my website? =)
The legitimate software player application that has had its key revoked needs to have its key updated. Fair enough. What's to stop someone from doing a bit-by-bit comparison between the "old" and "new" files, and determining the new key from there?
This whole system was never, ever going to work. It matters not one iota how many bits be in the key, the fact is that the key is on the disc and in the player -- both of which the "attacker" has access to. Even worse, the unencrypted RGB signal is available at the grids of the cathode ray tube (you'll have to recover the timing information from the scan coils, but it's eminently doable). I reckon, two 2902 quad op-amps and a bunch of resistors at most. Unless you send a policeman round to check up on everyone watching a HD-DVD, people are going to find a way to make copies. Come to think of it, even that won't necessarily work -- you can bribe a cop.
What'll be pants-pissingly funny is if they ever try to revoke a key on a standalone, TV-connected player. In the UK, that sort of thing is called "criminal damage" and can get you arrested. It's also a good way to get your products banned from sale.
Je fume. Tu fumes. Nous fûmes!
Except that you're missing about 3/4 of the post. When you use an online cryto program, remember that they have scrollbars. ;-)
Javascript + Nintendo DSi = DSiCade
The problem with barring publication of an encryption key, without more, is that it really is impossible--and I don't mean in a "the internet will route around censorship" fashion.
One of the following series of hex values, according to the AACS, cannot be published by anyone besides them:
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-BF
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C1
Trying to bar one of them from publication will necessarily reveal what it is. As Wikipedia is discovering, you have to be able to describe what you're not allowed to publish in sufficient detail in order to effectively prevent its publication.
With other forms of intellectual property, the problem is avoided in various ways: in order to obtain a patent, the description itself becomes public domain. In copyright, the description is bounded by the creative content of that which you create. Trademarks are delimited by "confusion in the marketplace," and trade secrets are delimited by that which is actually kept secret.
The DMCA purports to create a fifth type of intellectual property, not limited in time, that would bar distribution of information (rather than just physical devices), but has no boundaries on the AACS's theory of what constitutes a "part" of an circumvention device. The boundary becomes "whatever the AACS moves to protect as a part of a circumvention device." But in order to enforce that right, we all have to know what we're not allowed to distribute.
So maybe the AACS, in order to avoid the paradox, can seek to protect a *range* of values. The scenario just gets even more absurd.
No. The answer is really that the key, without more, cannot be afforded protection as "part" of a circumvention device. It has to be a accompanied by something more, at the very least a description of how it can be used to circumvent. Otherwise it's just a string of text.
And that's where the DMCA falls apart, as people with an interest in circumventing can always break apart the information to such a degree to avoid any one part being classified as a "part."
It's a tough problem, and it should be brought to a court to evaluate. The court in Remierdes had an easy time, because the circumvention device was whole. Fair use will have to be read into the DMCA at some point when it comes to these alleged partial circumvention devices.
I don't need large brains to have a good time.
(as hackers have created a hack that CAN'T be revoked)
... so the hackers will need to go back and sniff/debug an updated software player to figure out the new Processing Key.
... so if you made a "bit-perfect" copy of a disc, the Volume ID wouldn't be there (because you can't read it and/or because you can't write it to the new disc) and you'd be missing one of the elements required to decrypt.
I spent a while trying to get my head around AACS last night, and the bottom line is that what comes out of the un-revocable hack that you mention isn't the same thing as what's being posted around the internet, and what the AACSLA has the whole revocation scheme for.
Oversimplification ahead, and I may have some of the details wrong or, but this is the gist of it: the content -- the movie itself -- is encrypted with title keys. These title keys are encrypted with a volume unique key (VUK). The VUK is composed of two parts, a media key and a Volume ID.
The Media Key is the thing that you get with the code that's being posted all over the Internet (the Processing Key). Processing Keys can be revoked, but only for new discs -- so the discs that are out in circulation as of the compromise of the Processing Key, are out. They're cracked. However, future discs will use a new Processing Key, and that one that's around on the internet won't work
The "un-revocable hack" you mentioned, doesn't have anything to do with the Media Key, it's all about the Volume ID. The purpose of the Volume ID is to prevent bit-for-bit copying. In a lot of ways it's very similar to parts of the CSS system used on DVDs right now; it's a key specific to each batch of pressed discs, written to the disc in a way that's difficult to read off manually (the drive isn't supposed to let the user see it at all), and impossible to write to a blank disc
So: while the Volume ID hack involving the XBox360 drive is a major step forwards (backwards if you're the AACS!), it's not a silver bullet, and it doesn't make future titles trivial to compromise. There's still going to be a cat-and-mouse game in the near future, where the AACS will try to revoke Processing Keys and try to discourage the publication of new ones as discs are released. (It's been pointed out by several people now, that the AACS' over-the-top reaction to publication of the processing key, may indicate that they've realized that their revocation procedures aren't nearly as fast or as flexible as the people who are going to be compromising them.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
continue to enjoy content protected by AACS
reads like
"continue to enjoy having a sword through your lung"
how long until
https://www.spreadshirt.com/shop.php?sid=114476I want a t-shirt....
You cannot copyright a number. Good luck with that wild goose chase!
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
This needs to be tagged hex09f911029d74e35bd84156c5635688c0
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
What about hardware-only players?
Assuming that the old key was imbedded in the the player firmware, and that the existing crop of HD-DVD/BluRay players are as locked down as their DVD brethren, how do you plan to "update" standalone players to work with newly-released content? A recall?
mod parent up TFA states that the key has been revoked so why is it necessary to hunt people down for distributing a (now) redundant key?
Whoops. 4 hours of sleep does that to me. ;) I should've posted as AC too, but too late now.
;)
Here ya go:
While I can respect his point about the issue being a legal one rather than a free speech issue, I would argue that they took the matter too far. It's one thing to revoke the key, then prosecute the original crackers under the DMCA. (As distasteful as that is.) But once the information is in the public realm, it effectively becomes a lost "trade secret".
The DMCA may not recognize encryption keys as trade secrets, but that's all they are. Once the secret is lost, you cannot recover it. You simply have to move on and extract any damages from the party that disclosed the secret in the first place.
As Mr. Ayers stated, the key was already revoked. If they hadn't tried to put the genie back in the bottle, they wouldn't now have a several-million member strong community of talented and bright individuals trying to crack HD-DVD just to spite them.
Here's Michael Ripley from back before AACS was finished.
"Backers of the protection method are betting that AACS technology will finally thwart unauthorized copying of DVDs while allowing consumers to distribute movies legitimately over networks within their homes, play them on a variety of devices (standard televisions, portable movie players, and laptop computers), and store them on home media servers. "We wouldn't be investing our time otherwise," says Michael Ripley, the chairman of the AACS alliance's technical working group."
Well, Michael(s): any high school student could've told you this would never work. The reason is the same as always: you have to provide the machine with everything it needs to play back the disc. It's difficult (college students would say "impossible") to provide those things to the machine without providing those things to the machine. Cf. Cory's age-old piece;
http://craphound.com/hpdrm.txt
My turnips listen for the soft cry of your love
When I try to explain to non-techies why DRM and copy protection is useless I give them this analogy:
The Movie and Music Cartels give you a lock (DRM'd Movie, music, etc.) and a key (DVD player, etc). They get mad when you use them in a way that they don't approve.
-Anybody knows you can't keep something locked up when everybody has the keys to that lock.
At this point the non-techy laughs...
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Narrator: In A.D. (2007,) war was beginning.
....
AACS: What happen ?
AACS cronies: Somebody set up us the (KEY.)
MPAA experts: We get (BLOGS.)
AACS: What !
MPAA experts: (IP Trace) turn on.
AACS: It's you !!
Consumers: How are you (MafIAA)!!
Consumers: All your (HD-DVDs) are belong to us.
Consumers: You are on the way to destruction.
AACS: What you say !!
Consumers: You have no chance to survive make your time.
Consumers: Ha Ha Ha Ha
MPAA experts: Captain !! *
AACS: Take off every (lawyers) !!
AACS: You know what you doing.
AACS: (SUE).
AACS: For great (PROFIT.)
ELOI, ELOI, LAMA SABACHTHANI!?
The hex string in question is no longer a valid AACS key
it is perfectly valid for any disc that doesn't have it revoked, i.e. any disc pressed before may.
i would bet that 90% of currently-in-store discs will work with it and will for sometime to come, and by the time that it doesn't work for a considerable percent of discs, there will likely be a new key flying around.
upon the advice of my lawyer, i have no sig at this time
See, here's what happens. A key gets published, they revoke it. Another key gets published, they revoke it. This goes on for a while, and then suddenly everybody buying blu-ray players can't play their damn movies because a bunch of keys don't work. So then they go return the player to BestBuy and say it doesn't work, and get another one. Then that one doesn't work either. Then they give up all together and just stick with DVD's.
These people need to realize that for all of Hollywood's fears about mass copying of their films, the far greater fear they should have is that they'll simply drive people away from bothering in the first place. Rather than wasting all their efforts on preventing piracy that's going to happen anyhow, they should work on making the films as broadly available and easy to obtain for consumers who will happily pay money to see them.
This sig has been temporarily disconnected or is no longer in service
As a semi-pro photographer, I do see the value in protecting one's IP (Intellectual Property, not Internet Protocol, in case any were confused). The images, media, whatever, are the keys to the bank. My clients frequently want me to give them the digital files, as if they're "free," when, if I do that, I make $0 on prints, which is where much of the money is to be made in photography (in the present biz model).
Analogizing to HD-DVD (or whatever digital media there is), the companies who produce such media have the right to protect their content. The rub lies in them protecting their content without interfering with our fair use. That's a really hard thing to implement/enforce. I don't really have any ideas on how it should be done, but I'm simply emphasizing that they have created the content, and thus, they have a LEGAL right to protect it. Just because it's in a digital format, that doesn't mean it's now free (either as in "free beer" or "free speech"). The content still belongs to the original creators, though one owns a copy.
The folks bitching about "free speech" and publishing encryption keys are way off, IMHO. If I had watermarked thumbnail images on my website, and full res images accessible by password, then someone cracked that password and published on the web, I'd be upset. They have stolen the keys to the bank, then made copies of the keys for anyone to find. It's stealing, immoral, etc. There's nothing admirable about stealing and aiding and abetting others to as well. I know it's in our nature to want to get around the system (esp. as geeks), but it just ain't right.
Congress is not restricted from passing laws that make theft illegal. If you consider that the AACS keys are as much like the keys to a lock as they are like speech, then distributing the keys is not by itself illegal but should someone use the keys to steal something (the protected content of a DVD in this case), then whomever distributed the keys would seem to be guilty of aiding in the theft.
I am as against DRM as anyone but I'm not sure centering the debate on freedom of speech and ignoring the other legalities is realistic.
May they ROT in 13 hells before they figure out my super secret encoding scheme :)
09 S9 11 02 9Q 74 R3 5O Q8 41 56 P5 63 56 88 P0
Me: You probably need to refresh the AACS encryption keys.
Mom: *blinks*
Me: Your encryption keys need to be refreshed in order for you to play protected content.
Mom: I don't have encryption keys or protected content, whatever those are, I just have this movie that won't play.
Me: Right... in order for your movie to play you need to refresh the encryption keys that unlock the protected content on the disc.
Mom: I never had to do that before.
Me: No, no you didn't.
Mom: So how do I do that?
Me: I'm not really sure... I heard the assholes that made this all so hard in the first place have instructions on how to fix this mess on their website. I don't know if that applies to your model of HD DVD player though.
Mom: So if it doesn't, then what?
Me: Then you'll have to get the owners manual for your HD DVD player out and look through it.
Mom: Why does this have to be so difficult? I just want to watch my movie...
Or something like that. Then she'd start crying because she's easily frustrated by technology when it doesn't work. My parents have called me from half-way across the country because they didn't know what button to press on the remote to get sound out of the TV. There's no way they'll be able to "refresh their AACS encryption keys" if it's not automatically done for them. It's not like there's a "Refresh AACS encryption keys" button on the remote that I can tell them to press...
DRM = media content + frustrating, crippling, broken security
I stopped buying movies and music because they were too expensive and this was well before DRM raised its ugly head. So with this in mind (I am far from unique in this regard), what twisted combination of chemicals are required to come to the conclusion that making these things more expensive and user un-fiendly will change my mind?
Coldmoon over Dark water...
I think that /. should start the next batch of userids at 9991102997493599841569563568800.
:)
That way, we can just refer to "Slashdot::<someone's username>" instead of spouting out the number...
coding is life
Why not have it encoded into a necklace? Let's see them try to censor that.
Exciting indeed.
Being attacked, I mean.
The AACS Founding members IBM, INTEL, MICROSOFT, PANASONIC, SONY, TOSHIBA, WALT DISNEY and WARNER BROS should be ashamed.
Reduce, reuse, cycle
While I can appreciate the level of craftsmanship and artistry that went into the repair of the barn door, I cannot fail to note that the cows seem to have escaped in the interim.....
DG
Want to learn about race cars? Read my Book
I hope they don't "take action" against the digital painting I did, which is featured on the front page of my website and incorporates the key. I also hope they don't "take action" against the HDDVD song I wrote here: http://www.myspace.com/stevepordon (I made an arp synth line by converting to binary and using C1 for zeros and C2 for ones). Both of these things are, naturally, original works of art and are clearly protected by the first amendment, DMCA or not.
Fuck you, AACS, and fuck you, MPAA.
Ironically, I wouldn't be so eager to kick the MPAA in the balls if they hadn't claimed under perjury that I was hosting DeCSS about a year after I voluntarily removed it from my site. Oops!
Now, it may sound as something bad when they start revoking keys. Bah. My hacked key doesn't work anymore.
Kids, the mafiaa revoking keys is a good thing in the fight against DRM. Find more keys and publish them, so they revoke them! The more the better!
What happens when a key gets revoked? Some player stops working. Actually, a whole batch of players stop working. And thus, Joe Shmoe Average might get a clue. It might not matter to him that DRM exists ("Duh, I buy my movies anyway"). It might not matter to him that DRM restricts him ("Duh, I don't copy them anyway"). It might not matter to him that it takes away his ability to actually play that content on other media ("Duh, I only use it in that DVD player anyway, not the computer").
But it does matter to him when that new blockbuster doesn't work in his DVD player anymore.
It does matter to him when his DVD is "broken" and he has to get a new one or has to get his fixed. It is a hassle. He might not know how to update his player. He might have to get a friend to do it. He will get angry 'cause why the heck doesn't it "work" anymore the way it used to?
Maybe, just maybe, it's a wakeup call for Joe Average. And maybe he'll stop buying crap that suddenly stops working.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It only comes off as _fundamentally_ flawed if you think drm's purpose is to prevent person B from reading his own information, and I don't think that's accurate. DRM's purpose is to make it _unreasonably difficult_ for B, and that's a different thing. The real way I think DRM is fundamentally flawed is that it is has an issue with "one chink in the armor and the whole thing goes down," i.e. only one person needs to decrypt a file and post it for any number of people to have access to the decrypted file.
That may all be fairly obvious, but from the standpoint of convincing companies not to support it, I think it's important. Their problem is not that DRM can't prevent the vast majority of users from completing certain tasks, because it does in fact prevent many B's from reading their own info, but that it can't restrict _all_ users, and after a certain amount of time the two become indistinguishable. DRM works on the premise that the creators are better hiders than the crackers are finders, and that is its fundamental flaw. The balance might change with trusted computing and other hardware solutions, but maybe by then they will notice that the expenditures don't justify the gains.
Relax I just want some peanuts.
He said tracking down everyone who had published the keys was a "resource intensive exercise". A search on Google shows almost 700,000 pages have published the key.
;)
only 700k sites?
come on guys, get CRACKIN'.
if you want to really make their jobs harder, embed that number EVERYWHERE. keep their minions searching for this for YEARS.
afterall, they have nothing better (truely) to do with their time
--
"It is now safe to switch off your computer."
Well, why not enter their key distribution system and unlock every DVD in the world?
I bet they haven't thought that part yet. Somebody hacking their key distribution system. They are focusing on the disc itself. Hacking data transmission on the net is the oldest game there is.
relearn the meaning of irony.
If HD movies came on discs the size of a LaserDisc, not only would they not fit in a PC case, completely new hardware would be needed to read & write them. I propose a new 8" - 12" disc standard. I highly doubt people would widen their cases just to fit an HD movie drive.
I hope they publish the new keys. I don't want to post some random number and find myself in court because of it.
Of course not, but please do it by name: hddvd.honeypot.net.
Should AACS ever enter the IPv6 space, I want to make sure I can refer to their likely homepage address by a convenient local alias.
Dewey, what part of this looks like authorities should be involved?
This is Karma Whoring at its finest.
{
this works */
for ( uint128 ii = 1; ii; ii++ ) {
printf( "0x%032x\n", ii );
}
return( 0 );
} Dang, now AACS will have to tell me what numbers I'm not allowed to print out.
"Last I checked, the Supreme Court is the final arbiter of what is constitutional in the US."
check again.
The only reason SCOTUS has this role is because they gave it to themselves. They have NOT been granted this responsibility by the constitution.
RC4; Base64 Encoding; Key = "pwned" _u1vwUPCo9UmFlqaft"mEfCZOvJ6zB4V2JL6Nk5qU0_LRh8dTF "6S0JsNk8g
nGc
There's an infinite number of ways to represent a number.
Do they plan to make all of them illegal?
fixing this problem is as easy as putting back 700,000 worms into their original can
good luck with all that...
"Some people clearly think it's a First Amendment issue. There is no intent from us to interfere with people's right to discuss copy protection."
Yeah, we can "discuss copy protection" as much as we want so long as the DMCA and the Sonny Bono Copyright Act still stand, hm?
It's funny how everybody agrees that speech should be free so long as that speech is completely impotent. It's the speech that empowers, empassions, that enables legitimate users to do with their purchased media what they will that suddenly gets declared "unprotected."
"We respect free speech."
This from the same industry that wants to ban cell phone usage from movie theaters not because they annoy the rest of the audience, but because they don't want to let people warn others just how bad a particular movie is?
They're going to need it.
= 09+f9&meta=lr%3D0 %9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=lang_ ru
http://www.google.cn/search?complete=1&hl=zh-CN&q
http://www.google.ru/search?hl=ru&q=09+f9&btnG=%D
...when you said "in the present business model".
The present - perhaps "previous"? - business model relied upon scarcity. If you held the negative to a photo, you held the only thing capable of producing a high-quality reproduction of that image. It was possible to make new negative from positive prints, but doing so resulted in a marked loss of quality, and the negative itself was irreplaceable.
Plus there was a certain investment of time, skill, and resources involved with producing a new print from the negative.
If I broke into your place of work and stole/destroyed your negative, that photo was gone forever.
But nowadays, the digital file can be copied without loss of quality ad infinitum. If I make a copy of your raw data file, you have not been materially harmed - you can still make copies - and all that has happened is you have lost exclusivity to that image.
And that image can be reproduced almost anywhere with minimal skill and investment in resources.
Effectively, the scarcity of the ability to duplicate images has been eliminated. There is next to zero cost involved with the duplication of images once they are in the memory card. As such, the image files themselves have next to no actual value.
What HASN'T changed is the necessity for a skilled photographer to take that image in the first place.
This implies - hell, it yells at the top of its lungs - that the business model of selling exclusive prints is now utterly broken, and pro photographers (and other media producers) need to find other business models. If the automobile obsoletes your buggy whip manufacturing business model, you need to adapt.
My suggestion is that you regard photography as a service. You are being contracted for your ability to take artistically skilled photos. You price your services based on the amount of time you have invested and your level of artistic skill, and you sell the customer the digital data files you produce for him.
I know photogs working to this model now, and they seem to be doing well. The days of the reprint gravy train are over, but people seem to be willing to pay for the quality of SERVICE they get.
DG
Want to learn about race cars? Read my Book
The way I see it, ladies, you owe me for one jelly doughnut! Now, get on your faces!
I don't have an HD-DVD or Blueray, so my knowledge is a bit fuzzy.
Having broken this key, any HD-DVD that was encrypted with this specific key is breakable, and will continue to be breakable, correct? It is just that any new HD-DVD productions will not include this specific key, correct?
It that's the case I don't think I would call that an all out victory for them, at best it's a push, but the player came out ahead. Prior to the crack, the consumer had no option, just after the crack the consumer had all options, after the key was revoked the consumer has all options on all HD-DVDs that have already been produced.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
No, you silly; if the forbidden number is fully suppressed, AKAImBatman can still say whatever that post says. It just means that if he wants anybody to be able to descipher what he's saying, he will have to choose another way of saying it.
Or, in other words, the choice of encryption scheme and key is not part of the content of the message, it is part of the way the message is transmitted, and since there are astronomically many good encryption keys, restricting him from using this particular key doesn't affect his right to free speech.
A comparable problem faced another industry years ago. In trying to implement regulations, the government discoverd that firearms are not monolithic devices, but instead consist of a number of parts, each of which can be replaced and which can do nothing harmful on their own or even fully assembled save for one part.
The legal solution was to declare a key part, the "receiver", as the regulated item. That hunk of metal is harmless/useless on its own, yet - due to intentions to control an industry - was declared THE essential part and is thus is the precise subject of otherwise over-broadly worded "firearms" regulations.
Relevance? Considering the billions of $$$ perceived at stake and intense motivation of the *AA, coupled with the intense opposition's creativity, the DCMA will be modified to declare decryption keys something equivalent to a firearm's receiver: federally registered, and if you're caught possessing one (even if plainly harmless on its own) without proper licensing, very bad things will happen to you.
Yes, the key on its own is useless - as is they decryption software lacking the key. However, the intention is clear and the motivation to regulate/restrict combining and using them is powerful, so possession of the essence of decryption - the key - will eventually be regulated.
And yes, they WILL hunt down anyone distributing decryption keys without a license. While warm fuzzy arguments about "anyone with a lathe & drill press..." may be true, nonetheless the BATFE exists as a very large, powerful and motivated government agency.
Someone paid a quarter-billion dollars to make SpiderMan 3, not to mention hundreds of other 9-digit-buget movies. That someone will see to it that a government agency is enacted, empowered, and funded enough to be motivated to ensure every bit moving from camera/mic to screen/speakers moves entirely within a fully licensed (i.e.: aggregating massive royalties) environment.
You just want a few free movies, and to play movies on hardware of your choice.
They're not going to let you.
Don't underestimate their motivation.
It happened before. It will happen again.
Can we get a "-1 Wrong" moderation option?
If I remember right, the original guy who discovered the key didn't actually reverse-engineer anything, per se. No debuggers or anything. He just managed to take dumps of the contents of memory at the right time, and managed to find the spot in memory where the key was placed when it was there.
Now, it sounds kinda like reverse engineering, but I'm sure there's some grey area involved there.
I agree, though, the number is a trade secret. Only when combined with an implementation of AACS does it become a circumvention device.
:(){
Don't blame that poor AACS-LA spokesperson. He is just doing what he is required to do, i.e. claim that AACS "has not been broken", is "very robust" and that they will "vigourously fight" those oh-so-evil hackers who distribute keys. If he did not do that then he might jeopardize their future chances in DMCA litigation, and movie companies would sue AACS-LA into oblivion. If he admitted the obvious, that AACS simply cannot effectively protect content then the movie companies would jump ship and he would lose his job. I petty that guy, really. He is in a no-win situation.
The real issue here is if movie companies will learn from this. Let's see... first they spent millions of dollars to finance the development of AACS and have it peer-reviewed, then they held back their movies past the optimum release date to wait until AACS is "ready" (whatever that means -- bus encryption still did not make it into the standard, so volume IDs are transfered in the clear -- ROTFL). Then they spent lots more money on buying new software, training their staff how to use AACS and on following AACS procedures (content-signing by AACS-LA etc.), next there were the inevitable DRM-related compatibility problems leading to recalls and bad press. Shortly afterwards (and long before HD ever reached critical mass in the market) AACS was broken. Now they are holding back movie releases yet again, hoping for some magic AACS fix, and in the case of Blu-ray hoping for BD+ to magically solve all problems. Exactly how much money did they spend on all of that, how much revenue did they lose by delaying releases while waiting for DRM, and how many movies could they have produced with that money instead ?
The funny thing is that they made all those bad decisions after they had already been burned by the DVD DeCSS fiasco, and after industry experts had predicted that exactly this would happen again. Bruce Schneier's May 2001 CryptoGram article should have been required reading for all of them http://www.schneier.com/crypto-gram-0105.html#3. I wonder just how long it will take for them to learn. From what I have seen so far I fully expect the next round of AACS to be broken within one day, and BD+, once it is used, within one week, and no "technical measures" or take-down threats by AACS-LA will be able to stop that.
Not really copyright, since it is simply a number - and not a particularly unique one at that. But perhaps if they trademarked the key(s). Then they probably could exert some control.
Is it just my observation, or are there way too many stupid people in the world?
The odds of that actually being a randomly generated IPv6 address are vanishingly small. The odds are much, much higher, in this context, that you're just using the form of an IP address to disseminate the key, and I think a reasonable court would recognize that and find against you.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
http://www.aacsla.com/home
Classic... every news item, from January to now (only 3 I know), talks about the various cracks.
There is not one piece of good news (for them or their customers anyway). I think if I were a movie studio, I would be a little wary of using a product that can't say anything good about itself in the last 4 months!
I think it's funny. It's essentially a banner that advertises nothing but their failures to meet customers expectations!!! LOL
Sometimes the best solution is to stop wasting time looking for an easy solution.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Was "Can't Stop the Signal." The information those in power want hidden is out, and it can't be stopped. There are an infinity of ways and places to store and display this number, and the next, and the next after that. They've already lost- they just don't know it yet. So what better tagline for the revolution than a quote from one of the very movies released on HD-DVD? "Can't stop the signal." -OP
Comment removed based on user account deletion
I just want to add who I think our audience is or should be: the public. Not Hollywood: unless we can align their interests with ours, convincing them of the futility of DRM will only alter their strategy.
The processing key protest has taken on symbolic importance. If we can frame the event in terms of free speech, we will have won. I don't think we're succeeding. Hollywood and the AACS folks are explaining it in terms of property and theft. News media are reporting about mobs and an online riot. The wider public may end up believing that a mob of hackers and teenage vandals attacked Digg, disregarding the property rights of others and in order to enable theft - and that users must be prevented from controlling the Web. If that's what they believe, they may start passing laws to back it up (witness the attacks on MySpace and other social networking sites).
I believe this is wrong on every count. Most in this "mob" have a better understanding of the issues involved than do their opponents. The distinction between theft and copyright violation (never mind trafficing a circumvention device) has been covered numerous times on Slashdot. And criticism of user participation displays a tragic ignorance both of who creates the value of web sites like Digg, and of the original purpose of the World Wide Web which was supposed to allow the browsing and creation of content by all of its users.
The sheer absurdity and irrelevance of the number itself makes it the perfect issue. The courts may see otherwise, but for the vast majority of the public and of the protesters, it is a symbol, not a "circumvention device". Protesters are not going home and using that number to pirate videos, so their protest must be seen as an act of disobedience, not of self-interested theft.
We have a good story. We need to get it out to the people that matter. The AACS LA may be the opponent, but winning on their terms gets us nowhere. Winning the minds of the public, however, is the first step to getting these disastrous and immoral laws fixed.
I don't think the number should be posted, I've put a write up about it on my site! http://www.nelson-techonline.com/09-F9-11-02-9D-74 -E3-5B-D8-41-56-C5-63-56-88-C0/index.html
... for saying "09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0". It's just like saying "Jehova". Didn't you see what happened then?
At least give them some trouble when posting the key!
md5sum(key) = cfddca0b93558c11cd6d2a7023a544bf.
While the key is mathematically defined by this(*), currently no one knows how to compute the inverse of an md5sum in a feasible amount of time. Will Slashdot be asked to remove this comment? I'd love to see the AACS laywer demonstrate how he can derive the key from this post.
In the same way, you can test various computational complexity conjectures by translating them into a statement concerning the key and waiting for the takedown letter.
* There might be a few other solutions, but you can exclude them by seeing that they don't work when you try to use them.
PROTIP: You can't copyright a number (or, at least, you shouldn't be able to).
I'd agree, but I disagree with copyright altogether. Remember, all digital information IS is numbers. Effectively, saying "you can't copyright a number" is the same as saying "you can't copyright anything digitally expressible". Again, absolutely fine by me, but nontechs don't necessarily grasp the full ramifications of information science. It will probably take a generation or two before copyright law is stamped out totally by the realities of the universe we live in.
This is a moot point. They are not claiming that they own the number. They are claiming that it is, a "technology, product, service, device, component, or part thereof that that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title". Such technologies, products, services, devices, components or parts thereof that are illegal to possess/distribute in the United States due to the DMCA.
Has anyone ever been prosecuted under the you-don't-talk-about-DMCA provision? I have to assume that the copyright holders don't want to bring such a prosecution because the DMCA would be unlikely to survive a constitutional challenge.
Every one of the words in your post can be used as a password. That doesn't justify prohibiting their publication.
The AACS key is a password that's, in effect, distributed to everyone who owns a HDDVD and is furthermore useless to you unless you possess an HDDVD. It's an open secret. In that respect it's different from a credit card, and your analogy is inapt.
And it's not illegal to post a string of digits that may or may not be a credit card, without more, and the same should apply in the case of the HDDVD key.
I don't need large brains to have a good time.
So, you admit that if you sing "Happy Birthday" in public you will affect the profits of the person or persons that owns or own the various rights to the work. This has an effect on the flow of money within the United States and therefore may be regulated by congress due to the interstate commerce clause of the US Constitution.
"[...] tells consumers how they can 'continue to enjoy content protected by AACS'"
How about telling them they can enjoy their content, period?
If it's been revoked, then what's the point in chasing the people still posting it? The new DVDs won't use it. The pirates wanting to rip the DVDs already out there using the key will already have it.
The horse has already bolted, so why are they bothering to try to close the stable door?
All they're going to do is irritate bloggers more and make themselves more unpopular by doing so.
I would never say what the AACS key is... I just say what it is NOT (see sig).
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Corporate espionage is, of course, still illegal, but also an entirely different crime. Ordinarily you can legally reverse-engineer something in order to discover any trade secrets it embeds, but under the DMCA anti-circumvention provisions it was illegal reverse-engineer the player software in order to fetch the key. The DMCA only causes problems for US citizens reverse engineering. If a foreign actor commits the reverse engineering, that's legal. If they give that information to me, that's also legal. This is especially true if they publish first, thus ending the trade secret. Unlicensed implementations of AACS are still copyright infringement No, they're unlicensed implementations of AACS. It's only circumventing a copyright if you decrypt movies with your implementation. It's only copyright infringement if you distribute the decrypted movie. Even in the DMCA, there is a distincting between distribution and circumvention. implementations combined with the key are still violations of the DMCA Well, that's true.
Each User/Buyer of Media would be issued a Usb-drive-like device that will contain their own personal key. All media playback devices (PCs, DVD players, MP3 players, etc) should have a slot for your personal key. When you purchase media, you will have to tie it to your personal key at the time of purchase and as long as your key is present in ANY playback device you should be able to playback your media. You can make as many copies as you'd like. Your copy/copies of the media won't play with anyone else's keys. This is a good compromise for everyone.
Thus, you won't be able to play a copy of an encrypted disk. You will only be able to play a copy of a decryted disk.
Seems a bit easier.
You are being MICROattacked, from various angles, in a SOFT manner.
How about while we wait for them to get back to me on that we start a little political activism to start bringing consumer rights back to consumers in our various countries? Writing your representative is OK but if you really want to get their attention you need to be wielding a block of about 200,000 voters. Hop to it!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Quick! someone publish it as a part of a rap song!
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Welcome to the new world then, where the AACS can sue ANY IPv6 address and claim that it just so happens to be their "secret number" and you must Cease & Desist immediately. Of course they won't have to proof that or anything, you just have take their word for it.
Find against what? It is not now and never could be illegal to state a number. A fact cannot be protected by copyright. A number is the most basic of facts, unless you don't agree with the concept of math.
And can someone re-create the original keygen process in the first place from available data? AACS is able to create keys on demand.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
This has nothing to do with freedom of speech. The Internet's response to censorship is very much stronger than that... the Internet is built on protocols that are designed to avoid information loss and enable communication no matter what. It's got an abhorance of any kind of censorship... no matter how valuable and useful that censorship might be... baked into its genes, and that is one of the things that's made it so successful. Even if you tried to replace it, it can and will outcompete any closed environment that doesn't have that attribute.
So it's not a free speech issue, it's a "you can't win this race" issue. They're not so much *wrong* to try and fight, they're simply foolish and doomed.
Let's say you have 0x09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-BF friends coming over, and you want to buy an apple for everybody (including yourself).
How many apple's do you need?
hnnm,09F911029D74E35BD84156C5635688C0.com
2^6 x 5 x 19 x 12,043 x 216,493 x 836,256,503,069,278,983,442,067
Ben Hocking
Need a professional organizer?
All she has to do is something like this: (Typical update process with a consumer stand-alone Blu-Ray player)
Option A:
1. Go to website (Mom: Website, what's a website? I don't have a computer)
2. Download the appropriate file (Mom: Download a file? Which one? From where?)
3. Burn it onto a CD-R (Mom: Burn it? CD-R ??)
4. Put in player and wait for it to install, hopefully it works
5. Watch movie (finally!!!)
6. Get fed up with new Blu-Ray player, and stop buying movies, possibly taking player back to store for a refund.
Option B:
1. Go to website to get support phone #
2. Wait on hold for minutes / hours (YMMV)
3. Get asked what model you have (Mom: Where is the model? On the back/bottom? I gotta unplug the cables ?!?!?)
4. Start over at step 2 when you know the model
5. Give them your name, address, other personal info, along with the serial # (Mom: see #3) If no serial #, get it and start over at step 2, again!
6. Wait until they can ship it to you, could be days or weeks
7. Put in player and wait for it to install, hopefully it works
8. Watch movie (finally!!!)
9. Get fed up with new Blu-Ray player, and stop buying movies, possibly taking player back to store for a refund.
Option C:
1. Decide disk is defective (Mom: My other disks work, so it must be this disk)
2. Drive to store and get new copy
3. New copy fails, too. Store won't refund, until you raise a ruckus.
4. Get fed up with new Blu-Ray player, and stop buying movies, possibly taking player back to store for a refund.
You will note that all three cases lead to rejection of Blu-Ray by average consumer. Mom, or your average consumer, wants a player where they can:
1. Buy any Blu-Ray disk
2. Put it in the player
3. Push play
4. Movie plays!!!
Anything beyond that, and you alienate your customer. Simple.
V for Vendetta: People should not be afraid of their governments. Governments should be afraid of their people.
I have sat in meetings with people from movie studios and software companies that make very popular burning software. Some of these people are also part of the DVD-CCA, the body that licenses the DVD copy protection system, CSS.
These people are completely deluded into thinking that CSS is still effective and necessary. They won't let online movie stores give their customers DVD burning capability (i.e. a dvd compatible with a DVD player, not a data DVD with a wmv file on it) unless it is burned with CSS. Which is impossible without a special burner, blanks, and software.
This, despite the fact that CSS has been utterly broken for 6 years. Despite the fact that putting "copy DVD" into Google gives you pages of links to software that will do it.
So don't expect the AACS-LA to give up any time soon.
How many people actually know what the number does -- what it specifically does. How many people would know how to use it, if given the opportunity, or even do have the opportunity? Does this number allow any one individual to utterly undo the studios? Does this number allow a wide distribution of individuals to significantly impact the filmmakers' profits?
I suppose what's irking me here is the dire response of the few speaking ot against the posting of the key who have actually getting through the mob of people trying to look cool by posting the key. The response reminds me of the "don't pirate movies... or we'll fucking kill you" ads at the front of movies in the theatres. I'm not suicidal, but there has never been anything that made me want to pirate a movie more than those ads. The heavy-handedess and seeming disconnect from the reality of the issue neutered their argument there, and neuters most of the arguments here. One part of the reality being: by the time the key made it to digg, everyone who matters in this issue, or rather the original issue, had alredy seen it.(the original issue being the actual state of the encryption, rather than the merits and demerits of posting keys and other numbers to public fora) Does that make posting the key now any better? Perhaps not, but the cat's already out of the bag... and the bag caught fire afterwards.
Also, the credit card number analogy also doesn't sync up well. Ignoring the problems of scale, the implication you make, and that seems to be nearly universal in all accounts of this story I come across, is that there is nothing else anyone needs to use in conjunction with this number to undo the encryption. Simply posting a credit card number does nothing. It is only when that number is associated with other pieces of information, such as the name of the account holder, that the number becomes usable. Here:
1718 3876 9622 8624
What's the name attached? The expiration date? What's the world's address?
This is my sig. It's prescription, I swear. I need it for reading things... on the other side of things
I thought a better analogy would be the blogosphere/anti-DRM groups aiming for the knockout blow, while AACS are just aiming to win on points decision at the end of the final round.
Your credit card and social security numbers are only for your personal use, they have nothing to do with controlling public behaviour, which exactly what HD DVD encryption keys are for. So you can't compare disclosing someone's personal information to disclosing an encryption key for selling digital media.
The fact that they are making so many pointless actions shows that they are scared. These clowns are outnumbered and powerless in a situation where users can simply ignore them without any loss to themselves. The funny thing is if their product actually worked, this situation wouldn't have happened. The good news is that they are wasting money and resources trying to scare and re-educate the public and that is one area they have no chance of winning. Anyone capable of doing anything with these keys or similar information isn't going to give a rats ass about anything the chairperson of AACS has to say. A lot of people didn't even know what these organizations were before, but once they do they often think of them as the Gestapo of the digital age. Thats not an image they will be able to overcome and it will always put a damper on their propaganda. I might have an ounce of respect for them if they actually used some common sense and good PR strategy, but they clearly think senseless threats are going to scare everyone into submission. In the mean time I'm not giving them a red cent. I'll save it for a good high speed connection or some new hardware.
...are the movie and TV studios. I can't help but think that the leak of these keys, as well as the other AACS cracks out there, makes the whole DRM scheme look like a bad investment to any independent movie studio wanting to release a movie. Why would they want to subject themselves to such bad press and customer backlash when new movies fail to work on old players? That seems to me to be the real end of the DRM scheme. On the other hand, wasn't the key discovered in WinDVD, a software player? That might lead to a short-term crackdown on software players in general, which would hurt many customers in the short term.
What on earth do they mean by saying consumers can 'continue to enjoy content protected by AACS.' Consumers don't enjoy AACS. Conusumers don't care. It doesn't help them. They don't need content protected. They just want to watch it. Encryption doesn't help them do that, it makes it more difficult.
Yeah I know, preaching to the choir.
Note to Michael Ayers. Stop lying.
I have a legitimate question. Both my father and my sister have an uncanny ability to read a poem or lyrics to a song just one time and have it committed to memory forever. Many people have photographic memory and can recall pictures in perfect detail or pages of text clearly. So, it isn't far-fetched a thought to have some genetically enhanced memory in my brain that allows me to recall video and audio in perfect detail, is it?
So here is my question: If I had the ability to do this, and I went to see a movie just one time... but afterward I replayed the movie over and over in my mind in perfect detail simply to entertain myself... would that be copyright infringement? Should I have to pay a royalty every time I think about the movie?
What if I had the ability to transfer my memory to another human being (much like telling a story verbally)?
Where is the line really; you might say well the memory is your own natural memory (even though it's enhanced). What if I had bionic memory that was mechanical and manufactured? What if I had a video/audio recording system implanted in my brain specifically to record video?
See? This is where much about intellectual property becomes a ridiculous prospect to me (and I even used to work as an intellectual property paralegal).
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
OK, now here's a thought experiment.
1. Get a big server, running Apache.
2. Generate a series of static pages containing every 128-bit number possible.
3. Make sure it gets indexed by Google et al.
4. Then wait for the legal threat from the AACS specifying which numbers are infringing their DMCA claim. They would have to specify every key.
5. Publish their legal threat letter containing all the keys, forcing them to revoke every key they have.
6. ?????
7. Profit!!!
Oolite: Elite-like game. For Mac, Linux and Windows
I wouldn't say anything about it either, but I did hear this great joke the other day...
A man walks into a talent agent's office, and says, "We're a family act, and we'd like you to represent us."
The agent says, "Sorry, I don't represent family acts. They're a little too old-fashioned."
The man says, "But this is really special."
The agent says, "Okay, well what's the act?"
He replies, "Well, my wife and I come out on stage and she begins to sing the "Star Spangled Banner" while I take her roughly from behind. After a minute of this, my kids come out and begin to do the same, but my daughter's singing the original "To Anacreon in Heaven" lyrics while my son performs anal sex on her."
The agent looks uncomfortable, but the man continues, "Just when my daughter hits the highest note in the song, my son and I switch partners. He turns my wife around and gives her a dirty Sanchez before having her perform oral sex on him. When the song's over and we're both getting close, we all stop and lie down on the stage."
The man smiles fondly as he recalls, "This is the best part: our dog then comes out on the stage, and he's trained to lick each one of us to orgasm in turn. He just goes right down the line, looking as happy as can be! We all get up and take a bow."
He looks at the agent and says, "Well, that's the act. What do you think?"
The agent just sits in silence for a long time. Finally, he manages, "That's a hell of an act. What do you call yourselves?"
"09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0!"
The television will not be revolutionized.
Google's intelisense auto complete thing now has it as the 2nd suggestiong after typing '09 F', lol.
I started laughing when I let the mouse hover on the third picture in this TheInq article : http://www.theinq.com/default.aspx?article=39411, the alt text says "And the magic number is: 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0" . Good job , Kudos The Inquirer ! :D
According this, they are going to sue large part of the human population on the planet.
From the BBC News.
"He said tracking down everyone who had published the keys was a "resource intensive exercise". A search on Google shows almost 700,000 pages have published the key."
They are going to run out of money long before they can finish 0.08%.
Well... because we can convert DEC to HEX
10965336890740 + 249983609689797 + 1666615488
and other variations on a theme.
Will they go after all numbers now?
http://img460.imageshack.us/img460/3686/psakittymk 8.jpg
/dev/random. Whenever I do "cat /dev/random", it spits out "09F911029D74E35BD84156C5635688C0"
l ag.svg the HD-DVD processing key is embedded in the image, as color codes on the flag
My wireless internet doesnt work, I am using 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 as WPA key, and got a D-Link 802.11n card on 2.4.21, what is wrong?
I am using the 2.6.21-git4 kernel, and I think that I have found a bug in
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
$ ping6 09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
unknown host
int main() {
char hexcode[] = { 0x09, 0xF9, 0x11, 0x02, 0x9D, 0x74, 0xE3, 0x5B, 0xD8, 0x41, 0x56, 0xC5, 0x63, 0x56, 0x88, 0xC0 };
printf("%x", hexcode);
}
$ ping6 09F9:1102:9D74:E35B:D841:56C5:6356:88C0
socket: Address family not supported by protocol
http://openclipart.org/people/Frap/Frap_Freedom_f
C:\>ping6 09F9:1102:9D74:E35B:D841:56C5:6356:88C0
Unable to contact IPv6 driver, error code 2.
You don't know much about encryption or one time keys, do you? A one time pad provides absolute plausible deniability. It is the only "perfect" encryption mechanism, as long as the key isn't revealed.
However, I will admit right now, that there IS a corresponding key that, if XOR'ed against the number on my blog post, will provide the magic AACS number. However, that is true of ANY 32-bit integer! As far as you or anyone else can prove, the key on my site is as much the AACS number as is the (decimal) numbers 1, 32, 192929, or 99999.
Brute-force attacks are impossible against a OTP. If you know the "secret", and one half of a OTP, then you can at most determine the other half of the OTP. It does not prove that either half of the OTP was intentionally designed as such.
What is posted on my blog cannot possibly be used against myself. It is a 32-bit integer, to which there is a corresponding 32-bit integer which will produce the AACS key; however, since that is true of any 32-bit integer, that doesn't exactly scare me.
But posting the encryption key to the content is not the same as talking about the encryption key to the content ...
The DMCA is unconstitutional because it keeps me from telling you how to watch a movie. Encrypted content should not be copyright because it does not meet the limited time period requirement of copyright. In fact, an encrypted DVD is not human readable, it's part of a machine, and should fall under protections previously granted player piano rolls - zero. I can go on and on with the more blatant absurdities here.
Friends don't help friends install M$ junk.
Fuck-you RIAA and consorts. (see .sig)
Hey, AACS, RIAA and MPAA. It's over. You've lost. Jack Valenti is dead and DRM is the new prohibition. You may have a couple hundred Congressmen and Senators in your pocket, but the rest of the country wants to see you flayed alive. At this stage, you might reconsider your business model.
France's highly regarded mainstream paper Le Monde also published the key, repeating it on purpose in their article. Now imagine how those AACS-LA lawyers will get laughed out of french courts should they try to curb Le Monde's freedom of press! C'est trop tard messieurs, get over it.
cpghost at Cordula's Web.
Option B:
...
...
6. Wait until they can ship it to you, could be days or weeks
7. Put in player and wait for it to install, hopefully it works
8. Watch movie (finally!!!)
9. Get fed up with new Blu-Ray player, and stop buying movies, possibly taking player back to store for a refund.
Option B-2
6. Wait until they can ship it to you, could be days or weeks
7. Put in player and wait for it to install, hopefully it works
8. The shipped keys have already been revoked; start over at step 2, again!
9. Get fed up with new Blu-Ray player, and stop buying movies, possibly taking player back to store for a refund.
If that were C++, my compiler would warn about step 9 being "unreachable code". I'd better amend step 8 to eliminate the infinite loop, and clearly step 9 needs a refinement:
8. The sent keys have already been revoked; start over at step 2, again! or proceed with next step
9. Get fed up with new Blu-Ray player, and stop buying movies, definitely taking player back to store for a refund.
- T
This is what's in your blog post:
0×9F911029D74E35BD84156C4635688C0
This is the HD-DVD key:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Your "secret" one time pad is 0x100000000. Honestly, it looks more like a typo than an attempt at encryption. And a judge certainly isn't going to buy that it's "accidently" similar. Especially when your "encryption" method is a non-encryption method. The point of encryption is to keep the contents secret. You've defeated your own attempt at an OTP by giving away 31 out of 32 nybbles. Hell, it's worse than that! You gave away 127 out of 128 bits! And then you suggest that I don't know anything about encryption?!?
I said it before, and I'll say it again. You cannot "hack" the laws like you're suggesting. If any common joe can see through your scheme, so will a judge.
Javascript + Nintendo DSi = DSiCade
P.S. You're certain that you have a 32 bit integer, eh? A 32 bit integer?
Javascript + Nintendo DSi = DSiCade
there is a logic to what they are doing.
Really? To me, it shows a serious and fundamental misunderstanding of "the digital world" as well as human nature.
These people actually think a global network (and it's participants) care about what they are doing. Most of the world does not. Therefore, any reasonable and logical person would conclude its a bad strategy because it depends on 100% success, which is unobtainable in a global environment. Anything less than 100% suppression, for them, is a failure.
Surely, anyone who knows anything knows the Internet is global, right? So why pursue legal strategies when you have no way of enforcing them globally? There is zero logic in that.
"The prestige of government has undoubtedly been lowered considerably by the prohibition law. For nothing is more destructive of respect for the government and the law of the land than passing laws which cannot be enforced."
~ Albert Einstein on Prohibition - My First Impression of the USA, 1921
Source: http://www.taima.org/en/quotes.htm
http://www.ingenieria-inversa.cl/files/vid.rar Beautiful hack. Instead of needing the master key, it hacks the code in memory to BYPASS the check. LOL
But it is illegal to post a string of numbers that is a credit card number, and identify it as a specific credit card, and provide the information required to use it. Just as posting the HD-DVD key is not illegal, but posting it and identifying it as the HD-DVD key is illegal under the DMCA.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'm not a lawyer, but I'm pretty sure they'd be required to show in court that it actually was their key, and perhaps even that it wasn't your randomly-assigned IPv6 address. DO you have evidence to the contrary?
It's hard to be religious when certain people are never incinerated by bolts of lightning.
...AACS has promised to take action against those who have posted the AACS crack online...
...We respect free speech...
Does not compute... does not compute... does not compute... does not compute...
Oh, and while I'm at it: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
"Speech can not do physical harm, so speech can not be criminal, no matter how repulsive it is."
I notice a fellow-free speech adept? I'm a pro free speech humanistic libertarian myself, but I do have some problems when trying to remain consistent. I'm curious about your ideas about some issues, and the question to you is: is it free speech/expression and should it be allowed or forbidden? (and if possible; why or why not):
- libel/slander
- yelling 'fire' in a crowded theatre
- saying/writing something verbatim from someone else
- virtual childporn
- real pornographic images of a minor, but where the minor took the pictures all by himself and of himself and wants to publish it at age 18?
- racist remarks
- books that deny the holocaust
- books/speech that call for illegal action
- literature that describes in detail how to make WMDs.
How would the free society as you view it deal with these topics?
--- "To pee or not to pee, that is the question." ---
It doesn't matter whether the information that's restricted is an encryption key for a movie, or embargoed results of a court case, or secret scriptures. It's about the design of the Internet. The Internet is designed to route around damage. The internet interprets censorship as damage and routes around it.
[mod parent up informative, someone]
Have to google on "internet 3.0" now.