Slashdot Mirror
New AACS Fix Hacked in a Day
VincenzoRomano writes "ArsTechnica has just published an update to the neverending story about copy protection used in HD DVD and Blu-ray discs and hacker efforts against it. From the article: 'The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top. The hacker BtCB posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.' The article proposes a simple description of the protection schema and a brief look back at how the cracks have slowly chipped away at its effectiveness. It seems it'll be a long way to an effective solution ... if any. One could also argue whether all that money spent by the industry in this race will be worth the results and how long it would take for a return on investment."
You know, they say the definition of insanity is doing the same thing over and over again, expecting different results. Somewhere I picture entertainment execs, having been sold a big and expensive line of B.S. by the firm that developed BD+ (just as they had been sold the exact same line by the companies that developed CSS and AACS), sitting in some board room saying "Don't worry, THIS time it's going to work!" They just don't get it. If it's viewable, it's hackable--period.
SJW: Someone who has run out of real oppression, and has to fake it.
Just for the record.
the site posted the 128-bit key as a method of decrypting a small haiku that they placed on the same page, noting that it just might accidentally (wink, wink) be the same key that will decrypt new high-definition discs as well
I couldn't find that Haiku... Was it:
Broken it is now
Silly little execs
More Free DVD's
Infiltrated dot Net
My cat does this with spiders. Once he's got one of the hairy buggers pinned, he just sits there and waits for it to make a dash for "freedom". Then he chews another leg off it, and goes back to waiting.
Whenever I see this happen, I'm torn between horror at the grisly spectacle of such torture, and the guilty pleasure of seeing something I hate being toyed with so cruelly. If I can live with it in my own home, I can live with it in the media market...
Meta will eat itself
Indeed...one could argue that a company would better serve its shareholders and its long term interests by eliminating copy protection completely. After all, at this stage of the game, anyone who wants a pirated copy can either make it themselves, or knows some techie guy who can. Eliminating all copy protection would save money otherwise pissed away on ineffective measures that only serve to annoy legitimate users, and would build a measure of good will and consumer loyalty that is worth more than anything deterring piracy could realize.
____
~ |rip/\/\aster /\/\onkey
But, you know, most of these hackers aren't even doing this because they desperately want to watch Pirates of the Opening Weekend IV: At Wits End, since most people have better things to do than watch Kiera Knightley and Orloomdo Bland do their best dining furniture impression.
No, these guys break AACS simply because it's _there_, and the movie industry *dared* them to do it.
And you know what? By making it more complicated than DeCSS, they made BD+ and AACS simply become *even more fun* to hack.
These guys should befriend some supply-side economists to learn about incentives and how they work.
When will the legal system in this country catch on to the fact that DRM is a garden variety fraud, perpetrated by shady "engineers" on gullible content producers?
There has never been a working DRM system in the history of mankind. There will very likely never be a working DRM system. And I only say "very likely" because the rest of history is a very long time - but it is impossible to imagine how any such system can be built in the future, regardless of technological progress.
The roster of DRM vendors is a list of failed charlatans, with a track record of consumer ire, ruined reputations (the vendors' own, and their customers), legal liability (remember Sony?), and of course, enormous costs for their customers - their true victims.
I wonder if the spectacle of AACS' failure will finally begin to wake them to the fact that no one can sell DRM, because it doesn't exist - and the people who claim it does are no better than those selling magic weight loss via email spam.
Tired of Political Trolls? Opt Out!
This reminds me of a famous song... let's see what we can do with it.
*ahem* *ahem*
Turn around
Look at what you see
In their face
The keyword of your dreams
Make believe they're everywhere
Just encrypted in the lines
Written on the DVD's
Is the answer to our never ending story
ah ah ah
See the cracks
In their fantasy
crush their dream
show them what they'll be
Codes that keep their secrets
Will unfold behind a yarr
zero nine eff nine one one...
Is the answer to our never ending story
ah ah ah
Show no fear
For they may fade away
In your hands
The birth of a new age
Codes that keep their secrets
Will unfold behind a yarr
zero nine eff nine one one...
Is the answer to our never ending story...
ah ah ah
Never ending story...
ah ah ah
Never ending story.
I would have already bought an HD-DVD player had there not been DRM in place. If I knew I could make copies for myself, rip to a portable or my laptop easily, etc., I would already own an HD-DVD player an several movies for it. I guess the Industry doesn't take my demographic into account as it must be a minority, but surely there has to be some up-side to playing nice with consumers and letting us make copies/rips of their movies. I used to buy music, too, when I knew I could copy/mix/etc.
Would they lose a sale here and there because somebody copies a movie for a friend/family/neighbor? Yes, of course. Are they going to anyway? Yes. But...are they losing sales because of DRM in place? I think lots.
If the MPAA want to protect their stuff they shouldn't license the decryption algorithms to PC implementations. You'd think they would have learned that with DVD. Don't put secret algorithms on widely available hardware with lots of debuggers and hacking tools. Duh.
This would slow down the crackers a LOT - but not entirely.
AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet.
That's really what the content cabal are most interested in. Piracy of their content is a foregone conclusion. It's been happening for decades, and in some countries, almost the entire market for their content is based on counterfeit copies. They've long since priced their "losses" into the cost of their product.
What AACS (and CSS before it) is really about is enforcing the other forms of DRM they've implemented, like user-operation prohibition (preventing you from skipping the pointless FBI notice, company credits, and best/worst of all, advertising) and region coding. Note that neither of those DRM schemes have anything to do with piracy prevention - they're just another route for indirectly extracting revenue from the consumer, by force-feeding advertising or by exploiting the arbitrage created when they don't release their content simultaneously around the world.
Studio Exec: [pointing to a screen with code on it] This is a crypto program, to, uh, you know, what we use on DVDs, but it's very, very special, because, if you can see... ...the numbers all go to eleven. Look, right across the screen: eleven, eleven, eleven, eleven... ...nowhere! Exactly! What we do is if we need that extra... push over the cliff, you know what we do? ...Eleven. Exactly. One better.
Hacker: Yeah...
Studio Exec: [pointing to the parameters]
Hacker: Oh, I see. And most crypto keys go up to ten?
Studio Exec: Exactly.
Hacker: Does that mean it's better? Is that any better?
Studio Exec: Well, it's one better, isn't it? It's not ten. You see, most... most blokes, you know, will be coding at ten. You're on ten here, all the way up, all the way up, all the way up... you're on ten on your algorithm. Where can you go from there? Where?
Hacker: I don't know...
Studio Exec:
Hacker: Put it up to eleven.
Studio Exec:
Hacker: Why don't you just make ten better, and make ten be the top... number, and make that algorithm a little better?
Studio Exec: [pause, blank look and snapping chewing gum] This goes to eleven.
I know this has been mentioned before a million times, but...have dvd sales really been hurt that bad by the encryption for dvd being broken years ago? Those that will rip, will find a way to rip. The rest will buy the blueray/hd dvds.
Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?
Or how about simply stop trying to protect "content" I paid for and let me use it as I see fit.
This "war on piracy" crap has to stop , all it is doing is creating a false market for companies to sell them content management (and I use the term loosely) systems.
They need to rally sit back and look at the hacks that are widely available. Satellite , software , hell even bank cards. They need to either make the system more expensive to break , so there is no point in cracking it , but just buying the disc or they need to embrace what the people want.
Since at this point you are driving your customers away I would choose the second option , don't DRM the discs and let people use the content they paid for. Why make them pay 3 times for the same content, that is just basic bad business and money mongering.
This package Does Not Contain a Winner
At the time of posting, this gives 973 results. Click the link see how much further the news has spread.
Reduce, reuse, cycle
Does anyone else silently cheer whenever you read a headline about DRM being cracked?
I mean, I'm not an anarchist or cheering for piracy. I just think that DRM strips or at least greatly hinders fair use and artificially inflates the cost of media. The latter is particularly irksome: part of the cost of your CDs, DVDs, HD-DVDs, Blueray Discs is to pay for the research, development and deployment of DRM. I'm sure that's not a trivial cost.
The more I think about this, the more worked up I get: it's paying for features that nobody wants. We are literally paying more to get less.
Making personal copies of media, I believe, should be totally within our fair use rights. I know lots of people with young children who make copies of their DVDs. Their kids watch the DVDs over and over again, and their grubby little hands aren't well-suited for handling the somewhat fragile media. Solution: make a cheap copy of a DVD, and let the kids use that one. Likewise, I copy and encode all the DVD movies I own to my hard drive for a movie-on-demand system. I still own the DVD, so why can't I copy it? (Maybe I should thank the DRM pushers for trying to combat my laziness?)
Just out of curiosity... how big are HD-DVD and Blueray movies? Last I recall, the media sizes were 30 and 60 GB, respectively. Do most movies take up all that space? I mean (in my experience), most 480p DVD movies seem to average just under 9 GB (the full capacity of a dual-layer DVD).
We all know this, I just think its funny that these media execs can't figure it out. I will never forget a story I heard from Westwood Studios back before they were bought out by EA (96-97 timeframe). On Red Alert 2, they spent a large fraction of the budget of the game, had 4 PhD contractors come in, trying to build a DRM system that would keep people from copying the game. It was cracked within 10 minutes of release.
After that they vowed never to try to put DRM on a game ever again, it cost way too much, and it didn't do anything. Besides that they got people all the time filling out their registration cards saying "I bought this game after I played the hacked version and I liked it".
DRM hurts sales, it hurts acceptance of a system, and it is expensive and pointless to deploy.
Usually userfriendly.org can run atleast a few strips poking fun at the inevitability of the crack before one is actually delivered. I guess in the future they should make a stock strip and replace the daily strip with it the second a new AACS fix is announced.
Then again, considering all those pre-release movies out there, I wonder when we'll start getting pre-fix cracks.
I'm sure you thought that was deep, but dude, put down the stick, exhale, and re-read your lines.
There isn't anything deep about it, it just happens to be true.
You know, like this...
The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country.
We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society.
Our invisible governors are, in many cases, unaware of the identity of their fellow members in the inner cabinet.
They govern us by their qualities of natural leadership, their ability to supply needed ideas and by their key position in the social structure. Whatever attitude one chooses to take toward this condition, it remains a fact that in almost every act of our daily lives, whether in the sphere of politics or business, in our social conduct or our ethical thinking, we are dominated by the relatively small number of persons--a trifling fraction of our hundred and twenty million--who understand the mental processes and social patterns of the masses. It is they who pull the wires which control the public mind, who harness old social forces and contrive new ways to bind and guide the world.
By the Creator of the Public Relations Industry, and Nephew of Sigmund Freud, Mr. Edward Bernays
http://use.perl.org
We all know how to google for "09 F9". Some of have that key committed to memory. Or emblazoned on a sticker. Or you can google for "digg revolt". How many people know to google for "45 5F"? How many tshirts will have that? How many hits are on the front page of Digg?
After a dozen more iterations, how visible will those keys be? Easily available, yes. News, no. They go back to being "eeeeevil underground hacking codes" they can more easily legislate against.
Done with slashdot, done with nerds, getting a life.
They should have learned by now from the music industry - they need strip down all expenses, ie packaging, etc and just provide the content digitally. They could then distribute to selected centers such as blockbuster, etc where people buy a blank dvd and get it burned for a few bucks, and get to keep it as well. Make it so much easier / and cheap for people to get it from offical outlets than to download. I tell you, I would rather stroll around the blockbuster then sift thru shady torrents, plus I can't download pringles... - they could also give away a free toy with kids movies as well... (this seems to work for McDonalds..). They also have one distinct advantage over music in regards to movies - people only watch a movie a few times at most anyway before they are after their next fix. This should be the main focus of a new paradigm in movie distribution. They need to get this infrastructure in place now, as opposed to waiting, for as bandwidth speed increases it is inevitable that people will start to download movies like they do music.
To add to erroneus's nonerroneus post, the main thing that they get out of DRM and the DMCA is the ability to dictate exactly what every electronic media device in this country can and cannot do. DVD burners are becoming as common as CD burners, but burning DVDs for your friend is not as common as burning CDs as because you cannot legally purchase software to do so. At the same time it hurts customers (especially ones with young kids) who cannot legitimately backup their DVDs. You cannot copy videos from DVDs onto portable media players, because the companies that sell them are afraid of being sued. Only one company that I know of has prevailed in court over something like this, and they had were sued despite having copy-protection mechanisms built into their device. They want you to buy multiple copies of your videos because that makes them more money.
And it has been working. The number of people who practice wholesale piracy is and always has been fairly low - what scares them is that it might become more widespread if the general public were allowed access to technology which they might abuse. I don't think that is true, and I think it is fundamentally wrong to put restrictions on an entire country just because you fear that some might abuse their freedoms, but that is where they are coming from, and in their eyes DRM has been successful in achieving that goal.
But the real heart of the issue is that they want control for its own sake - not just because they have specific things they want to enforce, but because they have been in control for so long and letting go of any of that frightens them. They don't know what the future holds, and so their reflex is to tighten their grip as much as possible.
I find that most people need to understand the link between the encryption and the "features" that irritate them before they will actually realize why this is a big issue to a small number of people. For instance:
- Not being able to fast forward (or skip) through the FBI anti-piracy warning that everyone skipped on their VHS copies of the same movie.
- Not being able to fast forward (or skip) through the previews on all of the Disney movies they bought for their kids (therefore leading to their kids wanting all of the crap on the previews; and their kids complaining that the movie hasn't started yet).
- Not being able to copy the movie to their laptop hard drive before they go on a trip to prevent having to take that stack of DVDs through airport security and possibly damaging the disc in transit.
If they understood the reason for the things they have problems with, rather than just blaming it on their DVD player or a shortcoming in their computer, perhaps more people would be irritated by what the movie industry is doing. Instead, the focus of most press on DVD encryption breaks is piracy and copying movies, when the reality is that most people would be happy just to break the format restrictions and keep buying movies.
In a lot of ways I see the same issues with CDs, where the RIAA shot themselves in the foot by saying people were stealing their product by downloading MP3 files when they could have emphasized (and increased) the benefits of the CD format vs. MP3 files. Anyone that listens to a lot of Pink Floyd and hasn't listened to it in any format other than MP3 in a while should throw the CD in the drive and hear what's missing from their MP3 files. Instead, though, we get the music industry trying to make people buy their product again, in a more limited format, and trying to find a way to wrap the older product in a layer of encryption to keep people from ripping the files to use elsewhere.
-PainKilleR-[CE]
Just (2^128 - 2) more to go!
"A deadlock has been reached. One task must die. We must now choose between murder and suicide."
The algorithms underlying AACS are quite strong. However, in order to be able to play, AACS not only delivers the encrypted content on the disk, it delivers the key itself, in an encrypted format. And they deliver the key for that in the guts of every single player. Kind of daft, isn't it?
The AACS algorithm itelf hasn't been cracked. The encryption itself is based on AES, and it has no known practical attacks against it. The industry was smart about it this time, and made the spec fully open for review. What is happening is that they keep hiding the key under the mat, and we keep finding out where it is.
Done with slashdot, done with nerds, getting a life.
RSA is based on a computationally difficult calculation (factoring large numbers). The difference is that there is a secret key and a public key (same with SSL/TLS). Reconstructing the secret key from the public key is computationally difficult (NP-complete).
AACS is a form of a symmetric key system. There is some complicated math in calculating the derivative keys and allowing key revocation (the AACS encryption method is available on the net), but fundamentallly, they have a problem: The key to decode the disk must be present on the disc. Because this is a symmetric system (again, requiring some calculation from the master key in a hardware device doesn't complicate it that much), it simply cannot be made to be as secure as a system with a secret key. "Hacking" AACS doesn't actually require re-derivation from the master key, since there are so many opportunities to intercept the derived keys when they are "in flight" (in software decoders, for example)
https://help.ubuntu.com/community/RestrictedForma
The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.
--Ng