Forgot your password?
typodupeerror
Encryption Security Media Movies Entertainment

AACS Cracked Again 306

Posted by kdawson
from the persistence dept.
EmTeedee sends us to a blog post for a summary of the latest results in cracking AACS, from the Doom9 forums (as the earlier cracks have been) — after the DVD Security Group said it had patched the previous flaws. From the DLTV blog: "This time the target was the Xbox 360 HD DVD add on. Geremia on Doom9 forums has started a thread on how he has obtained the Volume ID without AACS authentication. With the aid of others like Arnezami they have managed to patch the Xbox 360 HD DVD add on... It appears that XT5 has released [an] application that allows the Volume ID to be read without the need to rewrite the firmware. This would mean that anyone could simply plug in the HD DVD drive and obtain the Volume ID from any HD DVD without the hassle of flashing it."
This discussion has been archived. No new comments can be posted.

AACS Cracked Again

Comments Filter:
  • One word. (Score:5, Funny)

    by Spazntwich (208070) on Thursday April 12, 2007 @01:10PM (#18704483)
    Owned.
    • Re:One word. (Score:5, Insightful)

      by Ravenscall (12240) on Thursday April 12, 2007 @01:12PM (#18704513)
      When will these stuffed suits learn that the more they try to limit people, the more people will fight those limitations?
      • by Spazntwich (208070) on Thursday April 12, 2007 @01:15PM (#18704573)
        Hopefully not anytime soon, as I love stories of this type.

        Seriously, what was the turnaround time from a claimed patch to another breach? Was it even 3 days ago those clownshoes were crowing about it?
      • by ryanvm (247662) on Thursday April 12, 2007 @01:32PM (#18704901)
        Oh come on, you know you wanted to make your point with a Star Wars quote.
      • Re:One word. (Score:5, Interesting)

        by calciphus (968890) on Thursday April 12, 2007 @02:52PM (#18706263)
        As inconvenient as it is, the real reason for DVD security like AACS isn't for the consumer. Sorry, you're not that important.

        When people invest millions of dollars in developing a standard like HD-DVD, Blu-Ray, or whatever comes along next (UV-DVD?), they need assurances that they will get their money back. They don't make money off of the sale of DVDs, but rather off of DVD hardware. So companies that manufacture DVDs can't just build players, they have to buy little AACS chips directly and exclusively from the standard's creator, and pay them a fee.

        They don't /really/ care if you break the encryption, because no DVD-player manufacturer could ever go out and use the cracks to avoid paying Sony / Toshiba/NEC. AACS has done its job, in that sense.

        I'm glad AACS was cracked. I don't particularly like the idea that I have to rely on a physical copy of something I allegedly only own the rights to "watch" anyways.
    • by Anonymous Coward on Thursday April 12, 2007 @01:27PM (#18704803)
      You mispelled "Pwned".
  • by jhfry (829244) on Thursday April 12, 2007 @01:12PM (#18704527)
    No more movies! Ever! We quit!

    The movie industry.
    • Re: (Score:2, Informative)

      by Thyrteen (1084963)
      Well, as they said yesterday, who wanted to wait a whole 24 hours for this one to happen? :)
      Score:
      HD-DVD DRM: 0
      Crackers: 2

      • by CogDissident (951207) on Thursday April 12, 2007 @01:39PM (#18704991)
        Anyone else find it funny that this came out just as they were putting people together to push out the new updates?

        I have this mental image of a guy in overalls hauling boxes and boxes of patched DVDs out to the truck, looking up at the news-monitor in the shipping yard, and just a single tear falling.
        • Re:That does it! (Score:5, Insightful)

          by SillyNickName4me (760022) <dotslash@bartsplace.net> on Thursday April 12, 2007 @01:42PM (#18705045) Homepage
          I have this mental image of a guy in overalls hauling boxes and boxes of patched DVDs out to the truck, looking up at the news-monitor in the shipping yard, and just a single tear falling.

          Hmm.. I'd think he'd smile tho. nice job security for a while.
          • Re:That does it! (Score:5, Insightful)

            by Oktober Sunset (838224) <sdpage103NO@SPAMyahoo.co.uk> on Thursday April 12, 2007 @03:32PM (#18706953)
            I see a little thought balloon appearing above his head, with the word Overtime!, then a tiny image of him going Scrooge McDucking style in a huge pile of money.

            Meanwhile, the fat cat manger receives the report on how much it cost, a single tear is about to fall, as he thinks he can only buy 3 new yachts this year instead of 5, but then he remembers that actually, he can just shift the blame onto someone else and so still get his $20 million bonus, then he remembers how he would get it anyway even if he didn't fuck up. Then he cuts all all the cleaning staff's pay to make up part of the loss and he gets an even bigger bonus and can buy 7 yachts.

            Then all the shareholders get their dividend report, all start crying uncontrollably as they realise their investment is paying out worse than a Scotsman on comic relief night. However instead of doing something like kicking out the board, they bleat along to the tune, The Haaaaaackers did it, BAAAAAAAAAAD hackers. Cut to fat cat manager, takes a break from Scrooge McDucking it in his pool of money and he cuts pensions and healthcare for all shipping and logistics staff. Cut back to original guy, who has to spend all his overtime money on buying his kid new braces, .

            Meanwhile, the government outlaws, fair use, free speech, free thought, freedom, etc.

            Capitalism at it's finest.

    • Fine by me. (Score:5, Interesting)

      by Kadin2048 (468275) <slashdot DOT kadin AT xoxy DOT net> on Thursday April 12, 2007 @01:28PM (#18704819) Homepage Journal

      No more movies! Ever! We quit!

      The movie industry.


      That really wouldn't be the worst thing in the world. There's a huge demand for movies, but they're expensive to make and the current movie industry sucks up most of the available investment dollars. There's no "secret sauce" involved in making a movie; it's just very, very expensive, and the people with enough cash to bankroll a film would rather go with an established, sure bet, rather than taking a chance on someone or something new.

      If the current players just decided to pack up and go home, the new industry that would rise up in its place would doubtless be a lot more creative -- at least in the short term -- and we'd probably see a lot of new material out of it. In time, it would probably stagnate, too, because that's the way of things.

      The main problem with the current situation is that the dinosaur companies have bought protection for their business models from the government, and essentially have propped themselves up. There's nothing bad with companies getting big, but there's also nothing that says they have a "right" to stay in business, either. Failing business models deserve to die, and the companies that rely on them deserve to die, too; when they don't, you're stopping what ought to be a natural economic progression.
      • Re: (Score:3, Insightful)

        by jhfry (829244)
        That's kinda my point... there is still ton's of money to be made without need for this DRM BS. They will never just pack it in and stop making movies.

        However they do love to make it sound like DRM is essential for there to be any money in producing movies.
      • Re:Fine by me. (Score:4, Insightful)

        by Hijacked Public (999535) * on Thursday April 12, 2007 @01:48PM (#18705183)
        After reading the first sentence I thought someone was making a good point, but the signature line negates it.

        Keep cracking DRM schemes and all you'll get are more laws aimed at stopping you, more vigorous enforcement, and more DRM integrated into your hardware.

        Stop buying DRM'd content in the first place and maybe you'll get somewhere.
        • Re:Fine by me. (Score:5, Insightful)

          by Kadin2048 (468275) <slashdot DOT kadin AT xoxy DOT net> on Thursday April 12, 2007 @02:05PM (#18705479) Homepage Journal
          After reading the first sentence I thought someone was making a good point, but the signature line negates it.

          My signature or the GP's?

          Anyway, I think it's important to work on both fronts. First, I agree that the best bet is just to not purchase anything that's DRMed at all. But since that means basically bowing out of a large portion of our culture -- I mean, no late-model VCRs (macrovision) or tapes, no DVD players or discs, no TiVO -- I think you're going to have trouble getting enough people to follow you to make it significant. There's no point in throwing yourself in front of a tank if they're just going to run over you and nobody else is going to notice or care.

          Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do, and who are more profitable as a result.

          The major remaining problem is that the entertainment industry in particular has so much political influence that it's going to require a lot of vigilance and advocacy to keep them from trying to use the law to buoy themselves as they start to sink -- or barring that, pull everyone else down with them. We haven't had much luck in this in the past, hence we've seen the AHRA, the DMCA, and lately the Mickey Mouse Protection Act go through. But if we can keep the visibility of their actions high -- which is aided by putting pressure on them and forcing them to be more and more outlandish and openly anti-consumer -- while at the same time denying them revenue by boycotting DRMed products and sucking their revenue through a guerrilla campaign against the DRM systems themselves, they'll eventually be forced to quit.
          • Re: (Score:3, Insightful)

            by araemo (603185)
            "Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do
          • Re: (Score:3, Insightful)

            by Draknor (745036)
            Continually breaking the DRM schemes costs the studios a lot of money. It ensures that DRM is never "fire and forget;" and it turns DRM from being a one-time cost into a continual cost center, a black hole that they need to keep pouring money into. If you can make the cost of maintaining an effective DRM system higher than the cost of the piracy that it allegedly prevents, then it will eventually go away -- either the companies will see the light, or they'll be run out of business by other companies who do,
      • Re:Fine by me. (Score:4, Insightful)

        by Lumpy (12016) on Thursday April 12, 2007 @01:52PM (#18705233) Homepage
        There's no "secret sauce" involved in making a movie; it's just very, very expensive,

        no it's not. having overpaid prima donna union actors, union workers and extravagent locations, props and lunches IS expensive. making a killer good movie IS NOT expensive.

        go watch El Marachi. It's better than most everything made at Hollywierd and was less than the cost of a cheap car.

        a crapload of great movies are made for dirt.
        • by MobyDisk (75490) on Thursday April 12, 2007 @02:46PM (#18706153) Homepage
          Dear Indie Movie Lover,

          Explosions are expensive.

          Sincerely,
          Most people
          • by Kenshin (43036) <kenshinNO@SPAMlunarworks.ca> on Thursday April 12, 2007 @03:18PM (#18706739) Homepage
            Dear Most People,

            Controlled explosions are expensive.

            Sincerely,
            Someone who played with fireworks as a kid
          • by cyberfunkr (591238) on Thursday April 12, 2007 @03:52PM (#18707247)
            Dear Most People,

            Most common items don't explode. They spark, they pop, they burn, they shatter; but big booms with infernos and visible concussion waves are few and far between.

            Sincerely,
            Reality
          • Re:Fine by me. (Score:5, Insightful)

            by DigDuality (918867) on Thursday April 12, 2007 @03:54PM (#18707295)
            Dear Mr HaveNoTaste,

            There's many great movies without explosions. In fact most of the action packed movies with no dialogue except one line meat heads, sci-fi that's nothing but action with lasers, romance that's nothing more than repetition of Wedding Crasher, Meet the Fockers, and some crap with J Lo in it over and over again, all the CGI laden movies, with huge acting names in them.. tend to be really flat movies. They have no feeling, no passion, crap stories, crap dialogoue.

            But ooh ooh.. look! Explosions! zomg. that's so cool.

            Amazing movies were made on shoestring budgets. And not just cult classics. 12 Angry Men anyone? To Kill a Mocking Bird? These didn't exactly cost a fortune.Actors are overpaid, and Hollywood is too scared to try ideas that aren't sure things.

            Sure we could have another 20 movies with Will Farrell or Ben Stiller in them, but I could really give a crap. Rodriguez and Tarintino could've made Grindhouse out of their pockets, and look how many actors and producers chipped in because they wanted to do something fun.

            Movies need to get back to people who love to make them rather than these scientologiest nutbags who marry women doped up on too many prescribed pills while pregnant and not knowing who the daddy is.
        • Re: (Score:3, Insightful)

          by CastrTroy (595695)
          It's like saying "making software is expensive". Well, its as expensive as you want to make it. If you find programmers who want to make the software for free in their spare time, using free tools, then it's very cheap. If the programmers want to get paid $100 an hour, and want to use tools that cost $5000, then it is expensive to write software. All it takes to write software is time and a cheap computer. All it takes to make a movie is time and a video camera.
        • Re: (Score:3, Informative)

          by Mister Whirly (964219)
          Or Clerks. Easily better than most Hollywood flicks at 1/1000 the price.
      • Re:Fine by me. (Score:5, Informative)

        by kebes (861706) on Thursday April 12, 2007 @01:58PM (#18705335) Journal
        Good post.

        This assertion:

        There's no "secret sauce" involved in making a movie; it's just very, very expensive.
        caught my eye. Actually I would say it's an untested hypothesis that movies are expensive. Currently movie production is basically a monopoly (actually a cartel). By definition monopolies have no competition, hence there is no incentive to try and make things cheaper. This gives rise to the massive salaries and creative accounting that Hollywood engages in. (Somehow, on paper, they actually have razor-thin profits even when the movie made 10-times as much money as the supposed budget.)

        If Hollywood were replaced with something new, that was actually a competitive marketplace to make decent movies at the lowest price, I bet they would cost only a fraction of what they cost now. I imagine a movie that nowadays costs $30 million could actually be made for $600,000 once salaries became more reasonable, advertising were less extensive, and studios were forced to optimize their workflow to keep the budget down. The quality/budget ratio of independent films lends credence to this theory.

        Current movie prices are massively inflated because they are a monopoly. If that monopoly were removed, I bet the new price of movies would be low enough that people wouldn't bother with unauthorized duplication... because the genuine article would be cheap enough already.
        • Re:Fine by me. (Score:5, Insightful)

          by smellsofbikes (890263) on Thursday April 12, 2007 @02:29PM (#18705857) Journal
          >The quality/budget ratio of independent films lends credence to this theory.

          I'm not trying to be snide here, but I suspect you haven't seen very many independent films. Most of them *suck* *incredibly*, but the very best 0.1% are quite good indeed, competitive with the best stuff coming out of Hollywood. I think it's something like a Boltzmann distribution [wikipedia.org] -- Hollywood has a very steep curve, so there's not a lot of difference between their very best movies and their worst. Bollywood's best are about as good, but their worst are much worse. Chinese films, at their best, are superb, but the worst ones I've seen have been nearly unwatcheable. Then you go to an independent film competition -- I'm not talking Sundance, I'm talking some local art scene competition -- and you begin thinking to yourself "I'd pay $30 to not have to watch the rest of this."

          Money doesn't guarantee a movie will be good, but it does heavily indicate the movie won't be appallingly bad.
          • Van Helsing (Score:3, Insightful)

            by freeweed (309734)
            Money doesn't guarantee a movie will be good, but it does heavily indicate the movie won't be appallingly bad.

            Except for Van Helsing. Sadly, I watched the entire thing because of a promise - trying to disprove a comment of "this movie has no redeeming value whatsoever"; I didn't think it was possible to spend $200 million and not have SOMETHING worth seeing.

            I spent the last 90 minutes of that atrocity thinking up unique and interesting ways to gouge out my eyeballs.
      • Re:Fine by me. (Score:5, Insightful)

        by HTTP Error 403 403.9 (628865) on Thursday April 12, 2007 @01:59PM (#18705347)
        I think TV killed the movie industry. A traditional movie is a dinosaur compared to TV. The level of character and plot development in a single season of a one hour drama is so much greater than a single two hour movie can provide. If the Sopranos were a movie franchise, we'd be on maybe the third or fourth movie - roughly equivalent to 6 or 8 TV episodes. It seems like movies compensate for the lack of character and plot development by using gimmicks or bigger explosions.
        • by Skreems (598317)
          You're not watching the right movies if you think there are none with character and plot development. Some stories are better told as a single 1.5-2 hour presentation than split over episodes.
        • I think you definitely have a point, but I think it may be like debating the relative merits of the poem versus a 1,000 page novel. They both have their place.

          One of the reasons I think serialized TV shows have become popular lately is because they're not controlled by the big movie studios, at least not as directly. (Yeah, they're mostly bankrolled by the networks, and they're mostly owned by the same handful of media companies, but they're further from the centers of power.) There have been opportunities
    • That is the second or third remake of "We quit!", and they're not getting any better.

      <insert usual rant about inbred entertainment industry management noodlebrains>
    • Defective By Design (Score:3, Interesting)

      by gcnaddict (841664)
      Here's an outlandish idea:

      Microsoft and Toshiba screwed this up on purpose to undermine the AACS. Defective by Design, sure, but this is probably one of the few times that it ROCKS.
    • They still make movies? I thought they fired all the actors and hired lawyers instead.
  • I LOVE this! (Score:5, Insightful)

    by jhfry (829244) on Thursday April 12, 2007 @01:19PM (#18704637)
    It seems that the /. crowd, and the tech industry in general, knew well before AACS was ever released that it would be a flop. We knew it would do nothing to prevent disks from being copied, we knew it would do nothing but hurt the consumer, and we knew it was an utter waste of money.

    Yet the movie industry pushed forward, and look where it got them... exactly where we said it would, nowhere.

    I can't wait until they realize that it's not worth it, and just stop concerning themselves with copy-protecting their media and instead focus on creating good movies.
    • Freudian Slip (Score:4, Interesting)

      by zuki (845560) on Thursday April 12, 2007 @01:25PM (#18704759) Journal
      I was reading parent post and did a double-take, as what I got of it was:

      "I can't wait until they realize that it's not worth it, and just stop concerning themselves with creating good movies, and instead focus full-time on copy-protecting their media."
      ...which in a way seemed to make total sense, there is a perverse part of myself that thinks that this is almost where we are headed.

      Z.
    • Re:I LOVE this! (Score:5, Insightful)

      by suv4x4 (956391) on Thursday April 12, 2007 @01:27PM (#18704795)
      I can't wait until they realize that it's not worth it, and just stop concerning themselves with copy-protecting their media and instead focus on creating good movies.

      Let's keep things straight:

      writers/directors/actors focus on creating good movies;
      movie distribution/marketing companies focus on wasting money on copy protecting their media.
      hackers concentrate ruining the cop protection efforts;
      the general consumer looks at the easier way to get their movie, be it rental/torrent/buy DVD/p2p: whatever seems better value.
      • by jhfry (829244)

        writers/directors/actors focus on creating good movies;
        movie distribution/marketing companies focus on wasting money on copy protecting their media.
        Yes, but if you took the resources wasted by the distribution/marketing companies to DRM their content, the writers/directors/actors would have more resources to create better (arguably) movies. Or at least profits could be better which would help offset the losses from illegal distribution.
        • Re:I LOVE this! (Score:4, Insightful)

          by badasscat (563442) <basscadet75&yahoo,com> on Thursday April 12, 2007 @02:53PM (#18706289)
          Yes, but if you took the resources wasted by the distribution/marketing companies to DRM their content, the writers/directors/actors would have more resources to create better (arguably) movies.

          It's more like, if hacks like Joel Schumacher stop getting $200 million budgets to make the next crap Hollywood "blockbuster" that ends up bombing at the box office anyway, then other directors will have more resources to create better movies, or at least more of them.

          The bottom line is expensive special effects don't make good movies. Never have. Ever heard of Citizen Kane? Casablanca? The Graduate? On the Waterfront? One Flew Over the Cuckoo's Nest? Not a single explosion in any of those movies.

          Movie budgets have basically no correlation to movie quality. It takes approximately zero dollars to write a good script. Maybe a couple bucks for some paper and a pen. Not even a computer's necessary - most of the best scripts ever produced were written in the days of the typewriter. It is true that there's a base budget that's necessary to actually produce an existing script - film/tape stock, equipment rentals, talent payroll, catering, etc. - but that is so far below what the average budget is these days that it's completely ridiculous.

          In other words, the money spent on DRM has absolutely nothing to do with the quality of our movies. Writers, directors and producers have no constraints whatsoever put on them by DRM on the home video side. And if you want to complain about bad movies, it's probably because there's too much money flying around rather than not enough.

          (That said, there are plenty of great movies being made today, including in Hollywood but also outside of it. If you're not finding them, then that's mostly a personal problem.)
          • Re: (Score:3, Insightful)

            by blincoln (592401)
            The bottom line is expensive special effects don't make good movies. Never have. Ever heard of Citizen Kane? Casablanca? The Graduate? On the Waterfront? One Flew Over the Cuckoo's Nest? Not a single explosion in any of those movies.

            But imagine how much *better* a few... hundred... explosions could make those films. Imagine a Citizen Kane where Orson Welles screams "Roooooosssebuuuuuuudddd!", his hair poofs up Dragonball Z style, and he emits a shockwave of grief which levels Neo-Tokyo.

            Seriously though, I d
      • Re:I LOVE this! (Score:5, Insightful)

        by ben there... (946946) on Thursday April 12, 2007 @02:42PM (#18706073) Journal
        Looks like as with all media post-internet, the solution is to cut out the middle man:

        1) writers/directors/actors focus on creating good movies;
        -->2) movie distribution/marketing companies focus on wasting money on copy protecting their media.<--
        (hackers concentrate ruining the cop protection efforts;)
        3) the general consumer looks at the easier way to get their movie, be it rental/torrent/buy DVD/p2p: whatever seems better value.
      • Re:I LOVE this! (Score:4, Insightful)

        by FireFury03 (653718) <{gro.kusuxen} {ta} {todhsals}> on Thursday April 12, 2007 @04:10PM (#18707633) Homepage
        the general consumer looks at the easier way to get their movie, be it rental/torrent/buy DVD/p2p: whatever seems better value.

        Ah, but the thing is that the DRM _reduces_ the value of the legitimate product.

        • If I buy a DVD and put it in a legitimate player I get to sit through long unskippable videos telling me that copying is bad. If I download a copy of the movie I can just sit down and watch it.
        • If I buy an HD DVD I can't play it on my computer because I use Free software (DRM is fundamentally incompatable with Free software). If I download a copy of the movie then it works just fine.
        • If I buy some music on a corrupt optical disc (which seem to be still sold as "CDs"), I can't play it on my computer, can't rip it to Vorbis files to play on my in-car Vorbis player and it may not even work on some legitimate CD players. If I download a copy of the music then it works just fine.
        • If I buy "protected" content then I can't back it up, meaning I have to carry the original discs with me which could be lost or damaged. If I download it then I can back it up just fine.


        In all of the above cases, the content producers are actually pushing me _away_ from the legitimate product because the illegal version is much, much better.

        The only way you can get away with screwing your customers like that is if there is no way for *anyone* to copy the product. As soon as one person has copied it, anyone else can download the copy.

        Most people _want_ to buy content legitimately, but DRM or extortionate prices prevent them from doing so.
    • Re:I LOVE this! (Score:5, Interesting)

      by Pope (17780) on Thursday April 12, 2007 @01:27PM (#18704799)
      DRM or not, the current 1 freaking minute booting time for HD DVD players (dunno about BluRay) is enough to put me off the damn things.
      • Re: (Score:3, Funny)

        one minute booting time?

        are you serious? I don't own one (never will - I don't condone the BD or HD-DVD 'protection' concepts and they'll never get dollar one from me).

        why on earth does it take that long? for every startup?

        are you talking about software based players (on a pc) or hardware set-top boxes?

        (what are they doing? calculating PI to zillions of digits or something??) ;)
      • Re: (Score:3, Insightful)

        by SydShamino (547793)
        The fact that they consider my TV that I spent $3 grand on unworthy of their video, because it doesn't have the correct plug thingy in the back, is enough to put me off the damn thing.

        Oh, and I watch 100+ movies a year (over 30 so far this year in the theater, another dozen on DVD). Most of those were independent films at festivals, but still, I'm the perfect market for HD movies at home: watch lots and lots of movies, invested early in hidef, etc. Instead they don't want to sell me product I can use.
    • When they decide that they can't prevent theft, they might just decide that they can instead use the increased distribution to their benefit via increased ads inside each movie.

      Might even make sence for them to produce two versions of the movies:
      1. Free Electronically distributed , with ads maybe non skipable commercials between chapters
      2. Not free, no ads + DRM

      of course pirates would still try and rip the add free discs, and or remove the ads from the free version, but it might remove the incentive

      • by rikkards (98006)
        I mean, most still watch tv with ads, instead of tivo-ing it and skipping the commercials or downloading it without commercials, right?

        Nope. I have a PVR and I still download most stuff rather than fastfoward through commercials. The only thing I use my PVR for is stuff that isn't high demand
  • Ouch (Score:5, Interesting)

    by Grimfaire (856043) on Thursday April 12, 2007 @01:21PM (#18704673)
    Someone really needs to fire whomever the MPAA uses for deciding on security for these things. Haven't they heard the golden rule of computer security? "Security by obscurity is no security" and that's all they are doing is trying to hide a key. Find the key... no security. Sheesh....
    • by geoff lane (93738)
      With the added bonus realization that it only has to happen *once* in the digital domain and you've got "perfect sound (and video) for ever".

    • Re:Ouch (Score:5, Insightful)

      by Kimos (859729) <kimos.slashdot@g ... SD.com minus bsd> on Thursday April 12, 2007 @01:35PM (#18704933) Homepage
      It's not the fault of the MPAA directly. It's the fundamental flaw of DRM.

      Encryption works because parties A and B exchange data that is encrypted with a key that party C does not have. In the case of DRM, you have the encrypted data and you have the keys that you need to decrypt and view the data. You are in essence parties B and C. They hide the key from you in the players and software, but it's there if you know how to find it. That's why DRM can and will never work. It's security through obscurity.
      • Re: (Score:3, Insightful)

        by TrekkieGod (627867)

        Encryption works because parties A and B exchange data that is encrypted with a key that party C does not have. In the case of DRM, you have the encrypted data and you have the keys that you need to decrypt and view the data. You are in essence parties B and C.

        I've heard that a lot and it does make sense to me that it would be a fundamental flaw if it was true. Unfortunately it's not. You're not both parties B and C. Your media player is party B, and it's responsible for showing (but not giving you a copy of) the unencrypted content to party C.

        In terms of standard encryption, that's like you sending an encrypted file to me, with the understanding that Joe is in the room with me and will also see it on my monitor. I don't have to give the encryption key to

        • Re: (Score:3, Insightful)

          by danaris (525051)

          ...that's like you sending an encrypted file to me, with the understanding that Joe is in the room with me and will also see it on my monitor. I don't have to give the encryption key to show Joe what you sent me.

          ...Until Joe pulls out his baseball bat and threatens to break your kneecaps if you don't give it to him.

          Which is about the closest analogy I could get to "you open the player up and start analyzing its guts with a multimeter and logic probes", which you can do with a media player, legally, with e

    • by ad0gg (594412)
      Security by obscurity is a valid security principle but it shouldn't be used alone. It should part of your overall security implementation. Problem with DRM, and why it will always fail, is that the consumer/user needs the ability to decrypt the protected content. Consumer/user has to have access to the decryption key.
      • by Pharmboy (216950)
        Security by obscurity is a valid security principle but it shouldn't be used alone.

        At best, "Security by obscurity" is a way to buy a little bit of time, nothing more.
  • by Firethorn (177587) on Thursday April 12, 2007 @01:22PM (#18704695) Homepage Journal
    I'd try to crack the stuff from a number of different fronts, but keep quiet until I've cracked a few. With several cracks and exploits found, I'd be able to start working on higher level cracks, due to understanding the system.

    Then I'd start releasing the cracks, starting with some of the simpler ones, only releasing another when they patch the exploit I released, resulting in an ongoing sense of futility as every time they fix the holes, I point out another.

    Best exploit I think? Stealing or cracking the key to every code created for the discs. That way they'd have to throw the whole system out in order to achieve 'security' again. No current players would work. While a massive beowolf cluster cracking the whole thing would be neat and worthy of the NSA, I think that's unlikely. More possible but still pretty much 'mission impossible' would be a physical theft. If only the DVD Security Group protected those keys like government officials protect our information*...

    hm...

    *Yes, I'm still a bit irked about having my info stolen at least three times
    • Re: (Score:2, Redundant)

      by garcia (6573)
      I'd try to crack the stuff from a number of different fronts, but keep quiet until I've cracked a few. With several cracks and exploits found, I'd be able to start working on higher level cracks, due to understanding the system.

      No, it's better to keep the industry fucking around with each one as they come out than to have a couple at once (hell, how do you know they haven't already cracked a few into the future?).

      This kind of release pattern will continue to drive the industry bonkers while they try to yank
      • What he was suggesting was to find several cracks, then start releasing them one by one, and in the meantime, try to find broader cracks. That keeps the industry on the defensive, and gives the crackers time to try to do more before things get patched. Unfortunately, enough crackers are after fame that that strategy would never work.
    • Re: (Score:3, Insightful)

      by kebes (861706)
      The problem with what you describe is that the hacking groups are basically engaged in a (friendly?) competition with each other. All the hacker groups know that any copy-protection will eventually be broken, but "the fun" is in trying to do it *first*. So if one group kept quiet and tried to amass a bunch of cool hacks, they would be "beat" by another group who releases news that they've cracked device X or extracted title key Y. No matter how quiet some hacker groups decide to be, there will always be oth
      • by Firethorn (177587)
        I was assuming that the hackers/crackers have some private channels of communication, I was talking about the public general release stuff.

        By keeping quiet about cracks, that's more discs covered by each crack, as they don't pull the key until it's cracked, thus more production.
    • by mhall119 (1035984) on Thursday April 12, 2007 @01:47PM (#18705151) Homepage Journal
      It's not a matter of one cracked key being easy, and another being hard. The fact of the matter is that once you crack a device, it's wide open, there is no more cracking left to be done on that device. It also means that once you crack one device, you have access to all the movies published to date, so cracking another device doesn't gain you anything.

      From my understanding, the AACS system is already a very well understood system. It is actually documented and available for public viewing. The way these people are obtaining keys is by finding design flaws in the way different devices implement the system. For WinDVD, it was found that one of the keys is available in system memory at a given point while loading the disc content, and could be captured by reading the right memory address. I'm sure something similar is happening with the XBox360 keys.

      The WinDVD key was revoked by AACS, and future movies will not be playable on the cracked version of WinDVD, but a free upgrade to WinDVD will use a new key that cannot be obtained the same way. Revoking the XBox key for future movies will be more problematic, since it would presumably require a firmware upgrade, and making the HD-DVD's most popular playback device unable to play the newest blockbuster movie won't be good for HD-DVD sales.

      Brute-force cracking all, or even a small number, of the AACS device keys would take years, probably tens or hundreds of years (I'm not sure exactly what the device key length is). Finding ways to make a playback device give up that information is much faster and easier. Further more, once you crack a single device key, you can get the encryption key for the content of any movie, then anybody can decrypt that movie based on that key, without need of the device or device key. Going back to the WinDVD keys, any movie encrypted with the old WinDVD key can now be decrypted, making a whole generation of HD movies available DRM-free.
      • by Firethorn (177587)
        It's not a matter of one cracked key being easy, and another being hard. The fact of the matter is that once you crack a device, it's wide open, there is no more cracking left to be done on that device. It also means that once you crack one device, you have access to all the movies published to date, so cracking another device doesn't gain you anything.

        I figure that some devices are harder than others. Simple fact. I was simply talking about not releasing a crack while another one's still 'active' IE the
  • So, how long until my XBOX 360 HD-DVD drive, which I've yet to use even once (waiting for support in Leopard), officially becomes a doorstop, boatanchor, call-it-what-you-will?

    "I could have you[r HD-DVD drive] revoked."
    "Revoked?"
    "Yeah, K-I-L-L-E-D, revoked."
    • by BobPaul (710574) *
      New software dvd players may refuse to use it/force you to update the firmware, but my understanding is that if you only use the drive for cracking and never playback, it will not become a doorstop--you'll be able to use it to get volume keys indefinitely.
  • by Some_Llama (763766) on Thursday April 12, 2007 @01:26PM (#18704785) Homepage Journal
    The race is on, let me tell you from the perspective of online gaming and the cheat vs cheat detection wars:

    The hackers have the edge.

    But if you develop the AACS standard at least you have job security ;)
    • But if you develop the AACS standard at least you have job security ;)

      Well if your a coder maybe, if you designed the spec? I just hope they gave the poor sucker a few minutes of head start!
      • "I just hope they gave the poor sucker a few minutes of head start!"

        With the turn around of the last crack, it seems this is exactly how much head start they gave....



        (yes i meant coders, stupid early morning wit! Teh coffee does nothing!)
  • by djdbass (1037730) on Thursday April 12, 2007 @01:26PM (#18704787)
    ...this is just barely 24 hours after they announced it was fixed? Great work to those involved. Hell I can't get a change approved in 24 hours!
    • by chrisv (12054)
      Heh. By the Doom9 forum, they had this 5 days before WinDVD and such were patched - so make that -120 hours ;)
  • Actually a success (Score:4, Insightful)

    by zeroharmada (1004484) on Thursday April 12, 2007 @01:34PM (#18704929)
    While I think everybody has been making good points so far, you have to remember that in the long term copy protection is actually winning. While these measures might be meant in name to stop piracy, their true value is in taking out fair use as collateral damage. The goal of DRM is not to stop piracy, but to make it difficult enough that Joe User will not be able to convert or make backups through a point and click interface. If this copy protection has done that, then it is making them money.... shame all it does is hurt the people who legitimately buy their products.
    • by jfengel (409917) on Thursday April 12, 2007 @01:47PM (#18705149) Homepage Journal
      Do you really think that there's this enormous market of people buying replacements of DVDs that they've already bought but lost or broke?

      Or buying a second copy on iTunes because they can't play the DVD on their iPod?

      I mean, I'm sure these things happen, but I can't imagine that it's a significant percentage of the market. It seems to me that if they removed the DRM entirely and stopped trying to shut down P2P sharing software, so that you'd have no difficulty downloading anything you wanted, they'd lose far, far more potential sales to people downloading rather than buying.
      • Do you really think that there's this enormous market of people buying replacements of DVDs that they've already bought but lost or broke?

        Or buying a second copy on iTunes because they can't play the DVD on their iPod?

        I mean, I'm sure these things happen, but I can't imagine that it's a significant percentage of the market.

        Even a single person doing one of these things is a failure of Fair Use, and is therefore unacceptable.

        • by jfengel (409917)
          I wasn't aware that Fair Use was one of those holy rights, like life, liberty, & pursuit of happiness.

          So playing the same game, if even a single person who would buy a BloodRayne DVD decides to download it instead, that's a failure of Copyright, and is therefore unacceptable.

          We have a conflict of rights. Have you got a better solution other than "my right trumps everybody else's"?
    • by danpsmith (922127)

      While I think everybody has been making good points so far, you have to remember that in the long term copy protection is actually winning. While these measures might be meant in name to stop piracy, their true value is in taking out fair use as collateral damage. The goal of DRM is not to stop piracy, but to make it difficult enough that Joe User will not be able to convert or make backups through a point and click interface. If this copy protection has done that, then it is making them money.... shame all

  • Doesn't the lack of HDMI output on the 360 make this a bit of a pointless exercise?
    • by Aladrin (926209)
      You haven't been following the news, eh? The 360 'elite' that will be sold very soon has HDMI as one of it's main new features. The other is a larger hard drive.
    • by DShard (159067)
      It doesn't matter that it doesn't have HDMI after you strip the encryption and play the file from your laptop/media center/DVR
  • AACS (Score:5, Funny)

    by dattaway (3088) on Thursday April 12, 2007 @01:45PM (#18705103) Homepage Journal
    Another Aacs Crack Soon
  • by BCW2 (168187)
    When will all the various DRMorons figure out that whatever they create WILL get cracked. They can't win. What a bunch of wasted time & effort! If they adapted their business model to current technology they might see an increase in sales.
    • Re: (Score:3, Interesting)

      by photomonkey (987563)

      They don't care if it gets cracked. They only care how difficult it is to keep up with the crack-patch cycle. Their goal is to make it difficult or risky for John Q. Everyman to copy movies and music.

      They have to know that all their security measures will be broken. They can win by attrition.

  • Hacking (Score:3, Insightful)

    by alphamugwump (918799) on Thursday April 12, 2007 @01:58PM (#18705337)
    This is some sweet hacking.

    How ironic that we need to hack hardware that we ourselves own.
  • Don't use cracks (Score:3, Insightful)

    by iamacat (583406) on Thursday April 12, 2007 @02:27PM (#18705815)
    There are plenty of entertainment options. You can watch regular TV, videos on YouTube or just take a walk in the park. Why go out of the way to patronize people who are not willing to serve content the way you like it?
  • That took longer than I thought it would.
  • Want to hurt AACS? (Score:3, Insightful)

    by rahvin112 (446269) on Thursday April 12, 2007 @03:15PM (#18706693)
    If someone really wanted to hurt the AACS system they would find and release the playback keys for the top 10 standalone players preferably after one of the formats has achieved success. If the top 10 players suddenly couldn't play the discs anymore and a lot of people had the players, the difficulty in reflashing all those players by the common public would either hurt sales SEVERELY or cause them to not revoke the players for fear of the damage it would do to the reputation of the hi def format.

    So if you really want to hurt them, pull out your soldering iron and pull those keys from the standalone players.

It is much easier to suggest solutions when you know nothing about the problem.

Working...