Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blu-ray BD+ Cracked

Posted by kdawson on from the bigger-they-come dept.

An anonymous reader writes "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: 'BD+, unlike AACS which suffered a partial hack last year, won't likely be breached for 10 years.' Only eight months have passed since that bold statement, and Slysoft has done it again. According to the press release, the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market."

11 of 521 comments (clear)

  1. Bogus claims by Anonymous Coward · · Score: 5, Interesting

    This is completely bogus marketing on Slysoft's part. They have "broken" the current titles by extracting the code from each one, but BD+ relies on code being downloaded from the disc itself to decode the data. The bar will just be raised now and new code will be added to newer titles.

  2. Re:pwned by elrous0 · · Score: 5, Interesting

    They know damn well that no DRM is ever really secure. But the bread and butter of these companies is to sucker the studios into thinking otherwise. So they don't make such statements because they actually believe them, but to sell their DRM scheme. By the time it gets cracked (usually about 5 minutes after anyone bothers to try), they've already made their money and can laugh all the way to the bank.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  3. Re:unimportant by webmaster404 · · Score: 4, Interesting

    It however does a few things...

    1. It tells that Blu-Ray is already supported enough to buy a player now
    2. It allows you to even if Blu-Ray ends up failing, you can rip your Blu-Ray movies to the new format (and don't expect media storage to be made as long as VHS and DVD did anymore...)
    3. It will allow various third-party projects to soon take advantage of this (even if right now it only lets you make backups) and add Blu-Ray support to media players on OSes such as Linux.

    --
    There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
  4. Re:unimportant by Stuart+Gibson · · Score: 5, Interesting

    I agree that is the reason for the vast majority, but there are some cases where people have a legitimate reason. I'm in the process of ripping my 600+ DVDs to an increasingly large hard drive array so I can access them all around the house without the need to get the discs. I know it's unusual but there are legitimate reasons.

    --
    It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
  5. Re:pwned by h4rm0ny · · Score: 3, Interesting


    The only bad thing about BD+ being cracked is that it didn't happen sooner. A naive faith that it would be secure may have been one of the factors in studios throwing their weight behind Blue-ray instead of HD. Now that HD seems to be going down the pipes, it leaves blue ray in a monopoly position, free to keep their prices high. Okay - it's not quite a monopoly position as they still have to compete with traditional DVDs. But it's a worse situation for the public than if HD were still around. Still, every little crack helps.

    --

    Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
  6. Re:pwned by phobos13013 · · Score: 4, Interesting

    Be assured it was this argument that Sony brought to the studios to get them to kill the (IMO better standard) of HD-DVD since it has already been cracked. Also, be assured that Sony knew their argument was bullshit. Sadly, it was this lie that killed the standard, not a few thousand people skewing consumer purchasing towards BD. Ca va...

    --
    ...and it should be known by now
  7. Re:Barrier to Ownership by sweepkick · · Score: 5, Interesting

    How about the most important 'legit' reason (for me anyway): being able to play blu-ray media on Linux?

  8. Re:The link is a trap by DrSkwid · · Score: 4, Interesting

    Since I bought a copy of The Shellcoder's Handbook Amazon keeps trying to get me to buy other cracking books, for instance :

    Hello, Dr Skwid., Amazon.co.uk has new recommendations for you based on items you purchased or told us you own.

    Reversing: Secrets of Reverse Engineering
    Buffer Overflow Attacks: Detect, Exploit, Prevent
    Rootkits: Subverting the Windows Kernel
    The Database Hackers Handbook: Defending Database Servers

    Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
    Professional Rootkits (Programmer to Programmer)

    Now that the UK & Germany has outlawed knowledge it's like a trap!

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  9. Re: BD+ Cracked by Alsee · · Score: 4, Interesting

    I will give BD+ credit though, it managed to hold them off for 8 months

    Nope. 5 months.

    According to the link they sat on this for 3 months for strategic reasons, waiting for the format war to end.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  10. Re: BD+ Cracked by Anonymous Coward · · Score: 5, Interesting

    I don't know about satellite TV in the US, but...

    Virtually every satellite TV encryption system available has been broken, often many times over. These range from simple hardware hacks, such as subscribing to all channels then sticking a resistor in the decoder to prevent the card's EEPROM from being changed then unsubscribing again, through complete reverse-engineering of the cards. Cards were routinely modified to recieve all channels, card details were copied onto deactivated cards, and some were even re-implemented from scratch using a PIC soldered onto a PCB, or even using programmable cards.

    These systems relied on security through obscurity - the pirates didn't know how the cards worked, so there was no way they could compromise them. Yeah, right...

    This continued until very recently. Most newer encryption systems follow the pattern that BSkyB used with their analog and digital encryption systems. BSkyB's analog system relied on replacing the cards. Each time a revision of the cards was breached, they would issue a new one that fixed the holes in the last, and often fundamentally changed the way the card worked. Sky retired the system before it was fully compromised, but other providers kept using it. They had to face the fact that computing power had advanced so much that it was possible to brute-force decode the signal in real-time with no card.

    Most modern cards are programmable, as are the CAMs (the modules that talk to the card, and pass the final decryption keys to the STB). So the current encryption systems change the firmware in both card and CAM periodically. Any breach will only work for a limited time. Even after all these years, the arms race continues - pirates have found all kinds of creative ways around these things, such as sharing a single card across the internet.

    It's also possible to buy a PCI satellite card that allows a PC to recieve satellite TV. Combine that with an official card and CAM, which work as normal. You can't change the card, but you can do whatever you like with the decryption keys it generates, or the decrypted TV signals. That includes recording it, and uploading it to the internet. You could even do that in real-time if you wanted to.

    The continual update thing is what Sony are trying with BD+. The idea is that the BD+ portion contains code, unique to each disc, which verifies that the player is authentic and hasn't been compromised. Once it's done that, it provides decryption keys to the player.

    The general idea is that, while it may be possible to compromise AACS in the same was as CSS, each BluRay disc will contain unique encrpytion code for that disc. The idea is that each disc will need to be cracked individually, just like PC games. And we all know how well that approach works in practice.

    This assumes that each BluRay disc will have completely unique BD+ code, and that's just not going to happen - they have to maintain compatibility with existing players, which means the BD+ code has to be extensively tested. Hackers can move much more quickly - even if they did have to crack each batch of BluRay discs individually, they'll be able to update their decryption tools much quicker than Sony can update their BD+ code.

    It also assumes that nobody knows how BD+ works (security through obscurity), and that nobody will be able to independently implement a BD+ VM that pretends to be a real player. That's exactly what SlySoft have done. Their VM isn't complete yet - it only implements the portions of BD+ that current discs are actually using. It is known not to work on one disc (Hitman, I believe), simply because it uses parts of the BD+ VM that they've not implemented. Yet.

    The point is that the pirates are far more agile than Sony, and have unlimited time in which to devise a solution. There is no such thing as making it too much effort. At least with the satellite TV analogy, you can't keep using a hack once the hole it exploited has been patched, so there is a time factor. There is no time factor with BluR

  11. Re: BD+ Cracked by Belial6 · · Score: 4, Interesting

    I would say that you are only half right. If Dish is easier to hack, saying that DirectTV is unhacked is like saying that my front door is secure because it's easier to throw a rock through the 4x8 window right next to it. Largely pointless for the conversation. After all, have you succeeded if the hacker is still getting the data through another channel? Then there is Netflix. Most of the people I knew that hacked DirecTV did were subscribers to DirecTV. They hacked the system for the PPV channels. At $19 a month for way better selection, I know a lot of people switched from hacked DirectTV to Netflix because it was a better value.