Slashdot Log In
Interview with Developer of BackupHDDVD
Posted by
ScuttleMonkey
on Wed Jan 24, 2007 04:37 PM
An anonymous reader writes "HD DVD and Blu-Ray were supposedly protected by an impenetrable fortress. However a programmer named "muslix64" discovered that this was not the case, and released BackupHDDVD. Now, Slyck.com has an interview with the individual responsible, who provides some interesting insight to his success."
Related Stories
[+]
HD DVD's AACS Protection Bypassed 161 comments
Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."
[+]
Decryption Keys For HD-DVD Found, Confirmed 473 comments
kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"
This discussion has been archived.
No new comments can be posted.
Interview with Developer of BackupHDDVD
|
Log In/Create an Account
| Top
| 223 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Degrading Quality May Boost Cracking (Score:5, Interesting)
This creates a powerful incentive to not just "backup" your HiDef DVD, rather to remove an onerous limitation -- it may violate the DCMA in the USA, but it is morally and legally sound to most of the world.
Re:Degrading Quality May Boost Cracking (Score:5, Interesting)
(http://www.geocities.com/purpledinoz/)
That's why they have not, and will not, enable (Score:5, Insightful)
In the technical rounds it was easy enough to add the flag, but once the marketing people realized what it would do they nixed the use of it.
And the best part is... (Score:5, Informative)
(http://www.sympato.ch/)
This uses the keys specific for the DISC, which can't be changed anymore.
And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched. It only rely to the fact that, whatever player you choose, at one moment it needs the volume key - which you can then grab and share on the net.
There's no way to patch this.
This is one more proof that the fundamental mechnics of the DRM - ie.: providing both the crypted data and the key in the same place - is flawed. You can't protect a content from the one who bought the disc. If data must be decrypted on the buyer's computer, then nothing cab prevent it from being circumvented.
Re:And the best part is... (Score:5, Funny)
(http://www.geocities.com/purpledinoz/)
Re:And the best part is... (Score:5, Funny)
(Last Journal: Tuesday August 22 2006, @10:59PM)
Re:And the best part is... (Score:5, Informative)
Hence Treacherous Computing. You really think Microsoft and the content industry haven't thought of this? Sooner or later Windows is going to start encrypting memory and running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.
Re:And the best part is... (Score:4, Informative)
Re:And the best part is... (Score:5, Informative)
Linux is already able to encrypt swap [linux.org] and I haven't heard anything about that slowing the computer down too much. Besides, some CPUs already have hardware-accelerated cryptography engines [via.com.tw] anyway. Finally, all new computers will come with a TPM [wikipedia.org], if they don't already. Although I don't think it's strictly required that the TPM be a cryptography accelerator, it makes sense for it to be.
Re:And the best part is... (Score:4, Funny)
(http://alfter.us/ | Last Journal: Wednesday October 03, @01:50PM)
Russian dolls. (Score:5, Interesting)
(http://www.sympato.ch/)
Yes, and how Windows it self will know that it isn't running inside a "simulated" trusted computer (the TC chip is virtual and part of the emulator) running inside an actual regular computer (with no chip to prevent you from running whatever you want ?)
For this to work you actually need TC-enabled computers. There aren't currently enough of them.
So either Microsoft pisses of its customers with something like "HD DVD & BD can only played on Windows Vista running on special mother boards. The rest of 80% of you just can't play them at all" (and currently customers are already pissed enough because they can't always play in full HD when they don't have display systems that *are* getting popular those days). Or either microsofts accepts to let some player run outside it's protected models and you don't even need a virtual machine or root kit to extract the needed data from memory.
As said by another
Investment in DRM vs. Investment to crack (Score:5, Funny)
Mij
Server Bombed (Score:5, Informative)
The next generation of optical disc technology holds the promise to change the way we interact with and store digital media. Perhaps the most exciting change is the arrival of High Definition (HD) video, with its glorious 1920x1080 pixel resolution. It's a quantum leap forward in terms of watching digital content, as its vast resolution reveals a quality never seen before in such fine detail.
Because of the rapid escalation of digital file-sharing - especially of video files - Hollywood has been working around the clock to protect HD content. This is especially relevant for one of its primary delivery mechanisms - HD DVD and Blu-Ray discs. These next generation discs, with capacities of 30 gigabytes and 50 gigabytes respectively, have their content protected with an array of DRM (Digital Rights Management.) Both are protected with a scheme called AACS, or Advanced Access Content System. This DRM is a great leap forward compared to the weak CSS, or Content Scrambling System, that currently "protects" DVDs. Thanks to Fox, Blu-Ray has an additional layer of protection, called BD+, although most discs have yet to support this protection.
Although Hollywood has constructed enough DRM architecture to rival the Pyramid of Giza, it has long been suspected that it would be only a matter of time before HD DVD and Blu-Ray content protection were compromised. Convinced the golden DRM egg had been laid, it seemed that nothing could penetrate the great AACS wall. And to this day, that great wall still stands.
But why crash through the main gates of Constantinople when you can just pick the lock of a long forgotten rear entrance?
On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection - not the copy protection - of HD DVD. Additionally, he made available an open source program named BackupHDDDVD. At the time, this program was a command line program that bypassed the content protection - providing the individual successfully obtained the title and volume keys associated with the HD DVD. Once the individual has the keys, the AACS protection can be sidestepped, and the HD movie content can be extracted. According to muslix64, it took all of eight days to successfully circumvent HD DVD content protection.
Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.
The mainstream media tends to have many labels for you, i.e. hacker, cracker, pirate, etc., in response to your efforts. What would you call yourself and what would you label your efforts?
I'm just an upset customer. My efforts can be called "fair use enforcement"!
What motivated you to help circumvent the content protection scheme associated with HD DVD and Blu-Ray?
With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad...
After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.
Explain how decrypting the device and volume keys are critical to your success. Could you explain the difference between the two?
The device keys, are the keys associated to the player.
The volume key, is the key associated to the movie.
I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them. Having the volume key means that you can decrypt ti
AACS Easier to Crack Than CSS (Score:5, Funny)
Re:AACS Easier to Crack Than CSS (Score:5, Informative)
(http://www.kibbee.ca/)
Re:AACS Easier to Crack Than CSS (Score:5, Interesting)
So, like the author said, you don't attack it you go around it. Obviously if the movie is being played back at some point things are being decrypted and you can get your hands on that key. That's precisely what he does. The player uses its key to decrypt the key that the volume is encrypted with. He then nabs that key and uses it to decrypt the volume.
Re:AACS Easier to Crack Than CSS (Score:5, Insightful)
(http://nzruss.blogspot.com/)
Re:AACS Easier to Crack Than CSS (Score:5, Insightful)
(Last Journal: Tuesday December 19 2006, @05:12PM)
With AACS they "learned" something and used much beefier encryption, and mutable keys...Which makes the keys vulnerable. Some bright boy notices this, breaks the weak security on the keys, and voila! The system, while not broken, is seriously compromised.
It's all pointless though. The companies pushing the DRM have far fewer resources than the people who want to view the content, and the content itself cannot be truly secured because it's meant to be viewed! So they're just throwing away money, and, as Muselix64 himself cogently pointed out in the "interview", the turnaround for fixes from the companies is so long, that there is effectively no way they can stay ahead of the crackers.
The best thing he could do now. (Score:1)
Is disappear.
Because the shit they pulled with others who have
come out with a exploit / hack (decrypting encrypted PDF's to decss)
have gotten it in the pooper
Like a dog chasing it's own tail (Score:5, Insightful)
(http://www.slashdot.org/)
Media Industry just can't get anything right... (Score:1)
Worst interview ever? (Score:4, Insightful)
(http://fsfe.org/join | Last Journal: Saturday March 31 2007, @05:28PM)
It seems the interviewer knows _NOTHING_ about the subject:
You can play an unencrypted movie wherever you want; an update of the encryption-scheme will not magicalle re-encrypt the movie. DUH!
An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.
Re:Worst interview ever? (Score:5, Informative)
An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.
I don't think you read these questions the same way muslix64 did. You are incorrect, because the content industry could force future versions of PowerDVD to automatically downgrade the video quality of any unencrypted video it played. This would be a "Hollywood counterattack" that does not re-encrypt the video like you assumed. Likewise, because an unprotected movie does not require HDCP, Microsoft could force all video played on its operating system to be downgraded unless HDCP is enabled.
I know, neither PowerDVD nor Microsoft would ever actually do this. Even if they did, there are alternative open-source players, and alternative open-source operating systems, to which these changes would never be made. This is exactly what muslix64 says when he replies "Or you can use open-source player, like VideoLan, if a player like PowerDVD become more restrictive about playing decrypted movies."
So let me get this straight... (Score:5, Insightful)
(http://www.angelfire.com/il/macroman | Last Journal: Friday March 30 2007, @07:17PM)
If I understand it correctly, my output resolution will be degraded unless I buy a MPAA-approved display device?
Why would I bother upgrading from DVD if I'm not going to get any better quality?
Tip to Hollywood: Deliberately crippling technology doesn't boost sales. As far as I'm concerned, there's no point in buying into this. Why would I bother to spend a lot of money for something that won't work with my existing equipment, and likely won't work in the manner I intend to use it?
I love this guy... (Score:5, Insightful)
After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.
Bless you, muslix. Now the two formats can compete as true equals where it counts: in the ease of supplementing your legitimate media collection with illegal copies of things that you "kind of like".
Let's not pretend that there is one type of pirate. There are many levels of pirate, and by far the most common type (at least in my experience) is the "pirate" who buys plenty of legitimate media, but occasionally supplements their colleciton with an illegal copy of something that they don't care enough about to pay full price for. You can see the popularity of this line of thinking by watching people paw through the "bargain bin" at any major retailer. These are the movies that no one liked enough to pay full price for, but still maange to sell. This is more of a problem, as I see it, with the uniform pricing structure of DVDs. Let's not pretend that "Batman Begins" and "Sisterhood of the Travelling Pants" are worth the same amount of money to most people. They are simply not, and should be priced differently from the get-go. Sadly the media companies instead try to rake in bucks from the "gotta have it now" super-fans crowd by artificially inflating the price; the side-effect is piracy. I would wager that the media companies gain more money then they lose by this process; the convenience of the consumer does not enter into the equation (these companies have demonstrated, repeatedly and without a doubt, that the convenience of the consumer is a very, VERY low priority to them).
Of course I am deliberately discounting bring up That Guy. You know That Guy. He is the guy with the huge collection of pirated movies for the sake of having them. To be fair, unless That Guy has a lot of friends (and usually they do not) they are no real threat to media companies. That Guy would not have purchased the movies anyway, and his collection is (to put it bluntly) a dick-measuring contest to make himself feel better anyway. Every That Guy that I have ever met has had movies of laughably bad quality in their collection; their love is not for the cinema but rather, like a dragon, they hoard the wealth for it's own sake rather than an appreciation for it. And that might be the dorkiest thing I have ever written.
You have to wonder... (Score:2)
When will the *IAA learn? (Score:4, Insightful)
My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.
Things like this only serve to alienate legitimate consumers who are already inclined to pay for the product. The pirates just wait for the DRM to be cracked.
Seems like a decent guy (Score:5, Interesting)
On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdcss-style crack for these formats. I'd like to think it's only a matter of time...
DRM Cracking Quiz (Score:5, Funny)
Q: What is the fastest way to crack a DRM scheme?
A: Label it as uncrackable.
Thank you, thank you. I'll be here all week. The 9:00 show is completely different from the 7:00 show. Be sure to tip your bartenders and waitresses.
Re:DRM Cracking Quiz (Score:4, Insightful)
Hmm, person X is a lawyer. She makes mid six figures and works 80 hours a week. She have a staff to handle IT issues. Her motivation to 'become a techie' is...? I, on the other hand, got sick of the fact that other people were writing the rules that controlled my industry. So I left off being a netadmin and now I'm in law school. You want the laws to be sane? Start writing them, rather than leaving that to people who don't have a clue, and don't have the slightest reason to care.
Linux HDDVD/BR Software Player (Score:4, Interesting)
(http://www.psphacks.net/ | Last Journal: Wednesday May 23, @07:59PM)
Since, based on the past, none of the studios will license a key for a linux player, I propose we create a player that, as part of playback, incorporates this "crack".
To get around this, the player will prompt for the disc key before playback. Then, the disc is decrypted as playpack is performed, thereby bypassing the "Player Key".
If you use device keys, they can revoke them (Score:4, Insightful)
(http://www.apnic.net/ | Last Journal: Thursday June 13 2002, @11:02AM)
Which is why I will never "upgrade" to HD. When my lowdef stuff stops working, I'll simply opt out of the rat race and not buy anything. Books are still good.
I will not pour thousands of dollars into a HD system only to have some jerk in a corner office somewhere decide that my investment constitutes a risk to his profits, and be able to take it away from me without consequence, without my consent, and without buying me new geegaws. F'em. They don't generate ANY content I'd be willing to pay that much to watch.
But that's just me. Feel free to pour $BUCKs into their profiteering maws if you wish. It's your money... well, your's and mostly THEIRs, since they can decide to take it away from you.
No legal open source player - ever. (Score:1)
(http://marcin.prodom.com.pl/)
I'm glad he's not (Score:5, Interesting)
If he was a native English speaker, he'd probably be in a country that has some sort of DMCA-type law. And he'd probably be in custody by now.
Re:He is obviously not a native English speaker... (Score:5, Funny)
(http://www.christopherculver.com/)
Re:He is obviously not a native English speaker... (Score:5, Funny)
Re:Encrypted (Score:2)
(http://www.the-h.net/h)
Guvf pbzzrag vf ebg39 rapelcgrq. Ol ernqvat guvf pbzzrag, lbh unir ivbyngrq gur QZPN.
Re:He is obviously not a native English speaker... (Score:3, Insightful)
(http://www.jazzlad.com/)
Sheesh, and they make fun of his English!
Re:He is obviously not a native English speaker... (Score:4, Funny)
(http://dondueck.wordpress.com/ | Last Journal: Tuesday April 04 2006, @11:09AM)
Re:Producer countermeasures (Score:2)
Re:Who cares!? (Score:2)
It's time to say "scrambled" instead of "encrypted"...