Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Analyst Says Blu-ray DRM Safe For 10 Years

kdawson posted more than 7 years ago | from the words-ripe-for-the-eating dept.

Media 493

Mike writes to let us know that a poster on the AVS forum says that the latest issue of HMM magazine (no link given) contains a quote from Richard Doherty, a media analyst with Envisioneering Group, extolling the strength of the DRM in Blu-ray discs, called BD+. Doherty reportedly said, "BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 years." He added that if it were broken, "the damage would affect one film and one player." As one comment on AVS noted, I'll wait for the Doom9 guys to weigh in.

cancel ×

493 comments

Sorry! There are no comments related to the filter you selected.

That's the article... (5, Insightful)

Anonymous Coward | more than 7 years ago | (#19807975)

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.

Re:That's the article... (5, Funny)

Kesch (943326) | more than 7 years ago | (#19807993)

As an AC noted:

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.


There's a lot of quotation involved here.

Re:That's the article... (3, Funny)

RedWizzard (192002) | more than 7 years ago | (#19808015)

Like Kesch said:

As an AC noted:

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.


There's a lot of quotation involved here.
There is indeed a lot of quotation going on.

Re:That's the article... (3, Funny)

XxtraLarGe (551297) | more than 7 years ago | (#19808047)

Like Kesch said:

As an AC noted:

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.
There's a lot of quotation involved here.
There is indeed a lot of quotation going on.
Indubitably! There's too much quotation going on around here!

Re:That's the article... (5, Funny)

woodchip (611770) | more than 7 years ago | (#19808553)

You know what would be freaky... A slashdot article quoting a slashdot article. It wouldn't just be a dupe, it would be a recursive dupe.

Re:That's the article... (2, Insightful)

jnguy (683993) | more than 7 years ago | (#19808569)

the slashdot article it quotes has to be about the article that is quoting it....

Re:That's the article... (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#19808067)

Like RedWizzard said:

Like Kesch said:

As an AC noted:

        A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.

There's a lot of quotation involved here.
There is indeed a lot of quotation going on.
There is indeed a fuck of lot of quotation going on.

Re:That's the article... (0, Redundant)

soundonsound (829141) | more than 7 years ago | (#19808343)

Like RedWizzard said:

Like Kesch said:

As an AC noted:

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.

There's a lot of quotation involved here.
There is indeed a lot of quotation going on.
There is indeed a fuck of lot of quotation going on.
I'm sick of all this fucking quotation, aren't you?

Re:That's the article... (0, Redundant)

soccer_Dude88888 (1043938) | more than 7 years ago | (#19808485)

Like RedWizzard said:

Like Kesch said:

As an AC noted:

A link to a forum that quotes a magazine quoting a guy... something doesn't seem right here.

There's a lot of quotation involved here.
There is indeed a lot of quotation going on.
There is indeed a fuck of lot of quotation going on.
I'm sick of all this fucking quotation, aren't you?
GOD BLESS SALVATION ARMY!

MOD PARENT UP (4, Funny)

Anonymous Coward | more than 7 years ago | (#19808063)

A friend of my cousin's roommate said they read a comment on the wall of a bathroom at an Ohio rest stop that said you should mod the parent comment up.

Reminds me of... (0, Offtopic)

rbf (2305) | more than 7 years ago | (#19808573)

Dark Helmet: "I am your father's brother's nephew's cousin's former roommate." (Spaceballs 1987).

Re:That's the article... (1)

product byproduct (628318) | more than 7 years ago | (#19808251)

Well until we have Google World Sound, a sort of Google Maps where you can enter latitude/longitude/date and get an audio recording, Slashdot can't link directly to what a guy said.

Re:That's the article... (4, Funny)

andymadigan (792996) | more than 7 years ago | (#19808515)

The NSA isn't licensing that yet.

famous last words (5, Insightful)

ErichTheWebGuy (745925) | more than 7 years ago | (#19807985)

I give it two weeks tops. The gauntlet has been thrown down.

Re:famous last words (5, Funny)

Anonymous Coward | more than 7 years ago | (#19808155)

Naw, DVD Jon's busy playing with the iPhone [nanocr.eu] so it might be three weeks.

Re:famous last words (1)

g0dsp33d (849253) | more than 7 years ago | (#19808185)

I agree, they may have bought 10 minutes by keeping their mouths shut and not encouraging people crack the protection. I will laugh my ass off if there's a solution like holding in a shift key and they have to eat their words.

Re:famous last words (1)

jdray (645332) | more than 7 years ago | (#19808277)

Well, not only that, but saying that a crack would only affect one layer is basically publishing a detail about your security, generally a bad idea.

Re:famous last words (0)

Darundal (891860) | more than 7 years ago | (#19808285)

Actually, I believe that 10 minutes is the time it will take for someone to figure out a proper workaround for BD+.

Re:famous last words (4, Insightful)

sg_oneill (159032) | more than 7 years ago | (#19808415)

The spec has a brilliant little hole in it already.

The VM's have an ability to run native code, oestensibly to 'patch' a compromised decoder.

So.................., it seems the first step to cracking blueray has been identified. What a fuck up.

From here theres a 60 instruction VM.Rebuild the VM firmware using the native code execution capacities, and make sure the new VM cant 'see' its outside changes, and you may well have a (near) perfect irreversible hack.

This babys gunna sink in months.

Re:famous last words (1)

sg_oneill (159032) | more than 7 years ago | (#19808461)

Ok. On further reading theres a signing of that code needed.

Eh.. Give it time.

Re:famous last words (1)

GizmoToy (450886) | more than 7 years ago | (#19808291)

It certainly wasn't the best move. This is just going to further encourage someone to take the time to break the format. When will these companies learn to not make silly statements like this?

Re:famous last words (4, Funny)

Junior J. Junior III (192702) | more than 7 years ago | (#19808381)

Get some cute chick to blow me while I hack and I bet I can crack that shit open in less than a minute.

Re:famous last words (1)

Endymion (12816) | more than 7 years ago | (#19808395)

As an old security tutorial/guide I read a long time ago said: "Never underestimate the number of MIP-years they are willing to throw at the problem."

And... (4, Funny)

Icarus1919 (802533) | more than 7 years ago | (#19808005)

*queue Mortal Kombat* Test your might... MORTAL KOMBAAAAAAAT!

In other news... (5, Interesting)

RightSaidFred99 (874576) | more than 7 years ago | (#19808017)

I won't be buying BluRay discs for at least 10+ years. I don't crybaby about DRM, I just don't buy it if it doesn't suit my needs and can't be cracked, ergo if he's right I won't buy BluRay. This is one reason I like HD-DVD, it's had the shit cracked out of it.

Re:In other news... (1)

Zobeid (314469) | more than 7 years ago | (#19808143)

I'm with you. This is most definitely not what they should be saying if they want me to buy a Bluray player.

Re:In other news... (4, Insightful)

westlake (615356) | more than 7 years ago | (#19808509)

I'm with you. This is most definitely not what they should be saying if they want me to buy a Bluray player.

But neither of you are the market. Blu-Ray has Disney and A-list titles like The Incredibles. It is content that drives sales, not cracked DRM.

Re:In other news... (1)

miskatonic alumnus (668722) | more than 7 years ago | (#19808567)

Then you're talking about me. I don't buy Disney.

Re:In other news... (2, Interesting)

Grax (529699) | more than 7 years ago | (#19808557)

I agree. Why would I want to buy a disk that they "guarantee" I won't be able to fully appreciate and that I won't be able to put into my online video jukebox (when and if I finish creating it)?

Oblig. (5, Funny)

Anonymous Coward | more than 7 years ago | (#19808021)

  1. Install forum software on server.
  2. Create most disgusting looking skin ever.
  3. Post links to random shit that will make people argue on news aggregation sites.
  4. ???
  5. Profit!

Re:Oblig. (1)

Tribbin (565963) | more than 7 years ago | (#19808513)

You forgot the step that says 'Place a slogan that makes the target audience feel instantly comfortable and accepted'.

Re:Oblig. (1)

MattW (97290) | more than 7 years ago | (#19808549)

As nasty as avsforum is, it's actually hugely informative and packed with people who love nothing more than to play with high-end AV stuff. I found it totally invaluable looking into projectors, audio systems, and HTPC solutions for my basement theater.

The DVD is UNCRACKABLE (5, Funny)

snowraver1 (1052510) | more than 7 years ago | (#19808031)

"With this CSS we are putting on this DVD, noone will EVER be able to copy dvds" - Some CSS guy

Re:The DVD is UNCRACKABLE (1)

Tribbin (565963) | more than 7 years ago | (#19808537)

Well that's because they assumed there would never be software that interprets the CSS properly; 'till Opera's recent announcement.

self referential (1)

gishzida (591028) | more than 7 years ago | (#19808043)

So this is not really a *true* \. post... after all it should be a post quoting a forum quoting magazine quoting a guy quoting the original post quoting a forum quoting the magazine...

Re:self referential (3, Funny)

Anonymous Coward | more than 7 years ago | (#19808365)

So this is not really a *true* \. post...
Au contràire, mon ami, it may not be a /. (slashdot) post, but it is a fine \. (backslashdot) post.

Backslashdot: the slashdot from bizarro world! Where GNAA members are white and manly, there are no dupes, CowboyNeal is respected and most posts are insightful!

Right... (1)

teutonic_leech (596265) | more than 7 years ago | (#19808045)

Hey, they're just ASKING for it. I give it 10 weeks - tops.

Hrrrrm... (2, Interesting)

PachmanP (881352) | more than 7 years ago | (#19808133)

...it is as if they were just asking for it. Do we have a solid understanding of this Doherty fellow's finances?

Bummer. (1)

pyro_peter_911 (447333) | more than 7 years ago | (#19808051)

No point in trying to crack BD+ then.

I'll just have to wait for Dumb and Dumberer to be released to public domain in the year 2257 before I can enjoy it in all of its HD glory.

Peter

An obvious typo (4, Funny)

ian_mackereth (889101) | more than 7 years ago | (#19808089)

"BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 days."

There you go, fixed that for you.

The makings of a decent /. poll (4, Funny)

benhocking (724439) | more than 7 years ago | (#19808149)

So far on this thread 3 dates have been suggested: 10 days, 2 weeks, and 10 weeks. This sounds like the beginning of a /. poll...

How long do you think it will take for Blu-Ray DRM to be cracked?
  • Less than 10 hours
  • Between 10 hours and 10 days
  • Between 10 days and 10 weeks
  • Between 10 weeks and 10 months
  • Between 10 months and 10 years
  • Didn't you RTFA? 10+ years!
  • CowboyNeal doesn't buy DRM-encoded material, you insensitive clod!

Re:The makings of a decent /. poll (5, Funny)

CastrTroy (595695) | more than 7 years ago | (#19808215)

Missing option:

I already cracked it. I'm just waiting for them to release something with BD+ so I have something to decrypt.

Missing options (5, Funny)

benhocking (724439) | more than 7 years ago | (#19808235)

It wouldn't be a /. poll without missing options!

In some ways yes... (4, Interesting)

hcmtnbiker (925661) | more than 7 years ago | (#19808097)

BD+ BD+ is effectively a small virtual machine embedded in authorized players. It allows content providers to include executable programs on Blu-ray discs. Such programs can:


* examine the host environment, to see if the player has been tampered with. Every licensed playback device manufacturer must provide the BD+ licensing authority with memory footprints that identifies their devices.
* verify that the player's keys have not been changed.
* execute native code, possibly to patch an otherwise insecure system.
* transform the audio and video output. Parts of the content will not be viewable without letting the BD+-program unscramble it.
But i have to think... If it has hardware access(or can run native code) what's to say someone wont make a disk that has a BD+ program that aids in the hacking? Once you break a way around(or through) the digital signature for BD+ your whole system is compromised, how is that a good strategy?

Imagine something close to, I make a disk with a BD+ program that once I have the program loaded I can eject the disk and put in a protected one, the BD+ can help circumvent the protection, and circumvent the BD+ on that disk. Vuala! BD+ makes it easier for me to copy.

Re:In some ways yes... (4, Insightful)

figleaf (672550) | more than 7 years ago | (#19808209)

execute native code, possibly to patch an otherwise insecure system

Or to execute malicious code and send all your private information to somebody.
Stay away from Blu-ray computer players.

Re:In some ways yes... (1)

asdfghjklqwertyuiop (649296) | more than 7 years ago | (#19808455)

Or to execute malicious code and send all your private information to somebody.


Or execute malicious code to break functionality of your own property, or "patch an insecure system" as their lie goes.

Re:In some ways yes... (2, Insightful)

poopdeville (841677) | more than 7 years ago | (#19808289)

If they're using a small virtual machine, the right security protocol would be to make an MD5 (or SHA-1 or whatever) hash of each essential component of the virtual machine and on board software that enforces DRM. It would then be a matter of storing a private key somewhere on the machine, after encrypting the hashes using the private key, comparing to an encrypted list stored on the disc.

This would make cracking the machine a nightmare. Recovering the list of keys from the disc might not be too hard. But even then, you'd have a very hard time writing a "liberated" firmware that hashes to the same value as the original. (You could also try to change the private key, but that sounds even harder)

Re:In some ways yes... (2, Insightful)

SCPRedMage (838040) | more than 7 years ago | (#19808347)

Or you could, I don't know, write a program to examine the BD+ program, and determine the appropriate method of descrambling the audio/video without actually having to RUN the BD+ program...

Probably not (4, Funny)

blhack (921171) | more than 7 years ago | (#19808109)

What it seems like they would be talking about here would be something similar to PKE. Err, no wait that doesn't make sense, must be something like what is used in prox cards with challenge/response...hrm...not that probably isn't what it is.....OH I KNOW! every disk comes with a monkey that kicks you in the balls every time you get the disk near a computer!!

Unfortunately, this alienates most of the Chinese player manufacturing market. But it does have the bonus of coming with a free monkey.

Lets make a movie starring the DRM monkeys and then post it into the intertubes! This would send an inverse monkey (also known as a something awful member) past the event horizon, causing the entire twisted fucked up backwards universe that the movie industry lives in to collapse upon itself!!!
FREE MONKEYS FOR ALL!

Re:Probably not (1)

wethion (871311) | more than 7 years ago | (#19808457)

Can't stop laughing, please mod up parent!

Always keep your words soft and sweet... (5, Insightful)

OmniGeek (72743) | more than 7 years ago | (#19808127)

In case you have to eat them.

To quote Bruce Schneier, "Making bits not copyable is like trying to make water not wet." I dunno 'bout those Doom9 guys, but I know enough of Bruce Schneier's work to trust his opinion on this one. I don't know what the digital-media landscape will look like when all this settles out, but I *don't* think it'll be neatly and unbreakably wrapped in DRM containers with price tags on.

The funny thing with these quotes... (3, Insightful)

Jugalator (259273) | more than 7 years ago | (#19808131)

It's that they make movie execs happy, but they scare away the customers.

Who're the most important in the success of a product?

Re:The funny thing with these quotes... (4, Insightful)

dAzED1 (33635) | more than 7 years ago | (#19808187)

the real customers, not the fringe folk who even know what DRM is.

The real customers care about what format has the most movies available.

The movie execs care about what format they feel protects and enhances their product the most.

Tada. Riddle solved. If the target audience for HD-DVD is going to be limited to "those who care about the DRM being cracked" then...HD-DVD is very, very doomed.

Re:The funny thing with these quotes... (5, Interesting)

MBCook (132727) | more than 7 years ago | (#19808333)

The average consumer has no idea [blogspot.com] what Blu-Ray is.

PS: I love Behind the Counter [blogspot.com] .

2, 4, 6 8... (4, Insightful)

MBCook (132727) | more than 7 years ago | (#19808135)

Quotes from the PDF linked to by the forum post (emphasis mine):

The recent release of a licensing program for BD+, the coveted second line of defense against piracy...

He said BD+ offers four times the safeguard on top of AACS against piracy.

"If you see an apartment in a rough part of L.A., and the door has six locks on it, you're not breaking into that apartment," Doherty said. "Having those extra locks, even if you are not sure [they all work], is part of the magic of BD+..."

BD+, unlike AACS, which suffered a partial hack last year, won't likely be broken for 10 years,...

Hmm, they seem to have skipped 8. The amount of gall in this little article (which is the PDF) is amazing. AACS was "partially" cracked. BD+ is a second line of defense, four times as safe, and just like six weak locks that you don't think work, which, by the way, is magic.

What is this guy smoking?

Re:2, 4, 6 8... (5, Funny)

Anonymous Coward | more than 7 years ago | (#19808261)

What is this guy smoking?

"If you see an apartment in a rough part of L.A."...

We may not know what this guy is smoking, but we know where he bought it.

Re:2, 4, 6 8... (1)

Jeek Elemental (976426) | more than 7 years ago | (#19808429)

"If you see an apartment in a rough part of L.A., and the door has six locks on it, you're not breaking into that apartment," Doherty said

Hes right, thats probably a crack house, and them dudes are dangerous!

seriously tho, the logic is kinda flawed as the DRM would be the ONLY door, no?

Re:2, 4, 6 8... (1)

FSWKU (551325) | more than 7 years ago | (#19808459)

"If you see an apartment in a rough part of L.A., and the door has six locks on it, you're not breaking into that apartment," Doherty said. "Having those extra locks, even if you are not sure [they all work], is part of the magic of BD+..."

In rough parts of L.A., having six locks means nothing. They either break the door down, or go through the window...

Actually, breaking into a house in L.A. would be HARDER, since it requires a concentrated physical effort to do either of those. Cracking AACS or BD+ just requires time and someone with a desire to stick it to the content providers.

That's weird... (0)

Anonymous Coward | more than 7 years ago | (#19808165)

... I'm pretty sure I saw a bd-movie floating around somewhere. Does that mean that all bd movies are not protected by bd+ ? (honest question, I didn't read the article, neither did I do any research on what other protections might be available for blu-ray discs...)

Re:That's weird... (1)

snowraver1 (1052510) | more than 7 years ago | (#19808267)

I could be wrong (If I am, someone will prove it) but I don't think that BD+ is in use at all yet.

Re:That's weird... (1)

Drgnkght (449916) | more than 7 years ago | (#19808345)

I could be wrong (If I am, someone will prove it) but I don't think that BD+ is in use at all yet.
That might have something to do with why the media analyst thinks it won't be cracked for 10 years...

Excellent Point! (0)

Lord Balto (973273) | more than 7 years ago | (#19808527)

Keep in mind that any kind of "high definition," as opposed to let's say normal DVD definition, only really makes any kind of sense if you have a 6-foot (2 meter) or larger LCD or plasma screen. How many folks even have the room for such a monstrosity? And the larger the screen, the farther away you have to sit to see the damned thing. So you've got a situation like the ad for projection TVs where they project the movie on the side of a hydroelectric dam. Great! I'll spend my hard earned money on that! ;-) This is the same disease you have with digital cameras with the idiotic quest for more and more megapixels that require larger and larger storage devices, all so some shlub can take a bad picture of his kid at the beach.

AVS? (1)

kriebz (258828) | more than 7 years ago | (#19808167)

I'd look, but the site is slashdotted. I only know AVS as Adult Verification System, and I don't know what smut peddlers are doing commenting on DRM. Even wikipedia tells me nothing except it's an old name for the Nintendo.

mia culpa (1)

kriebz (258828) | more than 7 years ago | (#19808231)

AV (audio-visual) Science Forum. Sorry to be a n00b.

Perhaps they just want some additional QA... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19808183)

The best way to find holes is to throw down the gauntlet to the hacker community and let them attack. This will give BluRay time to eliminate mistakes before players start rolling out the door for next xmas...

Are you kidding me? (1)

Coopjust (872796) | more than 7 years ago | (#19808195)

This analyst is out of his mind. Of course, the Content Scrambling System, the "invincible" content protection on DVDs, worked on a key based system that allowed the revocation of compromised keys.

While Sony has worked on Blu-ray DRM after the failure of the CSS, calling it uncrackable is insanity. Harder to crack? Maybe. Impossible? Definitely not. Anything that allows analog playback will be crackable. And, even with digital signal, there will be some method of attack.

Even if the security on Blu-ray discs turns out to be only slightly cracked (and subsequently fixed) for a few years, they'll still be DVDs in the meantime (a studio would have to be insane not to sell DVDs and alienate a huge market). And, of course, "Media analyst" sounds somewhat like "Sony shill".

Re:Are you kidding me? (1)

tepples (727027) | more than 7 years ago | (#19808263)

Anything that allows analog playback will be crackable.
Once HDCP adoption surpasses 85 percent of HDTV monitors, studios will begin to turn on Image Constraint Token, which downgrades the luma resolution of analog outputs to EDTV. This makes cracking HD DVD and Blu-ray Disc not worth any more than cracking DVD.

(a studio would have to be insane not to sell DVDs and alienate a huge market)
(a studio would have to be insane not to sell VHS and alienate a huge market) What's the difference?

Re:Are you kidding me? (1)

SCPRedMage (838040) | more than 7 years ago | (#19808401)

(a studio would have to be insane not to sell VHS and alienate a huge market) What's the difference?
The difference is that moving from DVD to HD-DVD/Blu-ray only benefits the small percentage of consumers with HDTVs, whereas moving from VHS to DVD benefited the everyone with a TV.

Re:Are you kidding me? (0)

timmarhy (659436) | more than 7 years ago | (#19808273)

he's just a moron. maybe it'll be 10 years till we can brute force a BD key, but until then i'm sure there will be some implementation flaw that will get exploited. the fundamental flaw with DRM is that you are giving the encrypted material along with the key to open it to the same person. at some point, you are going to expose that key to the open.

Re:Are you kidding me? (0)

Anonymous Coward | more than 7 years ago | (#19808295)

I heard some kid in Japan swapped out the diode for a yellow one, thus greenlighting CSS and Cracking the earth's core. Paging Mr Godzilla, please report to Tokyo.
Thats kidding you.

Blu-ray uncrackable? that's Sony kidding themselves. You just need a orange highlighter pen and something I can't tell you about.

What the article didn't say... (1, Funny)

CaptainPatent (1087643) | more than 7 years ago | (#19808205)

...Is that was a statement made 9 years, 11 months and 28 days ago!

The blogger quoted actually had a very keen insight that not only would sony introduce a new standard... but that it would be called BluRay and that the DRM scheme on it is set to be cracked in 3 days!

In other news (2, Insightful)

Torodung (31985) | more than 7 years ago | (#19808213)

Widespread Blu-Ray adoption not likely for 10 years.

Coincidence? Possibly.

--
Toro

Thanks for (2, Insightful)

future assassin (639396) | more than 7 years ago | (#19808223)

letting me know how hard you worked to make a product that restricts my use of it after I would bought it. I'll stick to dvd's for now till a company comes out with a storage media that where I wont be buying cripple ware.

We built the atom bomb with slide rules in 3 (1)

gelfling (6534) | more than 7 years ago | (#19808247)

I'd say it's good bet that any encryption today will be broken in less than a decade. Turings's law says that if it takes 10 years to solve a problem today but in 5 years it will only take 3 years then you're better off waiting 5 years and saving 2.

Re:We built the atom bomb with slide rules in 3 (1)

the_humeister (922869) | more than 7 years ago | (#19808301)

Or you could start now, and in 5 years, use the better technology to finish what you started 5 years ago.

DRM at the hardware level (1)

fanha (901005) | more than 7 years ago | (#19808259)

I'd assume from what they're saying that the way a Blu-Ray player works (IANAE), the hardware itself is hard-wired to throw an interrupt that loads this executable program from the disc and runs it, effectively giving the disc power over the entire system to check itself. Even if a system were compromised in software, if the hardware immediately loaded in the disc's application then it could detect that and abort from within that application (hence storing an image to check against). This would mean the only way to crack it would be a pretty tricky hardware mod, but as he says, this would only compromise that particular piece of hardware.

I say we start with sharpies and work from there.

What is the true purpose of the message? (4, Insightful)

CrazyJim1 (809850) | more than 7 years ago | (#19808275)

1) Don't even try hackers
2) Go ahead, hacker, I am taunting you.
3) Consumer, buy Blu-ray discs because your local pirate won't be stocked for years.
4) Vendor, HDDVD is hacked, go with us for more sales instead of losing untold billions in piracy.

I'm sure there is an actual reason.

Re:What is the true purpose of the message? (1)

careysb (566113) | more than 7 years ago | (#19808431)

I'll buy them when they can convince me that they've resolved the bit-rot issue.

It's not really just an encryption scheme, though. (5, Interesting)

Anonymous Coward | more than 7 years ago | (#19808283)

Read what BD+ really is:
http://www.cryptography.com/technology/spdc/bluray .html [cryptography.com]

This means that each Blu-Ray disc has a computer program compiled to execute within a proprietary, secure VM. What this means is that each disc has a program built into it whose purpose is to boot, validate that it is running on licensed hardware, enforce security policy, and if those checks are met, extract a key from its own memory and play the content.

What does this mean for people attempting to defeat the security?

Well it means that a full crack of BD+ will require crackers to implement a virtual machine which acts in exactly the same way as the hardware VM would act. This represents a what I will casually call a "larger challenge" than defeating CSS or AACS, in which you have to decrypt a key or a list of keys. In this case, you have to come up with something which can determine the full dynamic runtime execution path of a static binary - a currently unsolved problem in Computer Science, despite numerous attempts to do such a thing by some of the world's brightest minds.

Just putting the same source code through a randomizing compiler/packer/obfuscator of the types that game companies have been working on for a while makes the challenge immensely harder. Precedent? http://spa.jssst.or.jp/summer-2005/paper/05046.pdf [jssst.or.jp]
There's too much to talk about.

And who's deployed this type of technology already? Who has a secure virtual machine with secure bytecode doing challenge-response to determine hardware legitimacy? People Who Care: a lot [216.239.51.104] .

The other major problem is that the challenge-response authentication made by the program contained in the disc against the embedded hardware will require a "real" cert to succeed. Yes this is the TPCA/Palladium "sky is falling" scenario come to pass. Either the implementors made a cryptography implementation mistake, or someone with a scanning, tunneling electron microscope figures out how to defeat the epoxy guards and actually read the private cert material off a chip, or someone with a previously unheralded supercomputer or mathematical technique breaks the key from a known subset of challenge/response pairs... - or, it will remain unbroken. It is strong, known algorithm public key cryptography.

What's really interesting about all this is if someone DOES find a way to break BD+, there is really strong incentive for them to use it to break & release movies rather than release code which performs the break. Why? Get yourself a windows VM and download all the latest in DVD-breaking binaries: ripit4me, dvd decryptor-last, dvdshrink-last, etc. Then set windbg to be your default debugger, and start trying to break very recent DVD releases. What you'll find is that the entertainment company is employing people to literally find security holes in the input to the cracking tools - the dvd image itself, and then embed "exploits" into their dvd images. There is data on those discs that has no other purpose than to crash certain binaries. It becomes obvious once you trap execution in a debugger and know a little bit about x86 asm. Don't get me wrong, they're not executing arbitrary code, just causing a DoS - but that's only because they know they can't. Some of the conditions they've found and abused are CERTAINLY exploitable. But they also know that putting shellcode in their DVDs defeats plausible deniability, which is a hell of an asset.

Now push this knowledge forward to BD+. If someone actually manages to set up a "shim VM" that executes BD+ language and acts as a proxy between secure hardware and the bytecode, and RELEASES that VM, then we know the entertainment companies are going to enter a reverse engineering arms race. They're already in it. And are there attacks against VM execution environments? YES. Someone from google research just recently put out a paper about exploiting VmWare from within a guest, of all things. And it isn't the first break in VmWare: http://kb.vmware.com/selfservice/microsites/search .do?cmd=displayKC&externalId=2000 [vmware.com]

BD+ allows the entertainment companies to react instantly to breaks at timeline point X, recompiling their VM code in a response to software breaks, protecting all titles published from time X+. This makes it a legitimate contest of available engineering resources, and provides an incentive for successful hacks not to be published, only utiltized.

There remains the possibility of programming or implementation flaws. Discovering one of these is the best hope of the attackers.

Like all the best posts on /., posted at zero, headed for minus one. ttfn!

Re:It's not really just an encryption scheme, thou (1)

cullenfluffyjennings (138377) | more than 7 years ago | (#19808407)

Good post - someone should mod up the parent.

oh yah, and on the 10 years, lol

Re:It's not really just an encryption scheme, thou (0)

Anonymous Coward | more than 7 years ago | (#19808445)

Someone from google research just recently put out a paper about exploiting VmWare from within a guest, of all things


This is very interesting. Could you please provide a link to the paper?

A question or two (3, Interesting)

pembo13 (770295) | more than 7 years ago | (#19808307)

Is all this DRM on BlueRay and HD-DVD optional? Ie. if I were to release a movie under the creative commons liscence, could I put it on one of the new formats in a way that it would be playable on a Linux box?

Re:A question or two (1, Informative)

Anonymous Coward | more than 7 years ago | (#19808397)

Yes, it's completely optional.

You'll never write a legal free player for protected movies though.

Re:A question or two (0)

Anonymous Coward | more than 7 years ago | (#19808493)

On HD DVD, yes the DRM is optional. There have already been a few HD DVDs released without AACS.

On Blu-ray, no. The spec requires you to use (and pay big $$$ for) at least AACS in order to create pressed discs (although BD+ is optional). [Oh, and burned discs aren't a way out of this either: there are two Blu-ray video formats (BDAV and BDMV), and most currently available players only support one or the other to be played from BD-R (and a few don't support any BD-R playback at all). Ergo, if you were to burn Blu-ray discs of your hypothetical CC-licensed movie in order to avoid AACS, no matter which Blu-ray format you picked they'd only play on a fraction of your potential customers' players.]

Oh No he didn't! (1)

sTalking_Goat (670565) | more than 7 years ago | (#19808309)

Do these guys like to look like idiots.

Too bad to hear that (1)

Trelane (16124) | more than 7 years ago | (#19808359)

'cause I'll start buying blu-ray movies when the encryption is cracked!

Am I the only one? (0)

Anonymous Coward | more than 7 years ago | (#19808371)

The DVD format wars have no effect on me. I just watch the Simpsons and Southpark.

Oh play nice now (1)

saikou (211301) | more than 7 years ago | (#19808375)

Did he say 10 Earth years? Well how do you know he did not mean 10 Mercury years? :)
Plus, financial analysts should have pretty much taught everyone not to trust most analysts :)

Does it really matter? (1)

NewsWatcher (450241) | more than 7 years ago | (#19808379)

A friend of mine bought a TV recently. They can shove a USB stick into the bottom of it and play movies they download from the internet directly. They don't need a DVD or a player. How far away is it until thumb drives can store enough information to effectively play a movie that with all the data included in an entire HD-DVD or Blue-Ray disk?

Will all players as we know them be redundant in a few years?

No matter how good the encryption, you can always scrape a recording of the data and convert it to another format. If they can't stop the downloads, they can't stop the piracy.

money - mouth (1)

wall0159 (881759) | more than 7 years ago | (#19808387)

Maybe he'll be prepared to make a bet with his _own_ money to the effect that the bluray DRM won't be broken before 2017 (sounds a long time away don't it?)

Break BD+ ? Inconceivable! (5, Funny)

martinX (672498) | more than 7 years ago | (#19808411)

Do you know just how smart the guy who invented BD+ was?

Let me put it this way: have you ever heard of Plato, Aristotle, Socrates? Morons.

1011010010 days sounds about right (2, Funny)

davidwr (791652) | more than 7 years ago | (#19808413)

10 years is 1011010010 days, including 29 Feb 2008. That sounds about right.

damn outsourcing (1)

davidwr (791652) | more than 7 years ago | (#19808489)

I outsourced my calculations to some peasant in a third world country.

The correct value is 1011011011 days.

Next time I'll hire a local peasant.

Well, one player is enough... (2, Insightful)

gweihir (88907) | more than 7 years ago | (#19808417)

I assume this means one player type, but even if not, a system break can also be done by generating an automatic procedure that breaks every instance.

Even if it means exaclty one player, with P2P filesharing that is already enough. Look at the preview copies. That is one original instance and a few days latter you can get them everywere.

Then there still is the ''analog hole''. Fit an LCD driver (i.e. the thing that drives the pixel) with high-speed A/D converters (not difficult, and signals cannot be encrypted at this level) or read the bus between display controller and driver chip (may or may not be difficult, depending on whether there is encryption here, but does not need the A/D converter, so it would give a better signal). I expect this is a relatively cheap project any good EE or electronics tinkerer can do. Again a single copy of a movie is enough.

DRM Safe? Who cares... what about the FORMAT? (1)

NotQuiteReal (608241) | more than 7 years ago | (#19808427)

Most people who by discs don't care about the DRM.

They just want to know if the media will last, and if you will be able to buy players for it in the future.

It is all about the popularity of the format, for whatever reason.

Can't be cracked by a ten year old (2, Funny)

caffiend666 (598633) | more than 7 years ago | (#19808451)

It can't be cracked by a ten year old. We have it in writing now! Quick, look for 9 year old Math PHDs.... All it takes is a hammer and that Blue Ray Disk is cracked up... Seriously though, there's nothing about that piece of plastic which means we can't figure out how it works. Taunting people like this just speeds up the process. Weren't these the same people who used a DRM scheme which crashed MACs and could be defeated by a sharpie?

It simply doesn't matter... (5, Insightful)

msauve (701917) | more than 7 years ago | (#19808491)

how secure they make the media. Cracks will follow the path of least resistance. If every form of media moved to some form of uncrackable quantum encryption tomorrow, it wouldn't matter. Someone would crack HDCP, and the content would be available there.

If not HDCP directly, then the processor to LCD data path for some el-cheapo monitor which supports HDCP. There's always some point in the chain where protection is weak, or simply doesn't exist.

It is simply a futile endeavor as long as the consumer ultimately gets access to (i.e. can view/listen) to the content. Of course, they have no product if the consumer can't.

Is it coincidence... (0)

Anonymous Coward | more than 7 years ago | (#19808533)

that this claim shares tags with Steorn's claims of free energy?

So HD-DVD is better for me as a consumer? (4, Insightful)

MattW (97290) | more than 7 years ago | (#19808535)

BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 years.
So what he's saying is, if I'm a consumer, HD-DVD is better for me, if I don't like vendors telling me how I can view content I buy?

Magic Gate Still Closed (1)

Doc Ruby (173196) | more than 7 years ago | (#19808581)

I dunno, has anyone cracked Magic Gate [wikipedia.org] , the Sony DRM built into every MemoryStick since 1999? It's been 8 years for that one.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?