Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Interview with Developer of BackupHDDVD

Posted by ScuttleMonkey on Wed Jan 24, 2007 05:37 PM
Encryption Security Media
An anonymous reader writes "HD DVD and Blu-Ray were supposedly protected by an impenetrable fortress. However a programmer named "muslix64" discovered that this was not the case, and released BackupHDDVD. Now, Slyck.com has an interview with the individual responsible, who provides some interesting insight to his success."
+ -
story

Related Stories

[+] HD DVD's AACS Protection Bypassed 161 comments
Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."
[+] Decryption Keys For HD-DVD Found, Confirmed 473 comments
kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Interview with Developer of BackupHDDVD 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Degrading Quality May Boost Cracking (Score:5, Interesting)

    by toonerh (518351) * on Wednesday January 24 2007, @05:49PM (#17743876)
    Unlike old DVD-Video, HD DVD and BluRay have a bit -- so far not set -- that degrades all output unless it is via an HDCP connection. This means my older Sharp 720p projector will be degraded along with all early adapter's HD gear

    This creates a powerful incentive to not just "backup" your HiDef DVD, rather to remove an onerous limitation -- it may violate the DCMA in the USA, but it is morally and legally sound to most of the world.

    • Re:Degrading Quality May Boost Cracking (Score:5, Interesting)

      by purpledinoz (573045) on Wednesday January 24 2007, @06:10PM (#17744138)
      Hollywood shouldn't be worried about this hack. They really should be worried about people actually buying these discs. What are the early adopter customers with the "non-secure" HDTVs supposed to do? Throw out their HDTV, and buy a new one so they can watch HD content? It's a real slap in the face of the customers... I hope both formats fail, and a new, non-restrictive format appears.

      • That's why they have not, and will not, enable (Score:5, Insightful)

        by SuperKendall (25149) on Wednesday January 24 2007, @09:16PM (#17746418)
        You have found the very reason why they have not enabled the flag and will not for years to come - way too much old equipment and way too many customers to be pissed off.

        In the technical rounds it was easy enough to add the flag, but once the marketing people realized what it would do they nixed the use of it.

    • And the best part is... (Score:5, Informative)

      by DrYak (748999) on Wednesday January 24 2007, @06:20PM (#17744266) Homepage
      This can't be stoped. It's not like the first DeCSS that used stolen Xing keys and could only work for as long as the keys weren't revoked.
      This uses the keys specific for the DISC, which can't be changed anymore.

      And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched. It only rely to the fact that, whatever player you choose, at one moment it needs the volume key - which you can then grab and share on the net.

      There's no way to patch this.

      This is one more proof that the fundamental mechnics of the DRM - ie.: providing both the crypted data and the key in the same place - is flawed. You can't protect a content from the one who bought the disc. If data must be decrypted on the buyer's computer, then nothing cab prevent it from being circumvented.
       

      • Re:And the best part is... (Score:5, Funny)

        by purpledinoz (573045) on Wednesday January 24 2007, @06:28PM (#17744410)
        You underestimate the movie companies. The next step is to encrypt the the data on the disc, and throw away all the keys. This way, no one can decrypt it. Not even the pirates! There is one side effect though, no one can watch the movie either. Oh well, it's a fair compromise.

      • Re:And the best part is... (Score:5, Informative)

        by mrchaotica (681592) * on Wednesday January 24 2007, @06:36PM (#17744530)
        And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched.

        Hence Treacherous Computing. You really think Microsoft and the content industry haven't thought of this? Sooner or later Windows is going to start encrypting memory and running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.

        • Russian dolls. (Score:5, Interesting)

          by DrYak (748999) on Wednesday January 24 2007, @06:53PM (#17744774) Homepage
          running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.


          Yes, and how Windows it self will know that it isn't running inside a "simulated" trusted computer (the TC chip is virtual and part of the emulator) running inside an actual regular computer (with no chip to prevent you from running whatever you want ?) ...or running with a root kit hidden it self inside, like the Sony's one ? Treacherous Computing may work on the paper, but Microsoft isn't exactly known for perfect implementation of security tools. Root kits WILL be available.

          For this to work you actually need TC-enabled computers. There aren't currently enough of them.
          So either Microsoft pisses of its customers with something like "HD DVD & BD can only played on Windows Vista running on special mother boards. The rest of 80% of you just can't play them at all" (and currently customers are already pissed enough because they can't always play in full HD when they don't have display systems that *are* getting popular those days). Or either microsofts accepts to let some player run outside it's protected models and you don't even need a virtual machine or root kit to extract the needed data from memory.

          As said by another /.er : stoping to provide the decryption key is the only way to avoid circumventing protection... but won't be implemented for very obvious reasons.

  • Investment in DRM vs. Investment to crack (Score:5, Funny)

    by Anonymous Coward on Wednesday January 24 2007, @05:51PM (#17743916)
    Anyone have a cost estimate for producing the AACS DRM? I'm guessing the crack didn't cost nearly as much.

    Mij

  • Server Bombed (Score:5, Informative)

    by FST (766202) on Wednesday January 24 2007, @05:53PM (#17743936) Journal
    Well, the server is being bombed now. Here's the text from the page if you don't want to wait for 5 minutes per sentence.

    The next generation of optical disc technology holds the promise to change the way we interact with and store digital media. Perhaps the most exciting change is the arrival of High Definition (HD) video, with its glorious 1920x1080 pixel resolution. It's a quantum leap forward in terms of watching digital content, as its vast resolution reveals a quality never seen before in such fine detail.

    Because of the rapid escalation of digital file-sharing - especially of video files - Hollywood has been working around the clock to protect HD content. This is especially relevant for one of its primary delivery mechanisms - HD DVD and Blu-Ray discs. These next generation discs, with capacities of 30 gigabytes and 50 gigabytes respectively, have their content protected with an array of DRM (Digital Rights Management.) Both are protected with a scheme called AACS, or Advanced Access Content System. This DRM is a great leap forward compared to the weak CSS, or Content Scrambling System, that currently "protects" DVDs. Thanks to Fox, Blu-Ray has an additional layer of protection, called BD+, although most discs have yet to support this protection.

    Although Hollywood has constructed enough DRM architecture to rival the Pyramid of Giza, it has long been suspected that it would be only a matter of time before HD DVD and Blu-Ray content protection were compromised. Convinced the golden DRM egg had been laid, it seemed that nothing could penetrate the great AACS wall. And to this day, that great wall still stands.

    But why crash through the main gates of Constantinople when you can just pick the lock of a long forgotten rear entrance?

    On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection - not the copy protection - of HD DVD. Additionally, he made available an open source program named BackupHDDDVD. At the time, this program was a command line program that bypassed the content protection - providing the individual successfully obtained the title and volume keys associated with the HD DVD. Once the individual has the keys, the AACS protection can be sidestepped, and the HD movie content can be extracted. According to muslix64, it took all of eight days to successfully circumvent HD DVD content protection.

    Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.

    The mainstream media tends to have many labels for you, i.e. hacker, cracker, pirate, etc., in response to your efforts. What would you call yourself and what would you label your efforts?

    I'm just an upset customer. My efforts can be called "fair use enforcement"!

    What motivated you to help circumvent the content protection scheme associated with HD DVD and Blu-Ray?

    With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad...

    After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.

    Explain how decrypting the device and volume keys are critical to your success. Could you explain the difference between the two?

    The device keys, are the keys associated to the player.

    The volume key, is the key associated to the movie.

    I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them. Having the volume key means that you can decrypt ti

  • AACS Easier to Crack Than CSS (Score:5, Funny)

    by jizziknight (976750) on Wednesday January 24 2007, @05:57PM (#17743984)

    So technically speaking, it was easier to bypass AACS than CSS.
    Oh, the irony. It figures that the more complicated the DRM, the easier it is to crack.

    • Re:AACS Easier to Crack Than CSS (Score:5, Informative)

      by CastrTroy (595695) on Wednesday January 24 2007, @06:01PM (#17744020) Homepage
      Well, he didn't crack it in the same way. With DECSS, you can crack any disk by just putting it in a drive and running the program. With the AACS crack, you have to run some other player and extract the title key out of memory, probably by using a debugger or something. The CSS crack was harder because they actually cracked every disk, and reversed the encryption. The AACS crack doesn't accomplish the same thing. Although you can still decrypt disks, you can't just make program that does it automatically.

      • Re:AACS Easier to Crack Than CSS (Score:5, Interesting)

        by Sycraft-fu (314770) on Wednesday January 24 2007, @06:12PM (#17744152)
        Ya, perhaps sidestep is a better term than crack. In all likelihood the cryptosystem itself can't be broken, it's AES. While we can never say for certain there's not an unknown weakness in a system, AES is one of the most studied ones out there and thus far it remains secure enough to use for classified data.

        So, like the author said, you don't attack it you go around it. Obviously if the movie is being played back at some point things are being decrypted and you can get your hands on that key. That's precisely what he does. The player uses its key to decrypt the key that the volume is encrypted with. He then nabs that key and uses it to decrypt the volume.

    • Re:AACS Easier to Crack Than CSS (Score:5, Insightful)

      by SatanicPuppy (611928) * <Satanicpuppy&gmail,com> on Wednesday January 24 2007, @06:36PM (#17744536) Journal
      I don't know why they bother. CSS was "easy" because the encryption didn't change, so once you'd broken it, it was done, unless they wanted to break the standard.

      With AACS they "learned" something and used much beefier encryption, and mutable keys...Which makes the keys vulnerable. Some bright boy notices this, breaks the weak security on the keys, and voila! The system, while not broken, is seriously compromised.

      It's all pointless though. The companies pushing the DRM have far fewer resources than the people who want to view the content, and the content itself cannot be truly secured because it's meant to be viewed! So they're just throwing away money, and, as Muselix64 himself cogently pointed out in the "interview", the turnaround for fixes from the companies is so long, that there is effectively no way they can stay ahead of the crackers.

  • Like a dog chasing it's own tail (Score:5, Insightful)

    by bcmbyte (996126) on Wednesday January 24 2007, @06:03PM (#17744052) Homepage
    It sure seems to me that the media companies chasing the people finding holes in their impenetrable fortress' is much like a dog that chases his own tail. Every once in a while he gets it, but then it hurts and he lets go, and then he off again chasing his tail. The time and money they spend protecting their stuff might be better spend on an ad campaign, or better yet drop the prices of the content so that maybe, just maybe they will sell a few more..

  • So let me get this straight... (Score:5, Insightful)

    by gillbates (106458) on Wednesday January 24 2007, @06:43PM (#17744616) Homepage Journal

    If I understand it correctly, my output resolution will be degraded unless I buy a MPAA-approved display device?

    Why would I bother upgrading from DVD if I'm not going to get any better quality?

    Tip to Hollywood: Deliberately crippling technology doesn't boost sales. As far as I'm concerned, there's no point in buying into this. Why would I bother to spend a lot of money for something that won't work with my existing equipment, and likely won't work in the manner I intend to use it?

  • I love this guy... (Score:5, Insightful)

    by LukeCage (1007133) on Wednesday January 24 2007, @06:44PM (#17744638)

    After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.

    Bless you, muslix. Now the two formats can compete as true equals where it counts: in the ease of supplementing your legitimate media collection with illegal copies of things that you "kind of like".

    Let's not pretend that there is one type of pirate. There are many levels of pirate, and by far the most common type (at least in my experience) is the "pirate" who buys plenty of legitimate media, but occasionally supplements their colleciton with an illegal copy of something that they don't care enough about to pay full price for. You can see the popularity of this line of thinking by watching people paw through the "bargain bin" at any major retailer. These are the movies that no one liked enough to pay full price for, but still maange to sell. This is more of a problem, as I see it, with the uniform pricing structure of DVDs. Let's not pretend that "Batman Begins" and "Sisterhood of the Travelling Pants" are worth the same amount of money to most people. They are simply not, and should be priced differently from the get-go. Sadly the media companies instead try to rake in bucks from the "gotta have it now" super-fans crowd by artificially inflating the price; the side-effect is piracy. I would wager that the media companies gain more money then they lose by this process; the convenience of the consumer does not enter into the equation (these companies have demonstrated, repeatedly and without a doubt, that the convenience of the consumer is a very, VERY low priority to them).

    Of course I am deliberately discounting bring up That Guy. You know That Guy. He is the guy with the huge collection of pirated movies for the sake of having them. To be fair, unless That Guy has a lot of friends (and usually they do not) they are no real threat to media companies. That Guy would not have purchased the movies anyway, and his collection is (to put it bluntly) a dick-measuring contest to make himself feel better anyway. Every That Guy that I have ever met has had movies of laughably bad quality in their collection; their love is not for the cinema but rather, like a dragon, they hoard the wealth for it's own sake rather than an appreciation for it. And that might be the dorkiest thing I have ever written.

  • Seems like a decent guy (Score:5, Interesting)

    by Bralkein (685733) <jack.hollingworth@nt l w o rld.com> on Wednesday January 24 2007, @07:03PM (#17744948)
    Since the DRM on these new formats is so insulting, I'll always be happy to see it suffering setbacks like this. However, I'd be slightly less happy if the person who cracked it was just some guy who wanted to be able to get everything for free and impress his mates by giving them free movies. Assuming this muslix64 character is telling the truth, he seems like a decent sort. His story is just that he wanted to be able to use his own purchased movies in the way that he wants to, in his own home. So consider him thoroughly endorsed!

    On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdcss-style crack for these formats. I'd like to think it's only a matter of time...

  • DRM Cracking Quiz (Score:5, Funny)

    by Compulawyer (318018) on Wednesday January 24 2007, @07:45PM (#17745418)
    To paraphrase from an old law school joke:

    Q: What is the fastest way to crack a DRM scheme?

    A: Label it as uncrackable.

    Thank you, thank you. I'll be here all week. The 9:00 show is completely different from the 7:00 show. Be sure to tip your bartenders and waitresses.

    • Re:Worst interview ever? (Score:5, Informative)

      by SydShamino (547793) on Wednesday January 24 2007, @07:29PM (#17745246)
      You can play an unencrypted movie wherever you want; an update of the encryption-scheme will not magicalle re-encrypt the movie. DUH!
      An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.

      I don't think you read these questions the same way muslix64 did. You are incorrect, because the content industry could force future versions of PowerDVD to automatically downgrade the video quality of any unencrypted video it played. This would be a "Hollywood counterattack" that does not re-encrypt the video like you assumed. Likewise, because an unprotected movie does not require HDCP, Microsoft could force all video played on its operating system to be downgraded unless HDCP is enabled.

      I know, neither PowerDVD nor Microsoft would ever actually do this. Even if they did, there are alternative open-source players, and alternative open-source operating systems, to which these changes would never be made. This is exactly what muslix64 says when he replies "Or you can use open-source player, like VideoLan, if a player like PowerDVD become more restrictive about playing decrypted movies."

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.