Decryption Keys For HD-DVD Found, Confirmed

kad77 writes "It appears that, despite skepticism, 'muslix64' was the real deal. Starting from a riddle posted on pastebin.com, members on the doom9 forum identified the Title key for the HD-DVD release 'Serenity.' Volume Unique Keys and Title keys for other discs followed within hours, confirming that software HD-DVD players, like any common program, store important run-time data in memory. Here's a link to decryption utility and sleuthing info in the original doom9 forum thread. The Fair Use crowd has won Round One; now how will the industry respond?"

A simple answer

[DiamondGeezer]

The Fair Use crowd has won Round One; now how will the industry respond?"

Lawyers. Lots of them.

Even simpler

[Overzeetop]

Revoke the key. It will happen each time.

I predict that any backlash against key revokation will be addressed by very polished newsvertisements which state that the key revocation is the result of "hacking" by the "pirates" and despite the sincere regret of the problems caused, there is nothing they can do at this point.

Re:Even simpler

[Wonko the Sane]

If I remember correctly they can only revoke keys for future movies. All movies released when the compromised player was cracked can still be decrypted.

Re:

[Philip K Dickhead]

Yeah. Then you can DoS the industry, by generating a significant portion of the possible key-space, and releasing it in a crack.

Nice going!

Re:

[marcosdumay]

DoSing it is hard, there is plenty of space for keys.

But the good part is that every old player will have its key revoked too. So, we can DoS a big part of the HD devices after they are sold... I forsee big troubles with key revocation.

I'm pretty sure they can't.

[Grendel Drago]

There are presumably a thick raft of consumer-protection laws which prevent the industry from turning your shiny new $500 HD player into a shiny boat anchor because some nitwit cracked the player key. If the industry ever did that sort of thing, I'd expect either a product recall with free replacements/servicing or a class-action lawsuit against either the revoking authority or the manufacturer for not offering replacements.

Come to think of it, who is responsible when a manufacturer makes a product and a re

Re:

[Constantine XVI]

To my knowledge, once the key for a disc has been let out, the only thing you can do is make a new key for the next run of the movie. I don't think you can have the players reject disc keys. Anyways, they would have to do a recall for everyone who had bought the movie.

Including the people that pried the key from the original

Re:Even simpler

[Tony Hoyle]

You can - all the HDDVD and BluRay players have internet connectivity. They can and do download blacklists in 'firmware updates'. Such updates are also pressed into future disks - so you can't even get away with never connecting the player. These can revoke both disk and hardware keys, so you'd have to replace your copy of serenity, or even potentially your TV if the keys for that got revoked.

The only question is whether they have the guts to do it.

Re:Even simpler

[spisska]

Revoke the key. It will happen each time.

Ahhh. But only the player key can be revoked, not the title key for discs already in the wild. They could use different keys on all subsequently pressed discs of the same title, but that doesn't affect the titles already cracked. And they can't expect to do a recall of cracked titles.

Or they could revoke the device key for the software player, which would mean the software player gets upgraded with a new key, and newer discs can be cracked using the exact same technique. Otherwise anyone selling software players would be faced with the massive liability of having sold something that doesn't work as advertised.

Since this technique relies on using the title and/or volume key and not the player key, it will not be so easy to fix through the device key revokation system that's a part of AACS.

Round one definitely goes to the good guys. And I don't see how it's anything but a matter of time before AACS is as completely broken as CSS is. Even with device key revokation, it's just a cat and mouse game with newer titles and newer devices. And how will the MPAA and the device manufacturers react when people who pay out the nose for players and films are no longer able to use them?

No more software players?

[I'm Don Giovanni]

They could take a more drastic approach, and simply revoke the keys to all software players, since software players are too easy to extract keys from. The already cracked discs would still be available for piracy, but further discs wouldn't be playable on anything but hardware. That would definitely suck, and would render the "victory" as Pyrrhic.

Sit down, boy

[Rix]

You haven't the slightest idea what you're talking about. No matter how well coded, any information used by a program is available to someone determined to extract it.

Re:

[Dachannien]

and despite the sincere regret of the problems caused, there is nothing they can do at this point.

Except settle in a class-action lawsuit.

Re:

[iamdrscience]

I think the possibility of key revocation is extremely unlikely. If the companies behind HD-DVD begin to revoke keys it will only serve to hamper the format's adoption, consumers will not stand for that. Furthermore, I would imagine that such proactive defenses against pirating might result in a class action lawsuit -- if they revoke the keys for a hardware player consumers will be pissed and they'll likely win such a case.

Who cares about existing titles?

[Overzeetop]

Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player. They don't want to make it impossible, they simply want to make it difficult. Having to keep a key database updated is a pain in the ass. I'd go as far as to say that they don't care about an isolated crack - they'll "fix" it and go on, with updates from time to time. This is a s/w player, not a hardware player, correct? Just require an update.

The point is that they will make this about Piracy, and that its the Pirate's fault that you have to go download an update to get your machine to work. Not their fault (Say "Not my fault" in David Spade's voice an you'll get the idea). Most consumers will believe the newsvertisement they see on ther local station that blames those evil pirates for their suffering. If it weren't for the pirates, their stuff would work. Which can easily be spun at truth - pirates cracked the system, system must be safe or poor artists children will starve, so we had to change the system - all pirates fault. Your mother would fall for that, and you know it.

Right and wrong is irrelevant - it's who takes the blame for the mess that matters, and the industry has a lot of PR money to make sure the finger points at someone else.

Re:Who cares about existing titles?

[Kjella]

Everyone seems to be missing the point. Existing titles are chump change. Just make the next pressing with the new key. The flurry seems to center around release dates anyway, so no future discs will decode on the compromised player.

Yeah, right. Take a look at the prices for DVD seasons of for example Babylon 5 or Star Trek... they're incredibly expensive even though they're many years old. How much does Disney classics go for again? Besides, it's probably not like pirates are going to announce their player keys, they'll likely just release the titles.

The sad thing is that it'll work for release groups having decryption keys and pirates getting decrypted versions, while it probably won't work for average consumers who wants to do fair use like back-ups, format shift, non-HDCP screens and so on, because they don't have a disc from the same batch.

Re:

[Jugalator]

Revoke the key. It will happen each time.

But it's volume keys leaking? Sure, they could re-encode the content and release new copies (hmm, to what estimated extra costs??) for a volume key revocation, but what use would that be when the previous version of the disc has already been decrypted and released as torrents?

Re:Even simpler

[DamnStupidElf]

Revoke the key. It will happen each time.

Like I posted last time this crack was on slashdot, it's futile to revoke a key. Every movie released to HD-DVD before the key is revoked will still be readable with the known key, and within a few days or weeks another software key will be found to read all the newer movies. Additionally, true pirates who recover the key of a particular player are able to keep their discovery secret by not publishing the key, and they will always be able to rip new HD-DVD movies. There's no way to watermark movies based on the player key, because the entire stream must be encrypted with a single master key that the player key decrypts. There's no way for the media companies to discover which keys have been secretly compromised, even when movies are being released on the Internet.

In the best case, AACS will be fundamentally broken because of some oversight and all the player keys will be compromised, making key revocation laughable.

Re:

[Overzeetop]

It is my understanding, incorrect as it may be, that this was cracked using a software reader, not sniffing a hardware (stand-alone) player. You can just download the update. It will be a cat and mouse game, but an irrelevant one. You see, there are far more people who will have to buy a second copy - for whatever reason - than there will be pirates that lose them money. Slashdotters are so myopic on this point - most of the worlds computer users couldn't rip a DVD in a day if their life depended on it. Se

Fantasy Land

[gravesb]

By admitting DRM is useless and treating customers like clients instead of criminals? Only in my mind, only in my mind....

Too many customers ARE 'criminals' though

[I'm Don Giovanni]

"By admitting DRM is useless and treating customers like clients instead of criminals?"

Customers shouldn't be treated like criminals, but they shouldn't act like criminals either. Many "customers" act as criminals then bitch and moan when they're being treated as such.

What is needed is a DRM that is advanced enough to be flexible enough to allow all "fair use" while curtailing piracy. That would be the ideal. But the reality is that DRM isn't advanced enough and won't be any time soon, if ever. So the b

Re:Too many customers ARE 'criminals' though

[HTH NE1]

Many "customers" act as criminals then bitch and moan when they're being treated as such.

Only because exercising fair use is acting like a criminal. Except its only acting; it isn't being.

The actions of a criminal can also be the actions of a law-abiding citizen legally exercising his rights. It is to what ends the acts are performed that (are supposed to) define them as criminal.

I can swing my fists in the air as long as I like as long as I don't hit your nose. It's bad laws like the DMCA that would make swinging my fists in the privacy of my single-occupancy home a crime.

Re:Too many customers ARE 'criminals' though

[The Master Control P]

"What is needed is a DRM that is advanced enough to be flexible enough to allow all "fair use" while curtailing piracy."

DRM will never be this advanced, because this proposal is fundamentally impossible, because it implies logically inconsistent outcomes. Either I can copy no part of the video for any reason, or I can copy some part of the video (no matter how small) for any reason. If I can copy any part, even screenshot by screenshot, for any reason, I can re-assemble it outside the player and the DRM is therefore useless. If I can't, fair use is violated.

DRM, in all it's manifold and perverted forms, can go to hell.

Re:Too many customers ARE 'criminals' though

[wolrahnaes]

But please do NOT pretend that DRM is broken primarily for "fair use".

I would argue that the majority of users breaking DRM are doing so exactly for fair use. More often than not, there's no reason for a pirate to break the DRM on a retail DVD because that work has already been done. Within mere hours of the discs arriving at stores (generally a few days before the official launch) and occasionally weeks or months earlier (see Stewie Griffin: The Untold Story) one person has ripped the DVD and released it in to the wild. That's all it takes. Once there is a raw DVD copy floating around, the DRM never has to be broken for piracy again. Because of this, DRM can't even stop casual piracy. The only people a broken DRM scheme has left to get in the way of are those who are trying to legitimately make fair use copies.

Like others in this discussion, I have a homebrew VoD system set up in my apartment. A media server with a few terabytes of hard drive space and a trio of TV tuners (two analog for cable and one OTA HD) stores all of my movies and every episode of my favorite TV shows. Thanks to this, my roommates and I have point-and-click access to all of those videos from every computer, Xbox, and Xbox 360 in the apartment. It's very convenient and I never have to worry about a scratched disc or missing a single episode. Thanks to DRM + the DMCA, every single movie on the server is technically illegal even though I can point at the shelf where the DVDs sit gathering dust.

There are commercial hard drive based DVD library devices, but they're overpriced (in to the thousands of dollars for a mere terabyte last time I checked) and nowhere near as compatible as my solution. The one I looked at would only stream to proprietary set-top boxes and even now I'd wager only possibly the Xbox 360 out of my current line up would be compatible with any similar products on the market now (due to its support for streaming DRM). None would support streaming to my modified Xbox and certainly not to any of my computers.

I would say the home media server is a substantial example of fair use which is legally blocked by DRM+DMCA issues. One like I have is trivial to set up (Myth + Linux + Samba or XP/Vista MCE) and works with a number of clients (I intend to test using my DS as a client once I get the adapter card which enables homebrew and I've already used a PSP as a client in the past). Everyone I know who's seen my setup wants to clone it and if it weren't for the legal issues I'm sure the market would be flooded with such devices.

That seals it for me...

[chill]

Between the porn industry choosing HD-DVD and now this, I know what I'm opting for when upgrading to HD movies! Sorry, Sony. I was so looking forward to having spyware installed on my PC with every BluRay disc purchased just like your music discs.

Re: Don't like Movies Much?

[DumbSwede]

Ermmm... Good plan except major movie studios will only release on Blu-Ray if it's DMR holds up (at least for the next couple of month). Then again maybe all you want to watch is Porn.

BTW, in yesterday's post about HD Porn and Sony not Allowing Porn on BETA, I assure you there was LOTS of porn on BETA. The adult industry may prefer HD-DVD for cost reasons, but if Blu-Ray wins, there will be Blu-Ray porn -- count on it.

The best thing might be for HD-DVD to fail, have Blu-Ray generally accepted, and T

Re:

[chill]

There was lots of porn on Beta, but that is because anyone could record Beta due to the nature of the tape. Anyone can NOT record BluRay. In order to get a disc mastered, you have to go thru a Sony-authorized mastering service and they've been told NO PORN.

I also feel the studios are more interested in a token attempt. The encryption, even when broken, protects against the vast majority of that type of piracy. The geek market that is capable of doing that is so small it is almost negligible. They just

You are so right, sort of...

[symbolset]

For Windows users, anyway. Windows users need to be geeklords to get anything done at all.

Linux users whose computers don't come with the software automatically will just choose Applications->Add/Remove Software and choose "HDCrack", which by then will be a graphical frontend for mplayer. Mplayer and the cracking software will be downloaded automagically and probably will access a network of online database of title keys hosted in openness friendly countries. Thereafter when they insert a supported H

Re:

[Anonymous Coward]

Actually, I've more commonly seen it referred to Digital Restrictions Management. I think the term Digital Rights Management is just the publishers attempt to put a positive spin on something that is fundamentally designed to impose restrictions on your use of the content. The accepted and common meaning of the abbreviation of course will be determined in due time.

"now how will the industry respond?"

[gerf]

"Hello, Doom9.com's ISP? Yes, this is Microsoft. We're auditing your sofware licenses."

"Hello, Doom9.com's registrar? You're being charged with violating the DMCA. Pretty much all of it."

"Hello, little tiny country? This is the MPAA, and as official representitives of the US government, we're asking you to hand over all people involved in this post on Doom9.com's forum. If you fail to respond, we'll enact sanctions on your country and drive you into the dark ages. Just look at North Korea for an example.

Re:

[Anonymous Coward]

"Wait, so if I don't turn these guys over, I get a one-million man army and nuclear weapons?" ...

"Sweet!"

Re:"now how will the industry respond?"

[MostAwesomeDude]

Um, as The Pirate Bay has demonstrated already, there are three wrong with your supposition. First off, ICANN does not and will not revoke domain names at the behest of the government. As long as Doom9 has backbone (and this hasn't been their first time in this type of situation), they're not gonna crumple.

The second thing is that they might not be located in the USA. The whois dossier shows that the domain was registered by (anonymous) proxy, and it's entirely possible that he's not American. If his servers are physically located outside of the USA, then he can't be legally threatened by civil suits, and he's not subject to DMCA. (However, this is a hypothetical, and since he refuses to host DeCSS, it is my guess that he is somewhere in the USA.)

The third thing is that the website is http://www.doom9.org/ [doom9.org] , not doom9.com.

Re:"now how will the industry respond?"

[cdrudge]

Doom9.com: "Hello Microsoft. We are a domain squatter. We have no idea what you are talking about. Besides. We run Linux."

Microsoft: "Crap. We sued the wrong company. Refile for doom9.NET"

Doom9.net: "Go fly a kite. We run Linux as well so you have no authorization to do an 'audit'. And go fuck yourself with the DMCA. US laws don't apply in England."

Microsoft: "Shit. Wait. Why the hell do we care if HD DVD are cracked. That's the MPAA's problem."

Blu-Ray Rules Supreme!

[RAMMS+EIN]

``The Fair Use crowd has won Round One; now how will the industry respond?''

I think at least the Blu-Ray camp will switch on their intergalactic megaphones and tout how Blu-Ray was superior all along. This whole format war is childish enough for that.

Re:

[mcknation]

They use the same encryption spec don't they?
I thought I read somewhere that this would effect blu-ray as well...
?
/McK

Re:Blu-Ray Rules Supreme!

[pyite]

You are correct, sir. The attack vector is the same, keys being exposed in insecure memory in the decoder/player. The encryption of AACS itself is unlikely to be cracked as it's AES, and AES is very nifty and well studied. Even if the key searching approach fails, there *are* possibilities that some sort of attacks could be waged on the AES implementation which might be vulnerable. (For instance, I wrote AES for MATLAB. It's highly likely that my implementation could be exploited for various reasons, such as cache timing attacks.)

Re:Blu-Ray Rules Supreme!

[onemorechip]

I'll say your nom de plume is appropriate. There are two ways to reconcile these positions logically. One is that it is not the same Slashdotters making both claims (we have diversity of opinion here, in case you failed to notice). The other way is that the "competition" the first claim refers to is between corporations, not between formats. The former fuels markets, the latter fragments them. It's true that the latter is a consequence of the former, but it is not an inevitable consequence. For instance, nearly all books published in English today have the binding on the left side, even though there are many publishers competing for your cash.

Re:

[RAMMS+EIN]

``What really strikes me is how much Slashdotters go on and on about how competition is good...but then they turn around and claim HD-DVD versus Blu-ray is bad and "childish."''

I'm not sure these are the same Slashdotters. Also, I'm not sure there is a contradiction here (as you seem to suggest). Personally, I believe in competition, but I also believe in interoperability. In fact, I believe that interoperability makes competition more effective. Having two incompatible formats pollutes competition with ano

We have a Winner...

[dalmiroy2k]

You have Pr0n, cheaper hardware and blank media than Blu-ray and now you can "backup" movies, HD-DVD will be the winner of the HD format war, at least here in Argentina, Brazil or other developing countrys where piracy reigns...

The crypto in HD-DVD reveals the key

[TechyImmigrant]

I took a look at the spec for the HD-DVD encryption. The data is encrypted with AES-128 in CBC mode. The spec states clearly that the IV is a fixed constant. CBC required the IV to no only be unique, but also random. Not making it unique and random leads to a leak of key material. I assume that this is the weakness through which the keys are being extracted.

So rejoice. The HD-DVD media keys will be free.

Re:

[julesh]

So rejoice. The HD-DVD media keys will be free.

Yes, but how much processor time will be required to free them? If this guy used a 20 node overclocked Core2 Extreme cluster with 16GB RAM per node, and it took him 8 months to get the answer, then things aren't looking great for our ability to play HDDVDs on Linux any time soon.

Re:

[Alsee]

That's not how that works. Keys are generated randomly. Knowing one doesn't tell you anything about any other, unless someone has made a very serious mistake.

Ah good. Then the MPAA have nothing to fear. Chuckle.

-

Basically the DRM-Mafia has no chance...

[gweihir]

What they would need is to do the decryption the the LCD pixels. Even if they do it in the LCD driver chip, recording is possible and not that hard to do, considering that one un-DRMed copy on P2P will distribute really fast...

However, today software players running on general-purpose hardware are necessary. Without them, the market shrinks too much. And software players cannot be secure against the system administrator. The keys have to be stored somewhere.

What I don't understand is why anybody bothers. Th

Enter the bilayer display...

[symbolset]

Which attaches to each diode in the LCD array and captures the images.

They should give up. It's hopeless.

There are enough honest folk to sell their content to that they can make a good living. The crooks can and will always cheat. Hiring armed guards to escort and live with each recorded disc is cost prohibitive and nothing else is going to solve this problem for them. Any content that can be played can be recorded. Period. Anything one program can do, another program can do. That is not going to c

Wait!!!

[sulli]

Don't release the crack until after the standard is settled! Now all the studios will go Blu-Ray only.

Re:

[ivan256]

Yup, here it is:

http://www.boingboing.net/2007/01/04/media_overest imates_.html [boingboing.net]

$200mil a year is chump change in the DVD business. The equivalent of two successful hollywood movies.

Goodbye Software players

[desenz]

Couldn't the industry, if it were so inclined, just stop licensing software players? I would imagine that compared to set top DVD players, the software must be a pretty small segment.

Re:Goodbye Software players

[flyingfsck]

No software - so how are you going to display the DVD - graph paper and a pencil? That may take a while.

pastebin /.'d

[TheSHAD0W]

Could someone please paste the pastebin contents here?

The response will be the dumping of HDDVD.

[Opportunist]

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

The point is to create as much damage as possible, so the industry learns that the only one hurt by DRM are they themselves. Revoked keys mean more work, more expense, more hassle and dissatisfied customers who have to jump the hoops. This will in turn create more awareness for DRM and the problems it creates.

We have to teach the studios that DRM is a failure. That it only generates hassle and problems for their paying customer and is no barriere or even a deterrent for the pirates. For this, the customer has to be the one hurt, too. Learn the easy or the hard way, learn about DRM by investigating or by having your tools stop working.

Yes, that's not the usual gentle way of teaching. But appearantly some people don't learn 'fore it starts to hurt.

Re:The response will be the dumping of HDDVD.

[Iphtashu Fitz]

Quite simple. The content industry will simply dump the format, after all, there's an alternative. Now it's high time to show that BluRay is just as "consumer friendly" and break it for good, so there is no alternative left, and if the studios want to get their content to the customer, they have to accept that DRM is useless in their strife to protect their rights.

Except for the fact that HD-DVD is cheaper for the consumer, and also has the backing of the porn industry since Sony is prohibiting porn on Blu-Ray. So consumers will continue to buy HD-DVD players to watch their porn in HD and Blu-Ray usage will continue to flounder. Sales of mainstream titles on Blu-Ray will do poorly and the movie studios won't make any money. They'll either have to offer titles on HD-DVD or give up on HD sales altogether. On top of that, it's only a matter of time before Blu-Ray protection is cracked as well. IIRC, the Blu-Ray encryption is similar to HD-DVE encryption, so it shouldn't be all that difficult.

Industry response?

[Anonymous Brave Guy]

The Fair Use crowd has won Round One; now how will the industry respond?

It will send in a few lawyers. After a while, they will realise that their impact is negligible in the grand scheme of things: the DRM will continue to deter casual copying to some extent, but will continue to be impotent in preventing anyone determined to make a copy and willing to spend a little time on the 'net to find out how (or download a pre-ripped version).

Meanwhile, genuine customers will get seriously annoyed at the fact that DRM in HD-world has now moved beyond a minor inconvenience or ethical question as it was with things like DVDs, and into the realms of seriously impeding their enjoyment of the product they have legally purchased. A consumer backlash will result, with the effect that DRM becomes a "dirty word" 2-3 years from now, and distributors drop heavily-encumbered formats and go back to what works: a mostly hands-off scheme that's enough to deter casual copying by schoolkids but nothing that risks seriously impacting the marketability of their merchandise.

On the same sort of time scales, on-line distribution will reach a critical mass, and the movie distributors will adopt a second, parallel strategy where cheap, legal, unencumbered downloads are the norm. They will make their profit from on-line users through many small incomes, rather than the larger one-offs represented by (HD-)DVD purchases today. This will render illegal distribution channels mostly irrelevant, and the damage due to illegal copying will revert to being low-level noise as it mostly was before they started their current crusade anyway.

Hey, it's a new year and everyone else is making crystal ball predictions. Can't I have mine, too? :-)

Again, this is NOT a crack!

[KonoWatakushi]

New disks can be pressed with new keys, and the compromised software player will have it's key revoked. As such, this is not a generally useful solution. AACS remains secure, and at best, we may see individual keys available for certain pressings of certain discs. This approach will never provide general playback as DeCSS does.

However, it is my understanding that the decryption process can be done by the TPM; once this is supported, the problem will be much more difficult. Make no mistake, the battle has only just begun. Before long, software based attacks may be rendered impossible.

Re:

[ScytheBlade1]

You're forgetting one, key principle here.

Only one person needs to "crack" the encryption once.

It doesn't matter, at all, that they (the "big evil guys") can revoke keys. Get one key, decrypt it, and you now have DRM free audio and video. It only takes one to fire up that BitTorrent client. Who cares if the key is revoked after that? Once you have the data, you have the data, plain and simple. All it takes is once to seed a torrent.

Put it that way, and you can tell it's not about stopping pirates. It

Nope, sorry, the TPM can't do it...

[nweaver]

The TPM does slow public key authentication. It doesn't have the throughput to do high data rate AES which is what's necessary to decrypt the video stream.

Re:

[Alsee]

it gave an estimate of 200 hours remaining just to encrypt a few megs of source code

I'm pretty sure the TPM based disk encryption you had was encrypting the entire disk - including all of the empty sectors. Read-encrypt-write-reread-verify for each sector, multiplied by some huge number of gigabytes.

The TPM doesn't handle data encryption at all, it only handles the encryption of keys. It's a very cheap low power chip. No horsepower, no throughput, just enough to spy on your system and to manage crypto on ke

Another version of serenity?

[Jah-Wren Ryel]

Damn! I think there must be at least 3 different "scene releases" of Serenity in various flavors of high-def by now (1080i mpeg2 cropped to 16:9, 1080i mpeg2 OAR, 1080i h264 and 25fps OAR) So now there will yet another version floating around the net soon. These greedy pirates, always double-dipping or worse to try and get people to download the same movie multiple times!

/. paradise

[Anonymous Coward]

1. Porn goes for HD-DVD
2. HD-DVD encryption is broken
3. The Pirate Bay will buy a country

Put them together and you have pirated porn in HD. Note to self: add KY Jelly and a pack of kleenex to the shopping list.

When will tech people starting getting

[zappepcs]

comedy awards? This is hilarious. Spending all that money on DRM, implementing new media, only to have the encryption cracked before launch day (practically) must be like trying to nail jello to the wall using $100,000 nails. (Has Mythbusters tried nailing jello to a wall yet?)

The real question is not how they will respond, but when will they learn?

youtube demo removed

[1 a bee]

muslix64's youtube demo [youtube.com] linked from the original post has since been removed. Instead the page seems to claim that the content of his video is somehow owned by Warner Bros.:

This video has been removed at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission.

Sad, but funny...

Re:

[Jugalator]

I thought short movie clips qualified as fair use without need for a copyright holder permission, and that YouTube video contained no more than that...

Re:youtube demo removed

[Yonder Way]

Maybe so, but it's still available on google [google.com].

the lesson here...

[buhatkj]

is never underestimate a hardcore geek with a little equipment and a decent block of vacation time....

people have been xeroxing books for like 40 years and nobody ever made such a stink as the mpaa and riaa have. their whole thing is so wrongheaded, if they would spend all those legal fees and lawyer salaries on hiring better directors/writers/actors their profits would skyrocket. its not piracy that loses them profits, it's SHITTY PRODUCTS.

Analog Hole

[alexgieg]

Even if they one day develop a perfect DRM scheme full of unbreakable secure paths, it won't be possible to avoid someone simply removing the actual LCD screen, wiring the signals instructing which pixels should turn on and off to a 3rd party device, and recording the unencrypted content in raw format.

No piracy is being stopped by these means. They're and will always be utterly useless.

Digital Eyeballs

[Cassini2]

Obviously, the only solution to the Analog hole is Digital Eyeballs. Everyone needs to have their eyes replaced with suitably DRM encumbered devices that are uncrackable. Then the high definition TV can be fed directly to your brain, the connection will be secure, and the MPAA will be rich!!!

Re:

[alexgieg]

Capturing the LCD bus data directly would provide a better unencrypted rendering of the movie than recording the image displayed by the actual LCD. But, sure, whatever is easier! :)

Industry response

[Robber Baron]

now how will the industry respond?

Probably by having their politicians table legislation that outlaws mathematics.

Hash information

[Ougarou]

For when any of these services get killed, let the record state that:
MD5(BackupHDDVD.zip)= 484a73b61fb795d84e11d72614f77db0
SHA1(BackupHDDVD .zip)= c9f28f76ff4f1a8bfe74fa963466e8483da95eff
SHA512(B ackupHDDVD.zip)= 661a12808e64ec516b1eb9e493bf5de4a08223f2ee4258735d aa6a382a1d2e1fbe4b732bebd4133e5af0d968c0904d310f73 40e63edab7b69e1948b08
3dd2617
ED2K(BackupHDDVD.z ip)= 4860e9248663d52dc47bfc98d61ec6d7
GNUNET(BackupHDD VD.zip)= COD1504ECJM52QOUN7I97FQTSIG848VITP15GSQTL9L3GAGT5O FRSIRJ5FLT84PUBBODIQ60I16J23RJ83J3TMLNMQF1II5GGFEI C5O.COTARKV5PLT8MFC6E
BDF83IMEJI74A3H0QNTGMEGDS6P PO6AEFF75S439R2T731ODI37MP0HM3TQ27266N6FMK4PS8SDLC KNE3UIPD8

Comment removed

[account_deleted]

Comment removed based on user account deletion

This talk is all fine and well, but, , ,

[Slugster]

If I can't get the crack printed as a Perl script on a T-shirt, I ain't interested.
~

Question

[slapout]

I'm not totally up on all this stuff (some, but not all.) What about this: I copy a HD-DVD to my harddrive. Then I find the decryption key for it. I decrypt it and convert it to another format. Couldn't I then distribute it without them knowing what player was used?

Sesame open ..

[AftanGustur]

1828B68D292D2EA1E9EEA1C7044DC864FDBC3EB6=12 Monkeys |V|MM/DD/YY| 2662C05B5238B0C50BD1BDF693223712
1BAB7EEBB20C5425F5911E0272F07DD8F7208747=Aeon Flux |V|MM/DD/YY| A5F1A71839B666A68B1138B1DDDDEBAB
4ACABE525F5CBF77DAA43EA2B83E04918D5FA6D4=Apollo 13 |V|MM/DD/YY| 8BA9C422F93C9B4B4247814530B29C48
B9A62093767C0E7CB2BF16447A52E864A45FE50D=Batman Begins |V|MM/DD/YY| 423C48E5ABB185FC7FB8DB2BF764BEB0
A236F74A67CC51270E328F94BC6B4D905A628F9F=Casino |V|MM/DD/YY| A1DC17F6FA052A4BB4A0D66A7C49DBD9
4DF295764864556F3B44B71C0B8828DB80D84CA0=Chronicle s of Riddick |V|01/02/07| 69197293FCEF6F0ADE4BD33C4B1F132E
E34FBD5B8ABDC5312B38028002865BB3530AE3CE=Enter the Dragon |V|MM/DD/YY| 15C7F34076AED16E75637DC3BFDE84F8
419D740F2288CEE1EEB60613DAD9D74D7B63203B=Equilibri um (Jap) |V|MM/DD/YY| 343CE9EE7DCB4018AA064BA09FF19B6F
A6EF2686A417863FEC63D1F7824F9406DEEB5ACC=Fear & Loathing Las V |V|MM/DD/YY| 246D84CBD2B6F747B6962B53BE026BF2
0E75082678AAD5CD4410A28A662D6832D21EB325=King Kong |V|09/18/06| 802F78B1B20D1183638D84E1A96D6EDD
EBC08E19B2059140DFF133E2B953D3A1538D7669=Miami Vice |V|MM/DD/YY| 3CB25E9C23BED3A496D049B9FCD0915B
EDEA3051F5802CB7FF80A24DFE7C720705D36A0F=Mission: Impossible |V|MM/DD/YY| 10CA125A572A96AE6EB74F6574CCC24D
1DBFD499BC05FB33F14FB76BBDD847B79B190AEA=Mission: Impossible 2 |V|MM/DD/YY| 8FD8341028A8A300AA16D7F8CCAB7E89
AF4BC7D6A55B08E6175204CABE862ECBB33B1DED=Mission: Impossible 3 |V|MM/DD/YY| 11D6A8CD59494EF3D4EC4E9002E902F9
A85B0043201474AC56794EA4AAE2C35577752FB3=The Mummy |V|MM/DD/YY| D6984C6B80D56F96CAE369474345E2B9
EB7A44A88AE2AF4B14C0B69B5DD5C621DE988593=Pitch Black |V|MM/DD/YY| 9D82A55BF2DAC3995AD24B40B802D71F
BA3C0208848EA13383F34E9E5BB95BDF0D89F1C8=Red Dragon |V|MM/DD/YY| 80596E6D9A94D2A3FDB094B9BA2D0A0A
C8A57242AF4CB5C0D7848BDA10821F984DC656E0=Serenity |V|MM/DD/YY| D075568AE6BB0B3F85446927B3794C28
17C8312A7BEA25A08606F118AD265FD657161D0D=SuperMan Returns |V|MM/DD/YY| EC2EC7F847F6D304B3C26F121CA578DA
87A660A656EDD1E07F66DB1A7DE594028A9587E2=V for Vendetta |V|00/00/00| AE196597E6A87A04AE6A24655990A4A6
B32592B86E782DBAEB4801FC1CD1B64CB3FF94A3=World Trade Center |V|01/13/07| DA41B36D90C25E533EE84A307EB2D929

Re:Blu-Ray?

[Anonymous Coward]

Who needs Blu-Ray anyway?

That format has killed itself by Sony's arrogant attitude. History has shown that locked-in, porn-shy formats always loose.

HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. For me there are two choices:

1) HD content works with my current and future hardware setup
2) No HD content for me

It's about time those media companies learn what they are producing their precious content for.

Re:Blu-Ray?

[gnasher719]

'' HDCP is the biggest crime in consumer history yet, let's hope this development kills it before it really takes of. ''

Every time I read a rant about HDCP, I conclude that customers (and content providers as well) have not the slightest clue what HDCP does.

At some point, after all the decryption, decoding, filtering and whatever else is done, your computer must send a signal to the monitor, which the monitor then translates into an image that you can see. This signal usually comes out of the DVI connector in your computer, goes into a cable, which feeds into the monitor or TV. Our paranoid friends at the MPAA or whatever abbreviation it is are afraid that you could catch the signal coming out of the video card, and record it.

Truth is, you can't. You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk. Well, I can't and no normal consumer can. There are people who could build stuff that could do it, but those people are probably happily building graphics cards for NVidia and ATI, or building DVD players.

Still, that signal had to be encrypted. So you have a chip just before the DVI chip (or integrated into it), and another chip in your TV, and they can negotiate to decide on a key for a cipher stream, and use that cipher stream to encrypt the signal on one end and decrypt it on the other end. Which means you can't record the signal coming out of your computer and turn it into a DVD. However, this has nothing to do with DRM whatsoever. Once this encryption is turned on, it stays turned on until the computer or the monitor are turned off. So if you read slashdot after watching a DVD, everything you see on the screen has gone through encryption and decryption. Doesn't matter, because you couldn't read the signal from the cable anyway.

Where the real effort is: First, the graphics driver has to check constantly that encryption works properly. That is not to make sure you don't steal the video signal (as long as encryption is turned on, you can't, and encryption doesn't turn itself off), it is because if the video card and monitor run out of sync then you will see nothing but snow on the monitor, and that makes for a very very unhappy customer. Second, all the commands from the OS to the driver are encrypted, and status reported by the driver is encrypted as well. Otherwise, a hacker could just pretend to be the OS and tell the graphics card to turn encryption off - and that's it! No, most of the work is not the encryption, but to make sure that the OS always knows whether encryption is turned on or off. And third, a DVD can request that high resolution is only used with encryption, so if the HDCP chip isn't there, the image is scaled down to lower resolution.

All in all, the whole HDCP stuff is complete nonsense. It prevents an attack from thieves in a place where you wouldn't attack. It costs money to add and implement. It doesn't hurt you as a consumer, except that you have to pay for the damned chips. It creates work for device driver writers. It doesn't protect contents. Anyone who can record 200 MB per second from a DVI output has invested some serious money, and a little bit more money will allow you to break into a monitor and get the signal from there.

Executive summary: If you can't record a signal coming from the DVI cable, HDCP doesn't matter. If you can record a signal coming from the DVI cable, HDCP doesn't matter much either.

It does hurt the consumer

[SanityInAnarchy]

What about the early adopters, who bought high-end video cards without HDCP, or very nice HDTVs, also witohut HDCP? They now have to pray that somebody (Sony?) sees the light and doesn't trip the "artificially cripple old HDTVs" flag.

So, because the MPAA is afraid of an attack that isn't feasable, and may never be, they are forcing early to buy new hardware (for no good reason). I can't help but wonder if this wasn't a simple money grab -- force everyone to upgrade so they pay you twice for the same hardware.

Re:

[Salsaman]

You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk. Well, I can't and no normal consumer can.

Sure you can: take output from computer a), feed into hdtv card on computer b), compress to mpeg2, store on disk. And btw, it is 24bit per pixel, 30 fps (non-interlaced), but the figures come out the same.

Re:

[LocalH]

No, you can't. Pretty much all "HDTV cards" are taking already-encoded streams from off-air HD stations and basically extracting it into a file on your hard drive. However, if you know of a low-cost capture card that can handle HD-res DVI/HDMI, then by all means feel free to enlighten us.

The GP is correct. If you can actually capture DVI in realtime, then you're probably inside the industry already, where no form of copy protection can prevent leaks.

Also, especially referring to 1080p TVs, regardless of the

Re:

[baadger]

According to the Wikipedia article the DVI specification does indeed have a colour depth of 24 bits per pixel.

Re:

[Anpheus]

You'd have to slow down the content eventually though, wouldn't you? I mean, 1920x1080 at 60fps with 24 bits per pixel is 2,847MiB per second. That's 1920*1080 = 2,073,600 pixels^2 per frame, and that multiplied by sixty seconds equals 124,416,000 pixels^2 per second, and using n pixels^2 = 24n bits we get 2,985,984,000 bits per second. Divide by eight to get bytes, and we have 373,248,000 bytes. That equals 364500 KiB, or ~355.95MiB/second.

That means you'd fill up your multiple GiB buffer in a matter of se

Re:

[Salsaman]

First of all, 60 fps would be interlaced. So an de-interlaced signal would be 30 fps, half the bandwidth, i.e. 170MB/sec. Then you do on-the-fly compression, you can probably reduce that by 2/3. So your final bandwidth is around 50MB/sec. You could easily achieve this with a simple raid setup.

Re:

[RKBA]

Three questions if I may:

1. Are you telling me that there are people who would pay as much as $2,000 for a board that digitizes the three YPbPr component video signals and two analog stereo outputs of an HDTV device and sends the data to a PC for recording (or plugs into the PCI bus and is accessed via device drivers), or would that price also require downscaling of the image and MP4/XviD compression? I believe that fast enough FPGA boards with high speed ADC's and builtin PCI interface plus DMA can be had

Re:Blu-Ray?

[baadger]

Truth is, you can't. You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk

Yes, surely you can. For a start it's approximately 30 frames a second (it's 60 fields a second). That gives you a stream of:

(1920 * 1080 * 12 * 30) / (1024*1024) = ~ 712 Mib/s (megabits per second) or
about 89 MiB/s.

I would have though an array of high speed reasonably standard disk drives could handle that quite easily, after all consumer SATA drives have a theoretical 1.5 Gib/s interface.

Re:Blu-Ray?

[Mad Merlin]

I would have though an array of high speed reasonably standard disk drives could handle that quite easily, after all consumer SATA drives have a theoretical 1.5 Gib/s interface.

More like 3.0 Gib/s (SATA2), but either way, it doesn't matter, modern consumer hard drives can't write faster than ~40M/sec. But if you put 2 or 3 of those consumer drives in RAID 0, you shouldn't have much trouble at all writing 89M/s, especially if you compress the signal before dumping it to disk. In a couple years it'll be even easier.

Re:Blu-Ray?

[grimwell]

Aye, my MythTV backend with the disk dump has two 320GB 7200 RPM 16MB Cache SATA 3.0Gb/s Hard Drives [newegg.com] in a RAID 0 array. The frontend has three HDTV capture cards(two HD-5500 [pchdtv.com] & one HD-3000). A Lowly 100mbps full-duplex network link between the two boxes.

I'm able to record three HD streams at once via nfs(nfs ver3, ver4 cause kernel panic under that load). Playback of one of the three streams while it is being recorded isn't do-able but recording two and watching an earlier(yet to be transcoded) one all at the same time works.

An hour of 1080i is a little shy of 8.5GB. The network link is the bottleneck in my setup, the disk array handles the task without a problem.

Re:

[Rich0]

Just to add a little to the other reply - your mythtv stream is only a few megabits/sec. Certainly not 700Mb/s! You might be able to record at that rate with the right drive setup, but you'd fill your hard drive mighty fast (80 megabytes per second eats through space pretty quick).

Go ahead and check the mythtv-users list - this is a common topic. The hardware capable of compressing live HD is very expensive - studio gear. We're not talking Apollo-mission cutting edge, but even the TV studios have diffic

Re:

[Emetophobe]

modern consumer hard drives can't write faster than ~40M/sec

It's now closer to 60MB/sec. I have three 250gig western digital sata drives, each drive can do 60MB/sec, or roughly 180MB/sec in a RAID0 array.

Re:Blu-Ray?

[tjansen]

Actually you can already buy DVI capturing cards capable of recoding 1600x1200x60:
http://www.fi-llc.com/boards/Products/AccuStream17 0.php [fi-llc.com]
Real-time recoding of HDTV videos is not that far away on consumer PCs either. I doubt that it would be a problem in 5 years.

So if there was no HDCP, and there was no way to get the compressed signal, capturing the data would become a viable option.

Re:

[Anonymous Coward]

your premise about needing to record 200MB/s is incorrect because it doesn't need to be played back at 60fps in order to make a copy! set your player to play at, say, 1/10th speed and suddenly you only have to record 20MB/s. sure, the RIP process takes 10x as long but, really, big deal.

Re:

[AJWM]

You just can't record a signal of 1920 x 1080 pixel times 12 bit per pixel times 60 frames per second on a harddisk.

30 frames/second, not 60. Anyway, that's 1920x1080x1.5 bytes/frame, just over 3 megabytes/frame. About 93 megabytes per second with zero compression. Reasonably modern hardware on a RAID 0 or RAID 5 setup should do that easily, or any modern SCSI drive system. Heck, you can buy off-the-shelf Firewire-B external drive systems capable of that. And disk subsystems aren't getting any slower (

Re:

[Kjella]

Well, first off you're assuming there's no such thing like a HDTV hardware encoder (after which you can store it on a plain non-raid HDD as far as bandwidth is concerned). Those chips are in sub-1000$ cameras, and you don't need lens, ccd, tape mechanism or any other fancy electronics, just the encoder chip. Probably a few hundred dollars at most, really.

Secondly, raw capture is certainly possible. Full HDTV is about 1.5Gbps (HD-SDI used for uncompressed HDTV interlinks for example). Then you can throw in s

Re:

[dfghjk]

What does firewire have to do with HDMI?

BTW, macs don't come with software or codecs to record, transcode or play back the HD MPEG streams available on firewire. Firewire hard drives aren't required either. You could have just as easily said firewire deck + PC + magic software. Nice try.

Re:Blu-Ray?

[Fordiman]

Unfortunately, dismissing the porn industry is what killed the technically superior Betamax. Without it, all they have is the rabid PS3 fans to bolster their film sales - and that's only if the gamers want to take a minute to watch a movie.

Re:Blu-Ray?

[Jugalator]

Has the same thing been done for Blu-Ray yet? I would like to see DRM on both systems being shown as being useless.

I agree, although it would be more amusing to me if Blu-ray DRM was broken with various key extraction algorithms in about 6 months or so, for it to reach the market better and give them less hope to just change details in the standard as a worst case scenario. :-) Makes me wonder if it's possible they'll do this with HD-DVD, or if it has reached critical mass alraedy, so to speak.

Re:

[ceejayoz]

Assuming they're a) in the US and b) not smart enough to cover their tracks, sure.

Re:

[julesh]

Just by figuring this out hasn't the DMCA now been violated and soon the people who made the discovery will be violated as well in federal pound-me-in-the-ass prison.

No. Only if the method is described to somebody else. And maybe only if the description is in the form of source code that can be compiled to a program that will crack the key on a disc, that one isn't entirely clear.

President Bush here....

[Frodo Crockett]

The DMCA only applies to the US, it doesn't apply to those outside the US.

That's what you think, bucko!

LET YOURSELF IN!

[Philip K Dickhead]

"The key is under the mat..."

Re:The fair use crowd?

[Wonko the Sane]

Not every use of a copyrighted work is fair. BackupHDDVD is just as useful to pirates.

or to people who have monitors capable of displaying full resolution HD content, but are not permitted to because of a lack of HDCP

or people who want to watch movies they bought on their mythtv system

or people who like to buy movies and watch them, but don't run windows

Re:The fair use crowd?

[Opportunist]

And guns are just as useful to criminals as they are to law enforcement units and law abiding people protecting their home.

Re:

[Lord Ender]

You win the ubertroll award.

Re:

[julesh]

Round 2 is people violating copyright claiming fair use

In this case, fair use is a pretty damned good argument. The fact that the videos will refuse to play because the player software has decided that it simply doesn't like your hardware is a good enough reason to circumvent the restrictions, IMO.

And if I owned the necessary hardware and such a disc, I'd be making that argument to the secretary of state [duke.edu] that I should be allowed access to an unprotected copy, in order to be able to access the data as is my