Forgot your password?
typodupeerror
Encryption Media Movies Security

BD+ Successfully Resealed 443

Posted by Soulskill
from the effort-vs.-reward dept.
IamTheRealMike writes "A month on from the story that BD+ had been completely broken, it appears a new generation of BD+ programs has re-secured the system. A SlySoft developer now estimates February 2009 until support is available. There's a list of unrippable movies on the SlySoft forums; currently there are 16. Meanwhile, one of the open source VM developers seems to have given up on direct emulation attacks, and is now attempting to break the RSA algorithm itself. Back in March SlySoft confidently proclaimed BD+ was finished and said the worst case scenario was 3 months' work: apparently they underestimated the BD+ developers."
This discussion has been archived. No new comments can be posted.

BD+ Successfully Resealed

Comments Filter:
  • Getting Old (Score:4, Funny)

    by Thyamine (531612) <thyamine@ofdrago n s .com> on Saturday December 13, 2008 @10:21AM (#26102435) Homepage Journal
    I can tell I must be getting old when one of my first responses is 'Cmon, just go buy the movie already'.
    • Re:Getting Old (Score:5, Insightful)

      by Darkness404 (1287218) on Saturday December 13, 2008 @10:25AM (#26102459)
      The problem isn't that people aren't buying the movie, its because when I buy the movie I can't convert it to use on several devices. For example, say I have 3 desktops and one has a Blu-Ray drive. I don't want to spend ~$400 on Blu-Ray drives for the other 2 of my desktops so it makes more sense to rip the movie, stream it across the network or put it on a high-capacity external hard drive and read it from there.
      • Re:Getting Old (Score:5, Insightful)

        by Animaether (411575) on Saturday December 13, 2008 @12:12PM (#26103287) Journal

        Your reply is exactly why Thyamine is 'getting old'.

        Rewind to the 80's, if you will. There were no DVD players - you'd be lucky to have a CD player - and certainly no computers that would be playing back high quality video (exceptions aside, I know the Archimedes did some pretty nice things, but I wouldn't quite call it 'high quality'.).

        So if you had 2 TVs in the house - say, 1 in the living room and 1 in the bedroom - and 1 VCR (let's not ponder where). So you buy a VHS (or beta or Video2000.. 'tis the 80's, after all), get home, and then curse the heavens that The Corporate Man is keeping you down by not allowing you to magically play back that same video on both TVs, just for the pathetic excuse they bring forth that you would need a 2nd VCR? .. probably not. You'd just eventually get another VCR.

        If you purchased a CD, would you kick up a shitstorm about not being able to play that back on your walkman? .. probably not. You'd just get your tapedeck and record the CD straight to tape.

        Fast forward to 'now'.. instead of you saying "well, I guess I'll just get a blu-ray drive for that machine as well" or "I guess I'll just have to record the video with a capture card / my computer's video-out"... you realize it's well past the 90's, everything is digital, and by jove that means you have the right to duplicate and format shift the media's content as you damn well please, and screw the corporations for making this difficult for you.

        I'm not saying that that is a wrong stance on things... but the change to digital has changed how we all view these things as well. The old ways (getting a second drive, or recording to a different media - yes, you may get quality loss) still work, but now we resist due to the changed mindset that came with going digital.

        • Re:Getting Old (Score:5, Insightful)

          by Anonymous Coward on Saturday December 13, 2008 @03:19PM (#26104859)

          Rewind to the 1780s, if you will. There were no CD players, or tape players, or LP players, or even phonographs. So if you wanted to listen to music on demand, you'd have to hire musicians to play it, or maybe have a little sing-song with your friends and family.

          If you hired a string quartet, would you kick up a shitstorm about not being able to get them to come back and play an encore whenever you wanted? ...probably not. You'd just hum the tune to yourself instead, or maybe buy another harpsichord.

          Okay, I think you can fill the rest in for yourself. My point, insofar as I have one? Technology does advance, and the whole reason why we bother to encourage technology to advance is that it makes our lives better. So it is not only reasonable for us to expect to be able to stream video around our houses -- that expectation is exactly the right attitude to have. Our distant ancestors didn't put all that effort into evolving opposable thumbs and bipedal posture just to have us slouch back in our sofas and let corporations stifle innovation to protect their business models.

        • Re: (Score:3, Insightful)

          by LackThereof (916566)

          So you buy a VHS (or beta or Video2000.. 'tis the 80's, after all), get home, and then curse the heavens that The Corporate Man is keeping you down by not allowing you to magically play back that same video on both TVs, just for the pathetic excuse they bring forth that you would need a 2nd VCR? .. probably not. You'd just eventually get another VCR.

          Actually, back in those days, it would be trivial to split the video signal coming out of the VCR and run cables across the house to the second TV(or lazier/cheaper yet, use the RF output for 1 tv, and the composite output for the second TV). I know many people who did just this to avoid buying a second VCR, back when they were still expensive enough for it to matter. The major difficulty was that you couldn't control the VCR from the other room, but the FBI warning and previews gave you plenty of time to

        • Re:Getting Old (Score:5, Insightful)

          by arkhan_jg (618674) on Saturday December 13, 2008 @07:01PM (#26106437)

          Equally, the corporations didn't put in restrictions to stop us making copies. Oh, wait, they did. Sony tried to stop betamax players having record buttons. They lost, and making your own tapes of TV shows (timeshifting) became a new fair use right.

          Well, it's 1984 all over again, and the media companies are trying their damndest to stop us using our own property in our own houses as we wish. They lost using copyright law. It's perfectly legal to transcode your films to hard-disk under copyright law, so they went and got a new law, the DMCA, to make it illegal to even talk about breaking the crappy locks on the products they sold us.

          He's not complaining about the convenience, or the digital nature of it. He's complaining that the media companies are deliberately putting new technical and legal restrictions to take away the rights we've had for 20 years, and make him use his own discs in the limited time and method of THEIR choosing. And we shouldn't let the tight-fisted bastards get away with it.

    • by Ada_Rules (260218) on Saturday December 13, 2008 @10:38AM (#26102529) Homepage Journal

      I can tell I must be getting old when one of my first responses is 'Cmon, just go buy the movie already'.

      Yes you are getting old but not for the reason you think.

      I don't have any movies/songs that I did not buy but I also won't buy any BlueRay players or Disks until they are broken.

      While I am not a huge purchaser of DVDs (I probably own less than 200 counting a few TV series that come on multiple disks) I do buy the movies/shows that I really like but I hate having to go through the cabinet, find the disk, remember to have the kids put away theirs when done, etc.

      I want my movies on a central server in my house for easy access. This is not practical with stand-alone disks. I'd even be willing to pay a few dollars more for a version where the license specifically allows me to transfer the item to a server like this.

      • by Sponge Bath (413667) on Saturday December 13, 2008 @11:50AM (#26103071)

        I want my movies on a central server in my house for easy access.

        The studios made their views on this pretty clear when they sued a company that designed and installed such setups. They prefer you to pay once for a fragile disc and then pay again after your kids use it as a frisbee. The slog back and forth to a shelf of discs is just a daily affirmation of whose bitch you are.

    • I'm confused by this in a different way... How can they change the algorithm after it's broken already? Do the bluray players update themselves or something? Wouldn't any changes make older players not be able to play the newer movies? I'm confused...
      • Re: (Score:2, Informative)

        by kkwst2 (992504)

        The player runs a type of virtual machine, but the actual code is contained on the disc itself. This code executes on the VM running on the player and authenticates the player/environment before it will allow the disk to play.

        I'm not completely familiar with the crack of BD+, but I think they didn't complete crack the algorithm, just found a work around. Apparently they were able to change the coding slightly such that it breaks the work-around while still running in players.

      • Re:Getting Old (Score:5, Informative)

        by IamTheRealMike (537420) <mike@plan99.net> on Saturday December 13, 2008 @12:56PM (#26103685) Homepage

        BD+ isn't an algorithm so there's no global crack unless the designers made a serious mistake in their implementation. A movie protected by BD+ is partly damaged ... elements of the video stream are deliberately corrupted, making it unwatchable. The BD+ program runs and checks out the environment it's in. If it's happy it spits out a patch table, which tells the player how to repair the movie. Note that the patch table can alter the movie in arbitrary ways - theoretically, things could change depending on what player you use. This allows the developers to discover which player is leaking video.

        Early BluRay discs weren't protected by BD+ at all, and the first titles that were barely used the features BD+ provides. They existed only to detect a buggy software player but otherwise didn't do much. This was deliberate - the BD+ people are playing a long game, and don't want to play all their cards at once. The idea is to reveal their tricks slowly, such that it takes a few months to unravel each time. Because most sales of the movies are soon after they come out, it doesn't matter if a 6-12 month old program is broken.

        In theory every title could have a unique BD+ program that takes time to crack, but that's pretty expensive, so they seem to come in waves. Probably there are only a few people in the world who know how to write BD+ programs and then their work is used on lots of discs.

        The first round in this game was easy - the BD+ titles simply relied on obscurity to protect them. If they ran at all, they spat out the patch table. After SlySoft and later the doom9 guys figured out how BD+ worked, there were confident predictions that the system was broken, but of course that was never the case. The second round is the one we're on now and it's apparently quite the smackdown ... nobody knows what they've done, but making the new programs think they're in a licensed player is tough.

        FWIW I don't buy nor download BluRay movies, I just find BD+ a fascinating battle of wits. I'm sure there'll be a lot of back and forth over the lifetime of the system.

    • Re:Getting Old (Score:5, Insightful)

      by schon (31600) on Saturday December 13, 2008 @10:56AM (#26102643)

      That's the entire point - I *want* to buy the movie, but I won't until it plays on my hardware.

      I have hardware that is capable of playing HD content, but the content providers are erecting artifical barriers to prevent me from doing it. Once the stupid DRM is cracked, I'll buy it.

      • I *want* to buy the movie, but I won't until it plays on my hardware.

        That's truth right there. After being burned a few times and wasting a lot of money, I decided a while back never to buy music or movies on a medium that I can't transfer. I've lost too many CDs, scratched up too many DVDs, had too many things go mysteriously bad to continue wasting money on such an archaic concept as DRM.

        It's a really simple rule. If a company treats me like a criminal from the outset, even though I have done absolutel

    • Re:Getting Old (Score:5, Insightful)

      by earthforce_1 (454968) <earthforce_1@yah[ ]com ['oo.' in gap]> on Saturday December 13, 2008 @10:58AM (#26102665) Journal

      The problem is I can't watch the damned thing under Linux, until BD+ is forever broken.

    • Re:Getting Old (Score:5, Interesting)

      by Lumpy (12016) on Saturday December 13, 2008 @11:13AM (#26102759) Homepage

      I do buy the movie already. but putting in a Disc is so arcane it's not funny. I have a high end media server system that will play HD very well. I want that movie on my system so I can pick the film and watch it WITHOUT all the useless crap and menu garbage.

      So I BREAK and rip every disc.

    • Re: (Score:2, Insightful)

      You know what's really getting old? DRM, and it's not getting old gracefully. DRM doesn't work. It never did work, it probably never will work. Maybe it's about time that big movie execs started thinking along the lines of satisfying customers, rather than forcing them to bend over with every purchase. Fuck Bluray. They obviously don't want our money.
      • Re:Getting Old (Score:5, Insightful)

        by johnsonav (1098915) on Saturday December 13, 2008 @11:36AM (#26102931) Journal

        DRM doesn't work. It never did work, it probably never will work.

        I'm pretty sure this story is about how DRM does work. It keeps people from copying the movie in full HD resolution, without getting in the way of 90% of consumers, and stays within the bounds of the law. That's pretty much the definition of successful DRM, from the industry's perspective. Until there is a crack available, BD+ is the current and best example of working DRM.

        You know what would change the movie company attitudes about DRM? Massive public outrage, something that just hasn't happened yet for movies (for games, on the other hand, it has, somewhat). Most people never run up against the limitations imposed by DRM. I think we have to wait until people become more accustomed to the potential of ubiquitous media sharing before they care widely about movie DRM.

    • Re:Getting Old (Score:4, Interesting)

      by BorgDrone (64343) on Saturday December 13, 2008 @11:17AM (#26102779) Homepage

      Why do I have to buy movies again if I already own the DVD ? What is it exactly that I'm buying when I purchase a DVD or CD ?

      Do I pay for a license for the movie/album/etc. meaning I can get a replacement copy for just the production costs of the disc if it breaks or a new format is introduced ? Or am I buying a physical object that I'm free to do with as I please ?

    • by Wowsers (1151731)

      Surely this quest by programmers / crackers (call them what you will) is not about buying the movie or getting it "for free" on torrents. It's about breaking the discs to break the (apparently legal) movie / music cartels, breaking enforced regionalised disc sales, and breaking enforced device viewing so you can view the content you paid for on any device.

      With VHS analogue tape, the only thing setting you back was the PAL/NTSC/SECAM conversion problem, but a VHS tape could be played anywhere in the world. N

    • by westlake (615356)
      I can tell I must be getting old when one of my first responses is 'Cmon, just go buy the movie already'.

      And it's sweet revenge that the "unbreakable" titles are the must-haves for the Geek. Titles like Firefly and Futurama.

    • I'm not buying a Bluray movie until I can rip them. Why? (1) I want to play in a player which will skip region coding and UOP [wikimedia.org] crap. (2) I want to play them on any device, and a frequently rip DVDs and move them around at the moment.

      Am I a dirty "pirate"? No. In fact I've only ever made an unauthorized copy of one movie, and that was because the movie is unavaiable [wikimedia.org] through any other means. (Great film by the way ...)

      I have stacks and stacks of purchased DVDs at home.

      Rich.

    • by mrops (927562)

      I can tell I must still be young when one of my first responses is 'Cmon, just go download the movie already'.

  • Give it some time. (Score:5, Insightful)

    by sinserve (455889) on Saturday December 13, 2008 @10:22AM (#26102441)

    The fact that it's well done makes it all the more attractive to crack.

    • by tolan-b (230077)

      Also, correct me if I'm wrong, but then end of February is less than 3 months away, so how did Slysoft underestimate the BD+ developers like the summary says?

      • by flooey (695860)
        They said it was less than 3 months away in March, 2008.
        • by tgatliff (311583)

          Actually... They said it in Dec. You can clearly see the posting date..

          I hope that they are not just going after it with some sort of brute force attack and hoping for the best. Speaking of that... Maybe they should have implemented a distributed work flow model in their software. I am sure that a million or so computers working at the same time on the problem would speed things up a bit..

        • by Zironic (1112127)

          You get an F in reading comprehension.

          Future releases will undoubtedly have a modified
          and more polished BD+ protection, but we are well prepared for this
          and await the coming developments rather relaxed". Van Heuen adds
          jokingly: "The worst-case scenario then is our boss locks us up with
          only bread and water in the company dungeon for three months until we
          are successful again".

    • Re: (Score:3, Funny)

      Yes, and I'm very disappointed that I can't get put an uncracked HD version of Space Chimps on a movie server.

    • by tgatliff (311583)

      I disagree... If you look at the later revisions to the Direct TV card encryption, the earlier versions were easy to crack, but the later revisions proved much too difficult for the average person to take on.

      Meaning... If done right, the BD+ can easily prove uncrackable for many years to come. Having things done right in the corporate world, however, is rare..

      • by Dun Malg (230075)

        I disagree... If you look at the later revisions to the Direct TV card encryption, the earlier versions were easy to crack, but the later revisions proved much too difficult for the average person to take on.

        Meaning... If done right, the BD+ can easily prove uncrackable for many years to come. Having things done right in the corporate world, however, is rare..

        Not the same issue. DirecTV uses a smart card system with an embedded ASIC. There are "secrets" in the card that cannot be discovered without extremely expensive equipment. These secrets are what make it secure. Early cards had flaws that allowed attackers to load software patches onto the card. The new cards are inaccessible. Bluray disks have all their data in the open. There are no secrets, just encryption.

  • by Samschnooks (1415697) on Saturday December 13, 2008 @10:26AM (#26102465)
    That sounds like a direct challenge! If it weren't, Sense and Sensibility, Desperate Housewives, and other chick flicks would be on the list, but no! It's Futurama and Firefly! Two of the geeks Holiest series!

    Next, as a double dare to the Geek community, they'll make Star Trek and Star Wars unrippable! This is war!

  • by tkrotchko (124118) * on Saturday December 13, 2008 @10:35AM (#26102511) Homepage

    "and said the worst case scenario was 3 months work: apparently they underestimated the BD+ developers"

    Okay, so they said worst case scenario was 3 months work [presumably in case BD+ was changed in some way]. And the developer said February 2009 was their date for "fixing" things. Let me do the math slowly:

    December 2008 - 0.5 month (half-way through)
    January 2009 - 1.0 month
    February 2009 - 1.0 month
    TOTAL - 2.5 months

    So since 2.5 months is less than 3 months, how did they "underestimate" anything?

    • by Zironic (1112127) on Saturday December 13, 2008 @10:51AM (#26102613)

      As you all know, journalism and reading comprehension don't mix.

      • Re: (Score:3, Insightful)

        If you had read the linked articles, you would have seen that SlySoft ran into problems at the start of November, that was actually before the open source VM was released. Just because I didn't spell out everything for you in the summary doesn't mean you have to be sarcastic.

    • by AaxelB (1034884)
      I was just about to comment correcting you (saying the "worst case" was from the perspective of those cracking BD+), but I just actually read the relevant article, and apparently the submitter can't read.

      The 3 months is the worst case for how long it will take them to break the long-expected "modified and more polished BD+ protection" which is now here. So let's check back in March.
    • by OverlordQ (264228)

      Back in March SlySoft confidently proclaimed BD+ was finished and said the worst case scenario was 3 months work.

      Read the first half of that sentence.

      • Re: (Score:3, Informative)

        by Zironic (1112127)

        Read the source of that sentence:

        Future releases will undoubtedly have a modified
        and more polished BD+ protection, but we are well prepared for this
        and await the coming developments rather relaxed". Van Heuen adds
        jokingly: "The worst-case scenario then is our boss locks us up with
        only bread and water in the company dungeon for three months until we
        are successful again".

  • I actually like the idea of a technical battle of merit. This might drive advances in softwaretech. I admire the people who create and try to protect the BD+ protection scheme although that doesn't mean I support BD+ itself. This technological game of chess is not over yet, even if Slysoft proclaimed that the BD+ king was dead. Now, the move is unto the cracking camp lead by Slysoft and supported by people of the Doom9-forums and other amateurs.

    For those who don't understand this, I regret not being able to

  • by bugnotme (1138795) on Saturday December 13, 2008 @10:55AM (#26102633)
    The open source dev has not given up. He, and others, are looking *concurrently* at weaknesses in the RSA implementation. "BD+ Successfully Resealed" is an overstatement. Although some movies currently aren't rippable the prevailing attitude is that it is only a short matter of time to fix defects in the open source VM.
  • by Sockatume (732728) on Saturday December 13, 2008 @11:10AM (#26102735)
    I'm no cryptographer, but isn't this like realising you can't crack a safe, and deciding it'd be easier to invent a machine that will undo the metallic bonds that hold its constituent atoms together?
    • by Zironic (1112127)

      Seems so, the key is 1280 in length so it would probably take a silly amount of time to break.

    • by mikelieman (35628) on Saturday December 13, 2008 @11:18AM (#26102793) Homepage

      How *else* are we going to get matter disintegrators?

      Isn't that how Science makes progress?

    • by johnsonav (1098915) on Saturday December 13, 2008 @11:19AM (#26102799) Journal

      Yeah, its pretty much like that. If I were one of the BD+ developers, I'd be pretty proud of the fact that the DRM-hackers thought that RSA was most vulnerable part of my DRM scheme.

      But seriously, if real advances are made in integer factorization because of attempts to crack BD+, I'm going to laugh my ass off.

    • by devman (1163205) on Saturday December 13, 2008 @11:34AM (#26102905)
      The key phrase is "their implementation". RSA the algorithm is sound as far as anyone can tell right now, but that doesn't mean they (BD+) didn't introduce a subtle flaw in their particular implementation of it.
      • I think if they managed to find a flaw in the BD+ implementation of RSA then that would still be a pretty respectable breakthrough. Given the number of systems out there are use their own implementation of the algorithm, if a flaw is present in BD+ then there is a pretty good chance that it is present in the other implementations as well.
        • by Free the Cowards (1280296) on Saturday December 13, 2008 @02:14PM (#26104365)

          It would be respectable (probably) but not very surprising. RSA implementations have been broken many times before, by holes ranging from exotica like power-consumption attacks (figure out the secret key by watching how much electricity the system consumes at any given moment) to utter foolishness like the Debian random seeding fiasco. One advantage the hackers have going for them is that there's huge cost pressure on these consumer electronics and this can cause the hardware manufacturers to skimp on good implementations. For example, the way you protect against timing or power-consumption attacks is to deliberately waste time and power while performing the algorithm, and a hardware manufacturer may not want to do that.

  • by ceemeister (1118409) on Saturday December 13, 2008 @12:33PM (#26103497)
    Yes the problem is that purchased BluRay discs simply won't play unless your computer system is 100% compliant, at every point in the chain. I have an older rear-projection television which only has composite analog video inputs for HDTV. With Slysoft's AnyDVD-HD I can play BluRay movies on my Home Theater PC since the DRM is bypassed, otherwise no BluRay for me. The fact that I can archive my BD movies on the hard drive is gravy, but it's certainly something many people are interested in doing with a home theater PC. Some may insist that defeating DRM only facilitates "Rent, Rip, and Return" where you can get your movies via Netflix, but except for the fact that you can watch the movie again after returning it, you're still breaking the DRM just so you can watch the darn thing in the first place. I have little interest in re-watching movies over and over again anyway, so I'm not depriving the license holders of anything by postponing when I watch the thing. And I'm so sick of DRM I'm not disappointed if it does upset the producers, sooner or later they'll have to just give up on the DRM nonsense -- it's not like it will ever really stop download piracy, but it does make it hard to make it work like it's supposed to. How is that going to help BluRay succeed? The alternative is just to download everything, legitimate or not.

Facts are stubborn, but statistics are more pliable.

Working...