Forgot your password?
Security Media Your Rights Online

AACS Revision Cracked A Week Before Release 346

Posted by Zonk
from the damned-time-traveling-pirates dept.
stevedcc writes "Ars Technica is running a story about next week's release of AACS, which is intended to fix the currently compromised version. The only problem is, the patched version has already been cracked. From the article: 'AACS LA's attempts to stifle dissemination of AACS keys and prevent hackers from compromising new keys are obviously meeting with extremely limited success. The hacker collective continues to adapt to AACS revisions and is demonstrating a capacity to assimilate new volume keys at a rate which truly reveals the futility of resistance. If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'"
This discussion has been archived. No new comments can be posted.

AACS Revision Cracked A Week Before Release

Comments Filter:
  • waste of time (Score:5, Insightful)

    by ILuvRamen (1026668) on Thursday May 17, 2007 @04:07PM (#19168295)
    If they put this much effort into making crappy movies not suck instead, they'd save a lot more money than trying to control every customer's lives
  • It's okay... (Score:5, Insightful)

    by Daychilde (744181) <> on Thursday May 17, 2007 @04:08PM (#19168311) Homepage
    ...I'm sure someone will solve the problem by writing more laws.

    That's always the solution, isn't it?

  • by toby (759) * on Thursday May 17, 2007 @04:09PM (#19168335) Homepage Journal
    Damn you long-haired smellies! Why can't you get with the program and just passively CONSUME!
  • by locokamil (850008) on Thursday May 17, 2007 @04:10PM (#19168345) Homepage
    You mean "failure"?

    Remember, kids: It's not torture, it's "enhanced interrogation techniques".
  • Re:waste of time (Score:5, Insightful)

    by luckingfame (1099289) on Thursday May 17, 2007 @04:11PM (#19168365)
    There was a great quote by Robe Zombie about those anti-piracy commercials in the movie theatres that were running for a bit. "I'm sitting in the movie theatre, what more do you want?!?"
  • DRM (Score:5, Insightful)

    by Ckwop (707653) * <> on Thursday May 17, 2007 @04:11PM (#19168367) Homepage

    This is quickly making DRM look less like rights management and more like digital restrictions mockery. Of course, we knew this from the start. Any security strategy that depends on giving the attacker both the key and lock is doomed to fail.

    The guys who make this DRM know its flawed but they still get paid when it fails. They must be quietly laughing all the way to the bank. Yet like morons the record labels keep handing money over. It's no wonder CD sales are declining when you're *that* clue-proof.

    EMI has the right idea. Shock horror, if you give the customer what they want, they'll pay you for it. I never would have guessed!


  • Re:It's okay... (Score:3, Insightful)

    by TheRealMindChild (743925) on Thursday May 17, 2007 @04:14PM (#19168423) Homepage Journal
    Right. We should get right to the root of it. Let's make it illegal to copy anything digitally. It's brilliant. I mean, what could go wrong???????????????????//
  • Re:DRM (Score:3, Insightful)

    by TheRaven64 (641858) on Thursday May 17, 2007 @04:15PM (#19168453) Journal
    Only if your primary news source is Slashdot. The mainstream media still refers to DRM as 'copy protection' technology for the most part, when in fact it is usage restriction technology with no impact on copying at all.
  • Re:waste of time (Score:2, Insightful)

    by Anonymous Coward on Thursday May 17, 2007 @04:17PM (#19168493)
  • by SSCGWLB (956147) on Thursday May 17, 2007 @04:18PM (#19168509)
    How is this economical for these companies? It should be simple:

    ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit)

    ProfitB = $MEDIA_INCOME - piracy loss

    I would bet that ProfitB is significantly larger then ProfitA.
  • by Thanster (669304) on Thursday May 17, 2007 @04:24PM (#19168633)
    Slight adjustment to your formula: ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit) - piracy loss ProfitB = $MEDIA_INCOME - piracy loss Kinda makes it clearer :-)
  • by LittleBigScript (618162) on Thursday May 17, 2007 @04:30PM (#19168723) Homepage Journal
    They are not just up against a determined people. They are up against SMART, determined people. These are the kind of people who will circumvent a problem before circle a petition.

    The AACS LA is really fighting a losing battle on this one. The question I have to ask is where and when are they going to cut their losses.
  • Re:waste of time (Score:5, Insightful)

    by l_bratch (865693) <> on Thursday May 17, 2007 @04:32PM (#19168759) Homepage
    The most confusing thing about the anti-piracy ads in cinemas (in the UK at least) is that they say something like:

    "Don't watch pirated films - you'll lose the big screen image quality, and the incredible sound, and your view won't be spoiled by the person that goes to the toilet in front"

    Whilst saying that last bit, they show a clip from a dodgy in-cinema cam job where somebody stands up in front of the camera.

    What they fail to realise is that people do that in the cinema!
  • AACS is done (Score:5, Insightful)

    by Jugalator (259273) on Thursday May 17, 2007 @04:33PM (#19168775) Journal
    I don't think hackers are always going to publically tell which software they found vulnerable, or if they went for the hardware, or exactly what. But it's quite clear they now understand where to look for the keys, so just changing them won't help anymore. And when you know the protection structure, I think this system is now pretty much as busted as the DVD protection became. GG
  • Cost Functions (Score:5, Insightful)

    by SlashdotOgre (739181) on Thursday May 17, 2007 @04:38PM (#19168839) Journal
    It amazes me that the movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy. The cost for a system like AACS must have been well into the millions, and I hope they realize that with all DRM systems it takes orders of magnitude less money to bypass them then it does to create them (and once a crack is known, that's all it takes). At the very best, DRM only buys them some time until it is cracked, and at worst is frustrates consumers to the point that they boycott the product. While the number of pirates may increase a bit if all media was DRM free, I don't believe it would be a significant increase from the amount who pirate now. I do believe the amount lost to new piracy would be less than the amount spent developing DRM, and perhaps the increase in sales due to people who only pirate because they hate DRM will off set that even more.
  • Re:It's okay... (Score:5, Insightful)

    by digitrev (989335) <> on Thursday May 17, 2007 @04:46PM (#19168985) Homepage
    I'm going to attempt an analogy. This may be horribly flawed, but there is some logic here.

    The current downloading of copyrighted files is akin to drinking during prohibition. The laws were on the books making drinking (sharing copyrighted files) illegal. However, that didn't stop people from drinking, and in fact simply forced the alcohol industry underground, where it was taken over by organized crime. The temperance movement (RIAA / MPAA) did their best to keep the laws on the books forcing what they thought was a horrible thing to become illegal. However in doing this, they made criminals out of everyday folk who blatantly disregarded the less than sensible laws. Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

    My point is that attempting to create or uphold laws that no one respects is futile. They can't and won't be able to prosecute every uploader of files, and eventually, the laws on the books will match the reality of what goes on in day to day life.
  • Re:waste of time (Score:5, Insightful)

    by TheRaven64 (641858) on Thursday May 17, 2007 @04:47PM (#19169011) Journal

    In my local cinema, the sound quality is pretty poor (stereo only on most screens, and some muppet has done strange things to the equaliser that heavily emphasise the bass), and the image is slightly blurred and full of little flickers where dust has got into the film.

    A DVD and a home projector and surround sound system give much better video and audio quality, don't have adverts, and can be paused when you want to get up and go to the toilet in the middle. For the price of two of you going to the cinema, you can buy a DVD and renting is even cheaper.

    The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD. If they did simultaneous releases, then I would expect to see piracy fall a lot. Mind you, I'd also expect to see most cinemas go out of business...

  • Re:waste of time (Score:2, Insightful)

    by Loconut1389 (455297) on Thursday May 17, 2007 @04:50PM (#19169095)
    Not to mention the teens making out behind you, the other teen on her cell phone in front and two seats over, the texan with the big hat in front of you and the screaming baby in the rear, the either freezing or burning hot temperature of the place, etc etc..

    There's very little reason to go to the cinema anymore- it's not a group experience like it once was, you don't talk with people afterwards, in fact if you're lucky you only have to ask someone to shut up once. Home stereos can sound pretty great, and don't cost as much as they once did and even projectors are somewhat affordable, with big screen TV's being pretty great too.

    There's very little reason not to watch on dvd, and the only reasons not to download is to support the people/companies involved if you like it or to avoid going to jail.

    I have a huge collection of purchased dvds, so don't go pointing fingers at me, but I do have strong opinions about downloading.
  • Umm... (Score:5, Insightful)

    by fyrwurxx (907932) on Thursday May 17, 2007 @04:50PM (#19169103)
    I never understood the MPAA/RIAA's approach to curbing piracy and increasing legitimate sales by imposing restrictions on those who pay for content. Think about it: a pirated album or movie comes with zero DRM and thus can be used for any purpose on any player an unlimited number of times. If I pay for that same album and purchase it through iTunes, I can only listen to it on my computer and my iPod. So here's my choice: pay for restricted content or download DRM-free content FOR free. Umm, who in their right mind would elect for the former?

    A more proactive approach to curbing piracy would not restrict the rights of the consumer, but expand them. Instead of pouring millions of dollars into encryption schemes that are cracked before they're released, invest that money into innovations like exclusive or pre-release content for paying customers. I might feel better about buying an album online if a) I knew I could use that album any way I want and b) got a little extra in return, like an interview with the band, an exclusive track, preferential treatment for concert tickets, or whatever. I know these exclusive tracks and interviews could just as easily be pirated, but it's the thought that counts. If you (the RIAA/MPAA) respect my right and desire to use my movies and music how I want, I'll be more likely to respect your right to compensation for said goods. Either way, putting digital handcuffs on your paying customers is definitely *not* the right approach.
  • by Anonymous Coward on Thursday May 17, 2007 @04:54PM (#19169195)
    Charles Stross had a great dig at this in his novel [i]Glasshouse[/i]:

    'We know why the dark age happened,' Fiore continues. 'Our ancestors allowed their storage and processing architecture to proliferate uncontrollably, and they tended to throw away old technologies instead of virtualizing them. For reasons of commercial advantage, some of their largest entities deliberately created incompatible information formats and locked up huge quantities of useful material in them, so that when new architectures replaced old, the data became inaccessible. 'This particularly affected out records of personal and household activities during the latter half of the dark age. Early on, for example, we have a lot of film data captured by amateurs and home enthusiasts. They used a thing called a cine camera, which captured images on a photochemical medium. You could actually decode it with your eyeball. But a third of the way into the dark age, they switched to using magnetic storage tape, which degrades rapidly, then to digital storage, which was even worse because for no obvious reason they encrypted everything.
  • utter fuckpuppets (Score:4, Insightful)

    by PurPaBOO (604533) on Thursday May 17, 2007 @04:55PM (#19169223) Homepage
    And then the utter fuckpuppets go on to say: "Buying pirated DVDs is stealing." This really gets my goat. Buying pirated DVDs is buying pirated DVDs. Stealing pirated DVDs would be stealing. Cnuts.
  • by WilliamSChips (793741) <> on Thursday May 17, 2007 @05:12PM (#19169579) Journal
    More likely the other way around: the people who actually care about the art will let anybody experience it, while the people who only care for money will charge unnecessary costs.
  • by mutube (981006) on Thursday May 17, 2007 @05:14PM (#19169627) Homepage
    Any law that makes a criminal out of the majority is a bad law by definition.

    But I liked your analogy too.
  • by Anonymous Coward on Thursday May 17, 2007 @05:17PM (#19169693)

    "Anyone using counterfeit products who 'recklessly causes or attempts to cause death' can be imprisoned for life."

    If people recklessly causing or attempting to cause death can't already be imprisoned for life in your country then you've got bigger problems than copyright infringement. Put in place normal laws against manslaughter and attempted murder now. Worry about copyright infringement later. Seriously.
  • Re:It's okay... (Score:5, Insightful)

    by Maxo-Texas (864189) on Thursday May 17, 2007 @05:19PM (#19169735)
    And now, the legal prices of booze are so low that there is no reason to make illegal booze.

    There is a lot of reason to copy a $20 movie ($35... $70 in some cases). There is absolutely no reason to copy a $5.50 movie.

    The movie company makes a lot less profit- but they still make a profit and anyone who pirates their movie is so clearly desperate for cash that the movie company isn't losing a dime on them.

  • Re:Umm... (Score:2, Insightful)

    by popeye44 (929152) on Thursday May 17, 2007 @05:25PM (#19169839)
    I agree with you for much of your statement. I'd further it by saying remove the drm.. and sell me 1 copy that includes multiple formats. One of the big selling points of this "HD technology blue and hd-dvd" Is their size is much larger than a standard dvd was. Let me buy a copy that has 3-4 different types of media on it. Freely movable "format shifted"
    at a reasonable price and you'll have a lifelong customer. Let me decide if I want to move those types of media to a new type in a few years as you are going to continually move forward. I should be able to as well without repurchasing everything again.

      I know what i want makes too much sense and is a pipe dream but we can all wish.
  • Re:It's okay... (Score:5, Insightful)

    by Opportunist (166417) on Thursday May 17, 2007 @05:30PM (#19169981)
    What's even worse is that if you criminalize people, they start to ignore the law. The sentiment being, if I already broke one law, what's another?

    Look back to prohibition times and see just how violent they were.
  • Re:waste of time (Score:5, Insightful)

    by TheWoozle (984500) on Thursday May 17, 2007 @05:50PM (#19170375)
    What DVDs have *you* bought lately? Mine have all come with 10 freakin' minutes of advertisements at the front that can't be skipped!
  • Re:DRM (Score:4, Insightful)

    by Laur (673497) on Thursday May 17, 2007 @06:19PM (#19170893)

    Not quite. The encryption on DVDs is a copy protection measure (snip). People who don't understand how it works usually come back with the response, "But you can just make a bit-for-bit copy!" Well, no, you can't, unless you work in a DVD manufacturing plant. With consumer-grade burners and media, it's impossible to burn a working encrypted disc, because you can't write to the area where the keys are supposed to be stored;
    That means that consumer-grade burners and media are defective, it doesn't mean that CSS is a copy protection technology. This is the same as saying that CDs contained copy protection technology when they were first introduced, since there was no consumer-grade CD media and burners at the time.

    the only way to make a working copy of the movie is to decrypt it first.
    Or use non-defective media (of which there is no consumer-grade versions, but as you note a professional DVD press will work fine), or just copy the disk to your hard drive, CSS and all. Making a copy of a digital file doesn't mean that you must copy it to the exact same medium type.
  • by Opportunist (166417) on Thursday May 17, 2007 @06:41PM (#19171309)
    Problem with those eye candy movies is the same it is with the eye candy games: They'll never become classics. In 10 years, nobody will care 'bout the eye candy and will just see the crap around it.
  • by HTH NE1 (675604) on Thursday May 17, 2007 @06:56PM (#19171593)

    The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD.
    No, there are other reasons. One is that the movie is out of print in all regions, unavailable for rent, rare enough that no one is selling it used, and so encumbered with conflicting publication rights that it will never again be republished unless it manages to survive its interminable copyrigh++.
  • Re:waste of time (Score:5, Insightful)

    by Grishnakh (216268) on Thursday May 17, 2007 @06:59PM (#19171631)
    You can always buy higher-quality DVDs on Ebay from sellers in Malaysia. These DVDs are better than the store-bought versions since they don't have commercials, and can play on any region player.
  • Re:It's okay... (Score:5, Insightful)

    by Grishnakh (216268) on Thursday May 17, 2007 @07:06PM (#19171713)
    Why not?

    Why do people still make their own furniture with woodworking tools instead of just buying furniture from K-mart?

    Why do people build their own computers from components, instead of just buying a computer from Dell?

    Why do people install their own tile instead of just hiring a contractor?

    Why do people write their own software instead of just buying it from Microsoft, or hiring a consultant to do it for them?

    Why do people brew their own beer, instead of just buying a Coor's? (Moreover, why is this legal and distilling your own whiskey illegal?)

    If a country values freedom, it shouldn't restrict what people do in their own homes as long as non-consenting people aren't affected.
  • Re:waste of time (Score:3, Insightful)

    by badspyro (920162) < minus punct> on Thursday May 17, 2007 @07:09PM (#19171741)
    hell, half of the time, i get movies off the net just to skip that crap...
  • Re:It's okay... (Score:5, Insightful)

    by jez9999 (618189) on Thursday May 17, 2007 @07:44PM (#19172213) Homepage Journal
    Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

    Like those arrested for possessing cannabis?
  • Re:waste of time (Score:4, Insightful)

    by Kelbear (870538) on Thursday May 17, 2007 @08:26PM (#19172697)
    These anti-piracy ads are just ads for piracy. You go into the movie theater after paying to see it legally, to end up watching an ad talking to you about watching movies for free without fat smelly bastards sitting next to you and talking on his cellphone while noisy little punks kick your seat and throw popcorn from behind you at the kid in front of you getting his giggles off of shining a laser pointer on the screen.

    These ads do not work as intended.
  • Re:It's okay... (Score:3, Insightful)

    by 72beetle (177347) on Thursday May 17, 2007 @08:45PM (#19172885) Homepage
    What's happening with the RIAA/MPAA is more like someone is making booze that people want but they don't like paying for the bottle, so they're stealing drinks right off the keg.

    Yeah, no. Stealing a drink off the keg means one less drink in the keg. Not the case with duplication. You fail.
  • Re:waste of time (Score:3, Insightful)

    by jridley (9305) on Thursday May 17, 2007 @09:20PM (#19173181)
    I could, except that I wouldn't have any sense of suspense if for some reason I was forced to watch the superbowl live.

    I have no problem watching movies months after release. I'm not sure why it's so hard to avoid spoilers. Hell, I look up on usenet at hit movies that were released in the last year or two and the titles aren't even familiar, I have to go to IMDB to see what the heck they're about. I certainly don't know what happened in them.
  • Re:AACS is done (Score:3, Insightful)

    by The Master Control P (655590) <`moc.kcahsdren' `ta' `reveekje'> on Friday May 18, 2007 @01:03AM (#19174981)
    Hardware DRM can't work either, for the exact same reason: I have the ciphertext and the algorithm, so all they can do is try and obfuscate the location of the hardware keys. But no matter what, you have to put pre-shared keys somewhere on the chip. Therefore, it is a matter of putting the chip in acid and looking under a scanning electron microscope until you find the right memory area: Game over, MAFIAA loses.

    And yes, if I had $50000 to spare, I would buy an SEM in a heartbeat to smite them. Well, that and SEMs being incredibly awesome.

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA