Slashdot Mirror
Analyst Says Blu-ray DRM Safe For 10 Years
Mike writes to let us know that a poster on the AVS forum says that the latest issue of HMM magazine (no link given) contains a quote from Richard Doherty, a media analyst with Envisioneering Group, extolling the strength of the DRM in Blu-ray discs, called BD+. Doherty reportedly said, "BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 years." He added that if it were broken, "the damage would affect one film and one player." As one comment on AVS noted, I'll wait for the Doom9 guys to weigh in.
A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.
I give it two weeks tops. The gauntlet has been thrown down.
bash: rtfm: command not found
*queue Mortal Kombat* Test your might... MORTAL KOMBAAAAAAAT!
I won't be buying BluRay discs for at least 10+ years. I don't crybaby about DRM, I just don't buy it if it doesn't suit my needs and can't be cracked, ergo if he's right I won't buy BluRay. This is one reason I like HD-DVD, it's had the shit cracked out of it.
"With this CSS we are putting on this DVD, noone will EVER be able to copy dvds" - Some CSS guy
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
So this is not really a *true* \. post... after all it should be a post quoting a forum quoting magazine quoting a guy quoting the original post quoting a forum quoting the magazine...
Hey, they're just ASKING for it. I give it 10 weeks - tops.
No point in trying to crack BD+ then.
I'll just have to wait for Dumb and Dumberer to be released to public domain in the year 2257 before I can enjoy it in all of its HD glory.
Peter
Downsize DC Today!
A friend of my cousin's roommate said they read a comment on the wall of a bathroom at an Ohio rest stop that said you should mod the parent comment up.
There you go, fixed that for you.
* examine the host environment, to see if the player has been tampered with. Every licensed playback device manufacturer must provide the BD+ licensing authority with memory footprints that identifies their devices.
* verify that the player's keys have not been changed.
* execute native code, possibly to patch an otherwise insecure system.
* transform the audio and video output. Parts of the content will not be viewable without letting the BD+-program unscramble it. But i have to think... If it has hardware access(or can run native code) what's to say someone wont make a disk that has a BD+ program that aids in the hacking? Once you break a way around(or through) the digital signature for BD+ your whole system is compromised, how is that a good strategy?
Imagine something close to, I make a disk with a BD+ program that once I have the program loaded I can eject the disk and put in a protected one, the BD+ can help circumvent the protection, and circumvent the BD+ on that disk. Vuala! BD+ makes it easier for me to copy.
If i had one dollar for every brain you dont have, i would have $1.
What it seems like they would be talking about here would be something similar to PKE. Err, no wait that doesn't make sense, must be something like what is used in prox cards with challenge/response...hrm...not that probably isn't what it is.....OH I KNOW! every disk comes with a monkey that kicks you in the balls every time you get the disk near a computer!!
Unfortunately, this alienates most of the Chinese player manufacturing market. But it does have the bonus of coming with a free monkey.
Lets make a movie starring the DRM monkeys and then post it into the intertubes! This would send an inverse monkey (also known as a something awful member) past the event horizon, causing the entire twisted fucked up backwards universe that the movie industry lives in to collapse upon itself!!!
FREE MONKEYS FOR ALL!
NewslilySocial News. No lolcats allowed.
In case you have to eat them.
To quote Bruce Schneier, "Making bits not copyable is like trying to make water not wet." I dunno 'bout those Doom9 guys, but I know enough of Bruce Schneier's work to trust his opinion on this one. I don't know what the digital-media landscape will look like when all this settles out, but I *don't* think it'll be neatly and unbreakably wrapped in DRM containers with price tags on.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
It's that they make movie execs happy, but they scare away the customers.
Who're the most important in the success of a product?
Beware: In C++, your friends can see your privates!
...it is as if they were just asking for it. Do we have a solid understanding of this Doherty fellow's finances?
You're thinking small. Why miniaturize the laser, when we could instead enlarge the sharks? -John Searle
Hmm, they seem to have skipped 8. The amount of gall in this little article (which is the PDF) is amazing. AACS was "partially" cracked. BD+ is a second line of defense, four times as safe, and just like six weak locks that you don't think work, which, by the way, is magic.
What is this guy smoking?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
So far on this thread 3 dates have been suggested: 10 days, 2 weeks, and 10 weeks. This sounds like the beginning of a /. poll...
How long do you think it will take for Blu-Ray DRM to be cracked?Ben Hocking
Need a professional organizer?
... I'm pretty sure I saw a bd-movie floating around somewhere. Does that mean that all bd movies are not protected by bd+ ? (honest question, I didn't read the article, neither did I do any research on what other protections might be available for blu-ray discs...)
I'd look, but the site is slashdotted. I only know AVS as Adult Verification System, and I don't know what smut peddlers are doing commenting on DRM. Even wikipedia tells me nothing except it's an old name for the Nintendo.
The best way to find holes is to throw down the gauntlet to the hacker community and let them attack. This will give BluRay time to eliminate mistakes before players start rolling out the door for next xmas...
This analyst is out of his mind. Of course, the Content Scrambling System, the "invincible" content protection on DVDs, worked on a key based system that allowed the revocation of compromised keys.
While Sony has worked on Blu-ray DRM after the failure of the CSS, calling it uncrackable is insanity. Harder to crack? Maybe. Impossible? Definitely not. Anything that allows analog playback will be crackable. And, even with digital signal, there will be some method of attack.
Even if the security on Blu-ray discs turns out to be only slightly cracked (and subsequently fixed) for a few years, they'll still be DVDs in the meantime (a studio would have to be insane not to sell DVDs and alienate a huge market). And, of course, "Media analyst" sounds somewhat like "Sony shill".
...Is that was a statement made 9 years, 11 months and 28 days ago!
The blogger quoted actually had a very keen insight that not only would sony introduce a new standard... but that it would be called BluRay and that the DRM scheme on it is set to be cracked in 3 days!
Well, back to rejecting software patent applications.
Widespread Blu-Ray adoption not likely for 10 years.
Coincidence? Possibly.
--
Toro
letting me know how hard you worked to make a product that restricts my use of it after I would bought it. I'll stick to dvd's for now till a company comes out with a storage media that where I wont be buying cripple ware.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
AV (audio-visual) Science Forum. Sorry to be a n00b.
It wouldn't be a /. poll without missing options!
Ben Hocking
Need a professional organizer?
I'd say it's good bet that any encryption today will be broken in less than a decade. Turings's law says that if it takes 10 years to solve a problem today but in 5 years it will only take 3 years then you're better off waiting 5 years and saving 2.
I say we start with sharpies and work from there.
1) Don't even try hackers
2) Go ahead, hacker, I am taunting you.
3) Consumer, buy Blu-ray discs because your local pirate won't be stocked for years.
4) Vendor, HDDVD is hacked, go with us for more sales instead of losing untold billions in piracy.
I'm sure there is an actual reason.
God spoke to me.
Read what BD+ really is: .html
http://www.cryptography.com/technology/spdc/bluray
This means that each Blu-Ray disc has a computer program compiled to execute within a proprietary, secure VM. What this means is that each disc has a program built into it whose purpose is to boot, validate that it is running on licensed hardware, enforce security policy, and if those checks are met, extract a key from its own memory and play the content.
What does this mean for people attempting to defeat the security?
Well it means that a full crack of BD+ will require crackers to implement a virtual machine which acts in exactly the same way as the hardware VM would act. This represents a what I will casually call a "larger challenge" than defeating CSS or AACS, in which you have to decrypt a key or a list of keys. In this case, you have to come up with something which can determine the full dynamic runtime execution path of a static binary - a currently unsolved problem in Computer Science, despite numerous attempts to do such a thing by some of the world's brightest minds.
Just putting the same source code through a randomizing compiler/packer/obfuscator of the types that game companies have been working on for a while makes the challenge immensely harder. Precedent? http://spa.jssst.or.jp/summer-2005/paper/05046.pdf
There's too much to talk about.
And who's deployed this type of technology already? Who has a secure virtual machine with secure bytecode doing challenge-response to determine hardware legitimacy? People Who Care: a lot.
The other major problem is that the challenge-response authentication made by the program contained in the disc against the embedded hardware will require a "real" cert to succeed. Yes this is the TPCA/Palladium "sky is falling" scenario come to pass. Either the implementors made a cryptography implementation mistake, or someone with a scanning, tunneling electron microscope figures out how to defeat the epoxy guards and actually read the private cert material off a chip, or someone with a previously unheralded supercomputer or mathematical technique breaks the key from a known subset of challenge/response pairs... - or, it will remain unbroken. It is strong, known algorithm public key cryptography.
What's really interesting about all this is if someone DOES find a way to break BD+, there is really strong incentive for them to use it to break & release movies rather than release code which performs the break. Why? Get yourself a windows VM and download all the latest in DVD-breaking binaries: ripit4me, dvd decryptor-last, dvdshrink-last, etc. Then set windbg to be your default debugger, and start trying to break very recent DVD releases. What you'll find is that the entertainment company is employing people to literally find security holes in the input to the cracking tools - the dvd image itself, and then embed "exploits" into their dvd images. There is data on those discs that has no other purpose than to crash certain binaries. It becomes obvious once you trap execution in a debugger and know a little bit about x86 asm. Don't get me wrong, they're not executing arbitrary code, just causing a DoS - but that's only because they know they can't. Some of the conditions they've found and abused are CERTAINLY exploitable. But they also know that putting shellcode in their DVDs defeats plausible deniability, which is a hell of an asset.
Now push this knowledge forward to BD+. If someone actually manages to set up a "shim VM" that executes BD+ language and acts as a proxy between secure hardware and the bytecode, and RELEASES that VM, then we know the entertainment companies are going to enter a reverse engineering arms race. They're
Is all this DRM on BlueRay and HD-DVD optional? Ie. if I were to release a movie under the creative commons liscence, could I put it on one of the new formats in a way that it would be playable on a Linux box?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Do these guys like to look like idiots.
My days of not taking you seriously are certainly coming to a middle...
'cause I'll start buying blu-ray movies when the encryption is cracked!
--
Given enough personal experience, all stereotypes are shallow.
The DVD format wars have no effect on me. I just watch the Simpsons and Southpark.
Did he say 10 Earth years? Well how do you know he did not mean 10 Mercury years? :) :)
Plus, financial analysts should have pretty much taught everyone not to trust most analysts
Hyperom.com
A friend of mine bought a TV recently. They can shove a USB stick into the bottom of it and play movies they download from the internet directly. They don't need a DVD or a player. How far away is it until thumb drives can store enough information to effectively play a movie that with all the data included in an entire HD-DVD or Blue-Ray disk?
Will all players as we know them be redundant in a few years?
No matter how good the encryption, you can always scrape a recording of the data and convert it to another format. If they can't stop the downloads, they can't stop the piracy.
If the pattern goes 9am, 10am, 11am, why isn't noon 12am?
Maybe he'll be prepared to make a bet with his _own_ money to the effect that the bluray DRM won't be broken before 2017 (sounds a long time away don't it?)
Good post - someone should mod up the parent.
oh yah, and on the 10 years, lol
Do you know just how smart the guy who invented BD+ was?
Let me put it this way: have you ever heard of Plato, Aristotle, Socrates? Morons.
When they came for the communists, I said "He's next door. Take him away. Goddam commies."
10 years is 1011010010 days, including 29 Feb 2008. That sounds about right.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I assume this means one player type, but even if not, a system break can also be done by generating an automatic procedure that breaks every instance.
Even if it means exaclty one player, with P2P filesharing that is already enough. Look at the preview copies. That is one original instance and a few days latter you can get them everywere.
Then there still is the ''analog hole''. Fit an LCD driver (i.e. the thing that drives the pixel) with high-speed A/D converters (not difficult, and signals cannot be encrypted at this level) or read the bus between display controller and driver chip (may or may not be difficult, depending on whether there is encryption here, but does not need the A/D converter, so it would give a better signal). I expect this is a relatively cheap project any good EE or electronics tinkerer can do. Again a single copy of a movie is enough.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They just want to know if the media will last, and if you will be able to buy players for it in the future.
It is all about the popularity of the format, for whatever reason.
This issue is a bit more complicated than you think.
This is very interesting. Could you please provide a link to the paper?
It can't be cracked by a ten year old. We have it in writing now! Quick, look for 9 year old Math PHDs.... All it takes is a hammer and that Blue Ray Disk is cracked up... Seriously though, there's nothing about that piece of plastic which means we can't figure out how it works. Taunting people like this just speeds up the process. Weren't these the same people who used a DRM scheme which crashed MACs and could be defeated by a sharpie?
Here's to losing my Karma Bonus again....
I outsourced my calculations to some peasant in a third world country.
The correct value is 1011011011 days.
Next time I'll hire a local peasant.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
how secure they make the media. Cracks will follow the path of least resistance. If every form of media moved to some form of uncrackable quantum encryption tomorrow, it wouldn't matter. Someone would crack HDCP, and the content would be available there.
If not HDCP directly, then the processor to LCD data path for some el-cheapo monitor which supports HDCP. There's always some point in the chain where protection is weak, or simply doesn't exist.
It is simply a futile endeavor as long as the consumer ultimately gets access to (i.e. can view/listen) to the content. Of course, they have no product if the consumer can't.
"National Security is the chief cause of national insecurity." - Celine's First Law
Keep in mind that any kind of "high definition," as opposed to let's say normal DVD definition, only really makes any kind of sense if you have a 6-foot (2 meter) or larger LCD or plasma screen. How many folks even have the room for such a monstrosity? And the larger the screen, the farther away you have to sit to see the damned thing. So you've got a situation like the ad for projection TVs where they project the movie on the side of a hydroelectric dam. Great! I'll spend my hard earned money on that! ;-) This is the same disease you have with digital cameras with the idiotic quest for more and more megapixels that require larger and larger storage devices, all so some shlub can take a bad picture of his kid at the beach.
that this claim shares tags with Steorn's claims of free energy?
Dark Helmet: "I am your father's brother's nephew's cousin's former roommate." (Spaceballs 1987).
I dunno, has anyone cracked Magic Gate, the Sony DRM built into every MemoryStick since 1999? It's been 8 years for that one.
--
make install -not war
More likely that man is a whore.
They're all just trying to screw the public. Microsoft and Sony are as bad as they get in the electronics department. Toyota and Ford have cars well covered.
We need a few more people like Ralph Nader and David Horowitz and a lot more average consumers willing to take these bastards to the mat.
Copy that floppy and give it to your friends. Forge Jack Vallenti's signature on it. I'm not advocating that anyone do anything immoral or unethical, just that they stand up for their rights by getting even with the thieves, in any way possible.
All I know is that this sounds like a "double dog dare". My money is on the crackers in 12 to 18 months or less.
Tequila: It's not just for breakfast anymore!
Thats pretty much how it goes. It sounds like it works much like modern game protections, with full blown Virtual Machine, P-Codes and all that shizzle. Problem is, it can and will and has been cracked before. And once you crack 1 player, well. It'll be on Bittorent/FTPs before you can say, "gotcha!".
Because of Doom9's policy on links, I can't provide a direct link, but in the June news at the Doom9 website, Doom9 himself said that until the BD+ discs come out, nobody knows what will happen, but based on the spec, it is possible that it will be uncrackable. My best guess at this time is that the only way it will be cracked is if either the implementation has a gigantic hole nobody thought of (always possible) or someone gets an illegal peek at the hardware specs for the VM and is able to implement it in software. I'm not optimistic at all that BD+ will be cracked. If any of you care at all about DVD on HD formats and you want to be able to convert your future purchases in that format to other formats to watch on other devices you own such as video iPods, you better hope that BluRay fails.
maybe you'll be right but don't think for one second that it won't be on purpose.
the more a company can show that they've taken every measure that they can to avoid piracy but it hasn't helped the more they can get congress on their side and have the new laws roll. even laws that really have nothing to do with piracy or the dmca. think of things like patent protection that would fly under the radar, attached with plenty of otherwise "harmful to innovation" clauses.
so laugh it up. the independent tech sector is cutting it's own throat! you'll be the same bitches crying when they pass more laws with heavier fines, longer copyright protection and more corporate friendly language.
It will affect only ONE film and ONE player?
So what? All you need for a breach in security is ONE film and ONE player.
So, crack the DRM, and then put the cracked copy up on Bittorrent. Simple. You could even post multiple copies on Bittorrent from breached or leeched WiFi to avoid anybody zeroing in on the initial source machine. Bingo. Now you will have millions of copies made from ONE cracked disc/film.
In terms of making the process available en masse, couldn't you just create a program that would automatically crack the disc? I mean, the parameters and procedures are all the same, with the values just being a little different.....
Just my $0.02
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Look, buddy, AACS is wide open. We can retrieve the content without a key, and we even have a key to do it your recommended way. And we can easily get another few dozen if you successfully revoke 09 F9... .
(By the way, did you know that goggle suggest suggests the whole key after you type "09 f9"?)
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
...already exist. You don't need to break DRM. Top-end equipment that captures the signal in really-damned-close to original quality costs under $2K. Any serious video shop (DVD duplication, etc.) already has this stuff, and there's plenty of less-than-scrupulous workers that will be happy to drop in on a weekend and rip a few for their buddies. "Take 10 years to crack" DRM? Sounds more like a way to create lots of frustrated consumers to me.
All pass beyond reach of medicine. None pass beyond the reach of love.
... not just our freedoms.
Pompeii, Stone Henge, The Pyramids... and closer to home, photographs and films of events such as WWI. All these a window onto past lives. This is just another thing that greed is destroying - the evedence we leave for the future. Our society's use of land is not going to leave anywhere near much history behind in the form of archeology because of our intensive use of land.
DRM just adds to this lack of information for the future. Is this the beginning of an age that will be seen as the New Dark Ages, because of unchecked corporate greed?
Just makes me wonder about what road is being taken, and how it will be seen looking back from future generations.
So information on BD+ seems relatively hard to find. The best explanations I could find are this presentation, this pdf at dell and best of all this general discussion of SPDC.
... And I used to be rooting for Blu Ray.
The basic idea here is that BD+ allows the BluRay maker to embed virtual machine code (and apparently native code) on their disks which are then executed on the host machine. This code then somehow verifies that the host machine is uncompromised (memory footprints apparently) and then executes whatever process is necessary to decrypt the key that allows content access. Now it seems likely that there is some additional decryption process similar to AACS that decrypts the BD+ virtual code. Perhaps this decryption process is implemented better than the one in AACS but that is the only security advantage BD+ provides.
The only extra security that BD+ can offer over an AACS type system is security through obscurity. There has to be some general cryptographic process to decrypt the BD+ VM instructions. Once decrypted an attacker who is aware of the BD+ standard just needs to emulate the virtual machine and have it pretend it is a valid device to access the content. The BD+ people can talk all they want about memory footprints and tamper checks but these are just a complicated private key for the device. Separating out these functions and putting them in a VM just makes the specification of the encryption scheme more complicated (and more obscure) but doesn't fundamentally increase the security.
So why do the studies want BD+? Well maybe they've been taken in by the claims of extra security but the more plausible reason is that they want the extra control BD+ gives them over their content BD+ might not be a real impediment for the serious pirate/hacker but it does allow the movie studios to implement even more fine grained control over how you use their content. The virtual machine might be set up to prevent you from watching the movie more than once, from using a streaming feature of the device, from using it after some fixed time. Imagine, for instance, movie companies creating tiered pricing based on how many rights you want to have. Say make you pay more if you want to stream it. Disney might release their next version of Aladdin on DVD in two classes. The 'gold' class that lasts forever and the standard class that only lasts 5 years. Well you get the idea.
So no I don't buy the argument that this feature makes the system much more secure (except insofar as it might eliminate some fuckups in how the AACS system was defined) but it certainly is in the Blu Ray consortium and movie theater's interest to portray it this way. Maybe this explains the much wider adoption of Blu Ray by the theaters.
If you liked this thought maybe you would find my blog nice too:
Ha-ha-ha, lol, rotf, lol, etc.
I have faith in the community.
I predict it will be less than a year.
Years before that happens, I'm sure we'll either be using holographic or solid state media.
christ, the aacs was hacked in less than a week.... I'll give blue ray about a month... juss because it's open source. trust me if there's a will, there's a way, and stating your tech is unhackable is a challange to those of us who have the resources to try and crack this stuff... besides it's my movie, I bought it, I won't go and give somebodey my movie just becasue everybodey else is.
destiny, chance, fate, fortune; they're all ways of claiming your fortunes, without claiming your failures. -gerrard
1. Insert bluray disc into licensed player with nice HDTV.
2. Record with nice digital camcorder
3. ???
4. Profit!
Ahh the analog hole, still undefeated!
"Crack"... obviously...
Or some hardware manufacturer gets its server hacked and someone downloads the code, or employee theft, etc. Social engineering is going to be more useful the farther we go into this digital rights thingy.
* execute native code, possibly to patch an otherwise insecure system.
But i have to think... If it has hardware access(or can run native code) what's to say someone wont make a disk that has a BD+ program that aids in the hacking?
They're building a player (and player software) that silently loads and runs executables from the DVD with sufficient authority to inspect the machine's guts and patch the OS. Then they're licensing (i.e. distributing) this technology to anyone who wants to make and sell Blu-ray content (and even if the content maker didn't license it, it will run any executables he installs on his disks).
Sounds like a Blu-ray version of the Sony Rootkit debacle is inevitable.
Not to mention counterfeit movies loaded with malware. (Crooks rarely stop at breaking just one law.)
= = = =
Unlike Microsoft, these people are explicitly building a product BASED on compromising the security of its users. Such misuse is readily foreseeable. I can just hear the lawyers gearing up for the product-liability suits.
This architecture raises "defective by design" to a whole new level.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
You won't do it, because you believe it can't be done.
Those who will do it, will do it because they know it can.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
If it can be played, it can be copied. It might take custom software or even a custom graphics card (I mean, when it gets down to it, how are you going to circumvent copying the bitstream at the GPU?)
Once it's decoded and passed to the video card driver, Big Brother has no more control where those bits end up. And with digital displays, these days, the "analog loophole" doesn't even have to be analog anymore.
Paleotechnologist and connoisseur of pretty shiny things.
Thank you for your comments. You should get an account. I read slashdot with the hope that I encounter people like you.
Nature journal lied in Britannica vs Wikipedia Ask to retrac
regarding Lynn Prince Singapore, i had trouble accessing the URL you mentioned. but i found enough here to 'be afraid, be very afraid'.
:-)
if you don't see her background described on the page (you won't), click on her name in the menu on the left. DoD people like to keep low profiles
Is all this DRM on BlueRay and HD-DVD optional? Ie. if I were to release a movie ...
...
On HD DVD, yes the DRM is optional. There have already been a few HD DVDs released without AACS.
On Blu-ray, no. The spec requires you to use (and pay big $$$ for) at least AACS in order to create pressed discs (although BD+ is optional).
If that's correct it's the end of the format wars:
- A flood of low-budget porn is made for HD DVD. (Only high-budget stuff can use Blu-ray.)
- As happened in Betamax/VHS, the porn drives the purchase of players. HD DVD players become pervasive.
- HD DVD wins.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
A hack seems inevitable now. Thanks.
Read the whole talk here
Loading...
When information is power, privacy is freedom.
Blu-Ray players don't contain some mystical impossible-to-duplicate VM.
It's a fucking Java VM. It's not anything bizarre. It's Java. Completely free VM implementations for Java already exist.
Oh, how do I know it's a Java VM? =) I know the people at IBM who wrote the Java VM that's used to play BD+ Blu-Ray discs on the PS3.
Question for you, since you seem knowledgeable:
How do you implement a security system like this in software? Or do you just not do it at all?
Seems like the way that both DVD's CSS and AACS were broken involved software players. Unless Sony simply plans to just prohibit playback on general-purpose PCs, they'll have to create some sort of software implementation of the player hardware, which would mean the VM.
If they only allow playback on dedicated hardware, then I can see how this might make cracking somewhat harder, but that seems like a high price to pay: it eliminates the entire HTPC concept.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The product will pass/fail on factors other than the DRM, or lack thereof, that it uses.
> In this case, you have to come up with something which can determine the full dynamic runtime execution path of a static binary - a currently unsolved problem in Computer Science, despite numerous attempts to do such a thing by some of the world's brightest minds.
You do not do the Halting Problem justice. Few if any bright minds are trying to solve it, because it is unsolvable. Trying to solve it is like trying to build a perpetual motion machine.
> Well it means that a full crack of BD+ will require crackers to implement a virtual machine which acts in exactly the same way as the hardware VM would act.
Well, if there's a software player, you could also use that. And this VM is probably pretty simple since it's specialized; the hardest part would be figuring out the specification.
All of your comments are irrelevant to actually getting around the DRM. You can yell all you want, "WAAAH! THEY CHOSE A GOOD ENCRYPTION ALGORITHM," but the fact that DRM is impossible still remains.
If it's too inconvenient to crack it, then rerecord the unencrypted output as it comes out of a legitimate player. It's that simple. You can't hide and reveal information simultaneously, and no amount of cute obfuscation in the player code will stop that.
The absolute worst that this can do is make it so that you can't play protected BD+ discs in Linux without WINE or VMWare or something. In this case, the easy and obvious workaround is to pirate the movie you want and burn it, unprotected, to the media of your choice. And, as available bandwidth continues to increase, this workaround will become even easier.
vi ~/.emacs # I'm probably going to Hell for this.
What's the difference between someone sporting a sign on their back that says "Kick Me", and some talking head saying "...won't likely be breached for 10 years."?
Someone with a "Kick Me" sign just looks stupid. Someone saying something won't be hacked soon looks stupid now and proof of it will be supplied soon. In fact they're worse than stupid, they're all but begging people to do it in order to prove them stupid.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
If you're going to beat people over the head with your superior knowledge, it helps to actually have it: this doesn't have a bloody thing to do with the halting problem. You're not trying to come up with a general purpose algorithm for determining if any algorithm halts, you're coming up with an algorithm to trace the execution path of a specific algorithm that you already know halts, based on a limited instruction set. At worst it's NP complete, but even those aren't unsolveable, they're just non-polynomial, and brute force still works just fine when the problem is small.
But reverse engineering the VM won't do much good anyway when any changes to it are pretty effectively locked out. Of course, a software player could blow things open all the same -- that's really the only way that even AACS is being cracked even now.
Comment removed based on user account deletion
Not quite. While you raise, on first view, many interesting points, most are just straw men: no substance.
You started on the right path. Then you went completely off! Crackers will simply have to do that: make a VM that's compatible with BD+. None of this full dynamic analysis hogwash.Thing of all the video game systems and arcade machines. The video games on them had protection schemes, yet, can't emulators play these games? Yes they can. This is no different. Again, no, crackers don't care. Emulate the protection layer! Yes, with client certs witch can be stolen: people have physical access to the hardware. No amount of silicon will change that. Even IBM's expensive crypto pci cards for bank machines have been successfully attacked. The costs required to even attain a fraction of their security (batteries, temperature and x-ray sensors, etc) would, in a retail unit, be well over what the market would be willing to bear. To be completely broken yes, but that is unnecessary. One just has to have broken everything released up to that point. While I do agree with you, I do for different reasons. Assuming the break was done by stealing a device key, such output only releases would be better, since it would be more difficult to discover exactly witch client key was stolen.
As far as breaking VMs? Who cares: they break it; a bug report gets filled; a week later a patch comes out. Yes, well that is to say just as instantaneous as the response to the recent ACCS breach: a couple months. The only thing they can do is make security better for future disks (or reprints). They can't change the past. It would have been better this way. While there were a bunch of great links to papers, they we missuesed. Your post was a great troll, by the way.
Try and rip "The Pursuit of Happyness" with DVD Shrink. It will not work. (I wouldn't watch that garbage, but my friend's girlfriend would, and she wanted it on her iPod.)
It will, however, work with AnyDVD, so once again, the morons in the suits are one step behind and a few million dollars too much.
well, i have nerver cracked a virtual machine before, but, wasnt cracking installshield something similar? maybe similar to Pcode? Read input bytes, compare opcodes, branch, repeat.
Comment removed based on user account deletion
Next weeks slashdot post will talk about how the Blue Ray DRM was cracked.
Or maybe next months.
Envisioneering Group this is Dan Sokol's company, one of the founders of Apple..
unfortunately I don't think I am related.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Steps, I would assume:
1) get BD player for Windows XP
2) put XP in a Xen domU
3) pull out some debug/raw output of CPU instructions
4) reconstruct algorithm/VM from there
Step 2 maybe not even necessary? Not trying to say this will be easy, but it hardly seems like 10 years of determined, collective effort
Seriously Mr. Stephenson, isn't it time you registered for a Slashdot account?
Mod my comments down. It'll be fun.
Time makes more converts than reason
It also seems that HD-DVD will be amenable to home movie makers, while Blu-ray won't. Given that Apple already has HD editing, it would make sense for them to have a way to burn the edited movie to an HD disc. If they can't support Blu-ray...
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Maybe he meant to say 10 dog years?
1&1 - Cheap domain and web hosting.
Constantly dancing out of the media companies' reach will just aggravate the system more. Imagine an equivalent statement from them:
"The pirates are screwed no matter what. They could stop using P2P programs, but piracy would die if they did so. They could continue the same way they have been, but we could just make the penalties harsher, and increase our efforts in finding them. We already have the methods for doing so."
Might I also add that it is not against the law for them to break the encryption on their own copyrighted works. If they have probable cause to think that the encrypted stream contains their copyrighted works, they can decrypt it under the DMCA.
BTW, I'm posting anonymously to keep mod points. It's better than a down-mod.
That sounds like a fun project. It'd be a good bit of work, but if it wasn't then it wouldn't be anywhere near as fun.
I think this ends up being the halting problem. It's impossible in the general case, and really easy in a number of specific cases. In any case, solving it that way is probably significantly harder than just writing an emulator and letting it do it's thing.
-- The act of censorship is always worse than whatever is being censored. Always.
I never said it was illegal for them to crack their own encryption. It is illegal for them to crack encrypted packets on P2P networks. It's hard to prove people are sharing their movies if the data on the P2P networks is encrypted and anonymous, especially if you have to break encryption to determine who a user is.
They are not the police. They cannot crack encrypted P2P packets without breaking the law.
Time makes more converts than reason
I'm sorry but that is far from supporting proof for the original authors claims.
C /t-110717.html
There are a lot of DVDs that the now ancient DVD-Shrink can't rip without help - they typically have bad sectors that the playback/menu structure knows how to avoid, but anything that tries to read the sectors sequentially will have problems with. The state-of-the-fart for this tactic is macrovision's "Ripguard" but, as you can see from this posting, it is still easily circumvented, and is hardly designed to manipulate the ripping program to execute new code:
http://forum.doom9.org/archive/index.php/t-1%20%3
When information is power, privacy is freedom.
Worse yet, Slashdot limits the number of anonymous posts from an IP address per unit of time, so I have to make a composite reply. Many of you nice smart people will not receive a reply notification, and won't read this. This is not my fault.
Reply:
Alo, king of the smart replies. Well met. First: emulator cartridges are a static target attacked by dynamic code. Bluray DVDs are a dynamic target attacked by static code (if the attack is publicly released). This means arms race. As long as there is a detectable implementation difference, the next generation of BD+ will exploit it. How many implementation differences are there? Hello, Halting Problem (hat tip to later poster). It's like asking how much 0h-day is in Windows. Anyone who knew would be a billionaire, but we can't know. Enter the arms race. Who will spend more money, Sony or the underground? As far as dynamic analysis being hogwash - um... you do know that the intel instruction set is published, but no one can provide a static analysis tool that will tell you what an x86 program does? Same thing with virtual instruction sets.. I grow concerned about the tone of your post.
Second:
This implies a serious lack of understanding on your part. I am concerned. http://www.cloakware.com/
People have had physical access to Verisign's shit for years. Their certs remain unbroken. Money talks. People have had physical access to SecureId tokens, MILLIONS of them for years. I go on to mention this later. They remain unbroken.
I do not claim BD+ can't be beat. I did my best to define how. If someone drops the dime on their certs I will laugh myself silly.
Oh, fuck. You didn't read my post. Now I feel like Bob Lee Swagger. I'm DONE with you, son. Here's my post again:
Now you are refuting me by repeating me. Sorry, other repliers get my time now.
Reply:
Don't you get it? This system doesn't have one key! It has a different key in every DVD, protected by a different program. You need to mimic the runtime environment it expects in order to make that program extract its key. The key extraction method will differ for every disc. The tests of the runtime environment will differ every time. Think that's easy? GOOGLE AARD.
Jesus.
Reply:
"Bring 'em on"
- Debug a legitimate Windows BD player
- Determine the data that goes to and from the BD+ program in the VM
- Replicate the data that goes to the BD+ program up to the point where the program is about to release the key (which must be stored unencrypted in RAM at some point anyway)
The key is on the disc, the data is on the disc. The key could be anywhere, but the static binary that determines whether the hardware is legit must be so small anyway, and at the end of the day, it will always boil down to a yes or no answer (to release the key). Find out each point at which it says no and change it to yes.I guess what I'm saying is, how is this any different to an actual app that looks for a dongle? The dongle contains the secret ingredient (in our case the secret ingredient is the certificate) to make the app work and do its thing, but people got around most of those by simply NOOPing out the check so that it doesn't even look. I know nothing about Java VMs, and I know it must be much more complicated than that, but how much more? The program is loaded into your OWN RAM, and the key and binary algorithm to decrypt are already there.
10 years just seems too long. The only advantage that BD+ has is that once the algorithm has been cracked, they can simply change the binary (and I imagine it is probably different for different discs anyway). But no matter what, the program always decides yes or no, and the data is undoubtedly decryptable using only the disc.
it stands for jesus fucking christ
http://taviso.decsystem.org/virtsec.pdf
i even have to use google for you to find something posted by... a google employee.
work for it!!!
i think this is the last post i am allowed. have fun everyone.
So you'll print off thousands and millions of these discs that contain both the lock and the key - and distribute them to anyone who has the price of purchase - and you think it's going to take how long for just one person to open your lock?
Once that one person has compromised your protection then it's done. From that one compromise, copies will flood the internet. Will BD+ prevent your movies from being shared? Nope, no chance of that. But it might slow things down a little - just a little, mind you.
We hope you've spent as much time working up a plausible excuse for the failure of this system as you did in promoting it to unsuspecting media companies. They're not going to be happy when they discover you've sold them a bill of goods...
should be fired, and not allowed to work in the tech field at all.
10 years, sheesh.
The Kruger Dunning explains most post on
I can alway grab it after it is decoded, big whoop. Encryption, even 'perfect' encryption doesn't matter at all if someone, at sometime, needs to actually be able to understand it.
The Kruger Dunning explains most post on
1. Debug a legitimate Windows BD player/ in-depth.htm READ READ READ ..ok now read past the bullshit
is there an all software player? you need a bluray dvd player. what's in that thing? legit players depend on hardware support. they don't do the heavy lifting themselves. sometimes, your mobo has to support dvd playback. google intel g33 mobo chip. to defeat the chip, you need to defeat the epoxy guards. secureid. scanning, tunneling, electron microscope, maybe.
http://www.intel.com/personal/our-technology/viiv
2. Determine the data that goes to and from the BD+ program in the VM
it's a program. each program is different for each dvd. for each dvd you must dissassemble. enter a descendant of the halting problem.
3. Replicate the data that goes to the BD+ program up to the point where the program is about to release the key (which must be stored unencrypted in RAM at some point anyway)
why? why must it be stored in RAM? why? fuck. jesus.
x = 7
x += 2
x += 9
i just added 11 to x without storing 11 in RAM. extrapolate. fuck.
here i'll do it again.
x = 7
for (i = 0;i++;i LESS THAN 11):
x += 1
x -=3
x+=(1.5 * 2)
y = x/4
here, quick, write down all the code variants that will add 11 to x. GET IT???
I guess what I'm saying is, how is this any different to an actual app that looks for a dongle?
you've got a different dongle in each dvd. the specific defeat for each dongle is achievable. the genereal defeat for all dongles requires solving a descendant of halting. no one has done it for x86. no one will do it for java, in ten years, and by my guess 100.
sorry, tired, and other things too. worn out. failed the captcha like three times already. I'M UNHOOMAN! they caught me.
Actually provided the consumer as human being can view/listen to the content with their eyes/ears (in analog form obviously), the content itself is already cracked. for example, we can imagine that someone put an HD video camera in front of the LCD screen, and connect the line-in of a sound recorder to the 5.1/7.1 analog output of the BD player --- viola, all the contents are pirated!
Of course, due to the involved extra A/D conversion, the quality of the captured video/audio may not be so good as the original one, but here you get the idea. This can be improved. for example the pirates may find even better way, like hooking some circuits between the analog output of the BD player circuit to the capture devices, and so on... Finally given enough good equipment, they can actually produce almost identical quality content as the original.
The key point is: we as human being can only consume analog video/audio signals. It does not matter how advanced the digital encryption system is, finally the industry will provide the consumer both the encrypted content and the player (decrypter).
If the DRM takes 10 years to crack, then HDDVD will most likely be more popular with the consumers as they'll be able to *ahem* backup their movies (even though they probably aren't allowed to in some parts of the world - The Mafiaa has (a) too much money and/or (b) no kids).
Of course if the DRM is that good, then it will most likely be more popular with the vendors.
dnuof eruc rof aixelsid
Sorry to inform you that your sig line was cached in the ram memory of my video card before it was possible to know not to.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
That will never happen. By 2057 copyrights will be eternal, like God, and Europe of the 1600's and 1700's, intended. Beware those radical American colonists with their crazy ideas!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I wonder how much MORE this will add to the start-up time of a BD+ disc. It's already too long as it is.
BD+ allows the entertainment companies to react instantly to breaks at timeline point X, recompiling their VM code in a response to software breaks, protecting all titles published from time X+.
Not quite. They will need to see the break themselvs. Analyze it. Devise a method around it. Test that method against all current players (if they're going to be responsible here). Ship it off to manufacturing. Remaster new discs with the new software. Press. Distribute. And sell it through the channel. This is hardly an instantaneous response by any means.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Since I actually do research in recursion theory (basically the mathematical study of the halting problem) let me start by saying this has ABSOLUTELY NOTHING AT ALL TO DO WITH THE HALTING PROBLEM. The halting problem, or as you stated it determine the full execution path of a static binary, is provably unsolvable because programs can take arbitrarily long before deciding to halt. Given you know a program halts (on a given input) it's trivial to determine the full execution path. Just run it and see what it does.
In this situation there is nothing at all like this going on. We know that the code on the BluRay disk produces whatever output lets you view the disk not only in finite time but after a very short time.
In fact this situation offers no additional security over a well designed public crypto system AT ALL except for obscurity. The instructions for the virtual machine are just a very complicated sort of key, one that anyone who can crack the base level encryption can view. The memory footprints and all that jazz are only fancy ways of implementing a private key.
There are damn good reasons that the people who implement public key systems and symetric ciphers don't use VM instructions as their keys. A good crypto system is built around SIMPLE and well known mathematical problems because extra complications just provide more places an attacker can find a clever short circuit that you didn't think about. The only reason to think a crypto system is secure is because you think that the attacker doesn't have any shortcuts to compute things in the other direction much faster than brute force. The more complications in your system the more places he could discover a clever trick to undermine your security.
As I argued in my other post the benefits of the BD+ VM aren't really about security but about control. It doesn't make things much harder for the hackers but it does let the content producer execute more control over when things are decrypted. The only security advantage BD+ brings is obscurity and possibly the use of a better underlying crypto system than what AACS uses (the part that decrypts the VM at the beginning).
If you liked this thought maybe you would find my blog nice too:
This is a perfectly possible crack; I've defeated stronger stuff than this myself. You'd be amazed what determined shareware authors put out on occasion.
Smartcards? Dongles? I've seen them using stuff like this, and it didn't help them. You forget; we do have tunneling electron microscopes. Why would any serious reverse-engineering lab not?
- The value of the signing keys is very high, to the extent they cannot be sufficiently protected from a well-resourced attacker. They have to be used regularly, and keys that have to be used can be stolen. If leaked, we have a permanent, low-effort, easy crack.
- Not all the cryptographic primitives used in AACS are well-tested; some are unproven and potentially troublesome. It may be possible to bypass BD+ completely.
- The virtual machine is a simple variant of Java ME, but it is possible to reverse-engineer a virtual machine from nothing but its instructions given enough effort.
- It's impossible to verify a virtual machine from within that virtual machine if you can implement the virtual machine using more memory (swap, or otherwise) than available from within the physical machine.
- Despite its name, VMWare is not a virtual machine. It is a hypervisor designed for performance, not a virtual machine coded explicitly for security and stealth.
- Oh, what's that? You need a key to pretend to be the virtual machine? Give me a soldering iron, and a PS3; I'll be right back.
- The trouble with challenge-response, is that the more general you make the key, the easier it is to steal, but the more general you make the key, the harder it is to actually derive key material from that response. It comes down to a branch, a yes/no, a this is good/this isn't.
- The trouble with that is the code is being executed entirely under the control of the attacker.
- Native code makes it both harder and easier. Harder because you need to write more code. Easier because the platforms for "native code" vary enough you'll know when you're doing things right. (Particularly because native code will be used mainly for destructive logic bombs.)
- It only takes one release for everyone to get any one movie.
- An entire little "industry" of software cracking sprang up. There's nothing to stop the movie distro crews getting crackers too.
- Crackers have never seemed to have a problem keeping up with, and surpassing, the software industry before. Why would they now?
- The crack might need updating from time to time, but what crack doesn't?
Meh. Any system where the ciphertext and the key is in the attacker's hands is a broken one.
OK it's OT and I'm a Doom9 guy, but they should really do something with the stylesheet on AVS, it's totally unbearable.
I can't look at the site more than 5 seconds without puking.
That's too bad, they have a lot of interesting content there...
If you can play it, you can crack it. The only question is how much time/money you are prepared to spend. Now, with the internet and hacker cooperation, time is available in many multiples of real-time. As for money, it all depends how much an industrial level "pirate" wants to invest in cracking the security (assuming a simple bit-level copy isn't going to do the job for some reason.)
" When an elderly, distinguished scientist says that something is possible, he is probably right. When he says that something is impossible, he is probably wrong."
What this is intended to convey is that experts in a field know all the possibilities, and the limits, based on their experience. Only people without the mental block applied by experience can think through these limits, and come up the other side of the barrier.
Perhaps something surprisingly simple? Like key-bumping was for locks? Like the Sharpie was for Sony's CD copy protection? It's amazing how some well-paid hack can wrap themselves up in knots making a complex system, and be defeated by simple tricks.
All this is totally irrelevant. As long as the original allows output to the screen and speakers (and if it doesnt then nobody would buy anyway - obvious i know), then we can rip it.
Who cares if Blu-ray is hacked? All it takes is one original with player and then you can rip the output and save as DivX or DVD or whatever format you like and mass produce your own copies... erm, for backup purposes of course.
From the briefing provided by your link: "A strong identity card program is built on sound business practices -including strong authentication of identity and digital authentication at all portal points"
Until there is a CAC card requirement at EVERY portal point, CAC cards are merely an inconvenience to legitimate users. Like somebody else said, "it only takes one copy of a movie". In this case, it only takes one non-CAC card DoD computer...I've been working for the DoD since the advent of the CAC program, and still have never used my CAC card for anything other than an id card.
I hope the engineers email this guy to say "thanks a lot asshole". He might have done for BD+ what some idiot did for the Titanic by proclaiming it unsinkable.
If that holds, the format war is done. HDDVD has won.
I had a talk with my boss yesterday, and he said something that made me think: The format war will be won by the format the porn industry supports. I'd rather say, yes, it will be won and lost by porn. But it will be won by the format you can copy porn to or from more easily.
Porn, now, is something people loathe to buy in a store. Preferably they wouldn't buy it at all. Not online either, no matter how "discreet" the packaging is. Porn is something that should miraculously suddenly appear in their home with nobody knowing about it. If you have to interact with other people, then preferably with other porn enthusiasts so you don't have to feel bad about it.
The VHS/Beta war was won that way. Well, it was won the reverse way. Both had the benefit of being cheap, easy to copy and leaving no trace to the original. But VHS had the porn industry behind it. With the BluRay/HDDVD war it's reverse. Both might have the support of the porn industry. But if this announcement holds its water, only HDDVD will be the formst to copy cheaply and easily.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This Richard Doherty guy is hardly un-biased as he used to work for Panasonic and was a prime mover in the Blu-ray Disc Assoc.. I attended the first meeting of the BDA in Tokyo a few years ago and he appeared to be in charge of proceedings...
I was hoping someone was going to calling bullshit on the comparisons to the halting problem. Typical Slashdot, too many uninformed posers going around grandstanding their ignorance.
Let's assume that you want to rip a movie that's stored on a disc with completely unbreakable encryption. Let's assume the movie is actually playable on PC. What is to prevent you from writing an application which would basically run a "capture screen" on your player window at a set interval (say 24fps or 30fps) and then assemble the resulting (huge) amount of images into a DIVX/XVID movie file?
"Well duh. The whole point is to protect the digital content in its pure pristine quality."
Not really. The value of digital media is that the quality doesn't degrade over multiple generations. To pirates/traders, the loss from a single generation of analog copying doesn't significantly matter. Breaking the original media encryption by analog means doesn't force the content to stay analog. They re-encode it to an unprotected digital format and then it can be freely passed around with no futher loss of quality. It's not like they're dealing with VHS tapes and every pirate has to make a copy with another level of generational loss for the next one in line.
"I don't think sony are trying to use blueray-drm to protect the content from analog piracy which happens all the time anyway.
Actually, they are. That's why high def DVD players (both HD and BR) and HDCP compatible devices are not allowed to have high quality (YPrPb or RGB) analog outputs. They're trying to force as much quality loss as possible for that first jump from analog to unprotected digital. Pirates will prefer to crack the media encryption to get the best quality, but if they can't do that, they always have something to fall back to.
"National Security is the chief cause of national insecurity." - Celine's First Law
What these analysts did not say was that this was in Mayfly years.
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
Ok, I'll ask, if BR is uncracked, why is it I can download 720p (and 1080p) rips from bluerays(4-8GB)? And in fact, the entire blue ray disc if I really really want to download 12+GB? sounds pretty cracked to me.
One is the actual mathematical algorithm. If it's secure - like 128 key encryption, then hell yeah it'll take a long time. However, how many people did they have working on their side 10 to 100? You can bet there will be orders of magnitude more people working on solving the problem of cracking it.
But there are other ways, or as the Elves once said -
"Humans are weak." Which to me means they can be bought, compromised, etc. So social engineering, frustrated employees, money, etc all can be used to help "crack" the code.
My worthless estimate of how soon a "working" crack will be only a few weeks to several months.
..........FULL STOP.
What tools you recommend me? As I've seen, this archiver is best: http://science.slashdot.org/article.pl?sid=07/07/1 0/0055257
I'm not sure I understand the fuss, forgive my obvious ignorance. These Blu-Ray players will have a video out, right? So all it takes is for one person to run that into his video recorder to copy the video, then he can share it with the world in any format he likes. Correct? So what's the point of this DRM again?
It seems like they are just getting their act together now on this and I am not certain all the original players support BD+. Many didn't support the Java interactivity features so how do we know this will work with older players.
If it doesn't work on older players you destroy they tiny market share you have built so far and hand the war to HD-DVD.
I guess we find out if/when someone actually releases a BD disk.
Unless this is supported on the old players this seems to be an academic discussion.
What was that noise you just heard..
Hundreds of slashdotters putting in a blue ray dvd to hack.
I often have trouble remembering which way is out of bed in the morning.
Can't we just argue a vendor locking to the EU, that Blu-Ray cannot be played under *insert Open Source OS here* and that it creates a vendor lock in to Microsoft/Apple... Aiding unfair competition and all that bullshit. Worth a try?
If you need to decode this on a consumer (i.e. cheap, easy to obtain) processor and, make it simple for average Joe to use (not require an internet connection, entering a code for every use, etc.) - How can the encryption be all that good? People looking to steal and resell you data from will have machines that are fast enough to crack it in a relatively short time (brute force crack using a cluster, may not be pretty or efficient, but some major crunching power can be put together on the cheap.) If it can be viewed, there is some way of copying it - quality is not the highest priority of "pirates." It may prevent casual copying, but that could be accomplished for much less. Who are they trying to protect their work from? I am a mechanical engineer, I know nothing about encryption, DRM, or how it's done - So I may be completely wrong with my thoughts on this subject. (Please correct what I got wrong.)
"They are not the police. They cannot crack encrypted P2P packets without breaking the law."
Why do you think this is true? This is 100% false. P2P packets are not copyrighted, thus cracking the encryption is not a DMCA violation. I know of no other law that would make such an act illegal. Besides, you miss the completely obvious. The media companies will simply join the P2P network and see the decrypted content the same as anyone else. They will know who is sharing what.
Sweet Jesus. Why didn't he moon them while he's at it?
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
Some of the files I've seen obtained from file sharing are of absolutely horrible quality, yet most of the people I know who keep and use this stuff do not care.
Even if BD+ can not be cracked (unlikely), does it really matter? If people find the quality of the "free" version acceptable, they probably won't pay for a BluRay version.
The impenetrable security of BD+ only matters if there are no other ways to get the content. It is unlikely that regular DVDs and broadcast TV will go away any time soon.
The bigger challenge for Hollywood is figuring out how to get customers to pay for the product. A mediocre product is not the way.
-ted
"I defeated stronger stuff than this myself. . ."
/. ID behind your boastful post and I'll check back to see if you've published this Blue Ray crack inside the 10 year window? If you're afraid of the DMCA provisions on publishing copyright circumvention techniques, you can just provide some links, or the general details of your brilliant hacks.
"You need a key to pretend to be the virtual machine? Give me a soldering iron, and a PS3; I'll be right back."
Wow! Those are some bold statements without a lot of substance to back them up. I'd be very interested to know the details of how you defeated a stronger DRM scheme than this one, and how you would go about doing a hardware hack on a PS3 to emulate a VM. Why don't you put a
I tend to think you're full of S#!T.
What I'd like to know is how BD+ stops someone from making bit image dupes of a Bluray disc, mass producing them by the millions and selling them on street corners in cheap boxes for $5.
Oh, what, the goal of DRM isn't to stop such blatant profit motivated piracy? They're going after people who actually lose money by paying for their own bandwidth and storage to share files? I... I... I... don't get it!
--Joe
Program Intellivision!
This is probably Sony pulling a clever viral marketing ploy. They know that piracy breeds popularity in a product - if you can get copies of games, you'll buy the console (and ultimately most people will still buy a certain number of games rather than pirate everything, so you still make sales despite losing a margin of profit)... witness the original PS. They know that if people can copy HD DVD, then the masses could well flock that way and consumer feet will decide the format winner. Thus, they feed rumours out into the wild that BD+ is unbeatable and throw down the gauntlet, secretly hoping that it WILL be cracked so that they can reap the rewards of once again having a piratable system. After all, if the challenge is there, then there's always likely to be somebody who will take it up and have a go. If nobody bothers trying, then it can also be held by Sony as a reason for studios to choose BluRay for their content because it's 'so secure'. It's win-win for them. The number of people who can be bothered pirating media and/or chipping their player device is negligible compared to the overall sales figures for that platform once it gets established, but it's the early adopters who may help to set it in stone as a usable platform in the first place, and if those people are so orientated they may well recommend it to others because it CAN be freed from DRM... Sony would then just have to sit back and count the takings. It's a gamble, but that's business I guess!
This cocky pro-DRM talk only makes us work harder on cracking it. I give it 2 months, tops. :D
Internet: Serious Business
BWAH HAH HA!!!! Trogdor Strikes again!!!!!!!
here's a short proof that you're wrong:
main(){
yourinput;
if (yourinput == 1){
printf("itsaone\n");
}
printf("alldone!\n");
}
if you "just run that and see what it does", it will print "alldone". It takes some reverse engineering to figure out how to make it print out "itsaone". because all inputs and all combinations of inputs cannot be known, it becomes difficult for an arbitrary static binary to determine all its dynamic execution paths. when i said that a lot of smart people were working on this problem and failing at it, i meant it :
http://www.hbgary.com/technology.shtml
if by "whatever output lets you view the disk" you mean the content stream, yes, that much is obvious. however if you mean "a decoder capable of viewing the disc", well, that too is obvious, but because the form of that decoder will change between each disc, isolating it is going to be a per-disc problem. a very, very tedious per-disc problem. and it could very well have a per-iteration or interrupt-driven re-challenge of the cert embedded in the palladium-style bluray chipset. this is almost certainly what they meant when they said that a break would only compromise one disc.
i'd really like to keep this up, you seem nice, but you are swimming out of your depth.
...I give it two weeks tops.
If there's anyone I hate more than stupid people, it's intellectuals.
I seriously doubt anyone will try such a brute force hack. Even AACS was never compromised DIRECTLY. It's more likely someone will find a way to capture the data AFTER the VM has "validated" it, or do a hack on the hardware itself to bypass the VM on the disc in the first place (must be a way to do it, since we've seen plenty of blu-ray discs without BD+).
SJW: Someone who has run out of real oppression, and has to fake it.
The Titanic is unsinkable!!
I'm betting that a little digging will show that the original 10+ years quote came from some dog posting anonymously (and shamelessly re-quoted by humans). We just need to divide by 7. Still, I wouldn't be shocked if someone cracked the DRM in 10 dog hours.
The world is made by those who show up for the job.
...they think enough people will have Blu-Ray players to even bother to try?
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
I just read the August Maximum PC which says that the program AnyDVD can rip from HD DVD and Blueray. Does that not constitute breaking the DRM??
This statement have high probablility to become just as famous as "There will be a total market for five computers in the world" and "nobody will ever need more than 640k memory".
Over this time new algorithms are likely to turn up, and many of the encryption technologies we today consider safe will turn into the digital eqivalent of a simple, easily broken padlock.
God is REAL! Unless explicitly declared INTEGER
9...8...7...
Trust me I'm not swimming out of my depth. I really am writing a thesis in recursion theory and I present at conferences on this stuff to the world experts in this stuff. I get paid to prove things are or are not equivalent to the halting problem.
Now it is true that for some programs determining what inputs that program halts on is an undecidable problem (consider an interpreter it executes it's input reducing this to the halting problem) Hence the reason I was quite careful to specify that I was talking about a program known to halt '(on a given input)'. In case that wasn't clear let me spell out the theorem more precisely: there is a program S(i,x) so that if the i-th Turing machine halts on input x S(i,x) outputs the states (tuples of tape, head etc..) that Turing machine enters while executing on that input. I mean fuck if we really want to get stupid about this there are only a finite number of programs/input pairs that could be encoded in all the molecules used by the Blu Ray disk/player so there is some program (a giant case statement) that tells you how each one of them behaves.
Of course such a program is totally useless and irrelevant to the question of cryptography. Thus the reason I pointed out that the halting problem simply doesn't apply here. The question in cryptography is not whether something can be computed but whether it can be done so efficiently.
--
Now I won't claim to be an expert in cryptography the same way I am in recursion theory aka computability theory but I do know a fair bit about it (being a mathematician some stuff leaks out) and you are pretty confused.
Just consider the S-box in a normal symmetric cipher (like DES). This tells you how to modify some of the bits of your input based on the value of other bits, i.e., the value of some bits of the content you are decrypting tells you how to change the value of other bits. If you wanted to you could describe this just the same way you did the BD+ VM system. Each encrypted piece of content comes along with instructions that execute on the S-box VM (and lots of other components) that tell you how to modify other bits of the input.
Any block cipher works by letting some bits read from the input affect how you decrypt other bits. The only question is how you do it. If you could make your cryptographic algorithm more secure by exchanging nice simple things like S-boxes for complex computer like VMs they would be doing it.
So what about your claim that BD+ lets them modify the cryptography after a break making it more secure? Well like AACS does, they can revoke the keys of compromised devices but the VM plays no role here. BD+ can't do more than this as Blu Ray players bought next year need to be able to play Blu Ray disks in 3 years which means there must be some pre-established algorithm that lets the current players decode the future disks. That algorithm IS the cryptosystem, calling it a VM doesn't change anything.
At the highest level of abstraction things ALWAYS look like this. Player has some secret information. The information on the disk is somehow encrypted so that it is (supposed to be) hard to compute the content stream without the secret info. The player applies some algorithm (in this case runs the virtual code in a VM after doing some other cryptographic verification) that then produces the content stream as a function of the player secret and the data on the disk. Making this function more complex by sticking a VM inside it only makes the decryption algorithm more obscure. Once you've figured out the algorithm in the BD+ docs, i.e., the non-secret part all the manufacturers get, it's just another cryptosystem.
The reason the Palladium/TPM people use VMs and the like isn't because they make things more secure. If all you wanted to do was prevent unauthorized people from reading your HD you would just encrypt it with a nice symmetric cipher and be done. They implement a VM because it gives them more control. So long as the system'
If you liked this thought maybe you would find my blog nice too:
I don't understand why *any* company would allow *any* employee to talk to the press without first making them endure an hour long talk which involved the employee, the PR team, and a large whiteboard with the following phrase written on it: HOSTAGES TO FORTUNE = YOUR ASS IS TOAST
This has been said before, but it bears repeating: media DRM is a case of Alice wanting Bob to access the content, but not Clyde, when Bob and Clyde are the same person. DRM. Is. Broken. They can get as creative as they want, they can hide behind any number of virtual machines and worse, but DRM sows the seeds of its own destruction because of this.
If nothing else, there's always the analog hole. What are they going to do, outlaw camcorders? Create monitors that interface directly with the brain? These peoples' heads are so far up their asses they can wear their spleen as a hat.
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...
if you "just run that and see what it does", it will print "alldone".
I get:C pedantry aside, your claims disregard the fact that all inputs to the static binary are known because the VM always starts in the same known state. Even if your program had been correct, it would still always execute in the same way. It's just that you'd have to consider the initial value of yourinput as part of the input, which might be uninitialised memory on some platforms, zero on others.
That sounds like a challenge to me!
\m/ Rawk on! \m/
This comment does not necessarily represent the views and opinions of the author.
Do not think for one SECOND that epoxy works, General instruments tried that crap for YEARS on VC boards and they still ended up hacked.
I hear there's a small fortune to be made selling this sort of idea to the film industry. "My new DRM scheme is mathematically perfect!" Ho ho ho.
You seem to equate "the halting problem is undecidable in the general case" with "the halting problem cannot be solved for a specific case", which is, well, not even wrong. Even if the BD+ disc makers do use a different protection scheme for every disc (expensive, unlikely), crackers are likely to get very good at extracting the key from each specific scheme. Particularly as the key is likely to be uploaded into some sort of application-specific decryption unit at some point just before playback begins, since software running in the VM is (I expect) too slow to decrypt all of the bitstream in real time.
In doing so, the crackers will not have proved Turing wrong. They'll have shown yet again that one Turing machine can always be simulated by another.
Also your C source code is quite "creative". Perhaps you should do a computer science course? I enjoyed the for loop particularly.
"the damage would affect one film and one player."
Shouldn't that read "affect one film and everyone who bought that player"?
Coder's Stone: The programming language quick ref for iPad
Does the guy even know how much computing power there will be in 10 years? Come on. Seriously.
http://www.nxtbook.com/nxtbooks/questex/hom070807/ index.php?startpage=10
/. summary.
The link was given in the forum, don't know why it wasn't put into the
They will break this encryption soon since the these are static encryption method. As computers get faster and programmers get better these static encryption methods will be broken faster and my guess this DRM will broken within a year or so. 10 years a long time and if some wanting a challenge will break this faster.
I was really just pointing out that if you're talking about the bitrate of uncompressed video, you're not talking about analog video; it's still digital. Capturing the decompressed and decrypted digital stream is not the analog hole.
The analog hole for audio is connecting the headphone out to the microphone in and capturing that way. It's analog because there's an A-D (analog to digital) conversion involved. It's a hole because it can't be prevented (if I can hear it, I can record it(1)).
Decrypting a decompressed digital stream fails both "analog" and "hole": it's digital, not analog, and it isn't a hole (you have to defeat the encryption).
(1) Analog watermarking seeks to plug the analog hole and only works if (a) all analog recording devices detect the watermark and refuse to record or (b) all playback devices prevent playback if a watermark is detected without a corresponding digital mark also present. Macrovision qualifies as a method to plug the video analog hole, first as a technical barrier to analog recorders (VCRs), then later as a mandated support for digital recorders otherwise immune to its shenanigans. Normally one cannot guarantee that all devices will honor your analog watermarks; bullying through the legal system though achieves this for any marketed or disclosed product.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
i've read your post in detail, and i understand it. you have a series of prerequisites, and then a series of conclusions from those. none of your conclusions are wrong, and they are derived from your expertise. however, your prereqs do not match the facts. i have contained an explanation, and an exercise you can go through to learn more.
that is not what inspector is. the tool i linked to attempts to trace all possible code flow paths for all possible inputs, in an attempt to highlight code flow paths that could be exploitable or contain hidden malicious functionality. the problem of all possible code flow paths for all possible inputs is EXACTLY what is at issue here. read on.
the cryptosystem involved does not function as you have stated it does.
the content stream cipher will be known. it will probably be AES. it doesn't matter.
the cryptosystem works like this:
there is a massive, symmetric cipher key which encrypts each disc. it may be a different symmetric cipher each time, implemented in the VM, or it may be a hardware symmetric cipher. it doesn't matter. the point is that for each disc, there is a different key. so getting a "disc key" is not a break for bluray.
what protects the "disc key"? the dynamic execution path of the virtual machine code stored in the protection area of the bluray disc. when it executes, it will follow some execution path based on tests of its environment. who knows what these will be. one of these will be a CHALLENGE to a cert stored in the bluray player chips. the way public key crypto works is this: the challenge is signed by the bluray chip, which contains a private key, and then that signature is verified by the player code, which has a copy of the public key. when the virtual machine issues its challenge, it will use the public key to verify that the execution environment has a legitimate cert, or private key data, embedded within it. due to the nature of public key crypto, and the size of the search space in all possible challenges (probably 512 bytes), replay will be completely impossible.
lessons:
- if you break the "disc key" which encrypts the content, you have not broken any other bluray titles
- if you intercept the challenge from the vm code to the bluray chip, and intercept the response, you will not be able to reuse this information, because the search space is so vast
- at no point is the private key data in the bluray chip ever revealed during this conversation
- no api into the bluray chip exists to ask for this private key information (cert) - it can only sign challenges with its key, not reveal its key. there is no chip instruction to do so!
- at
> You're not trying to come up with a general purpose algorithm for determining if any algorithm halts, you're coming up with an algorithm to trace the execution path of a specific algorithm that you already know halts, based on a limited instruction set.
/the algorithms don't need to be cracked/. DRM is /not/ an encryption problem: you have access to the plaintext already!
Nope, a program running in a VM is just like any other program, and all programs have "limited instruction sets". My understanding is that there's no guarantee a BD+ algorithm will naturally halt. If you know otherwise, do tell, but I doubt you do because otherwise you would have argued better in your post.
> Of course, a software player could blow things open all the same -- that's really the only way that even AACS is being cracked even now.
Oh, get it through your thick head that
vi ~/.emacs # I'm probably going to Hell for this.
I'm right, and you're an idiot. I'd say something more constructive if you did, but you didn't, so I won't.
vi ~/.emacs # I'm probably going to Hell for this.
Make not, that was supposed to me modded "Funny" not "Redundant"
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
but blu-ray drive very expensive.. :(
Weren't both HD-DVD and Blu-Ray's protection schemes cracked totally in february?
Or am I missing something?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
...and well, no.
The "analogue hole" can be made such a PITA that people don't bother. For example, someone could mandate that your video camera have a digital watermark detector built into it, that would detect you attempting to record the screen of copyright material. It's an extreme example, sure, but then again the World's most popular OS has just been updated primarily to do pretty much exactly this to all data passing through its signal path, so maybe not *that* extreme an example...