Doom9 Researchers Break BD+ 345
An anonymous reader writes "BD+, the Blu-ray copy protection system that was supposed to last 10 years, has now been solidly broken by a group of doom9 researchers. Earlier, BD+ had been broken by the commercial company SlySoft." Someone from SlySoft posts a hint early in the thread, but then backs off for fear of getting fired. The break is announced on page 15.
Kudos to them (Score:5, Informative)
That being said BluRay burners are expensive enough, and the blank media is expensive enough that I'll probably still buy my BluRay movies on Amazon.com (where I routinely find cheap deals as opposed to retail stores charging $35 per movie).
Re:Congratulations! (Score:2, Informative)
And thank you. As long as the DRM continues to be broken quickly as this, we will be able to exercise the freedoms that it was designed to take away from us. Yes, it doesn't solve the problem, but it brings a relief, when the unpleasant possibility that the DRM scheme might actually work this time is crushed. DRM or not, you will still be able to exercise your right to play the movie you bought, your fair use rights or whatever you believe you are in the right to do.
I don't think this is so much of a bad news for the MAFIAA, as their benefit from the DRM scheme will still be whopping, but it's good news for everyone that would have been hurt by it.
As the article says... (Score:5, Informative)
...start reading on page 15, it'll discuss (a) what they did and (b) how resistant it is against potential counterattacks by the BD+ people.
Mind you, the idea was not to break the underlying encryption scheme (breaking AES could still turn out being hard for the next couple of years...), but rather disable the BD+ security layer.
Not quite the last barrier for linux (Score:4, Informative)
For reading BD+ BRs on Linux, the problem is they had to use patched firmware. This doesn't bode well for widespread adoption on Linux by non-technical users. Patching firmware is scary for most consumers, who will face the possibility of bricked drives.
The key will be to either bypass the drive's firmware with virtualization or to somehow have the firmware patch to happen safely and automatically on as many drives as possible. Hopefully something that could be done in the Linux kernel drivers for the BR drives and/or the SCSI drivers.
Re:cool! (Score:2, Informative)
Since the court of appeal thinks CSS is still quite adequate I'd say no for now.
See http://www.turre.com/blog/?p=156
Physical access FTW (Score:1, Informative)
Which just goes to show that the analog hole is alive and well. If you give someone something that they can touch and feel and experience, it can be recorded or cracked, its just a matter of time and effort.
Re:As the article says... (Score:5, Informative)
As far as I can tell, it wasn't actually disabled though. What they guy did is write his own BD+ VM. An impressive feat for sure, but that attack was always anticipated. As the dude says later,
So basically the disk authors can keep up for as long as they can trace the VM of an existing licensed player. They don't need to do that currently because no publishers are searching for their VM specifically.
They'll probably be able to do this for as long as publishers want their discs to be playable on software players, simply because it's quite easy to reverse engineer x86 code on a PC, when you have a debugger and plenty of Jolt. I don't know what the BluRay player market looks like. If most BluRay players are hardware based, then as a movie studio I'd be tempted to simply write some BD+ code that looked for existing software players and banned all of them. Then the "trace a licensed player" step outlined above suddenly turns into a silicon reverse engineering problem instead of a software reverse engineering problem. Much harder.
That said, I doubt they'd actually do that. Presumably they allowed software players for a reason, despite knowing they were way easier to hack than hardware players.
Great (Score:3, Informative)
I'm sick of my VirtualBox/WinxP/AnyDVD-HD setup. I'd MUCH rather a native Linux command-line tool to automate the process when inserting the disc. ;-)
Thank you to all developers! Great work!
Re:As always with DRM (Score:0, Informative)
good one, pirate justification that reads like it was written by a 16 year old. add that you're going to stick it to the evil corporate man and it's a hat trick
Re:Congratulations! (Score:5, Informative)
Is this just for MKBv7 (Media Key Block) or is BD+ permanently broken?
For the most part it is permanently broken. BD+ is just a very simple virtual machine - these guys reimplemented the virtual machine. So the disc publishers can write all kinds of new copy prevention code in the BD+ 'language' but the doom9 guys' VM will be able to execute it pretty much like any sanctioned BD+ VM would. The disc publishers might start exploiting non-standard or undefined behavior in the BD+ VMs (presumably most hardware players all just run the same BD+ VM from macrovision, so any bugs in it should be the same across most if not all hardware players) but such shenanigans won't be too hard to reverse engineer and include into the clone VM.
Now when the publishers switch to MKBv8 that will be a new set of AACS keys that will need to be rediscovered, but that's independent of and in addition to BD+.
WIPO (Score:3, Informative)
Member of WIPO [wikipedia.org]? Then yes you do [wikipedia.org].
Re:Congratulations! (Score:2, Informative)
Sure, congratulations on getting this far, but the Slashdot story is entirely exaggerated. People are working hard on BD+, and it'll probably fall sooner or later, but it certainly isn't "solidly broken" yet.
To quote Oopho2ei himself:
The whole project consists of three major tasks:
1. vm instruction processing (95% done)
2. trap implementations (80% done)
3. event/callback processing (10 % done)
I'm sure they'd be happy to get some help, though. There's a lot of programming gruntwork to be done.
Re:As the article says... (Score:1, Informative)
Re:cool! (Score:4, Informative)
The broadcast flag was defeated (which isn't to say that it won't be resurrected in the future, but there's way too much silicon out there which ignores it for that to be a practical matter for a long time). HD broadcasts are just as open as analog; they're just an MPEG-2 transport stream with AC3 audio (usually).
Why we are giving these guys props (Score:5, Informative)
When Slysoft did this in March. I've had those versions of AnyDVD and CloneDVD for several months. Why is this news? Seriously, not trolling here, but even the submitter mentions this and links to the original Slashdot article on it.
Because their software is open. Their developments are contributions to the pool of human knowledge. Slysoft's achievement is also deserving of praise, but they while they showed us it could be done (which most of us assumed), these developers showed us how.
Re:Physical access FTW (Score:4, Informative)
What? Cracking DRM has NOTHING to do with the 'analog hole'.
Re:As always with DRM (Score:5, Informative)
Completely wrong.
There are innumerable different player keys, which can be individually disabled on all future discs. Every different brand of player uses a different key, and presumably, different models from the same brand likely use separate keys as well.
It's a fairly simple trick to do. The disc is encrypted with a "disc key". That disc key is stored on the disc, but AES encrypted, using millions of "player keys"... Your player uses its player key to decode the disc key, then uses the disc key to decrypt and play the disc.
When Sony notices that your player key is being publicly distributed, they stop using your player key to encrypt the disc key... Your player (or ripping software as it were) then can't play any future discs, until you upgrade it to a new key.
Re:cool! (Score:3, Informative)
Why do you say "usually"? To the best of my knowledge, AC3 is the only supported audio codec in the ATSC standard* (defined in A/52). MPEG-2 is similarly the only supported video codec.**
*To be pedantic: 2-channel AC3 is actually called AC2, but nobody cares, and even Dolby screws up the notation on a regular basis.
**Also being pedantic: MPEG-2 decoders are all backwards compatible, so a broadcaster could conceivably choose to use MPEG-1 video.
Re:Congratulations! (Score:5, Informative)
It's not broken yet. The work is still very much ongoing, and this Slashdot story is an exaggeration.
There's great work being done for sure, but it's not FINISHED yet by any measure.
They have a BD+ implementation that works perfectly on many BD+ discs. It doesn't cover every corner case of the VM yet, but I would consider that pretty much broken. At least you're down to the publishers playing new tricks, find the corner case, update decoder and it's done. It means that once this gets coded up into a real player, I expect that within a week or two of any BD release it'll almost certainly play on Linux. I'd call that good news.
Re:As the article says... (Score:5, Informative)
The PS3 can run Linux. Stock PS3s run Sony's XMB OS, not Linux. I wouldn't doubt the Blu-Ray player using a hardware decoder, or at least the RSX (graphics) chip.
Re:As always with DRM (Score:2, Informative)
Re:As always with DRM (Score:2, Informative)
I don't know if you've actually seen blu-ray movies in comparison with DVD movies, then, because it is actually a huge improvement. Blu-ray movies look amazing - if you need proof, go to pirate bay and download one.
You of course won't notice a difference on non-HD TV, but on a computer monitor or HDTV the difference is quite large and well worth the upgrade in my opinion.
The difference in quality is so apparent on an HDTV that even the many people who didn't notice a difference between VHS and DVD immediately see the massive improvement.
Re:Patent trouble (Score:5, Informative)
Second, you need to understand what the remedy is for a patent holder whose patent is violated. There are no "patent police" who go out and look for patent violators. Patent owners have to keep their own vigilance, and when they think their patent is being infringed the remedy is to sue the infringers. The result of such a suit is usually an injunction to force the infringer to stop selling his competing products. (Probably the most famous case of this was Polaroid v. Kodak, where Kodak was forced to abandon their entire line of Polaroid-like instant cameras, of which they had sold millions.)
Now bearing this in mind, exactly what would Sony or Fox or whoever get by suing Doom9? They aren't making money off of this, they just gave it away. Injunctions notwithstanding it's almost impossible to stop the dissemination of software whose authors have deliberately tried to make it available for free. There are no profits to seize, and any effort to show a dollar amount for damages would be very iffy. Patent infringement is not fraud and is not criminal, so there is no risk of anybody going to jail. All in all, there's not much the patent holder can do in this case except suck it up and go on to the next project.
Re:As the article says... (Score:5, Informative)
Presumably at some point its BD+ program is cracked and sales will fall as high quality rips show up on the internet
Or, ya'know, the opposite. True, there are those who want the copy protection lessened so they can pirate - but there are also those (including myself) who want to be able to do things like play the disk on Linux, make legitimate backups (fscking kids keep scratching my disks), and ripping the movies to play them on portable devices (at lower resolutions, anyway).
Yes, yes, I know I'm part of a sufficiently small minority to be largely ignored by people who impliment things like BD+, but there has got to be plenty enough people out there like me to make your simple equation far less feasible. No sharp drop if the crack leads to a somewhat counterbalancing increase in sales.
Re:How does it work? (Score:2, Informative)