Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Decryption Keys For HD-DVD Found, Confirmed

kdawson posted more than 7 years ago | from the house-of-cards dept.

Encryption 473

kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"

cancel ×

473 comments

Sorry! There are no comments related to the filter you selected.

Blu-Ray? (-1, Offtopic)

Midnight Thunder (17205) | more than 7 years ago | (#17593098)

Has the same thing been done for Blu-Ray yet? I would like to see DRM on both systems being shown as being useless.

Re:Blu-Ray? (4, Interesting)

Anonymous Coward | more than 7 years ago | (#17593328)

Who needs Blu-Ray anyway?

That format has killed itself by Sony's arrogant attitude. History has shown that locked-in, porn-shy formats always loose.

HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. For me there are two choices:

1) HD content works with my current and future hardware setup
2) No HD content for me

It's about time those media companies learn what they are producing their precious content for.

Re:Blu-Ray? (1, Offtopic)

HappySqurriel (1010623) | more than 7 years ago | (#17593888)

I really doubt that Blu-Ray is dead or has been killed, but I do think a lot of Sony's recent decisions (Root-Kit, Laptop Battery Fire, Lik-Sang Lawsuit, and PS3 Price) have made many potential consumers very angry.

Ultimately, in 24 months every HD-DVD player will play Blu-Ray movies and the 'format war' will have been a massive waste.

Re:Blu-Ray? (4, Interesting)

gnasher719 (869701) | more than 7 years ago | (#17593930)

'' HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. ''

Every time I read a rant about HDCP, I conclude that customers (and content providers as well) have not the slightest clue what HDCP does.

At some point, after all the decryption, decoding, filtering and whatever else is done, your computer must send a signal to the monitor, which the monitor then translates into an image that you can see. This signal usually comes out of the DVI connector in your computer, goes into a cable, which feeds into the monitor or TV. Our paranoid friends at the MPAA or whatever abbreviation it is are afraid that you could catch the signal coming out of the video card, and record it.

Truth is, you can't. You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk. Well, I can't and no normal consumer can. There are people who could build stuff that could do it, but those people are probably happily building graphics cards for NVidia and ATI, or building DVD players.

Still, that signal had to be encrypted. So you have a chip just before the DVI chip (or integrated into it), and another chip in your TV, and they can negotiate to decide on a key for a cipher stream, and use that cipher stream to encrypt the signal on one end and decrypt it on the other end. Which means you can't record the signal coming out of your computer and turn it into a DVD. However, this has nothing to do with DRM whatsoever. Once this encryption is turned on, it stays turned on until the computer or the monitor are turned off. So if you read slashdot after watching a DVD, everything you see on the screen has gone through encryption and decryption. Doesn't matter, because you couldn't read the signal from the cable anyway.

Where the real effort is: First, the graphics driver has to check constantly that encryption works properly. That is not to make sure you don't steal the video signal (as long as encryption is turned on, you can't, and encryption doesn't turn itself off), it is because if the video card and monitor run out of sync then you will see nothing but snow on the monitor, and that makes for a very very unhappy customer. Second, all the commands from the OS to the driver are encrypted, and status reported by the driver is encrypted as well. Otherwise, a hacker could just pretend to be the OS and tell the graphics card to turn encryption off - and that's it! No, most of the work is not the encryption, but to make sure that the OS always knows whether encryption is turned on or off. And third, a DVD can request that high resolution is only used with encryption, so if the HDCP chip isn't there, the image is scaled down to lower resolution.

All in all, the whole HDCP stuff is complete nonsense. It prevents an attack from thieves in a place where you wouldn't attack. It costs money to add and implement. It doesn't hurt you as a consumer, except that you have to pay for the damned chips. It creates work for device driver writers. It doesn't protect contents. Anyone who can record 200 MB per second from a DVI output has invested some serious money, and a little bit more money will allow you to break into a monitor and get the signal from there.

Executive summary: If you can't record a signal coming from the DVI cable, HDCP doesn't matter. If you can record a signal coming from the DVI cable, HDCP doesn't matter much either.

It does hurt the consumer (4, Insightful)

SanityInAnarchy (655584) | more than 7 years ago | (#17594152)

What about the early adopters, who bought high-end video cards without HDCP, or very nice HDTVs, also witohut HDCP? They now have to pray that somebody (Sony?) sees the light and doesn't trip the "artificially cripple old HDTVs" flag.

So, because the MPAA is afraid of an attack that isn't feasable, and may never be, they are forcing early to buy new hardware (for no good reason). I can't help but wonder if this wasn't a simple money grab -- force everyone to upgrade so they pay you twice for the same hardware.

Re:Blu-Ray? (2, Informative)

Salsaman (141471) | more than 7 years ago | (#17594174)

You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk. Well, I can't and no normal consumer can.

Sure you can: take output from computer a), feed into hdtv card on computer b), compress to mpeg2, store on disk. And btw, it is 24bit per pixel, 30 fps (non-interlaced), but the figures come out the same.

A simple answer (5, Funny)

DiamondGeezer (872237) | more than 7 years ago | (#17593104)

The Fair Use crowd has won Round One; now how will the industry respond?"

Lawyers. Lots of them.

Even simpler (2, Insightful)

Overzeetop (214511) | more than 7 years ago | (#17593148)

Revoke the key. It will happen each time.

I predict that any backlash against key revokation will be addressed by very polished newsvertisements which state that the key revocation is the result of "hacking" by the "pirates" and despite the sincere regret of the problems caused, there is nothing they can do at this point.

Re:Even simpler (3, Informative)

Wonko the Sane (25252) | more than 7 years ago | (#17593306)

If I remember correctly they can only revoke keys for future movies. All movies released when the compromised player was cracked can still be decrypted.

Re:Even simpler (2, Informative)

Philip K Dickhead (906971) | more than 7 years ago | (#17593346)

Yeah. Then you can DoS the industry, by generating a significant portion of the possible key-space, and releasing it in a crack.

Nice going!

Re:Even simpler (1)

Constantine XVI (880691) | more than 7 years ago | (#17593354)

To my knowledge, once the key for a disc has been let out, the only thing you can do is make a new key for the next run of the movie. I don't think you can have the players reject disc keys. Anyways, they would have to do a recall for everyone who had bought the movie.

Including the people that pried the key from the original

Re:Even simpler (4, Informative)

spisska (796395) | more than 7 years ago | (#17593358)

Revoke the key. It will happen each time.

Ahhh. But only the player key can be revoked, not the title key for discs already in the wild. They could use different keys on all subsequently pressed discs of the same title, but that doesn't affect the titles already cracked. And they can't expect to do a recall of cracked titles.

Or they could revoke the device key for the software player, which would mean the software player gets upgraded with a new key, and newer discs can be cracked using the exact same technique. Otherwise anyone selling software players would be faced with the massive liability of having sold something that doesn't work as advertised.

Since this technique relies on using the title and/or volume key and not the player key, it will not be so easy to fix through the device key revokation system that's a part of AACS.

Round one definitely goes to the good guys. And I don't see how it's anything but a matter of time before AACS is as completely broken as CSS is. Even with device key revokation, it's just a cat and mouse game with newer titles and newer devices. And how will the MPAA and the device manufacturers react when people who pay out the nose for players and films are no longer able to use them?

Re:Even simpler (1, Funny)

shaneh0 (624603) | more than 7 years ago | (#17594148)

Arrrhhh... Ye can revoke my device key, but ye can never revoke my FREEEEEEEDOOOMMMM

Re:Even simpler (0)

Anonymous Coward | more than 7 years ago | (#17593566)

They can't revoke the title key. They can't revoke the player key because they don't know what player was used.
They can change keys for future discs, but any discs still in the wild will decrypt just fine, and the hackers can just rinse and repeat without revealing the player key.

Re:Even simpler (2, Insightful)

Dachannien (617929) | more than 7 years ago | (#17593882)

and despite the sincere regret of the problems caused, there is nothing they can do at this point.

Except settle in a class-action lawsuit.

Re:Even simpler (2, Insightful)

iamdrscience (541136) | more than 7 years ago | (#17594018)

I think the possibility of key revocation is extremely unlikely. If the companies behind HD-DVD begin to revoke keys it will only serve to hamper the format's adoption, consumers will not stand for that. Furthermore, I would imagine that such proactive defenses against pirating might result in a class action lawsuit -- if they revoke the keys for a hardware player consumers will be pissed and they'll likely win such a case.

Who cares about existing titles? (3, Insightful)

Overzeetop (214511) | more than 7 years ago | (#17594094)

Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player. They don't want to make it impossible, they simply want to make it difficult. Having to keep a key database updated is a pain in the ass. I'd go as far as to say that they don't care about an isolated crack - they'll "fix" it and go on, with updates from time to time. This is a s/w player, not a hardware player, correct? Just require an update.

The point is that they will make this about Piracy, and that its the Pirate's fault that you have to go download an update to get your machine to work. Not their fault (Say "Not my fault" in David Spade's voice an you'll get the idea). Most consumers will believe the newsvertisement they see on ther local station that blames those evil pirates for their suffering. If it weren't for the pirates, their stuff would work. Which can easily be spun at truth - pirates cracked the system, system must be safe or poor artists children will starve, so we had to change the system - all pirates fault. Your mother would fall for that, and you know it.

Right and wrong is irrelevant - it's who takes the blame for the mess that matters, and the industry has a lot of PR money to make sure the finger points at someone else.

Re:Even simpler (2, Insightful)

Jugalator (259273) | more than 7 years ago | (#17594192)

Revoke the key. It will happen each time.

But it's volume keys leaking? Sure, they could re-encode the content and release new copies (hmm, to what estimated extra costs??) for a volume key revocation, but what use would that be when the previous version of the disc has already been decrypted and released as torrents?

Re:Even simpler (3, Informative)

DamnStupidElf (649844) | more than 7 years ago | (#17594246)

Revoke the key. It will happen each time.

Like I posted last time this crack was on slashdot, it's futile to revoke a key. Every movie released to HD-DVD before the key is revoked will still be readable with the known key, and within a few days or weeks another software key will be found to read all the newer movies. Additionally, true pirates who recover the key of a particular player are able to keep their discovery secret by not publishing the key, and they will always be able to rip new HD-DVD movies. There's no way to watermark movies based on the player key, because the entire stream must be encrypted with a single master key that the player key decrypts. There's no way for the media companies to discover which keys have been secretly compromised, even when movies are being released on the Internet.

In the best case, AACS will be fundamentally broken because of some oversight and all the player keys will be compromised, making key revocation laughable.

Re:A simple answer (1, Funny)

Anonymous Coward | more than 7 years ago | (#17593176)

Lawyers. Lots of them.


Is that a new scene of the loading program in Matrix 4 the Retaliation?

CAPTCHA: sequeal ;)

Fantasy Land (5, Funny)

gravesb (967413) | more than 7 years ago | (#17593150)

By admitting DRM is useless and treating customers like clients instead of criminals? Only in my mind, only in my mind....

Re:Fantasy Land (0, Troll)

SuperDre (982372) | more than 7 years ago | (#17593498)

It's the customer that is responsible for the reason of DRM, not the industry.. If the customer just bought it's stuff instead of copying it, then there would be no need for DRM... The industry is just trying to protect it's income like any normal thinking person would... Most people who are complaining about DRM are people who don't even buy stuff... But here we aren't talking about DRM, we are talking about a copyprotection.. You can play any HD-DVD/BR disk in any HD-DVD/BR player, so if you buy your stuff you won't have any problems..

Re:Fantasy Land (2)

Takumi2501 (728347) | more than 7 years ago | (#17593840)

It's the customer that is responsible for the reason of DRM, not the industry.. If the customer just bought it's stuff instead of copying it, then there would be no need for DRM... The industry is just trying to protect it's income like any normal thinking person would... Most people who are complaining about DRM are people who don't even buy stuff... But here we aren't talking about DRM, we are talking about a copyprotection.. You can play any HD-DVD/BR disk in any HD-DVD/BR player, so if you buy your stuff you won't have any problems..
Your objection sounds perfectly logical at first, but what if you want to make a backup copy for yourself or convert it to another format to play on something else? These are both perfectly legal and ethical, unless of course you have to deal with breaking a copy-protection scheme to do it.

Re:Fantasy Land (-1, Troll)

shaneh0 (624603) | more than 7 years ago | (#17594210)

I, too, LOATHE the people that steal content and then complain about DRM.

But, the people that don't actually buy things don't give a shit about this. They'll just wait for someone else to do the hard work, and they'll download the torrents. This harms the people that DO BUY and want to make a backup copy, or want to transfer it to their VOD library, like yours truly.

I mean, the people that download movies are more or less used to the fact that the downloads are of lower quality than the DVD. This is almost universally true. So the fact that they can't get HD content thru Pirate Bay is probably not making them cry in their cornflakes.

No, this doesn't hurt the freeloaders. It hurts the guy that spent $2200 on a TV, $600 on an HD-DVD player, and $25 per movie.

That seals it for me... (2, Funny)

chill (34294) | more than 7 years ago | (#17593160)

Between the porn industry choosing HD-DVD and now this, I know what I'm opting for when upgrading to HD movies! Sorry, Sony. I was so looking forward to having spyware installed on my PC with every BluRay disc purchased just like your music discs.

Re: Don't like Movies Much? (2, Interesting)

DumbSwede (521261) | more than 7 years ago | (#17593344)

Ermmm... Good plan except major movie studios will only release on Blu-Ray if it's DMR holds up (at least for the next couple of month). Then again maybe all you want to watch is Porn.

BTW, in yesterday's post about HD Porn and Sony not Allowing Porn on BETA, I assure you there was LOTS of porn on BETA. The adult industry may prefer HD-DVD for cost reasons, but if Blu-Ray wins, there will be Blu-Ray porn -- count on it.

The best thing might be for HD-DVD to fail, have Blu-Ray generally accepted, and THEN break the DMR Bwa-ha-ha-ha-ha

Re: Don't like Movies Much? (1)

amazon10x (737466) | more than 7 years ago | (#17593698)

Ermmm... Good plan except major movie studios will only release on Blu-Ray if it's DMR holds up (at least for the next couple of month). Then again maybe all you want to watch is Porn. BTW, in yesterday's post about HD Porn and Sony not Allowing Porn on BETA, I assure you there was LOTS of porn on BETA. The adult industry may prefer HD-DVD for cost reasons, but if Blu-Ray wins, there will be Blu-Ray porn -- count on it. The best thing might be for HD-DVD to fail, have Blu-Ray generally accepted, and THEN break the DMR Bwa-ha-ha-ha-ha
I would have assumed DMR was a typo but you typed it twice. I think the term you are looking for is DRM. It stands for Digital Right Management.

Re: Don't like Movies Much? (2, Informative)

chill (34294) | more than 7 years ago | (#17593770)

There was lots of porn on Beta, but that is because anyone could record Beta due to the nature of the tape. Anyone can NOT record BluRay. In order to get a disc mastered, you have to go thru a Sony-authorized mastering service and they've been told NO PORN.

I also feel the studios are more interested in a token attempt. The encryption, even when broken, protects against the vast majority of that type of piracy. The geek market that is capable of doing that is so small it is almost negligible. They just have to go thru the motions to make sure the rest of the public keeps thinking "this is too hard to bother with, unless you are a basement-living uber-geek with no life". The big problem is the counterfeit discs that are mass-produced.

Re:That seals it for me... (1)

pdaoust007 (258232) | more than 7 years ago | (#17593850)

These rootkit allusions are getting really old...
 
    the fact of the matter is that HD-DVD being cracked means studios will shy away from it, even more than today (BD has waaay more sudio support as it is). As far as I'm concerned this seals HD-DVD's fate. Blu-Ray will win, will be eventually cracked and we'll all be happy.

great news hd-dvd rips w/Xvid around the corner (0)

Anonymous Coward | more than 7 years ago | (#17593164)

it's a great day to be a pirate, arr...

LET YOURSELF IN! (1)

Philip K Dickhead (906971) | more than 7 years ago | (#17593372)

"The key is under the mat..."

"now how will the industry respond?" (3, Insightful)

gerf (532474) | more than 7 years ago | (#17593166)

"Hello, Doom9.com's ISP? Yes, this is Microsoft. We're auditing your sofware licenses."


"Hello, Doom9.com's registrar? You're being charged with violating the DMCA. Pretty much all of it."


"Hello, little tiny country? This is the MPAA, and as official representitives of the US government, we're asking you to hand over all people involved in this post on Doom9.com's forum. If you fail to respond, we'll enact sanctions on your country and drive you into the dark ages. Just look at North Korea for an example.

Re:"now how will the industry respond?" (2, Funny)

Anonymous Coward | more than 7 years ago | (#17593236)

"Wait, so if I don't turn these guys over, I get a one-million man army and nuclear weapons?" ...

"Sweet!"

Re:"now how will the industry respond?" (5, Informative)

MostAwesomeDude (980382) | more than 7 years ago | (#17593762)

Um, as The Pirate Bay has demonstrated already, there are three wrong with your supposition. First off, ICANN does not and will not revoke domain names at the behest of the government. As long as Doom9 has backbone (and this hasn't been their first time in this type of situation), they're not gonna crumple.

The second thing is that they might not be located in the USA. The whois dossier shows that the domain was registered by (anonymous) proxy, and it's entirely possible that he's not American. If his servers are physically located outside of the USA, then he can't be legally threatened by civil suits, and he's not subject to DMCA. (However, this is a hypothetical, and since he refuses to host DeCSS, it is my guess that he is somewhere in the USA.)

The third thing is that the website is http://www.doom9.org/ [doom9.org] , not doom9.com.

Re:"now how will the industry respond?" (0)

Anonymous Coward | more than 7 years ago | (#17593836)

"Hello USA, this is Europe. Here is a list of more tarrifs that we shall impose upon your trade" :)

http://www.amazon.co.uk/Why-Europe-Will-21st-Centu ry/dp/0007195311/sr=1-1/qid=1168715726/ref=sr_1_1/ 026-9520916-4570038?ie=UTF8&s=books [amazon.co.uk]

I recommend this book for the differences in approaches between USA and the EU with regard to the approaches to solving disputes :)

Re:"now how will the industry respond?" (5, Funny)

cdrudge (68377) | more than 7 years ago | (#17593844)

Doom9.com: "Hello Microsoft. We are a domain squatter. We have no idea what you are talking about. Besides. We run Linux."

Microsoft: "Crap. We sued the wrong company. Refile for doom9.NET"

Doom9.net: "Go fly a kite. We run Linux as well so you have no authorization to do an 'audit'. And go fuck yourself with the DMCA. US laws don't apply in England."

Microsoft: "Shit. Wait. Why the hell do we care if HD DVD are cracked. That's the MPAA's problem."

Re:"now how will the industry respond?" (1)

interval1066 (668936) | more than 7 years ago | (#17594114)

gerf said:
"Hello, little tiny country? This is the MPAA, and as official representitives of the US government, we're asking you to hand over all people involved in this post on Doom9.com's forum. If you fail to respond, we'll enact sanctions on your country and drive you into the dark ages. Just look at North Korea for an example."

The United States and the MPAA are responsible for N. Korea being in the dark ages?

Blu-Ray Rules Supreme! (3, Interesting)

RAMMS+EIN (578166) | more than 7 years ago | (#17593174)

``The Fair Use crowd has won Round One; now how will the industry respond?''

I think at least the Blu-Ray camp will switch on their intergalactic megaphones and tout how Blu-Ray was superior all along. This whole format war is childish enough for that.

Re:Blu-Ray Rules Supreme! (1)

mcknation (217793) | more than 7 years ago | (#17593260)


They use the same encryption spec don't they?
I thought I read somewhere that this would effect blu-ray as well...
?
/McK

Re:Blu-Ray Rules Supreme! (3, Insightful)

pyite (140350) | more than 7 years ago | (#17594006)

You are correct, sir. The attack vector is the same, keys being exposed in insecure memory in the decoder/player. The encryption of AACS itself is unlikely to be cracked as it's AES, and AES is very nifty and well studied. Even if the key searching approach fails, there *are* possibilities that some sort of attacks could be waged on the AES implementation which might be vulnerable. (For instance, I wrote AES for MATLAB. It's highly likely that my implementation could be exploited for various reasons, such as cache timing attacks.)

Re:Blu-Ray Rules Supreme! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17593928)

Ha! Blu-ray doesn't belong in my living room, and neither does Al Gore!

Too early to celebrate victory (1)

rumith (983060) | more than 7 years ago | (#17593212)

Does anyone know if it works under Vista? Does anyone have think it's possible to detect this stuff by signature and block execution?

We have a Winner... (3, Insightful)

dalmiroy2k (768278) | more than 7 years ago | (#17593246)

You have Pr0n, cheaper hardware and blank media than Blu-ray and now you can "backup" movies, HD-DVD will be the winner of the HD format war, at least here in Argentina, Brazil or other developing countrys where piracy reigns...

Re:We have a Winner... (0)

Anonymous Coward | more than 7 years ago | (#17593522)

Don't be so glib. There is very little penetration from either format right now, amounting to acceptable loss to anybody involved except the producers of the media themselves.

So what makes you think, if for instance Blu-Ray remains resistant to easy copying, and HD-DVD turns out to be wide open, that content producers are going to flock to it? What is going to suddenly change their mind now, after all this time, that an open media is better than a closed one they have full control over?

Dream on. For those movie studios that were on the fence or hedging their bets, the scenario of "HD-DVD open, Blu-Ray closed" is a disaster for HD-DVD. They will choose Blu-Ray despite other negatives, just for the safe haven of being able to extort every last dollar out of the sale. A secure media trivializes the cost difference in production of disk which is the most often cited decision criteria between the two media.

The best thing that could happen now is somebody cooks up an equivalent system for Blu-Ray. Which may not be possible if they were a little more awake and aware when implementing their protection layer.

Re:We have a Winner... (0)

Anonymous Coward | more than 7 years ago | (#17593948)

"There is very little penetration from either format right now"

Apparently, that's about to change. In case you missed it:
Adult Film Industry Chooses HD-DVD [slashdot.org]

Re:We have a Winner... (1)

zetsurin (993567) | more than 7 years ago | (#17593846)

Since porn is just about the most pirated subject matter on the internet I say 'moot' to that.

now... (0)

Anonymous Coward | more than 7 years ago | (#17593266)

Someone should start a list of 'safe-to-buy' HD-DVD hardware and content/media.

The crypto in HD-DVD reveals the key (3, Informative)

TechyImmigrant (175943) | more than 7 years ago | (#17593274)

I took a look at the spec for the HD-DVD encryption. The data is encrypted with AES-128 in CBC mode. The spec states clearly that the IV is a fixed constant. CBC required the IV to no only be unique, but also random. Not making it unique and random leads to a leak of key material. I assume that this is the weakness through which the keys are being extracted.

So rejoice. The HD-DVD media keys will be free.

Re:The crypto in HD-DVD reveals the key (1)

julesh (229690) | more than 7 years ago | (#17593416)

So rejoice. The HD-DVD media keys will be free.

Yes, but how much processor time will be required to free them? If this guy used a 20 node overclocked Core2 Extreme cluster with 16GB RAM per node, and it took him 8 months to get the answer, then things aren't looking great for our ability to play HDDVDs on Linux any time soon.

Re:The crypto in HD-DVD reveals the key (1)

numbski (515011) | more than 7 years ago | (#17594078)

Now wait just a second. I'm no cryptographer here, but I think you're making some presumptions that may be out of whack.

As you get more keys, wouldn't it be feasible to create a table by which to speed up the decryption process? As you get more keys, theoretically speaking you could derive the base equation used to generate the keys, thus being able to arbitrarily generate your own. So yes, it's slow now, but as more keys get cracked, more energies can be put into determining that base equation through brute force rather than into getting more keys. Of course I could be off my rocker there too.

Sounds like a job for distributed computing IMHO. :D Someone want to work up a screen saver for this?

Re:The crypto in HD-DVD reveals the key (1)

gweihir (88907) | more than 7 years ago | (#17593504)

Not making it unique and random leads to a leak of key material. I assume that this is the weakness through which the keys are being extracted.

Very, very unlikely. Far more likely is the key just being present in plain in the memory occupied by the player, Simply do triel-decryption with any 16 byte sequence in there. Easy, really and will not take long. Even if they do obfuscation, the cipher should be easy to find in memory. THen you can read out the key setup.

Re:The crypto in HD-DVD reveals the key (1)

Jugalator (259273) | more than 7 years ago | (#17594262)

Very, very unlikely. Far more likely is the key just being present in plain in the memory occupied by the player, Simply do triel-decryption with any 16 byte sequence in there. Easy, really and will not take long. Even if they do obfuscation, the cipher should be easy to find in memory. THen you can read out the key setup.


Heh, yeah, and if you read the Doom9 forum in the story about this, you'd see this is how it was done. They found the addresses of where WinDVD stored the plaintext keys.

Re:The crypto in HD-DVD reveals the key (1)

IamScared (774266) | more than 7 years ago | (#17593746)

The use of a fixed and constant initialization vector does not leaks key material, but allows a dictionary attack, specially when the first block is somewhat predictable. In this case, a dictionary attack on the AES-128 cipher is still required. A cipher leaks key material when at least one bit of the ciphertext it produces is not completely random.

Re:The crypto in HD-DVD reveals the key (1)

Kadin2048 (468275) | more than 7 years ago | (#17593880)

Isn't this how CSS was cracked eventually? The first hacks intercepted the keys from a player that stored them in a fixed location in memory, as this HD-DVD crack does, but later versions actually broke the encryption scheme without reliance on any existing code or players.

And wasn't the eventual mode of attack something related to weak initialization vectors, too? I might be confusing CSS with WEP here, but I thought that it was some poor implementation of IVs that led to a catastrophic reduction in the keyspace, allowing someone to easily brute-force the key.

Even if it was WEP and not CSS that was broken due to weak IVs, you'd think the AACS people would have learned.

Of course, given the inherent flaws in DRM, I'd have thought they've learned that they were playing Sisyphus by now, but it seems not.

DMCA (0, Troll)

MyNameIsEarl (917015) | more than 7 years ago | (#17593290)

Just by figuring this out hasn't the DMCA now been violated and soon the people who made the discovery will be violated as well in federal pound-me-in-the-ass prison.

Re:DMCA (2, Funny)

ceejayoz (567949) | more than 7 years ago | (#17593334)

Assuming they're a) in the US and b) not smart enough to cover their tracks, sure.

Re:DMCA (1)

julesh (229690) | more than 7 years ago | (#17593448)

Just by figuring this out hasn't the DMCA now been violated and soon the people who made the discovery will be violated as well in federal pound-me-in-the-ass prison.

No. Only if the method is described to somebody else. And maybe only if the description is in the form of source code that can be compiled to a program that will crack the key on a disc, that one isn't entirely clear.

Re:DMCA (1)

falconwolf (725481) | more than 7 years ago | (#17594138)

Just by figuring this out hasn't the DMCA now been violated and soon the people who made the discovery will be violated as well in federal pound-me-in-the-ass prison.

The DMCA only applies to the US, it doesn't apply to those outside the US.

Falcon

Basically the DRM-Mafia has no chance... (1)

gweihir (88907) | more than 7 years ago | (#17593348)

What they would need is to do the decryption the the LCD pixels. Even if they do it in the LCD driver chip, recording is possible and not that hard to do, considering that one un-DRMed copy on P2P will distribute really fast...

However, today software players running on general-purpose hardware are necessary. Without them, the market shrinks too much. And software players cannot be secure against the system administrator. The keys have to be stored somewhere.

What I don't understand is why anybody bothers. The trash comming out of Hollywoos is certainly not worth the effort. Maybe that is why it takes so long to break these systems at the moment....

The fair use crowd? (-1, Flamebait)

Jeremy Erwin (2054) | more than 7 years ago | (#17593390)

Not every use of a copyrighted work is fair. BackupHDDVD is just as useful to pirates.

Re:The fair use crowd? (5, Insightful)

Wonko the Sane (25252) | more than 7 years ago | (#17593442)

Not every use of a copyrighted work is fair. BackupHDDVD is just as useful to pirates.
or to people who have monitors capable of displaying full resolution HD content, but are not permitted to because of a lack of HDCP

or people who want to watch movies they bought on their mythtv system

or people who like to buy movies and watch them, but don't run windows

Re:The fair use crowd? (3, Insightful)

Opportunist (166417) | more than 7 years ago | (#17593500)

And guns are just as useful to criminals as they are to law enforcement units and law abiding people protecting their home.

Re:The fair use crowd? (2, Funny)

Lord Ender (156273) | more than 7 years ago | (#17593514)

You win the ubertroll award.

Re:The fair use crowd? (1)

pla (258480) | more than 7 years ago | (#17593722)

Not every use of a copyrighted work is fair. BackupHDDVD is just as useful to pirates.

While true, irrelevant.

It matters that you can hunt and overthrow the government with the gun, not that you can use the gun to rob a liquor store.

Well, no. Bad analogy, because knowledge of a gun doesn't equal posession. In the case of DRM, knowledge of the keys means "ding, dong, the witch is dead".

Wait!!! (4, Insightful)

sulli (195030) | more than 7 years ago | (#17593394)

Don't release the crack until after the standard is settled! Now all the studios will go Blu-Ray only.

Re:Wait!!! (1)

Cylix (55374) | more than 7 years ago | (#17593542)

That's what I was thinking...

Eager beavers are going to ruin the world!

Me, I would have sat on it until things were a little more entrenched. Granted, more then likely someone else would have cracked it and released it eventually anyway.

I wonder if we are going to see HD-DVD2 now?

Re:Wait!!! (1)

Rew190 (138940) | more than 7 years ago | (#17593582)

Why would they do that, so that they can be safe for another few months?

Let them all go with Blu-Ray, pray for it. The format war will be settled, all of the crackers will concentrate on it, it'll be cracked, then we'll be where we are today with DVDs and DRM will have lost yet another battle.

Goodbye Software players (2, Interesting)

desenz (687520) | more than 7 years ago | (#17593444)

Couldn't the industry, if it were so inclined, just stop licensing software players? I would imagine that compared to set top DVD players, the software must be a pretty small segment.

I reject my reality... (1)

Mr. BS (788514) | more than 7 years ago | (#17593468)

...and substiute it with the real deal. Although there was initial skeptisim on my , original (unbeknownst dupe) post [slashdot.org] , it looks like muslix64 is about to bring HD-DVD to it's knees. It's just really hard to take youtube vid's as evidence of a successful crack.

WTG muslix64!

pastebin /.'d (1)

TheSHAD0W (258774) | more than 7 years ago | (#17593476)

Could someone please paste the pastebin contents here?

Re:pastebin /.'d (1)

DaSilva_XiaoPuTao (1036976) | more than 7 years ago | (#17593602)

this is the pastebin

1. 2/Beavers are bad mmmmkay...Google 4TW!
2.
3. Mark Twain Intermediate School
4. Restaurant & Lounge
5. Cent
6. Celtic Designs Dover Pictorial
7. Science Online Special Feature
8. Link Building Strategies
9. Starlifter
10. Solar periodicity
11. Dawson's Creek Music Guide Decisions
12. Duncan's F
13. ways to market your small or solo business
14. WBFF
15. Olivia Quinn Food Stamp Leaver
16. Dalmations
17. CITI FM
18. Skippyslist

Re:pastebin /.'d (1, Funny)

Anonymous Coward | more than 7 years ago | (#17593658)

so obviously the key is 42.

amirite?

Re:pastebin /.'d (2, Informative)

DaSilva_XiaoPuTao (1036976) | more than 7 years ago | (#17593740)

Supposedly you google each line of this, and the first result will have a 3 digit number in the title, which you convert to hex, and the result is the hash key

The response will be the dumping of HDDVD. (5, Insightful)

Opportunist (166417) | more than 7 years ago | (#17593556)

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

The point is to create as much damage as possible, so the industry learns that the only one hurt by DRM are they themselves. Revoked keys mean more work, more expense, more hassle and dissatisfied customers who have to jump the hoops. This will in turn create more awareness for DRM and the problems it creates.

We have to teach the studios that DRM is a failure. That it only generates hassle and problems for their paying customer and is no barriere or even a deterrent for the pirates. For this, the customer has to be the one hurt, too. Learn the easy or the hard way, learn about DRM by investigating or by having your tools stop working.

Yes, that's not the usual gentle way of teaching. But appearantly some people don't learn 'fore it starts to hurt.

Correction (1)

kopo (890010) | more than 7 years ago | (#17593826)

if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.
if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to deny consumers their rights.

Re:The response will be the dumping of HDDVD. (3, Insightful)

Iphtashu Fitz (263795) | more than 7 years ago | (#17594044)

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

Except for the fact that HD-DVD is cheaper for the consumer, and also has the backing of the porn industry since Sony is prohibiting porn on Blu-Ray. So consumers will continue to buy HD-DVD players to watch their porn in HD and Blu-Ray usage will continue to flounder. Sales of mainstream titles on Blu-Ray will do poorly and the movie studios won't make any money. They'll either have to offer titles on HD-DVD or give up on HD sales altogether. On top of that, it's only a matter of time before Blu-Ray protection is cracked as well. IIRC, the Blu-Ray encryption is similar to HD-DVE encryption, so it shouldn't be all that difficult.

This is how they will respond... (0, Redundant)

rucs_hack (784150) | more than 7 years ago | (#17593578)

The Lawyers
Man them...

Industry response? (4, Interesting)

Anonymous Brave Guy (457657) | more than 7 years ago | (#17593604)

The Fair Use crowd has won Round One; now how will the industry respond?

It will send in a few lawyers. After a while, they will realise that their impact is negligible in the grand scheme of things: the DRM will continue to deter casual copying to some extent, but will continue to be impotent in preventing anyone determined to make a copy and willing to spend a little time on the 'net to find out how (or download a pre-ripped version).

Meanwhile, genuine customers will get seriously annoyed at the fact that DRM in HD-world has now moved beyond a minor inconvenience or ethical question as it was with things like DVDs, and into the realms of seriously impeding their enjoyment of the product they have legally purchased. A consumer backlash will result, with the effect that DRM becomes a "dirty word" 2-3 years from now, and distributors drop heavily-encumbered formats and go back to what works: a mostly hands-off scheme that's enough to deter casual copying by schoolkids but nothing that risks seriously impacting the marketability of their merchandise.

On the same sort of time scales, on-line distribution will reach a critical mass, and the movie distributors will adopt a second, parallel strategy where cheap, legal, unencumbered downloads are the norm. They will make their profit from on-line users through many small incomes, rather than the larger one-offs represented by (HD-)DVD purchases today. This will render illegal distribution channels mostly irrelevant, and the damage due to illegal copying will revert to being low-level noise as it mostly was before they started their current crusade anyway.

Hey, it's a new year and everyone else is making crystal ball predictions. Can't I have mine, too? :-)

Again, this is NOT a crack! (5, Insightful)

KonoWatakushi (910213) | more than 7 years ago | (#17593648)

New disks can be pressed with new keys, and the compromised software player will have it's key revoked. As such, this is not a generally useful solution. AACS remains secure, and at best, we may see individual keys available for certain pressings of certain discs. This approach will never provide general playback as DeCSS does.

However, it is my understanding that the decryption process can be done by the TPM; once this is supported, the problem will be much more difficult. Make no mistake, the battle has only just begun. Before long, software based attacks may be rendered impossible.

Re:Again, this is NOT a crack! (3, Insightful)

ScytheBlade1 (772156) | more than 7 years ago | (#17594050)

You're forgetting one, key principle here.

Only one person needs to "crack" the encryption once.

It doesn't matter, at all, that they (the "big evil guys") can revoke keys. Get one key, decrypt it, and you now have DRM free audio and video. It only takes one to fire up that BitTorrent client. Who cares if the key is revoked after that? Once you have the data, you have the data, plain and simple. All it takes is once to seed a torrent.

Put it that way, and you can tell it's not about stopping pirates. It is about stopping free usage of a media you have legally purchased through other methods, which it does perfectly.

Pirates just give them a "pubically acceptable" reason to DRM your house, down to the nails that hold it together.


You do have a good point about the TPM, though. However, seeing as nothing that I know of to date uses it, well, I for one am going to wait and see just what happens with it. It has a lot of potential, for good, and for bad...

Re:Again, this is NOT a crack! (1)

Jugalator (259273) | more than 7 years ago | (#17594122)

As such, this is not a generally useful solution.

I hope you mean that the current protection isn't a generally useful solution... right?

Because while new discs can be pressed, which pirate would be stupid enough to buy stuff from a store and trying to decrypt it, when s/he can just download the previously decrypted version from a favorite BitTorrent tracker? You know, how things mostly work today with DVD's? And while compromised players can have their keys revoked, hackers can just use another player. If hackers wish, they can also next time be more secretive about which player they're using to get the volume keys for decryption with, internally to their warez group, to significantly slow down software player bans.

What I wonder most is what will happen to the software HD-DVD player industry now...
I can seriously see the movie industry stopping to support all of them now to protect key extraction.

Re:Again, this is NOT a crack! (1)

CastrTroy (595695) | more than 7 years ago | (#17594228)

However, there is one problem, the software that people already bought will have to have an update that updates the key. It's pretty easy to get the key if you know that it's in the update file. Also, if they could get the old player key, they can get the new one. They can't just keep on giving out new player keys every week. Unless they decide to do away with software players altogether, this is effectively a crack.

Another version of serenity? (4, Funny)

Jah-Wren Ryel (80510) | more than 7 years ago | (#17593650)

Damn! I think there must be at least 3 different "scene releases" of Serenity in various flavors of high-def by now (1080i mpeg2 cropped to 16:9, 1080i mpeg2 OAR, 1080i h264 and 25fps OAR) So now there will yet another version floating around the net soon. These greedy pirates, always double-dipping or worse to try and get people to download the same movie multiple times!

/. paradise (5, Funny)

Anonymous Coward | more than 7 years ago | (#17593670)

1. Porn goes for HD-DVD
2. HD-DVD encryption is broken
3. The Pirate Bay will buy a country

Put them together and you have pirated porn in HD. Note to self: add KY Jelly and a pack of kleenex to the shopping list.

HD-DVD is worth buying (0)

AnnuitCoeptis (1049058) | more than 7 years ago | (#17593688)

After all folks, it is stunning 1920x1080 (2Mpix) video with one crazy bitrate and over 20GB of data. I thinks its finally worth buying one, especially when the quality and technology (finally) matches the price tag here.

When will tech people starting getting (4, Insightful)

zappepcs (820751) | more than 7 years ago | (#17593712)

comedy awards? This is hilarious. Spending all that money on DRM, implementing new media, only to have the encryption cracked before launch day (practically) must be like trying to nail jello to the wall using $100,000 nails. (Has Mythbusters tried nailing jello to a wall yet?)

The real question is not how they will respond, but when will they learn?

Re:When will tech people starting getting (1)

Blublu (647618) | more than 7 years ago | (#17594026)

Best analogy ever.

Re:When will tech people starting getting (1)

Jugalator (259273) | more than 7 years ago | (#17594054)

(Has Mythbusters tried nailing jello to a wall yet?)

I don't think so, but maybe they just don't want to look as stupid as some MPAA studio executives are right now.

I wonder how they'll motive their DRM budgets now?

And now also comes step 2 with DRM, the dark side of it...
That pirates will have a more easy time to deal with HD-DVD's compared to legit users than ever, much moreso than DVD's which only have region coding.

That's my favorite part with DRM protections.

Lawyers (1)

max909 (619312) | more than 7 years ago | (#17593796)

They will lawers ... and lots of lawyers :)

You can also find it here (0)

Anonymous Coward | more than 7 years ago | (#17593810)

BackupHDDVD.zip [googlepages.com]

Industry response (1)

xswl0931 (562013) | more than 7 years ago | (#17593828)

Don't be surprised if the response is to no longer allow PC software decoders for media formats.

Re:Industry response (1)

TheCoop1984 (704458) | more than 7 years ago | (#17594046)

The general populace has got so used to being able to play DVDs on their windows machines that that may be the start of the general consumer backlash against DRM (or will force the companies to develop software players anyway), at which point DRM can only become more villified

youtube demo removed (5, Interesting)

1 a bee (817783) | more than 7 years ago | (#17593852)

muslix64's youtube demo [youtube.com] linked from the original post has since been removed. Instead the page seems to claim that the content of his video is somehow owned by Warner Bros.:

This video has been removed at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission.
Sad, but funny...

Re:youtube demo removed (2, Insightful)

Jugalator (259273) | more than 7 years ago | (#17594022)

I thought short movie clips qualified as fair use without need for a copyright holder permission, and that YouTube video contained no more than that...

the lesson here... (3, Insightful)

buhatkj (712163) | more than 7 years ago | (#17593946)

is never underestimate a hardcore geek with a little equipment and a decent block of vacation time....

people have been xeroxing books for like 40 years and nobody ever made such a stink as the mpaa and riaa have. their whole thing is so wrongheaded, if they would spend all those legal fees and lawyer salaries on hiring better directors/writers/actors their profits would skyrocket. its not piracy that loses them profits, it's SHITTY PRODUCTS.

Simpsons? (1)

Jugalator (259273) | more than 7 years ago | (#17593984)

Heh, somehow tagging this article with "nelson" seems appropriate... :-p

Analog Hole (4, Insightful)

alexgieg (948359) | more than 7 years ago | (#17594036)

Even if they one day develop a perfect DRM scheme full of unbreakable secure paths, it won't be possible to avoid someone simply removing the actual LCD screen, wiring the signals instructing which pixels should turn on and off to a 3rd party device, and recording the unencrypted content in raw format.

No piracy is being stopped by these means. They're and will always be utterly useless.

Pastebin /.-ed (0)

Anonymous Coward | more than 7 years ago | (#17594042)

As the title said. So, here is the page content.

Welcome Slashdot

Pastebin is getting a little overloaded, but here is the "riddle" mentioned in the Slashdot post...

2/Reavers are bad mmmmkay...Google 4TW!

Mark Twain Intermediate School
Restaurant & Lounge
Cent
Celtic Designs Dover Pictorial
Science Online Special Feature
Link Building Strategies
Starlifter
Solar periodicity
Dawson's Creek Music Guide Decisions
Duncan's F
ways to market your small or solo business
WBFF
Olivia Quinn Food Stamp Leaver
Dalmations
CITI FM
Skippyslist

Industry response (2, Funny)

Robber Baron (112304) | more than 7 years ago | (#17594102)

now how will the industry respond?
Probably by having their politicians table legislation that outlaws mathematics.

that's no news, cos ... (1)

kirils (1050022) | more than 7 years ago | (#17594120)

everyone knows, the only key you can't crack is the key that is not.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>