Slashdot Mirror
Doom9 Researchers Break BD+
An anonymous reader writes "BD+, the Blu-ray copy protection system that was supposed to last 10 years, has now been solidly broken by a group of doom9 researchers. Earlier, BD+ had been broken by the commercial company SlySoft." Someone from SlySoft posts a hint early in the thread, but then backs off for fear of getting fired. The break is announced on page 15.
The best part of all: the DMCA makes it perfectly legal to use with Linux since OEMs don't provide linux codecs.
Sony isn't having a ton of luck building an installed base of users of BD, even after buying their competition into submission. If they obsolete their installed base they have to start over again with thet negative examples of HD-DVD and the additional strike of cyclic obsolescence against them. It would be too obvious that the purchase of their content is actually a short term lease. That would be the death of BluRay before it's even well started, and it wouldn't even buy them an additional year before it was cracked again.
It's more likely that we're nearing the end of this DRM nonsense forever. Finally!
Or am I too optimistic of their intelligence? History does weigh heavily against my hopefulness here.
Help stamp out iliturcy.
Looks like the last barrier against BR adoption has been bypassed. Cue the cheap players and burners and BR might actually rise from its coma and take the market from DVD.
I'm hoping that won't happen because a world ruled by Sorny is surely worse off. But don't fret, Sorny will do everything in its power to prevent mainstream adoption.
What's more impressive is that the thread was started August 24th,
which means it took them 5 weeks and a few days to break BD+.
Kudos to them.
Is this just for MKBv7 (Media Key Block) or is BD+ permanently broken?
[Fuck Beta]
o0t!
> That being said BluRay burners are expensive enough, and the blank media is expensive enough that I'll probably
> still buy my BluRay movies on Amazon.com.
Which is perfectly good. I didn't buy my first DVD though until the protection was broken and I have no intention of buying anything BD until it is broken. I'm sure I'm not alone in this. Who wants to buy a BD movie until they can pull a copy to a DVD for portable players off in the rest of the house, the in car players, etc. Until we can yank clips out of one. Until we can play then on our non-Windows machines.
Once stable build of mplayer support this stuff and the battle of key revocation settles down I'll think about investing in the stuff. Not before.
Democrat delenda est
Maybe this breakthrough will finally make BluRay a popular format, so far I haven't seen much (or any) pick up.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Skip the BD player deal, buy the Disc at retail and then download their platform shifted unencrypted movie backup through P2P*. The full BD+ library should be available within a few days, if it wasn't already.
* Even though it's inherently fair, this method may not be legal in your jurisdiction. Consult your attorney before using.
Help stamp out iliturcy.
Disrupting the consumers from viewing the new shiney will actually make them sit up and pay attention. I hope this screws a lot of people really hard to the point they say "HEY! WHAT THE HELL!"
I think this has actually happened a couple times. My first negative experience with DRM was as a kid - I bought a video game that kept insisting I 'insert the original disc'. Turns out they fubared the pressing such that even the original disc was seen as copied - didn't impress me with the quality control. It was something where pulling even a single disc and trying it out would have found the problem.
My second was with an E-Book program. I decided to check out this 'ebook' thing, downloaded the one Stephen King wrote years ago - the idea was that if you liked the book, you paid for the next installment. While I found the installment nice, the reader broke so many things that after reading it I uninstalled the reader and therefore the book. Never again. For example, it mostly broke copy/paste, as well as various other things in attempting to stop screen captures.
I mean, if I had wanted to copy the book, it would have only taken a few hours of my time to [i]retype the bloody thing[/i] using dual screens or even two computers. It wasn't a hugely long book, and I am a trained(if out of practice) typist. If I wanted to do a lot of books, some sort of OCR system would work.
Or just find & download it off the internet today.
Especially with the popularity of MP3 players that are quickly turning into media players, the 'average user' is seeing the effects of DRM more and more. Especially when they buy that DVD duplicator and discover it won't work for 'copyprotected' discs.
I don't read AC A human right
A lot of people are just not buying content - even though they would like to buy content - because they know that money spent that way is wasted and they don't want to throw their money away again.
At the risk of my karma, I'm going to mention that no one I know seems to fall into your generalization of people not buying Blu-Ray discs or players because of DRM. The most commonly cited reason for discs is lack of ubiquitous players (in cars, portable players, friends houses, etc) and the most common reason cited for players is the expense of a Blu-Ray mechanism. In fact, breaking the DRM makes Blu-Ray riskier for investors and therefore likely will increase costs (higher risk means higher cost) in the short term.
All in all, because Blu-Ray is 10x the bandwidth of any online "HD" movie source (and I use that term loosely for online offerings) and because online DRM is so much worse, I don't see it going away. Instead I see it likely to win over DVD-- DRM or not-- but not until manufacturing costs ramp down due to better technologies and economies of scale.
Consider this. Is a DRM-free H.264/AAC mp4 file more convenient, or is a DRM-laden disc that you can play in your car, computer, PS3, portable system, or friend's house by carrying around a 16 gram disc? I suspect for geeks it's the former, but for most consumers it's the latter, and it's really just about making players ubiquitous. The odd player out is, of course, the iPod. It's the one thing that is both ubiquitous and doesn't favor the disc. If the Blu-Ray consortium came to some agreement with Apple there it would go a long way towards gaining acceptance.
E pluribus unum
Direct link to announce: http://forum.doom9.org/showthread.php?p=1207578#post1207578
> If most BluRay players are hardware based, then as a movie studio I'd be tempted to simply write
> some BD+ code that looked for existing software players and banned all of them. Then the
> "trace a licensed player" step outlined above suddenly turns into a silicon reverse engineering
> problem instead of a software reverse engineering problem. Much harder.
Even then, you can still run the BD+ code in the VM, and trace it under the VM, and figure out what makes it fail, and ensure that it sees a VM environment which doesn't look like an existing software player. Or any kind of software player. And you may have the ability to modify the software player to explore what triggers the problem (a lot of people who's software players no longer play the latest releases would be rather thankful for a patch).
Harder, but a boatload easier than tracing silicon.
The BD group pretty much has to outlaw software players entirely to avoid this kind of attack.
c.
Log in or piss off.
Yes I know. What I meant was, what proportion of BluRay watching people watch the movies on their laptops or desktops, vs a dedicated hardware player or PS3. And yes I expect the PS3 does a lot of it in software too. Point is, I also expect tracing the BD+ VM in a PS3 to be quite hard.
I agree that the BD group may eventually be backed into a corner over software players, at which point it'll boil down to pure economics. I read that the vast majority of BluRay players in the world are PS3, although of course, that doesn't mean the vast majority of used BR players are PS3s.
I honestly have no idea what proportion of BluRay watchers watch via their PCs, but the equation is simple - take a graph of disc sales. Presumably at some point its BD+ program is cracked and sales will fall as high quality rips show up on the internet - I'd imagine the graph looks like a sharp rise upwards on release week followed by a gradual decay into nothingness over time, with a sharp drop around the time the BD+ program is cracked (assuming it lasts long enough that you can even get a sales baseline, ie, not within a few days).
Now let's say 10% of BluRay watchers use a PC, so reduce your project sales by 10% but remove the sharp drop due to piracy, take the integral of both graphs and see if the difference is positive. If it's big enough it might be worth abandoning PC playback to avoid the piracy (or shift that sales cliff to a point where sales were low anyway).
If the economics don't look like that, then the BD group needs to try and get PowerDVD and friends seriously buffed up, security wise. It's certainly possible to make x86 code annoying and difficult to reverse engineer, but very few people can do it well. I'd imagine most of them don't work for BluRay player software companies.
I'd be very interested in a chart of every BluRay title released and when it was cracked, but I doubt such information is publically available.
Unfortunately this will probably just mean that a ton of consumers will be SOL when they implement new encryption schemes on BluRay that aren't supported by some existing players.
Good! Maybe then the consumers can start to understand why DRM sucks, especially systems where their decryption keys can be disabled after the purchase. It's unfortunate that they'll have to learn this the hard way, but there is not much we can do about that.
They estimated that it'd last for 10 years. It took the Doom9 forum people 5 _weeks_ to hack it. That's like, less than a hundredth of the estimate (i.e. 5/520).
I wonder. They must not have heard that architectures with an obfuscated instruction set are also reverse-engineerable? I distinctly remember reading an article on the Transmeta VLIW machine's opcode and instruction packet format... and that one has never been officially released at all.
I wouldn't really expect that. The PS3 runs Linux and is much more like a computer then a DVD player. It probably does the decoding in its PowerPC multicore processor, not in a special chip.
"The content must contain sufficient information for the content to be decoded. Anything one software can do, another software can do (see Knuth, et seq)."
From the copy of "Beneath Apple DOS" (copyright 1981) that happens to be on my shelf, page B1;"It seems reasonable at this time to say that it is impossible to to protect a disk in such a way that it can't be broken. This is, in large part, due to the fact the diskette must be bootable; i.e. that it must contain at least one sector which can be read by the program in the PROM on the disk controller card. This means it is possible to trace the boot process by disassembling the normal sector or sectors that that must be on the disk."
So they have been flogging this dead horse for 27 years. High marks for persistence, low marks for, well, everything else.
Anyone want to package this tool up with the PS3 mplayer vo driver for the PS3 Ubuntu Intrepid release?
--
make install -not war
It's more likely that we're nearing the end of this DRM nonsense forever. Finally! Or am I too optimistic of their intelligence? History does weigh heavily against my hopefulness here.
Intelligent or not, either they will cave to market pressures, or the format will vaporize and another will take its place.
And there are benefits to a pirating marketplace. I am one of those people who would never buy a movie, but would rent/copy if the means are available to do so, rather than download. By doing so I am supporting the format and at least paying a royalty. I don't want the box or any extra crap anyway, just the movie to put in a binder, so I'm saving the cost and waste of the packaging, which are the most expensive components to manufacture (printing the artwork is #1).
I don't see why they don't just authorize the copying of rentals. Suppose a movie rental generates 30-40% as much revenue as a movie purchase for movie studios and the format developer. The format developer gets another piece when I purchase the blank media to copy onto. The studios could compel rental companies to let them track rentals to form a database of consumer activity that could be sold to marketing companies. Distribution costs would also come way down. Add those revenues and savings together plus a small rental fee hike, and you end up with the same revenue as hard-copy purchases, all without stuffing landfills with unwanted discs and cases.
Also, by owning a playback device of the movie format, I become a welcome recipient of bought movies as gifts. Over the years I think I've been bought about 30 DVD's, more revenue they would never have gotten if I did not support the format.
Think about it. Did DVD reach its peak profitability before or after CSS was cracked? I believe I'm one of a large enough market segment that will never buy a Blu-Ray player until I have the means to copy them, nor will I upgrade to an HDTV until then. I bet a movie media format cannot survive without supporting us, and TV manufacturers should really get behind this.
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
Very, very aptly put. There are far too few good movies out on blu-ray that aren't available on DVD for me to make the move. Even if you gave me a blu-ray player, I'd still buy movies on regular DVD when possible. Why? Because the studios have made such a mess of this, with the heavy-handed DRM and high prices (blu-ray is high considering how not-so-hugely-better than DVD it is), that I'm not even convinced yet that blu-ray is here for good, not matter what corporate execs claim. To most geeks that sounds like an old fogie griping about new-fangled gadgets, but blu-ray isn't better enough to warrant upgrading and there is simply not enough good content available only in blu-ray to make enough people upgrade. It doesn't occur to most geeks that a new format that actually is superior might tank, but I'm starting to wonder. I think maybe the only reason it has survived this long is because of Sony pushing it so hard. Will that be enough three years from now, when people are still buying DVDs and downloading movies to their computers? I guess we have to wait to see, but I'm glad I don't have any money invested in blu-ray.
I dream of a better world... one in which chickens can cross roads without their motives being questioned.
>I don't know why the hacker community keeps bothering with breaking these DRM schemes.
It's an extremely rewarding intellectual pursuit. Some people do crosswords, some do pure math. Reverse-engineering, to me, is the pinnacle of engineering. The purest form.
There's never just one reason, nor one idea of whether or not it 'helps' the format (in this case), but you don't do it if you don't enjoy it, cause the pain (frustration) and suffering (hours and hours of tedious work) during the bad parts... you don't suffer through that if you don't get the high when you break through.
These DRM schemes especially are like challanges, calling you out. "Here's what we want you TO NOT DO.", nay, "Here's what you CAN'T DO."
Such challanges seldom go unanswered. It's human nature to answer the call.
(Good work, Oopho2ei et.al, I applaud you)
Belief is the currency of delusion.
I understand where you're coming from, but it probably will make Blu-ray less attractive.
The issue with BD+ is it's the equivalent of the hacks game writers used to put into games for 8-bit computers in the 1980s that would do little timing loops and check various memory locations to make sure that nobody's plugged in any hardware they shouldn't. These hacks were almost always universally awful, with users having to screw around trying to find combinations of things that'd work to play games afflicted with these "copy prevention" methods. And, whenever Commodore or Sinclair released an updated computer, it'd break a certain percentage of those games.
Right now there are tens of models of Blu-ray player. BD+ has posed to be a problem even so, but for the most part the problems have been "containable" with manufacturers releasing firmware updates to fix the issues as they've come up. Another thing that's made this containable has been the fact that the system hasn't been universally deployed - indeed, the vast majority of discs do not have this ACM applied - and where applied the hacks have been simple checks of the "I run, therefore I am" type. The only VM they've been looking for is Slysoft's.
Now two things are going to happen. The first is that the BD+ scripts are going to get ever more complicated. This increases the number of Blu-ray models that'll get false positives. Worse, the false positives will increasingly be because of a bug in the script, not the player, which will make player manufacturers a little less happy about patching their firmware to fix the problems.
The second - unrelated to BD+ being cracked - is that the number of Blu-ray player models is going to increase, and the number of manufacturers involved in Blu-ray will start to become somewhat greater than the "We're all a bunch of happy Blu-ray supporters" group that currently make players. Virtually everyone making Blu-ray players today wants Blu-ray to succeed enough to be prepared to do anything to do it. This is unlike, say, DVD where most player manufacturers know that DVD has succeeded and therefore just want to make money.
Taken together: we're looking at increasingly unreliable scripts, with many, many, more opportunities (player configurations) to fail, and consumers rioting because they're finding the only way to watch every movie they buy or rent is to own two or three players, or a Playstation 3 (which'll probably be the only Blu-ray player everything gets tested on.)
CSS was a predictable algorithm that could only be implemented one way. When it was cracked, that was not a disaster for DVD, indeed it probably helped the format.
AACS is a predictable algorithm that can only be implemented one way. When it was cracked, that was not a disaster for HD DVD or Blu-ray, indeed it probably helped the HD formats.
BD+ is an unpredictable algorithm based upon technologies that have failed in the past, will continue to fail, and which have failed for Blu-ray already. The ONLY way the Doom9 crack is going to be helpful for Blu-ray is if it convinced Fox et al to drop the technology. As for me, it's on my list of reasons why I'm not going to get Blu-ray. If the BDA removes BD+, and works on Blu-ray's other flaws, I might reconsider my stance. But everything's going to get worse, and Hollywood will blame pirates in the same way as some idiot who accidentally shoots and kills his wife because he didn't expect her to enter the house via the backdoor blames "criminals" for making him scared in the first place.
You are not alone. This is not normal. None of this is normal.
But, of course, the patch containing the new key would have to -- you guessed it -- contain the new key! So then you just compromise the new key (ad infinitum) by intercepting the patch. If the PS3 can read the key from the patch, so can you.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
While I found the installment nice, the reader broke so many things that after reading it I uninstalled the reader and therefore the book.
Same for downloaded mobile games. Pay $ for a game then find a few months later that you have to master reset the mobile as it's gone funky. This wipes out the game as well. Consumers can't backup the game or other purchased content so they are screwed. Why do they do this? Because no mobile game company wants their product transferable. Same with your ebook content. That's the real problem with DRM. You don't buy content these days, you buy content with DRM which effectively means you don't own the rights to it. 90% of the consumers out there don't know this and don't care about this until they want to rip it or copy it so they can archive the original somehow.
But for DVD, that doesn't matter anymore as the proliferation of the $2 DVD shows. A piece of plastic with some shiny foil is much cheaper to make than reels of mylar, casing, mechanisms and assembly that VHS requires. So they pound out these DVDs for almost nothing and they are winning, because it's a lot more convenient to buy the package= disk+shell+pretty pictures, than download it and set up equipment/software to see it on screen.
With multiple TV/monitors in homes nowadays, it's much easier to move a disk from player to player than network a home.
What is more apparent to me is that there is a stratification between DVD and BluRay.
Sure, if you want top viewing experience on a large screen, then go BluRay. If you just want to watch the movie then DVD is fine.
Archiving BluRay isn't going to make a huge world wide difference in how the general DVD viewing public react to that. They'll still be watching cheap DVDs.
Don't be apathetic. Procrastinate!
BD+ was itself a 'firmware' hack. They try to cover that up a bit, putting texts on your Blu-Rays, like: "Even though Blu-Ray gives you the highest definition video, your player may need an update to play properly." I reckon you can do this exactly once; but I doubt they can pull that stunt again: people pay good money for their players, and want to be able to play their discs sans having to do firmware upgrades, or running back to the store every six months to get someone else to do it. So, yes, I think they're pretty much stuck with BD+ for a while.
Once SOny notices that happening, they'll make sure to give every PS3 (or small groups of PS3s) it's own key. Then, when one is compromised, they know more or less who did it, and don't provide an update for those PS3s when they revoke the key.
How many PS3's are you willing to buy?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant