Slashdot Log In
Blu-ray Protection Bypassed
Posted by
kdawson
on Tue Jan 23, 2007 03:13 PM
from the et-tu-Sony dept.
from the et-tu-Sony dept.
ReluctantRefactorer writes with an article in the Register reporting that Blu-ray copy-protection technology has been sidestepped by muslix64, the same hacker who bypassed the DRM technology of rival HD DVD discs last month. From the article: "muslix64's work has effectively sparked off a [cat]-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public." WesleyTech also covers the crack and links the doom9 forum page where BackupBluRayv021 was announced.
Related Stories
[+]
HD DVD's AACS Protection Bypassed 161 comments
Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Oh well... (Score:5, Funny)
Re:Oh well... (Score:5, Funny)
Re:Oh well... (Score:5, Informative)
Re:Oh well... (Score:5, Informative)
Re:Oh well... (Score:4, Insightful)
(http://www.last.fm/user/smackhero/)
Re:Oh well... (Score:4, Funny)
(http://www.xs4all.nl/~dverbeek)
Not too fast buddy!
It is very well possible, if they'd only not have released any disks the HDDVD and/or Blue Ray DRM would still have been in tact!
Re:Oh well... (Score:5, Funny)
Close. They're actually face-down on the pillow and muslix64 is breaking out the K-Y.
-Eric
Re:Oh well... (Score:4, Funny)
A real pirate wouldn't use K-Y.
"You see this K-Y, I'm not going to use it but I wanted you to know that I have it. On the other hand, this sandpaper condom..."
Re:Oh well... (Score:4, Insightful)
(http://fyoder.com/)
It only lasted as long as it did because not enough people are using Blu-ray or HD-DVD to care.
Then it's good news for these formats, since it suggests there is more interest. And if I can ignore the DRM aspects of the formats, then I can use them, the same way I can play DVD's on Linux no problem. The formats are much less evil with their DRM fangs removed. The format owners should really pay those who crack their security for the improvement it represents, for making their formats much more accessible for everyone. That's a good thing.
Re:Oh well... (Score:5, Informative)
(A) the players are much less complicated to produce than VCRs, so the retail price rapidly dropped to the point where you virtually got a DVD player with your happy meal.
(B) The retail price of DVDs started low and got lower. I bought my first DVD for $20, and nowadays you can find B-list titles, used DVDs, etc. for $5 or less. VHS, on the other hand, started really expensive -- most titles were $90 or up in the early years -- and only started getting cheap when DVD arrived on the scene.
(C) There was already an established model and infrastructure for rental. It didn't take too long when VHS started, but it did take several years before 'renting a video' became a universal experience. With DVD, that happened pretty much from day one. People didn't hesitate to adopt a format when they could get content on it quickly and cheaply from the start. And Netflix has done more for the adoption of DVD than DeCSS.
Not to say that DeCSS hasn't been a boon, but even now most consumers don't have the expertise/wherewhithal/inclination to copy DVDs. Most of the pirated discs on the subway were initially mass-produced copies, not home pirated versions.
Re:Oh well... (Score:4, Informative)
(D) It had features that made it significantly better than VHS
(i) The seperation of a film into chapters coupled with the ability to the jump to said chapters.
(ii) Able to store multiple sound tracks and/or cuts of the film.
(iii) No rewinding.
Re:Oh well... (Score:4, Insightful)
(http://www.uberconcept.com/)
Explain to me why the DVD of Blade Runner I legally bought off Amazon (new) wouldn't work in the DVD player.
The DVD launchpad (Score:5, Insightful)
I'd say DVD took off once the Playstation 2 came out. Before that, DVD players had been expensive and VHS was good enough for most. PS2 put millions of DVD players in people's living rooms as a side-effect of something they were going to buy anyway. Before PS2, DVDs were confined to a small slice of shelf space in video stores; once PS2 came out, they increased very rapidly indeed.
Things may have gone differently elsewhere, but in the UK the Playstation 2 was a major force behind mass-market acceptance of the DVD format.
I used to think that the Playstation 3 would have the same effect for Blu-Ray, but now I'm far from sure. Quite apart from the price, it's just too late; it's this generation's N64. In the NES and SNES days I was a total Nintendo fanboy, but if my parents hadn't had a fit of generosity and got a PC, I'd have given up waiting for N64 and bought a Playstation, and I'm sure many others did the same. How many people have already given up waiting for PS3 and gone out and bought a 360?
Re:Oh well... (Score:5, Funny)
(http://www.tomtheisen.com/ | Last Journal: Thursday June 20 2002, @12:33PM)
This amuses me greatly.
Re:Oh well... (Score:5, Informative)
(http://www.nodomain.org/)
A DVD is a static medium and the players aren't normally connected to a source of data, so they can't update them so fast, and they can't invalidate the encryption without making your existing disks unplayable (=class action lawsuit)... so it's considerably easier to break (and re-break as they issue new disks).
Re:Oh well... (Score:5, Informative)
(http://timgray.blogspot.com/)
You can buy on ebay a china Mpeg2 reciever with a firmware on it that receives all Dish network programming without paying. and every time it stops working you get the new key on your PC via one of the rss feeds out there. IT is brain dead easy and dirt cheap.
Sattelite Tv has been broken hard for a really long time, longer than DVD... I remember helping a friend pull the epoxy off a VideoCipherII board in college to mod the prom so it would descramble everything (Playboy channel is what we were after)
The sattelite TV hack stuff is so pervasive it makes guys like me that are into FTA mpeg2 TV fight to find real info for our hobby. Every search turns up 60% hack and crack and 40% real FTA info.
Re:Oh well... (Score:5, Informative)
(http://wakaba.c3.cx/)
At any point, the player can have its keys revoked and code changed, and we'll be back to square one.
Re:Oh well... (Score:4, Insightful)
(http://photo.net/photos/swillden | Last Journal: Wednesday July 19 2006, @01:42PM)
Irrelevant.
The publishers' problem is that there is ultimately nothing they can do to prevent the keys from being recovered from a hardware player.
Hackers just have to wait for one model of player to sell a few million units, then put in whatever effort is required to dig the key out of it. Once. It only takes once. It doesn't matter if the key is encrypted, because the player has to also have the key to decrypt it so that it can use it. They can make it hard, but not so hard that dedicated grad students with access to several million dollars worth of hardware (e.g. electron force probes) can't dig out the data.
Well, not and make cost-effective players that don't have a nasty tendency to suicide on a regular basis. See, high-end secure hardware that actually will hold secrets securely does it by being tamper-reactive -- actively trying to determine if it's being attacked and pro-actively zeroing its secrets if there appears to be a problem. Good for security, but it would tend to piss customers off if their Blu-Ray player broke every time they moved.
Even if they were to use serious hardware security, with its associated costs and problems, it only takes one defective device to blow the whole thing wide open.
By attacking a popular unit, the hackers achieve two things: first, they probably get an easy target, because the most popular models will be the cheap ones, and second, they make it nearly impossible for the publishers to invalidate that model's player key.
AACS, unlike CSS, is almost certainly not going to be broken cryptographically, but it doesn't matter. In order for people to watch movies, the players have to have the keys, and the players of necessity get placed under the complete control of very smart people who want to get those keys so they can use them themselves.
Until publishers move to a purely streaming distribution model, it's an unwinnable battle -- and it's far from clear that a streaming model will be workable, either.
Re:Oh well... (Score:4, Insightful)
Re:Oh well... (Score:5, Insightful)
(Last Journal: Tuesday January 16 2007, @10:33AM)
Once they've done that, they can hack decryption keys out of a hardware player. These cannot be changed without ticking off a whole bunch of consumers. Working out the decryption code was probably the hard part of the process.
Just doing his job (Score:5, Funny)
(http://evil.google.com/)
Could be good news for Sony. (Score:5, Funny)
(http://rimbosity.com/ | Last Journal: Friday September 26 2003, @08:15PM)
Re:Could be good news for Sony. (Score:4, Informative)
You can get Blu-ray *burners* for your PC for under $500.
This won't kill DRM (Score:5, Interesting)
So as disk-based DRM is consistently wrecked, but can't be updated until the next hardware cycle (~7-8 years at least), which alternative becomes obvious?
Software based DRM via network downloads. You can update the DRM-ed player in the next software patch, automated via Internet distribution. Apple is covered with their iTunes store, and Microsoft has been working frantically on heavy DRM in Vista and WMP.
Now you know why.
Re:This won't kill DRM (Score:5, Insightful)
Re:This won't kill DRM (Score:4, Interesting)
(http://www.fimble.com/)
One can hope..... (Score:5, Insightful)
(http://www.plocp.com/)
One can dream that they'll come to there senses. There is nothing more annoying than petty restrictions on the content you buy..
Why shouldn't I be able to watch my dvd/hd movie on my ipod OR computer OR TV. This is getting stupid. The thing is the studios are unified in there stance by the MPAA, maybe consumers should start lobbying or just stop buying..
Why I won't buy... (Score:4, Insightful)
But I'll be damned if I am going to go through all the hassle of taking my ITMS DRM crap and converting it to a stardard mp3 format so I can play it on my "other" players. Same with movies... Its TOO MUCH HASSLE...
I'll just grab the pre-decrypted, ready-to-use, no DRM, no hassle, play anywhere, play anytime torrents, ftp files, usenet d/ls, etc... (hell I can automate this with a few scripts for God's sake)..and deal with the guilty conscience of cheating an artist out of a penny...
Its not that I WANT to cheat the artist out of his/her penny, but if you strip everything away it comes down to a pretty simple economic equation:
H = Hours of MY time spent converting DRM'd crap
V = Value of my time
X = Number of content files
AEC = Artist earnings per content file
So... you end up comparing H*V*X vs. AEC*X, and in MY mind the answer is always:
H*V*X > AEC*X
You go ahead and plug in your own numbers, I have, and to me, its just not worth it. My time is money, and if you think you are going to not only charge me money to buy your content, but then turn around and charge me (indirectly) to modify your content for my purposes, you're nuckin futs!
Hackers Hall of Fame induction (Score:1)
oblig Nelson (Score:2)
Does any one remember when the PS2 was anounced, and they said their security method could not be broken? Atleast they don't try and make those types of claims any more.
All this really does is show (yet again) that DRM only hinders honest customers, as any one who WANTS to pirate something, can. The best you can do is force the pirate to do some rather annoyign things to get it all working (think Starforce).
Piracy is a red herring (Score:4, Insightful)
(Last Journal: Tuesday August 07, @01:18PM)
"It's teh evil PIRATES wots doing this to you, not us honest content providers!"
The CPS unit key must be know (Score:5, Informative)
Yes it IS a crack (Score:5, Interesting)
(http://www.weigel-mohamed.org/ | Last Journal: Sunday August 13 2006, @09:36PM)
The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!
Basically, it makes very little sense.
The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
In other words, while the DRM movie is playing, your spreadsheet won't.
But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.
If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.
This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).
Remember "Spaceballs": the code is: "1", "2", "3", "4".
It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.
It's not cracked, not yet at least (Score:5, Interesting)
Re:It's not cracked, not yet at least (Score:4, Funny)
Here's what will kill DRM... (Score:5, Funny)
(http://www.instascreed.com/)
Re:Here's what will kill DRM... (Score:5, Interesting)
(http://www.atomjax.com/)
Your post is more true than you realize. [popularmechanics.com]
/. Jeopardy (Score:1)
Err, "bluballs".
Nevermind, you guys can finish the joke properly.
Re:/. Jeopardy (Score:5, Funny)
(Last Journal: Tuesday August 07, @01:18PM)
No, I don't believe we can. Sorry.
car-and-mouse game (Score:3, Funny)
(http://slashdot.org/)
muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry
Yes, I would say that pretty well fits. The DRM-mouse can neither catch nor flee a car. It's just roadkill at will. HD-DVD roadkill. BlueRay road kill.
-
This will last about 10 seconds... (Score:2)
"Blu-ray and HD DVD both allow for decryption keys to be updated in reaction to attacks, for example by making it impossible to play high-definition movies via playback software known to be weak or flawed. So muslix64 work has effectively sparked off a car-and-mouse game between hackers and the entertainment industry, where consumers are likely to face compatibility problems while footing the bill for the entertainment industry's insistence on pushing ultimately flawed DRM technology on an unwilling public."
So.... The keys will be updated, someone else will come out with a "crack," and the merry dance starts all over again. Have we truly gained anything? Methinks not. But maybe content owners might get smart and not bother with this DRM bulls**t.
When wil they learn? (Score:1)
(Last Journal: Friday June 11 2004, @11:15AM)
And it's pointless. Most people are happy to pay for DVDs. When you eliminate the people who haven't the technical knowledge to download a movie, those who wouldn't buy it if they couldn't get a free copy, and those who would snub a free DVD quality rip over a paid for HD-DVD quality rip, you're looking at pretty small numbers. Meanwhile, they're putting off a similar number of geeks who are deterred by lack of openness, or region coding, or concerns that the encryption isn't going to be compatible with their TV.
DVD Jon the Second (Score:2)
Best part about this is that this time, nobody is going to doubt muslix64. After his first crack was posted people were wringing their hands for weeks wondering if it was legit or a hoax.
The network is now the problem... (Score:5, Funny)
Andy
something useful? (Score:1, Interesting)
Not hacked or cracked - "bypassed" (Score:1, Offtopic)
(http://en.wikipedia.org/wiki/)
or at least thats how I understand how it was done anyway - btw, I think it had said it was something like the Intervideo WinDVD player used, though there are other players which I am sure can do this (from the other article I mentioned)...
Unfixable (Score:2)
(http://www.foobarsoft.com/)
He didn't crack Blu Ray or HD DVD (Score:4, Informative)
(http://slashdot.org/)
People can pick locks too... (Score:2)
Re:People can pick locks too... (Score:5, Insightful)
The only difference between some fair use and illegal copying is intent. Not a system in the world can discern that.
This is very good news. (Score:1)
The drawback people have spotted here (Score:5, Interesting)
(http://www.bobpitch.com/)
This sounds like a right pain in the arse. I'm used to buying DVDs willy-nilly and just shoving films onto servers, PSPs, iPods, XBMC etc as the mood takes me. It always works, I just press a couple of buttons and away I go.
Reading these stories have made me think - I'm now even less likely to buy a HD disk than I am a standard DVD. I buy a HD disk in the shop and I've now got to worry, can I get the key for this disk? will it be for the right region? will it be the right version (you can be sure once a disk is cracked they'll shove new keys on all future pressings).
I don't think I can be arsed with all this really.. much easier just to download un-encrypted and know it'll work on everything I own, forever. FFS I'd pay more for the pirate version than the legit one given the chance.
My next prediction is the appearance of a site that'll serve keys. You put your HD disk in your machine, run a util that gets a hash from it, searches online and decrypts the disk automatically.
*scampers off to register hd-keys.com*
This guy beat you to it: (Score:5, Informative)
Re:Oh FFS (Score:5, Interesting)
Common sense be damned. Could an encryption key be the world's shortest copyrighted work?
it bears repeating (Score:2)
(http://www.theschism.com/ | Last Journal: Thursday March 15 2007, @04:20AM)
bound to happen sooner or later (Score:1)
(http://www.phusion.us/)
Content industries don't care about this (Score:5, Insightful)
To call it a "cat-and-mouse game" is overstating I think. Why should the content sellers care about someone cracking Blu-Ray or HD-DVD encryption? They know that piracy is inevitable. They just want to keep it underground so the average consumer doesn't participate. And for that, under the DMCA any proprietary encryption system will do just fine. The DMCA gives them the permanent legal right to go after anybody who doesn't license their decryption technology, or who tries to circumvent it in an unauthorized way.
DVD is a great example. DeCSS has been around for years, but it hasn't had a material impact on DVD sales because DVD copying isn't widespread. (At least in the USA; parts of Asia like China are a different story.) Threat of legal action backed by the DMCA has kept DVD backup software generally unavailable to Joe Consumer, despite the widespread prevalence of DVD-R drives and media.
Bottom line: You could break their encryption and print up all the geeky De-AACS T-shirts you want, but it won't materially affect content sales.
One item of information missing from TFA... (Score:1)
It's funny really (Score:2)
My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.
Things like this only serve to alienate legitimate consumers who are already inclined to pay for the product. The pirates just wait for the DRM to be cracked.
Getting to the stage. (Score:1)
Decryption algorithm needs an experts touch... (Score:2, Informative)
Read this forum post for a detailed explanation of the current revision:
http://forum.doom9.org/showthread.php?p=941169#po
See Professor Ed Felten's excellent blog explaining AACS in detail:
http://www.freedom-to-tinker.com/ [freedom-to-tinker.com]
The official AACS specifications, straight from the source:
http://www.aacsla.com/specifications/ [aacsla.com]
Your contributions will apply to both HDDVD and BluRay, of course.
I predict (Score:2)
(http://www.andrewrondeau.com/)
Wish we knew how this guy was... (Score:1)
Technology aside.... (Score:1)
(http://www.skintube.com/)
Seriously folks, the vast majority of what we call "entertainment" is simply crap. The entertainment industry needs to do some serious soul searching and come to the realization that rather than blowing all this cash on binary wizardry they need to be investing in good writing, acting, directing, etc.
Good content = more $$.
More DRM = pissed off customers.
BD+ already deployed on future releases (Score:2)
(http://heroinewarrior.com/)
BD+ isn't a technology. All BD+ is, is an exception in the warranty that lets them disable customer's hard earned products without getting sued. Cyberlink knew the risk in basing a business on software players and they lost.
Worthless news... (Score:1)
The sooner it's cracked the better... for them (Score:2)
Re:memory dump (Score:2, Insightful)
(http://eof.sourceforge.net/)
Key has to be decrypted somewhere. Where else do you want to put it?
Sure, a hardware player could put it in a reasonably tamper-proof ROM, but what's a software player going to do?
Re:Muslix? (Score:2)
(http://www.google.com/ | Last Journal: Tuesday December 12 2006, @06:04PM)
Re:Muslix? (Score:1)