New AACS Fix Hacked in a Day

VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

If it's viewable, it's hackable

[elrous0]

Blu-ray discs with a further layer of copy protection called BD+ are rumored to be nearing delivery

You know, they say the definition of insanity is doing the same thing over and over again, expecting different results. Somewhere I picture entertainment execs, having been sold a big and expensive line of B.S. by the firm that developed BD+ (just as they had been sold the exact same line by the companies that developed CSS and AACS), sitting in some board room saying "Don't worry, THIS time it's going to work!" They just don't get it. If it's viewable, it's hackable--period.

Re:If it's viewable, it's hackable

[erroneus]

You're not looking far enough down the road to where this all leads. Hell, you're not even looking back on the road we've all be travelling where all of this is concerned. They know there is no knot that cannot be untied. What they are winning is the sympathy of lawmakers who are increasingly adding to the penaties of copyright infringement, writing new laws around the globe and generally extending copyright indefinitely. It's the quicksand they have us trapped in that they are after. The more people resist, the more legislative backing they receive. How long before whistling a tune as you walk down the street will get you arrested?

Music [and the arts] may have charms that will soothe the savage beasts in all of us, but these people want you to pay for the remedy and will do anything to make sure you do!

Re:If it's viewable, it's hackable

[c00rdb]

Except the less you buy, the more the industry claims that those losses are due to piracy. It's a never ending cycle.

Re:If it's viewable, it's hackable

[Ngwenya]

I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented.

Yes - just a small matter of implementation :)

You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.

Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).

And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.

Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.

All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.

I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.

--Ng

It's painful to watch...

[tygerstripes]

My cat does this with spiders. Once he's got one of the hairy buggers pinned, he just sits there and waits for it to make a dash for "freedom". Then he chews another leg off it, and goes back to waiting.
Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly. If I can live with it in my own home, I can live with it in the media market...

The other side of the coin

[TripMaster+Monkey]

From the summary:

One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

Indeed...one could argue that a company would better serve its shareholders and its long term interests by eliminating copy protection completely. After all, at this stage of the game, anyone who wants a pirated copy can either make it themselves, or knows some techie guy who can. Eliminating all copy protection would save money otherwise pissed away on ineffective measures that only serve to annoy legitimate users, and would build a measure of good will and consumer loyalty that is worth more than anything deterring piracy could realize.

Re:The other side of the coin

[hal2814]

"...anyone who wants a pirated copy..." (emphasis mine)

Aha, but that's the key. Most people don't necessarily want a pirated copy. They just want a copy. If the copy protection can be difficult enough to get around to not make it worth the average person's time, then they won't bother getting a pirated version. People who make a conscious effort to pirate the material cannot be stopped, but if you can make it difficult enough to pirate nobody else will bother. I think the movie industry massively failed in that regard with DVDs. It became far too easy to pirate them. I also think they'll also fail here, but I do see why they keep trying. If they can just make it hard enough, most people won't bother.

Re:Bad system

[minginqunt]

But, you know, most of these hackers aren't even doing this because they desperately want to watch Pirates of the Opening Weekend IV: At Wits End, since most people have better things to do than watch Kiera Knightley and Orloomdo Bland do their best dining furniture impression.

No, these guys break AACS simply because it's _there_, and the movie industry *dared* them to do it.

And you know what? By making it more complicated than DeCSS, they made BD+ and AACS simply become *even more fun* to hack.

These guys should befriend some supply-side economists to learn about incentives and how they work.

Maybe I'm in the minority, but...

[SkyMunky]

I would have already bought an HD-DVD player had there not been DRM in place. If I knew I could make copies for myself, rip to a portable or my laptop easily, etc., I would already own an HD-DVD player an several movies for it. I guess the Industry doesn't take my demographic into account as it must be a minority, but surely there has to be some up-side to playing nice with consumers and letting us make copies/rips of their movies. I used to buy music, too, when I knew I could copy/mix/etc.
  Would they lose a sale here and there because somebody copies a movie for a friend/family/neighbor? Yes, of course. Are they going to anyway? Yes. But...are they losing sales because of DRM in place? I think lots.

dvd sales

[dAzED1]

I know this has been mentioned before a million times, but...have dvd sales really been hurt that bad by the encryption for dvd being broken years ago? Those that will rip, will find a way to rip. The rest will buy the blueray/hd dvds.

Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?

Re:Bad system

[BosstonesOwn]

Or how about simply stop trying to protect "content" I paid for and let me use it as I see fit.

This "war on piracy" crap has to stop , all it is doing is creating a false market for companies to sell them content management (and I use the term loosely) systems.

They need to rally sit back and look at the hacks that are widely available. Satellite , software , hell even bank cards. They need to either make the system more expensive to break , so there is no point in cracking it , but just buying the disc or they need to embrace what the people want.

Since at this point you are driving your customers away I would choose the second option , don't DRM the discs and let people use the content they paid for. Why make them pay 3 times for the same content, that is just basic bad business and money mongering.