Slashdot Mirror
Blu-ray BD+ Cracked
An anonymous reader writes "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: 'BD+, unlike AACS which suffered a partial hack last year, won't likely be breached for 10 years.' Only eight months have passed since that bold statement, and Slysoft has done it again. According to the press release,
the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market."
I'm beginning to increasingly believe the old cliche, "Information wants to be free".
When will people learn that making bold statements about their technology's security will only make them look like a fool when it is finally broken?
Now that that's been handled, looks like it's time to start shopping for a BD player.
The original was Posted by kdawson too... http://yro.slashdot.org/article.pl?sid=07/10/30/2034242
Wikipedia states that it only enables backups, which are then played with a software player which is Blu-Ray compatible. It doesn't look like VLC will be playing BD+ protected media anytime soon.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
Its not really details of how it works, its a FBI sting to get people that are intent on learning 'forbidden knowledge".
---- Booth was a patriot ----
This is completely bogus marketing on Slysoft's part. They have "broken" the current titles by extracting the code from each one, but BD+ relies on code being downloaded from the disc itself to decode the data. The bar will just be raised now and new code will be added to newer titles.
The vast majority of customers for blu-ray technology won't give a rats arse about this. I certainly don't
We've been able to crack dvd's for years, but every house I visit still has a pile of purchased dvd's, and I know of not one person who backs them up. The only people who use the cracking stuff that I know, do so either directly from borrowed dvd's, or indirectly through downloading movies. A know a few who never buy dvd's, because they prefer some dodgy rip. Beats me why, I know the average quality, and I don't think it's worth it, especially since they usually end up just taking up drive space.
The same will most likely occur with blu-ray. Most, if not all, purchased blu-ray discs will never be backed up. This cracking will be employed only by people who don't want to pay. They most likely wouldn't anyway.
So why don't we just drop this 'legal backup' crap and admit that this is only going to be of use to people who have no intention of buying the 'legal' dvd's in the first place.
Slysoft has made this claim before. It turned out to be bogus. The crack allowed a user to copy a BD to the harddrive and play it back from there using only a specific version of Cyberlink's PowerDVD (3319a), but not to transcode, otherwise manipulate the content or play it back from a burned BD-R or BD-RE. (Wiki)
Now I'd like everyone to remember that BD+ is not an `algorithm` per se. It's not a DRM one way function. BD+ is a virtual machine and a blu ray disk is a full fledged program that runs under the VM and can even run native code to patch and upgrade the virtual machine.
This is akin to running a java application that can inspect the java VM.
It's a cat and mouse game for now.
*Wiki: http://en.wikipedia.org/wiki/BD%2B
Nature journal lied in Britannica vs Wikipedia Ask to retrac
Envisioneering n.
a. The application of false promises to scam money from the gullible. From Envision "to see a way" and Profiteering "to improperly profit by".
b. The profession of or the work performed by an envisioneer.
The whole problem with encrypted media is that in order for the customer to want to purchase it, they will need to access the media they have purchased. In order to access that media, they will at some point need the key(s) that unlock it. Simply put, the purchaser of the media has the locked media, but they will also have the key. If you give people the key to the lock along with the lock, it is only a matter of time before someone figures out how to get the key.
Wow, these guys are getting slow.
SJW: Someone who has run out of real oppression, and has to fake it.
It really does. If they "delayed" release of this, then they must have been waiting to "lock in" the format war so that they wouldn't have to go supporting both standards. Apparently the Blu Ray was easy enough for them and now that there is "vendor lock-in", this pretty much says that they really are dictating the markets. This really speaks volumes about marketing tactics.
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
Spelling/grammar nazis welcome (English is not my first language and I am trying to improve my spelling/grammar)
The crack allows you to play the media at full quality on systems that do not have a fully HDCP compliant chain. Example: If you have a home theater TV hooked up to an older HDTV that only has component inputs, or if you have a non HDCP video card, you can use this "crack" to play your discs at full quality.
Yes, and this makes me wonder if his crack was a futile attempt to make the folks bring back his favorite of the two formats. He inadvertently helped put the nails in HD DVD's coffin, now hes trying to make up for it. Well its too little too late I think, but its interesting and he probably had the crack all along for bluray, he probably just thought that releasing the HD one would drum up more interest in the format and kill off bluray....in the end it ovviously backfired.
Have you ever thought that your own paid-for movies are just data?
not every movie copied has to be stolen. and i doubt he was planning on stealing. especially since he said he also wants to wait for the prices of the movies to come down. which he has a point with. i mean, i've seen some movies go for $35.
1. This won't affect piracy, the places where you can get pirated movies are already full of BD releases so obviously those creating the pirated releases were already able to get the data (probably by ripping it out of the decoded video stream at some point).
2. Software patents or no, I believe that I should be able to do what I want with something I purchase as long as it's not harming others. Moving my movies from physical disks to my media server is not harming anybody.
3. As others have already said, DRM is fundamentally broken. To view DRM encrypted content you have to have the keys. If you have the keys then the encryption can't be secure. The sooner people (the content industries) realise this the sooner they can stop pissing off their legitimate consumers without actually denting piracy. This is a win for all. EMI have realised this, and I think a couple of other music studios, now it's just a waiting game until the rest of them get it.
As was posted earlier to /. regarding gaming, the studios et. al. should really focus on _customers_, not pirates because, duh, customers buy things. Some customers demand fair use rights by hook or crook (for example those that want for various reasons to have a lone htpc+speakers+monitor be your entire HT), and now that slysoft has provided for a fee, the _customer_ base for Fox. et. al. just expanded. The pirate base is probably unchanged by this, so really the studios should be celebrating, and the people that should really be cackeling incessantly are the ones that get the mandatory fee paid for providing the snake oil that is the useless AACS and BD+ "protections".
From the slysoft AnyDVD HD forum:
Xtrap1979
I can now make a collective order of all the Fox titles
http://forum.slysoft.com/showthread.php?t=14787&page=3
As long as the content ultimately gets decrypted/decoded to a format which is percievable to human senses, it can be cracked. There is nothing stopping a dedicated pirate from going, pixel by pixel, dumping the current pixel color values into a massive 2d array - in fact in the pre-deCSS days there was a program that worked with PowerDVD by doing that very thing. Dump all the pixelvalues as arrays into a screenshot bypassing Windows, then stream together the screenshots in a video format of your choice, and you've got uncompressed, perfect digital video. From there you can just run a male to male cable from your stereo out jack to an audio input, and you've got your sound. Mux them together and you've got everything you need to make your pirated copy. Its low tech, but it works. The fact is, no matter what these antipiracy groups do, they can *NOT* beat technology with more technology. Because all it takes is a bored geek with a soldering iron and some spare time to bring down their house of cards.
The blue ray encryption geniuses should read my subject line over and over and over and over.
Ok, yes, books are more than *just* dead trees with ink squirted on them. But guess what, they also *are* dead trees. . . with ink squirted on them. Meaning they share at least some of the properties dead trees. For example, if you needed to, you could burn them in a fire place for warmth, if it came down to it. They have a high quantity of cellulose, so if you needed a source of cellulose for some sort of chemical reaction, you could possibly use books (or other paper - magazines, newspapers, etc) if you had to.
I think the GP's point was, he should be able to backup his movies to his computer, because at a low level, Blue Ray movies are just data on the disc. He should be able to backup *any* data on a BD to his computer. Yes, movies are more than data, but they also *are* data too. The power of abstraction is that I can usually treat any two *similar* things similarly, even when they aren't identical.
So that I can drive a Chevy Corvette or a Cavalier, a Ford F-150 pickup truck, or a Toyota Camry all on the same road, because they are all automobiles. Yes, a pickup truck is *more than* a set of wheels, a frame, and a motor, which collectively fit within a certain standardized set of dimensions and under a certain maximum weight, but it *is* also a set of wheels, a frame, and a motor which collectively fit within a certain standardized set of dimensions and under a certain maximum weight, which is why it can drive on the same road as the other vehicles.
I think one of the distinguishing features of most geeks, that sets them apart from the general populace, is the fact that they have the ability to see, when it's useful, that "a book is just a dead tree", and to be able to figure out when that fact is useful. It is the foundational principle of much of engineering and computer science. Most people see the forest, or maybe the trees. A good hacker sees the forest *and* the trees.
Your response to the GP just shows that you just don't get it. It doesn't mean he's any less correct. I hope this post helps you to see that.
No, you don't. It's uncompressed, but not "perfect" because it still has the compression artifacts. Then, when you recompress it, it has two sets of compression artifacts. Although it's higher quality than aiming a video camera at the display, it's still more-or-less the same as the "analog hole."
To really count as "cracking," the attacker needs to get access to the decrypted but still encoded stream.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
24 Carat Pure Slashdot Gold.
We have a winner. I call for a slashdot version of the Godwin; any technical thread on the viability of any technology is over the moment anyone claims something to the effect of "... We could install Linux on it!"
However, asking "... does it run on Linux?" is still fair game.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
#1 is crucially for me. I've consolidated all of my media for convenience. I don't want bookshelves full of plastic boxes - my house is only so big. Furthermore, when I play my media, I don't want to sit through corporate marketing and propaganda. I just want to play my movie. So I *always* rip and encode a movie, and never bother with the DVD player software. If media companies can't bring themselves to sell me the product that *I* want, then I'm going to put a little effort into converting the product into something that *I* want. The free market should be about empowering consumers.
#2 is also important, because it limits the amount of price gouging that media companies can engage in. DVDs are "good-enough", and will keep price pressure on blue-ray. In the distant future, movies will only be released on blue-ray, and we need to keep the price pressure.
Furthermore, a lot of media is simply overpriced. There's a glut of it on the market - so media companies *must* be making money out of it. I wouldn't bother with torrents at all if I could pay $1-$2 for a legit download. Watermark it if you want, but let me take control of the media, so I can use it however I like.
Regardless of torrents, I spend a certain amount of media each year. Trying to control the distribution channel is a vain attempt to artificially keep prices high.
Like all pain, suffering is a signal that something isn't right
Information hates to be anthropomorphised.
I'm beginning to increasingly believe the old cliche, "Information wants to be free".
I am also beginning to increasingly believe that if you create a good enough dare, people will take you up on it, just to prove you wrong.
Mother nature likes to join in too sometimes, as one ship has shown us.
Jumpstart the tartan drive.
What I want to do is get an HD DVD burner (this is very hard BTW), a lot of blank media, and a Blu-ray drive, and then buy Blu-ray movies and convert them into HD DVDs. That way I'd really be sticking it to the man. Yeah. Wooo! You know it!
Erm. Ok. It's probably the stupidist idea ever, but what the hell.
You are not alone. This is not normal. None of this is normal.
HAHAHAHAHahhahaha, oh man, that was funny.
"...just sufficiently hard that the cat and mouse game is too much effort for the pirates."
Except the pirate have the time, and the skills, and the same computer power as the companies. Add to that they don't have an arbitrary budget and they get an Ego boost from doing it? do you really think these snake oil salesmen have a chance?
What next, a scheme for hiding porn magazines in your house from teenagers?
At least more and more media companies are beginning to realize the futility of these scheme, hopefully they will go away. Really, I want to buy by disk, put it on my computer and call it up when ever I want. That's the future, that is what consumers want and expect.
"You can't hide secrets from the future with math." - MS Frontalot.
The Kruger Dunning explains most post on
hmmm... I do see your point. However it does 'want to be free' in that people like to sharing information.
Which is a huge deal in that it's a very basic part of human nature. That is what the expressionmean. nobody believe information actually wants something, it's just a observation of human nature.
Like saying "Cars like to clump up in traffic." doesn't actually mean the cars like anything, it's just an observation of what car operators tend to do.
The Kruger Dunning explains most post on
So we're having a low-UID pissing contest . . . but in reverse???
You make a few interesting points, but I think there are technical problems with your solution. First of all, with a large enough sampling of keys, cracking the algorithm becomes easier. If every disk had a unique key, there would be a huge base of samples thus cracking the actual algorithm would ultimately become trivial. The second problem I see is that if you did that, the crackers would know exactly where the key resides and wouldn't have to go through the hoops of retrieving it from memory.
I do not claim to be an expert in this area and maybe someone more knowledgeable can enlighten me.
If the Satellite TV companies needed to protect a library built over years rather than just a current transitory stream, where they are in continuous contact with the player, their task would be much more difficult and conversely the rewards of cracking would be that much greater. Disk is different than broadcast.
This program was made possible by a grant from the Ultra-Humanite, and viewers like you.
cat and mouse game is too much effort for the pirates
Just to be clear, pirates aren't the ones playing that cat and mouse game. When you see a street vendor selling pirated copies of Star Wars, he's selling actual Blu-ray discs. He made bit-for-bit copies and he didn't need to decrypt anything to do it. The fact that Blu-ray is encrypted didn't do anything to prevent the pirate from stealing the content.
Decryption is needed by people who want to *gasp* watch the discs they legally purchased at BestBuy.
I will give BD+ credit though, it managed to hold them off for 8 months
Nope. 5 months.
According to the link they sat on this for 3 months for strategic reasons, waiting for the format war to end.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I don't think many people take the phrase literally. All it means is that it is very hard to keep a secret, human nature being what it is. Governments, companies, individuals all expend tons of effort to try and keep information locked down - and yet even the best systems are compromised.
In other words, the path of least resistance is to structure our society such that it isn't dependent on the keeping of secrets. The fewer secrets, the better - though all except the most extreme nuts would argue that some secrets are in fact necessary.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
and you should read mine over and over again.
The Kruger Dunning explains most post on
emph mine.
It seems like an appropriate saying to me--when information is locked down by secrecy or DRM, people will leak it or break the DRM. It's a nice expression that has meaning packed into it.
The same thing happened with cd and dvd. At first blanks were expensive (and generally half the capacity) but once it became the dominant media the economies of scale kicked in.
I'd say if Bluray becomes the dominant media (which isn't certain, I happen to think discs are doomed) we'll see spools of blanks for $20, just like the last two times.
Man, you really need that seminar!
Ah, your post takes me back to when DVDs were first being ripped. The same arguments of impracticality were being made then. "DVDs hold 8 gigs, and we only have ~40 gigs of HDD space to store the VOBs."
...or so I'm told.
There's a difference now, though. Back then, you had to recode the vobs with some crappy (by today's standards) codec like old QuickTime, or asf or something. Nowadays, DVDs can be recoded and stored in XviD format with a decent quality tradeoff. Likewise, BD can be recoded to x.264 and stored in about 4.5 gigs.
sig: sauer
Actually, I think the whole meme reads as such :
- Information wants to be free
- Entertainment wants to be paid
- You just want to be cheap
After 3 days without programming, life becomes meaningless
- The Tao of Programming
If you knew your recent history about hacking DRM, you would know that DirecTV is a perfect example. Their older cards had a weak DRM scheme where it would validate PPV requests at a certain time in a sequence. If you dropped the voltage at just the right time, you could make the set-top box think your PPV request was valid. There was also an easier way where you could clone a valid card. DirecTV had as many as *1 million* people stealing their service, so they did a 10+ million card swap. Expensive for them, but their new card had a good challenge-response scheme in the chip. Their new chips might be hacked, but not by many. I don't know a single person who hacks DirecTV anymore (and believe me, my nerdy Slashdot-reading 'friend' had a lot of customers). All the old boards like alt.dss.hack are all but dead because most people have just moved on (or starting hacking Dish :P).
So although DirecTV didn't produce an uncrackable system, it's 'sufficiently hard' for most people. Hence, they succeeded.
>if you create a good enough dare, people will take you up on it, just to prove you wrong.
That's sounds like a dare to me.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Its also an entropy thing. It may well be that like almost everything else we observe information follows a concentration gradient. That is if you concentrate information with a small group of people you have to constantly expend energy keeping it there. So if you decide gee I only want people who purchase a certain bit of plastic to watch my move you have to put alot of energy into keeping the movie on the plastic. Eventually it will get off if you don't. It may well be that DRM is like heating your house; the more insulation you have(stronger DRM scheme) the better but as soon as you take the input energy away (turn off the heater)/(complete your encrypting) the temperature will always equalize with the outside(the movie will propagate to places where the disk is not present).
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
> You can't hide secrets from the future with math.
Sure you can! With one time pads no one knows because they're secret.
The problem BD+ and ALL other DRM schemes have is that you can't keep the movie a secret from your customers because they pay to watch it! On other words, the problem is that these movies are not secrets.
I don't know about satellite TV in the US, but...
Virtually every satellite TV encryption system available has been broken, often many times over. These range from simple hardware hacks, such as subscribing to all channels then sticking a resistor in the decoder to prevent the card's EEPROM from being changed then unsubscribing again, through complete reverse-engineering of the cards. Cards were routinely modified to recieve all channels, card details were copied onto deactivated cards, and some were even re-implemented from scratch using a PIC soldered onto a PCB, or even using programmable cards.
These systems relied on security through obscurity - the pirates didn't know how the cards worked, so there was no way they could compromise them. Yeah, right...
This continued until very recently. Most newer encryption systems follow the pattern that BSkyB used with their analog and digital encryption systems. BSkyB's analog system relied on replacing the cards. Each time a revision of the cards was breached, they would issue a new one that fixed the holes in the last, and often fundamentally changed the way the card worked. Sky retired the system before it was fully compromised, but other providers kept using it. They had to face the fact that computing power had advanced so much that it was possible to brute-force decode the signal in real-time with no card.
Most modern cards are programmable, as are the CAMs (the modules that talk to the card, and pass the final decryption keys to the STB). So the current encryption systems change the firmware in both card and CAM periodically. Any breach will only work for a limited time. Even after all these years, the arms race continues - pirates have found all kinds of creative ways around these things, such as sharing a single card across the internet.
It's also possible to buy a PCI satellite card that allows a PC to recieve satellite TV. Combine that with an official card and CAM, which work as normal. You can't change the card, but you can do whatever you like with the decryption keys it generates, or the decrypted TV signals. That includes recording it, and uploading it to the internet. You could even do that in real-time if you wanted to.
The continual update thing is what Sony are trying with BD+. The idea is that the BD+ portion contains code, unique to each disc, which verifies that the player is authentic and hasn't been compromised. Once it's done that, it provides decryption keys to the player.
The general idea is that, while it may be possible to compromise AACS in the same was as CSS, each BluRay disc will contain unique encrpytion code for that disc. The idea is that each disc will need to be cracked individually, just like PC games. And we all know how well that approach works in practice.
This assumes that each BluRay disc will have completely unique BD+ code, and that's just not going to happen - they have to maintain compatibility with existing players, which means the BD+ code has to be extensively tested. Hackers can move much more quickly - even if they did have to crack each batch of BluRay discs individually, they'll be able to update their decryption tools much quicker than Sony can update their BD+ code.
It also assumes that nobody knows how BD+ works (security through obscurity), and that nobody will be able to independently implement a BD+ VM that pretends to be a real player. That's exactly what SlySoft have done. Their VM isn't complete yet - it only implements the portions of BD+ that current discs are actually using. It is known not to work on one disc (Hitman, I believe), simply because it uses parts of the BD+ VM that they've not implemented. Yet.
The point is that the pirates are far more agile than Sony, and have unlimited time in which to devise a solution. There is no such thing as making it too much effort. At least with the satellite TV analogy, you can't keep using a hack once the hole it exploited has been patched, so there is a time factor. There is no time factor with BluR
I would say that you are only half right. If Dish is easier to hack, saying that DirectTV is unhacked is like saying that my front door is secure because it's easier to throw a rock through the 4x8 window right next to it. Largely pointless for the conversation. After all, have you succeeded if the hacker is still getting the data through another channel? Then there is Netflix. Most of the people I knew that hacked DirecTV did were subscribers to DirecTV. They hacked the system for the PPV channels. At $19 a month for way better selection, I know a lot of people switched from hacked DirectTV to Netflix because it was a better value.
Thanks to the recent demise of HDDVD, additional cracking manpower has recently become available to work the Blu-ray problem.
Yet another success for IT project management.
Have gnu, will travel.
uncompressed MPEG-2
MPEG-2 is a compression standard
There is nothing stopping a dedicated pirate from going, pixel by pixel, dumping the current pixel color values into a massive 2d array
-- -- --
Actually, there is. It's called HDCP, and means that only "authenticated" output devices will get digital data.
I doubt those devices will stop a dedicated pirate with good soldering talents. The data has to go to the screen at some point.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
Although you have some good points, there seems to be something you are missing. Have you ever actually downloaded one of those re-compressed hi-def movies? I have. The file was 9 GB. As far as I can tell it was the original resolution. So it has been *hugely* re-compressed. I was expecting it to be a huge mess. But you know what? It wasn't. Yes, there were numerous compression artifacts, but I was too distracted by the fact that the overall image quality and detail and dynamic range were about 1.78 gazillion times better than standard def DVD. It was one of the first hi-def movies I have watched on my computer and I was not at all disappointed. Would the original Blu-Ray or HD-DVD that it was derived from have better image quality? I have no doubt. You can't just throw away 60% or 70% of the information in an image and expect to retain the same quality. Is the difference noticeable? Almost certainly. But that doesn't change the fact that even at a reduced quality the re-compressed hi-def material is vastly superior in terms of the subjective viewing experience compared to the only other drive space friendly alternative, regular DVD. In fact I feel like throwing all of my DVDs in the trash. To me the difference seems that huge.
Generally speaking I do see myself as a videophile, as someone who cares very much about a small difference in image quality. But until hard drives become vastly larger I simply will not have enough space to store hi-def movies at the original quality. So, as much as it disturbs me, I am going to have to compromise. The re-compressed hi-def files are still an order of magnitude improvement over DVD. To me, the difference between regular DVD and hi-def is a much larger jump than between laser disc and DVD. I suppose it might more approximate the jump between VHS and laser disc. So as a videophile without infinite hard drive space (and without much money or an HDTV) I am quite happy with our new format and with the people responsible for cracking BD+.
Although I don't really claim to understand how it is possible to re-compress so much without completely degrading the quality to an unwatchable level, I am wondering if studios have really outdone themselves. Maybe they just have so much more space and the newer compression algorithms are so good that they are able to encode their film transfers at a bitrate that is nearly without artifacts, a format truly made for videophiles. Of course the irony is that they are doing this to try to tempt us all (not just videophiles) away from the fully cracked and easily copyable DVD format into their spider web of uber advanced DRM that is BD+ (and AACS). Call it what you will but it *is* much more advanced than DeCSS. Especially Blu-Ray.
But it probably takes a lot of extra storage space to get rid of that last 20% of compression artifacts (or whatever). So a non-perfectionist can still have relatively breathtaking video quality at a much smaller size if he is willing to make some visible but acceptable compromises. I am guessing that each video has its own sweet spot in this regard, a point where video quality starts to degrade sharply. That's the point that the re-encoder has to find.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
It's the same problem as there is any IT security problem. Protectors need to be perfect every time, attackers need to be lucky/good (in that the protector missed something) once. Add to this basic fact the matter that there is an inherent architectural problem in content protection (you gotta give the attacker what they need or users can't see the media) and the fact that the usual relentless march of technology favors the attacker (more CPU power = easier key breaking, additional CPU power doesn't benefit the defenders) and I'm glad I'm not in the digital chastity belt biz, AKA content protection.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Yeah. I had it cracked after like a day. But I sat on it, because I didn't want to make anybody feel dumb.