'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.

The Smurfs 2?

[Kid+CUDA]

So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme.

And their first accomplishment is to release The Smurfs 2?

Re:The Smurfs 2?

[dwywit]

Here's something to think about:

Digital Cinema Packages (DCPs) work like this - you own a cinema, you have 1+n screens, meaning 1+n projectors. To screen most releases (very few are released unencrypted), you have to have a DCI-compliant system. Simply put, this means a server with a serial number, and projectors each with a serial number. Each projector has a decryption board inside (no software decryption here, it's all proprietary hardware, look up "enigma board"), with a serial number. Each film is delivered encrypted (either on HDD or downloaded), and a decryption key is delivered via email. The decryption key authorises *that* server to show *that* film via *that* projector from *this* date to *that* date.

The film (data stream) is encrypted until it hits the decryption board inside the projector. So serial numbers and decryption data have to match up all the way through the delivery system until it becomes glowing light. If you take an inspection cover off the projector, it won't do squat until a tech arrives with another key to re-authorise that machine to show films. Of course it's possible to drill and cut a hole in the metal to bypass the "cover open" switch, but that's also trivial to overcome - light-sensitive switch, perhaps, requiring a dark room to defeat. But I digress.

What part of this makes home viewing of films unworkable? IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

The system of selling discs to consumers that will only play if a BD player has an authorised matching key (that is common across brands, and is easily accessed in RAM) is not going to last much longer. The system of encryption in DCPs is orders of magnitude more difficult and complex to defeat, but I can see it coming if the copyright lobby gets its way.

Re:The Smurfs 2?

[JaredOfEuropa]

That sounds like a decent scheme for cinemas, but for home viewing it's not going to work. Unless it is deemed acceptable that my entire bluray collection is bricked when I replace my TV, or that I have to go and obtain new keys for everything in my collection. Sounds like a lot of hassle... and here I'll repeat an age old bit of wisdom regarding cumbersome DRM: many people pirate stuff not because they don't want to pay, but because pirates offer a better product: Free of DRM and ads, often in a choice of formats and bitrates suitable for playback on a variety of devices (including offline playing), available for immediate download. With DRM you are not protecting your content effectively, but you are punishing your legitimate paying customers. Hell of a way to run a business.

Though I agree that the idea of some form of tamper proof DRM scheme for home viewing still appears to be the industry's wet dream. They really ought to take a cue from the music industry who have embraced the idea of convenience first, and in a lot of cases have agreed to do away with DRM

Re:Physical distribution media?

[rsmith-mac]

That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.

The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.

Slashdot is broken

Slashdot is broken in multiple ways.

The mobile site doesn't display at all in Firefox. The page source shows that content was served, but it's broken enough to not display anything at all. There are features of the desktop interface, like the sliders to change comment thresholds, that simply aren't usable for mobile users.

On the desktop interface, links to older stories or to show all the stories on a previous day do not work at all. Instead, the front page is served up with the most recent stories.

All of these have been broken for several hours, and there are comments about it two stories ago. If there are issues with the server, the right thing is usually to notify users that there's a problem and it's being addressed. Nothing of the sort has been posted. I can't think of any good reason to test out changes on a production site.

If you're reading this, whipslash, this is a really bad experience for your users. Of course, you've made space to cram in more ads on comment pages, so all is well, right? Perhaps you should focus on building real value to this site instead of cramming in more ads to increase revenue in the short term. If you piss off enough users, that revenue will dry up in the longer term.

Re:Slashdot is broken

[TheRaven64]

Even on the desktop, it's a horrible experience now. There's a floating user box on the right that takes up a large chunk of width (hey, idiots: I made my browser window this wide because I want to see text this wide, not because I want a quarter to be a pointless empty side bar) and on the front page you can't actually get to that box (you know, the one with messages in it) unless you scroll right to be bottom, because some idiot made it move with the page, rather than scrolling sensibly.

Re:Slashdot is broken

[coofercat]

Turn off your ad-blocker, then you'll see the true horror that is the New Slashdot. Honestly, sans-ad-blocker, it's so terrible it qualifies as "one of those sites that you occasionally hit on google results but you never actually read because the next result in the list doesn't have all the crap on it so is preferable".

If I hadn't been reading slashdot for years, I probably wouldn't start now :-(

Re:Slashdot is broken

[stealth_finger]

The worst part is if you try to scoll past the ads at the top too fast. They're like WTF and chase you down the page so you have to scroll past all slow and sneaky like so they think you looked at them.

Re:Physical distribution media?

[quenda]

Your movie has plot holes the size of the grand canyon, and you are worried about minuscule defects in the presentation?

Re:Broken encryption model...

[ledow]

I'm afraid you don't understand encryption at all.

And this *isn't* encryption of data, so much as (attempted) encryption of transit.

Any encryption method, you can openly publish the decryption method and hardware. If you can't, it's no good.

What you *CAN'T* publish are the decryption keys. If you publish these, you are an idiot. CSS, AACS, etc. and pretty much all DRM schemes mis-use transport encryption by giving you the keys too, in some convoluted fashion. They are able to revoke keys, they are able to issue keys to manufacturers, but they are giving decryption keys to you. That's the problem, not the decryption device or decryption method.

Any encryption that cannot survive a known-plaintext attack is useless in the modern era. It's as simple as that. That's not how encryption has worked since the days of the Caesar cipher - even Enigma wasn't really that vulnerable to that because working out the key-settings for a known plaintext was computationally infeasible for the time. Don't believe every line in The Imitation Game ("Heil Hitler! Turns out that's the only German you need to know to break the code!").

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key. Which you can revoke. But which millions of people share.

The reason for this is that otherwise you have to give every viewer a unique decryption key and give them unique copies of their disc, and encrypt data on-the-fly to them (because you can't store 6 billion differently-encrypted copies of the movie). And that just means that one guy has one key, and if he doesn't care about that key being later revoked, he can decrypt his own personal copy and problem solved.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

But if you have an encryption scheme where you cannot publish the algorithm, or encrypted known plain-texts, you are very much back in the 60's (e.g. "Modern ciphers such as Advanced Encryption Standard are not currently known to be susceptible to known-plaintext attacks.")

Re:Broken encryption model...

[swillden]

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.

Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.

Which you can revoke. But which millions of people share.

Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.

Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.

Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.

At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.