I'm pretty sure I "came here" for the same reason most people do, to read news. The occasional poking fun at the zealots is merely a small amusement on the side, and helps one stay sane reading this site.
Yes, when there is no actual Microsoft vulnerability available, the crafty Slashdotter can just imagine that one exists, and still get that refershing feeling of superiority!
AACS is far from "utterly destroyed". It's well equipped to deal with breaks like the ones published so far. They'll be using the technological measures too, soon enough, in addition to the legal ones. This is all going according to plan so far.
The newest version AACS (Advanced Access Content System) has basically been beat to crap as well. Just read some past/. stories.:-)
It has not. It is still working well within specifications. It is designed to take into account the fact that people will inevitably find the various keys, and has many mechanisms in place to control the damage caused by this. Those have not been circumvented.
I feel that as the DRM gets more and more complex, the prestige and economic value of cracking it goes up.
Most of these attacks are temporary, though. They can be circumvented by revoking keys and patching the software. This means that there is a need for a constant stream of cracks to keep new discs playing. Sure, the first person to crack a device key gets his share of fame, but what about the 135th person to do it three years down the road?
This is a war of attrition between hackers and content producers, and the outcome is far from certain at this stage. Barring any real vulnerabilities being discovered in the algorithms (unlikely, since this time they chose good ones), the question is merely who will tire of the game first.
Read doom9, the rest of this/. thread, http://www.freedom-to-tinker.com/?p=1122, etc. It's quite puzzling that the manufacturers haven't yet used the full AACS spec.
The freedom-to-tinker.com link, at least, does not say that NNL key trees are not being used. It says that they are not using randomized processing keys, which is another matter entirely. It is weird that they are not using it, but it has nothing to do with lacking implementations in players, but with lacking implementations of the full standard when mastering new discs.
Or they could just use the cracked device to crack a big pile of discs, and release the keys for the individual discs.
This is unworkable due to being too big an effort. It might work now that releases are few, but if one of the formats grows to the same popularity as DVDs, that plan is impossible.
Perhaps you should tell that to the people who actually made the AACS spec and included that very feature? I'm sure they'll be glad to be corrected on that matter.
Gee, volunteers mostly only do the things that are fun? I'm shocked!
No, this is obviously not shocking. However, claiming this is a better development model than that for propietary software is definitely stretching it just a bit.
Not only did I RTFA, I have been following the threads from the start.
The folks who've accomplished this already got around a decent amount of obfuscation.
There was zero obfuscation.
They are determined and obviously have some coding skills.
Some, but nobody has even touched a disassembler yet. That requires quite a bit more skill than looking at hex dumps and implementing AES from specs.
The decryption keys must inevitably be revealed to the firmware/software
You could write an alternative implementation of AES that does not use keys in the normal form, but directly uses obfuscated values. You can make sure values are kept in registers and the entire key is never present. These can be defeated, but it takes a large amount of work with a debugger and disassembler to trace and re-create the algorithms from the machine code. This is a much harder task, and the pool of people who have the skills to do it, and the willingness, shrinks quickly.
Of course there is, and any decent programmer would know this. You can modify the algorithm to directly use obfuscated values, or only ever keep parts of the key in registers and never in memory, or a combination of the two. It is not undefeatable, of course, but it requires a lot more effort to defeat than this one.
Only in theory... the manufacturers don't yet implement the full AACS spec which would allow this.
Do you have a reference for this?
Furthermore, if hardware players had completely individualized keys, then this would open up new vulnerabilities. The individualized keys would of necessity be stored in Flash or EEPROM, since the economies of scale required to manufacturer semiconductors inexpensively don't allow fabricating unique ASICs for each player.
This would, of course, help hackers narrow down the location of the hardware keys in the system.:-P
It might, but it still wouldn't help the fact that as soon as they got the keys, they would be revoked, negating the usefulness of the attack.
You "used Windows and FairPlay stripped the DRM from it to access the AVI inside"?
There are no DRM'd formats with an "AVI inside". "FairPlay" is a DRM system used by Apple. It is certainly not a thing you can use to "strip the DRM from it and access the AVI inside" anything. There used to be a tool named "FairPlay", which worked on music files and not video files, and has long since been abandoned.
So no, I do not think anybody cares that your imaginary friends are copying this imaginary file.
Apparerntly, you have not looked at the actual article, though.
Why not actually try to read the article to see how the program works?
I'm pretty sure I "came here" for the same reason most people do, to read news. The occasional poking fun at the zealots is merely a small amusement on the side, and helps one stay sane reading this site.
Yes, when there is no actual Microsoft vulnerability available, the crafty Slashdotter can just imagine that one exists, and still get that refershing feeling of superiority!
Oh no! Somebody asked something of Linux that it doesn't provide! Better silence him, quick!
but I wonder how much it affects others.
How much? Or how little?
Maybe it's you who's messed up.
AACS is far from "utterly destroyed". It's well equipped to deal with breaks like the ones published so far. They'll be using the technological measures too, soon enough, in addition to the legal ones. This is all going according to plan so far.
Blaming the user? Pshaw, Microsoft is just ripping of Linux again!
The newest version AACS (Advanced Access Content System) has basically been beat to crap as well. Just read some past /. stories. :-)
It has not. It is still working well within specifications. It is designed to take into account the fact that people will inevitably find the various keys, and has many mechanisms in place to control the damage caused by this. Those have not been circumvented.
Stop being a literal-minded nerd for a second and try to actually read the meaning of the post and not the individual words, please.
I feel that as the DRM gets more and more complex, the prestige and economic value of cracking it goes up.
Most of these attacks are temporary, though. They can be circumvented by revoking keys and patching the software. This means that there is a need for a constant stream of cracks to keep new discs playing. Sure, the first person to crack a device key gets his share of fame, but what about the 135th person to do it three years down the road?
This is a war of attrition between hackers and content producers, and the outcome is far from certain at this stage. Barring any real vulnerabilities being discovered in the algorithms (unlikely, since this time they chose good ones), the question is merely who will tire of the game first.
Read doom9, the rest of this /. thread, http://www.freedom-to-tinker.com/?p=1122, etc. It's quite puzzling that the manufacturers haven't yet used the full AACS spec.
The freedom-to-tinker.com link, at least, does not say that NNL key trees are not being used. It says that they are not using randomized processing keys, which is another matter entirely. It is weird that they are not using it, but it has nothing to do with lacking implementations in players, but with lacking implementations of the full standard when mastering new discs.
Or they could just use the cracked device to crack a big pile of discs, and release the keys for the individual discs.
This is unworkable due to being too big an effort. It might work now that releases are few, but if one of the formats grows to the same popularity as DVDs, that plan is impossible.
Please re-read my comment. Hardware players can be individually revoked. Not lines of players. Individual, single, physical players.
This is not the case. The media key block on the HD discs contains the media key, encrypted with several hundred device keys.
Perhaps before shooting your mouth off, you should actually try and read the AACS spec and see if that is true or not? Because it isn't.
Perhaps you should tell that to the people who actually made the AACS spec and included that very feature? I'm sure they'll be glad to be corrected on that matter.
Maybe this guy has re-invented radix sort? I can't really tell! I wish somebody would post and tell me!
Gee, volunteers mostly only do the things that are fun? I'm shocked!
No, this is obviously not shocking. However, claiming this is a better development model than that for propietary software is definitely stretching it just a bit.
Did you RTFA?
Not only did I RTFA, I have been following the threads from the start.
The folks who've accomplished this already got around a decent amount of obfuscation.
There was zero obfuscation.
They are determined and obviously have some coding skills.
Some, but nobody has even touched a disassembler yet. That requires quite a bit more skill than looking at hex dumps and implementing AES from specs.
The decryption keys must inevitably be revealed to the firmware/software
You could write an alternative implementation of AES that does not use keys in the normal form, but directly uses obfuscated values. You can make sure values are kept in registers and the entire key is never present. These can be defeated, but it takes a large amount of work with a debugger and disassembler to trace and re-create the algorithms from the machine code. This is a much harder task, and the pool of people who have the skills to do it, and the willingness, shrinks quickly.
Of course there is, and any decent programmer would know this. You can modify the algorithm to directly use obfuscated values, or only ever keep parts of the key in registers and never in memory, or a combination of the two. It is not undefeatable, of course, but it requires a lot more effort to defeat than this one.
Only in theory... the manufacturers don't yet implement the full AACS spec which would allow this.
:-P
Do you have a reference for this?
Furthermore, if hardware players had completely individualized keys, then this would open up new vulnerabilities. The individualized keys would of necessity be stored in Flash or EEPROM, since the economies of scale required to manufacturer semiconductors inexpensively don't allow fabricating unique ASICs for each player.
This would, of course, help hackers narrow down the location of the hardware keys in the system.
It might, but it still wouldn't help the fact that as soon as they got the keys, they would be revoked, negating the usefulness of the attack.
Please go read the actual AACS spec, or some summary of it. What I said was correct. Individual players can be revoked.
Hardware players individually, as I said.
So, what would be an appropriate response to knowing that someone has just tried to use your software illegally?
Disabling the program, and deleting nothing, like everyone else does. That wasn't a very hard question, man.
You "used Windows and FairPlay stripped the DRM from it to access the AVI inside"?
There are no DRM'd formats with an "AVI inside". "FairPlay" is a DRM system used by Apple. It is certainly not a thing you can use to "strip the DRM from it and access the AVI inside" anything. There used to be a tool named "FairPlay", which worked on music files and not video files, and has long since been abandoned.
So no, I do not think anybody cares that your imaginary friends are copying this imaginary file.
We got the "joke". It was, however, nowhere near funny.