Slashdot Mirror
New AACS Fix Hacked in a Day
VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."
Just for the record.
> You know, they say the definition of insanity is doing the
> same thing over and over again, expecting different results.
And Bartcop's second law says that if someone makes a "mistake" that makes them a whole heap of money, then they will make the same "mistake" again and again and again. They keep making new protection scheme revisions, the content providers keep buying in and hardware manufacturers keep upgrading.
These protection schemes aren't a failure as you seem to think. They're accomplishing exactly what they're intended for.
25% Funny, 25% Insightful, 25% Informative, 25% Troll
We all know this, I just think its funny that these media execs can't figure it out. I will never forget a story I heard from Westwood Studios back before they were bought out by EA (96-97 timeframe). On Red Alert 2, they spent a large fraction of the budget of the game, had 4 PhD contractors come in, trying to build a DRM system that would keep people from copying the game. It was cracked within 10 minutes of release.
After that they vowed never to try to put DRM on a game ever again, it cost way too much, and it didn't do anything. Besides that they got people all the time filling out their registration cards saying "I bought this game after I played the hacked version and I liked it".
DRM hurts sales, it hurts acceptance of a system, and it is expensive and pointless to deploy.
The only thing I disagree with is that it's trivial to copy DVDs. Even the least technically savvy person can put a music CD into their computer and press the Copy Disc button that's built in to the operating system now. DVDs are more difficult, and the new breed of discs seem to be harder to copy still (not that I have a high def drive to say for sure, nor the desire to support the anti-consumer technology).
AACS won't stop actual piracy, but even CSS stops (or slows) casual playground/sneakernet piracy, so in that regard I think the actions of the AACS-LA are appropriate. People talk about the millions of dollars and years of time to develop the system that is broken in hours for free, but if it keeps 80% of the movie buying population from switching to the mindset that "movies are free like music is" then a cost/benefit analysis will probably say to implement the technology.
In any case, the aftermath is fun to watch.
"AACS is broken."
No it's not, because they'll release yet another key next week. People have to keep breaking it until the underlying algorithm is broken.
CSS, on the other hand, is totally, utterly and irrevocably broken.
The algorithms underlying AACS are quite strong. However, in order to be able to play, AACS not only delivers the encrypted content on the disk, it delivers the key itself, in an encrypted format. And they deliver the key for that in the guts of every single player. Kind of daft, isn't it?
The AACS algorithm itelf hasn't been cracked. The encryption itself is based on AES, and it has no known practical attacks against it. The industry was smart about it this time, and made the spec fully open for review. What is happening is that they keep hiding the key under the mat, and we keep finding out where it is.
Done with slashdot, done with nerds, getting a life.
RSA is based on a computationally difficult calculation (factoring large numbers). The difference is that there is a secret key and a public key (same with SSL/TLS). Reconstructing the secret key from the public key is computationally difficult (NP-complete).
AACS is a form of a symmetric key system. There is some complicated math in calculating the derivative keys and allowing key revocation (the AACS encryption method is available on the net), but fundamentallly, they have a problem: The key to decode the disk must be present on the disc. Because this is a symmetric system (again, requiring some calculation from the master key in a hardware device doesn't complicate it that much), it simply cannot be made to be as secure as a system with a secret key. "Hacking" AACS doesn't actually require re-derivation from the master key, since there are so many opportunities to intercept the derived keys when they are "in flight" (in software decoders, for example)
https://help.ubuntu.com/community/RestrictedForma
The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.
--Ng
I couldn't find that Haiku
The article is misleading; the hacker posted the comment, not the site or its editors. I quoted the "Own Integers" Haiku ((copyright 2007 by Edward W. Felten)) as part of an Educational Post on the actual encryption. The F2T blog with the original seems to be Slashdotted... again. Imagine that.
I do admire BtCB sense of technical style.
//Information does not want to be free; it wants to breed.
It's also a delaying action until the time when they can reasonably expect to sell video playback devices that are always connected to a network, at which point they can do crypto exchange of passwords with a remote server and the consumer is, officially, screwed. It's just that right now not enough consumers will buy stuff that demands connectivity before it'll work.
Nostalgia's not what it used to be.
Oh get off your high horse. The wealthiest 1 percent of earners in this country pay 37% of tax revenue. How that got modded as Informative is beyond me.
A community-oriented lyrics site
The truly libertarian solution would be to get rid of copyright. Copyright is a governmental construct, not a natural right. We wouldn't have all of these issues of the MPAA trying to increase copyright length if there were no copyright to increase in the first place.
Learn some history. During the economic boom times of the fifties, the highest tax rate was 90% and that didn't seem to slow down the growth. Boo fucking hoo, 37%? My god, what a big whiner.
I'm pretty sure that saying 1% of the population pays 37% of taxes does not mean that their tax rate is 37%.
So... yer an idiot. Or at least comprehension-ally-challenged.
You are so wrong, and I have the data to prove it.
California and New York both receive $0.79 in Federal funds for every dollar in federal taxes paid.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Just for clarification, the parent was speaking of voting with your wallets being the libertarian solution.