Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blu-ray BD+ Cracked

Posted by kdawson on from the bigger-they-come dept.

An anonymous reader writes "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: 'BD+, unlike AACS which suffered a partial hack last year, won't likely be breached for 10 years.' Only eight months have passed since that bold statement, and Slysoft has done it again. According to the press release, the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market."

19 of 521 comments (clear)

  1. Re: BD+ Cracked by Panaqqa · · Score: 5, Insightful

    I'm beginning to increasingly believe the old cliche, "Information wants to be free".

  2. pwned by JeepFanatic · · Score: 5, Insightful

    When will people learn that making bold statements about their technology's security will only make them look like a fool when it is finally broken?

    1. Re:pwned by elrous0 · · Score: 5, Interesting

      They know damn well that no DRM is ever really secure. But the bread and butter of these companies is to sucker the studios into thinking otherwise. So they don't make such statements because they actually believe them, but to sell their DRM scheme. By the time it gets cracked (usually about 5 minutes after anyone bothers to try), they've already made their money and can laugh all the way to the bank.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    2. Re:pwned by mstahl · · Score: 5, Informative

      The copy protection is meant to prevent you from backing up your only copy of the disk to another device, which falls under fair use. Also, you cannot format-shift because of the copy protection. If you buy an HD movie and want to downsample it for use on your iPod, you can't unless you get past the copy protection.

      The studio's line works just fine if you're okay only watching your movies in your Blu-Ray player and only if the keys to the disks are still valid and only if you even still have a blu-ray player years from now. If you buy a movie you should be able to enjoy it howsoever you see fit as long as that doesn't involve charging people money to view it or selling copies you've made from it.

      Seriously. You must be new here 'cause I might just be modded redundant people have been over this so many times on Slashdot.

    3. Re:pwned by squiggleslash · · Score: 5, Informative

      There are a variety of reasons HD DVD was better from an end-consumer's standpoint, though not necessarily a studio's:

      1. It was more affordable
      2. It supported combo disks, meaning people buying movies could buy them safely in the knowledge they didn't have to upgrade every player in the house to HD DVD in order to play it
      3. It supported non-encrypted discs, meaning smaller studios had access to the format without the need to pay AACS fees that would significantly increase the cost of the media, and also meaning free content was possible
      4. It had everything two years ago that Blu-ray's BD Live and Profile 1.1 supports (but few Blu-ray players are capable of.) An HD A1 can do all the PIP, etc, features that are being announced today for future BD players
      5. For encrypted discs, "managed copy" was a compulsory feature, allowing manufacturers to produce movie jukeboxes, systems to copy movies to hand held devices, etc, safely in the knowledge that no HD DVD disk could ever be pressed that wouldn't be able to be a part of such a system
      6. There was one copy prevention system, AACS, which was a known quality and relatively uncomplicated. BD+ is a nightmare, several legitimate players have difficulty with it.

      The only real downside was the lower capacity, and with an HD DVD disk topping out at 30G (there had been a plan to increase that to 50G without increasing the price of the players by adding a third layer), capacity for an ordinary 1080p movie was never really an issue. I hear they had trouble fitting a lossless soundtrack on the Transformers HD DVD, one of the rare occasions the capacity was stretched, and there's some evidence that wasn't true either. My 2001 HD DVD has gorgeous quality, a DolbyHD lossless soundtrack, and a whole bunch of features, all on one single sided double layer disc.

      --
      You are not alone. This is not normal. None of this is normal.
  3. The link is a trap by nurb432 · · Score: 5, Funny

    Its not really details of how it works, its a FBI sting to get people that are intent on learning 'forbidden knowledge".

    --
    ---- Booth was a patriot ----
  4. Bogus claims by Anonymous Coward · · Score: 5, Interesting

    This is completely bogus marketing on Slysoft's part. They have "broken" the current titles by extracting the code from each one, but BD+ relies on code being downloaded from the disc itself to decode the data. The bar will just be raised now and new code will be added to newer titles.

  5. I'll know it when I see it by AchiIIe · · Score: 5, Informative

    Slysoft has made this claim before. It turned out to be bogus. The crack allowed a user to copy a BD to the harddrive and play it back from there using only a specific version of Cyberlink's PowerDVD (3319a), but not to transcode, otherwise manipulate the content or play it back from a burned BD-R or BD-RE. (Wiki)

    Now I'd like everyone to remember that BD+ is not an `algorithm` per se. It's not a DRM one way function. BD+ is a virtual machine and a blu ray disk is a full fledged program that runs under the VM and can even run native code to patch and upgrade the virtual machine.

    This is akin to running a java application that can inspect the java VM.

    It's a cat and mouse game for now.

    *Wiki: http://en.wikipedia.org/wiki/BD%2B

    --
    Nature journal lied in Britannica vs Wikipedia Ask to retrac
    1. Re:I'll know it when I see it by webmaster404 · · Score: 5, Funny

      If they can patch it we can re/unpatch it. Once the VM ends up being cracked we can do whatever we like with it, like install Linux on it.

      --
      There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
    2. Re:I'll know it when I see it by conteXXt · · Score: 5, Funny

      "we can do whatever we like with it, like install Linux on it."

      24 Carat Pure Slashdot Gold.

      We have a winner.

      --
      The truth about Led Zep should never be told on /. (Karma suicide ensues)
  6. Re: BD+ Cracked by TheLinuxSRC · · Score: 5, Insightful

    The whole problem with encrypted media is that in order for the customer to want to purchase it, they will need to access the media they have purchased. In order to access that media, they will at some point need the key(s) that unlock it. Simply put, the purchaser of the media has the locked media, but they will also have the key. If you give people the key to the lock along with the lock, it is only a matter of time before someone figures out how to get the key.

  7. Re:why? by lilmunkysguy · · Score: 5, Insightful

    I am beginning to ask myself: why are we always happy because of such news? I mean yes, we are all little pirates at the bottom of our hearts and we all liked Robin Hood, but shouldn't we start thinking more responsible towards how technology advancement can occur? We are happy because if we purchase a product, we feel we should be able to use it however we want to. DRM puts restrictions on how we can use the product we own. Removing those restrictions and allowing more freedom makes us happy.
  8. Re:unimportant by Stuart+Gibson · · Score: 5, Interesting

    I agree that is the reason for the vast majority, but there are some cases where people have a legitimate reason. I'm in the process of ripping my 600+ DVDs to an increasingly large hard drive array so I can access them all around the house without the need to get the discs. I know it's unusual but there are legitimate reasons.

    --
    It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
  9. There is always somebody smarter than you are by Danathar · · Score: 5, Funny

    The blue ray encryption geniuses should read my subject line over and over and over and over.

  10. Re:Barrier to Ownership by Anonymous Coward · · Score: 5, Insightful

    There is a 3rd option: being able to view the High Definition movie you paid for on a non-certified HDCP screen, without quality "downgrading".

  11. Re:Barrier to Ownership by rmach · · Score: 5, Insightful

    #3 Backing up movies to give to the kids to use because they will scratch them up where they won't work anymore. After that happens, make a new copy from the original.

    I own a large collection of DVDs and this is a use I do for some of them that watch. I also do this for CDs as well.

  12. Re:Barrier to Ownership by sweepkick · · Score: 5, Interesting

    How about the most important 'legit' reason (for me anyway): being able to play blu-ray media on Linux?

  13. Re: BD+ Cracked by oni · · Score: 5, Informative

    cat and mouse game is too much effort for the pirates

    Just to be clear, pirates aren't the ones playing that cat and mouse game. When you see a street vendor selling pirated copies of Star Wars, he's selling actual Blu-ray discs. He made bit-for-bit copies and he didn't need to decrypt anything to do it. The fact that Blu-ray is encrypted didn't do anything to prevent the pirate from stealing the content.

    Decryption is needed by people who want to *gasp* watch the discs they legally purchased at BestBuy.

  14. Re: BD+ Cracked by Anonymous Coward · · Score: 5, Interesting

    I don't know about satellite TV in the US, but...

    Virtually every satellite TV encryption system available has been broken, often many times over. These range from simple hardware hacks, such as subscribing to all channels then sticking a resistor in the decoder to prevent the card's EEPROM from being changed then unsubscribing again, through complete reverse-engineering of the cards. Cards were routinely modified to recieve all channels, card details were copied onto deactivated cards, and some were even re-implemented from scratch using a PIC soldered onto a PCB, or even using programmable cards.

    These systems relied on security through obscurity - the pirates didn't know how the cards worked, so there was no way they could compromise them. Yeah, right...

    This continued until very recently. Most newer encryption systems follow the pattern that BSkyB used with their analog and digital encryption systems. BSkyB's analog system relied on replacing the cards. Each time a revision of the cards was breached, they would issue a new one that fixed the holes in the last, and often fundamentally changed the way the card worked. Sky retired the system before it was fully compromised, but other providers kept using it. They had to face the fact that computing power had advanced so much that it was possible to brute-force decode the signal in real-time with no card.

    Most modern cards are programmable, as are the CAMs (the modules that talk to the card, and pass the final decryption keys to the STB). So the current encryption systems change the firmware in both card and CAM periodically. Any breach will only work for a limited time. Even after all these years, the arms race continues - pirates have found all kinds of creative ways around these things, such as sharing a single card across the internet.

    It's also possible to buy a PCI satellite card that allows a PC to recieve satellite TV. Combine that with an official card and CAM, which work as normal. You can't change the card, but you can do whatever you like with the decryption keys it generates, or the decrypted TV signals. That includes recording it, and uploading it to the internet. You could even do that in real-time if you wanted to.

    The continual update thing is what Sony are trying with BD+. The idea is that the BD+ portion contains code, unique to each disc, which verifies that the player is authentic and hasn't been compromised. Once it's done that, it provides decryption keys to the player.

    The general idea is that, while it may be possible to compromise AACS in the same was as CSS, each BluRay disc will contain unique encrpytion code for that disc. The idea is that each disc will need to be cracked individually, just like PC games. And we all know how well that approach works in practice.

    This assumes that each BluRay disc will have completely unique BD+ code, and that's just not going to happen - they have to maintain compatibility with existing players, which means the BD+ code has to be extensively tested. Hackers can move much more quickly - even if they did have to crack each batch of BluRay discs individually, they'll be able to update their decryption tools much quicker than Sony can update their BD+ code.

    It also assumes that nobody knows how BD+ works (security through obscurity), and that nobody will be able to independently implement a BD+ VM that pretends to be a real player. That's exactly what SlySoft have done. Their VM isn't complete yet - it only implements the portions of BD+ that current discs are actually using. It is known not to work on one disc (Hitman, I believe), simply because it uses parts of the BD+ VM that they've not implemented. Yet.

    The point is that the pirates are far more agile than Sony, and have unlimited time in which to devise a solution. There is no such thing as making it too much effort. At least with the satellite TV analogy, you can't keep using a hack once the hole it exploited has been patched, so there is a time factor. There is no time factor with BluR