AACS Revision Cracked A Week Before Release

stevedcc writes "Ars Technica is running a story about next week's release of AACS, which is intended to fix the currently compromised version. The only problem is, the patched version has already been cracked. From the article: 'AACS LA's attempts to stifle dissemination of AACS keys and prevent hackers from compromising new keys are obviously meeting with extremely limited success. The hacker collective continues to adapt to AACS revisions and is demonstrating a capacity to assimilate new volume keys at a rate which truly reveals the futility of resistance. If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'"

waste of time

[ILuvRamen]

If they put this much effort into making crappy movies not suck instead, they'd save a lot more money than trying to control every customer's lives

Re:waste of time

[luckingfame]

There was a great quote by Robe Zombie about those anti-piracy commercials in the movie theatres that were running for a bit. "I'm sitting in the movie theatre, what more do you want?!?"

Re:waste of time

[Rob+T+Firefly]

The best response ever to that ad comparing piracy to theft, beginning with "You wouldn't steal a car..." is posted here.

Re:waste of time

[Dogtanian]

There was a great quote by Robe Zombie Is that like a zombie that eats dressing gowns and kimonos?

Re:waste of time

[l_bratch]

The most confusing thing about the anti-piracy ads in cinemas (in the UK at least) is that they say something like:

"Don't watch pirated films - you'll lose the big screen image quality, and the incredible sound, and your view won't be spoiled by the person that goes to the toilet in front"

Whilst saying that last bit, they show a clip from a dodgy in-cinema cam job where somebody stands up in front of the camera.

What they fail to realise is that people do that in the cinema!

Re:waste of time

[TheRaven64]

In my local cinema, the sound quality is pretty poor (stereo only on most screens, and some muppet has done strange things to the equaliser that heavily emphasise the bass), and the image is slightly blurred and full of little flickers where dust has got into the film.

A DVD and a home projector and surround sound system give much better video and audio quality, don't have adverts, and can be paused when you want to get up and go to the toilet in the middle. For the price of two of you going to the cinema, you can buy a DVD and renting is even cheaper.

The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD. If they did simultaneous releases, then I would expect to see piracy fall a lot. Mind you, I'd also expect to see most cinemas go out of business...

Re:waste of time

[geoff+lane]

Hey! I like watching a 5 minute diatribe accusing me of being a criminal. I love the way that they don't allow you to skip or FF through the little moral tale. I don't care that I have to wait to see the movie I paid $40 to "own"... every single time from now until doomsday.

It's suggested that this single annoyance drives ordinary people to learn how to rip dvds and in the process eliminate the wonderful story about drug dealing pirates; I couldn't possibly comment.

Re:waste of time

[TheWoozle]

What DVDs have *you* bought lately? Mine have all come with 10 freakin' minutes of advertisements at the front that can't be skipped!

Re:waste of time

[Grishnakh]

You can always buy higher-quality DVDs on Ebay from sellers in Malaysia. These DVDs are better than the store-bought versions since they don't have commercials, and can play on any region player.

It's okay...

[Daychilde]

...I'm sure someone will solve the problem by writing more laws.

That's always the solution, isn't it?

(oy.)

Re:It's okay...

[digitrev]

I'm going to attempt an analogy. This may be horribly flawed, but there is some logic here.

The current downloading of copyrighted files is akin to drinking during prohibition. The laws were on the books making drinking (sharing copyrighted files) illegal. However, that didn't stop people from drinking, and in fact simply forced the alcohol industry underground, where it was taken over by organized crime. The temperance movement (RIAA / MPAA) did their best to keep the laws on the books forcing what they thought was a horrible thing to become illegal. However in doing this, they made criminals out of everyday folk who blatantly disregarded the less than sensible laws. Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

My point is that attempting to create or uphold laws that no one respects is futile. They can't and won't be able to prosecute every uploader of files, and eventually, the laws on the books will match the reality of what goes on in day to day life.

Re:It's okay...

[Maxo-Texas]

And now, the legal prices of booze are so low that there is no reason to make illegal booze.

There is a lot of reason to copy a $20 movie ($35... $70 in some cases). There is absolutely no reason to copy a $5.50 movie.

The movie company makes a lot less profit- but they still make a profit and anyone who pirates their movie is so clearly desperate for cash that the movie company isn't losing a dime on them.

Re:It's okay...

[Opportunist]

What's even worse is that if you criminalize people, they start to ignore the law. The sentiment being, if I already broke one law, what's another?

Look back to prohibition times and see just how violent they were.

Re:It's okay...

[Grishnakh]

Why not?

Why do people still make their own furniture with woodworking tools instead of just buying furniture from K-mart?

Why do people build their own computers from components, instead of just buying a computer from Dell?

Why do people install their own tile instead of just hiring a contractor?

Why do people write their own software instead of just buying it from Microsoft, or hiring a consultant to do it for them?

Why do people brew their own beer, instead of just buying a Coor's? (Moreover, why is this legal and distilling your own whiskey illegal?)

If a country values freedom, it shouldn't restrict what people do in their own homes as long as non-consenting people aren't affected.

Re:It's okay...

[jez9999]

Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

Like those arrested for possessing cannabis?

Re:It's okay...

[Odin's+Raven]

I'm going to attempt an analogy. This may be horribly flawed [...]

A Slashdot thread without a flawed analogy is like a frozen fishstick without a train conductor.

It's always "Question This," "Challenge That" -

[toby]

Damn you long-haired smellies! Why can't you get with the program and just passively CONSUME!

Extremely Limited Success?

[locokamil]

You mean "failure"?

Remember, kids: It's not torture, it's "enhanced interrogation techniques".

Re:Extremely Limited Success?

[Opportunist]

Problem with those eye candy movies is the same it is with the eye candy games: They'll never become classics. In 10 years, nobody will care 'bout the eye candy and will just see the crap around it.

Hex or GTFO

[aichpvee]

The article is missing the key, who's got it? I need to start a protest on digg!

Re:Hex or GTFO

[kebes]

That would actually be interesting. Digg ended the last uproar by saying "okay, we give up, go ahead and post it"... but by then the key had been posted to so many sites (largely in protest) that no one cared anymore. Even the AACS team must have realized that it was futile to now suppress the code. I'm sure they sent out plenty of other legal threats, but basically the code had been widely distributed.

But if someone posted a new Digg story, with the code... what would happen? Let's say Digg was the first (or one of the first) to "break" this story. Would Digg bury the story? Or let it stand? Would they begin another proactive campaign of suppressing the information? Or would they stick to their previous (rather belated) show of solidarity with their users? If they were one of the only sites distributing it, they would be (rightly) afraid of an imminent AACS legal threat.

It will be very interesting to see the reactions of the community and the AACS team as more keys are discovered and distributed. (Heck, it may occur that someone posts a bogus key story to Digg, just to mess with them.)

DRM

[Ckwop]

This is quickly making DRM look less like rights management and more like digital restrictions mockery. Of course, we knew this from the start. Any security strategy that depends on giving the attacker both the key and lock is doomed to fail.

The guys who make this DRM know its flawed but they still get paid when it fails. They must be quietly laughing all the way to the bank. Yet like morons the record labels keep handing money over. It's no wonder CD sales are declining when you're *that* clue-proof.

EMI has the right idea. Shock horror, if you give the customer what they want, they'll pay you for it. I never would have guessed!

Simon

C64 one more time

[Anon-Admin]

Sounds like the old days of the C64 boards. It started with 1day warez, soon there were 0day warez, before it was all done there were boards that only accepted -7day warez. That was warez (Cracked software) that were released no later than 7 days before the program was to hit the market!

Give up now and stop waisting money on something that will never work!

Re:C64 one more time

[badboy_tw2002]

True story: When I was a younger lad I got around that by taking my friends manual to the xerox machine at the library and for a couple bucks had the whole thing cracked. Much later on in life I ended up working for the same company I stole the game from. I took my boss out to lunch one day (he was the original programmer on the game in question), and as he offered payment I said "No no, its alright. I figure this ought to cover the royalties of the game I prirated :)" Guilt free am I!

Bravo..

[modi123]

I just gave my dual 21" dell lcds a mountain dew bath after reading "damned-time-traveling-pirates dept". I salute you editors - you have given me my happy thought. Now quickly, fly! Second star to the right and straight on until morning!

AACS?

[PineGreen]

That's the dumbest fucking idea I've heard since I've been at Microsoft.

Re:AACS?

[JensenDied]

Normally this would be the perfect place for a "You must be new there," comment.

Does anybody else...

[u-bend]

...feel like this will be one of those anthropological head-scratchers to historians in 50-100 years? DRM? What an odd culture they had there....

Re:Does anybody else...

[WilliamSChips]

More likely the other way around: the people who actually care about the art will let anybody experience it, while the people who only care for money will charge unnecessary costs.

The ever heard of cost vs benefit?

[SSCGWLB]

How is this economical for these companies? It should be simple:

ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit)

ProfitB = $MEDIA_INCOME - piracy loss

I would bet that ProfitB is significantly larger then ProfitA.

Ten years from now, kids will be reading

[zappepcs]

about the great Consumer Revolt of 2007 in history classes.

The list of revolt-ish type actions lately is getting quite long. I think the Internet is really starting to make its true value known.

Companies who want to force DRM on the consumers are simply terrified that they have no product and must force consumers to pay for distribution. The sad part is that they are wasting so much time, money, effort, and lobbying to try to stop what they never could before, and have no hope of stopping in the future; the sneaker-net is still alive and apparently doing very well with 500GB USB drives selling for less than 2 seasons of the Sopranos.

Digg, AACS, XM radio, and all that came before it. Oh, also that deal with the King and feet, the actress having sex on the beach... who knows how many more it will take ....

Re:Ten years from now, kids will be reading

[danbert8]

Sad, I read this whole comment and the only thing I'll remember is "actress having sex on the beach".

Corporate Hypocrisy- It's In The Game!

[Dogtanian]

Damn you long-haired smellies! Why can't you get with the program and just passively CONSUME! EA did it! They told me to "Challenge Everything"!

To which they replied, "Foolish boy, that was just a vapid and insincere corporate slogan designed to sound vaguely cool to wannabe-rebellious (and utterly conformist) 13-year-olds..."

My mistake.

Re:Corporate Hypocrisy- It's In The Game!

[drinkypoo]

My mistake.

Yeah, I thought that was a pretty reasonable response, until Apple told me to think different. Now I can't go back to thinking the old way! I think my mind is broken.

more like "calls DRM, period, into question."

[swschrad]

you have folks designing a roadblock into the process of decoding media, that doesn't always work, that is not supported on any of the minority OS... and they wonder why other folks keep cracking it?

you think maybe somebody out there in MogulLand would look at the swirling Warez underground, and for once think maybe, "geez, the free market says we are bumbling goons?"

apparently it only happens in Britain, where somebody at Electric Music Industries Ltd. woke up sober and straight one morning...

Re:more like "calls DRM, period, into question."

[Minwee]

"Somebody at Electric Music Industries Ltd. woke up sober and straight one morning..."

After having gone to bed the night before drunken and bi-curious?

Re:Activity time!

[vidarh]

16 hex digits is 8 bytes. Good luck trying to post 2^64 16 byte sequences anywhere in your lifetime.

AACS is done

[Jugalator]

I don't think hackers are always going to publically tell which software they found vulnerable, or if they went for the hardware, or exactly what. But it's quite clear they now understand where to look for the keys, so just changing them won't help anymore. And when you know the protection structure, I think this system is now pretty much as busted as the DVD protection became. GG

Cost Functions

[SlashdotOgre]

It amazes me that the movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy. The cost for a system like AACS must have been well into the millions, and I hope they realize that with all DRM systems it takes orders of magnitude less money to bypass them then it does to create them (and once a crack is known, that's all it takes). At the very best, DRM only buys them some time until it is cracked, and at worst is frustrates consumers to the point that they boycott the product. While the number of pirates may increase a bit if all media was DRM free, I don't believe it would be a significant increase from the amount who pirate now. I do believe the amount lost to new piracy would be less than the amount spent developing DRM, and perhaps the increase in sales due to people who only pirate because they hate DRM will off set that even more.

Re:Cost Functions

[Bent+Mind]

...movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy. You're not looking at the problem from the perspective of a corporate accountant. They don't look at developing and implementing DRM and say "look how much we are saving." Rather, they add it into their piracy cost projections and say "look at what piracy is costing us". Then they give those numbers to Congress and ask for stricter laws, harsher punishments, and more protection.

Re:Activity time!

[cfulmer]

Funny. I just did it. Of course, my file is compressed -- the decompression program takes FOREVER, but it's pretty easy to tell it to skip to the Nth entry.

Umm...

[fyrwurxx]

I never understood the MPAA/RIAA's approach to curbing piracy and increasing legitimate sales by imposing restrictions on those who pay for content. Think about it: a pirated album or movie comes with zero DRM and thus can be used for any purpose on any player an unlimited number of times. If I pay for that same album and purchase it through iTunes, I can only listen to it on my computer and my iPod. So here's my choice: pay for restricted content or download DRM-free content FOR free. Umm, who in their right mind would elect for the former?

A more proactive approach to curbing piracy would not restrict the rights of the consumer, but expand them. Instead of pouring millions of dollars into encryption schemes that are cracked before they're released, invest that money into innovations like exclusive or pre-release content for paying customers. I might feel better about buying an album online if a) I knew I could use that album any way I want and b) got a little extra in return, like an interview with the band, an exclusive track, preferential treatment for concert tickets, or whatever. I know these exclusive tracks and interviews could just as easily be pirated, but it's the thought that counts. If you (the RIAA/MPAA) respect my right and desire to use my movies and music how I want, I'll be more likely to respect your right to compensation for said goods. Either way, putting digital handcuffs on your paying customers is definitely *not* the right approach.

utter fuckpuppets

[PurPaBOO]

And then the utter fuckpuppets go on to say: "Buying pirated DVDs is stealing." This really gets my goat. Buying pirated DVDs is buying pirated DVDs. Stealing pirated DVDs would be stealing. Cnuts.

Or more succinctly....

[mutube]

Any law that makes a criminal out of the majority is a bad law by definition.

But I liked your analogy too.

Unobtainium should be free

[HTH+NE1]

The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD.

No, there are other reasons. One is that the movie is out of print in all regions, unavailable for rent, rare enough that no one is selling it used, and so encumbered with conflicting publication rights that it will never again be republished unless it manages to survive its interminable copyrigh++.