Blu-ray Protection Bypassed

ReluctantRefactorer writes with an article in the Register reporting that Blu-ray copy-protection technology has been sidestepped by muslix64, the same hacker who bypassed the DRM technology of rival HD DVD discs last month. From the article: "muslix64's work has effectively sparked off a [cat]-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public." WesleyTech also covers the crack and links the doom9 forum page where BackupBluRayv021 was announced.

Oh well...

[Pojut]

...lasted a bit longer than CSS...maybe next time they might make it last a whole 6 months, maybe even ***gasp*** a whole YEAR before "pirates" start enjoying their blowjob while consumers just get a spiked dildo in the ass.

Re:Oh well...

[Ryan Amos]

It only lasted as long as it did because not enough people are using Blu-ray or HD-DVD to care.

Re:

[rwven]

What's interesting about all this is that Sony was touting Blu-Ray's wonderful new DRM as unbreakable. I think they gained a lot of support through their claims as well. I'm sure they giggled with glee when HD-DVD's DRM was cracked. I bet they're sobbing into their pillows right now.

Re:Oh well...

[killtherat]

Actually both HD-DVD and Blu-Ray use the same DRM system, AACS, http://en.wikipedia.org/wiki/AACS [wikipedia.org]

Re:Oh well...

[monsted]

Blu-Ray actually uses BD+ [wikipedia.org] as well.

Re:

[MoxFulder]

Who are the industry people who BELIEVE the crap spouted by Sony/Macrovision/whoever has created the latest DRM scheme??? Considering the terrible track record of DRM of all kinds (basically every scheme ever introduced has been broken), it's amazing that anyone makes business decisions based on it.

Can't they just hire a geek or two to give them the honest odds on how long a DRM scheme will last before being cracked? I could use the job.

Re:

[rwven]

Them: You're hired!

You: It'll last about 9 months to a year.

Them: OK, job completed. You're fired.

Not much job security there. :-P

Re:

[MoxFulder]

I figure I could get say, $100,000 consulting fee out of it, right? And it'd be well worth it to any company planning to introduce a really retarded DRM scheme.

Remember SunComm, which saw its stock price fall by $10million when someone figured out they could bypass its DRM by holding down the shift key? http://news.com.com/2100-1025-5089168.html [com.com] If only they'd hired a geek to give it the idiot test...

Re:Oh well...

[lysergic.acid]

considering the theoretical impossibility of an unbreakable DRM scheme which is obvious to anyone who gives the idea 2 seconds of thought, I'd say that they are just deluding themselves anyway so facts and reality probably don't matter to them.

Re:Oh well...

[Teun]

considering the theoretical impossibility of an unbreakable DRM scheme.

Not too fast buddy!
It is very well possible, if they'd only not have released any disks the HDDVD and/or Blue Ray DRM would still have been in tact!

Re:Oh well...

[elrous0]

I bet they're sobbing into their pillows right now.

Close. They're actually face-down on the pillow and muslix64 is breaking out the K-Y.

-Eric

Re:Oh well...

[thedarknite]

They're actually face-down on the pillow and muslix64 is breaking out the K-Y.

A real pirate wouldn't use K-Y.

"You see this K-Y, I'm not going to use it but I wanted you to know that I have it. On the other hand, this sandpaper condom..."

Re:

[Anonymous Coward]

absolutely, rape is no laughing matter, unless of course you're raping a clown

Re:Oh well...

[fyoder]

It only lasted as long as it did because not enough people are using Blu-ray or HD-DVD to care.

Then it's good news for these formats, since it suggests there is more interest. And if I can ignore the DRM aspects of the formats, then I can use them, the same way I can play DVD's on Linux no problem. The formats are much less evil with their DRM fangs removed. The format owners should really pay those who crack their security for the improvement it represents, for making their formats much more accessible for everyone. That's a good thing.

Re:

[Ryan Amos]

I'm always curious though... DVD never really took off (it was popular, but not in-every-living-room popular) until CSS was cracked and people could copy their own DVDs (or rather buy copied DVD movies for $5 from the kid down the hall.) That was the real death knell for VHS.

But which comes first? The widespread adoption of a format or the ability to easily copy the format's content? I have a feeling it's the latter; which is why strong DRM provides not only a false sense of security, but may actually be th

Re:

[Abreu]

...(or rather buy copied DVD movies for $5 from the kid down the hall.)

Dude! I hope you mean $5 pesos or youre overpaying your pirate!

Re:Oh well...

[Ruprecht the Monkeyb]

Hardly. DVD had the fastest penetration of any consumer electronic device in history -- faster than cell phones, faster than VHS, faster than PCs. It had very little to do with DeCSS; it had to do with the three things.

(A) the players are much less complicated to produce than VCRs, so the retail price rapidly dropped to the point where you virtually got a DVD player with your happy meal.

(B) The retail price of DVDs started low and got lower. I bought my first DVD for $20, and nowadays you can find B-list titles, used DVDs, etc. for $5 or less. VHS, on the other hand, started really expensive -- most titles were $90 or up in the early years -- and only started getting cheap when DVD arrived on the scene.

(C) There was already an established model and infrastructure for rental. It didn't take too long when VHS started, but it did take several years before 'renting a video' became a universal experience. With DVD, that happened pretty much from day one. People didn't hesitate to adopt a format when they could get content on it quickly and cheaply from the start. And Netflix has done more for the adoption of DVD than DeCSS.

Not to say that DeCSS hasn't been a boon, but even now most consumers don't have the expertise/wherewhithal/inclination to copy DVDs. Most of the pirated discs on the subway were initially mass-produced copies, not home pirated versions.

Re:Oh well...

[harl]

What about

(D) It had features that made it significantly better than VHS

  (i) The seperation of a film into chapters coupled with the ability to the jump to said chapters.

  (ii) Able to store multiple sound tracks and/or cuts of the film.

  (iii) No rewinding.

Re:

[Copid]

Of course, those features come at a cost. Goofy title screens that require you to sit through several seconds of wizz-bang animation as you move from menu to menu. The ability to prevent you from fast forwarding through certain segments of the DVD. Title screen music that loops awkwardly while you go make your popcorn.

Remember back when desktop publishing software like Word came out and everybody suddenly had access to a million different fonts? Everybody's documents started looking like ransom notes

Re:

[ZorinLynx]

I have "The Lion King" on VHS. There's about 15 minutes of CRAP at the beginning of the tape before the movie start. Even using the search forward function it takes about two minutes to get through it all, which is longer than it takes to get past the title screen on even the worst DVDs.

So this abuse has existed before with VHS. I do think UOP (User Operation Prohibition) is the STUPIDEST feature in the DVD format, though.

-Z

Re:Oh well...

[dcam]

No. Region encoding the stupidest feature.

Explain to me why the DVD of Blade Runner I legally bought off Amazon (new) wouldn't work in the DVD player.

Re:

[swillden]

Media doesn't degrade with multiple plays, no moving parts in the media to jam or break

Yes and no. DVDs don't wear out when treated well, but give both an optical disk and a cassette to a three year-old and see which lasts longer.

Of course, neither type of player stands up well to the peanut butter test. Yes, I do speak from experience.

Re:

[ucblockhead]

Also

(D) With random-access to scenes, Director's Commentaries and other bonus features, the DVD was more than just an evolutionary extension of the technology it replaced.

The DVD launchpad

[meringuoid]

I'm always curious though... DVD never really took off (it was popular, but not in-every-living-room popular) until CSS was cracked and people could copy their own DVDs (or rather buy copied DVD movies for $5 from the kid down the hall.) That was the real death knell for VHS.

I'd say DVD took off once the Playstation 2 came out. Before that, DVD players had been expensive and VHS was good enough for most. PS2 put millions of DVD players in people's living rooms as a side-effect of something they were going to buy anyway. Before PS2, DVDs were confined to a small slice of shelf space in video stores; once PS2 came out, they increased very rapidly indeed.

Things may have gone differently elsewhere, but in the UK the Playstation 2 was a major force behind mass-market acceptance of the DVD format.

I used to think that the Playstation 3 would have the same effect for Blu-Ray, but now I'm far from sure. Quite apart from the price, it's just too late; it's this generation's N64. In the NES and SNES days I was a total Nintendo fanboy, but if my parents hadn't had a fit of generosity and got a PC, I'd have given up waiting for N64 and bought a Playstation, and I'm sure many others did the same. How many people have already given up waiting for PS3 and gone out and bought a 360?

Re:

[Dogtanian]

I'm always curious though... DVD never really took off (it was popular, but not in-every-living-room popular) until CSS was cracked and people could copy their own DVDs (or rather buy copied DVD movies for $5 from the kid down the hall.) That was the real death knell for VHS.

I can only add to what others have said about the implausibility of this. I got my first DVD player (or rather, a drive for my PC) in 2002. The format was already well-established by then and there were many DVDs available at pretty decent prices (I got my first couple of DVDs from a Fopp [fopp.co.uk] retail store for £7).

Yet writable DVD drives were still in the £300-£400 range at that time.

And while we're on the subject, I used to subscribe to a Netflix-style service. I'd intended copying the di

Re:

[HTH NE1]

The format owners should really pay those who crack their security for the improvement it represents, for making their formats much more accessible for everyone.

Improved like Bart's shortcut through Groundskeeper Willie's hedge maze.

Re:

[gEvil (beta)]

...lasted a bit longer than CSS...

CSS was around for several years before it was cracked. I wouldn't call a few months vs a few years "a bit longer."

Re:

[Pojut]

::slaps self:: inproper word order in there, sorry about that

Re:Oh well...

[recursiv]

inproper word

This amuses me greatly.

Re:

[rrohbeck]

inproper word

This amuses me greatly.

I think he meant unproper.

Next time... (was:Oh well...)

[Lead Butthead]

...lasted a bit longer than CSS...maybe next time they might make it last a whole 6 months, maybe even ***gasp*** a whole YEAR before...

Next time they will have the Gestap^H^H^H^H^H FBI busting down doors and shootin^H^H^H^H^H^H^H pacifying their paying customers.. ahm, pirates in their homes. We all know that piracy funds terrorists.

Re:Oh well...

[Tony Hoyle]

Satellite TV encryption is dynamic. Got the keys? They just got revoked. Worked out the encryption? A download just changed it.

A DVD is a static medium and the players aren't normally connected to a source of data, so they can't update them so fast, and they can't invalidate the encryption without making your existing disks unplayable (=class action lawsuit)... so it's considerably easier to break (and re-break as they issue new disks).

Re:

[TubeSteak]

DVD is a static medium and the players aren't normally connected to a source of data, so they can't update them so fast, and they can't invalidate the encryption without making your existing disks unplayable

I bet the MPAA now wishes they had supported the nascent DIVX [wikipedia.org] player/format when it came out.

I think it was just ahead of the times.
With always-on internet, it might do much better today.

Re:

[Keruo]

Satellite TV encryption is dynamic. Got the keys? They just got revoked. Worked out the encryption? A download just changed it.

Ever heard of card serving and softCAM?
It completely bypasses the need to write in keys. Even if your keys get revoked while watching, the card client reauthenticates against the stream with new keys realtime.
All you need is someone with legit card and sat box with network connectivity.

No need to clone cards, when you can "clone" the entire authentication module.

Re:Oh well...

[Lumpy]

Dude, Sattelite TV has been cracked for decades.... DECADES!...

You can buy on ebay a china Mpeg2 reciever with a firmware on it that receives all Dish network programming without paying. and every time it stops working you get the new key on your PC via one of the rss feeds out there. IT is brain dead easy and dirt cheap.

Sattelite Tv has been broken hard for a really long time, longer than DVD... I remember helping a friend pull the epoxy off a VideoCipherII board in college to mod the prom so it would descramble everything (Playboy channel is what we were after)

The sattelite TV hack stuff is so pervasive it makes guys like me that are into FTA mpeg2 TV fight to find real info for our hobby. Every search turns up 60% hack and crack and 40% real FTA info.

Re:

[elrous0]

DVD was released (to consumers) in 1997, not 1996. But the point stands, nonetheless.

-Eric

Re:Oh well...

[Goaway]

This hasn't been "cracked" in any meaningful sense of the word. All they've done is implement a decrypter working from the format specs, and worked out a way to hack decrypted keys out of a software player.

At any point, the player can have its keys revoked and code changed, and we'll be back to square one.

Re:Oh well...

[GreyPoopon]

This hasn't been "cracked" in any meaningful sense of the word. All they've done is implement a decrypter working from the format specs, and worked out a way to hack decrypted keys out of a software player.

Yes, but this shows how trivial the process would be for true pirates, and ultimately proves that DRM is not about stopping the pirating of media, but rather about reducing the rights of the customers so that those rights can later be sold back to them. The new DRM schemes will do NOTHING to stop the pirates.

Re:Oh well...

[camperdave]

All they've done is implement a decrypter working from the format specs, and worked out a way to hack decrypted keys out of a software player.

Once they've done that, they can hack decryption keys out of a hardware player. These cannot be changed without ticking off a whole bunch of consumers. Working out the decryption code was probably the hard part of the process.

Tick them off then.

[freeze128]

Revoking the keys of a hardware player WOULD really ick off the consumers.... But WHO would the consumers get mad at?

If I understand the blu-ray scheme properly (and I might not), new commercially-sold disks with protected content on them also carry revokation lists, and updated keys. When you insert this new disk into your player, it will revoke the player's key essentially BREAKING it, so it won't even play discs that it played BEFORE you inserted the new one.

Consumers will see this: They bought Shrek

Re:

[Andy Dodd]

Who said it had to be a teenager?

Andrew "Bunnie" Huang was a grad student when he reverse engineered the Xbox.

Re:

[Goaway]

Yes, I am sure that they are just going to let manufacturers have the keys sitting unencrypted in externally accessible ROM.

Re:Oh well...

[swillden]

Yes, I am sure that they are just going to let manufacturers have the keys sitting unencrypted in externally accessible ROM.

Irrelevant.

The publishers' problem is that there is ultimately nothing they can do to prevent the keys from being recovered from a hardware player.

Hackers just have to wait for one model of player to sell a few million units, then put in whatever effort is required to dig the key out of it. Once. It only takes once. It doesn't matter if the key is encrypted, because the player has to also have the key to decrypt it so that it can use it. They can make it hard, but not so hard that dedicated grad students with access to several million dollars worth of hardware (e.g. electron force probes) can't dig out the data.

Well, not and make cost-effective players that don't have a nasty tendency to suicide on a regular basis. See, high-end secure hardware that actually will hold secrets securely does it by being tamper-reactive -- actively trying to determine if it's being attacked and pro-actively zeroing its secrets if there appears to be a problem. Good for security, but it would tend to piss customers off if their Blu-Ray player broke every time they moved.

Even if they were to use serious hardware security, with its associated costs and problems, it only takes one defective device to blow the whole thing wide open.

By attacking a popular unit, the hackers achieve two things: first, they probably get an easy target, because the most popular models will be the cheap ones, and second, they make it nearly impossible for the publishers to invalidate that model's player key.

AACS, unlike CSS, is almost certainly not going to be broken cryptographically, but it doesn't matter. In order for people to watch movies, the players have to have the keys, and the players of necessity get placed under the complete control of very smart people who want to get those keys so they can use them themselves.

Until publishers move to a purely streaming distribution model, it's an unwinnable battle -- and it's far from clear that a streaming model will be workable, either.

Re:

[greg1104]

And thus this isn't a very useful crack, because the minute it is revealed, it gets plugged. Maybe earlier, if they figure it out anyway.

The only reason the software player used is visible at all right now is because the people involved are still working out the process. Once that gets nailed down and the scene goes completely underground, there will be people who crack disks and release the volume keys into the wild, and no one will have any idea how they got them. When one visits a Warez size to find ou

Just doing his job

[gEvil (beta)]

Sounds like Muslix is doing his part to help keep the entertainment industry regular.

Re:

[Sponge Bath]

... keep the entertainment industry regular

In other words: crapping their pants.

Could be good news for Sony.

[Rimbo]

Now that Blu-Ray can be pirated, there's a chance the format might take off. This could have a positive benefit for PS3 sales.

Re:

[Firehed]

If you buy a standalone player (such as a PS3), the DRM should be transparent. It's only a real problem for PC users, which have relatively non-standard setups on both hardware and software levels. The only people really affected by either format being cracked are bit-torrent users and people who bought a drive in either of the HD formats for their PC. As the former doesn't greatly care which source the media comes from (or have no reason to as far as I'm concerned, it's still 1080p with DTS or better so

Re:Could be good news for Sony.

[ivan256]

Not that you can't buy a Blu-ray drive for your PC already, but you're looking at spending the best part of a grand to do so.

You can get Blu-ray *burners* for your PC for under $500.

This won't kill DRM

[suv4x4]

Microsoft and Apple are smart. Disk based DRM is doomed since you can't actually upgrade disk drives and disk media that easily, even with encryption programs written dynamically on the disk.

So as disk-based DRM is consistently wrecked, but can't be updated until the next hardware cycle (~7-8 years at least), which alternative becomes obvious?

Software based DRM via network downloads. You can update the DRM-ed player in the next software patch, automated via Internet distribution. Apple is covered with their iTunes store, and Microsoft has been working frantically on heavy DRM in Vista and WMP.

Now you know why.

Re:This won't kill DRM

[arodland]

Interesting premise, but think about it. For that to be effective you need to tell people that they can't watch the latest movies or whatever on any sort of player that isn't connected to the internet. If you release anything on HD-DVD or Blu-Ray, it's going to hit this "hole", get converted to some unencumbered format, and away it goes. And "Rocky 9, available today on AppleMovieThing" is locking a lot of people out.

Re:

[forand]

So you think that the user will want to connect their HD-DVD or Blue-ray to the inet so that it can update its firmware just to play a new movie? That doesn't seem likely.

Re:This won't kill DRM

[hawkbug]

You're right. But from what I understand you don't have to for an update - the movies themselves now include them I think. I think the Xbox 360 works the same way with games updating the system. Very sneaky.

Re:

[iminplaya]

But from what I understand you don't have to for an update - the movies themselves now include them I think.

Updates? Is that the new name for rootkits now?

Re:

[Xzzy]

I'd bet they try to do it anyway.

We're already perilously close to that point, iTunes basically does just that, same with the Xbox 360 and Vista. Next generation? I'd put down money they'll get rid of the pretense and put a "this product requires a 24/7 internet connection" on the package.

Re:

[The Warlock]

That won't fly. Somebody in the movie studio boardroom will point out that that means that dial-up users can't buy their movies.

I know that dial-uppers are a small percentage of Slashdotters, but they're a big percentage of the general public.

Re:

[acidrain69]

Don't forget the shrinking-but-still-significant class of people who don't even use the internet, or don't use it at home. It won't happen. There is a huge market for DVD's because they are accessible, as VHS was (an still is, to an extent, just not NEW VHS stuff). Until the Internet is largely wireless and possibly free at smaller bandwidth amounts, I don't see it happening either.

But don't overlook the stupidity of movie studio boardroom people.

Re:

[KDR_11k]

You can fix the DRM with a patch but everything that was released before the patch has already been decrypted and put on bittorrent. Then the new key gets broken and more data gets decrypted and shared, etc. You can't significantly change the algorithm in embedded systems because they probably have a decoder chip (since a full CPU capable of decoding HD video would be pricey) that can run only so many different algorithms.

One can hope.....

[acomj]

That these cracks and counter DRM attempts cause enough compatability problems that the Consumer electronics industry gives up on DRM, and the studios would have to follow if they wanted there content sold at hi def prices....

One can dream that they'll come to there senses. There is nothing more annoying than petty restrictions on the content you buy..

Why shouldn't I be able to watch my dvd/hd movie on my ipod OR computer OR TV. This is getting stupid. The thing is the studios are unified in there stance by the MPAA, maybe consumers should start lobbying or just stop buying..

Why I won't buy...

[bjk002]

I WANT to buy, I REALLY DO! I think there is some great content out there that I WANT to own LEGALLY...

But I'll be damned if I am going to go through all the hassle of taking my ITMS DRM crap and converting it to a stardard mp3 format so I can play it on my "other" players. Same with movies... Its TOO MUCH HASSLE...

I'll just grab the pre-decrypted, ready-to-use, no DRM, no hassle, play anywhere, play anytime torrents, ftp files, usenet d/ls, etc... (hell I can automate this with a few scripts for God's sake)..and deal with the guilty conscience of cheating an artist out of a penny...

Its not that I WANT to cheat the artist out of his/her penny, but if you strip everything away it comes down to a pretty simple economic equation:

H = Hours of MY time spent converting DRM'd crap
V = Value of my time
X = Number of content files
AEC = Artist earnings per content file

So... you end up comparing H*V*X vs. AEC*X, and in MY mind the answer is always:

H*V*X > AEC*X

You go ahead and plug in your own numbers, I have, and to me, its just not worth it. My time is money, and if you think you are going to not only charge me money to buy your content, but then turn around and charge me (indirectly) to modify your content for my purposes, you're nuckin futs!

Re:

[Fozzyuw]

maybe consumers should start lobbying or just stop buying..

I already did. I rent through Blockbuster online and/or Netflix. I'm catching up on all my TV shows I missed on Cable (which is also too expensive due to no competition) and the occasion film. DRM be dammed. I would buy DVD's if...

1. If they cost about $1-5 to buy (Wal-Mart has some double/triple feature DVD's for $10).
2. They didn't include the hard boxes. It's a waist for me. I'm moving towards just storing all my DVD's into a DVD book and ge

oblig Nelson

[Thansal]

HA HA

Does any one remember when the PS2 was anounced, and they said their security method could not be broken? Atleast they don't try and make those types of claims any more.

All this really does is show (yet again) that DRM only hinders honest customers, as any one who WANTS to pirate something, can. The best you can do is force the pirate to do some rather annoyign things to get it all working (think Starforce).

Piracy is a red herring

[spun]

They aren't doing this because of piracy. Piacy amounts to a drop in the bucket compared to the additional revenue they can squeeze out of honest customers thanks to the fair-use stiffling effects of DRM. The whole piracy thing is to give the honest customers someone else to blame.

"It's teh evil PIRATES wots doing this to you, not us honest content providers!"

The CPS unit key must be know

[rminsk]

From the article "The early version of this utility only supports the decryption of Blu-ray discs whose CPS unit key is known." ... "A powerful crypto attack was used to analyze the memory dump obtained from a Blu-ray Disc software player (such as WinDVD or PowerDVD). The crypto attack helped to identify the encryption keys that are needed for decrypting the video files." So it has not been cracked as the keys still need to be found. This just decodes the contents once the keys are found.

Yes it IS a crack

[ratboy666]

The crypto is only as strong as the algorithm, and the method used for key management.

The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!

Basically, it makes very little sense.

The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.

The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.

In other words, while the DRM movie is playing, your spreadsheet won't.

But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.

If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.

This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).

Remember "Spaceballs": the code is: "1", "2", "3", "4".

It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.

It's not cracked, not yet at least

[FlunkedFlank]

Again, as with HD-DVD, all that's happened so far is: - he has implemented decryption using the fully public specs - he has recovered some per-disk keys (using a clever technique) by finding them in the memory of software players Neither format should be considered cracked until a standalone software player could play all disks (independent of an online key database) a la DeCSS. That said, major props to him for actually getting done what he got done. The plaintext attack he used to recover the software keys, as described in one of the forum posts, was a nice touch.

Re:

[Keruo]

Neither format should be considered cracked until a standalone software player could play all disks (independent of an online key database)

Nothing is preventing you from remastering and burning a copy of your original bluray/hddvd. Since you can read out the data, just make another disk and leave the box unchecked which asks "encrypt data for copyright purposes?" and it'll play on any player.
Remastering allows you to cut away annoying fbi warnings, trailers etc unwanted crap from the movies which you own a

Re:It's not cracked, not yet at least

[Skippy_kangaroo]

Well, you were talking about a plaintext attack - so it's only right that you post in plain text.

Here's what will kill DRM...

[PHAEDRU5]

"Honey, I have to reboot the TV because it's just gotten a security bios update and TiVo won't record until it sees the update. Oh, and I'm sorry the DVD player doesn't work: the last automatic update turned it into a spam-bot and I had to turn it off or get sued under CAN-SPAM 2.1"

Re:Here's what will kill DRM...

[User 956]

Honey, I have to reboot the TV because it's just gotten a security bios update and TiVo won't record until it sees the update.

Your post is more true than you realize. [popularmechanics.com]

Re:

[stecoop]

Your post is more true than you realize. - Ohhh, well I highly doubt that honey part...

Ha!

[PHAEDRU5]

I was having an imagined conversation with my wife! Nice one though.

Oh my.

[PHAEDRU5]

The day's going to come when people will refuse to accept this. All the intelligence being added is being added in order to *limit* the user experience.

I can remember (old man crotchety voice on) when systems used to compete on things like S/N ratio, fidelity, color, etc. Back then (you know, this past Christmas), you bought components and high-grade (gold-plated, even) component connectors, expecting that the traffic on those connectors had everything to do with rendering the media, and nothing to do wit

Re:

[PHAEDRU5]

I guess I take you point, but I do believe that the point will come when people will get sick of "coercive" gadgets.

There was a post a few days back about Sixteenth century button makers that puts this whole thing in perspective.

Re:

[solevita]

I do believe that the point will come when people will get sick of "coercive" gadgets.

I agree with you completely and look forward to this day. I love all things tech and gadgety, but my TV came out of a skip outside my house. As much as I love new media and the like, I try and stay as analogue as possible. There's no box in my house telling me what to do! Let's hope everyone gets as sick of it as we obviously have.

car-and-mouse game

[Alsee]

The Register article has this amusing and quite appropriate typo in it:

muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry

Yes, I would say that pretty well fits. The DRM-mouse can neither catch nor flee a car. It's just roadkill at will. HD-DVD roadkill. BlueRay road kill.

-

This will last about 10 seconds...

[8127972]

FTA:

"Blu-ray and HD DVD both allow for decryption keys to be updated in reaction to attacks, for example by making it impossible to play high-definition movies via playback software known to be weak or flawed. So muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling pub

DVD Jon the Second

[Weaselmancer]

Best part about this is that this time, nobody is going to doubt muslix64. After his first crack was posted people were wringing their hands for weeks wondering if it was legit or a hoax.

The network is now the problem...

[plazman30]

With 20+ GB downloads of HD movies, we're going to need much faster pipes in order to continue to illegally download movies. Verizon should help fund these guys, as it will help sell the 15 Mbit FIOS intetnet option.

Andy

Re:

[Tony Hoyle]

Nah.. been doing that for years (or I was before HD became available in this country - it was the only way to use the expensive HD TVs they'd been pushing us).

Leaving a couple of films on overnight download really is no hassle, unless you're on bandwidth limits (alas, nearly all ISPs here have them now.. they call them 'unlimited' and in the small print you get 'subject to 1gb usage cap'. My own ISP only has a cap during business hours though).

Unfixable

[MBCook]

This problem that's been used to crack both BR and HD is basically unfixable the way things are isn't it? It's an interesting read on the forum how he did it (page 2, I think). The problem is that the key is in plaintext in memory. But it HAS TO BE doesn't it? You couldn't use it if it was still encrypted, and so you'll have to decode it and put it in memory at some point. The only fix to this would be what a poster on that forum mentioned wouldn't it? You rely on a piece of silicon you control to do all th

Re:

[powerlord]

The only fix to this would be what a poster on that forum mentioned wouldn't it? You rely on a piece of silicon you control to do all the decoding and such, which would require a BluRay player card or something. You'd have to basically get rid of software players.

Almost right. Dedicated silicon would be one way.

Besides that, the only OTHER option would be for the entire system to be "secure" through things like so called "Trusted Computing" [wikipedia.org]. In parituclar check out the section on Memory Curtaining [wikipedia.org].

You'll

Re:

[Tony Hoyle]

There are ways of not doing so... for example putting bits of the key in different places in the memory map. Putting crucial bits of the key in kernel memory where userspace can't read it... deliberately obfuscating parts of the key (eg. xor the 10th byte with some value, thus invalidating it unless you know that it's been done).

TPM will hold the key in unreadable (to unauthorised applications) static memory. Once that gets on your PC you've got to crack TPM first.. and that's going to set you back *at le

they could have done it better.

[slew]

The fact that they just left the key in the clear in dram isn't something that was inevitable, just their particular implementation and something that is somewhat fixable.

So to make a quick analogy, which security measure should they they have choosen?

1. Leaving the door open to your house inviting someone that happens to be driving by to notice it and walk in...

2. Leaving your door closed but unlocked requiring them to select your door out of several on your block to open...

3. Locking your door with a 5-pi

He didn't crack Blu Ray or HD DVD

[melted]

What he did crack is one software based player. There's now a difference. Key holders will now revoke the keys for that particular player, so it won't play newer movies anymore. There's no crack yet that would defeat the entire protection scheme.

Re:

[Crazy Man on Fire]

Only problem is that (as far as I can tell) he hasn't disclosed which software player he used. How do they know which keys to revoke? Even if they do revoke the keys, the player will fall victim to the same attack again next time 'round. Later. Rinse. Repeat.

Re:

[Wesley Felter]

WinDVD Japanese edition was used if you read the Doom9 forums. Besides, there are only two software HD-DVD/Blu-ray players, so worst-case they could just revoke both.

People can pick locks too...

[Afecks]

You can buy lock picking books and tools easily. Yet you don't see people leaving their homes and cars unlocked because they are suddenly made worthless. Locks are good, so is DRM, when it works properly. It needs to be open, non-intrusive (for the owner) and allow fair use. Unfortunately it seems that the **AA is more interested in forcing consumers to re-purchase every album and movie they own each time a new technology comes along. Anyone who thinks that DRM is to stop pirates is uninformed. It's to stop

Re:People can pick locks too...

[sqlrob]

It needs to be open, non-intrusive (for the owner) and allow fair use.

The only difference between some fair use and illegal copying is intent. Not a system in the world can discern that.

Re:

[Afecks]

The only difference between some fair use and illegal copying is intent. Not a system in the world can discern that.

If it can't allow fair use while blocking unlawful reproduction then it must allow both.

The drawback people have spotted here

[goldcd]

is that you can't just run the program to decrypt all your Blu-Ray(or HD-DVD) disks, you need to locate the key and use that to get the unprotected data.
This sounds like a right pain in the arse. I'm used to buying DVDs willy-nilly and just shoving films onto servers, PSPs, iPods, XBMC etc as the mood takes me. It always works, I just press a couple of buttons and away I go.
Reading these stories have made me think - I'm now even less likely to buy a HD disk than I am a standard DVD. I buy a HD disk in the shop and I've now got to worry, can I get the key for this disk? will it be for the right region? will it be the right version (you can be sure once a disk is cracked they'll shove new keys on all future pressings).
I don't think I can be arsed with all this really.. much easier just to download un-encrypted and know it'll work on everything I own, forever. FFS I'd pay more for the pirate version than the legit one given the chance.
My next prediction is the appearance of a site that'll serve keys. You put your HD disk in your machine, run a util that gets a hash from it, searches online and decrypts the disk automatically.
*scampers off to register hd-keys.com*

This guy beat you to it:

[Gordo_1]

http://hdkeys.com/ [hdkeys.com]

Re:Oh FFS

[Cheesey]

We are probably going to find out that posting a 32 byte encryption key for a movie on your website does count as a DMCA violation, even though the key is only useful to people who own the disc.

Common sense be damned. Could an encryption key be the world's shortest copyrighted work?

it bears repeating

[bechthros]

that all this is is minidisk versus digital compact cassette all over again. how many minidisk or DCC players do you own

Re:

[Tony Hoyle]

Hmm... 3 minidisk players, no DCC players (or did you mean DAT? same answer but probably for different reasons).

The problem is ask 10 slashdotters and you'll get 10 answers to this.. so I don't know what you were fishing for...

Content industries don't care about this

[Stuntmonkey]

To call it a "cat-and-mouse game" is overstating I think. Why should the content sellers care about someone cracking Blu-Ray or HD-DVD encryption? They know that piracy is inevitable. They just want to keep it underground so the average consumer doesn't participate. And for that, under the DMCA any proprietary encryption system will do just fine. The DMCA gives them the permanent legal right to go after anybody who doesn't license their decryption technology, or who tries to circumvent it in an unauthorized way.

DVD is a great example. DeCSS has been around for years, but it hasn't had a material impact on DVD sales because DVD copying isn't widespread. (At least in the USA; parts of Asia like China are a different story.) Threat of legal action backed by the DMCA has kept DVD backup software generally unavailable to Joe Consumer, despite the widespread prevalence of DVD-R drives and media.

Bottom line: You could break their encryption and print up all the geeky De-AACS T-shirts you want, but it won't materially affect content sales.

Re:

[hardburn]

Key has to be decrypted somewhere. Where else do you want to put it?

Sure, a hardware player could put it in a reasonably tamper-proof ROM, but what's a software player going to do?

Re:/. Jeopardy

[spun]

Nevermind, you guys can finish the joke properly.

No, I don't believe we can. Sorry.

Re:

[MrHanky]

Ah, tradition [wikipedia.org]. I didn't know about Müslix.

Function of time

[CrazedWalrus]

Everything has a weakness somewhere. The guys designing this stuff have to get it to market eventually, but the guys cracking it have as much time as they need to find the oversight that winds up being the chink in the armor.