Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security Media

Interview with Developer of BackupHDDVD 223

An anonymous reader writes "HD DVD and Blu-Ray were supposedly protected by an impenetrable fortress. However a programmer named "muslix64" discovered that this was not the case, and released BackupHDDVD. Now, Slyck.com has an interview with the individual responsible, who provides some interesting insight to his success."
This discussion has been archived. No new comments can be posted.

Interview with Developer of BackupHDDVD

Comments Filter:
  • by toonerh ( 518351 ) * on Wednesday January 24, 2007 @04:49PM (#17743876)
    Unlike old DVD-Video, HD DVD and BluRay have a bit -- so far not set -- that degrades all output unless it is via an HDCP connection. This means my older Sharp 720p projector will be degraded along with all early adapter's HD gear

    This creates a powerful incentive to not just "backup" your HiDef DVD, rather to remove an onerous limitation -- it may violate the DCMA in the USA, but it is morally and legally sound to most of the world.
    • by purpledinoz ( 573045 ) on Wednesday January 24, 2007 @05:10PM (#17744138)
      Hollywood shouldn't be worried about this hack. They really should be worried about people actually buying these discs. What are the early adopter customers with the "non-secure" HDTVs supposed to do? Throw out their HDTV, and buy a new one so they can watch HD content? It's a real slap in the face of the customers... I hope both formats fail, and a new, non-restrictive format appears.
      • by SuperKendall ( 25149 ) on Wednesday January 24, 2007 @08:16PM (#17746418)
        You have found the very reason why they have not enabled the flag and will not for years to come - way too much old equipment and way too many customers to be pissed off.

        In the technical rounds it was easy enough to add the flag, but once the marketing people realized what it would do they nixed the use of it.
      • I won't buy either, nor will you or anyone in the know, but the uneducated might. If they pay enough attention to notice that their new HD player looks no better than the old DVD player and return it, that will be the beginning of the end. When a class action lawsuit comes because the discs they bought with the player are now opened, and can't be returned as such, that will nail the coffin. Any industry or company that presumes its customers are thieves and doesn't respect their personal property rights doe
        • Re: (Score:3, Insightful)

          by billcopc ( 196330 )
          Problem is, people won't realize the High-Def either doesn't show, or doesn't matter. Even worse: they won't care. Most people get all glazy-eyed with technology, they just accept that not all movies are created equal. Others just want the fanciest, most expensive toy to show off to their sexually dominant peers.

          It used to be, when someone bought a fancy overpriced stereo, came back the next day and said it sounded cheap, you'd tell them they need fancy overpriced cables to "bring out the quality" and of
    • by DrYak ( 748999 ) on Wednesday January 24, 2007 @05:20PM (#17744266) Homepage
      This can't be stoped. It's not like the first DeCSS that used stolen Xing keys and could only work for as long as the keys weren't revoked.
      This uses the keys specific for the DISC, which can't be changed anymore.

      And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched. It only rely to the fact that, whatever player you choose, at one moment it needs the volume key - which you can then grab and share on the net.

      There's no way to patch this.

      This is one more proof that the fundamental mechnics of the DRM - ie.: providing both the crypted data and the key in the same place - is flawed. You can't protect a content from the one who bought the disc. If data must be decrypted on the buyer's computer, then nothing cab prevent it from being circumvented.
       
      • by purpledinoz ( 573045 ) on Wednesday January 24, 2007 @05:28PM (#17744410)
        You underestimate the movie companies. The next step is to encrypt the the data on the disc, and throw away all the keys. This way, no one can decrypt it. Not even the pirates! There is one side effect though, no one can watch the movie either. Oh well, it's a fair compromise.
        • by Workaphobia ( 931620 ) on Wednesday January 24, 2007 @08:52PM (#17746686) Journal
          Fool. Bruce Schneier could still watch it.
          • Sure. When Bruce Schneier wants plaintext, he just squeezes out of the ciphertext with his bare hands.
        • Re: (Score:3, Interesting)

          Good.

          If the movie companies do an 'encrypt and throw away the key`, that would be great.

          To be frank with you all, I am quite discouraged with the quality of the product that Hollywood is putting out now. No, not discouraged; appalled is more like it!

          To put it bluntly, this stuff is not even worth the raw material in the darn DVD itself.

          Lets take those permanently locked DVD's and burn them in a boiler to make steam to run a turbine to generate electricity for that community theater where some really decent
      • by mrchaotica ( 681592 ) * on Wednesday January 24, 2007 @05:36PM (#17744530)
        And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched.

        Hence Treacherous Computing. You really think Microsoft and the content industry haven't thought of this? Sooner or later Windows is going to start encrypting memory and running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.

        • Can you imagine the huge hit on performance that would be? Every memory access has to be accompanied by a decrypt, every memory write accompanied with an encrypt. It will set back PC performance by many years. Plus, it'll have to be done in hardware, which is out of Microsoft's scope.
          • by arodland ( 127775 ) on Wednesday January 24, 2007 @05:49PM (#17744720)
            The hit isn't that bad if you have dedicated encryption hardware, which clearly exists. And Microsoft aren't the only ones in on this thing. AMD, Intel, Infineon, and IBM are all TCG partners.
          • by mrchaotica ( 681592 ) * on Wednesday January 24, 2007 @06:03PM (#17744946)

            Linux is already able to encrypt swap [linux.org] and I haven't heard anything about that slowing the computer down too much. Besides, some CPUs already have hardware-accelerated cryptography engines [via.com.tw] anyway. Finally, all new computers will come with a TPM [wikipedia.org], if they don't already. Although I don't think it's strictly required that the TPM be a cryptography accelerator, it makes sense for it to be.

            • Although I don't think it's strictly required that the TPM be a cryptography accelerator, it makes sense for it to be.

              I don't think any of the TPMs on the market are accelerators. The TPM is designed to provide secure key storage and system state attestation, not bulk encyryption/decryption. It's designed to securely store the key, bound to a particular system state, and then provide that key to the system to do bulk encryption/decryption on the main CPU.

              • I am aware of that. I was just saying that it would be a the logical place to put a cryptography accelerator.

                • I am aware of that. I was just saying that it would be a the logical place to put a cryptography accelerator.

                  Assuming the TPM got a faster connection to the main system, yes. The TPM in my Thinkpad is sitting on a slow USB bus, which makes it a pretty poor place to put an accelerator. If connected via USB2, or, even better, on the PCI/PCI-X bus, then it would be a logical place to put a hardware 3DES or AES co-processor.

          • by ncc74656 ( 45571 ) * <scott@alfter.us> on Wednesday January 24, 2007 @07:47PM (#17746164) Homepage Journal
            Can you imagine the huge hit on performance that would be? Every memory access has to be accompanied by a decrypt, every memory write accompanied with an encrypt. It will set back PC performance by many years.

            ...and this would be different from any other Windows release how, exactly?

        • Russian dolls. (Score:5, Interesting)

          by DrYak ( 748999 ) on Wednesday January 24, 2007 @05:53PM (#17744774) Homepage
          running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.


          Yes, and how Windows it self will know that it isn't running inside a "simulated" trusted computer (the TC chip is virtual and part of the emulator) running inside an actual regular computer (with no chip to prevent you from running whatever you want ?) ...or running with a root kit hidden it self inside, like the Sony's one ? Treacherous Computing may work on the paper, but Microsoft isn't exactly known for perfect implementation of security tools. Root kits WILL be available.

          For this to work you actually need TC-enabled computers. There aren't currently enough of them.
          So either Microsoft pisses of its customers with something like "HD DVD & BD can only played on Windows Vista running on special mother boards. The rest of 80% of you just can't play them at all" (and currently customers are already pissed enough because they can't always play in full HD when they don't have display systems that *are* getting popular those days). Or either microsofts accepts to let some player run outside it's protected models and you don't even need a virtual machine or root kit to extract the needed data from memory.

          As said by another /.er : stoping to provide the decryption key is the only way to avoid circumventing protection... but won't be implemented for very obvious reasons.
          • Yes, and how Windows it self will know that it isn't running inside a "simulated" trusted computer (the TC chip is virtual and part of the emulator)

            Unless I'm mistaken, the TPM is itself is signed. Windows can check that to figure out whether the TPM it thinks exists really does or not. Or in other words, to "simulate" a TPM you need to get the Trusted Computing Group's private key.

            For this to work you actually need TC-enabled computers. There aren't currently enough of them. So either Microsoft pisses of

            • Unless I'm mistaken, the TPM is itself is signed. Windows can check that to figure out whether the TPM it thinks exists really does or not. Or in other words, to "simulate" a TPM you need to get the Trusted Computing Group's private key.
              ...Or have a real Trusted computer available, and institute a Man-in-the-middle attack.
          • LATENT TPC (Score:3, Insightful)

            by goombah99 ( 560566 )
            How do you know that Intel has not been putting a TPC module in every CPU for the last five years? They've had this ring architecture for a decade, could there not be one more ring they never told us about? in five more years they could turn it on and surprise! every computer less than a decade old is TPC complient. The remaineder still run but can't use the new OS or must run in a reduced privledge mode.
            • ===
              How do you know that Intel has not been putting a TPC module in every CPU for the last five years? They've had this ring architecture for a decade, could there not be one more ring they never told us about? in five more years they could turn it on and surprise! every computer less than a decade old is TPC complient. The remaineder still run but can't use the new OS or must run in a reduced privledge mode.
              ===

              Two words: CLASS ACTION.

              L
            • Re: (Score:3, Insightful)

              by TheGavster ( 774657 )
              Intel, like all corporations, likes money. I see it far more likely for them to use the space for a few more K of L1 cache than to implement some secret doomsday circuit so that someone else can make money.
        • by Firehed ( 942385 )
          So by the time we're all being screwed over by the TC in Vienna (IIRC), we'll have how many other dozens of operating systems that can run the exact same hack without worrying about this sandboxing?

          I think it's a horrible idea too, but I think that Hollywood might have finally realized by the time that something like you suggest could happen that DRM is pointless and serves no purpose other than to screw over customers - especially their early adopters, who they make a ton of money off. Signs are pointing
          • So by the time we're all being screwed over by the TC in Vienna (IIRC), we'll have how many other dozens of operating systems that can run the exact same hack without worrying about this sandboxing?

            Theoretically, none: Vienna and whatever version of Mac OS exists then will both be "Trusted[sic]," and all Free Software operating systems won't have legal HD disc playback software.

            I think it's a horrible idea too, but I think that Hollywood might have finally realized by the time that something like you sugg

      • Re: (Score:3, Interesting)

        And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time.

        Which is why Windows Vista adds a special type of processes: "protected processes": You can't look at the memory of those processes, you can't debug them, you can't do *anything* to them. Not even the antivirus software can look into them. And because the kernel can't load unsigned drivers, you can't do kernel tricks to jump the protections. Microsoft
        • I'll bet... (Score:3, Insightful)

          by tkrotchko ( 124118 ) *
          It seems likely to me that MS has a trick to allow protected processes to be debugged. It's either a secret mode of Vista, or they have debug builds of Vista that allow this type of snooping to take place.

          I mean, in the perfect world, you develop non-protected, and then you turn it into a protected process once it's been debugged. But back in the real world, certain programs will break and you'll only be able to debug in "protected" mode.

          If Hollywood is bright, they'll just ignore this. The DVD is certai
          • Re: (Score:2, Interesting)

            by Fulg ( 138866 )

            It seems likely to me that MS has a trick to allow protected processes to be debugged. It's either a secret mode of Vista, or they have debug builds of Vista that allow this type of snooping to take place.

            Well, there's this:

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

            ...which already allows one to "hijack" any executable and replace it with another, on a retail system (it's still there in Vista). No idea how/if it will work on a protected executable, though

        • And because the kernel can't load unsigned drivers...

          Sure it can. You just need to tell it to, and they don't make that especially easy.
          • by Sancho ( 17056 ) *
            In 64-bit Vista, you have to enable this functionality at boot. You cannot permanently enable it (i.e. every time you reboot, you have to re-select that option) and I'm sure that the 'protected' software won't run in this mode.
        • by jZnat ( 793348 ) *
          So then we'll just run the programs in WINE or ReactOS or something (which would probably work perfectly by the time a Windows OS came out that enforced that).
      • by Dahamma ( 304068 )
        This can't be stoped. It's not like the first DeCSS that used stolen Xing keys and could only work for as long as the keys weren't revoked.
        This uses the keys specific for the DISC, which can't be changed anymore.


        But they can minimize the damage. They can revoke the PC HD-DVD player, and then republish the movies with a new title key. That way the only compromised content is the few thousand HD-DVDs that have been sold for those titles so far.

        If they really want to stop this in the future, they just revoke
      • Re: (Score:3, Interesting)

        I wonder how much money is being made off DRM by companies like Microsoft that know it will never work. When the guys with the money (the media companies in this case) want something impossible, and want it badly enough, smart tech vendors can make a lot of money by playing along.
      • Re: (Score:3, Interesting)

        There's no way to patch this.

        Oh pish. Of course in theory you can always extract the key from any player, in practice it's possible to make this so hard to do nobody can manage it. This is the approach satellite TV vendors have used - of course they keys are somewhere inside those smartcards or devices, but good luck to you if you try and extract them. The fact that most software players suck at protection is no news, for as long as there will be software HD-DVD/BluRay players, there will be leaked title

    • As I understand this it extracts the title or volume key from the PC memory. One could have gone after the upstream player keys since they are in memory too but then if they ever figured out what player you were using from the crack then all future titles and disks would remove that player key. That would of course break every player with that key, but it's not so bad with PC players as it would be with physical players, since the company with the broken player could offer a downloadable software upgra
      • Actually I'm wrong. here's how they can fix their problem fairly well.

        Those old players that arebeingused to extract the title key can have their player keys revoked. That will bust some limited number of players too. Now without those player keys the old players cant decode the title keys. So they have to migrate to new players. If those players are stealthier then they may not be able to figure out how to extract the title keys.

        Finally what if the new players were to get some of their executables rig
      • by Sancho ( 17056 ) *
        There is no 'making the keys stealthier and starting over'. The problem with this sort of DRM, as has been noted many, many times, is that the decryption key and the cyphertext are distributed to the end-user. It doesn't matter how obfuscated they make it--if it can be read by the PC, it can be extracted by the PC.

        Trusted computing may make this harder--I'm not sure whether it will make it impossible, however.

        I think the reason Hymm failed is because DVD-Jon stopped working on breaking iTunes DRM in that
    • I'm not sure where you get that idea, because I'm definitely not seeing any degradation on my 360's HD-DVD player over component at 1080i.
      • I've been wondering about this - it may be four times the number of pixels, but how much would you actually notice the resolution change from 1920x1080 to 960x540 (the purported penalty resolution of HDCP) when playing an HD-encoded film on an average-sized HDTV?
        • Well, I'd be the last person to ask since I have a 42" Westinghouse LCD.

          What I would most likely notice is scaling artifacts.

          If there's still an "analog hole" then I'll be plenty happy with 1080i over component or 1080p over VGA.
          • With all due respect, I don't think it's even possible to get scaling artifacts on an exact resize like that, which is mostly why I asked my question in the first place. All you would have to do to get from 1920x1080 to 960x540 is preserve 1/4th of the pixels in the image. It's still better quality than DVD video, and especially so if the new video encoding that HD-DVD and Blu-ray use is more efficient.
      • The mandatory player quality degradation occurs over non-HDCP compliant *digital* (DVI/HDMI) connections. They don't deem it necessary to lower the rez for analog (Component) connections.

        The main purpose of this is apparently to make it a pain in the ass to play movies, so that consumers like me will get their hidef entertainment from satellite TV and the internet, rather than their stupid discs and format-crippled players. Yay!
        • Re: (Score:3, Informative)

          The mandatory player quality degradation occurs over non-HDCP compliant *digital* (DVI/HDMI) connections. They don't deem it necessary to lower the rez for analog (Component) connections.

          I don't think that's right (or if it is now, I don't think it will be for long). Windows XP Media Center Edition 2005 already refuses to play regular DVDs above 480i resolution when a TV-capable graphics adapter card is installed. I connect my Media Center PC to my HDTV via analog VGA. Since the graphics adapter is capable of S-Video and Component output, MCE will not play DVDs, even over VGA. The "resolution" of this issue (no pun intended) is to set your display resolution to 480i or lower. (Or allegedly

      • by jZnat ( 793348 ) *
        1080i can be losslessly shrunk to be 540p (or near-losslessly to 538p), the resolution that you would get from the degredation. So, unless your source material isn't very active, the video quality is basically the same.
      • by Sancho ( 17056 ) *
        Note the 'so far not set' part of your parent's post. The bit to degrade if HDCP is not present exists in the specification and on every disc, but right now it is set to 0. Once they start producing discs with that bit set to 1 (after the format is more standardized and more people have committed to it) they will start setting the bit and you will see the degraded signal.
    • by Lumpy ( 12016 )
      The bit doesnt degrade anything it tells the playback software to degrade the picture quality.. If the software is written to not do anything ,then the signal is 100%.. That will probably be the first cracks, patching the software playback apps or firmware in dvd players to no longer do this degradation... something that is far eaqsier than cracking encryption.

      I cant wait for the anyhd-dvd and anybluray programs to be released so we can get around the useless protections and into the product we actually pu
      • Re: (Score:3, Informative)

        by plover ( 150551 ) *
        The original poster was incorrect in his explanation. The "bit" is implemented in the software, not in the disc. In Windows Vista, Microsoft is calling it the "tilt switch". Any attempt to "subvert" the Protected Media Path is supposed to flip the bit, causing degradation of the signal. This means things like "unsigned drivers" or home-grown ripper type activity.
    • Unlike old DVD-Video, HD DVD and BluRay have a bit -- so far not set -- that degrades all output unless it is via an HDCP connection. This means my older Sharp 720p projector will be degraded along with all early adapter's HD gear

      The ICT forces down sampling to 960x540. Rather better than DVD video. Your aging Sharp can - in theory - display 1280x720. But will you see any difference on screen?

      You will still be getting full theater sound, multichannel captioning, dialogue and commentary tracks, all the i

  • by Anonymous Coward on Wednesday January 24, 2007 @04:51PM (#17743916)
    Anyone have a cost estimate for producing the AACS DRM? I'm guessing the crack didn't cost nearly as much.

    Mij
    • Re: (Score:3, Funny)

      I don't know how much it cost to create, but the cost to crack it was just 8 days of work, and probably a case or 2 of Mt. Dew.
    • Re: (Score:3, Insightful)

      I'd be willing to bet that the cost to produce AACS was pretty high in the grand scheme of things. AACS was created by a consortium consisting of [aacsla.com] IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, and Warner Brothers. Granted that huge corporations like those can afford to throw tons of money and resources at a project like AACS, but the bottom line is that it probably cost a pretty penny. Consider the person-hours involved in just high level meetings among all those companies to hash out the AACS

  • Server Bombed (Score:5, Informative)

    by FST ( 766202 ) on Wednesday January 24, 2007 @04:53PM (#17743936) Journal
    Well, the server is being bombed now. Here's the text from the page if you don't want to wait for 5 minutes per sentence.

    The next generation of optical disc technology holds the promise to change the way we interact with and store digital media. Perhaps the most exciting change is the arrival of High Definition (HD) video, with its glorious 1920x1080 pixel resolution. It's a quantum leap forward in terms of watching digital content, as its vast resolution reveals a quality never seen before in such fine detail.

    Because of the rapid escalation of digital file-sharing - especially of video files - Hollywood has been working around the clock to protect HD content. This is especially relevant for one of its primary delivery mechanisms - HD DVD and Blu-Ray discs. These next generation discs, with capacities of 30 gigabytes and 50 gigabytes respectively, have their content protected with an array of DRM (Digital Rights Management.) Both are protected with a scheme called AACS, or Advanced Access Content System. This DRM is a great leap forward compared to the weak CSS, or Content Scrambling System, that currently "protects" DVDs. Thanks to Fox, Blu-Ray has an additional layer of protection, called BD+, although most discs have yet to support this protection.

    Although Hollywood has constructed enough DRM architecture to rival the Pyramid of Giza, it has long been suspected that it would be only a matter of time before HD DVD and Blu-Ray content protection were compromised. Convinced the golden DRM egg had been laid, it seemed that nothing could penetrate the great AACS wall. And to this day, that great wall still stands.

    But why crash through the main gates of Constantinople when you can just pick the lock of a long forgotten rear entrance?

    On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection - not the copy protection - of HD DVD. Additionally, he made available an open source program named BackupHDDDVD. At the time, this program was a command line program that bypassed the content protection - providing the individual successfully obtained the title and volume keys associated with the HD DVD. Once the individual has the keys, the AACS protection can be sidestepped, and the HD movie content can be extracted. According to muslix64, it took all of eight days to successfully circumvent HD DVD content protection.

    Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.

    The mainstream media tends to have many labels for you, i.e. hacker, cracker, pirate, etc., in response to your efforts. What would you call yourself and what would you label your efforts?

    I'm just an upset customer. My efforts can be called "fair use enforcement"!

    What motivated you to help circumvent the content protection scheme associated with HD DVD and Blu-Ray?

    With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad...

    After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.

    Explain how decrypting the device and volume keys are critical to your success. Could you explain the difference between the two?

    The device keys, are the keys associated to the player.

    The volume key, is the key associated to the movie.

    I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them. Having the volume key means that you can decrypt ti
    • So HD Video is the smallest possible step forward then? Given all the hi-def kit that people have already bought that isn't compatible with the copy-protecto-flibberty-fuck I suppose "quantum leap" is a fair description.
  • by jizziknight ( 976750 ) on Wednesday January 24, 2007 @04:57PM (#17743984)

    So technically speaking, it was easier to bypass AACS than CSS.
    Oh, the irony. It figures that the more complicated the DRM, the easier it is to crack.
    • by CastrTroy ( 595695 ) on Wednesday January 24, 2007 @05:01PM (#17744020)
      Well, he didn't crack it in the same way. With DECSS, you can crack any disk by just putting it in a drive and running the program. With the AACS crack, you have to run some other player and extract the title key out of memory, probably by using a debugger or something. The CSS crack was harder because they actually cracked every disk, and reversed the encryption. The AACS crack doesn't accomplish the same thing. Although you can still decrypt disks, you can't just make program that does it automatically.
      • by Sycraft-fu ( 314770 ) on Wednesday January 24, 2007 @05:12PM (#17744152)
        Ya, perhaps sidestep is a better term than crack. In all likelihood the cryptosystem itself can't be broken, it's AES. While we can never say for certain there's not an unknown weakness in a system, AES is one of the most studied ones out there and thus far it remains secure enough to use for classified data.

        So, like the author said, you don't attack it you go around it. Obviously if the movie is being played back at some point things are being decrypted and you can get your hands on that key. That's precisely what he does. The player uses its key to decrypt the key that the volume is encrypted with. He then nabs that key and uses it to decrypt the volume.
      • It's the whole classic problem of the fact that with these discs, you basically have to include the encryption key on the disc. So the licensed player has to know where to find it. At some point, it has to be in memory to decrypt the disc. So, since you have both the encrypted data and the key used to decrypt it, you can have at the unencrypted data all you want.

        No matter how you slice it, all DRM can be cracked because the user's computer, at some point, has the encryption key in memory. That is, until
      • Although you can still decrypt disks, you can't just make program that does it automatically.

        Funny, that's what's being worked on right now buy guys over at the Doom9 Forum; although, at the moment, you do still have to have a (broken) HD-DVD player to grab the Vuk from memory.

        I have posted a modified version of BackupHDDDVD . . . [that] can also get it's own keys from memory if WinDVD is playing. . . If they select the memory option, they are prompted to press ENTER when WinDVD is playing. Once the me

    • by SatanicPuppy ( 611928 ) * <Satanicpuppy@nosPAm.gmail.com> on Wednesday January 24, 2007 @05:36PM (#17744536) Journal
      I don't know why they bother. CSS was "easy" because the encryption didn't change, so once you'd broken it, it was done, unless they wanted to break the standard.

      With AACS they "learned" something and used much beefier encryption, and mutable keys...Which makes the keys vulnerable. Some bright boy notices this, breaks the weak security on the keys, and voila! The system, while not broken, is seriously compromised.

      It's all pointless though. The companies pushing the DRM have far fewer resources than the people who want to view the content, and the content itself cannot be truly secured because it's meant to be viewed! So they're just throwing away money, and, as Muselix64 himself cogently pointed out in the "interview", the turnaround for fixes from the companies is so long, that there is effectively no way they can stay ahead of the crackers.
    • Re: (Score:3, Funny)

      by rmckeethen ( 130580 )

      Obligatory Star Trek quote:

      "The more they overthink the plumbing, the easier it is to stop up the drain."

      --Chief Engineer Montgomery Scott, Star Trak III

  • by bcmbyte ( 996126 ) on Wednesday January 24, 2007 @05:03PM (#17744052) Homepage
    It sure seems to me that the media companies chasing the people finding holes in their impenetrable fortress' is much like a dog that chases his own tail. Every once in a while he gets it, but then it hurts and he lets go, and then he off again chasing his tail. The time and money they spend protecting their stuff might be better spend on an ad campaign, or better yet drop the prices of the content so that maybe, just maybe they will sell a few more..
  • by Alphager ( 957739 ) on Wednesday January 24, 2007 @05:16PM (#17744220) Homepage Journal

    It seems the interviewer knows _NOTHING_ about the subject:

    [...]if an individual were to download "Serenity", and play it successfully on his or her Power DVD player - and never updated the software - would it be immune from any Hollywood counterattack?

    You can play an unencrypted movie wherever you want; an update of the encryption-scheme will not magicalle re-encrypt the movie. DUH!

    Do you see Microsoft Vista's implementation of HDCP being an obstacle to playing compromised HD movies in high definition?

    An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.

    • by SydShamino ( 547793 ) on Wednesday January 24, 2007 @06:29PM (#17745246)
      You can play an unencrypted movie wherever you want; an update of the encryption-scheme will not magicalle re-encrypt the movie. DUH!
      An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.


      I don't think you read these questions the same way muslix64 did. You are incorrect, because the content industry could force future versions of PowerDVD to automatically downgrade the video quality of any unencrypted video it played. This would be a "Hollywood counterattack" that does not re-encrypt the video like you assumed. Likewise, because an unprotected movie does not require HDCP, Microsoft could force all video played on its operating system to be downgraded unless HDCP is enabled.

      I know, neither PowerDVD nor Microsoft would ever actually do this. Even if they did, there are alternative open-source players, and alternative open-source operating systems, to which these changes would never be made. This is exactly what muslix64 says when he replies "Or you can use open-source player, like VideoLan, if a player like PowerDVD become more restrictive about playing decrypted movies."

    • While I agree with your post, it would be possible for watermarks to be inserted into the movie. The player could then detect these, and refuse to play it.

      Then you'd have to use VLC to play it ;-)

      however, if the watermark was detected at a lower level (maybe a post-Vista operating system with TPM, if MS ever makes one) then that could possibly prevent even VLC playing it (in Windows).

      Then you'd have to use Linux ;-)
  • by gillbates ( 106458 ) on Wednesday January 24, 2007 @05:43PM (#17744616) Homepage Journal

    If I understand it correctly, my output resolution will be degraded unless I buy a MPAA-approved display device?

    Why would I bother upgrading from DVD if I'm not going to get any better quality?

    Tip to Hollywood: Deliberately crippling technology doesn't boost sales. As far as I'm concerned, there's no point in buying into this. Why would I bother to spend a lot of money for something that won't work with my existing equipment, and likely won't work in the manner I intend to use it?

    • "If I understand it correctly, my output resolution will be degraded unless I buy a MPAA-approved display device? Why would I bother upgrading from DVD if I'm not going to get any better quality?"

      Devil's advocate here - don't label me pro-DRM.

      If you're buying movies anyway, and the movie IS enforcing the downgrade requirement, then you won't see much difference from DVD... until you upgrade your television at some point in the future - at which time magically all the HD movies suddenly become viewabl
  • I love this guy... (Score:5, Insightful)

    by LukeCage ( 1007133 ) on Wednesday January 24, 2007 @05:44PM (#17744638)

    After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.

    Bless you, muslix. Now the two formats can compete as true equals where it counts: in the ease of supplementing your legitimate media collection with illegal copies of things that you "kind of like".

    Let's not pretend that there is one type of pirate. There are many levels of pirate, and by far the most common type (at least in my experience) is the "pirate" who buys plenty of legitimate media, but occasionally supplements their colleciton with an illegal copy of something that they don't care enough about to pay full price for. You can see the popularity of this line of thinking by watching people paw through the "bargain bin" at any major retailer. These are the movies that no one liked enough to pay full price for, but still maange to sell. This is more of a problem, as I see it, with the uniform pricing structure of DVDs. Let's not pretend that "Batman Begins" and "Sisterhood of the Travelling Pants" are worth the same amount of money to most people. They are simply not, and should be priced differently from the get-go. Sadly the media companies instead try to rake in bucks from the "gotta have it now" super-fans crowd by artificially inflating the price; the side-effect is piracy. I would wager that the media companies gain more money then they lose by this process; the convenience of the consumer does not enter into the equation (these companies have demonstrated, repeatedly and without a doubt, that the convenience of the consumer is a very, VERY low priority to them).

    Of course I am deliberately discounting bring up That Guy. You know That Guy. He is the guy with the huge collection of pirated movies for the sake of having them. To be fair, unless That Guy has a lot of friends (and usually they do not) they are no real threat to media companies. That Guy would not have purchased the movies anyway, and his collection is (to put it bluntly) a dick-measuring contest to make himself feel better anyway. Every That Guy that I have ever met has had movies of laughably bad quality in their collection; their love is not for the cinema but rather, like a dragon, they hoard the wealth for it's own sake rather than an appreciation for it. And that might be the dorkiest thing I have ever written.

    • Re: (Score:3, Funny)

      by goombah99 ( 560566 )
      Is THAT you, there "that guy". You were pretty cagey about your proclivities up until you mentioned the dragon.
  • ... if this encryption scheme was made intentionally easy to bypass/break after all think of all those MPAA lawyers that would be out of a job if these formats were 100% un-crackable.

  • by Luscious868 ( 679143 ) on Wednesday January 24, 2007 @05:54PM (#17744802)
    The *IAA wastes so much time, energy and ultimately money on various DRM implementations and the end result is always the same. The DRM is eventually cracked so those who want to pirate material can and do yet the DRM is cumbersome enough to upset and turn off a certain percentage of legitimate customers.

    My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.

    Things like this only serve to alienate legitimate consumers who are already inclined to pay for the product. The pirates just wait for the DRM to be cracked.
    • My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.

      Did he actually try this out? I had the impression that no current discs have the Image Constraint Token [wikipedia.org] set, so there would be no downgrading for now.

  • by Bralkein ( 685733 ) on Wednesday January 24, 2007 @06:03PM (#17744948)
    Since the DRM on these new formats is so insulting, I'll always be happy to see it suffering setbacks like this. However, I'd be slightly less happy if the person who cracked it was just some guy who wanted to be able to get everything for free and impress his mates by giving them free movies. Assuming this muslix64 character is telling the truth, he seems like a decent sort. His story is just that he wanted to be able to use his own purchased movies in the way that he wants to, in his own home. So consider him thoroughly endorsed!

    On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdcss-style crack for these formats. I'd like to think it's only a matter of time...
    • On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdc

    • I hate to respond to the same comment 2x, but I think I misunderstood what I read. :-$

      I completely missed:
      "like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future."

      You are correct, you need a Windows(tm)(C)(All rights reserved) player from which to capture the key.
  • by Compulawyer ( 318018 ) on Wednesday January 24, 2007 @06:45PM (#17745418)
    To paraphrase from an old law school joke:

    Q: What is the fastest way to crack a DRM scheme?

    A: Label it as uncrackable.

    Thank you, thank you. I'll be here all week. The 9:00 show is completely different from the 7:00 show. Be sure to tip your bartenders and waitresses.

    • by amosh ( 109566 ) on Wednesday January 24, 2007 @10:14PM (#17747252)
      I don't mean to flame your .sig... but you've got it exactly wrong. Laws about tech will always be bad, until enough techies become lawyers.

      Hmm, person X is a lawyer. She makes mid six figures and works 80 hours a week. She have a staff to handle IT issues. Her motivation to 'become a techie' is...? I, on the other hand, got sick of the fact that other people were writing the rules that controlled my industry. So I left off being a netadmin and now I'm in law school. You want the laws to be sane? Start writing them, rather than leaving that to people who don't have a clue, and don't have the slightest reason to care.

  • by Pikoro ( 844299 ) <init.init@sh> on Wednesday January 24, 2007 @07:53PM (#17746232) Homepage Journal
    How about a player for linux?

    Since, based on the past, none of the studios will license a key for a linux player, I propose we create a player that, as part of playback, incorporates this "crack".

    To get around this, the player will prompt for the disc key before playback. Then, the disc is decrypted as playpack is performed, thereby bypassing the "Player Key".

  • by buss_error ( 142273 ) on Wednesday January 24, 2007 @08:52PM (#17746684) Homepage Journal
    I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them.


    Which is why I will never "upgrade" to HD. When my lowdef stuff stops working, I'll simply opt out of the rat race and not buy anything. Books are still good.

    I will not pour thousands of dollars into a HD system only to have some jerk in a corner office somewhere decide that my investment constitutes a risk to his profits, and be able to take it away from me without consequence, without my consent, and without buying me new geegaws. F'em. They don't generate ANY content I'd be willing to pay that much to watch.

    But that's just me. Feel free to pour $BUCKs into their profiteering maws if you wish. It's your money... well, your's and mostly THEIRs, since they can decide to take it away from you.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...