×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DVD Security Group Says It Has Fixed AACS Flaws

Zonk posted about 7 years ago | from the harder-boiled-egg dept.

Movies 388

SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

388 comments

i'm not so sure... (5, Insightful)

User 956 (568564) | about 7 years ago | (#18685481)

Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection.

Do they not understand, that if you can view it, you can copy it?

On the other hand, maybe they do understand, and HD-DVD/Blu-Ray 2.0 will offer only un-viewable content. Step 3, profit!

Re:i'm not so sure... (5, Insightful)

Anonymous Coward | about 7 years ago | (#18686161)

Look, they're running a business, so they're not aiming for perfection, just profit. The protection is supposed to keep your neighbor from putting a HD-DVD and a blank into a computer and getting a perfect copy half an hour later. It is not supposed to keep a group of Chinese from remastering the disc with professional equipment. The industry can deal with professional piracy in different ways because that kind of piracy has to move big numbers of copies. The industry can not come to your neighbor and check that he legally owns all his HD-DVDs, so they make it inconvenient for him to create illegal copies. There are enough keys that they can keep revoking them until kingdom come without running out of keys. Hackers can probably get the new keys after a short while, but everybody who wants to make copies has to get updated illegal circumvention software everytime the keys are changed, which is impractical if you just want to make a quick copy of a rented or borrowed disc. People in the real world value their time, so you only have to make the time cost of copying high enough to make the legal offering more attractive.

Give it time... (4, Insightful)

Anonymous Coward | about 7 years ago | (#18685489)

and it will join the ranks of every other DRM mechanism devised.

Re:Give it time... (5, Funny)

pookemon (909195) | about 7 years ago | (#18685551)

Yeah - but who wants to wait a whole day for that to happen...?

Re:Give it time... (0, Redundant)

James_Aguilar (890772) | about 7 years ago | (#18685721)

I had a little LOL at that one. I've got mod points but I'll save them, since I know you're going straight to +5 funny anyway.

Re:Give it time... (5, Insightful)

SnowZero (92219) | about 7 years ago | (#18685977)

I've got mod points but I'll save them, since I know you're going straight to +5 funny anyway.

I hope you are proud of yourself; You're what's known as a "tightmod".

Re:Give it time... (0)

Anonymous Coward | about 7 years ago | (#18685823)

With press coverage every odd numbered day about AACS keys being revoked for the 158th time, even the great grandma's of this world will know (and have reason) to hack the DRM. Stories like this one on slashdot and other media sites are screaming out to the world... "YES: YOU CAN HACK ME, PLEASE DO!".

Serious Question (3, Interesting)

Anonymous Coward | about 7 years ago | (#18685495)

"Corel has told users of its software that failure to download the free patch will disable the ability to play high-def DVDs."

Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?

Re:Serious Question (1)

der'morat'aman (1076365) | about 7 years ago | (#18685525)

I suspect that it's only related to future discs, though you never can tell with Digital Restrictions Management. I wouldn't trust it at all if I could get any legal DVD's without it.

Re:Serious Question (4, Informative)

topical_surfactant (906185) | about 7 years ago | (#18685583)

Current players will work fine until you attempt to play a new HD-DVD with the "corrected" AACS. Then your player will cease to play all HD-DVDs until such time that you update with a hot, steaming pile of DRM horse shit.

Re:Serious Question (1)

andy_t_roo (912592) | about 7 years ago | (#18685589)

The currently known keys can play all currently released disks. Any keys discovered in the future will be able to play all disks released up until that point.

Re:Serious Answer (1)

eclectro (227083) | about 7 years ago | (#18686037)

Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?

The MPAA has rented the black helicopters. They're gonna come to your house, smash in your door, and take your HD player.

We fixed it properly this time... (2, Interesting)

EmbeddedJanitor (597831) | about 7 years ago | (#18685503)

so don't even bother to try hack it. Please don't, please, please, pleaaaaaaaaaaaaaaaaaase.

They really want this to be perceived as tight to sign up content providers.

What about the other holes? (5, Informative)

Tragek (772040) | about 7 years ago | (#18685507)

"AACS is a high-profile technology and is protecting high-profile content, so we fully expect there will be future attempts," Ayers said.

How about future successes [engadget.com]?

Re:What about the other holes? (5, Interesting)

Anonymous Coward | about 7 years ago | (#18686033)

You are entirely right. The volume key hack is pretty solid. In fact, if the Microsoft HD-DVD player were to be revoked and require a firmware patch to the existing runs of drives to play new discs, it really wouldn't make any difference at all. See the thing is, now that it is understood how to bypass AACS through the volume key, AACS could in fact keep revoking keys until they're blue in the face, but the process of extracting the volume key is already known, so it makes no difference.

Also, let me point out, I haven't read the code in its' entirety yet, but if I understand correctly, the volume key crack should actually be immune to key revokation, based on my understanding of AACS, key revokation should only effect device ids and once a method of extracting a volume ID is known, the revokation mechanism just no longer matters.

Of course, I'd also like to point out what others have already said. If a program exists that can read the data and decrypt it, then it's 100% obvious that the program can be reverse engineered. This is not an opinion, it's fact. I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

bypassing hardware dongles requires that you reverse engineer the driver to the dongle, this is just plain easy, all you need to do is find a disassembler that can handle the format, or if it's a kernel mode driver, then you just use a kernel mode debugger... not an issue. when you locate where the driver is being attached to from the program itself, then you just emulate the hooks. Even the most advanced dongles are easy to hack this way.

FlexLM... well... come on... this one is just so easy it's not worth talking about

Trial Periods... they can vary... depends on how obscure people want to make the code. But for the most part, they're not that hard. For example, I found a function reference in a DLL on PcAnyware (don't remember the version) called "TimeBomb()" which returned a boolean value. Not really that hard huh?

As for HD-DVD and BluRay... if all else fails, run the player (really really slow) through an emulator like QEmu and trap all IDE calls. Log the previous 1000 instructions run before the hook and then log until the first picture comes up. Then just review the log and read the source code left in the log. Hardest part is making it pretty enough to read... but if it means that much to you... well no problem.

- So... in brief... copyprotection is just a joke... laugh at it!

Re:What about the other holes? (1)

CopaceticOpus (965603) | about 7 years ago | (#18686201)

This is exactly what I was hoping would happen. With the XBOX 360 HD-DVD player cracked, what are they supposed to do? Microsoft will throw their huge weight against any suggestion of revoking the player's keys. And if those keys did get revoked, I think they would have finally gone far enough to see a serious consumer backlash.

I'm rooting against AACS for a simple reason: I want to buy hardware, software, and media that is 100% devoted to enabling me to do as much as possible as easily as possible. I don't want to pay more to include technology that's trying to tell me what NOT to do. I hope the futility and anti-consumer nature of these restrictive practices will soon become too obvious to ignore.

Re:What about the other holes? (1)

Znork (31774) | about 7 years ago | (#18686359)

"I think they would have finally gone far enough to see a serious consumer backlash."

If you consider that the difference between SD and HD isnt that obvious to the average ordinary viewing circumstances (see the earlier article on 1080p), and if they simply display upscaled SD instead of HD content if the key is revoked, I suspect that most consumers wouldnt even notice.

Of course, as most DVDrips arent even SD quality, I'm not exactly sure how they imagine degrading to SD is going to prevent any random copying anyway.

Hmm (0)

Anonymous Coward | about 7 years ago | (#18685513)

I give it 5 minutes.

Maybe 10.

Corporate Spin (2, Insightful)

JonathanR (852748) | about 7 years ago | (#18685519)

Don't you just love the corporate spin: The AACS (Advanced Access Content System) just happens to be a mechanism to deny access to the content. The moniker certainly makes the technology appear benign to Joe Sixpack consumer.

Advanced Content Denial System (1)

Erris (531066) | about 7 years ago | (#18685559)

and other digital restrictions only available with Vista [badvista.org]. On second thought, I'll pass.

Thanks! (2, Funny)

Anonymous Coward | about 7 years ago | (#18685929)

> badvista.org

That sounds like a fantastic place to receive unbiased, neutral, well-researched information about a Microsoft product. Run by the FSF, no less! WOW!!

Re:Advanced Content Denial System (1)

Macthorpe (960048) | about 7 years ago | (#18686135)

Oh look at that! It's not 'only available in Vista', it's in every commercial HD-DVD and Blu-ray player [wikipedia.org]. It also only comes in to play if the content providers turn it on. Strangely enough, unless you buy DRM content, DRM isn't an issue. Isn't it funny how that works?

I also love how you quote a competing operating system's propaganda site as a 'reliable source'. You're getting sloppy, Twitter.

"Fixed Flaws"? (4, Insightful)

ZorbaTHut (126196) | about 7 years ago | (#18685533)

If that's "fixing the flaws", then I guess whenever I fill my gas tank I'm "inventing perpetual motion".

The flaws aren't fixed. They're just papered over slightly more aggressively. Don't worry, there'll be more flaws.

Re:"Fixed Flaws"? (1)

Duhavid (677874) | about 7 years ago | (#18685599)

That "flaw" being fixed...

How does that work for the people that purchased media that
used the keys which are now expired....

Re:"Fixed Flaws"? (1)

ZorbaTHut (126196) | about 7 years ago | (#18685639)

Well, if they already purchased it, it just works - it's not like they can modify the disc media from a distance. Those people have nothing to worry about.

The real issue is people who purchased [i]players[/i] which used the keys which are now expired. Those people must update their players. In the case of WinDVD, that means downloading an update. In the case of the XBox360 drive that will involve downloading an update. (The XBox360 key is not yet revoked, and in theory they might not revoke it.)

Re:"Fixed Flaws"? (1)

Duhavid (677874) | about 7 years ago | (#18685707)

Well, if they already purchased it, it just works - it's not like they can modify the disc media from a distance. Those people have nothing to worry about.


Until they purchase a new player and expect to play the old
media on it....

Re:"Fixed Flaws"? (4, Informative)

ZorbaTHut (126196) | about 7 years ago | (#18685735)

No, that will work fine too. They haven't changed a global key of any kind. They've just revoked the old key for new media. All the newer keys still work fine. You can conceptually think of it as all discs supporting thousands of keys, some of which are used by players and some of which simply exist for future not-yet-constructed players to use - there's plenty of possible keys left for new players to work on old discs.

When they revoke keys, they simply remove the old compromised keys from new discs, so players relying on those keys can't play anything.

Re:"Fixed Flaws"? (3, Insightful)

Duhavid (677874) | about 7 years ago | (#18685769)

Well, OK.

You learn something old every day. Well, I do anyway.

Re:"Fixed Flaws"? (5, Funny)

ZorbaTHut (126196) | about 7 years ago | (#18685781)

For a system which is fundamentally doomed to failure, AACS is pretty well-designed. :)

Re:"Fixed Flaws"? (1)

reub2000 (705806) | about 7 years ago | (#18686199)

I can see this turning into a cat and mouse game with hackers finding keys and then having the keys disabled. And of course the victim in all of this will be the person who wants to play their legitimately bought dicss when they have to constantly update the keys on their HD-DVD or Blu-Ray player. Plus, how many keys do they have before they exhaust them all?

Re:"Fixed Flaws"? (2, Interesting)

ZorbaTHut (126196) | about 7 years ago | (#18686287)

Yeah, I think that's pretty much what everyone expects (at least, everyone besides the people making DRM.)

If I'm interpreting http://forum.doom9.org/showthread.php?t=122363 [doom9.org] correctly, there would be 2^22 or 4 million possible keys available. I honestly don't see them running out anytime soon. On top of that, the AACS encryption could be extended pretty much indefinitely, and if the actual implementation is cleverly done, it may be possible to extend it without breaking any hardware players (at least, any players which aren't already revoked - if they actually start running out of keys it would have to be thanks to lots of hacked keys.) I truly don't expect this to happen - they're smart enough to be careful of this.

Re:"Fixed Flaws"? (2, Informative)

joe_adk (589355) | about 7 years ago | (#18686367)

Plus, how many keys do they have before they exhaust them all?
They probably have somewhere around 340,282,366,920,938,463,463,374,607,431,768,211,45 6 (some math type dude could prob give you a more accurate number). But I doubt that they would use every combination.

Re:"Fixed Flaws"? (1)

Anonymous McCartneyf (1037584) | about 7 years ago | (#18685719)

What happens if a disc using the revoked keys is placed in an HD-DVD player that no longer uses those revoked keys? As you noted, the disc cannot be changed from a distance. Does it turn into a coaster as far as all future HD-DVD players are concerned?
If so, I imagine less technical users of those discs & players will be extremely annoyed. Think of all the HDTVs that can't pick up hi-def signals because the standards changed. This'll feel like that again.

Re:"Fixed Flaws"? (1)

ZorbaTHut (126196) | about 7 years ago | (#18685775)

I have just answered that same question here [slashdot.org] :)

Summary, though: a disc can be decrypted by an entire set of keys (I don't know the actual count, but I suspect it's at least thousands) and they can be revoked one at a time on a disc-by-disc basis. They won't be adding new keys (since that creates the exact problem you've described), they'll just be revoking old compromised keys, and presumably they have enough keys ready that they don't believe they will run out.

security breech (5, Funny)

caitsith01 (606117) | about 7 years ago | (#18685547)

security breech

Is that like a chastity belt? Or maybe an adult diaper?

Re:security breech (2, Funny)

Penguinisto (415985) | about 7 years ago | (#18685687)

If it comes from anybody that does DRM, I sure as hell wouldn't want to put it on (I'd imagine it to be something with spikes pointing inwards, somewhere around the rectal area...)

Re:security breech (0)

Anonymous Coward | about 7 years ago | (#18685863)

Yes it is a thing that is put over the hole in the middle to prevent people from illegal copying unless it is in a trusted device.

Even more reason to have nothing to do with it (5, Interesting)

Marcion (876801) | about 7 years ago | (#18685569)

I read this bit:

"New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed."

No one gives my computer instructions but me. So I will have nothing to do with either of these formats at all. I am just gonna say no and take my business elsewhere.

DVD is quite fine, and where it doesn't then there are hard drives. Hollywood can give me movies in a format I'll accept or they can e2fsck off.

Re:Even more reason to have nothing to do with it (0, Troll)

Anonymous Coward | about 7 years ago | (#18685603)

You have the right to not watch their movies, but why do you think you have a right to pirate them?

Re:Even more reason to have nothing to do with it (1)

ThePiMan2003 (676665) | about 7 years ago | (#18685635)

Where did he say he was going to pirate them? He merely stated he did not like other people controlling his computer.

Re:Even more reason to have nothing to do with it (0)

SimonInOz (579741) | about 7 years ago | (#18685693)

>> Where did he say he was going to pirate them?

This is where
>>>> Hollywood can give me movies in a format I'll accept or they can e2fsck off.

"give" ... it costs maybe 150 million bucks to make a Hollywood movie. I see no reason why Hollywood should "give" the movie to anyone. It is, after all, a business. How would *you* make a crust if you could not charge for your services?

(Oddly, I see music as somewhat different. It doesn't actually cost an enourmous amount to make an album. A fair bit, yes - but these days AFAIK (IANAM) the music companies spend more on the video than actually paying the band. So I reckon giving away music and selling concert tickets might work very well for a band. But not a music company, EMI's experiment (good on them) not withstanding. But this can't work for movies, can it?).

But I digress. Yes, he *was* implying piracy, albeit weakly.

Re:Even more reason to have nothing to do with it (2, Informative)

timmarhy (659436) | about 7 years ago | (#18685777)

anytime you purchase a dvd they are giving you the dvd - in exchange for money. dude, seriously just give up and admit your wrong, and that you jumped the gun. he made no suggestion of piracy at all, just that he was voting for a better format with his wallet - and i agree with him and i suspect most other people do to.

Re:Even more reason to have nothing to do with it (0, Funny)

Anonymous Coward | about 7 years ago | (#18685779)

Translation: you're

a) illiterate.
b) a troll.
c) an illiterate troll.

Hope that works out for you!

Re:Even more reason to have nothing to do with it (5, Insightful)

ppanon (16583) | about 7 years ago | (#18685845)

Nah, it takes 150 Million dollars to make a Hollywood blockbuster where you spend 1/3 on whiz-bang special effects, 1/3 on salaries for "star" actors and directors, 1/4 for advertising, and the rest for actual preparation of sets and filming. You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.

And as the price of Pro HDTV cameras and computers + digital editing S/W drop, you will be able to do a pretty decent all digital-straight to video for a lot less. Sure, you'll still have substantial costs for lighting equipment, audio equipment, makeup, getting filming permits, and so on. But you won't necessarily need to spend money on film and film processing. That's going to open the door to a lot more student and amateur film-making efforts. And yeah, it will still meet Sturgeon's Law, but there *will* be a lot more good stuff mixed in the avalanche of garbage that will fill sites like YouTube.

Re:Even more reason to have nothing to do with it (5, Insightful)

Jah-Wren Ryel (80510) | about 7 years ago | (#18686319)

You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.

Indeed.

Look at Infernal Affairs - the original from which "The Departed" was remade - done in Hong Kong it had a budget of roughly 5M USD at the time. The Departed had a budget of roughly $90M and that does not take into account advertising. That's almost a 20:1 ratio and many people argue that "Infernal Affairs" is still the better movie.

Look at "Il Mare (Siworae)" - the original from which the recent Keanu Reeves/Sandra Bullock "The Lake House" was remade - a budget of under 2M USD versus roughly $40M for the remake and if IMDB's ratings are anything to go by, the original was better. Again a 20:1 ratio.

Furthermore, South Korea regularly turns out top caliber movies and yet the most expensive film they've produced, The Host, [wikipedia.org] had a budget of $10M. Most South Korean productions are well under half of that, often closer to $2M, and their quality easily surpasses most of what Hollywood does.

South Korea is one of the few markets in the world where local productions regularly beat out Hollywood for ticket sales (in part because of screen quotas, but that changed recently due to the US State Department doing the MAFIAA's biding and it still didn't put a dent in local cinema). These movies focus on story rather than flash, so there are less special effects. But otherwise the movies look just as good as anything from Hollywood - professionally lit, professional wardrobe, make-up, cinematography, and of course the most important part -- great story telling.

While production costs are cheaper in South Korea and Hong Kong than they are in Hollywood, they are not necessarily less than for a lot of "run aways" where Hollywood outsources various parts of the production to cheaper parts of the world.

So, yes it is easily possible to outdo Hollywood and even produce 'blockbuster quality' (if quality is the right term) movies for far far less than Hollywood does right now.

Re:Even more reason to have nothing to do with it (1)

clickclickdrone (964164) | about 7 years ago | (#18686299)

>the music companies spend more on the video than actually paying the band
Most contracts require the band to pay for the videos. Good huh?

The right to pirate (2, Insightful)

essence (812715) | about 7 years ago | (#18685683)

You have the right to not watch their movies, but why do you think you have a right to pirate them?

Because we can. Forget about laws in books, even forget that Bill Of Rights that some of you have, they get ignored all the time. Rights are yours if you have the means to enforce your ability to exercise your right.

Re:Even more reason to have nothing to do with it (4, Insightful)

mstahl (701501) | about 7 years ago | (#18685801)

Yeah see this is what always gets me about the DRM thing. Either you make it playable or you make it secure. Pick one.

The Sony rootkit fiasco really brought home, for me, the need of consumers to assert their rights over their devices. This computer on which I'm writing this is mine. If I had the choice of hardware that would do what I told it or hardware that would obey the whims of the MPAA/RIAA, I'd choose the open hardware. Given the choice of software that does what I tell it to or software that doesn't, the choice is obvious. If there is no choice, I write my own software.

The most insulting thing about the rootkit incident, as well as many such events since, is the notion that just because I'm using my computer to play content owned by someone else they somehow they own my hardware. That's simply not the case.

Here's what I want to know. They're sending a patch to the software that plays the discs, right? It's already too late to change what's on the actual discs because too many are already in the wild, so to speak. What if I just don't update my software/firmware? Or better yet, what if I write my own?

Re:Even more reason to have nothing to do with it (1)

LocalH (28506) | about 7 years ago | (#18685919)

New discs. You won't be able to play those unless you update, or until more keys are exposed.

What would be fun is if somehow all keys were exposed. What would they do then? It'd be CSS all over again.

Re:Even more reason to have nothing to do with it (1)

EvilIdler (21087) | about 7 years ago | (#18686097)

I'm sure pirates will find a way to strip discs of keys to revoke, anyway.

What about the lazy customer? (3, Interesting)

ibib (464750) | about 7 years ago | (#18685591)

I am just wondering what "normal" customer's will think, I mean - geeks and technophiles understand the the new efforts to close AACS is just not a solution, just another workaround in a loosing battle. But I wonder what normal people think, I really doubt that average Joe will think that a patch to this system is really a good thing. Most people want to be able to copy their content, make backups, etc. One of the benefits for a lot of people with the DVD format is that DVD players are available as region free players, you can copy disks from friends, etc. I'm not saying that piracy is necessarily a good thing, just that far too many (and increasing) people enjoy that and that in itself will be a problem for the next-gen media players.

Re:What about the lazy customer? (0)

Anonymous Coward | about 7 years ago | (#18685645)

A tiny tiny tiny percent backup and trade their DVDs. Most people just want to put the disk in their player and play it.

Re:What about the lazy customer? (2, Insightful)

Techman83 (949264) | about 7 years ago | (#18685797)

The problem is when Joe Six pack comes home on a friday night with a case of beer, couple of mates and a latest release movie, they are going to be mighty pissed off when there player prints "please update your dvd player" or something like it.

Christ, It's not entirely difficult for someone that isn't phased by technology, but I know if I've kicked on my couch on a friday night with a beer, the last bloody thing I want to be doing is getting up, searching for my model of "insert new format player here" downloading the firmware, burning it to a disc, updating it, just to watch a movie I bought/rented.

I'm just gunna stick to DVD for the time being, My mythbox has no trouble playing those!!

Respin (5, Insightful)

ewhac (5844) | about 7 years ago | (#18685595)

"Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

No no no. Let's just tidy that baby up a bit:

"Makers of software for playing the discs on computers are requiring consumers to download patches that will re-apply the product defects that computing professionals had removed in the weeks prior. Despite the fact that nothing is technically wrong with the older versions of the software, it is being intentionally rendered obsolete to force the update -- no new movies will be viewable on the old software."

Schwab

AACS == Barn - Horse (2, Insightful)

Crash Gordon (233006) | about 7 years ago | (#18685601)

ISTR that Muslix64's attack worked by identifying the keys in active RAM. So how does revoking the keys defeat this attack?

Re:AACS == Barn - Horse (1)

roesti (531884) | about 7 years ago | (#18686133)

So how does revoking the keys defeat this attack?

The hackers only figured out how to get the old key. This is a new key. The hackers don't have the new key.

What are you, stupid?

They didn't fix anything (5, Insightful)

hyrdra (260687) | about 7 years ago | (#18685605)

They didn't fix any flaws. They just deactivated old keys and issued new ones. Supposedly InterVideo will be patched to be more secure (aka try to hide the new key). Maybe that is what they are talking about but it still does not fix any flaws by a long shot. Just look at all the cracked versions of software out there that have all kinds of fancy safety and protection mechanisms and are still cracked daily. As long as its in memory in unencrypted form for any amount of time, it can be obtained.

What they have done is analogous to re-keying a lock that is susceptible to being picked -- it's only a matter of time before it is picked again. Lather, rinse, repeat. And how long before a hardware player is cracked? If I had one I'd bust into it to see what kind of flash it has. It probably has an on-board JTAG or other programming port to dump the memory like most consumer devices which are mass produced and then flashed assembly style, making obtaining the key quite easy. When the players come down in price I fully expect them to be cracked on a daily basis.

analogous ? (5, Funny)

fahrbot-bot (874524) | about 7 years ago | (#18685733)

What they have done is analogous to re-keying a lock that is susceptible to being picked...

I'm sorry, but this is /. and we only allow automotive analogies here. Please rephrase.

Re:They didn't fix anything (1)

Repton (60818) | about 7 years ago | (#18685765)

And how long before a hardware player is cracked?

Uh, yesterday [slashdot.org]. It's not small beans either: It's the XBOX 360.

Re:They didn't fix anything (4, Interesting)

bhima (46039) | about 7 years ago | (#18685897)

Actually they (the Doom9 crowd and the Xbox360 hackers) have already discovered a method that recovers Volume Unique Keys which is completely unrelated to the method they used before. One which doesn't require reprogramming the device (Although they have already done that as well)

So not only was AACS not really fixed (Just the key revoked) the velocity of revocation process is slower than the hacking process. And this revocation was a key for a software package, I imagine that the process for revoking the key for a hardware device, like the external Xbox360 HD-DVD drive to be slower, a lot slower.

Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.

I know I'd sure like to do it, if only to annoy and embarrass the AACS group.

breech? (2, Funny)

natrius (642724) | about 7 years ago | (#18685607)

I feel sorry for anyone who has to give birth to DVDs, let alone backwards.

Sharp edges. Ouch.

The game continues (3, Insightful)

zappepcs (820751) | about 7 years ago | (#18685611)

I guess that nobody with VC understands that DRM is simply a VERY expensive, very stressful game of whack-a-mole.

It amazes me that so many people believe that they can do the DRM game and make huge money. Recent news tells me that if the US government is trying to influence other countries to do more about copyright infringement, well then, DRM must not work worth a damn, otherwise there would be no need for US Governmental intervention. With that bit of proof that it won't work, doesn't work, and can't work, it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.

Media and content providers simply have to get on the right bandwagon... DRM isn't it. No matter what fantastically great work they do for any particular DRM scheme it will always end up broken. There is no method that can reasonably ensure secure keys when the unencrypted content has to be present to view it. Sigh, old dogs, new tricks, bad circus experiences....

Re:The game continues (1)

arkhan_jg (618674) | about 7 years ago | (#18686159)

it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.


Yeah, cos copyright law is already so well followed by the populace, I'm sure they'd be all broken up about breaking another law enforcing the use of DRM. Other than that, good post.

Lesson (1)

giminy (94188) | about 7 years ago | (#18685613)

If someone does break the new key, just wait. Please, wait. Until the format war is over, and there are thousands of titles out, everybody has a player, etc. Then announce.

Thanks for listening.

Re:Lesson (1)

physicsnick (1031656) | about 7 years ago | (#18685651)

Are you serious? Why? Are you worried that they'll eventually patch it enough that it will be unbreakable?

If hackers wait until AACS is as ubiquitous as CSS is today before announcing a crack, then AACS will be a success. It needs to be cracked as soon as possible and as often as possible to show that DRM doesn't work.

Re:Lesson (0)

Anonymous Coward | about 7 years ago | (#18685711)

Alternatively, leave it a while, wait till there's a biggish consumer base, then crack the system. That way if they try the key revocation trick again a significant number of Joe Sixpacks will be have be forced to do the whole upgrade dance, which could become very noisy and entertaining to watch (and who knows, those involved might actually learn something from the experience).

Re:Lesson (0)

Anonymous Coward | about 7 years ago | (#18685695)

I'd rather annoy the content providers repeatedly, handing them public embarrassments as often as possible and forcing them to irritate Joe Moviebuyer to the point where he says "fuck it" and takes his money elsewhere.

No, no, no. (4, Insightful)

Kadin2048 (468275) | about 7 years ago | (#18685723)

You're missing the point.

The benefit of all these cracks isn't to allow people to copy the movies. That ability was never in doubt -- people will always be able to do that. They'll be able to do that regardless of what the content monopolies do, short of just deciding that they won't release movies anymore (which is fine; there's enough of a demand for entertainment that other people will do it -- there's nothing special about making movies that a lot of people can't do, it just takes a lot of money).

Holding onto a crack until AACS is ubiquitous wouldn't do anything. The ultimate failure of AACS isn't, and never was, in doubt -- all DRM is flawed, and it will eventually be broken.

The question is whether it's possible to convince both the studios/content-creators, and consumers, of the utter futility of DRM in the first place, so they'll stop trying to do it, and stop wasting everyone's time. DRM is nothing but a broken window: it's millions of man-hours and probably billions of dollars of resources diverted from other, more productive, tasks, both to create it and break it. That's the real cost of DRM.

So if by releasing cracks for AACS every time they update it, as quickly as possible, it demonstrates to the studios that they're engaging in a war against a guerrilla enemy that they can't possibly defeat, regardless of how much money they spend, perhaps they'll throw in the towel sooner rather than later. It may be a slim chance, but given that Apple has started to see the light, there's some hope.

That's the real benefit of these cracks. Compared to the economic and social cost of the wasted effort, the ability of people to pirate a few movies pales in comparison.

They don't get it - DRM is suicice (2, Interesting)

Erris (531066) | about 7 years ago | (#18685629)

The number one reason Vista is Sinking Like a Stone [dailytechnobabble.com], is "DRM problems and lack of anything even remotely demonstrating an understanding of how users want to use digital media." If DVD makers tighten up, people are going to route around them the same way they are routing around the RIAA member companies. They will flock to independent film makers and the big dumb publishers will watch their earnings collapse at 20% per year. Their greed goes beyond the already insane limits of copyright and that kind of thing is simply not fun.

Re:They don't get it - DRM is suicice (1)

Macthorpe (960048) | about 7 years ago | (#18686111)

Read the comments for the article you linked to. The author gets torn to shreds by people with actual knowledge of Vista.

Simply don't use these new 'format's (1)

dpastern (1077461) | about 7 years ago | (#18685643)

It's that simple. Educate friends and family and loved ones on the tactics that are employed by the powers that be to various pieces of hardware and software.

Just think - if 90% of the population boycotted music CDs and DVDs for an extended period of time, the RIAA and MPAA and others would get a very clear message that what they are doing is just simply not on. The hard bit is educating people to realise that they can make a difference, but that they have to show their view and their hand.

Dave

CDs aren't a new format! (3, Insightful)

Anonymous McCartneyf (1037584) | about 7 years ago | (#18685861)

Audio CDs were invented in 1983, before many people were computer proficient to make perfect digitial copies of songs. It was only in 1991 or so that digital DRM was invented.
True Audio CDs have no DRM. New "CDs" that have no DVDs hidden on them should have no DRM, since no one is making pure "CD" DRM anymore. If you buy CDs from non-RIAA labels, you should never run into DRM at all.
Now, DVDs do have DRM. So the question is, how do we get manufacturers to make Laserdiscs again?

Re:CDs aren't a new format! (2, Interesting)

dpastern (1077461) | about 7 years ago | (#18686071)

Good post. Technically, these enhanced CDs do not conform with the redbook standard, and thus cannot be legally called CDs. The average person does not know what redbook is, nor that it is illegal for record labels to label these types of CDs as 'compact discs'. DVD-A has never taken off in Australia, HDCD the same, and SACD has only received a lukewarm welcome.

I firmly believe that the demise of the Vinyl LP was orchestrated by the recording industry, in order to get consumers used to 'digital technology', and then down the track be able to control what those said consumers can do with things like DRM. I mean, it was impossible for record labels to stop you from copying compact cassettes and LPs, and this is purely because they're analogue in nature. Now that digital has been foistered onto us, we can be controlled. This is what has really led to the DRM explosion.

Unfortunately, if governments were actually here to protect our, the voters rights and interests, DRM would have been made illegal a long time ago. I most certainly would introduce this law in Australia if I had the senate majority and power, the US be damned.

You are quite correct in buying CDs from non RIAA labels (there's a website for this, can't remember it). It's a pity that the artists (well some of them are artists lol) have to suffer and have their income deprived. I can't understand why artists don't start pooling their resources together, creating an artist's record label - that is for the artists (and gives back the sales to the artist, less manufacturing costs etc). This is doable, other than with political and financial sabotage by the RIAA happening (and this would be highly visible to any court of law).

Has anyone ever asked themselves why the RIAA has it's own legislation where it can Ddos/dos suspected pirates Internet connections? If anyone else did this, it's a computer crime. Why is it that the RIAA has it's own legislation marking them as being exempt from US monopoly laws? Why is it that the RIAA has firmly pushed for the extension of copyrights (I can tell you why this is)?

Why is it that such a high percentage of the population doesn't realise any of this, let alone remotely think about it? A friend once told me that the right to breed should be directly linked to your IQ - in order to keep the species intelligent. I'm finding that I'm starting to agree with him...

Dave

Re:Simply don't use these new 'format's (1)

koolman2 (903886) | about 7 years ago | (#18686373)

No, they'd just blame it on piracy and try to make DRM even more restrictive. However, if we were to start buying CDs and DVDs en masse again, they'd claim that it is due to the success of DRM. You can't win with these guys.

Final Solution (2, Interesting)

pushing-robot (1037830) | about 7 years ago | (#18685667)

I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy their content without explicit licensing and permission would be the start of some file-sharing apocalypse. It's not even so much about the money with them as it is the power and control. And every time they hear about DRM being broken they want some new, better way of controlling their media. As much as I praise EMI for their actions of late, I can't help but think the people I know represent the bulk of the **AAs. The more we prove DRM is useless to a customer that has access to the hardware and software, the more appealing "Trusted Computing" will become to the Industry. Add a nanny-state government to that and you've got a recipe for disaster. And the "average consumer" wouldn't raise a stink about it. Even a locked-down home-phoning appliance could run Microsoft Office and QuickBooks and HALO*, so 99% of people wouldn't care. Tell them it's more "secure" and they'll buy it. (...wait, they already play HALO on locked-down home-phoning trusted-computing appliances...)

Re:Final Solution (3, Interesting)

pushing-robot (1037830) | about 7 years ago | (#18685677)

Well, that teaches me for not using preview. Here's the non-HTML-formatted version (with real paragraphs!):
--

I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy their content without explicit licensing and permission would be the start of some file-sharing apocalypse. It's not even so much about the money with them as it is the power and control.

And every time they hear about DRM being broken they want some new, better way of controlling their media.

As much as I praise EMI for their actions of late, I can't help but think the people I know represent the bulk of the **AAs. The more we prove DRM is useless to a customer that has access to the hardware and software, the more appealing "Trusted Computing" will become to the Industry. Add a nanny-state government to that and you've got a recipe for disaster.

And the "average consumer" wouldn't raise a stink about it. Even a locked-down home-phoning appliance could run Microsoft Office and QuickBooks and HALO*, so 99% of people wouldn't care. Tell them it's more "secure" and they'll buy it.

(...wait, they already play HALO on locked-down home-phoning trusted-computing appliances...)

Re:Final Solution (0)

Anonymous Coward | about 7 years ago | (#18685807)

Final Solution?

Who could possibly object to a plan named the Final Solution?

Already hacked via Xbox 360 add on VID (5, Informative)

appleguru (1030562) | about 7 years ago | (#18685697)

From Engadget:

In parallel efforts, hackers in both the Xboxhacker and Doom9 forums have exposed the "Volume ID" for discs played on XBOX 360 HD DVD drives. Any inserted disc will play without first authenticating with AACS, even those with Volume IDs which have already been revoked by the AACS LA due to previous hacking efforts. Add the exposed processing keys and you can decrypt and backup your discs for playback on any device of your choosing. Now go ahead AACS LA, revoke the Toshiba-built XBOX 360 HD DVD player... we double-dog dare ya.
Sources:
http://www.xboxhacker.net/index.php?topic=6866.0 [xboxhacker.net]
http://forum.doom9.org/showthread.php?&t=124294&pa ge=6 [doom9.org]
http://www.engadget.com/2007/04/10/aacs-hacked-to- expose-volume-id-windvd-patch-irrelevant/ [engadget.com]

Re:Already hacked via Xbox 360 add on VID (0)

Anonymous Coward | about 7 years ago | (#18685787)

Wow. Cool. This is the first time I'm actually tempted to buy Microsoft's game machine...

Bypassing DRM and all copyprotection schemes (0)

Anonymous Coward | about 7 years ago | (#18685739)

Isn't it possible to fool all these HD DVD, DVD, DRM protected media players buy supplying some sort of virtual videodrivers? Or even some lightweight virtual environment the players can run in. You start the player, the player tries to play the HD DVD in maximum resolution, the virtual video driver allows it... but it doesnt show it... just write it to disc. With some sort of virtual machine surrounding the player, it can also adjust the clock/time so that the player won't even notice that it's a time-consuming process? I'm no guru on this, but if something like this is doable it would help how much they change their keys.

It's all a big scam (1)

slashdot.org (321932) | about 7 years ago | (#18685915)

Some of you might remember the DVD-Audio 'hack' [slashdot.org]. Well guess what? The Intervideo keys got revoked. Then guess what happened?

That's right, the people that payed Intervideo for their player that was advertised to play DVD-Audio are TOL. Intervideo pulled the functionality out of their new players and the people that had bought the older version are only going to be able to playback DVD-Audio discs that were mastered pre-revoked keys. Unless they upgrade, in which case they can't play any DVD-Audio.

I'm just saying that software players that play any of the new DRMd media are bound to be 'cracked' and you are bound to be on the short end of the pissing contest, even though you are paying for a product based on functionality that's advertised.

I can't wait for this to happen to a 'hardware' player that has sold many units. What's needed is a large enough quantity of people being pissed off by paying for something that won't deliver. Unfortunately getting a key out of a hardware device is probably at least one or two orders of magnitude more complicated...

My fear (0)

Anonymous Coward | about 7 years ago | (#18685927)

I fear that eventually the content industry will give up on DRM and attack the users more directly. Not that they don't currently, but the investment in DRM can turn into an investment in p2p spying and lawyers. Maybe I'm just uninformed, but the number of legal incidents concerning music sharing seems greater than the number of legal incidents concerning movie sharing. I don't know that the music industry invests in DRM as much as the movie industry either. So while everyone clamors about how it will get hacked again and that the content industry should abandon DRM, I ponder what would really happen if they DID abandon DRM, and what I fear is that all that investment will go into the more direct assaults on users.

how do you think the new patch adresses the issue? (4, Interesting)

viking80 (697716) | about 7 years ago | (#18685955)

Here is the important question:
If you were the implementer of AACS on HD player SW, how would you hide the key? I can think of a few ways:
1. Keep the data in CPU registers and cache.
2. Split the keys up into smaller pieces, and spread them around when in memory.

It seems that both is basically security through obscurity, and that has not worked very well in the future.

If you respond to this with a clever way to do this, make sure you post the reason it will not stand up to hackers as well. Otherwise, keep it to yourself ;)

Re:how do you think the new patch adresses the iss (4, Funny)

Kymermosst (33885) | about 7 years ago | (#18686067)

It seems that both is basically security through obscurity, and that has not worked very well in the future.

Ahh, I see you have already attended the time travel seminar that will be held in two weeks.

Re:how do you think the new patch adresses the iss (3, Funny)

Toby_Tyke (797359) | about 7 years ago | (#18686093)

It seems that both is basically security through obscurity, and that has not worked very well in the future.

So tell me.. was Duke Nukem Forever worth the wait?

What did they do with that banner??? (1)

DrBuzzo (913503) | about 7 years ago | (#18685961)

Somebody call the White House and see if they still have the "Mission Accomplished" banner handy. It sounds like the war against DRM hacks is over for good... maybe a bit of moping up, but that's about it.....er... right?

I know it's /. , but isn't this story redundant? (1)

Eternal Vigilance (573501) | about 7 years ago | (#18686115)

I just read a story on the front page titled "Kremlin Seeks to Control Online Media."

(And yes, when I say "read" I mean "saw the headline of." I said it's /. )


HD-DVD porn + Doom9 patch = XXXBOX

Breech or Breach (0)

Anonymous Coward | about 7 years ago | (#18686179)

I am pretty sure the correct word is "breach." Not "breech."

Re:Breech or Breach (0)

Anonymous Coward | about 7 years ago | (#18686311)

It is indeed "breach", and the fact that no one has tagged the story makes you all illiterate peasants.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...