Interview with Developer of BackupHDDVD 223
An anonymous reader writes "HD DVD and Blu-Ray were supposedly protected by an impenetrable fortress. However a programmer named "muslix64" discovered that this was not the case, and released BackupHDDVD. Now, Slyck.com has an interview with the individual responsible, who provides some interesting insight to his success."
Degrading Quality May Boost Cracking (Score:5, Interesting)
This creates a powerful incentive to not just "backup" your HiDef DVD, rather to remove an onerous limitation -- it may violate the DCMA in the USA, but it is morally and legally sound to most of the world.
Re:Degrading Quality May Boost Cracking (Score:5, Interesting)
That's why they have not, and will not, enable (Score:5, Insightful)
In the technical rounds it was easy enough to add the flag, but once the marketing people realized what it would do they nixed the use of it.
Re: (Score:3, Interesting)
We don't have to trust them. We have Blu-Ray/HD-DVD backup. I am just explaining what will happen, and why.
No, thanks. I think that as the media companies become more and more desperate, as it becomes painfull
Re: (Score:2)
Re: (Score:3, Insightful)
It used to be, when someone bought a fancy overpriced stereo, came back the next day and said it sounded cheap, you'd tell them they need fancy overpriced cables to "bring out the quality" and of
Re: (Score:2)
FTA: There are indications now that DRM is being considered for obsolescence.
Also... it appears as though some [slashdot.org] media companies [slashdot.org] are considering abandoning DRM.
Re: (Score:2)
Re: (Score:3, Insightful)
That could be, but I'm hoping it's something more than that.
From what I can tell, there's three camps of consumers when it comes to DRM:
I know the recording industry is losing out on sales th
Re: (Score:3, Interesting)
Your second camp can be divided into the group that doesn't like it all that much, but buys it if the DRM can be bypassed, and the group that doesn't like it all that much, but sucks it up and deals with it. I conside
And the best part is... (Score:5, Informative)
This uses the keys specific for the DISC, which can't be changed anymore.
And the best part : In order to decrypt the movie and play it, every player *HAS* to have the volume ke in memory or SIMD register for a short period of time. No matter if players key are revoked, version upgraded, bugs fixed, etc... This technique doesn't rely on any bug that can be patched. It only rely to the fact that, whatever player you choose, at one moment it needs the volume key - which you can then grab and share on the net.
There's no way to patch this.
This is one more proof that the fundamental mechnics of the DRM - ie.: providing both the crypted data and the key in the same place - is flawed. You can't protect a content from the one who bought the disc. If data must be decrypted on the buyer's computer, then nothing cab prevent it from being circumvented.
Re:And the best part is... (Score:5, Funny)
Re:And the best part is... (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
If the movie companies do an 'encrypt and throw away the key`, that would be great.
To be frank with you all, I am quite discouraged with the quality of the product that Hollywood is putting out now. No, not discouraged; appalled is more like it!
To put it bluntly, this stuff is not even worth the raw material in the darn DVD itself.
Lets take those permanently locked DVD's and burn them in a boiler to make steam to run a turbine to generate electricity for that community theater where some really decent
Re:And the best part is... (Score:5, Informative)
Hence Treacherous Computing. You really think Microsoft and the content industry haven't thought of this? Sooner or later Windows is going to start encrypting memory and running non-"Trusted" programs in a sandbox that prevents them from accessing the hardware directly, specifically to prevent this kind of attack.
Re: (Score:2)
Re:And the best part is... (Score:4, Informative)
Re:And the best part is... (Score:5, Informative)
Linux is already able to encrypt swap [linux.org] and I haven't heard anything about that slowing the computer down too much. Besides, some CPUs already have hardware-accelerated cryptography engines [via.com.tw] anyway. Finally, all new computers will come with a TPM [wikipedia.org], if they don't already. Although I don't think it's strictly required that the TPM be a cryptography accelerator, it makes sense for it to be.
Re: (Score:2)
I don't think any of the TPMs on the market are accelerators. The TPM is designed to provide secure key storage and system state attestation, not bulk encyryption/decryption. It's designed to securely store the key, bound to a particular system state, and then provide that key to the system to do bulk encryption/decryption on the main CPU.
Re: (Score:2)
I am aware of that. I was just saying that it would be a the logical place to put a cryptography accelerator.
Re: (Score:2)
I am aware of that. I was just saying that it would be a the logical place to put a cryptography accelerator.
Assuming the TPM got a faster connection to the main system, yes. The TPM in my Thinkpad is sitting on a slow USB bus, which makes it a pretty poor place to put an accelerator. If connected via USB2, or, even better, on the PCI/PCI-X bus, then it would be a logical place to put a hardware 3DES or AES co-processor.
Re:And the best part is... (Score:4, Funny)
Russian dolls. (Score:5, Interesting)
Yes, and how Windows it self will know that it isn't running inside a "simulated" trusted computer (the TC chip is virtual and part of the emulator) running inside an actual regular computer (with no chip to prevent you from running whatever you want ?)
For this to work you actually need TC-enabled computers. There aren't currently enough of them.
So either Microsoft pisses of its customers with something like "HD DVD & BD can only played on Windows Vista running on special mother boards. The rest of 80% of you just can't play them at all" (and currently customers are already pissed enough because they can't always play in full HD when they don't have display systems that *are* getting popular those days). Or either microsofts accepts to let some player run outside it's protected models and you don't even need a virtual machine or root kit to extract the needed data from memory.
As said by another
Re: (Score:2)
Unless I'm mistaken, the TPM is itself is signed. Windows can check that to figure out whether the TPM it thinks exists really does or not. Or in other words, to "simulate" a TPM you need to get the Trusted Computing Group's private key.
Re: (Score:2)
LATENT TPC (Score:3, Insightful)
Re: (Score:2)
How do you know that Intel has not been putting a TPC module in every CPU for the last five years? They've had this ring architecture for a decade, could there not be one more ring they never told us about? in five more years they could turn it on and surprise! every computer less than a decade old is TPC complient. The remaineder still run but can't use the new OS or must run in a reduced privledge mode.
===
Two words: CLASS ACTION.
L
Re: (Score:3, Insightful)
Re: (Score:2)
I think it's a horrible idea too, but I think that Hollywood might have finally realized by the time that something like you suggest could happen that DRM is pointless and serves no purpose other than to screw over customers - especially their early adopters, who they make a ton of money off. Signs are pointing
Re: (Score:2)
Theoretically, none: Vienna and whatever version of Mac OS exists then will both be "Trusted[sic]," and all Free Software operating systems won't have legal HD disc playback software.
Re: (Score:3, Interesting)
Which is why Windows Vista adds a special type of processes: "protected processes": You can't look at the memory of those processes, you can't debug them, you can't do *anything* to them. Not even the antivirus software can look into them. And because the kernel can't load unsigned drivers, you can't do kernel tricks to jump the protections. Microsoft
I'll bet... (Score:3, Insightful)
I mean, in the perfect world, you develop non-protected, and then you turn it into a protected process once it's been debugged. But back in the real world, certain programs will break and you'll only be able to debug in "protected" mode.
If Hollywood is bright, they'll just ignore this. The DVD is certai
Re: (Score:2, Interesting)
Well, there's this:
Re: (Score:2)
Sure it can. You just need to tell it to, and they don't make that especially easy.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This uses the keys specific for the DISC, which can't be changed anymore.
But they can minimize the damage. They can revoke the PC HD-DVD player, and then republish the movies with a new title key. That way the only compromised content is the few thousand HD-DVDs that have been sold for those titles so far.
If they really want to stop this in the future, they just revoke
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Oh pish. Of course in theory you can always extract the key from any player, in practice it's possible to make this so hard to do nobody can manage it. This is the approach satellite TV vendors have used - of course they keys are somewhere inside those smartcards or devices, but good luck to you if you try and extract them. The fact that most software players suck at protection is no news, for as long as there will be software HD-DVD/BluRay players, there will be leaked title
What it does and doesn't do (Score:2)
Ah here's something they can do... (Score:2)
Those old players that arebeingused to extract the title key can have their player keys revoked. That will bust some limited number of players too. Now without those player keys the old players cant decode the title keys. So they have to migrate to new players. If those players are stealthier then they may not be able to figure out how to extract the title keys.
Finally what if the new players were to get some of their executables rig
Re: (Score:2)
Trusted computing may make this harder--I'm not sure whether it will make it impossible, however.
I think the reason Hymm failed is because DVD-Jon stopped working on breaking iTunes DRM in that
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What I would most likely notice is scaling artifacts.
If there's still an "analog hole" then I'll be plenty happy with 1080i over component or 1080p over VGA.
Re: (Score:2)
Re: (Score:2)
The main purpose of this is apparently to make it a pain in the ass to play movies, so that consumers like me will get their hidef entertainment from satellite TV and the internet, rather than their stupid discs and format-crippled players. Yay!
Re: (Score:3, Informative)
The mandatory player quality degradation occurs over non-HDCP compliant *digital* (DVI/HDMI) connections. They don't deem it necessary to lower the rez for analog (Component) connections.
I don't think that's right (or if it is now, I don't think it will be for long). Windows XP Media Center Edition 2005 already refuses to play regular DVDs above 480i resolution when a TV-capable graphics adapter card is installed. I connect my Media Center PC to my HDTV via analog VGA. Since the graphics adapter is capable of S-Video and Component output, MCE will not play DVDs, even over VGA. The "resolution" of this issue (no pun intended) is to set your display resolution to 480i or lower. (Or allegedly
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I cant wait for the anyhd-dvd and anybluray programs to be released so we can get around the useless protections and into the product we actually pu
Re: (Score:3, Informative)
Re: (Score:2)
The ICT forces down sampling to 960x540. Rather better than DVD video. Your aging Sharp can - in theory - display 1280x720. But will you see any difference on screen?
You will still be getting full theater sound, multichannel captioning, dialogue and commentary tracks, all the i
Investment in DRM vs. Investment to crack (Score:5, Funny)
Mij
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
I'd be willing to bet that the cost to produce AACS was pretty high in the grand scheme of things. AACS was created by a consortium consisting of [aacsla.com] IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, and Warner Brothers. Granted that huge corporations like those can afford to throw tons of money and resources at a project like AACS, but the bottom line is that it probably cost a pretty penny. Consider the person-hours involved in just high level meetings among all those companies to hash out the AACS
Server Bombed (Score:5, Informative)
The next generation of optical disc technology holds the promise to change the way we interact with and store digital media. Perhaps the most exciting change is the arrival of High Definition (HD) video, with its glorious 1920x1080 pixel resolution. It's a quantum leap forward in terms of watching digital content, as its vast resolution reveals a quality never seen before in such fine detail.
Because of the rapid escalation of digital file-sharing - especially of video files - Hollywood has been working around the clock to protect HD content. This is especially relevant for one of its primary delivery mechanisms - HD DVD and Blu-Ray discs. These next generation discs, with capacities of 30 gigabytes and 50 gigabytes respectively, have their content protected with an array of DRM (Digital Rights Management.) Both are protected with a scheme called AACS, or Advanced Access Content System. This DRM is a great leap forward compared to the weak CSS, or Content Scrambling System, that currently "protects" DVDs. Thanks to Fox, Blu-Ray has an additional layer of protection, called BD+, although most discs have yet to support this protection.
Although Hollywood has constructed enough DRM architecture to rival the Pyramid of Giza, it has long been suspected that it would be only a matter of time before HD DVD and Blu-Ray content protection were compromised. Convinced the golden DRM egg had been laid, it seemed that nothing could penetrate the great AACS wall. And to this day, that great wall still stands.
But why crash through the main gates of Constantinople when you can just pick the lock of a long forgotten rear entrance?
On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection - not the copy protection - of HD DVD. Additionally, he made available an open source program named BackupHDDDVD. At the time, this program was a command line program that bypassed the content protection - providing the individual successfully obtained the title and volume keys associated with the HD DVD. Once the individual has the keys, the AACS protection can be sidestepped, and the HD movie content can be extracted. According to muslix64, it took all of eight days to successfully circumvent HD DVD content protection.
Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.
The mainstream media tends to have many labels for you, i.e. hacker, cracker, pirate, etc., in response to your efforts. What would you call yourself and what would you label your efforts?
I'm just an upset customer. My efforts can be called "fair use enforcement"!
What motivated you to help circumvent the content protection scheme associated with HD DVD and Blu-Ray?
With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad...
After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.
Explain how decrypting the device and volume keys are critical to your success. Could you explain the difference between the two?
The device keys, are the keys associated to the player.
The volume key, is the key associated to the movie.
I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them. Having the volume key means that you can decrypt ti
Quantum Leap again...... (Score:2)
AACS Easier to Crack Than CSS (Score:5, Funny)
Re:AACS Easier to Crack Than CSS (Score:5, Informative)
Re:AACS Easier to Crack Than CSS (Score:5, Interesting)
So, like the author said, you don't attack it you go around it. Obviously if the movie is being played back at some point things are being decrypted and you can get your hands on that key. That's precisely what he does. The player uses its key to decrypt the key that the volume is encrypted with. He then nabs that key and uses it to decrypt the volume.
Re:AACS Easier to Crack Than CSS (Score:5, Insightful)
Re: (Score:2)
Don't attack the crypto... (Score:2)
Like they say: you don't attack the cryptography. You attack how it's used.
Re: (Score:2)
No matter how you slice it, all DRM can be cracked because the user's computer, at some point, has the encryption key in memory. That is, until
Re: (Score:2)
Funny, that's what's being worked on right now buy guys over at the Doom9 Forum; although, at the moment, you do still have to have a (broken) HD-DVD player to grab the Vuk from memory.
Re:AACS Easier to Crack Than CSS (Score:5, Insightful)
With AACS they "learned" something and used much beefier encryption, and mutable keys...Which makes the keys vulnerable. Some bright boy notices this, breaks the weak security on the keys, and voila! The system, while not broken, is seriously compromised.
It's all pointless though. The companies pushing the DRM have far fewer resources than the people who want to view the content, and the content itself cannot be truly secured because it's meant to be viewed! So they're just throwing away money, and, as Muselix64 himself cogently pointed out in the "interview", the turnaround for fixes from the companies is so long, that there is effectively no way they can stay ahead of the crackers.
Re: (Score:3, Funny)
Obligatory Star Trek quote:
"The more they overthink the plumbing, the easier it is to stop up the drain."
--Chief Engineer Montgomery Scott, Star Trak III
Re: (Score:2)
Like a dog chasing it's own tail (Score:5, Insightful)
Worst interview ever? (Score:4, Insightful)
It seems the interviewer knows _NOTHING_ about the subject:
You can play an unencrypted movie wherever you want; an update of the encryption-scheme will not magicalle re-encrypt the movie. DUH!
An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.
Re:Worst interview ever? (Score:5, Informative)
An unprotected movie does not require HDCP; HDCP has _NOTHING_ to do with this.
I don't think you read these questions the same way muslix64 did. You are incorrect, because the content industry could force future versions of PowerDVD to automatically downgrade the video quality of any unencrypted video it played. This would be a "Hollywood counterattack" that does not re-encrypt the video like you assumed. Likewise, because an unprotected movie does not require HDCP, Microsoft could force all video played on its operating system to be downgraded unless HDCP is enabled.
I know, neither PowerDVD nor Microsoft would ever actually do this. Even if they did, there are alternative open-source players, and alternative open-source operating systems, to which these changes would never be made. This is exactly what muslix64 says when he replies "Or you can use open-source player, like VideoLan, if a player like PowerDVD become more restrictive about playing decrypted movies."
Re: (Score:2)
While I agree with your post, it would be possible for watermarks to be inserted into the movie. The player could then detect these, and refuse to play it.
Then you'd have to use VLC to play it
however, if the watermark was detected at a lower level (maybe a post-Vista operating system with TPM, if MS ever makes one) then that could possibly prevent even VLC playing it (in Windows).
Then you'd have to use Linux
So let me get this straight... (Score:5, Insightful)
If I understand it correctly, my output resolution will be degraded unless I buy a MPAA-approved display device?
Why would I bother upgrading from DVD if I'm not going to get any better quality?
Tip to Hollywood: Deliberately crippling technology doesn't boost sales. As far as I'm concerned, there's no point in buying into this. Why would I bother to spend a lot of money for something that won't work with my existing equipment, and likely won't work in the manner I intend to use it?
Why upgrade from DVD? (Score:2)
Devil's advocate here - don't label me pro-DRM.
If you're buying movies anyway, and the movie IS enforcing the downgrade requirement, then you won't see much difference from DVD... until you upgrade your television at some point in the future - at which time magically all the HD movies suddenly become viewabl
I love this guy... (Score:5, Insightful)
After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-Ray too.
Bless you, muslix. Now the two formats can compete as true equals where it counts: in the ease of supplementing your legitimate media collection with illegal copies of things that you "kind of like".
Let's not pretend that there is one type of pirate. There are many levels of pirate, and by far the most common type (at least in my experience) is the "pirate" who buys plenty of legitimate media, but occasionally supplements their colleciton with an illegal copy of something that they don't care enough about to pay full price for. You can see the popularity of this line of thinking by watching people paw through the "bargain bin" at any major retailer. These are the movies that no one liked enough to pay full price for, but still maange to sell. This is more of a problem, as I see it, with the uniform pricing structure of DVDs. Let's not pretend that "Batman Begins" and "Sisterhood of the Travelling Pants" are worth the same amount of money to most people. They are simply not, and should be priced differently from the get-go. Sadly the media companies instead try to rake in bucks from the "gotta have it now" super-fans crowd by artificially inflating the price; the side-effect is piracy. I would wager that the media companies gain more money then they lose by this process; the convenience of the consumer does not enter into the equation (these companies have demonstrated, repeatedly and without a doubt, that the convenience of the consumer is a very, VERY low priority to them).
Of course I am deliberately discounting bring up That Guy. You know That Guy. He is the guy with the huge collection of pirated movies for the sake of having them. To be fair, unless That Guy has a lot of friends (and usually they do not) they are no real threat to media companies. That Guy would not have purchased the movies anyway, and his collection is (to put it bluntly) a dick-measuring contest to make himself feel better anyway. Every That Guy that I have ever met has had movies of laughably bad quality in their collection; their love is not for the cinema but rather, like a dragon, they hoard the wealth for it's own sake rather than an appreciation for it. And that might be the dorkiest thing I have ever written.
Re: (Score:3, Funny)
You have to wonder... (Score:2)
When will the *IAA learn? (Score:4, Insightful)
My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.
Things like this only serve to alienate legitimate consumers who are already inclined to pay for the product. The pirates just wait for the DRM to be cracked.
Re: (Score:2)
My roommate purchased an HDTV a few years ago before the HDCP standard emerged and he recently bought a Playstation 3. He was seriously pissed when he found out he couldn't watch Blue Ray Discs at the highest resolution because his TV wasn't compatible.
Did he actually try this out? I had the impression that no current discs have the Image Constraint Token [wikipedia.org] set, so there would be no downgrading for now.
Seems like a decent guy (Score:5, Interesting)
On a different subject, this still leaves Linux (and BSD, ReactOS, Haiku etc., etc.) users in a spot of bother. I don't understand if having a movie key would allow you to watch something on the disc even without the right player software to access the HD-DVD/Blu-Ray drive, but even if you don't need special software it still looks like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future. I'd still really like to see a proper, Free Software, libdvdcss-style crack for these formats. I'd like to think it's only a matter of time...
Re: (Score:2)
Re: (Score:2)
I completely missed:
"like extraction of the movie keys can only be done with Windows software, and presumably OSX software in the future."
You are correct, you need a Windows(tm)(C)(All rights reserved) player from which to capture the key.
DRM Cracking Quiz (Score:5, Funny)
Q: What is the fastest way to crack a DRM scheme?
A: Label it as uncrackable.
Thank you, thank you. I'll be here all week. The 9:00 show is completely different from the 7:00 show. Be sure to tip your bartenders and waitresses.
Re:DRM Cracking Quiz (Score:4, Insightful)
Hmm, person X is a lawyer. She makes mid six figures and works 80 hours a week. She have a staff to handle IT issues. Her motivation to 'become a techie' is...? I, on the other hand, got sick of the fact that other people were writing the rules that controlled my industry. So I left off being a netadmin and now I'm in law school. You want the laws to be sane? Start writing them, rather than leaving that to people who don't have a clue, and don't have the slightest reason to care.
Linux HDDVD/BR Software Player (Score:4, Interesting)
Since, based on the past, none of the studios will license a key for a linux player, I propose we create a player that, as part of playback, incorporates this "crack".
To get around this, the player will prompt for the disc key before playback. Then, the disc is decrypted as playpack is performed, thereby bypassing the "Player Key".
If you use device keys, they can revoke them (Score:4, Insightful)
Which is why I will never "upgrade" to HD. When my lowdef stuff stops working, I'll simply opt out of the rat race and not buy anything. Books are still good.
I will not pour thousands of dollars into a HD system only to have some jerk in a corner office somewhere decide that my investment constitutes a risk to his profits, and be able to take it away from me without consequence, without my consent, and without buying me new geegaws. F'em. They don't generate ANY content I'd be willing to pay that much to watch.
But that's just me. Feel free to pour $BUCKs into their profiteering maws if you wish. It's your money... well, your's and mostly THEIRs, since they can decide to take it away from you.
I'm glad he's not (Score:5, Interesting)
If he was a native English speaker, he'd probably be in a country that has some sort of DMCA-type law. And he'd probably be in custody by now.
Comment removed (Score:5, Funny)
Re: (Score:2)
And how many of those 5 billion people are named muslix64?
Re: (Score:2, Funny)
-muslix64
Who would name his kid that? (Score:2, Funny)
Re:He is obviously not a native English speaker... (Score:5, Funny)
Re: (Score:3, Insightful)
Sheesh, and they make fun of his English!
Re:He is obviously not a native English speaker... (Score:4, Funny)
Re: (Score:2)
Guvf pbzzrag vf ebg39 rapelcgrq. Ol ernqvat guvf pbzzrag, lbh unir ivbyngrq gur QZPN.
Re: (Score:2)
Guvf pbzzrag vf ebg(13*a) rapelcgrq. Ol ernqvat guvf pbzzrag, lbh unir ivbyngrq gur QZPN.
Re: (Score:2, Funny)