HD DVD's AACS Protection Bypassed 161
Mr. BS writes "Playfuls.com is running a story how HD DVD's AACS protection has been compromised. Although the video of the hack leaves much to be desired, the source code has already been made available. Feel free to start backing up your HD DVD's whenever you feel the need."
Dupe (Score:5, Informative)
Re: (Score:3, Interesting)
Actually... (Score:5, Funny)
Re: (Score:3, Interesting)
You should pay more attention before you "correct" other people...
The source was linked in the Doom9 thread the
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No DRM! (Score:2, Funny)
Dupe (Score:2, Funny)
slashdot seems to be posting stories more than once to demonstrate
the real effect of deja vu on the jolt drinking, halo playing, pornography
downloading whacked out crowd it caters to.
Re: (Score:2)
"hey, cool, the new-fangled dvds have been cracked, I'll read about it now.. Oh wait, the youtube video in the next tab is starting"
(2 minutes later)
"That sure was funny, now back to the porn"
(two days later)
"hey, cool, the new-fangled dvds have been cracked..."
And the winner is.. (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Informative)
http://en.wikipedia.org/wiki/AACS [wikipedia.org]
"The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc."
Blu-ray IIRC had room for additional DRM methods as well.
HDDVD will win, but this is not the reason (Score:2)
As far as I can tell it's an extra bunch of code that can be used to further check the player for compliance before finally decrypting the AACS title key.
That means that bluray is more complicated to play because you have to implement an extra virtual machine to fool the B+ code into thinking that it runs on a real player.
The reason that HDDVD will win, is that it's easier to play for Open Source players and other user-loyal play
The source is not for the "break" (Score:5, Informative)
The author is waiting till some time in the new year to reveal how he got the keys, but the evidence suggests to me that he used some kind of debugging hook into Power HD-DVD.
Re: (Score:1)
On that topic, would anyone happen to know why libdvdcss successfully brute-forces some titles, but halts and fails on others? I ran into that proble
Re:The source is not for the "break" (Score:4, Insightful)
Dance Dance Revocation (Score:3, Insightful)
Which will be the first revoked key.
Re: (Score:2, Informative)
2ndMIX (Score:2, Informative)
They can be revoked in future titles and in remasters of existing titles. What use is circumvention software that can break only a few months of releases?
Re: (Score:2)
And then somebody else will extract another key, ad infinitum. It's a bit like the Linux model of reverse-engineering device drivers; only the newest stuff will be , everything else will be fine. And I'm sure a good cracking group or two will grab a key and not publicize the fact, so it won't be revoked and they can do instant releases. DRM, like all forms of copy protection, is broken by design. You can add all the layers of e
Re: (Score:2)
Re: (Score:2)
Uploading the release to Usenet. And ince it's up on Usenet in full quality, what's the point of having DRM anyway?
To contain the damage (Score:2)
To prevent future releases from being uploaded to Usenet in the same way. DRM that revokes player keys that have been broken contains the damage caused by those broken keys.
Re: (Score:3, Informative)
There's a difference between the title key and the player key. The title keys are used to directly decrypt the contents of the dvd (or hddvd or blu-ray), and differ between discs. They are not revoked because they are never reused to begin with. The player key is what's licensed to the companies and stored in players. This is the key that allows access to the title key, and if
Re: (Score:3, Informative)
But if that were not the case, wouldn't it be trivial to make an image and distribute this rather than the unencrypted movie data, since people can just burn the image illegally and play it in a liscensed player to accomplish the same goal?
Even in DVD-R, the consumer burners can't burn the player key block, which is preset to the unencrypted state on all consumer blanks. Special "authoring" burners are prohibitively expensive for the typical low-scale pirate's business model.
Re: (Score:2, Informative)
From http://en.wikipedia.org/wiki/Regional_lockout [wikipedia.org]
"DVD Video discs are the most infamous and visible example of regional lockout. Computer DVD drives come from the factory with RPC (Regional Playback Control), either RPC-1 (older drives) or RPC
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Anyway, I just escaped having one inflicted on me as part of a Sony SZ and bought an Asus W3J with a Toshiba/Samsung drive instead.
Even Worse (Score:2)
It needs a name... (Score:5, Funny)
Should read: (Score:5, Funny)
To be honest, I've missed the dupes (Score:3, Funny)
Re: (Score:2, Funny)
Re: (Score:2)
source code link (Score:1)
http://rapidshare.com/files/8318838/BackupHDDVD.z
Ironically.. probably a boost for the format (Score:3, Insightful)
Check out MPAA's wrongdoing! (Score:1)
Par for the course (Score:4, Insightful)
Maybe they could charge less if they didn't take the time or spend the money developing newer DRM?
Linux for the coarse. (Score:1, Funny)
I agree. That's why I've stopped trying to secure my Linux server.
The ultimate drm (Score:1)
It will require a drop of your blood to authenticate the customized drm. As an added bonus, it will also perform a pregnancy test, which will be handy seeing as how you've just been fucked...
Re:Par for the course (Score:5, Insightful)
Maybe the movie and music moguls are duped by the inventors and purveyors of these harebrained copy protection schemes. The latter KNOW that the laws of physics and mathematics GUARANTEE that *any* copy protection scheme WILL be broken. After all, in order to use the content, the key has to be given to the consumer in order to play it. There is NO way to hide a key, if it is needful to be able to use it at some point in order to view the movie or play the music. Perhaps some sane crypto expert can convince the content producers that they have been lied to by these crooked, money grabbing "experts" who know deep down that none of their schemes can ever work for long. The hollywood and the music industry have been sold the equivalent of a certain bridge labeled DRM by these companies who make money selling their DRM schemes to the content producers. Content makers would likely make more money if they did NOT pay these liars a dime.
Re: (Score:3, Insightful)
Re: (Score:2)
True. However anyone who wants to, can back up their DVD or play it on some other playback device, because the encryption scheme has been broken. I like to be able to watch a movie on my laptop, the DVD drive of which doesn't always want to give the disk back. Therefore I copy the decrypted DVD onto an external HD connected to a desktop system. After that I can copy it to the HD on the laptop. After I am tired of watching (usually once) it g
Re: (Score:2)
Well, not quite. Granted, nearly all of us use DeCSS to do our (fair use!) backups. But it is quite possible to back them up without any decryption at all, so saying the backups are possible "because" of the crack is not quite right.
Re: (Score:2)
Really? Does this work on Mac? I tried making a disk images of movie DVDs, but when mounted, would not play like a real disk. Only Mac the R1pper would make a playable copy.
Content makers have always figured out eventually how to make money from the new technologies. In time, DRM will become extinct. Someone will figure out how to make their content available more conveniently for a fair price. This someone will make a killi
DirecTV (Score:2)
Tell that to people trying to pirate DirecTV signals. Have the P4, D1, and D2 access cards [wikipedia.org] been broken yet?
Re: (Score:2)
The difference here is that the keys can be changed and are being changed constantly, whereas once a DVD is recorded and/or a player is sold, nothing can be changed. That is why the new HD players have revokable keys. However I doubt whether the content providers will mess with a huge number of installed players. If millions of Joe consumers get a popular movie DVD as a gift or purchase and then cannot play it, then the producers will not be happy
Re: (Score:2)
Most likely the disk will still get blamed. Here is the scene:
Customer: "But all my movies I have bought in this store worked and still do, as do all my friends disks. It's only this ONE I bought yesterday, out of all of them that doesn't. it is obviously no good."
Store clerk: "Ok we will give you another copy"
Next day---> Customer (now angry): The new one doesn't work either. Give me back my money!
Clerk:
Re: (Score:3, Insightful)
Ah, they don't want the protection to be completely unbreakable. They just want to make breaking the protection costing too much for average Joe to make copy of DVD to his friends.
The real value of a DVD for Joe user is something along the line of 20-50$ to purchase and will cost probably around 5$ to rent. If the protection is worth more than 5$ of pain for Joe user, then the mission is alr
Re: (Score:2)
And then copy it to play it so he/she can watch it on the laptop or iPod on that plane trip or or other place away from the big screen TV in the living room. Most copying of legally purchased DVDs is done for the purpose of device/place shifting. Few DVD's are copied onto other disks and passed around to others.
Re: (Score:2)
The sellers of DRM are trying to guide the MPAA/RIAA in a feasable direction. The problem is that the RIAA/MPAA control so much content! It's impossible to invent any kind of playback device without their blessing.
Want to sell a non-DRM internet-based movie service? All you'll be able to carry are indie movies that no one's ever heard of.
My employer, (which is involved with DRM,) tells us that they are patiently trying to explain to the MPAA/RIAA that "pay" media needs to be easier (and cheaper) then p
Re: (Score:2)
Probably the present generation of those running the content business will have to die off first. They will be replaced with people who grew up with the Internet and try new things. Among those new things will be DRM free content paid for by viewers. For generations now, the public has lived with content supported by advertising. Perhaps ad supported downloads m
Re: (Score:2)
Hello? Article submitter? (Score:5, Insightful)
Not only do we skip RTFA quite often, the article submitters seem to as well.
What he says in that quote is simply not possible; you still need the keys, and that hack doesn't cover that problem.
We may have something for that too in the future, but this is not the hack for piracy-at-will.
Re: (Score:2)
You mean this is not the hack for extracting your legally purchased content into a sensible format that allows you to skip all the mandatory previews etc. and actually watch it without shackles.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's funny, I first heard about this feature when watching a regular DVD a few months ago. The dvd plays, and a preview starts for HD-DVD. One of the big things they featured is that the movie starts playing immediately. So basically they were saying "Upgrade to HD-DVD and you won't see any of this crap."
However, I think that previews can/might/will still be added to the movie. But I think th
Re: (Score:2)
PVP-UAB (Score:2)
Windows Vista has a mechanism where media files can request decryption in the video card. See Protected Video Path User Accessible Bus [wikipedia.org].
yes, it's a dupe... (Score:2)
Slashdot's dupe-protection bypassed (Score:1, Redundant)
Re: (Score:1, Redundant)
You're the fifth person in this thread to bitch about the dupe, hypocrite.
This was on NPR Friday (Score:1)
Re: (Score:2)
because this so-called "hack" is based on the published algorithm for AACS decryption? what matters is where and how he got the keys.
Patience, young Jedi. (Score:2)
That will come later. Each piece of AACS shall be disclosed and disseminated in its own time, on a schedule that limits the ability of the MAFIAA to enforce the standard form contracts [wikipedia.org] encoded in the DRM system against customers.
Hey MPAA/RIAA cretins! (Score:5, Informative)
Don't you think it's high time that you quit trying to block Fair Use now, especially since the real pirates in China are totally unaffected by DRM in the first place?
Thanks for listening.
Signed,
A paying customer
Re: (Score:2)
Re: (Score:2, Insightful)
Fair use doesn't give you the right to break the encryption on copyrighted works.
Sure doesn't. But did you also know that copyright restrictions don't even apply in the first place if you are using the media for private use. Copyright only comes into play if someone is trying to publish the work of someone else. It's not even fair use to be able to do what you want to with your legally purchased DVD in your own home, in fact, that's just called plain old use.
No matter how much bullshit these companies try to control your every move, realize that once I purchase that little plastic d
Re: (Score:2)
Re: (Score:2)
Universal City Studios v. Reimerdes (Score:2)
if format-shifting for the purpose of interoperability or even bypassing for viewing on Linux, it (the DMCA) absolutely DOES specifically allow exemption for interoperability purposes.
Even if 1201(f) does allow embodying the capacity for circumvention for interoperability purposes into a device and distributing it, the US Court of Appeals for the Second Circuit ignored it in Universal City Studios v. Reimerdes [wikipedia.org].
Re: (Score:2)
Chapter and verse (Score:2)
Cite chapter and verse, and underline
The subset of HTML permitted in Slashdot comments does not permit underline or similar text-decorations.
the letter of the law that makes it illegal for the end user to decrypt what is encrypted.
17 USC 1201(b):
No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title [17 U.S.C.A. S 1 et seq.] in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
In patent case law, "manufacturing" has been interpreted to include installing on a hard drive, transforming a general-purpose computer into a machine that performs a patented process. Likewise, installing circumvention software would "manufacture" a circumvention device from raw materials that include a computer. The allofmp3 case is based on an interpretation of "importing" that incl
Re: (Score:2)
Nowhere here you can see the concern for well-being of United Artists, Warner Bro
Because 1201 nullifies 107, 108, 109, and 117 (Score:3, Insightful)
Unfortunately, there are any number of people in the world who feel perfectly empowered to illegally copy and distribute whatever material they want. What, exactly, are these people - who spend millions upon millions of dollars to generate this content (well, at least in the case of movies - music, apart from marketing, has relatively low overhead) - supposed to do to try to prevent this?
Unfortunately, there any number of people in the world who feel perfectly empowered to use litigation against others who reuse their material in critical ways, to withdraw material from distribution, and to make material that has been distributed useless. What, exactly, is the public - who spends millions upon millions to preserve this content - supposed to do to try to prevent this?
A problem occurs when the conditions imposed by digital restrictions management interfere with the public's right to mak
HD-DVD is -NOT- cracked (Score:5, Informative)
So at most, you'll be able to 'back up' (or Pirate) the current batch of Full Metal Jacket HD-DVD's to play on an older version of PowerDVD.
So dont go around yelling about how HD-DVD is cracked, cuz it's not.
Here's an article that has a few more facts and less sensationalism.
http://videobusiness.com/article/CA6403011.html [videobusiness.com]
D
Re: (Score:2)
Re:HD-DVD is -NOT- cracked (Score:5, Informative)
And when PowerDVD is re-released it will have to load its brand new decryption key into memory and use it to decrypt the data from the disk. If they're smart-asses, they'll only use the decryption key for key setup or even completely skip the AES 128 key and directly build the AES decryption key schedule by some other obfuscated process. If they really want to get wild, they'll continually decrypt and reencrypt the key schedule so that its never fully intact in memory at any given point in time, and integrate the last decryption steps into the first huffman decoding steps for the mpeg process (since it's just a bunch of XORs) to further annoy crackers. Unfortunately, the fact that unencrypted material ever exists in PowerDVD proves that they must have the entire AES decryption key schedule available for any given decryption, and it will be relatively trivial for crackers to pull the key schedule out and just pick the first 128 (or 192 or 256) bits of the key schedule which is the original AES key. Trying to hide encryption keys within an executable's memory space is probably one of the silliest ever conceived. All an attacker has to do is try every K-bit (K is the size of the key) sequence of memory as a test key at several points in the program. That is in fact what this article's attack accomplished. The key schedule can be dynamically encrypted and decrypted as each word is required, but this is just a stopgap measure and slows encryption down significantly.
Re: (Score:2)
Except with Trusted Computing.
Memory Curtaining allows a program to protect its memory from being read by other processes and the kernel.
If a driver has to be signed to be loaded (as in 64-bit Windows Vista*) then none of the drivers will be able to look at the curtained memory (unless you're able to pay Microsoft some money
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
HDCP is cryptographically broken to begin with, and there are already consumer devices available to output HDMI from a supposedly secure HDCP device.
Memory Curtaining allows a program to protect its memory from being read by other processes and the kernel.
If a driver has to be signed to be loaded (as in 64-bit Windows Vista*) then none of the drivers will be able to look at the curtained memory (unless you're able to pay Microsoft som
Re: (Score:3, Interesting)
CSS also uses different player keys. The three big differences between AACS and CSS is that AACS has many more player keys (CSS only had ~400), once one player key was discovered, you could easily discover all of the other player keys, and weaknesses in the encryption algorithm made it possible to discover the title keys without any p
bogus reasoning (Score:2)
It only takes a single compromised player to copy content, and once compromised, that player can be used in perpetuity to rip any and all disks published up to that point. There is no way to undo that.
Furthermore, if players like this get compromised every few months, we know that it's a fairly high probability event. Together with the previous observation, that means that pretty much every disc w
Re: (Score:2)
No, the title key is sorta the holy grail for that title. It means that anyone with access to the encrypted file (i.e. anybody) can decrypt that HD-DVD and any from the same batch, for all intents and purposes irreovcable. And if they got it for that key, they presumably got it for all past and current keys. It is not broken in the sense that all future keys are broken
Re: (Score:2)
Cost Effectiveness? (Score:2, Insightful)
Feel free to start backing up your HD DVD's whenever you feel the need.
Is it really cost-effective to do so at this point? HDDs seem to be at around $0.25/GB best case, so we are talking about $7+ per movie. That means 1/3 of your collection would have to be destroyed just to break even, assuming you value your time outside the office at $0/hr.
Maybe people are backing these up for other reasons such as skipping the 10 second FBI warning or saving the 20 seconds it takes to locate a disc and physically place it in the player?
I really don't see the utility, especially when
Re: (Score:2)
Re: (Score:2)
Since HD-DVD and Blueray are proposed for High Definition TV's (720 and 1080 using interlace or progressive scan) you will notice the difference between Standard Definition TV and HDTV. Consider a small HDTV (normally 720i,p) at approx 12in (30cm) you can hardly tell the difference between SD and HD content but now consider a 40in (101cm) and above HDTV (720p,i or 1
For the secondary TV(s) (Score:2)
From my personal perspective if I watch a movie on DVD then it would be rare for me to ever watch it again
From my personal perspective it is more likely than not that you do not have single-digit-year-old children. They tend to watch the same G-rated (or foreign counterpart) animated film once a week or more often. The use case that the MAFIAA member studios want to prevent is that someone buys a copy of Pinocchio in Outer Space on an HD format and backs it up to DVD-R for the smaller SDTV or EDTV set in the kids' room.
Universal availability (Score:3, Insightful)
If I paid for the content, I feel I'm entitled to play it when and where I want. That includes on my cell phone, my mp4 video player, streaming onto one of my pc's from my server, or even on a monitor that's attached with a VGA cable instead of a HDRM cable. And I feel I'm entitled to keep it safe from harm, watching the related movie while the shipping container disc is secure in its plastic box. I'm also entitled to watch just the content and skip the advertising, FBI threats, extras, menus and other c
Re: (Score:2)
This is going to sound silly to some... (Score:2)
The GNU/advocates on this site need to understand something about me. I don't oppose you people because I oppose your underlying cause in many instances; quite the opposite. I oppose you because I feel that your leader and his second, Bradley
Re: (Score:2)
It's been a while since I've been subjected to a level of vitriol with that degree of purity and intensity. I'm genuinely impressed.
I'm reminded of the Emperor at the end of Return of the Jedi telling Luke to, "surrender to his hate." It sounds as though even if Luke didn't take that suggestion to heart, that you sure have.
Re: (Score:2)
If you're any sort of human being at all, the guilt that you would likely experience from that would be formidable...so you might want to try and avoid such a scenario.
Also...if di
not as usefull as it sounds (Score:2, Insightful)
Re: (Score:2)
Um, yeah right...