×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AACS Device Key Found

kdawson posted more than 7 years ago | from the dominoes dept.

Encryption 351

henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

351 comments

Will they actually do it? (5, Interesting)

LiquidCoooled (634315) | more than 7 years ago | (#18137528)

Will they actually do it?

Will they actually revoke these software players from all new disks?
Its time for them to put their money where their mouth is and actually block access to these broken players.

If they allow it to continue, all their movies will be piratable (insert oh noes! here).

I wonder how pissed off people will be if they can't play their new movies?

Re:Will they actually do it? (5, Interesting)

ijakings (982830) | more than 7 years ago | (#18137544)

Of course they will. Remember who we are dealing with here. These people take old pensioners and small children to court over the flimsiest of evidence... they dont have much of a Public image left to lose.

Re:Will they actually do it? (1, Funny)

dangitman (862676) | more than 7 years ago | (#18137896)

Remember who we are dealing with here. These people take old pensioners and small children to court over the flimsiest of evidence... they dont have much of a Public image left to lose.

But if you don't buy enough of their product, the Merch turns into the Flash Reaper, and goes from house to house collecting torsos.

On the other hand, if you do buy their product, then the Merch imparts some keen insight, and somebody's father gets fucked.

Don't you want somebody's father to get fucked? Do you really want your torso to be collected by the Flesh Reaper?

Fortunately, it's still in infancy :) (5, Insightful)

alisson (1040324) | more than 7 years ago | (#18138254)

I know that personally, I refuse to upgrade anything for Blu-Ray or HD-DVD. Even if it weren't for the content 'protection,' what's the real point? Sure, it's nice to put more per disc for PS3 or XB360, but should that really determine the format of movies, or music? The 'truth' that the xxAAs don't understand is that physical medium are on the way out.

So, of course; don't buy them. Tell your friends not to buy the, and spread the word. If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience. Most often they like whet their friends have, they like what they already have, and sometimes? They just follow the pr0n industry (uh oh, did i just predict the HD-DVD?) THe point being, this one is easy to 'nip in the bud.'

Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.

Re:Fortunately, it's still in infancy :) (1, Funny)

dangitman (862676) | more than 7 years ago | (#18138298)

So, of course; don't buy them. Tell your friends not to buy the, and spread the word.

But then the Merch will turn into the Flesh Reaper and start collecting torsos!

If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience.

What the hell? Minidisc absolutely sucks. It's not a good example of a quality product.

Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.

Sigh. Didn't I already mention the torsos?

Re:Fortunately, it's still in infancy :) (1)

alisson (1040324) | more than 7 years ago | (#18138480)

But then the Merch will turn into the Flesh Reaper and start collecting torsos!
Well who's torsos are we talking about here? I mean, is it my torso? Or perhaps Condoleeza Rice's torso? It really makes a huge difference.

And as for minidiscs... I actually like them. Not the same quality as CDs, but certainly good enough for a portable player. They're much smaller than CDs, and don't skip as much.

Of course, as I write this, I'm listening to my iPod, which would answer why MDs didn't take off >_>

Re:Will they actually do it? (3, Insightful)

Sillygates (967271) | more than 7 years ago | (#18138490)

They dont care about software players, people those people can always download a new "security fix" and not even know the difference. What we need is to have the keys for the most popular hardware players to be released, after there is widespread adoption.

Re:Will they actually do it? (5, Insightful)

MightyMartian (840721) | more than 7 years ago | (#18137550)

It's a ludicrous game, and the industry has been told that over and over again by security experts. There is simply no way they're going to come up with a DRM scheme that isn't going to make life miserable for the average consumer, and still won't be cracked by someone with patience and know-how to do it. It's a colossal joke on the entertainment industry. They keep pouring money into this crap, and it just keeps getting flushed down the toilet.

Re:Will they actually do it? (3, Insightful)

statusbar (314703) | more than 7 years ago | (#18137740)

Of course there are is no technological way that DRM could be 100% effective.

Now we go one baby-step down the path where debugging tools like the ones used by these "hackers","pirates", and "anti-establishmentarians" require a license to own and use, because tools like this can apparently cause more damage to our society than an unlicensed firearm can do in a school...

From The Right To Read [gnu.org] :

Dan had had a classmate in software, Frank Martucci, who had obtained an illicit debugging tool, and used it to skip over the copyright monitor code when reading books. But he had told too many friends about it, and one of them turned him in to the SPA for a reward (students deep in debt were easily tempted into betrayal). In 2047, Frank was in prison, not for pirate reading, but for possessing a debugger.

--jeffk++

Re:Will they actually do it? (2, Insightful)

Usquebaugh (230216) | more than 7 years ago | (#18138194)

Where as licensed firearms are ok in school. "Johnny that 9mm better be licensed son or your in real trouble!"

Miserable? (0, Troll)

Frosty Piss (770223) | more than 7 years ago | (#18137794)

There is simply no way they're going to come up with a DRM scheme that isn't going to make life miserable for the average consumer

I'm not sure what you mean. I buy / rent a movie, put it in my player, and it works fine. Never had a problem. But then, I'm not trying to do something with it that I shouldn't, like copying it when the purchase agreement clearly says I'm not suppose to... Over all, every DVD I've ever used has worked as advertised. I'm not "miserable" at all...

Re:Miserable? (4, Interesting)

Anonymous Coward | more than 7 years ago | (#18137894)

My parents bought a DVD with a narrated tour of some ruins they visited on vacation outside the country in order to show their friends. It wasn't region 1, so they couldn't play it. They, like the average non-geek, had no idea about region coding, and of course didn't know that they had to look for a certain "type" of DVD.

When I explained to them why their disc wouldn't play, they were mad. When I gave them a working copy of the disc, they were happy.

Re:Miserable? (1)

smitty_one_each (243267) | more than 7 years ago | (#18137938)

You may have a point. By the time they make the hardware components cheap enough, we can have a small unit that requires only power input to function, and all of this abstract property can remain safely under the control of those with feelings of ownership.
Those who just want to watch/listen/experience can do that.
Those cursed with natural human curiosity can watch the small unit self-destruct when tampered.
But does it sell?

Re:Miserable? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18137980)

I put a DVD in the player, and most of the time the brightness keeps fading in and out. My DVD player is connected to my VCR which is connected to my TV which has only one input. Apparently somebody expects that I copy a DVD to a VHS tape and tries to prevent that by requiring the DVD player to afflict the output signal with Macrovision. I think I don't need to explain how utterly idiotic and counterproductive that is.

Re:Miserable? (4, Insightful)

Perseid (660451) | more than 7 years ago | (#18137982)

Good luck playing that DVD overseas. Good luck playing that DVD in Linux. Good luck with your new fancy disks if your player gets revoked. And all of this while the people who really ARE doing things they shouldn't are just double-clicking their unrestricted .avi file.

Re:Miserable? (5, Informative)

dangitman (862676) | more than 7 years ago | (#18138116)

But then, I'm not trying to do something with it that I shouldn't,

So, am I not "supposed" to watch my DVDs on my old TV? The macrovision protection makes the picture nearly unwatchable. The TV is very nice, and does the job well. Why should I have to throw away a perfectly good TV and buy a new one just to watch a DVD? It doesn't make any sense - if I have to buy a new TV, that's less money for me to spend on DVDs, so the copy protection would actually reduce their sales.

Likewise, have you never bought a DVD from another country? If you're not supposed to do that, then why can I buy DVDs from another country? Sure, you can get region-free DVD players, but not everybody has one - and with "RCE" protection, some titles won't even work on some region-free players. And region-free players are technically illegal in some places.

I also like to watch movies but some titles won't let me go straight to the movie, and instead force me to sit through unskippable ads and FBI warnings. I even had one disc that I bought, which made me sit through a quite long lecture about the evils of piracy, telling me how people who copy DVDs are funding terrorism and destroying the industry. Ironically, it was quite simple to make a copy of that DVD, with the anti-piracy ad removed. If they didn't have that unskippable propaganda at the beginning. If I ever get another disc with that ad, I'm going to return it as defective. I paid to watch the movie, not to be lectured by propaganda.

Re:Will they actually do it? (5, Insightful)

rsmith-mac (639075) | more than 7 years ago | (#18137554)

Yes, it's only a software player. Intervideo will work on better hiding the device key, and release a patch for all the current WinDVD8 owners whose players won't be able to play future disks. Breaking a major hardware player is a big deal, however breaking a software player is fairly trivial in the long-run as long as it can be upgraded.

Re:Will they actually do it? (5, Insightful)

LackThereof (916566) | more than 7 years ago | (#18137798)

But any update will only be a temporary fix. ANY software player will have to put their key in memory at some point while it's running, the new key will be found quickly. And the keys for almost all software players will be found.

Assuming they keep their word, and revoke the keys as they're found, software players will become nearly unusable, with patches every few weeks to update the key, attempt to obfuscate it more, and make it usable with new disks again. If they go that route, it's only a matter of time until software HD-DVD/BR players are permanently blacklisted and cease to exist. Consumers won't like that much. We'll see special cables running from new drives to new video cards, because consumers will not put up with a lack of being able to play HD discs on their computers. And the ones that bought software players will be ROYALLY pissed.

If they let it slide, or just sue the people who found the key in the memory dumps, but do not revoke software player keys there's STILL no way to put the cat back in the bag - HDDVD/BR content protection is finished.

Which way will it go?

key in memory - on some PCs yes (5, Insightful)

davidwr (791652) | more than 7 years ago | (#18137926)

Within 5-10 years, if DRM is still popular, you will need to have a dongle that does the decrypting of DRM'd materials. The dongle, in conjunction with "protection" circuitry in the video and audio channels, will provide a revocable key between the media player and the video output device.

It will work something like this:

There will be two channels of data, one from the media source to the dongle, and one from the dongle to the playback device.

The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.

The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.

The dongle will be a "black box," protected by hardware features and possibly legal protection: "Tamper with this for the purposes of understanding it and go to jail."

The dongles will be handed out like candy for little or not profit, but they will be revoked individually if any one is compromised. People concerned about privacy and tracking implications will trade dongles or simply buy them by the bucketful.

I don't know if these dongles will be USB dongles or if they will be on a faster bus or maybe even connected directly to the video playback circuitry.

Mark this post, it may prove useful in challenging future dongle patents.

Re:key in memory - on some PCs yes (4, Interesting)

Anonymous Coward | more than 7 years ago | (#18137950)

In future, patent your idea and give it to the FSF or some other fanatical anti DRM organisation. If you don't have the money to pay for the patent then I will donate (at least a large chunk) of it personally (via the FSF - make your need for money pubic, not what the patent is).

patent and publishing (1)

davidwr (791652) | more than 7 years ago | (#18138330)

What I posted was insufficient for a patent. At least it should be, if the patent examiner isn't one of the BIGNUM% who are asleep at the switch.

However, it was sufficient to show that any such device is "obvious." I literally came up with it on the spur of the moment. Patenting such an obvious patent then donating it to a patent-freedom agency would itself be an abuse of the patent system.

"Finishing" the patent would - or should - require at least one real or paper implementation. Anyone with particular knowledge about a particular media playing device and memory implementation has the knowledge to create the first path, that is, that step is "obvious" to someone with the skills. Ditto the 2nd half for someone who knows how video works.

It would take me a few hours or maybe days to gain those skills, but I'm sure a significant number of Slashdot posters have them.

Here is what IS fair game in a patent:
Particular implementations that tie a particular drive or memory system to a particular dongle, or which tie a particular dongle to a particular video system. Such a narrow patent would only protect against near-identical clones but would not protect against slightly different systems. The only real "bad" patent possibility I see is if a standard emerges and a submarine patent surfaces after it's too late to redo the standard. With new patent laws that "expose" pending applications after a period of time, this risk is much lower.

Re:key in memory - on some PCs yes (1)

vadim_t (324782) | more than 7 years ago | (#18138420)

That wouldn't work either.

At some point in the digital playback device, the data becomes cleartext. Given enough effort, that data could be extracted. Especially if it's a CRT, as AFAIK, the method used by a CRT monitor to drive the CRTs is quite simple. A LCD is probably more complicated, but it'd give you a 100% precise result.

Besides, I am fairly sure that with the right equipment you could do a decent analog recording anyway. Use a big, good quality LCD monitor with a DVI connection, and a camera pointed precisely at it. Taking the output of a BluRay movie and encoding it into a DVD quality DivX should give very watchable results.

Only thing that could be done against that is watermarks, but that's defeatable too. Have a few people dump the same movie, compare the results, and flip bits randomly where it doesn't match.

Re:Will they actually do it? (1)

Goaway (82658) | more than 7 years ago | (#18137998)

But any update will only be a temporary fix. ANY software player will have to put their key in memory at some point while it's running, the new key will be found quickly. And the keys for almost all software players will be found.

The key will have to be in memory, but there is no reason for it to be unobfuscated. Any kind of simple obfuscation will stop the kind of attack used here. Sure, somebody can start reverse engineering the code to work out the obfuscation, but that takes a lot more skill and time than what these people have spent. It cuts down the number of people who can and are willing to do the work considerably.

Re:Will they actually do it? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18138410)

But it only takes one to figure it out for us all to benefit.

Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has.
Margaret Mead

Re:Will they actually do it? (1)

gormanly (134067) | more than 7 years ago | (#18138036)

Except, of course, for Windows Media Player which already has (i) patches every few weeks or months anyway (and so its mean time between patches << the probable mean interval between key revocation and 99.99% of customers purchase of a new disc); and (ii) a mechanism for patch delivery that most users are already using and comfortable with.

I'm sure Microsoft would be very upset if 99.99% of the population's perceptions were that every other software movie disc player had issues playing some, mostly new, discs but WMP worked fine all the time. Especially after a couple of years when word of mouth had lead to no-one actually using any other movie player software (can you see Dell or HP or any other PC builder shipping a media player which incurs many, many, more support calls than if they'd just left it off?)

Both Microsoft and the big content cartels have a vested interest in ensuring that cracked keys are revoked, and for that reason it will happen.

Re:Will they actually do it? (2, Insightful)

vivaoporto (1064484) | more than 7 years ago | (#18138002)

Reverse engineering the eventual patch would be even easier than finding the key as they did, as all they would need to do is to look for the new key in the patch on in the relevant changed parts of the updated binaries.

Re:Will they actually do it? (1)

Goaway (82658) | more than 7 years ago | (#18138032)

Breaking a major hardware player is a big deal

Nope. Hardware players can be individually revoked.

Re:Will they actually do it? (5, Interesting)

Mad Marlin (96929) | more than 7 years ago | (#18138080)

Someone needs to find the key for the PlayStation 3. That will really twist Sony's panties in a knot. Must protect BluRay ... Must protect PlayStation 3 ...

Re:Will they actually do it? (1)

Wesley Felter (138342) | more than 7 years ago | (#18138202)

As the parent said, there is no such thing as THE key for the PS3. Each individual PS3 unit has a different key. Revoking one particular PS3 won't cause any collateral damage, so there's nothing stopping Sony from doing it.

Re:Will they actually do it? (1)

Anonymous Coward | more than 7 years ago | (#18138308)

It is infeasible for each individual PS3 to have an individual key. It is theoretically possible to have a different key for different manufacturing runs, but not definitely not on a per-unit basis.

Re:Will they actually do it? (2, Insightful)

vadim_t (324782) | more than 7 years ago | (#18138444)

IIRC, there's a key per player model, maybe at best per manufacturing run, not per player instance.

Making a key per player copy is infeasible. How would you do that? Basically, every disk would need to have the data encrypted with each player's key. That number would be in the millions.

Re:Will they actually do it? (1)

Above (100351) | more than 7 years ago | (#18138294)

I believe your comment is only playing the probabilities. If one software player is broken they may well revoke the key and make that player upgrade. However, if the set of players making up 95% of the software player market are all broken on a monthly basis it will become increasinly costly and inconvenient to have them all revoked each month. Are there any limits on the size of the revokation list? If it got too long, would that break the hardware players?

While breaking one or more hardware players may force the situation sooner, this may be a war of attrition.

Re:Will they actually do it? (4, Informative)

swillden (191260) | more than 7 years ago | (#18138352)

Breaking a major hardware player is a big deal, however breaking a software player is fairly trivial in the long-run as long as it can be upgraded.

Breaking a single hardware device won't be a big deal, either, since the key revocation scheme allows that single player to be revoked (not the brand, not the model, not even the factory batch -- that single, specific physical player). What would be big would be finding a way to easily extract the keys from a model, or, even better, a whole class of players. Then, the hackers could just do a player every few weeks, and the worst case for those of us who like to back up the movies we buy is that we'd have to wait a few weeks after the release before we could back it up.

The way AACS key revocation works is that there is a massive binary tree of binary trees of possible encryption keys. The "main" tree is 31 levels deep (allowing for 2^31 possible player devices) and each node has a number of "shadow" trees associated with it (specifically, nodes in layer n of the main tree have n-1 shadow trees). Each player is given a carefully selected and unique set of ~500 keys, from which it can derive an enormous number of keys -- almost every key in that big tree of trees, in fact.

The "almost" in the last sentence is important.

Assuming no players are revoked, each disk needs only have few copies of the media key[1], each encrypted with a "processing" high up in the tree. All players have keys needed to derive[2] these processing keys. When a player is revoked, the publishers carefully select a set of processing keys to use so that every player *except* the revoked player can derive the processing keys. There's a fairly simple algorithm to select such a set of keys, and the structure of the trees ensures that for any set R of revoked players, no more than 2|R| processing keys need to be used (|R| means "size of R", in case that's not obvious).

Each encrypted copy of the media key consumes 32 bytes of disk space, so, assuming a million players have been broken and revoked, each new disk will "waste" 32 MB on encrypted media keys. Given the capacity of HD-DVD and Blu-Ray disks, 32MB is a pittance, so it really is practical for publishers to revoke every key that is extracted and published -- the hard part will be finding them all.

ANY software player will have to put their key in memory at some point while it's running, the new key will be found quickly. And the keys for almost all software players will be found.

Yep, that's a seriously hard problem to solve -- especially when you consider that time and manpower are 100% on the side of the attackers. The attackers have a disadvantage in that they have to work with binary-only code, but if this goes on for long enough, I'll bet the major software players will be so thoroughly reverse engineered that this will cease to be a very meaningful disadvantage.

Large-scale DRM simply cannot work. If you give the devices to enough interested and technically skilled people, they will be broken again, and again, and again.

And, of course, if publishers *did* somehow manage to get ahead of this game, it would just mean that the hackers would keep the keys to themselves, publishing them only to small groups of trusted friends -- all of whom would be ripping movies like mad and making torrents available so that everyone else can get them.



[1] The Media Key is used to encrypt the title keys, which are used to encrypt the titles. There are generally multiple titles per disk -- usually one for the main feature, and others for each of the extras, some for bits of the animated menus, etc. I've been puzzling over exactly how many copies of the media key are required in the no-devices-revoked case, and I haven't been able to figure it out yet. An answer and explanation from someone who understands this stuff well would be appreciated.

[2] The keys given to the players are called "device keys". The players look through the descriptors in the Media Key Block (MKB), looking for one that mentions a key they either have or can derive from a key they have. Derivation is done by AES-encrypting a seed value (7B103C5DCB08C4E51A27B01799053BD9) three times, incrementing it by one each time, using the device key. The result of the first encryption is the "left" device key of the associated "shadow" tree and result of the third encryption is the "right" device key of the shadow tree and the other result is a "processing key". Generally, the processing keys used to generate the MKB block entries will be from a shadow tree, so the player might have to repeat this process multiple times, each time taking either the left or right device key as the encryption key for the next step down the tree. It continues this process until it gets to the processing key specified in the descriptor. When it has that, it uses it to decrypt the media key, then uses that to decrypt the title keys, then uses those to decrypt the title data.

Re:Will they actually do it? (1)

Neitokun (882224) | more than 7 years ago | (#18137568)

In other words, will the nightmare come true? Depends. I think we'll see a split. Some studio's will demand revocation, so won't. Hopefully, that will cause enough tension that this whole damn thing will fall apart.

Re:Will they actually do it? (0)

Anonymous Coward | more than 7 years ago | (#18137600)

Or DoS enough software players to complete kill off the media.

Go to plan B (4, Insightful)

TapeCutter (624760) | more than 7 years ago | (#18137654)

I think the time has come for to give up on encryption and move to plan B, and no they don't mean plan A + panic, they mean they will be forced to randomly post armed gaurds on customers DVD player's.

Sure it will be somewhat inconvienient and more expensive for customers, but that's the price they are choosing to pay when they turn a blind eye to piracy.

Re:Will they actually do it? (1, Informative)

Anonymous Coward | more than 7 years ago | (#18137834)

http://en.wikipedia.org/wiki/Advanced_Access_Conte nt_System [wikipedia.org]

I'd like to direct your attention to this excerpt: "This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised and published by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if the attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it. An attacker can use his/her player key to get title keys of several movies, and publish the title keys or the decrypted movies, without risk of revocation of his/her player key."

So, thank you to whoever published the device key: You're an idiot.

Re:Will they actually do it? (1)

Wesley Felter (138342) | more than 7 years ago | (#18138282)

if the attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it.

That only applies if there are many keys, which there aren't. Hackers only reverse-engineer software players, and there are only two software players. Worst-case, AACS LA could just revoke both.

Also, cracking DRM is all about revealing secrets; how could you expect the hackers to agree to some kind of "code of silence" when it comes to their work?

Re:Will they actually do it? (1)

Schraegstrichpunkt (931443) | more than 7 years ago | (#18138378)

Also, cracking DRM is all about revealing secrets; how could you expect the hackers to agree to some kind of "code of silence" when it comes to their work?

The academics won't, but the tradespeople will.

Re:Will they actually do it? (1)

thyarcher (1036802) | more than 7 years ago | (#18138044)

I hope they do revoke the keys. The cat and mouse game needs to be played, and the keys need to be cracked, and revoked again. It is the only way that the consumer that buys the revoked players can see the garbage that is the current DRM model. Once these formats are severely hindered, and possibly fail, maybe a more sane solution to the copy protection can be agreed upon.

Re:Will they actually do it? (1)

kimvette (919543) | more than 7 years ago | (#18138288)

All it takes is a few cycles of this cat-and-mouse game, and the media companies will finally realize that DRM is only wasting THEIR money in terms of licensing the broken encryption technology, the retarded (as in slow) uptake of HD-DVD and Blu-Ray, and decreased sales overall while they're trying to make their customers pay per play, or at least play per player.

Eventually they will come to their senses and ship the content DRM-free. Didn't one of the Harry Potter movies ship DRM-free (no CSS) and still sell very well?

Re:Will they actually do it? (1)

kefler (938387) | more than 7 years ago | (#18138316)

I too am really interested to see what will happen. The DRM has all these levers they can pull, but they aren't without consequences.

What really needs to happen is someone needs to get the device key of a HARDWARE player, like one of those $1000 samsung bluray players. Then I'd like to see what happens. It would only take 1 person to somehow get the key out and post it for all those players to be in danger of being revoked.

All your video are belong to us (0)

Anonymous Coward | more than 7 years ago | (#18137586)

Sincerely, J. Q. Public

Gets on my chimes! (0)

Anonymous Coward | more than 7 years ago | (#18137638)

All this stuff really gets on my chimes!

Re:All your video are belong to us (5, Funny)

sokoban (142301) | more than 7 years ago | (#18137760)

Narrator: In A.D. 2007, war was beginning.

        MPAA: What happen ?
        RIAA: Somebody set up us the bomb.
        RIAA: We get signal.
        MPAA: What !
        RIAA: Main screen turn on.
        MPAA: It's you !!
        J.Q. Public: How are you gentlemen !!
        J.Q. Public: All your video are belong to us.
        J.Q. Public: Your revenue stream are on the way to destruction.
        MPAA: What you say !!
        J.Q. Public: Your business model have no chance to survive make your time.
        J.Q. Public: Ha Ha Ha Ha ....
        RIAA: MPAA !! *
        MPAA: Take off every 'Lawyer' !!
        MPAA: You know what you doing.
        MPAA: Move 'Lawyer'.
        MPAA: For great injustice.

Introduction of hardware DRM (4, Insightful)

gilesjuk (604902) | more than 7 years ago | (#18137592)

I'm sure all this cracking of DRM by snooping memory will result in hardware protection being rolled out. Of course it woud need to be in the chipset and CPU.

Of course such restrictions would make debugging your own programs harder if it was always on.

Re:Introduction of hardware DRM (2, Interesting)

romland (192158) | more than 7 years ago | (#18137738)

In the long run this wouldn't work anyway, at least not on PC's as we know them today. For every device released on the market (be it a media player or some software that types your thoughts) you'd have to plant new DRM in your box, think it would fly with normal users? Doubtful.

The other side of the coin would be if [they] implemented an API to insert new DRM into this protected environment on your motherboard... well, there you go again, back to square one.

The only way this DRM will actually work is to release hardware only products; and not even that is 100% safe. But hey, look at Xbox360, it's standing up good against the hackers. (Yes, you can still pirate the games, but that is not due to the XBox firmware being hacked, it's the DVD players).

Re:Introduction of hardware DRM (1)

romland (192158) | more than 7 years ago | (#18137786)

s/For every device/for every DRM-infested-software/g *sigh*

But I must say I'm increasingly impressed with the people having a go at the XBox360 and the inventive ways they go about snooping pipelines and what-not. Thank [entity] MS gave them a challenge this time around :)

Cool stuff.

Re:Introduction of hardware DRM (5, Insightful)

necro2607 (771790) | more than 7 years ago | (#18137842)

"I'm sure all this cracking of DRM by snooping memory will result in hardware protection being rolled out. Of course it woud need to be in the chipset and CPU."

This is crackable anyways. The original Xbox was cracked by someone building their own data sniffer hardware installed on the system bus. No kidding. People will go to pretty much any length, including hardware modification, to break out of constricting usage limitations (aka DRM)...

what about memory encryption? (1)

vlad_petric (94134) | more than 7 years ago | (#18138318)

The CPU can encrypt memory transactions on the bus. There are several research proposals that address this issue, btw (e.g. Xom [stanford.edu] ). My point - they can continue the arms race as well.

Wrong verb tense! (2, Informative)

mrchaotica (681592) | more than 7 years ago | (#18137924)

What do you mean, "will result?" It already has resulted in hardware DRM -- if you have Vista and a machine with a TPM, it's already there!

Re:Introduction of hardware DRM (1)

Lumpy (12016) | more than 7 years ago | (#18138354)

Problem is they now know a lot more information about the keys. Now you go and grab some firmware images of the popular Panasonic and Pioneer BluRay or HD-DVD players and start digging.

crack some device keys and that will toss monkey fecies in the face of every MPAA executive pretty hard. They dont DARE revoke any keys from the expensive hardware. Pissing off your early adopters, specifically the rich ones will guarentee doom.

Not so fast...! (0, Offtopic)

bogaboga (793279) | more than 7 years ago | (#18137644)

Dudes, this is certainly good news but not so fast!

In fact let that team wait for a lawsuit...if this lawsuit does not materialize, then we can celebrate.

selling a secret to consumers... (2, Interesting)

LackThereof (916566) | more than 7 years ago | (#18137698)

This was only a matter of time.

You can't sell a product with a "secret" key inside it to tech-savvy consumers and expect it to remain secret for any extended period of time.

It just won't work. It's time for this incovenience to end (not that it will).

The hackers are moving too early... (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18137702)

They are going too soon. None of the HD formats have "taken off" yet (in any mass market sense - they are high end luxury goods).

DeCss worked because there were a good few million players out there - CSS couldn't be replaced - the critical mass numbers had been passed.

I just get the feeling that the hacker groups are just doing the media companies work for them - use them to show up all the holes then go and make some major modifications before the product goes mass market (which isn't going to be for another year or three the way things are looking at the moment).

Re:The hackers are moving too early... (3, Insightful)

ScrewMaster (602015) | more than 7 years ago | (#18137974)

That's a good point ... of course, if you make modifications of sufficient magnitude to frustrate existing decryption tools, odds are you just created a whole new set of security holes. Those will also be found. Also, like CSS before it, the technology will have to be implemented by every video hardware and software maker on the planet (well, in China anyway) and sooner or later the details will get out. Furthermore, if (and it's currently a big "if" given the childlike manner this whole media war is being played out by the likes of Sony, Microsoft and the rest) either HD-DVD or Blu-Ray actually does take off and manage to replace the DVD, they'll find themselves in the same situation they were in with CSS. Not that it matters: as the MPAA has admitted the goal is to keep the bar high enough that the vast majority of consumers have no way to bypass the DRM. There's a certain acceptance by these people that there will always be a some degree of infringement going on, they just don't want it too widespread.

Ultimately, the only real way to protect content is going to have remote-controlled content-monitoring LCD shutters surgically implanted in everyone's eyes as soon as they are old enough to enjoy TV (and these creeps would do just that if they could get away with it.) Anything else will be circumvented sooner or later, which they know perfectly well. It's also why the content companies are pushing so damned hard to export US/EU-style IP law around the world and have copyright infringement treated as a heinous crime akin to murder. Once the cops (everywhere) are accustomed to treating copyright infringers as serious criminals, the MPAA and their ilk are hoping and praying that people won't do it anymore.

I think they will be disappointed. I hope they will. There aren't enough jails to hold everyone that ever violated a copyright, or exercised fair-use rights in countries that support them.

Re:The hackers are moving too early... (0)

Anonymous Coward | more than 7 years ago | (#18138492)

OP here, ultimately I do agree with you - what the media companies are attempting to do is just straight up impossible - for us to see the content means that a fundamental flaw exists.

That being said I think that while it is impossible, it has become far more improbably since the CSS days. Not only more complex and flexible encryption schemes, but also hardware integration with displays, mean that this is a far tougher battle than it used to be. And by exposing both their methods of attack, and holes found so far, at this early stage of the war, means I think that the hacker groups are just making their job harder (if the media companies respond while they can). How much harder is up for debate.

In the long term there really only is one route, Douglas Adams always seemed to have a way of looking forward and cutting through the mist. At the hight of the P2P downloading /P2P shutdowns / beginnings of legal action he confidently predicted that in the end restrictive models of licensing simply wouldn't work and that liberal licences, coupled with micropayment solutions would (and simply had to) dominate. Low cost, high degree of freedom, large volumes of sales - all sides are happy. I know I for one wouldn't have bought half the amount of DVD's that I had over the last 6 years if I didn't know that I could back them all up to a hard disk and that I wouldn't be left with a load of worthless doorstops in 15 years time when there were no players or the disks had become warped.

Nobody other than the media firms wants DRM, and unlike the chants that have been going on here for the last 5+ years, I am actually seeing this becoming a mainstream voice now - and that is critically important - folks on here are a minority - but when the mainstream take action then the media firms have to respond, or their bottom line is knocked.

Re:The hackers are moving too early... (0)

Anonymous Coward | more than 7 years ago | (#18138068)

MOD anonymous parent UP!!!!!!!!

Okay that does it (2, Interesting)

Anonymous Coward | more than 7 years ago | (#18137778)

Would someone PLEASE explain once and for all how AACS works? How is this any different from the previously found keys?

How many keys are there? Why aren't there just one? What's the difference? IS there any difference?

Is this better than the last key uncovered? Are there more keys to uncover?

What is the final ACCS "key"? How many levels are there?

I'm not being ignorant, I'm just confused, and I'm sure I'm not alone.

Thank you.

Re:Okay that does it (1)

wolf08 (1008623) | more than 7 years ago | (#18137976)

I'm semi-ignorant as well, but, here is what I (think =P) I know:

AACS Device keys are the top level. The reason why there is still a debate is because (in theory) studios can issue a new device key, meaning that all players using the old key will be broken.

What I'm fuzzy on:

This device key... Is it specific to the player? Meaning, does a device containing AACS protection have multiple ways to unlock/decode it? It would seem so...

Re:Okay that does it (2, Informative)

Anonymous Coward | more than 7 years ago | (#18137978)

AFAIK, it goes as follows:

Each player (software or hardware) has a key, or actually a tree of keys. Some ingenious trickery is being used so that each player can have its own key, but that isn't done on software players (because it would be a pain to enforce it so each downloader gets a different key).

The disc contains title keys for various player keys. When the player wants to play a disc, it takes its player key, decrypts the disc's title key with it, and decrypts the content with the title key.

Now, two things can happen with hackers in the loop. Either the title key gets sniffed from memory, or the player key does. If the hackers get the title key, the disc can be decrypted by anyone. If the hackers get the player key, any disc that can be read by that player can also be decrypted by anyone.

The logical thing for the *AA to do once they discover that a player key has been leaked is to blacklis that player from future discs - just exclude that one player key. Because of the tree trickery, this is easier than it seems (though I'm not completely sure how it works), so they don't have to have billions of omitted keys.

So the hackers should release the (less powerful) title keys (which aren't bound to any particular players, and thus the *AA can't find out which player has been compromised), or give out player keys to software players they know can never be completely secured. In this case, it seems they've done the latter. If the *AA blacklists WinDVD 8, the hackers can just go download the update all the good consumers need to keep playing their discs, and then just coerce the new key out of it. Rinse and repeat. The only way to stop it is to have a watchman in your CPU - hardware DRM - to keep potential hackers from peeking at the player's memory.

Re:Okay that does it (5, Informative)

flooey (695860) | more than 7 years ago | (#18138212)

How many keys are there? Why aren't there just one? What's the difference? IS there any difference?

AACS uses a bunch of different keys in a hierarchical structure. Gradually, the cracks have been revealing keys higher and higher up the food chain. As I understand it, this is a bottom-up description of AACS's key structure:

At the lowest level, every piece of content is encrypted with a Title Key, which is unique to at least an individual title, possibly a particular printing of the title. The original cracks revealed the Title Keys for individual titles one at a time. These can be used to decrypt the content, but don't break the scheme, just the encryption on an individual piece of content.

The Title Key is stored on the actual media, encrypted by the Volume Unique Key, which is unique to a given title.

The Volume Unique Key is the result of a keyed hash of the Volume ID (stored on the media) and a Media Key, which is unique per title.

The Media Key used is generated by combining the Media Key Block (stored on the media) with a key unique to the decrypting device. Each device has a different key, but generates the same Media Key.

I'm not entirely sure why so many keys are used, but that's basically how the scheme works. Previous cracks were based on revealing keys that were title-specific. This one has revealed a device-specific key, which means that until the key is revoked, which would cause all future discs to no longer play on that particular player, any piece of content can be completely decrypted.

Re:Okay that does it (1)

Kjella (173770) | more than 7 years ago | (#18138460)

This key doesn't really add anything to what's already done. They could already decrypt every movie by simply sticking it in the player and extracting the key, all this does is make it possible to make a standalone tool to decrypt discs (until they revoke this key, anyway). But if you don't mind breaking the DMCA in the first place, how many would have moral problems getting a copy of WinDVD to extract the key anyway? This really is non-news.

Re:Okay that does it (5, Funny)

RealSurreal (620564) | more than 7 years ago | (#18138442)

"What is the final ACCS "key"? How many levels are there?"

It seems to go on and on forever. But then you get to the end and a gorilla starts throwing barrels at you.

Fair-use community? (0, Troll)

/dev/trash (182850) | more than 7 years ago | (#18137808)

Is that waht they call crackers and pirates these days?

Re:Fair-use community? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18137868)

If I am going to be playing a BluRay or HD-DVD movie anytime soon on my Linux box, AACS will have to be cracked first.

I don't know what is the idea behind this (2, Insightful)

vivaoporto (1064484) | more than 7 years ago | (#18137826)

If the idea is to "stick to the man", they are doing the right thing disclosing what is the player in question. But if the idea is to actually use they key, they should keep them in the dark and not to specify what player got corrupted, so the keymakers cannot revoke the key.

Re:I don't know what is the idea behind this (0)

Anonymous Coward | more than 7 years ago | (#18138084)

The device key is going to be unique to the player. Unless you keep the device key a personal secret (in which case, what's the point?), there's no way the pirates can hide where it came from, any more than InterVideo could hide what the value was in publicly-distributed binaries.

Re:I don't know what is the idea behind this (1)

DrKyle (818035) | more than 7 years ago | (#18138104)

If any exploit becomes used, won't it be fairly obvious to find what key is being used and then look it up in the big list of player keys to figure out which one it came from?

The "Man" is me. (0)

Anonymous Coward | more than 7 years ago | (#18138244)

And it's me neighbor. And his neighbor. Et al. This "Man" you so disparingly dismiss are common working folks who own shares in these companies. Our companies spend MILLIONS of dollars to develop product. We also spend millions to pay business taxes, taxes imposed by people YOU elected. We payed our taxes. While we are not owed profits, we should at least have the unfettered right to attempt it. After all, we have already payed for it. Piracy eliminates that attempt. If anything, I hope this cracker gets charged with racketeering and extortion charges, and obstruction of business.

If you disagree with this, then instruct yoour puppets in DC to eliminate all business taxes. What's the point of paying taxes if hackers are just going to destroy our business attempts.

Might be offtopic (-1, Offtopic)

HomelessInLaJolla (1026842) | more than 7 years ago | (#18137850)

When I'm voting on the firehose I look for several things:

- I usually vote down when people post enormous quotes from TFA in their summary
- I usually vote down if more than half the summary is a quote from TFA
- I usually vote down use of ""text text text"". Quote within quote style is important to programmers.
- I usually vote down if the summary is longer than two paragraphs
- I usually vote down if line breaks or quoting makes the summary look sloppy
- I usually vote down when full URL links are included as opposed to using an href
- I usually vote down if an href link covers entire sentences
- I usually vote down if the href'd words make up more than 10% of the summary text
- I usually vote down if the summary contains multiple spelling or grammar errors (c'mon peeps, I don't want to be a purist, but I value an effort for publication quality)
- I usually vote down if the summary reads like an advertisement
- I usually vote down if there does not seem to be a single main reference (ie. summaries, IMHO, are about one article and may contain auxiliary links but shouldn't read like a discussion in and of themselves)
- I usually vote down if I smell any scent of trollage

If I can pass through all of these while reading the summary I usually vote up by default. Journal entries are almost always voted up regardless of the applicability of the above criteria. I try to keep an eye on the topics to see if they match the headline and content though I've let a few slip.

Re:Might be offtopic (0)

Anonymous Coward | more than 7 years ago | (#18138284)

When I'm voting on the firehose I

      What makes you think we give a fuck, honestly?

This is great news (4, Interesting)

(H)elix1 (231155) | more than 7 years ago | (#18137864)

I've got one of those 30" dell monitors. Problem is it does not have the fancy encrypted link, so 'useless' as a blueray/hd-dvd monitor. With this stuff getting cracked, I am looking forward to VLC playing not only my stack of DVD and whatever the next generation of movies I end up buying and re-encoding.

VLC implementation (1)

StreetStealth (980200) | more than 7 years ago | (#18138374)

Yes, the sooner this finds a VLC implementation, the sooner I might actually send some money the studios' way for some HD titles. Of course, the release would have to happen in a country without a DMCA clone... Where might we find one of those? Does France's (home of VLC) DADVSI prohibit linking to, say, a Hong Kong site hosting a theoretical VLC-HD?

Holy Neverwinternight... (2, Funny)

creimer (824291) | more than 7 years ago | (#18137952)

Atari must be doing really bad after releasing NWN2 to start hacking DRM keys.

Publishing DRM exploits prematurely is dumb (1)

gd23ka (324741) | more than 7 years ago | (#18137962)

It would be far better to have them put out a lot of material first
and then make the key / exploit available. Now you can depend on
it that future titles will not be able to be decrypted with that key.

Re:Publishing DRM exploits prematurely is dumb (1)

Wesley Felter (138342) | more than 7 years ago | (#18138324)

Except these people aren't cracking AACS for your benefit. They're either doing it so they can watch movies or for publicity; in either case they have no incentive to wait.

Not if you're trying to prove a point ... (4, Insightful)

Schraegstrichpunkt (931443) | more than 7 years ago | (#18138450)

If you're trying to demonstrate that DRM is futile waste of energy, it's in your best interests to release as early as possible.

Releasing an exploit a couple of years after the technology is first released gives people the impression that the DRM was "good" for those two years. On the other hand, releasing the exploit a week later drives home the point that the copy-protection racket is selling nothing but snake oil.

sex with a tACO (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18137994)

superior to slow, On baby...don'T outreach are out how to make the milestOnes, telling Usenet posts.

whoopty doo (-1, Troll)

C32 (612993) | more than 7 years ago | (#18138000)

Such amazing skillz.. I hope people realize that

1) Finding these keys in the memory space of WinDVD is an elementary reverse-engineering operation, hardly cutting-edge "cracking".

2) This is a software player; The key will be removed from the allowed list on all future hd-dvds, and the next point release of WinDVD will contain a new key + better obfuscation and anti-debugging code.

3) Before someone says how software will always be cracked blah blah, do note that:

3a) The media piracy "scene" (movies, etc) does not traditionally attract a large number of skilled reversers, for obvious reasons.
3b) Software can infact be made extremely hard to crack; I won't bother mentioning specifics since anyone who doesn't have an idea of what I mean probably wouldn't understand the explanation anyway :p

Re:whoopty doo (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18138168)

For (3b), instead of a theoretical argument I'd be more interested if you could name ONE specific example where a company was able to embed a secret in software and keep it secure for years against major efforts trying to find it.

Re:whoopty doo (1)

Creepy Crawler (680178) | more than 7 years ago | (#18138424)

AZPR and Advanced Disc Catalog.

Both use IDEA-encrypted data segments and extensive checking that munges data structures.

No-go protections are easy. Just JMP past them. Data corruption techniques are the nastiest to crack, if you can understand the format..

Re:whoopty doo (1)

beelsebob (529313) | more than 7 years ago | (#18138180)

1) This is a method of cracking what was supposed to be one of the best encryption algorithms there is out there - it doesn't matter if it's a simple hack, it's still impressive.

2) So they key gets revoked -- now that they've got the software key for one player they can start getting the disk keys for a lot of disks, based on that they can then use these known keys to get back to the software keys of a *lot* of players.

3a) Apparently it does - that's 3 seperate people now working on cracking this one, and hey -- 1 was enough to crack CSS.

3b) Yes, yes it can -- it's important to note though that it always is crackable, and I would expect that this particular class of software will always have people trying to crack it.

Bob

Re:whoopty doo (0)

Anonymous Coward | more than 7 years ago | (#18138216)

Good call! You won't explain the 'tricky bits' because you can't, yet you site "obvious reasons" or "you wouldn't understand"

nice one, but it doesn't wash, lamer.

Now, just like DVDs... (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18138024)

HD-DVD and Blu-Ray are for the first time suddenly becoming more appealing to me, and I might buy some.

Like most of us, I never did embrace the original DVDs until the copy protection on those was broken, too. Ever since it was, I have bought plenty of them.

Ugh (4, Insightful)

Quantam (870027) | more than 7 years ago | (#18138074)

I don't think this is as good as you think it is. I'm all for breaking DRM (and was extremely pleased when they broke the AACS process key), but I think releasing a player key was a BAD idea. I'm betting the MPAA's logic in regards to this will look like one of these two:

- WinDVD is not handling its device key in a secure manner
- WinDVD cannot be trusted
- WinDVD won't be getting another player key

Or even worse:

- WinDVD did its best to protect its device key
- It's impossible to protect a device key in a program that people can reverse-engineer [true]
- We'd better not allow any software to read AACS-protected content

Although this may all be moot anyway, as they can extract future process keys with relatively little effort (though it'll be a lot more effort if hackers have to break hardware systems instead of software).

Re:Ugh (1)

hugzz (712021) | more than 7 years ago | (#18138236)

In a small, backwards and somewhat "revolutionary" feeling way, it's a good thing. If they break the DRM and force bluray/dvd to change the keys or ban the players, then the users will be inconvenienced. Although this should be a bad thing, it at least leads to the chance that consumers will rebel against DRM and DRM-free media will gain popularity

Re:Ugh (0)

Anonymous Coward | more than 7 years ago | (#18138304)

This is only bad if you work for InterVideo or own InterVideo shares. If you are a *user* of WinDVD all you have to do is to switch to an open source player that implements the crack.

Re:Ugh (2, Insightful)

Lumpy (12016) | more than 7 years ago | (#18138394)

though it'll be a lot more effort if hackers have to break hardware systems instead of softwarethough it'll be a lot more effort if hackers have to break hardware systems instead of software

here is a little secret for you. Hardware players do not exist. every HD-DVD player and Blu Ray Player is a software player. and hacking those is not any harder, just requires different tools they have to be built or bought instead of warezed off of a bittorrent site.

DRM is provably insecure (4, Insightful)

this great guy (922511) | more than 7 years ago | (#18138076)

Revocation, obfuscation, TPM chips, hardware tricks ? Whatever, DRM is provably insecure.

Care to show a proof? (1)

vlad_petric (94134) | more than 7 years ago | (#18138328)

I mean, a formal proof. You're making a pretty broad statement, after all. The fact that some DRMs were cracked doesn't necessarily mean that all of them are inherently crackable.

Re:Care to show a proof? (1)

jZnat (793348) | more than 7 years ago | (#18138484)

Not in formal proof notation, but:

Encryption is used so that A can send a message to B in such a way that C cannot intercept and read what the message is. DRM sets B := C, thus defeating the purpose of encryption. It is therefore a logical impossibility.

fair-use community? (1)

XO (250276) | more than 7 years ago | (#18138188)

While I don't at all agree with the insane forms of protection that the companies are putting on the media, Slashdot is definitely showing an editorial bias... "fair-use community"? No such thing. It's either hackers who are doing it to do it, or it's pirates.

informative CrUMCUM (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18138280)

pr0blem; 4 few
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...