'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.

Physical distribution media?

[quenda]

How quaint.

Re:Physical distribution media?

[rsmith-mac]

That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.

The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.

Re:Physical distribution media?

This article shows that torrents are another method you stupid idiot.

Re:Physical distribution media?

[quenda]

Your movie has plot holes the size of the grand canyon, and you are worried about minuscule defects in the presentation?

Re:Physical distribution media?

Well, if such high quality isn't needed then why bother with 4k at all?
UltraHD raison d'etre is that there's people that care about quality... and the quality of a streamed 4k is a far cry from the real deal. No need for cinema sized screens, just a 55" screen and reasonably good eyesight.

Re:Physical distribution media?

[bill_mcgonigle]

Why do you need such high quality? At that point it seems like it is all in the mind

All vision is ultimately in the mind and 4K is well within the bounds of human vision but more important than the resolution is the improvement in color gamut with this generation. Blu-Ray, for instance, cannot encode all the information captured by a RED camera or a scan of a good 70mm film.

Every time a new format comes out people always ask why the old one wasn't good enough. This will last until people can't tell the difference between a format's video and their natural vision. We have many more cycles of this to endure, it appears.

Re:Physical distribution media?

[squiggleslash]

While I seriously doubt I could tell the difference between a 4K and 720P movie from my couch to where my current 50" TV is, I don't think 55" TVs are as rare as you think they are. Somewhere between 50 and 55" seems to be the median TV size when I enter Best Buy or Walmart these days. I would imagine people buying 4K TVs skew towards buying the larger models, so they're even more likely to end up with a TV substantially larger than 55" than most.

Re:Physical distribution media?

[Hognoxious]

It's Smurfs 2. What else could you possibly want?

Re:Physical distribution media?

[Bob+the+Super+Hamste]

Hell 4k can't even encode all of the data in good 35mm film. I speak as someone, a dedicated amateur photographer, who owns a nice film scanner and took the time to master it as well as the camera and lenses I own so take that at what it is worth.

Using good quality 35mm film with good high quality lenses with multiple scans of a frame one can approach the claimed resolution of the scanner (10,000DPI) which after some cropping of the image stack produces an image of around 130 megapixels at 16 bits per channel of color depth of which there is about 80 mega pixels of data there. While I do upscale the images I always down scale them back as the scanner is diffraction limited below its output resolution so I use super resolution to work around that and get as much actual information there as I can.

In theory if I had a scanner that had better resolution (very difficult to find) and really took the time to setup a shot in a perfect environment (no movement, perfect focus) and had lenses that were perfectly sharp at wide open aperture of f/1.4 (I don't) I could get close to 400 megapixels but likely only out of B&W film but this is just theory. Going up to 120 or 70mm film and you are now looking at single frames that have 400-500 megapixels of actual data in normal circumstances.

Re:Physical distribution media?

You're thinking of Informative.

Re:Physical distribution media?

[Bob+the+Super+Hamste]

I still shoot film mostly because I like film and to replace what I have with digital of comparable quality would require spending well over $10,000 which pays for a lot of film and film processing. That is the problem with having an old entirely manual camera where I would have to replace not only the chassis but also all of the lenses, and most of the accessories. I am scanning in all of my old stuff, which is a lot, and I had forgotten that I have taken some really nice photos, as well as a good amount of crap, so that is fun.

When I scan in things it is always the negatives as most prints now are actually printed at like 300dpi so there is a lot of info on the negative to be had that is lost on a print. Also the film has a larger dynamic range than is represented on most prints so on some images it is worth while to do 3 scans where you are properly exposed, over by 3 stops, and under by 3 stops and then combine them in software as if you were doing a HDR picture.

I do not develop my own film but am lucky enough to have a quality camera store nearby that does the processing at their larger store and they do a good job. The turn around time is about a week and in most cases that is fine for what I do, although there have been times when I have needed things sooner. In those cases I will use my wife's digital point and shoot, 20.1 megapixel diffraction limited, take a bunch of photos and post process them to get a better quality image with dramatically lower noise and better sharpness. Doing this I can get some entry level professional camera level quality, I end up with the same 20 megapixels, out of a cheap consumer camera without the expense.

When it comes to photography remember the best camera is the one you have, and one can create great images with low quality camera if you understand that camera. So one can have a really good picture (good composition, focus, and lighting) that is a low quality image (low resolution, poor depth of focus, diffraction limited, lens and/or chroma artifacts). For most people a cellphone is good enough, you can get reasonable 5"x7" prints off of it and post to facebook and the like without having to worry about the technical aspects. However you would end up with a really shitty 2'x3' poster or art print using that same image because the overall image quality isn't there.

The Smurfs 2?

[Kid+CUDA]

So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme.

And their first accomplishment is to release The Smurfs 2?

Re:The Smurfs 2?

The decryption key isn't included in the disk, it must be downloaded from Internet. Yes, you need Internet connectivity to play those disks.

Re:The Smurfs 2?

[Mashiki]

One could simply modify a HDCP TV to extract deobfuscated image.

You don't even need to do that. There are already MiTM devices that will do it for you, you can even buy them on monoprice.

Re:The Smurfs 2?

[dwywit]

Here's something to think about:

Digital Cinema Packages (DCPs) work like this - you own a cinema, you have 1+n screens, meaning 1+n projectors. To screen most releases (very few are released unencrypted), you have to have a DCI-compliant system. Simply put, this means a server with a serial number, and projectors each with a serial number. Each projector has a decryption board inside (no software decryption here, it's all proprietary hardware, look up "enigma board"), with a serial number. Each film is delivered encrypted (either on HDD or downloaded), and a decryption key is delivered via email. The decryption key authorises *that* server to show *that* film via *that* projector from *this* date to *that* date.

The film (data stream) is encrypted until it hits the decryption board inside the projector. So serial numbers and decryption data have to match up all the way through the delivery system until it becomes glowing light. If you take an inspection cover off the projector, it won't do squat until a tech arrives with another key to re-authorise that machine to show films. Of course it's possible to drill and cut a hole in the metal to bypass the "cover open" switch, but that's also trivial to overcome - light-sensitive switch, perhaps, requiring a dark room to defeat. But I digress.

What part of this makes home viewing of films unworkable? IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

The system of selling discs to consumers that will only play if a BD player has an authorised matching key (that is common across brands, and is easily accessed in RAM) is not going to last much longer. The system of encryption in DCPs is orders of magnitude more difficult and complex to defeat, but I can see it coming if the copyright lobby gets its way.

Re:The Smurfs 2?

[JaredOfEuropa]

That sounds like a decent scheme for cinemas, but for home viewing it's not going to work. Unless it is deemed acceptable that my entire bluray collection is bricked when I replace my TV, or that I have to go and obtain new keys for everything in my collection. Sounds like a lot of hassle... and here I'll repeat an age old bit of wisdom regarding cumbersome DRM: many people pirate stuff not because they don't want to pay, but because pirates offer a better product: Free of DRM and ads, often in a choice of formats and bitrates suitable for playback on a variety of devices (including offline playing), available for immediate download. With DRM you are not protecting your content effectively, but you are punishing your legitimate paying customers. Hell of a way to run a business.

Though I agree that the idea of some form of tamper proof DRM scheme for home viewing still appears to be the industry's wet dream. They really ought to take a cue from the music industry who have embraced the idea of convenience first, and in a lot of cases have agreed to do away with DRM

Re:The Smurfs 2?

[SuricouRaven]

DVD's are 'encrypted.' CSS is basically a lesson in how not do do crypto. It's so throughly cracked, you can buy novelty tshirts with the (very short) decryption algorithm on.

Alternative to AACS 2.0 being cracked

[Chrisq]

Of course the alternative to AACS 2.0 being cracked is that someone accessed the video pre-encryption. This could have been an inside job at the studio/production companies, or they could have been hacked.

Slashdot is broken

Slashdot is broken in multiple ways.

The mobile site doesn't display at all in Firefox. The page source shows that content was served, but it's broken enough to not display anything at all. There are features of the desktop interface, like the sliders to change comment thresholds, that simply aren't usable for mobile users.

On the desktop interface, links to older stories or to show all the stories on a previous day do not work at all. Instead, the front page is served up with the most recent stories.

All of these have been broken for several hours, and there are comments about it two stories ago. If there are issues with the server, the right thing is usually to notify users that there's a problem and it's being addressed. Nothing of the sort has been posted. I can't think of any good reason to test out changes on a production site.

If you're reading this, whipslash, this is a really bad experience for your users. Of course, you've made space to cram in more ads on comment pages, so all is well, right? Perhaps you should focus on building real value to this site instead of cramming in more ads to increase revenue in the short term. If you piss off enough users, that revenue will dry up in the longer term.

Re:Slashdot is broken

[TheRaven64]

Even on the desktop, it's a horrible experience now. There's a floating user box on the right that takes up a large chunk of width (hey, idiots: I made my browser window this wide because I want to see text this wide, not because I want a quarter to be a pointless empty side bar) and on the front page you can't actually get to that box (you know, the one with messages in it) unless you scroll right to be bottom, because some idiot made it move with the page, rather than scrolling sensibly.

Re:Slashdot is broken

[coofercat]

Turn off your ad-blocker, then you'll see the true horror that is the New Slashdot. Honestly, sans-ad-blocker, it's so terrible it qualifies as "one of those sites that you occasionally hit on google results but you never actually read because the next result in the list doesn't have all the crap on it so is preferable".

If I hadn't been reading slashdot for years, I probably wouldn't start now :-(

Re:Slashdot is broken

[DontBeAMoran]

If you think that's bad:
- I need to zoom once because the default text size is too small.
- I don't have a widescreen monitor

Result: I have 780 pixels for the comments and 430 pixels of useless blank space on the right.

Re:Slashdot is broken

[stealth_finger]

The worst part is if you try to scoll past the ads at the top too fast. They're like WTF and chase you down the page so you have to scroll past all slow and sneaky like so they think you looked at them.

Re:Slashdot is broken

[Nidi62]

My favorite was the one banner ad that would actually move your cursor out of the comment box while you typed, making it impossible to type more than a character or 2 at a time. Oh, yeah, and that damn tikka masala that took up half the page, scrolled, and you couldn't make go away. And every now and then on my work laptop, when using a mouse, Slashdot won't scroll when using the scroll wheel. Any other website works, just slashdot. They have ads that literally break their website and they don't care.

Re:Slashdot is broken

[AmiMoJo]

Speaking of ad-blocking, try the following uBlock rule (may also work in AdBlock Plus, not tested):

slashdot.org###stackcommerce-adwrap

That gets rid of the stuff below the summary. Can't seem to fix the page width though.

Whipslash, please fix subscriptions, I'm happy to pay for this just not with crappy UI destroying and annoying ads.

Re:Slashdot is broken

[skoskav]

The CSS can be overridden to get rid of the empty space. I use an extension called Stylish with these rules for Slashdot:

div#comments.a2commentwrap {
margin-left: 0;
margin-right: 0;
}

#comments {
padding-right: 0;
}

Re:PowerDVD 17 hack?

[swb]

I would think the hardware players would be almost easier to attack these days than approved desktop players.

Re:Broken encryption model...

[ledow]

I'm afraid you don't understand encryption at all.

And this *isn't* encryption of data, so much as (attempted) encryption of transit.

Any encryption method, you can openly publish the decryption method and hardware. If you can't, it's no good.

What you *CAN'T* publish are the decryption keys. If you publish these, you are an idiot. CSS, AACS, etc. and pretty much all DRM schemes mis-use transport encryption by giving you the keys too, in some convoluted fashion. They are able to revoke keys, they are able to issue keys to manufacturers, but they are giving decryption keys to you. That's the problem, not the decryption device or decryption method.

Any encryption that cannot survive a known-plaintext attack is useless in the modern era. It's as simple as that. That's not how encryption has worked since the days of the Caesar cipher - even Enigma wasn't really that vulnerable to that because working out the key-settings for a known plaintext was computationally infeasible for the time. Don't believe every line in The Imitation Game ("Heil Hitler! Turns out that's the only German you need to know to break the code!").

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key. Which you can revoke. But which millions of people share.

The reason for this is that otherwise you have to give every viewer a unique decryption key and give them unique copies of their disc, and encrypt data on-the-fly to them (because you can't store 6 billion differently-encrypted copies of the movie). And that just means that one guy has one key, and if he doesn't care about that key being later revoked, he can decrypt his own personal copy and problem solved.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

But if you have an encryption scheme where you cannot publish the algorithm, or encrypted known plain-texts, you are very much back in the 60's (e.g. "Modern ciphers such as Advanced Encryption Standard are not currently known to be susceptible to known-plaintext attacks.")

This is the disc -- NOT a compressed .mkv or .mp4

[PeeAitchPee]

This torrent appears to be the actual disc itself -- .m2ts files and BDMV\STREAM directory etc. It looks like the full 72.5 Mb/s source movie at the identical quality as the retail UHD disc, minus the DRM -- you could burn this puppy back to a UHD disc and play it on your player (assuming the player will play these UHD discs without DRM), or, more likely, use your favorite software player. Or, you could use Handbrake and compress it to the bitrate and container of your choice. But it looks like the real deal.

Met an audiophile? It'll last longer than that

[raymorris]

> This will last until people can't tell the difference between a format's video and their natural vision.

I predict it'll last much longer than that. Consider the audiophile scene. People spend hundreds, even thousands of dollars on simple cables for digital, when it can be easily proven that any non-cable will deliver bit-for-bit identical data. They insist on clearly reproducing frequencies four times as high as they can hear.

Why the pirate even bother about this?

[Eloking]

Ok, let's be clear on something. No matters how perfect your protection is, if it's on my screen, I can record it. I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

Now, to my point, why the pirate even bother to pirate this encoding? I mean, why would I pirate the BlueRay image full of ads and pointless menu when I can download a perfectly fine and cleaned .AVI with all the Subtitles/Audio integrated?

Or am I missing something?

Re:Broken encryption model...

[swillden]

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.

Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.

Which you can revoke. But which millions of people share.

Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.

Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.

Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.

At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.

the "cinephile" equivalent of audiophiles.

[DrYak]

The extra colour and dynamic range with 4k, and even more so with 8k is really nice, but to get much out of it you need a dimly lit room and a TV capable of reproducing it.
Similarly with audio you need a dedicated room and to then sit in the sweet spot while listening.

Huh... nope. 8k and 10bits colour isn't the equivalent to 200$ monster digital cables and 192kHz sample rate.

- Ears have some physiological limits due to how physics work (your ears can hear very approx in the 20-20'000Hz range. your body can also feel vibrations in the 1-100Hz. There's no receptor in a human body capable of reacting to 90kHz).
- Physics of digital signals, and a whole bunch of signal processing science (e.g.: error correction) means that in the digital world, sometime a bit is just a bit, no matter the concentration of gold and diamond powder (sic!) in the cabling it goes through.

No matter the dedicated audio room you're sitting in, you'll never be able to hear ultrasounds (directly. though ultrasounds can cause distorsions in the audible range on some equiement), and monster cables will change nothing to the SPDIF link.

The "cinephile" equivalent of an audiophile insisting on 200$ monster cables and 192kHz rates,
would be a guy who insist on movie formats that not only record Red, Green and Blue primary colours, but also infra-red and ultra violet (i.e.: insist on frequencies/wavelenghts for which the human eyes doesn't have any receptors) and on buying a $10'000 silver screen to project projecting onto which, that should also perfectly reflect x-rays, gamma rays and microwaves (completely irrelevant given what is transmitted by the light of the beamer).

No matter if the movie room is dimly lit or not, insisting on wave-lenght outside the human range (like ultra-violets) is useless, as is insisting on a screen optimized for something completely irrelevant.

The same way, no matter the dedicated listening room and it's sweet spot, a human ear lacks receptors for 96kHz sounds.