Slashdot Mirror
Why DVD Encryption Crack was a Cinch
Devastator writes " Wired has a good article how how the DVD encryption was cracked. The DVD industry is scared speechless about the news." Its actually an interesting little summary of the situation. I wonder what it means for the DVD industry.
Since it is encryption based, my guess they used 5
bytes (40 bits) because of export restrictions. It
has been proven that 40bit keys can be broken
quickly using today's computers. It was only a
matter of time until this happened.
After using such a weak encryption method in the DVD format, the Japanese company responded by attacking the people responsible for breaking it and threatening lawsuits (good luck, since the "crackers" responsible remain anonymous).
Kind of reminds one of the revent security hole in Hotmail, where instead of admiting any responsibility, Microsoft attacked the horrible people who discovered the problem.
I think the concept of blaming the people who break security and pointing all the fingers at them is on it's way out, I believe the people who create the encryption and security methods should be held more accountable for weak security. Come on, without these "crackers" who break into things, we would still be XORing bytes and considering that the ultimate security.
Finkployd
Your argument is valid, today.
But the pace of smaller, faster, cheaper, better has show no sign of slowing. Disk space in $/Gig falls by a factor of 2 approximately every year. DVD-ROM readers will undoubtably go from 4X (or whatever) to 30X+, like CD-ROM did.
Will you arguments still be valid when it is cheap and fast (a few minutes) to copy a DVD on to a (small part of a 200 gig) hard drive?
A few years down the road at least. Fatter pipes are coming, bigger drives are here. Even with my setup I can dedicate 5 gigs pretty easy, start a download and wait a day, voila Blockbuster go boom (no, I'm not on a school LAN).
The movie industry is in serious need of a housecleaning anyway. Whoa, look 3 new crappy movies, yippee!! (repeat every week). Personally I think this is poetic justice for the music/movie industries, they screw consumers when production costs go down and prices stay the same (but promotion costs seem to keep going up, maybe to offset the quality of the product..), we screw them when price and reproduction costs both move to zero. Serves them right for making me watch COMMERCIALS when I PAY to see a movie.
They will still have the box office and sales (a permanent physical backup for critical info is always a good idea) but I see no place for the present day rental system in the next millenium.
+&x
Back when I was on the DIVX project at Zenith, (and yes, I know DIVX was *evil*) DIVX was the encryption method that was competing with the current method. The flaws of the current method were well-known to the crypto people at DIVX/Circuit City, and when they went out to sell DIVX to the "content providers", they let them know exactly what those weaknesses were. I don't fault them for not choosing DIVX, but I do fault them for putting any reliance on a known weak system.
Dog is my co-pilot.
The film industry really should do an unbiased and intelligent analysis of the impact of emerging technologies on their product, if they want to actually protect their interests in a constructive and effective manner. Some points which should be considered.
- consumers have had the capability of recording and copying movies to their hearts' content since the advent of the VCR. Videophile and audiophiles may not be happy with the quality, but as far as the average consumer is concerned the quality is "close enough" to perfect. Despite this, movie makers have been selling and renting movies like hotcakes. Being able to copy DVDs will not change this at all
- commercial pirates, for whome the "infinite perfect copy" does make a difference, could already do this by using $5,000 DVD-Rs or buying their own DVD production equipment. One analog copy, reconverted to digital format, and they could produce an infinite supply of nearly perfect DVD copies for sale on the black market. This is a problem, but one which the cracking of the pathetically week css algorithm will not significantly affect.
- high-end consumers do not like having their technology "messed with." The destruction of DAT is an example of consumers refusing to buy into crippled technology. Likewise, DVD playback which is limited to Windows, or by region, is not only an invitation to hack, but worse, creates unnecessary bad relations between the seller and the consumer.
- finally, unlike the RIAA member companies, movie studios are not parasitical entities acting as a paid go-between between artists and their customers. They provide the capital, resources, and equipment for shooting films and play a very necessary role of the art form. Contrast this to the music industry, whose contribution to the art form, beyond providing a distribution channel they happen to enjoy a monopoly on, and perhaps a place to record and master (which any technically savvy musician can do in their own home), is negligable at best and quite often destructive. This suggests that the movie studios aren't nearly as vulnerable to artists switching to an internet medium and cutting them out of the loop as the RIAA member companies are, and have a lot less to fear from open internet standards and distribution channels than their record company counterparts.
Even with copyable DVDs the film industry has little to fear. The target they should be most worried about -- the professional "industrial strength" pirates -- is the group least affected by these developments. The fear that the grassroots mp3 warez phenominon will happen with DVDs is unwarrented, not only because of bandwidth and storage limitations, but also because of a difference in consumer habits, and a fundamental difference in the relationship of the affected artists and consumers with the movie studios vs. the music industry.
The Future of Human Evolution: Autonomy
Your observation that "consumer piracy" is likely to be insignificant is very well noted.
The thing is, the commercially significant piracy that takes place under the DVD regime is likely to be, as it is now, a result of "mass piracy" on the part of folks in the "gray market."
Unfortunately, they will benefit from the cheapness of producing DVDs, and while it may become more expensive to become a "commercial DVD pirate" than it is to become a "commercial VHS pirate," that goes along with the benefits of:
If the big sellers of DVDs can maintain rigid control over the manufacturers of DVD mastering units, that might make it hard to "clone" DVDs from masters.
Unfortunately, that's liable to have the same flaws as DAT did. With DAT, there were special codes encoded into tape headers that would let the units forbid copying. That was part of why DAT never took off.
If you're not part of the solution, you're part of the precipitate.
It's hard to protect -everything-, since something has to be visible to the hardware for it to be able to start decryption. The outer layer -must- be visible, even if it's in hardware. At which point, all you need do is read the outermost key, and you get to exactly the same point these guys did.
Anything the player can see, you can see. There's nothing magical about a machine, even when it's based on a Japanese design.
The question was never "whether" DVD encryption would be busted, but when. Actually, I'm amazed it took so long.
Sooner or later, manufacturers, movie industry bosses, etc, are going to have to come to the same conclusion computer software houses did years ago. Copy protection -doesn't work-! It's a fundamentally flawed concept. There was only one scheme that even came close to working, and that was confiscated by the MOD in England, and classified. Even then, it was probably fairly easy to break. The whole concept is fundamentally flawed.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Simply speaking, copy protection schemes just don't work. If you allow access to the data to anyone for any reason, someone is going to find a crack for it. I don't care how good your copy protection scheme is.
There's one exception to this, and that's if the company goes out of business before anyone has the time or interest to hack their copy protection. i.e. DIVX.
40 bits is fairly breakable, and since key transmission is a critical problem in building crypto systems, and DVD systems often represent embedded systems, they have a few keys vulnerable to brute-force attacks.
There is no question but that DVD encryption would be quite vulnerable to brute force attacks.
It appears that the result of this "exploit" is that the decryption keys for all DVDs have been exposed as a result of them being accidentally published.
This is the sort of thing that organizations like the NSA reportedly are acutely sensitive to when they are trying to crack systems.
In order to keep such systems secure, it is absolutely necessary to be extremely careful with how critical data like encryption keys are dealt with. Apparently these keys were released to people upon whom it was not carefully enough impressed that they needed to be "billions-of-dollars-riding-on-this" worth of careful.
Oops.
If you're not part of the solution, you're part of the precipitate.
An interesting point to note is the fact that when you make a copy of a VHS tape, you lose a certain amount of quality on each copy. So if you have a "fifth-generation" copy of a movie on VHS then there will be a noticeable loss in quality. On the other hand, with DVD there is no loss of quality whatsoever even for a "hundredth-generation" copy since it is all digital. Thus a copy will be exactly the same as the original.
:wq
Without getting too deeply into the idealism of the subject, they really should have expected this.
:)
Simply speaking, copy protection schemes just don't work. If you allow access to the data to anyone for any reason, someone is going to find a crack for it. I don't care how good your copy protection scheme is. I don't care what kind of information you're trying to protect, or what kind of media it's on, be it CD, DVD, casette, diskette, whatever. Information wants to be free.
They've tried so many tricks and schemes over the years. Remember the "What is the second word on page 153 of the manual" ones? Or what about software that would only let you install it twice.
I still use numbers like 123-1234-1234567 for Micros~1 product keys even when I have the legit numbers. Always good for a chuckle.
The way they accomplished the crack was hilarious 'though. RealNetworks (or whatever subsidiary that was) must be pretty embarassed right now... forgot to encrypt their decryption key. Morons
Anthony
^X^X
Segmentation fault (core dumped)
"I think any time you expose vulnerabilities it's a good thing." -Attorney General Janet Reno
- Most disks have their video data encrypted with a random 40-bit key (called a "title key"?). Each disk has a different title key.
- 409 copies of the title key are made, each encrypted with a different manufacturer's key (also 40 bits each). Those encrypted keys are written to the disk.
- A given manufacturer, when they get their DVD license, gets one of those 40-bit manufacturer's keys and a note that says "use key number 12".
- The player looks at the disk, extracts the 12th of those 409 encrypted keys, uses its manufacturer key to decrypt it, giving it the title key. That title key is used to decrypt the video material. It ends up with the same title key as any other player would have gotten on that same disk.
- The manufacturer key would be held in ROM or encrypted in a software player of some sort. To discourage manufacturers from doing that badly, the following threat is put in the license agreement: If someone figures out your manufacturer key, you pay us a lot of money, and in addition we stop including your key in the 409 used on new disks. Now all the newest movies won't play on your player, and you go out of business.
So it's like the usual hybrid PGP scheme with multiple recipients (where a per-message random symmetric key is public-key-encrypted to each of the recipients), except CSS uses symmetric encryption everywhere, and the disks are usually encrypted to the same 409 recipients all of the time, and only a few dozen of the recipient keys are actually known by real users (players), the rest being kept in a vault for new licensees.The problem was that the encryption was really poor. There are two attacks:
- For any given disk, brute force the title key. I think this would take a day or two per movie. Then assemble a web database of some sort where you could look up the title keys for your disk.
- Once you've figured out the title key for a given movie (say, by discovering one of the manufacturer keys, doesn't matter which), look at those other 408 encrypted keys. For each one, brute-force the related manufacturer key. (because of massive flaws in the crypto, this takes about a tenth of a second for each one). Now you have 409 manufacturer keys. You don't care which one is which. Publish them all.
The latter has happened. Hundreds of keys are now public knowledge. Many of them are probably in use by big-name manufacturers (you now have the key of every player that could have played that disk, which is all of the current ones and most of the future ones). And it is practically impossible to change the keys in a useful way. They would have to drop all of the keys in use by the current players from new titles, making them unplayable on current hardware. If even one key remained from the set that are now known, the same attack could be made to get all of the new ones.Note that if they had planned for this, they could conceivably have put several keys into each player, and the response to having all of the current keys published would be to switch everything to Set 2 (instead of using FooCo's first manufacturing key on the disk, they use FooCo's second key). The current players that had multiple keys would still play new movies, but the published keys would not work. However, learning any one of the new keys (perhaps from a poorly protected software player that had multiple keys too) would allow the whole attack all over again. And brute-forcing a title key would allow the whole attack over again. The net result is that CSS is completely and utterly dead.
There is an extra layer on top of this, the authentication phase, which I don't know much about. From what I can tell it seems to be designed to keep someone from snooping the bus traffic and reading the decrypted video from there. The DVD drive will refuse to read certain sectors from the disk (the encrypted keys) until you've negotiated something with the drive. There may be more to it than that, but the technical issues have been solved for quite a while.. the necessary ioctls are already in the linux kernel.
And, as noted by others, this is independent of the copyright issues on DVD movies. CSS was a scheme to restrict use of the video data, and had the effect of preventing the development of open-source players on Linux and other platforms. Now they can be written (and mostly have been, although doing both audio and video at once is beyond the capacity of most processors).
-Brian
If they did limit the keys to 40 bits because of export restrictions, maybe this will convince businesses to help fight those restrictions.
They stand to lose a lot of money not being able to secure dvd's. And when there is money behind something, you can bet they will act.
This sig is false.
Maybe this will give Hollywood types a more realistic perspective so productions like Hackers and that MTV portrayal are more accurate in the future.
They needed a clue and got one they will definitely listen to this time.
Someone on the livid-dev mailing list pointed out that he told the author this but he said he had already decided his slant on the story and wouldn't change it. Alax Cox then responded that that was sadly typical of Wired "reporters".
It will be interesting to see what the industry can do to fix "lost" activation keys. And that probably depends on if all discovered keys are in software or hardware players...
The "except maybe for storage" is the kicker. Most people buy videotapes, DVDs and such precisely for storage. If I have the movie on DVD, I have it. You can decide not to distribute it any more, alter it, edit it, do whatever you want with it, I can still pop the disk in the player and watch what I bought no matter what. If I download it over the net when needed, I'm at your mercy. If you decide to take it down, I'm SOL.
Case in point: DIVX. It died because people didn't want to have to ask somebody else permission to watch a movie they'd already (in their opinion) bought. I suspect the same people want Internet-based video to succeed as wanted DIVX to succeed, and it'll die for the same reasons DIVX died.
Perhaps the issue isn't whether or not DVD copy protection can be cracked at all, but whether or not it's easy for MOST people to do it...
I'd say that if it were that easy to crack CSS, then perhaps it was meant to be no more effective than Macrovision... a stumbling block too big for those not interested enough in overcoming it. While it's pretty obvious that both it's now easier to crack DVDs and it's still unfeasible to copy them in massive numbers, what's not really thought of here is whether or not such a development will dictate the future effectiveness of the copy protections on DVDs.
The development of MP3+CDR is an entirely different story, as digital audio was an entrenched standard that was already effective for the music industry. On the other hand, DVD is still rather new and it's rather easy to predict that in five years it WILL be feasible to pass around cracked movies on the Net for many people. Just how many people are willing to do that is another issue entirely.
I suppose that fixed storage, recordable media, and available bandwidth will all be large enough in a few years to allow DVDs to be copied easily. Still, it will take a lot of one person's time to do extensive trading, and the availability of that kind of equipment to the general public will be limited. The interesting facts and issues of the situation are:
1. People who buy DVDs usually have all the other nice little gadgets too. Hence the current target market for DVDs will probably be enabled best to trade them illegally.
2. DVD is a premium high-quality format for an extremely popular medium, which means that unlike CDs (which would be more of a standard format) trading DVDs would be preferrable to any other kind of bootlegging.
3. The movie studios do have the option of pulling DVDs and sticking with VHS... for most releases. Or, perhaps a greater control and limited availablity on DVDs would prevent DVDs from becoming a mass-consumer product, hence eliminating the possiblity of mass-pirating.
4. On the contrary, the movie studios can make a huge push of DVD into the consumer market so that it does become a mass-consumer product, not only strengthening their margins above those of the already mass-pirated, more expensive, and lower-quality VHS, but also to eliminate the possiblity that a large part of the DVD market would pirate them. Add more to the market that won't be copying them and you minimize the copying problem. CDs currently enjoy this position, as there are many people who copy them but there's a massive amount of people who can't, don't, and won't, therefore making the CD-copying problem negligible on the bottom line.
5. Finally, the industry has time to combat the problem with a variety of solutions before copying becomes feasible. They don't have to pull off any drastic moves right now, which means that if DVD business is brisk I doubt they'll be scaling back on it anytime soon. They may switch formats (a DVD2), they might try to keep DVD-RWs and all similar DVD writable formats from becoming widespread, or they might ignore the problem altogether. It's not like what happened to the music industry, where one day the tools became available and people started ripping/encoding/copying CDs like crazy as the industry helplessly watched.
Right now, however, it's just a big embarassment for the movie industry and a new opportunity for the elite piraters. If I had the opportunity to advise the movie industry how to handle the situation, I would probably suggest that right now they should take a "good faith" position and trust the current market to not do what they pretty much could have done anyway. In the future, I'd suggest that perhaps they take either one of two paths: They start planning a format change RIGHT now for a rollout in 10 years and make the new DVD-Video format a self-standing component with closed specifications rather than a multi-component open standard, as this would prevent anyone from easily pirating movies (in other words, a DVD drive is like a standalone DVD player and you just overlay it, which shouldn't be too much to ask in 10 years) or getting any undesirable use out of the video. Or, they make DVDs an entrenched standard and a mass-market industry with even a bigger push than they are today, with the understanding that they hold the advantage of being the honest, legal, simple, and not-too-expensive solution for DVD purchasing. In other words, who cares about pirating when you're going to make gadzillions of dollars selling legit DVDs and, for most people, that's the best or only option now and for a long time. It's like if you own a candy store and little kids keep eating the candy... you can put the candy on a higher shelf, or you can put a small basket of free candy by the door. You DON'T stop selling candy (or only sell stale candy)...
DVD protection schemes hurt sales of player hardware because there are loads of hardheaded idiot consumers out there with lots of disposable income like me who'll refuse to buy any player that doesn't play everything. (I live in R1 and import R2 DVDs so my player must at least play R1 and R2 discs or I won't buy.) I bought a Pioneer 505 and not an RCA. Why? Because I could modify the Pioneer to be multi-region but could not modify the RCA. Electronics makers KNOW this and want their players sell rather than the competitors. The ONLY reason electronics makers put region coding, crypto, and macrovision into DVD hardware was so that the Hollywood movie industry would support the format. It was as simple as "No protection and we'll release no movies on your new format". So electronics makers cane up with a rudimentary "protection" scheme to appease Hollywood execs into supporting the format. Some, like Disney, wanted more restrictions (DIVX), but suffered the effects of horrific customer backlash. Anyway, the DVD format is now entrenched and too far accepted by the public for Hollywood to reneg now and abandon DVD. Now CSS encryption cracks are mysteriously leaked. Electronics makers can now sell more hardware and not have sales hindered by protection schemes. DVD-R burners and discs will get cheaper now (In 1991, 1X CDR burners were close to $10K with blank [63-min] CDRs at $20 each!]) and this whole protection scheme will become as laughable as what is now called the "bozo bit" in the Mac filesystem. (History lesson! The 'bozo bit' was once called the 'no copy' flag and was supposed to be respected by copy programs and not copy files with the bit set. Everything under the sun ignored it, including all of apple's own OS and tools, hence it's nickname of 'bozo bit')
Not true. Movie studios have always profited from making films, and have always spent whatever they felt necessary to do so.
I think we can all agree that home video has been the best thing to ever happen to the movie industry. What you might not remember is that they fought home video tooth and nail. Various movie studio executives insisted that their films would never be released to home video. Disney and Universal sued Sony for inventing the home VCR! They claimed that the very existence of home taping would destroy their studios and empty theaters. You might think this is an exageration, but just ask anyone who was involved in home video in the very early 1980s.
In spite of their best idiotic efforts, the consumer electronics industry won out and practically forced huge piles of money into the hands of the studio bosses. These idiots, had they had their way, would have smothered home video in it's cradle.
Most /. readers are too young to remember the bad old days, when seeing anything other than a current release meant waiting for it on regular TV or maybe talking an art house into showing it on the next schedule. Trust me, it sucked.
But one thing about Hollywood...once they start making money (even when they are forced to do so) they get insanely greedy. They start to expect it, and they want to make sure they squeeze every penny possible out of the suckers (us). That's how idiotic plans like DIVX get launched...and why they keep pushing Pay-Per-View. Trust me, they're not going to rest until they can get back to the original model - people paying every time they watch a movie (and, if they can pull that off, every time they listen to a song).
...and the media conglomerates are exerting all the pressure they can to make consumers believe this seems reasonable. The Supreme Court in the Sony case ruled that home taping was a privacy issue, that what a person did in the privacy of their own home with a VCR was their own business. Hollywood has been buying legislators off to get things like the Digital Millinium Copyright Act passed to pull an end-run around the Court. The act makes hacking out so-called "copy protection" a felony.
"How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
I've thought about this a lot, and I've come to the conclusion that the movie industry really has nothing to worry about from unauthorized copying. The facts, simply, are these:
A lot of manual intervention is required in the mass duplication of video tapes. Basically, you have a wall of VCRs which record at 2x normal speed. So it takes about 45 minutes to make a batch of 200 or so tapes. These machines are frequently attended by a human operator (who costs money). DVDs, on the other hand, are pressed like CDs in an entirely automated process. Thousands can be stamped out in an afternoon. The manufacturing costs for DVDs is less than one-fifth that of video tapes, a savings which, of course, is not passed on to the consumer. So, while their PR department whines shrilly about "piracy" (a term used more for its emotional overtones than its accuracy), the studio is raking in even more money than before.
The number of people who are going to A) spend hours downloading a 5 gigabyte file, and B) spend 5 gigabytes of hard disk space to store it (at a cost of $20/gig) is statistically insignificant. Yes, you'll probably have a college dormitory sharing movies over their 100Mbit LAN. This represents -- what? -- 0.001% of the total market? I'm surprised the studio's accounting department hasn't killed these anti-copying campaigns as an unbelievable waste of money.
The fact is that DVD writers are expensive and are likely to remain that way for the forseeable future. Beyond that? I think we can take a lesson from what happened to the music industry with the proliferation of CD writers and MP3 files: Those companies are as strong as they ever were, and there is no proof they are suffering financially (despite our fervent desires to the contrary).
What I find particularly puzzling is that the hardware companies haven't figured out that they're in the driver's seat. Toshiba et al could have easily told the movie industry, "No, you're not going to get encryption or regional lockouts. Because it doesn't matter. Our manufacturing process costs less than one-fifth of the one you're using now. Once your shareholders find out there's a process that will cut your costs and increase profits and product quality (and we'll make sure they do find out), they'll rake you over the coals until you adopt it. You will use our open, unencrypted platform, and you'll like it. The financial reality leaves you no choice."
The argument really is that simple.
Schwab
Editor, A1-AAA AmeriCaptions
I am disappointed that Wired emphasized the word "piracy" throughout the article. They imply that the only purpose of the CSS code could be for shady people to go against the will of the copyright owners.
This simply isn't the case. They didn't bother to print the obvious fact that blank media costs significantly more than DVD movies to begin with, making unauthorized copying a waste of time and money! (Not to mention the fact that equipment to record DVDs playable in consumer DVD players is around $15,000)
I also didn't see anyone mention that copyright law does not restrict people from making backup copies of material that they own. Even the copy protection in consumer DAT machines allows this, unlike the broken CSS scheme. (Suppose I want to make sure that the DVD movie I just bought will still work 50 years from now, even if the original gets scratched or destroyed)
They missed the most important fact of all-- as long as CSS remained secret, computer users were forced to use Microsoft Windows or Mac OS to play back DVDs. Only the release of CSS to the public will make playing back DVDs on other operating systems possible. Many people have _wanted_ to go out and buy a DVD decoder card and movies, but have not because there was no support for this hardware in Linux or their operating system of choice. Hardware drivers have become available for some DVD decoder cards, but without CSS code the drivers are relatively useless.
Now, we will not have to wait much longer to watch DVDs on our machines.