BD+ Successfully Resealed 443
IamTheRealMike writes "A month on from the story that BD+ had been completely broken, it appears a new generation of BD+ programs has re-secured the system. A SlySoft developer now estimates February 2009 until support is available. There's a list of unrippable movies on the SlySoft forums; currently there are 16. Meanwhile, one of the open source VM developers seems to have given up on direct emulation attacks, and is now attempting to break the RSA algorithm itself. Back in March SlySoft confidently proclaimed BD+ was finished and said the worst case scenario was 3 months' work: apparently they underestimated the BD+ developers."
Re:BD+ (Score:4, Informative)
Learn a second language, you'll see there's no shortage of quality movies.
Re:Getting Old (Score:2, Informative)
The player runs a type of virtual machine, but the actual code is contained on the disc itself. This code executes on the VM running on the player and authenticates the player/environment before it will allow the disk to play.
I'm not completely familiar with the crack of BD+, but I think they didn't complete crack the algorithm, just found a work around. Apparently they were able to change the coding slightly such that it breaks the work-around while still running in players.
Re:I guess I can't count (Score:3, Informative)
Read the source of that sentence:
Future releases will undoubtedly have a modified
and more polished BD+ protection, but we are well prepared for this
and await the coming developments rather relaxed". Van Heuen adds
jokingly: "The worst-case scenario then is our boss locks us up with
only bread and water in the company dungeon for three months until we
are successful again".
Re:Getting Old (Score:5, Informative)
From my understanding the crack was to emulate the VM to the point it could run existing programs, these new disks come with a more complex program their emulated VM can't handle.
Re:Break the RSA algorithm? (Score:5, Informative)
Re:Getting Old (Score:5, Informative)
The part where you have 19 MegaBYTES per second of bandwidth...(full 1080p stream from disc)
No.
Besides the fact that a stream's bandwidth is *never* defined in bytes per second (because 'byte' in the context of a stream isn't well-defined - ie. does it include error correction bits, transmission overhead, etc.), the bluray association itself [blu-ray.com] says that BD-ROM video streams are 54Mbps.
Re:Getting Old (Score:5, Informative)
BD+ isn't an algorithm so there's no global crack unless the designers made a serious mistake in their implementation. A movie protected by BD+ is partly damaged ... elements of the video stream are deliberately corrupted, making it unwatchable. The BD+ program runs and checks out the environment it's in. If it's happy it spits out a patch table, which tells the player how to repair the movie. Note that the patch table can alter the movie in arbitrary ways - theoretically, things could change depending on what player you use. This allows the developers to discover which player is leaking video.
Early BluRay discs weren't protected by BD+ at all, and the first titles that were barely used the features BD+ provides. They existed only to detect a buggy software player but otherwise didn't do much. This was deliberate - the BD+ people are playing a long game, and don't want to play all their cards at once. The idea is to reveal their tricks slowly, such that it takes a few months to unravel each time. Because most sales of the movies are soon after they come out, it doesn't matter if a 6-12 month old program is broken.
In theory every title could have a unique BD+ program that takes time to crack, but that's pretty expensive, so they seem to come in waves. Probably there are only a few people in the world who know how to write BD+ programs and then their work is used on lots of discs.
The first round in this game was easy - the BD+ titles simply relied on obscurity to protect them. If they ran at all, they spat out the patch table. After SlySoft and later the doom9 guys figured out how BD+ worked, there were confident predictions that the system was broken, but of course that was never the case. The second round is the one we're on now and it's apparently quite the smackdown ... nobody knows what they've done, but making the new programs think they're in a licensed player is tough.
FWIW I don't buy nor download BluRay movies, I just find BD+ a fascinating battle of wits. I'm sure there'll be a lot of back and forth over the lifetime of the system.
Re:Getting Old (Score:0, Informative)
This is false. Blu-ray players are not required to be connected to the internet.
Re:Getting Old (Score:5, Informative)
No, you're not. According to the DMCA however, you're still a criminal. Isn't it wonderful?
Re:Break the RSA algorithm? (Score:4, Informative)
It would be respectable (probably) but not very surprising. RSA implementations have been broken many times before, by holes ranging from exotica like power-consumption attacks (figure out the secret key by watching how much electricity the system consumes at any given moment) to utter foolishness like the Debian random seeding fiasco. One advantage the hackers have going for them is that there's huge cost pressure on these consumer electronics and this can cause the hardware manufacturers to skimp on good implementations. For example, the way you protect against timing or power-consumption attacks is to deliberately waste time and power while performing the algorithm, and a hardware manufacturer may not want to do that.
Re:Getting Old (Score:1, Informative)
With blu-ray I couldn't have this set up:
Blu-Ray is defective by design, as dvd was before it. It should be cracked. Thats not an excuse, these are real limitations to reasonable use. People like me are a market, not a court case. In theory I can upgrade my drives, cpu, projector, and graphics card to handle blu ray, but why would I if i cant enjoy watching a movie when i want without having the look for the disc and hope its not scratched?
Re:Getting Old (Score:5, Informative)
There's no such thing as an implicit license granted under copyright law. Where does this idea come from? It simply has no similarity with reality.
When you purchase an object which contains copyrighted content, you purchased that object. Full stop, end of story. No license is involved.
You don't need a license to use an object which contains copyrighted content. That's why there is no license in the picture. Not implicit, not explicit. You can do anything you want with that object and with that content so long as it is not forbidden by copyright. You can burn it. You can watch it 50 times in a row while eating hot dogs. You can make seven different copies, one for each day of the week. You can shift it to a different format so you can watch it elsewhere.
What you cannot do is distribute copies on a large scale or carry out a public performance of this content. Unless the copyright holder gives you permission, of course. But all the rest is simply permitted by default, because it's not forbidden. No licenses in sight.
Re:Getting Old (Score:5, Informative)
Re:Not necessarily (Score:5, Informative)
Resource intensive is such a relative thing. I think the parent poster is showing his age. Back in the day when you had a few main servers shared for the whole campus's business & acadmemic use with less computing power than a modern graphing calculator at a cost of tens or hundreds of thousands of dollars, even the few percentage points of CPU dedicated to text-only games was enough to raise ire.
Linux fortune files are rife with references to old, primitive games like xtrek that used to draw the wrath of sysadmins that are almost impossible to find now.
Re:A list of movies NOT to buy (Score:3, Informative)
I don't think "draconian copy protection" was the reason either SACD or DVD-A didn't catch on. I think the reason they didn't catch on is that they're more expensive than CDs, they can't be played in a regular CD player (or, in the case of SACD, can only be played as an ordinary CD in such a drive), and the improvement in audio is undetectable to most people. I am certainly happy with CD-quality and have no burning desire to switch. Why would you pay more when you don't see any discernible benefit?
Similarly, most people are quite happy with the quality and resolution of DVD. To get the benefit of BD you also need a large HDTV, which not everyone has yet. Of course, considering how often people watch 4:3 content stretched to fill their 16:9 screen, it wouldn't surprise me if most wouldn't notice the resolution improvement even if they have HDTV.
I mostly watch video on my laptop, and only occasionally watch HD content online. I do notice the improvement over regular DVD, but it's still not something I think about if I'm watching something that I enjoy in standard definition. I certainly don't see why I should pay significantly inflated prices for BD discs when I just don't care about the improvement very much.
Re:Getting Old (Score:3, Informative)
There's no such thing as an implicit licence for copyright.
There is however the doctrine of first sale, which *does* apply to the sale of copyrighted works.
Specifically, once a contract for the sale of a copy of a copyrighted work is complete (here's some money for that book/DVD/photo - thank you, sale complete), no further restrictions to the use of that work can be applied by the copyright holder, other than those that apply through copyright law itself - i.e. no public performances or making your own copies (depending upon jurisdiction, some places let you make infinite copies for personal use, some, like the UK, allow for none except for those needed to use the work itself)
They tried shrinkwrap licences with books, back in the day. Publishers put extra limits on what you could do with the book, such as preventing your reselling it after you'd bought it. Doctrine of first sale killed that in court. The contract terms are up front, written down and agreed to prior to the sale, or they're completely unenforceable. Literally, the copyright holder only gets to require extra terms against the first sale of the work, up front and before the sale. After that, assuming no such actual contract exists, any further sales of the same copy are governed only by copyright itself. Thus the second-hand market is a fundamental right of copyrighted goods purchasers, which is why I get really peeved at software companies whining about lost sales and trying to kill it. It's a fundamental safety margin and customer balance of copyright.
Notice how you have to agree to the contract for mobile phones, cable TV or MMO's before you start, and before you exchange money? Well, that applies to the sale of copyrighted works too. Implied licences and post-sale click-wrap licences are just a massive con. Did you sign a contract at the till, last you bought a DVD or book?
The one exception I know of is US UCITA-signing states, with regards post-sale click-wrap licences for software. There is an extra law there to make those binding, even after the sale.
Corporate to corporate contracts are also obviously a different beast.
How do you do that ?!? DRM stops this. (Score:5, Informative)
In any case, after you transcode to h.264 at a reasonable bitrate, which you're going to want to do anyway to avoid using 30 gigs of hard drive space per movie
And exactly, how would you do that ?
That's the main problem currently : to shift format (for example to convert the movie so you can have it on your laptop or on your multimedia hard-disk enclosure to take it with you on a trip), you need to access the content of the movie.
Format shifting is a perfectly legal procedure in lots of countries around the world. But DRM completely forbids exercising this right.
Without BD+ being bypassed, there are no way to legally play legally bought discs on lots of your legal machine.
Currently, it's much simpler to just download the movie from the pirate bay. And as a bonus, the 54mbps BD VC-1 (or H264) film has already been recoded into a smaller 8GB H264 file, ready to upload on your laptop or multimedia hard disk enclosure.
DRM doesn't stop piracy (it takes just one single pirate team to just break one single copy and make it available on P2P and no matter how much the DRM is restrictive for the rest of the population the thing is already available).
DRM just fucks up normal customer rights, to the point where it is actually more convenient to *download a version from TPB* than to try buying the legal disc and do anything more complicated than playing the disc on a PS3.
As a Linux user, I want to be able to play a disc I've bought on my opensource software players. DRM completely stops me from doing this. Hence I'm not buying BD. I'm boycotting HD formats until there's an acceptable solution for me.
---
NOTE:
Format shifting is allowed where I leave (and lots of other countries).
Circumventing DRM for legal usage is allowed too.
In the USA, YMMV.
Re:Getting Old (Score:3, Informative)
You are not granted a licence. The author is granted exlusivity on certain rights (see 17 USC 106 [cornell.edu]). These rights are the right to copy, to make derivative works, distribute, publicly perform, publicly display, and digital audio transmission.
These are rights exclusive to the author. If someone other than the other does them, they have committed copyright infringement. But you can do anything else you want with them. You have the right to read, burn, soak, get laminated, use as toiletpaper, or do anything else you want to a copy of a copyrighted work.
Now the act of using a computer program usually involves making a copy of that computer program which is one of the rights reserved to the author. But 17 USC 117 [cornell.edu] grants a special exception. Under that section it is not an infringement to make a copy of a computer program if that copy is essential to using the computer program. This means you don't need any sort of license in order to install a program. You just need to own a legal copy (and since a copy is defined in 17 USC 101 [cornell.edu] to be the physical artifact not some abstraction of the data, owning a CD means owning a copy of the work on the CD.)
(Given the above EULA's on off the shelf software shouldn't be enforceable since the only "consideration" they give you is the right to install the software, which is a right you already have. Without a "consideration" there is no contract. Without a contract, they can't claim breach of contract and they can't claim copyright infringement either because of 17 USC 117. I never can figure out why they think EULA's are legal. (EULA's on online services and network installs are completely different since those don't trigger 17 USC 117, and thus they should be enforceable.))
Of course IANAL and TINLA.
Re:Getting Old (Score:3, Informative)
They've been secretly stealing all the cameras. Go ahead and check - I bet yours is missing. Bastards got mine last week.
Re:Break the RSA algorithm? (Score:1, Informative)
this is well known by the BD+ team. As long as the correct padding is used before encrypting/signing e=3 is not a problem. To make a long story short the padding needs to make sure that 3^t mod pq wraps at least once. ie e^t > pq. Turns out that not so hard....