Decryption Keys For HD-DVD Found, Confirmed

kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"

A simple answer

The Fair Use crowd has won Round One; now how will the industry respond?"

Lawyers. Lots of them.

Re:Even simpler

If I remember correctly they can only revoke keys for future movies. All movies released when the compromised player was cracked can still be decrypted.

Re:Even simpler

You can - all the HDDVD and BluRay players have internet connectivity. They can and do download blacklists in 'firmware updates'. Such updates are also pressed into future disks - so you can't even get away with never connecting the player. These can revoke both disk and hardware keys, so you'd have to replace your copy of serenity, or even potentially your TV if the keys for that got revoked.

The only question is whether they have the guts to do it.

Re:Even simpler

Revoke the key. It will happen each time.

Ahhh. But only the player key can be revoked, not the title key for discs already in the wild. They could use different keys on all subsequently pressed discs of the same title, but that doesn't affect the titles already cracked. And they can't expect to do a recall of cracked titles.

Or they could revoke the device key for the software player, which would mean the software player gets upgraded with a new key, and newer discs can be cracked using the exact same technique. Otherwise anyone selling software players would be faced with the massive liability of having sold something that doesn't work as advertised.

Since this technique relies on using the title and/or volume key and not the player key, it will not be so easy to fix through the device key revokation system that's a part of AACS.

Round one definitely goes to the good guys. And I don't see how it's anything but a matter of time before AACS is as completely broken as CSS is. Even with device key revokation, it's just a cat and mouse game with newer titles and newer devices. And how will the MPAA and the device manufacturers react when people who pay out the nose for players and films are no longer able to use them?

No more software players?

They could take a more drastic approach, and simply revoke the keys to all software players, since software players are too easy to extract keys from. The already cracked discs would still be available for piracy, but further discs wouldn't be playable on anything but hardware. That would definitely suck, and would render the "victory" as Pyrrhic.

Sit down, boy

You haven't the slightest idea what you're talking about. No matter how well coded, any information used by a program is available to someone determined to extract it.

Who cares about existing titles?

Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player. They don't want to make it impossible, they simply want to make it difficult. Having to keep a key database updated is a pain in the ass. I'd go as far as to say that they don't care about an isolated crack - they'll "fix" it and go on, with updates from time to time. This is a s/w player, not a hardware player, correct? Just require an update.

The point is that they will make this about Piracy, and that its the Pirate's fault that you have to go download an update to get your machine to work. Not their fault (Say "Not my fault" in David Spade's voice an you'll get the idea). Most consumers will believe the newsvertisement they see on ther local station that blames those evil pirates for their suffering. If it weren't for the pirates, their stuff would work. Which can easily be spun at truth - pirates cracked the system, system must be safe or poor artists children will starve, so we had to change the system - all pirates fault. Your mother would fall for that, and you know it.

Right and wrong is irrelevant - it's who takes the blame for the mess that matters, and the industry has a lot of PR money to make sure the finger points at someone else.

Re:Who cares about existing titles?

Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player.

Yeah, right. Take a look at the prices for DVD seasons of for example Babylon 5 or Star Trek... they're incredibly expensive even though they're many years old. How much does Disney classics go for again? Besides, it's probably not like pirates are going to announce their player keys, they'll likely just release the titles.

The sad thing is that it'll work for release groups having decryption keys and pirates getting decrypted versions, while it probably won't work for average consumers who wants to do fair use like back-ups, format shift, non-HDCP screens and so on, because they don't have a disc from the same batch.

Re:Even simpler

Revoke the key. It will happen each time.

Like I posted last time this crack was on slashdot, it's futile to revoke a key. Every movie released to HD-DVD before the key is revoked will still be readable with the known key, and within a few days or weeks another software key will be found to read all the newer movies. Additionally, true pirates who recover the key of a particular player are able to keep their discovery secret by not publishing the key, and they will always be able to rip new HD-DVD movies. There's no way to watermark movies based on the player key, because the entire stream must be encrypted with a single master key that the player key decrypts. There's no way for the media companies to discover which keys have been secretly compromised, even when movies are being released on the Internet.

In the best case, AACS will be fundamentally broken because of some oversight and all the player keys will be compromised, making key revocation laughable.

Fantasy Land

By admitting DRM is useless and treating customers like clients instead of criminals? Only in my mind, only in my mind....

Re:Too many customers ARE 'criminals' though

Many "customers" act as criminals then bitch and moan when they're being treated as such.

Only because exercising fair use is acting like a criminal. Except its only acting; it isn't being.

The actions of a criminal can also be the actions of a law-abiding citizen legally exercising his rights. It is to what ends the acts are performed that (are supposed to) define them as criminal.

I can swing my fists in the air as long as I like as long as I don't hit your nose. It's bad laws like the DMCA that would make swinging my fists in the privacy of my single-occupancy home a crime.

Re:Too many customers ARE 'criminals' though

"What is needed is a DRM that is advanced enough to be flexible enough to allow all "fair use" while curtailing piracy."

DRM will never be this advanced, because this proposal is fundamentally impossible, because it implies logically inconsistent outcomes. Either I can copy no part of the video for any reason, or I can copy some part of the video (no matter how small) for any reason. If I can copy any part, even screenshot by screenshot, for any reason, I can re-assemble it outside the player and the DRM is therefore useless. If I can't, fair use is violated.

DRM, in all it's manifold and perverted forms, can go to hell.

Re:Too many customers ARE 'criminals' though

But please do NOT pretend that DRM is broken primarily for "fair use".

I would argue that the majority of users breaking DRM are doing so exactly for fair use. More often than not, there's no reason for a pirate to break the DRM on a retail DVD because that work has already been done. Within mere hours of the discs arriving at stores (generally a few days before the official launch) and occasionally weeks or months earlier (see Stewie Griffin: The Untold Story) one person has ripped the DVD and released it in to the wild. That's all it takes. Once there is a raw DVD copy floating around, the DRM never has to be broken for piracy again. Because of this, DRM can't even stop casual piracy. The only people a broken DRM scheme has left to get in the way of are those who are trying to legitimately make fair use copies.

Like others in this discussion, I have a homebrew VoD system set up in my apartment. A media server with a few terabytes of hard drive space and a trio of TV tuners (two analog for cable and one OTA HD) stores all of my movies and every episode of my favorite TV shows. Thanks to this, my roommates and I have point-and-click access to all of those videos from every computer, Xbox, and Xbox 360 in the apartment. It's very convenient and I never have to worry about a scratched disc or missing a single episode. Thanks to DRM + the DMCA, every single movie on the server is technically illegal even though I can point at the shelf where the DVDs sit gathering dust.

There are commercial hard drive based DVD library devices, but they're overpriced (in to the thousands of dollars for a mere terabyte last time I checked) and nowhere near as compatible as my solution. The one I looked at would only stream to proprietary set-top boxes and even now I'd wager only possibly the Xbox 360 out of my current line up would be compatible with any similar products on the market now (due to its support for streaming DRM). None would support streaming to my modified Xbox and certainly not to any of my computers.

I would say the home media server is a substantial example of fair use which is legally blocked by DRM+DMCA issues. One like I have is trivial to set up (Myth + Linux + Samba or XP/Vista MCE) and works with a number of clients (I intend to test using my DS as a client once I get the adapter card which enables homebrew and I've already used a PSP as a client in the past). Everyone I know who's seen my setup wants to clone it and if it weren't for the legal issues I'm sure the market would be flooded with such devices.

That seals it for me...

Between the porn industry choosing HD-DVD and now this, I know what I'm opting for when upgrading to HD movies! Sorry, Sony. I was so looking forward to having spyware installed on my PC with every BluRay disc purchased just like your music discs.

"now how will the industry respond?"

"Hello, Doom9.com's ISP? Yes, this is Microsoft. We're auditing your sofware licenses."

"Hello, Doom9.com's registrar? You're being charged with violating the DMCA. Pretty much all of it."

"Hello, little tiny country? This is the MPAA, and as official representitives of the US government, we're asking you to hand over all people involved in this post on Doom9.com's forum. If you fail to respond, we'll enact sanctions on your country and drive you into the dark ages. Just look at North Korea for an example.

Re:"now how will the industry respond?"

Um, as The Pirate Bay has demonstrated already, there are three wrong with your supposition. First off, ICANN does not and will not revoke domain names at the behest of the government. As long as Doom9 has backbone (and this hasn't been their first time in this type of situation), they're not gonna crumple.

The second thing is that they might not be located in the USA. The whois dossier shows that the domain was registered by (anonymous) proxy, and it's entirely possible that he's not American. If his servers are physically located outside of the USA, then he can't be legally threatened by civil suits, and he's not subject to DMCA. (However, this is a hypothetical, and since he refuses to host DeCSS, it is my guess that he is somewhere in the USA.)

The third thing is that the website is http://www.doom9.org/ [doom9.org] , not doom9.com.

Re:"now how will the industry respond?"

Doom9.com: "Hello Microsoft. We are a domain squatter. We have no idea what you are talking about. Besides. We run Linux."

Microsoft: "Crap. We sued the wrong company. Refile for doom9.NET"

Doom9.net: "Go fly a kite. We run Linux as well so you have no authorization to do an 'audit'. And go fuck yourself with the DMCA. US laws don't apply in England."

Microsoft: "Shit. Wait. Why the hell do we care if HD DVD are cracked. That's the MPAA's problem."

Blu-Ray Rules Supreme!

``The Fair Use crowd has won Round One; now how will the industry respond?''

I think at least the Blu-Ray camp will switch on their intergalactic megaphones and tout how Blu-Ray was superior all along. This whole format war is childish enough for that.

Re:Blu-Ray Rules Supreme!

You are correct, sir. The attack vector is the same, keys being exposed in insecure memory in the decoder/player. The encryption of AACS itself is unlikely to be cracked as it's AES, and AES is very nifty and well studied. Even if the key searching approach fails, there *are* possibilities that some sort of attacks could be waged on the AES implementation which might be vulnerable. (For instance, I wrote AES for MATLAB. It's highly likely that my implementation could be exploited for various reasons, such as cache timing attacks.)

Re:Blu-Ray Rules Supreme!

I'll say your nom de plume is appropriate. There are two ways to reconcile these positions logically. One is that it is not the same Slashdotters making both claims (we have diversity of opinion here, in case you failed to notice). The other way is that the "competition" the first claim refers to is between corporations, not between formats. The former fuels markets, the latter fragments them. It's true that the latter is a consequence of the former, but it is not an inevitable consequence. For instance, nearly all books published in English today have the binding on the left side, even though there are many publishers competing for your cash.

We have a Winner...

You have Pr0n, cheaper hardware and blank media than Blu-ray and now you can "backup" movies, HD-DVD will be the winner of the HD format war, at least here in Argentina, Brazil or other developing countrys where piracy reigns...

The crypto in HD-DVD reveals the key

I took a look at the spec for the HD-DVD encryption. The data is encrypted with AES-128 in CBC mode. The spec states clearly that the IV is a fixed constant. CBC required the IV to no only be unique, but also random. Not making it unique and random leads to a leak of key material. I assume that this is the weakness through which the keys are being extracted.

So rejoice. The HD-DVD media keys will be free.

Basically the DRM-Mafia has no chance...

What they would need is to do the decryption the the LCD pixels. Even if they do it in the LCD driver chip, recording is possible and not that hard to do, considering that one un-DRMed copy on P2P will distribute really fast...

However, today software players running on general-purpose hardware are necessary. Without them, the market shrinks too much. And software players cannot be secure against the system administrator. The keys have to be stored somewhere.

What I don't understand is why anybody bothers. The trash comming out of Hollywoos is certainly not worth the effort. Maybe that is why it takes so long to break these systems at the moment....

Wait!!!

Don't release the crack until after the standard is settled! Now all the studios will go Blu-Ray only.

Goodbye Software players

Couldn't the industry, if it were so inclined, just stop licensing software players? I would imagine that compared to set top DVD players, the software must be a pretty small segment.

Re:Goodbye Software players

No software - so how are you going to display the DVD - graph paper and a pencil? That may take a while.

I reject my reality...

...and substiute it with the real deal. Although there was initial skeptisim on my , original (unbeknownst dupe) post [slashdot.org], it looks like muslix64 is about to bring HD-DVD to it's knees. It's just really hard to take youtube vid's as evidence of a successful crack.

WTG muslix64!

pastebin /.'d

Could someone please paste the pastebin contents here?

The response will be the dumping of HDDVD.

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

The point is to create as much damage as possible, so the industry learns that the only one hurt by DRM are they themselves. Revoked keys mean more work, more expense, more hassle and dissatisfied customers who have to jump the hoops. This will in turn create more awareness for DRM and the problems it creates.

We have to teach the studios that DRM is a failure. That it only generates hassle and problems for their paying customer and is no barriere or even a deterrent for the pirates. For this, the customer has to be the one hurt, too. Learn the easy or the hard way, learn about DRM by investigating or by having your tools stop working.

Yes, that's not the usual gentle way of teaching. But appearantly some people don't learn 'fore it starts to hurt.

Re:The response will be the dumping of HDDVD.

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

Except for the fact that HD-DVD is cheaper for the consumer, and also has the backing of the porn industry since Sony is prohibiting porn on Blu-Ray. So consumers will continue to buy HD-DVD players to watch their porn in HD and Blu-Ray usage will continue to flounder. Sales of mainstream titles on Blu-Ray will do poorly and the movie studios won't make any money. They'll either have to offer titles on HD-DVD or give up on HD sales altogether. On top of that, it's only a matter of time before Blu-Ray protection is cracked as well. IIRC, the Blu-Ray encryption is similar to HD-DVE encryption, so it shouldn't be all that difficult.

This is how they will respond...

The Lawyers
Man them...

Industry response?

The Fair Use crowd has won Round One; now how will the industry respond?

It will send in a few lawyers. After a while, they will realise that their impact is negligible in the grand scheme of things: the DRM will continue to deter casual copying to some extent, but will continue to be impotent in preventing anyone determined to make a copy and willing to spend a little time on the 'net to find out how (or download a pre-ripped version).

Meanwhile, genuine customers will get seriously annoyed at the fact that DRM in HD-world has now moved beyond a minor inconvenience or ethical question as it was with things like DVDs, and into the realms of seriously impeding their enjoyment of the product they have legally purchased. A consumer backlash will result, with the effect that DRM becomes a "dirty word" 2-3 years from now, and distributors drop heavily-encumbered formats and go back to what works: a mostly hands-off scheme that's enough to deter casual copying by schoolkids but nothing that risks seriously impacting the marketability of their merchandise.

On the same sort of time scales, on-line distribution will reach a critical mass, and the movie distributors will adopt a second, parallel strategy where cheap, legal, unencumbered downloads are the norm. They will make their profit from on-line users through many small incomes, rather than the larger one-offs represented by (HD-)DVD purchases today. This will render illegal distribution channels mostly irrelevant, and the damage due to illegal copying will revert to being low-level noise as it mostly was before they started their current crusade anyway.

Hey, it's a new year and everyone else is making crystal ball predictions. Can't I have mine, too? :-)

Again, this is NOT a crack!

New disks can be pressed with new keys, and the compromised software player will have it's key revoked. As such, this is not a generally useful solution. AACS remains secure, and at best, we may see individual keys available for certain pressings of certain discs. This approach will never provide general playback as DeCSS does.

However, it is my understanding that the decryption process can be done by the TPM; once this is supported, the problem will be much more difficult. Make no mistake, the battle has only just begun. Before long, software based attacks may be rendered impossible.

Another version of serenity?

Damn! I think there must be at least 3 different "scene releases" of Serenity in various flavors of high-def by now (1080i mpeg2 cropped to 16:9, 1080i mpeg2 OAR, 1080i h264 and 25fps OAR) So now there will yet another version floating around the net soon. These greedy pirates, always double-dipping or worse to try and get people to download the same movie multiple times!

/. paradise

1. Porn goes for HD-DVD
2. HD-DVD encryption is broken
3. The Pirate Bay will buy a country

Put them together and you have pirated porn in HD. Note to self: add KY Jelly and a pack of kleenex to the shopping list.

When will tech people starting getting

comedy awards? This is hilarious. Spending all that money on DRM, implementing new media, only to have the encryption cracked before launch day (practically) must be like trying to nail jello to the wall using $100,000 nails. (Has Mythbusters tried nailing jello to a wall yet?)

The real question is not how they will respond, but when will they learn?

Industry response

Don't be surprised if the response is to no longer allow PC software decoders for media formats.

youtube demo removed

muslix64's youtube demo [youtube.com] linked from the original post has since been removed. Instead the page seems to claim that the content of his video is somehow owned by Warner Bros.:

This video has been removed at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission.

Sad, but funny...

Re:youtube demo removed

Maybe so, but it's still available on google [google.com].