'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.

The Smurfs 2?

[Kid+CUDA]

So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme.

And their first accomplishment is to release The Smurfs 2?

Re:The Smurfs 2?

[dwywit]

Here's something to think about:

Digital Cinema Packages (DCPs) work like this - you own a cinema, you have 1+n screens, meaning 1+n projectors. To screen most releases (very few are released unencrypted), you have to have a DCI-compliant system. Simply put, this means a server with a serial number, and projectors each with a serial number. Each projector has a decryption board inside (no software decryption here, it's all proprietary hardware, look up "enigma board"), with a serial number. Each film is delivered encrypted (either on HDD or downloaded), and a decryption key is delivered via email. The decryption key authorises *that* server to show *that* film via *that* projector from *this* date to *that* date.

The film (data stream) is encrypted until it hits the decryption board inside the projector. So serial numbers and decryption data have to match up all the way through the delivery system until it becomes glowing light. If you take an inspection cover off the projector, it won't do squat until a tech arrives with another key to re-authorise that machine to show films. Of course it's possible to drill and cut a hole in the metal to bypass the "cover open" switch, but that's also trivial to overcome - light-sensitive switch, perhaps, requiring a dark room to defeat. But I digress.

What part of this makes home viewing of films unworkable? IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

The system of selling discs to consumers that will only play if a BD player has an authorised matching key (that is common across brands, and is easily accessed in RAM) is not going to last much longer. The system of encryption in DCPs is orders of magnitude more difficult and complex to defeat, but I can see it coming if the copyright lobby gets its way.

Re:Physical distribution media?

[rsmith-mac]

That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.

The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.

Re:Slashdot is broken

[coofercat]

Turn off your ad-blocker, then you'll see the true horror that is the New Slashdot. Honestly, sans-ad-blocker, it's so terrible it qualifies as "one of those sites that you occasionally hit on google results but you never actually read because the next result in the list doesn't have all the crap on it so is preferable".

If I hadn't been reading slashdot for years, I probably wouldn't start now :-(

Re:Slashdot is broken

[stealth_finger]

The worst part is if you try to scoll past the ads at the top too fast. They're like WTF and chase you down the page so you have to scroll past all slow and sneaky like so they think you looked at them.

Re:Broken encryption model...

[swillden]

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.

Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.

Which you can revoke. But which millions of people share.

Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.

Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.

Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.

At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.