Decryption Keys For HD-DVD Found, Confirmed

kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"

Blu-Ray Rules Supreme!

[RAMMS+EIN]

``The Fair Use crowd has won Round One; now how will the industry respond?''

I think at least the Blu-Ray camp will switch on their intergalactic megaphones and tout how Blu-Ray was superior all along. This whole format war is childish enough for that.

Re:Blu-Ray?

[Anonymous Coward]

Who needs Blu-Ray anyway?

That format has killed itself by Sony's arrogant attitude. History has shown that locked-in, porn-shy formats always loose.

HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. For me there are two choices:

1) HD content works with my current and future hardware setup
2) No HD content for me

It's about time those media companies learn what they are producing their precious content for.

Re: Don't like Movies Much?

[DumbSwede]

Ermmm... Good plan except major movie studios will only release on Blu-Ray if it's DMR holds up (at least for the next couple of month). Then again maybe all you want to watch is Porn.

BTW, in yesterday's post about HD Porn and Sony not Allowing Porn on BETA, I assure you there was LOTS of porn on BETA. The adult industry may prefer HD-DVD for cost reasons, but if Blu-Ray wins, there will be Blu-Ray porn -- count on it.

The best thing might be for HD-DVD to fail, have Blu-Ray generally accepted, and THEN break the DMR Bwa-ha-ha-ha-ha

Goodbye Software players

[desenz]

Couldn't the industry, if it were so inclined, just stop licensing software players? I would imagine that compared to set top DVD players, the software must be a pretty small segment.

Industry response?

[Anonymous Brave Guy]

The Fair Use crowd has won Round One; now how will the industry respond?

It will send in a few lawyers. After a while, they will realise that their impact is negligible in the grand scheme of things: the DRM will continue to deter casual copying to some extent, but will continue to be impotent in preventing anyone determined to make a copy and willing to spend a little time on the 'net to find out how (or download a pre-ripped version).

Meanwhile, genuine customers will get seriously annoyed at the fact that DRM in HD-world has now moved beyond a minor inconvenience or ethical question as it was with things like DVDs, and into the realms of seriously impeding their enjoyment of the product they have legally purchased. A consumer backlash will result, with the effect that DRM becomes a "dirty word" 2-3 years from now, and distributors drop heavily-encumbered formats and go back to what works: a mostly hands-off scheme that's enough to deter casual copying by schoolkids but nothing that risks seriously impacting the marketability of their merchandise.

On the same sort of time scales, on-line distribution will reach a critical mass, and the movie distributors will adopt a second, parallel strategy where cheap, legal, unencumbered downloads are the norm. They will make their profit from on-line users through many small incomes, rather than the larger one-offs represented by (HD-)DVD purchases today. This will render illegal distribution channels mostly irrelevant, and the damage due to illegal copying will revert to being low-level noise as it mostly was before they started their current crusade anyway.

Hey, it's a new year and everyone else is making crystal ball predictions. Can't I have mine, too? :-)

youtube demo removed

[1 a bee]

muslix64's youtube demo [youtube.com] linked from the original post has since been removed. Instead the page seems to claim that the content of his video is somehow owned by Warner Bros.:

This video has been removed at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission.

Sad, but funny...

Re:Blu-Ray?

[gnasher719]

'' HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. ''

Every time I read a rant about HDCP, I conclude that customers (and content providers as well) have not the slightest clue what HDCP does.

At some point, after all the decryption, decoding, filtering and whatever else is done, your computer must send a signal to the monitor, which the monitor then translates into an image that you can see. This signal usually comes out of the DVI connector in your computer, goes into a cable, which feeds into the monitor or TV. Our paranoid friends at the MPAA or whatever abbreviation it is are afraid that you could catch the signal coming out of the video card, and record it.

Truth is, you can't. You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk. Well, I can't and no normal consumer can. There are people who could build stuff that could do it, but those people are probably happily building graphics cards for NVidia and ATI, or building DVD players.

Still, that signal had to be encrypted. So you have a chip just before the DVI chip (or integrated into it), and another chip in your TV, and they can negotiate to decide on a key for a cipher stream, and use that cipher stream to encrypt the signal on one end and decrypt it on the other end. Which means you can't record the signal coming out of your computer and turn it into a DVD. However, this has nothing to do with DRM whatsoever. Once this encryption is turned on, it stays turned on until the computer or the monitor are turned off. So if you read slashdot after watching a DVD, everything you see on the screen has gone through encryption and decryption. Doesn't matter, because you couldn't read the signal from the cable anyway.

Where the real effort is: First, the graphics driver has to check constantly that encryption works properly. That is not to make sure you don't steal the video signal (as long as encryption is turned on, you can't, and encryption doesn't turn itself off), it is because if the video card and monitor run out of sync then you will see nothing but snow on the monitor, and that makes for a very very unhappy customer. Second, all the commands from the OS to the driver are encrypted, and status reported by the driver is encrypted as well. Otherwise, a hacker could just pretend to be the OS and tell the graphics card to turn encryption off - and that's it! No, most of the work is not the encryption, but to make sure that the OS always knows whether encryption is turned on or off. And third, a DVD can request that high resolution is only used with encryption, so if the HDCP chip isn't there, the image is scaled down to lower resolution.

All in all, the whole HDCP stuff is complete nonsense. It prevents an attack from thieves in a place where you wouldn't attack. It costs money to add and implement. It doesn't hurt you as a consumer, except that you have to pay for the damned chips. It creates work for device driver writers. It doesn't protect contents. Anyone who can record 200 MB per second from a DVI output has invested some serious money, and a little bit more money will allow you to break into a monitor and get the signal from there.

Executive summary: If you can't record a signal coming from the DVI cable, HDCP doesn't matter. If you can record a signal coming from the DVI cable, HDCP doesn't matter much either.

Re:Blu-Ray?

[Jugalator]

Has the same thing been done for Blu-Ray yet? I would like to see DRM on both systems being shown as being useless.

I agree, although it would be more amusing to me if Blu-ray DRM was broken with various key extraction algorithms in about 6 months or so, for it to reach the market better and give them less hope to just change details in the standard as a worst case scenario. :-) Makes me wonder if it's possible they'll do this with HD-DVD, or if it has reached critical mass alraedy, so to speak.

Re:Blu-Ray?

[Anonymous Coward]

your premise about needing to record 200MB/s is incorrect because it doesn't need to be played back at 60fps in order to make a copy! set your player to play at, say, 1/10th speed and suddenly you only have to record 20MB/s. sure, the RIP process takes 10x as long but, really, big deal.

No more software players?

[I'm Don Giovanni]

They could take a more drastic approach, and simply revoke the keys to all software players, since software players are too easy to extract keys from. The already cracked discs would still be available for piracy, but further discs wouldn't be playable on anything but hardware. That would definitely suck, and would render the "victory" as Pyrrhic.

Re:Blu-Ray?

[Fordiman]

Unfortunately, dismissing the porn industry is what killed the technically superior Betamax. Without it, all they have is the rabid PS3 fans to bolster their film sales - and that's only if the gamers want to take a minute to watch a movie.

Question

[slapout]

I'm not totally up on all this stuff (some, but not all.) What about this: I copy a HD-DVD to my harddrive. Then I find the decryption key for it. I decrypt it and convert it to another format. Couldn't I then distribute it without them knowing what player was used?

Re:Even simpler

[Overzeetop]

It is my understanding, incorrect as it may be, that this was cracked using a software reader, not sniffing a hardware (stand-alone) player. You can just download the update. It will be a cat and mouse game, but an irrelevant one. You see, there are far more people who will have to buy a second copy - for whatever reason - than there will be pirates that lose them money. Slashdotters are so myopic on this point - most of the worlds computer users couldn't rip a DVD in a day if their life depended on it. Seriously. And it would take more than a casual hacker to get the information from a hardware player.

Besides, I'm certian the consortium would tell any hardware player mfr who has had their box cracked that they better pony up the fixes for free and do a better job of protecting the IP the next time.

For the record - I don't have either HD format player, and don't intend to get one for some time. I'd love to have HD, and I have an HD set to view it on (albeit fairly small at 51"). I do not support what they are doing, and I hope they fail miserably, but don't be suprised when it's "our" fault things get screwed up.

Re:Wait!!!

[ivan256]

Yup, here it is:

http://www.boingboing.net/2007/01/04/media_overest imates_.html [boingboing.net]

$200mil a year is chump change in the DVD business. The equivalent of two successful hollywood movies.

Enter the bilayer display...

[symbolset]

Which attaches to each diode in the LCD array and captures the images.

They should give up. It's hopeless.

There are enough honest folk to sell their content to that they can make a good living. The crooks can and will always cheat. Hiring armed guards to escort and live with each recorded disc is cost prohibitive and nothing else is going to solve this problem for them. Any content that can be played can be recorded. Period. Anything one program can do, another program can do. That is not going to change ever.

They should just sell us honest folk a disc that contains the content we want in a form that is easily copied onto our home servers and transcoded into our desired format, trust us not to cheat, and be happy with the money we give them.

Yeah, they'll still sell only one copy for all of China, but that's not going to change ever either. The pirates get their content before it's even on the master of the disc we buy. Strangely, it seems they sometimes get it even before the final edit.

Re:Nope, sorry, the TPM can't do it...

[Alsee]

it gave an estimate of 200 hours remaining just to encrypt a few megs of source code

I'm pretty sure the TPM based disk encryption you had was encrypting the entire disk - including all of the empty sectors. Read-encrypt-write-reread-verify for each sector, multiplied by some huge number of gigabytes.

The TPM doesn't handle data encryption at all, it only handles the encryption of keys. It's a very cheap low power chip. No horsepower, no throughput, just enough to spy on your system and to manage crypto on keys. In fact it can take half a second or so just to decrypt a key (asymmetric crypto is slow even on decent silicon). After watching your system startup it just decrypts the key for the disk which it passes to the CPU to do everything. So the speed issue you ran into had no real connection to the TPM.

BTW, I'm a programmer and I have spent many hours reading the TPM technical specs. It is first and foremost designed to secure the computer against its owner. You could get *all* of the same security benefits for the owner and eliminate *all* of the anti-owner abuses simply by permitting the owner to know his own master key if he wants it (the option to get a printed copy of your master key when you buy the computer for example). Absolutely identical hardware with absolutely identical security capabilites for you, with the sole difference that you know your own master key. Knowing your own key gives you full control of your computer - you can modify your security settings as you wish, you can unlock your own files if you choose to do so, you your key you can escape lock-ins and overrule lock-outs on your own computer. However the specification goes to extraordinary lengths to forbid you to know your own key. The TPM is designed to lock that master key inside the silicon and to prevent anyone from getting it - explcitly including the owner. The specification explicitly refers to the owner as an attacker. The specification has endless requirements on what the owner is forbidden to know and forbidden to be able to do.

-

Re:No problem

[RKBA]

Three questions if I may:

1. Are you telling me that there are people who would pay as much as $2,000 for a board that digitizes the three YPbPr component video signals and two analog stereo outputs of an HDTV device and sends the data to a PC for recording (or plugs into the PCI bus and is accessed via device drivers), or would that price also require downscaling of the image and MP4/XviD compression? I believe that fast enough FPGA boards with high speed ADC's and builtin PCI interface plus DMA can be had for around two or three hundred dollars.

2. How much would the MP4 and/or XviD compression portion of the operation be worth (perhaps as an optional extra-cost feature)? At the moment I have no idea how feasible MP4 compression would be for an FPGA. If it's very complicated it may require a very expensive FPGA or even a custom VLSI chip in order to have enough logic circuitry available.

3. Is http://forum.videohelp.com/ [videohelp.com] representative of the type of "Videohelp & AVS's forums" you referred to, or do you have some better suggestions as to where I could go to sell my YPbPr/MP4 converters after I've built a couple of them? :-)

P.S.
This kind of thing is made considerably easier thanks to the Open Source sharing of Verilog and VHDL designs at places like http://www.opencores.org/ [opencores.org] where you can find pre-existing tested and free (as in freedom) designs for things like USB and Ethernet interfaces (not sure about MP4 compression though), so I wouldn't be doing the whole thing from scratch and that's why I gave such an optimistic schedule estimate.

Re:Even simpler

[marcosdumay]

DoSing it is hard, there is plenty of space for keys.

But the good part is that every old player will have its key revoked too. So, we can DoS a big part of the HD devices after they are sold... I forsee big troubles with key revocation.