New AACS Fix Hacked in a Day

VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."

It's still doing it's primary job

[Dachannien]

AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet.

That's really what the content cabal are most interested in. Piracy of their content is a foregone conclusion. It's been happening for decades, and in some countries, almost the entire market for their content is based on counterfeit copies. They've long since priced their "losses" into the cost of their product.

What AACS (and CSS before it) is really about is enforcing the other forms of DRM they've implemented, like user-operation prohibition (preventing you from skipping the pointless FBI notice, company credits, and best/worst of all, advertising) and region coding. Note that neither of those DRM schemes have anything to do with piracy prevention - they're just another route for indirectly extracting revenue from the consumer, by force-feeding advertising or by exploiting the arbitrage created when they don't release their content simultaneously around the world.

Re:Blank Stare

[notque]

I'm sure you thought that was deep, but dude, put down the stick, exhale, and re-read your lines.

There isn't anything deep about it, it just happens to be true.

You know, like this...

            The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country.
            We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society.
            Our invisible governors are, in many cases, unaware of the identity of their fellow members in the inner cabinet.
            They govern us by their qualities of natural leadership, their ability to supply needed ideas and by their key position in the social structure. Whatever attitude one chooses to take toward this condition, it remains a fact that in almost every act of our daily lives, whether in the sphere of politics or business, in our social conduct or our ethical thinking, we are dominated by the relatively small number of persons--a trifling fraction of our hundred and twenty million--who understand the mental processes and social patterns of the masses. It is they who pull the wires which control the public mind, who harness old social forces and contrive new ways to bind and guide the world.

By the Creator of the Public Relations Industry, and Nephew of Sigmund Freud, Mr. Edward Bernays

Re:If it's viewable, it's hackable

[Kadin2048]

Well, you're right that the key-revocation scheme was designed to deal with this, however where the problem lies is in certain assumptions that the people designing the revocation system made.

I don't think they ever thought that the keys would get compromised this quickly. The AACSLA is fighting an asymmetric war. It takes them, what, about six months to revoke a key? Maybe they could get that down to a few months, but it's still going to be difficult. They have to realize that a key is compromised, decide to revoke it, make up a new MKB, master a new disc, send that disc master to Taiwan or China for pressing, and import and distribute the new disc. There's only a certain amount that a process like that can be expedited by.

The revocation scheme was designed to deal with insecure players, basically as a one-off process. Player gets compromised? Revoke it. It's not getting them any security in its current state. Right now, they revoke existing key. New key is compromised after one day in circulation. They begin revoking it. Six months later, they revoke new key. Rinse. Repeat. What's the steady state of this system? The hackers win, because at any given time, they probably have the keys to all the extant discs.

Now, you do bring up an interesting point about blocking software players, and just eliminating them altogether. Setting aside the problems this would cause with the likes of Microsoft and other players heavily invested in the concept of HTPCs, it might slow things down. However, I don't think there's any reason to think that they keys can't be extracted from the hardware -- that's just too good of a technical challenge to pass up. And again, if the rate at which keys get compromised is much, much faster than the rate at which compromised keys can be revoked, then the AACS loses control.

Re:If it's viewable, it's hackable

[jZnat]

Why should we have to completely ignore our culture just because of some assholes at the top? The Libertarian solution to every problem doesn't always work, and in this case, it won't work. People are ignorant of the issue, and even if they knew about it, they'd rather continue indulging in their culture and entertainment rather than "fight the power". We need to think of a different solution, and continuing to break all the rights-restricting DRM they throw at us is, in my opinion, a good start.

If the law wasn't bought and paid for by them, a boycott might work, but since they are able to extend copyright to cover anything and everything for as long as they want, we cannot just vote with our wallets; they've got much bigger wallets than us.