Forgot your password?
typodupeerror
Movies Media

HD-DVD and Blu-Ray Protections Fully Broken 682

Posted by Zonk
from the open-season dept.
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
This discussion has been archived. No new comments can be posted.

HD-DVD and Blu-Ray Protections Fully Broken

Comments Filter:
  • Nice. (Score:5, Funny)

    by FatSean (18753) on Tuesday February 13, 2007 @02:14PM (#18000156) Homepage Journal
    In five years, when I finally buy into HD television and content, there should be an assload of free content out there to download.

  • by Anonymous Coward on Tuesday February 13, 2007 @02:16PM (#18000184)
    The time has come to make the upgrade.
  • DVD-JON (Score:5, Funny)

    by otacon (445694) on Tuesday February 13, 2007 @02:16PM (#18000188)
    I wish Jon Johansen would have done it so he could be called HD-DVD Jon, or maybe Blu-Ray Jon.
  • drm (Score:5, Funny)

    by Anonymous Coward on Tuesday February 13, 2007 @02:16PM (#18000196)
    years to create, weeks to break- sounds about right.
  • by cpearson (809811) on Tuesday February 13, 2007 @02:17PM (#18000222) Homepage
    It puts a smile on my face knowing that a small group of unpaid media hackers are able to crack the AACS encryption scheme what tooks many developers and millions in R&D to create, in just a few short weeks.

    Vista Help Forum [vistahelpforum.com]
    • by Anonymous Coward on Tuesday February 13, 2007 @03:02PM (#18000924)
      cpearson,

      It has always been easier to destroy/crack something than to create it in the first place.

      It is not a great undertaking to break a DRM scheme. It is not comparable to cracking strong encryption (which takes lots of horse power). The basic concept of DRM is fundamentally flawed and therefore open to attack.

      DRM by its nature is both widely available and has to function on a user's local device or PC. The wide availability (unlike an encrypted message with a unique key) means the attacker has easy access both the algorithm and protected content. This mathematically greatly reduces uniqueness. One only has to setup the correct environment and observe how it functions with a legal copy. And since the DRM scheme is most likely non-unique on a copy by copy basis the affect instantly cascades. Unlike getting a randomly encrypted file you have access to the algorithm (the software) and you have access to the keys.

      The big issue in DRM is how to obfuscate your algorithm and how to keep people from getting access to the stream in the clear. Both of these tasks are next to impossible to carry out effectively.

      So anyone, even the very same "small group of unpaid media hackers" in question, would have to spend a large amount of effort trying to come up with better and better obfuscation schemes. While cracking the DRM will take far less resources, focus, or time.

      Cracking DRM is more akin to white box QA or reverse engineering.

      All that said I'm secretly glad someone stepped up and did this :-) DRM as it exists today is pointless, useless, and gets in the way of a customers fair use of something they have purchased.

      I'm willing to bet 5 years from now we will see far less DRM in use and those still using it won't be selling as much music or as many movies as those not using it.
    • by h2g2bob (948006) on Tuesday February 13, 2007 @03:18PM (#18001158) Homepage
      Sorry everybody, but it's not.

      That said, they have got a player key now, so all disks published to date can be decoded.

      Each player has its own player key, and each disk accepts any player key in its list (the player key is used to decode the volume key which decodes the film).

      With this player key, they can decode any HD-DVD which has been printed already. However, as the key has now been compromised, future disks will not accept that player key. The software will have its player key updated, but the software will be tightened in an attempt to remove this loophole.

      Take a look at the archives of http://www.freedom-to-tinker.com/ [freedom-to-tinker.com] for a detailed discussion.
      • by slim (1652) <john@nOspam.hartnup.net> on Tuesday February 13, 2007 @04:19PM (#18002220) Homepage

        However, as the key has now been compromised, future disks will not accept that player key.
        Sure they can remove the compromised player key from the acceptable list. But it remains to see whether they'll actually do it. Presumably there's a decent number of blameless consumers already using that player. What's the commercial impact of pissing them off?
      • by D3viL (814681) on Tuesday February 13, 2007 @04:21PM (#18002272)
        You would be correct, execpt what has been relesed is not the player key. In fact the player (device) key is one of the two that have not been released, the other one being the root key held by AACS LA. The key that has just been released and reusulted in this article is the processing key which can (and probably will) be changed for any disc authored after the previous key bacame known. The key difference is that the player key is linked to the specific player whereas the processing key is specific to the hddvd/blueray discs created with it and will continue to be valid for those discs even after new ones are produced with a new key. Relasesing a device key would be counterproductive as indiviual device keys can be blacklisted meaning if you had one you would have to break a new player device (hardware or software).
      • by stile99 (1004110) on Tuesday February 13, 2007 @04:39PM (#18002578)
        Informative? INFORMATIVE?

        Man, you people better hope I don't get this one on metamod (which I suppose now I've tossed out the window, but oh well).

        This is the same head-in-the-sand crap we've been hearing for months now. "It will be ROCK SOLID! No way will anyone ever break it! This is the absolute best, most secure copy protection ever! We fin...wait, what? It's broken already? DAMN!"

        It's dead. You lost. As we all have been telling you for months now. "All is not lost, we'll change the key!" Yes. You will. And in less time than it took you to change the key, and at far lesser expense...we'll get that one too.

        Face it. We're coming to your house. If you take the numbers off, we'll just go to the house with no numbers. If you take the numbers off from the neighbor's house, we'll just come to the house next to the house with no numbers.

        You. Lost.
    • by Xugumad (39311) on Tuesday February 13, 2007 @03:22PM (#18001238)
      Erm, it's a simple distributed attack. While the group that succeeded was small, the cost (in man hours) of all groups that attempted but failed must also be considered, is likely not a small number.

      I think this is a fundamental problem that the people backing DRM forget. They're massively outnumbered, and it's just a matter of making it not worth the rest of the human population's time to break their stuff. So far, not gone so well for them...
  • by MartinG (52587) on Tuesday February 13, 2007 @02:18PM (#18000226) Homepage Journal
    DRM is fundamentally broken by design. Ciphers of this kind rely on the attacker not getting hold of the key. At the same time, the recipient needs the key to get the data. I can never work because the attacker is the same person as the recipient.

    In effect, DRM is security through obscurity.

    How much longer will we have to put up with this crap before the media companies realise this and stop inconveniencing their customers and wasting our money and time as well as their own?
    • by TheSpoom (715771) * <slashdot@uberm00. n e t> on Tuesday February 13, 2007 @02:24PM (#18000304) Homepage Journal
      Indeed. These guys should have listened to Cory Doctorow when he was talking at Microsoft [uberm00.net]. Unfortunately, it seems they didn't get it either.
    • by mrsbrisby (60242) on Tuesday February 13, 2007 @02:26PM (#18000320) Homepage

      It can never work because the attacker is the same person as the recipient.
      That's why TPM is being pushed by DRM proponents: TPM means your computer no longer trusts you (its owner). It means that someone that can convince Verisign to sign their key will be able to have access to all your secrets- including the ones that you do not. It already happened. [microsoft.com]

      Forget all that jibber-jabber about whether they have a right to protect their "copyrights", or even if you have any rights to copy: they clearly cannot be trusted with your secrecy and your privacy.
      • by Tumbleweed (3706) * on Tuesday February 13, 2007 @02:41PM (#18000572)
        And the problem with TPM is that you still have access to the hardware. If you've got that and enough time and skill, TPM eventually won't matter, either.
        • by tzhuge (1031302) on Tuesday February 13, 2007 @03:06PM (#18000982)
          Hmm... the logical conclusion is the MPAA needs site security in people's homes so they can prevent access to the hardware. They're probably working on it right now. Maybe some sort of USB powered taser would work?
        • by dpilot (134227) on Tuesday February 13, 2007 @03:42PM (#18001560) Homepage Journal
          I wouldn't be quite so optimistic. The difference is that at least some of the people involved in crafting TPM know something about security, as opposed to the people doing DRM and touch-screen voting machines. There has been quite a bit of art and work involved in developing tamper-resistant chips, and at least some of the TPM implementations use this art.

          Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.

          Then again, TPM isn't bad, on it's own. It really depends on who owns the TPM. As long as I own it, it just might be good. The moment someone else owns it, then I merely pretend to own my system that has it, and that's bad. Some time ago, I picked the (M) stuff for the kernel build on my Thinkpad, and have been building them ever since. I've never used them yet, but if SOMEBODY is going to be controlling that chip, I want it to be ME.
          • by radtea (464814) on Tuesday February 13, 2007 @04:39PM (#18002574)
            Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.

            Unless you change the laws of physics it is completely impossible to build a secure TPM chip. TPM is an inconvenience, nothing more, just like DRM. DRM, no matter how implemented, involves supplying the same person with:

            a) the ciphertext
            b) the plaintext
            c) the decryption key

            All of those things must be present on the user's system for DRM to work. TPM etc are merely means to try to make it hard for the user to access the key, and they never work. One way of thinking about it is: a TPM chip "hides" certain details inside a little bit of plastic. It is security through obscurity and nothing more, and so long as the chip emits any EM radiation the internal details will ultimately be inferable, although it is doubtful that going so far as reading internal bits via EM fields will be required.

            But if it is, we can all take comfort in the fact that Maxwell's equations aren't just a good idea: they're the law.
            • by dpilot (134227) on Tuesday February 13, 2007 @05:11PM (#18003122) Homepage Journal
              It's merely a matter of making it hard enough to stop most attacks. By the time you're sniffing on-chip signals with RF, you're way past "most". By the way, on really good secure chips there's a heck of a lot more to the package than "a little bit of plastic." Some "secure chip" packages are designed to keep the chip from being de-packaged, or to at least guarantee that the chip will be "correctly" damaged in the de-packaging process.

              I don't doubt that with a complete lab and some really good hackers, a even well-designed TPM setup can eventually be compromised.

              But I'd also assert that a well-designed TPM setup is WAY beyond the resources of DVD John, the AACS crackers, and maybe even the distributed.net efforts.

              By the way, by that last token, all security is by obscurity, because you're always hiding the key, and ultimately that's a key part of what the TPM does.

              A few quick searches on TPM can strip away most of the arrogance on both sides, the "anything will fall" side as well as the "unbreakable" side. I can't substantiate it here and now, but I suspect that TPM can be good enough to defeat any software-only attack, and would really require significant hardware resources to compromise.

              But the key point in here is a general lack of confidence in the ??AA's ability to do good encryption/DRM. At the moment, they just don't have the mindset for it.
        • by bill_kress (99356) on Tuesday February 13, 2007 @03:43PM (#18001578)
          Perhaps the inclusion of TPM in later OSes, chipsets and hard-drives will spur adoption of Linux (which presumably would just not enable such garbage).

          Perhaps TPM is going to be one of the best things to ever happen to our community...
    • by spellraiser (764337) on Tuesday February 13, 2007 @02:27PM (#18000344) Journal

      Or things could go in the opposite direction. Just wait 'till they hear about one-time pads!

      Of course, that would mean that no one could watch their stuff, period, but hey - at least no one could pirate it either!

    • by DimGeo (694000) on Tuesday February 13, 2007 @02:30PM (#18000390) Homepage
      ... there are developers clever enough to lie to the media companies that this can be done, and then get paid to do it over and over again. :) I kinda like the idea :) :) :)
    • Yes, and just how obscure can a "standard" be? I have been harping on just how stupid the whole concept of DRM is, ever since Sony root-kitted everyone. Even after Gates makes all Windows boxes a "trusted system" we can just dust off the logic analyzers and hack the bios. If that does not work, vm's, and OS emulators will. There is no limit to the ingenuity of a pissed-off geek when they can't play what they just payed good money for, but only because of some arbitrary restriction embedded in the code. Just
  • Horseshoe racket (Score:4, Insightful)

    by RichardDeVries (961583) on Tuesday February 13, 2007 @02:20PM (#18000250) Journal

    Instead of spending billions on technologies that attack paying customers, the studios should be confronting that reality and figuring out how to make a living in a world where copying will get easier and easier. They're like blacksmiths meeting to figure out how to protect the horseshoe racket by sabotaging railroads.
    The railroad is coming. The tracks have been laid right through the studio gates. It's time to get out of the horseshoe business.

    Exactly.
  • I disagree (Score:5, Insightful)

    by TheSHAD0W (258774) on Tuesday February 13, 2007 @02:22PM (#18000266) Homepage
    After reading through the article I must conclude that while the author has made decoding current discs easier, AACS has NOT been "fully cracked". The key embedded in the current software may be expired in the future, rendering this method useless for discs produced after that expiration.

    I'm not saying that this isn't a nice event, but we have further work to do.
    • Re:I disagree (Score:5, Interesting)

      by p0tat03 (985078) on Tuesday February 13, 2007 @02:33PM (#18000430)

      The same method used to acquire this key can be used to acquire future keys. All it takes is one determined hacker willing to rifle through his memory addresses for the key.

      I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not.

      • by guidryp (702488) on Tuesday February 13, 2007 @03:22PM (#18001226)
        "I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not."

        Ummm, how about no more new keys for software players. As long as there are software players it seems obvious that it will be possible to reverse engineer what they are doing to shake out the keys. But if the industry decides that SW players are too weak, they simply revoke keys for them and don't issue new ones. The end of software players and the end of the risk.
    • by suv4x4 (956391) on Tuesday February 13, 2007 @02:36PM (#18000488)
      After reading through the article I must conclude that while the author has made decoding current discs easier, AACS has NOT been "fully cracked". The key embedded in the current software may be expired in the future, rendering this method useless for discs produced after that expiration.

      In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?

      Don't forget: the people who buy those already had to put up with paying premium for a HDTV, expensive players, and also make sure the TV, cable and player play together through HDMI.

      If you start demanding they are hooked non-stop to Internet so they can receive the daily patches, it may just be the thing crossing the line of tolerance.

      Also: the hard part is retrieving keys from pure hardware. The new keys come as firmware updates over the network.. it's even easier to update those HD-DVD/BlueRay rippers. After all, you have even the keys they encrypted the patches with: you have the player, don't you.

      All in all, the "super morphing update" ability of AACS seems more like a way for the AACS developers to claim "the war it's not over", when it effectively is over.

      Companies will refuse to use the new keys for their disks, since they will be incompatible with plenty of the players out there, the AACS creators will whine a bit about how "they could fix it but they don't wanna, not our fault", and this is where it'll end.
      • by FireFury03 (653718) <slashdot&nexusuk,org> on Tuesday February 13, 2007 @03:15PM (#18001116) Homepage
        In theory yes, but how easy do you believe it is to update all those specialized video players, all offline?

        You don't need the hardware to be networked in order to do key revokation - all the current discs continue to work just fine, but future discs will be encoded so they cannot be decoded with this key (this is the basis of AACS key revokation).

        This is definately not "fully broken" - fully broken is when I can use the crack indefinately *without* having to get a new player and extract a key from it every so often. i.e. it involves finding a flaw in the algorithm that allows you to decode the disc without needing to extract any data from a legitimate player to do so.
  • Too funny... (Score:5, Insightful)

    by esarjeant (100503) on Tuesday February 13, 2007 @02:23PM (#18000274) Homepage
    When will the media industry learn that DRM strategies simply don't work?

    As soon as you can see or hear it, it is then possible to duplicate it. No amount of copy protection will ever be able to prevent that short of preventing consumers from accessing the material altogether.

    Learn to trust your consumers a little and focus on adding value to the material, and then people will buy your content. It might also help to provide some flexibility in the content licensing model, maybe giving people the option to upgrade DVD discs to HD-DVD for the same content may encourage them to continue buying media.
  • Can this be fixed? (Score:5, Interesting)

    by CastrTroy (595695) on Tuesday February 13, 2007 @02:24PM (#18000286) Homepage
    Can this be fixed by revoking a player key? Or is this a more extensive breach like what happened with DECSS? Will this work on all future discs, or does it just work on the discs that are currently being produced?
  • Doom9's Forum (Score:5, Informative)

    by yanos (633109) <yannos@gmail.STRAWcom minus berry> on Tuesday February 13, 2007 @02:24PM (#18000294)
    It all starts here: http://forum.doom9.org/showthread.php?t=121866&pag e=6 [doom9.org]

    Later posts seem to confirm that it works for both BR and HD-DVD
  • industry's response? (Score:5, Interesting)

    by bcrowell (177657) on Tuesday February 13, 2007 @02:24PM (#18000298) Homepage
    So what is the industry's response to all this? Can they deal with the problem without breaking every DVD player in existence? Is the encryption completely symmetric? Can they start releasing DVDs with new keys, without creating a situation where some DVD players can read old dics, and others can read new ones? Are different keys used in Europe, U.S., etc.?
  • Now we get to see... (Score:4, Interesting)

    by ameline (771895) <.ian.ameline. .at. .gmail.com.> on Tuesday February 13, 2007 @02:24PM (#18000302) Homepage Journal
    Now we get to see how effective the key revocation system (that forms part of aacs) is going to be.

    Should be interesting...

    • by awkScooby (741257) on Tuesday February 13, 2007 @02:44PM (#18000642)
      They won't do it. Their bluff has been called.

      Revoking keys would have a huge negative impact on the adoption of HD-DVD and Blue-Ray. Look at the backlash from the Sony rootkit -- that was something a lot of consumers were/are unaware of. It's harder to be unaware of the fact that your $900 dvd player no longer works, or your $2000 HDTV doesn't work. The inevitable lawsuits aren't worth it.

  • by sehlat (180760) on Tuesday February 13, 2007 @02:25PM (#18000312)
    I've said before, "safemaker, safebreaker."

    Hollywood gets ONE move in the game: "Protecting" the content.

    The rest of the world gets as many moves as it wants to get around the ConsumerRightsArentPermitted.

    So Hollywood does everything it can to make itself hated by its customers and still expects to WIN this game?
  • Released Too Early (Score:5, Insightful)

    by MrSteveSD (801820) on Tuesday February 13, 2007 @02:28PM (#18000348)
    I think they've made a mistake by breaking it too early. They should have waited until it was much more widespread. Then again, I would imagine it is psychologically virtually impossible to sit on a "breakthrough" like that.
    • by zappepcs (820751) on Tuesday February 13, 2007 @02:44PM (#18000638) Journal
      Wrong! Break the DRM, Break it early, and break it often. DRM is dead, in fact it was stillborn. The foundational thinking behind DRM (or CRAP if you like) was so 'not right' that it's 'not even wrong' and it isn't getting any better. The more often the *AAs have to fight back with new DRM the more likely it is that we will see who in the governments is getting paid to support DRM, and then we will really have a target to ridicule, impeach, or tar and feather.

      The premise that all consumers are criminals is criminal in and of itself. Bear with me here. It defies logic and law to (analogy time) remove guns from citizens to prevent them from shooting people. It defies logic and good business sense to make .38 bullets that can only be used in guns made by one manufacturer. It defies the intent of the framers of the law in the US to presume that you are guilty until proven so, yet this is exactly what DRM is all about, the assumption that all consumers are guilty or would be if given even half a chance.

      Besides this, governments should not be propping up business models that are antiquated and broken. Desktop publishing put typesetters out of work, did the governments do anything? Trains put buggy makers out of work, did the governments do anything? That is only naming a couple of examples, but the governments seem hell bent on protecting certain industries. I can only conclude that those same governments are being well paid by those industries, for that is the only logical motivation for such infringements on citizen's liberties and rights.

      Now that AACS is cracked, time to follow the money and figure out who is getting paid and expose them as broadly as the DRM keys are exposed.
  • by gEvil (beta) (945888) on Tuesday February 13, 2007 @02:31PM (#18000404)
    from the open-season dept.

    Of all the movies to pirate, why'd Zonk have to choose that one?!?
  • by sco_robinso (749990) on Tuesday February 13, 2007 @02:32PM (#18000418)
    ...As most people know is that you're trying to copy protect an inherently open media format. Even in theory it's very difficult to copy protect media in a widely open, public format.

    Until vastly different technology is available 20 or 30 years down the road, all that DRM is going to amount to doing is preventing the 'average joe' from copying en-mass. They just have to make it difficult enough for the casual user to be deterred from copying the content. Look at the copy protection scheme on the iPod - it's basically useless, but it prevents grandma from copying bulk amounts on content. It's like how photocopiers are not a danger to printed media, as it's just 'too' difficult to walk up to a copier and copy things on mass. The industry just has to make it hard enough to deter joe user.

    The real problem for the recording industry comes in when now people are getting more and more saavy at copying content, and it's becoming more and more common place, and digital media sharing is now common place and digital media is now common place in the living room now. 10 years ago MP3's were just making there way on the scene and basically only very saavy users knew what an MP3 was, let alone what to do with it. What happens when 10 years from now mobile HD video players are just as common as MP3 players, and your average iPod video has a half a TB of flash storage? Copying (High-Def) DVD's at that point will be common place like MP3's are relatively common place now.
  • The Funny Thing (Score:4, Insightful)

    by s31523 (926314) on Tuesday February 13, 2007 @02:32PM (#18000420)
    It's funny, the whole DRM thing really seemed to come on strong after Napster was busted. In an effort to thwart the hackers and file sharing people this DRM thing kicked into high gear, yet these groups of people are probably the most savvy and creative buggers out there. The only people this DRM crap will ultimately hurt is the record/movie companies because the average Joe will just get frustrated when his new $40 HD-DVD doesn't play and gives an error of "unauthorized copy" or some crap and go off and not buy stuff any more. The hackers, I am sure, welcome the challenge and probably truly enjoy this cat and mouse game.
  • In response (Score:5, Funny)

    by physicsboy500 (645835) on Tuesday February 13, 2007 @02:34PM (#18000446)

    New DRM protection methods are now in the works which were cracked last week.

  • Not Really Broken (Score:5, Informative)

    by Jah-Wren Ryel (80510) on Tuesday February 13, 2007 @02:34PM (#18000448)
    The guy just pulled the device keys for windvd and/or powerdvd from system memory. People have already been pulling the volume keys from memory so this was just an incremental step. The keys will be revoked (which really means that future discs will not include support for the compromised device keys, there is no actual 'taking back' of the keys as the word 'revoke' tends to imply).

    One key thing to take away from this is that the authors of the software made it really easy to pull the device keys out of memory for two reasons
    1. They kept them in variables that were physically near the variables for the volume key
    2. They zero-ed them out after use, leaving big gaping holes of zeros in memory in a place where that kind of looked funny, drawing attention to those areas
    If they are smart (and if the MPAA even give them another chance), the powerdvd/windvd authors will reimplement their AACS decryption code to never store the keys in memory. Without double-checking, I believe the keys are only 128 bits, they could be loaded into the SSE registers in encrypted form and then decrypted on chip. The authors will still need to take measures to prevent an OS context switch from storing the registers in kernel-private memory during the period in which the device keys are present, but that is not an extended period of time, presumably they can kick their priority up high enough that it won't happen without hurting the system much.

    Even that approach isn't hack-proof, but it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.
    • Re: (Score:3, Insightful)

      by spikedvodka (188722)

      Even that approach isn't hack-proof, but it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.
      Not really... If you set up a VM, you can pretty much watch the registers. besides, that data has to exist somewhere in some form to get into the register
    • Re:Not Really Broken (Score:5, Interesting)

      by TheRaven64 (641858) on Tuesday February 13, 2007 @02:58PM (#18000848) Journal

      Without double-checking, I believe the keys are only 128 bits, they could be loaded into the SSE registers in encrypted form and then decrypted on chip

      Good thing Intel put in those nice debugging registers that let you dump the contents of SSE registers at arbitrary intervals (e.g. after every SSE operation by the debugged process).

    • by badasscat (563442) <basscadet75&yahoo,com> on Tuesday February 13, 2007 @02:59PM (#18000878)
      If they are smart (and if the MPAA even give them another chance), the powerdvd/windvd authors will reimplement their AACS decryption code to never store the keys in memory. Without double-checking, I believe the keys are only 128 bits, they could be loaded into the SSE registers in encrypted form and then decrypted on chip. The authors will still need to take measures to prevent an OS context switch from storing the registers in kernel-private memory during the period in which the device keys are present, but that is not an extended period of time, presumably they can kick their priority up high enough that it won't happen without hurting the system much.

      And the solution the Doom9 guys will use to defeat this?

      Don't upgrade to the new PowerDVD.

      The cat's out of the bag. You can't put it back in now. The new key will be discovered even more easily than the old key, so there's no point even bothering with a key revocation.

      Your solution may make some future DRM scheme for a new media format a little more secure, but it's effectively over for AACS.
    • Re:Not Really Broken (Score:5, Informative)

      by plalonde2 (527372) on Tuesday February 13, 2007 @03:09PM (#18001012)
      it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.

      You've clearly never worked with a good hardware-assisted debugger. And virtualization makes this scenario possible without debugger hardware support.

      Even more, no matter what, the key has to make its way from the device to the CPU register. On every modern machine that transaction goes through memory. Which means that brute-force tracing from the device to the registers should be able to find it. Not necessarily easily, but quite doable.

      DRM is dead. Let's bury it.

  • joke is on us (Score:5, Insightful)

    by circletimessquare (444983) <circletimessquare&gmail,com> on Tuesday February 13, 2007 @02:34PM (#18000450) Homepage Journal
    yes, we're all laughing because this outcome was obvious to the slashdot crowd years ago. however, the people really laughing are the blokes who sell this drm technology to the MPAA/ RIAA

    why laugh at them when you can steal their money?

    we need a committee of slashdot readers to compile a list of buzzwords and concerns of the RIAA/ MPAA, and then sell them some technovoodoo that doesn't protect them in any way whatsoever (nothing can, obviously), but continues the RIAA's/ MPAA's illusion that drm can or ever will work

    give them their false security blanket, steal their money outright, and then continue to rip them off and drive into extinction the antiquated notion of corporate media distribution channel ownership

    they need us, we don't need them. make that point explicit by bleeding them dry via all possible avenues

    win win! idiots
  • by Churla (936633) on Tuesday February 13, 2007 @02:35PM (#18000464)
    People still buy books, including audio books and eBooks, even though photocopier exist.

    I think the recording and motion picture industries need to look at why, and follow that lead. Instead of millions in copy protection R&D, why not spend millions to improve the product? Make the product something people liked owning. (Notice how libophiles obsess over the actual tangible book?).

    The one really viable way to control it would be to mandate that all players have an internet connection and it verify the purchaser has rights to the media before playing it. Of course if people have good high speed connections to the internet there's no reason to buy the physical media, which they recording and motion picture industries simply can't abide with.
    • by AJWM (19027) on Tuesday February 13, 2007 @04:02PM (#18001946) Homepage
      And one of the big publishers of e-books, Baen Books, not only doesn't bother with DRM, they make the content available in multiple formats, and even offer entire ebooks free (see the Baen Free Library [baen.com].) They occasionally put out a CD full of big name SF and fantasy books, and encourage copying (just don't charge money for it). Anything to get folks hooked ;-)

      The authors involved agree that this helps get their names out and generates demand for paper copies and paid-for e-copies of their work. The reduced overhead of e-publishing compared to paper publishing more than covers any "piracy", I guess. The "Baen's Universe" e-magazine pays the authors better rates than the current paper magazines (Asimov's, Analog, etc) do. (Don't know about the book payment side. I hope to find out first hand at some point ;-)
    • by cdrguru (88047) on Tuesday February 13, 2007 @04:34PM (#18002470) Homepage
      The problem is you are confusing analog with digital.

      Making analog copies (of a book) is time consuming and impractical.

      Making digital copies of a book - like a PDF - is easy and is done all the time. Nobody buy e-books, you just download it for free. Because one person paid for it and decided (conciously or not) to eliminate the profit from any future purchases by making it available to everyone for free.

      The problem with digital copies is there will always be someone that is hell-bent on destroying the ability of the original publisher to derive profit from future sales. Happens with software, happens with music and it will be happening more with movies.
  • Here we go again... (Score:5, Interesting)

    by Synesthesiatic (679680) on Tuesday February 13, 2007 @02:36PM (#18000490) Homepage
    Just like when the iTunes DRM was cracked, I might actually consider buying in these formats now.

    And because of that, when I put my iPod shuffle through the wash I was able to replace it with a good AAC-playing MP3 phone and flip the bird to Steve Jobs. Same thing with these...I want my media in formats I can move around and use to my liking.

    I'm not going to pay for the same content twice, ever. And if I can't get my content in a cracked DRM or DRM-free format, I'll just pirate it. That'll show 'em.

  • Success! (Score:5, Funny)

    by FreakinSyco (873416) on Tuesday February 13, 2007 @02:36PM (#18000500)
    The format war is over! We win!
  • by u19925 (613350) on Tuesday February 13, 2007 @02:42PM (#18000596)
    Steve Jobs mentioned that iTunes DRM cannot be shared with others since sharing would compromise the integrity of DRM. The DVD DRM was cracked and now the HD-DVD and Blu-Ray are cracked as well. This doesn't mean that DRM is not helping. Even though, the DRMs are cracked, the DMCA protects these cracked DRM systems and prevents commercial products from taking advantage of the cracks. Without the DRMs (even the broken ones) and DMCA, there would have been cheap legal DVD duplicators in the market.
  • Books (Score:4, Insightful)

    by ragtoplvr (1023649) on Tuesday February 13, 2007 @02:50PM (#18000728)
    We have the ability to copy books. Why do we not do that? Because books are cheap enough that it does not pay. Authors can still make a pile of money. Every other industry has went thru this phase. Content has to get less expensive, executives have to be reduced in number, pay cuts happen, then the industry can grow again. Resorting to DRM in any form, will be unsuccessful because, technology will overcome. The first company to recognize this, restructure appropriately, price appropriately, will win. Same as with book, computers, cars, even washing machines. My .02 Rod
  • arms race (Score:5, Interesting)

    by micromuncher (171881) on Tuesday February 13, 2007 @02:52PM (#18000752) Homepage
    Once upon a time I worked at a company encrypting CDs for digital data. This was over ten years ago... We too had a staged security, weak protection on key store, stronger protection on packages and data. We knew that the cost involved in high security was too high, from a functional and complexity cost POV.

    First, making the volume information secure, and file content, was pretty pointless because if you had strong security on it, it would be too slow to do anything useful. For the data, you could wait longer, but at the end of the day, all of it was moot because once either catalog or data is decrypted... its there. So, you decrypt on the fly, or use adaptive methods that attempt to hide information, it all leads to...

    The Cost of protection geometrically increases to the linear Time to break it.

    And in the end, all the protection does is buy you a little bit of time, because for every couple of guys thinking up the next best protection scheme, once it hits the world, you have 100+* the resources trying to break it.

    In the end, the best protection we came up with was something everyone hates... a hardware key that imlpemented the decryption, and sell that key with the media. Economically not viable to copy, but still does nothing once unprotected.
  • by creativeHavoc (1052138) on Tuesday February 13, 2007 @03:17PM (#18001146) Homepage
    Web Developers and Web Content-Maker-Guys YEARS ago gave the "no right click" a try. We quickly learned that if some one wants the content off the web site, they will get it, so there is no use in trying to introduce barriers that only hurt the casual user. You don't see "no-right-click" scripts anymore, but we are still producing tons of content for the web. Much of it copyrighted, and mostly the copyright honored.

    I can't help but see this as a parent who is all too restrictive with thier child, leading the child into endless rebelion that would have been avoided if moderation was used instead of a billy club.
  • by Dunbal (464142) on Tuesday February 13, 2007 @03:26PM (#18001300)
    Now it's time to print up all those T-Shirts with the Processing Key:

    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0...

    Available for just $19.95 ;)
  • by Harik (4023) <Harik@chaos.ao.net> on Tuesday February 13, 2007 @05:09PM (#18003090)
    AACS/CSS/Security through telling people "don't do that" is trivial to implement, for as good as you can possibly get it (fundamental flaw in the design) and they STILL managed to fuck it up.

    Basic concept: Encrypt a disk with a key that only the player has. If the player key is compromised, all disks are cracked.

    "fix" #1: Encrypt the disk content a random key, encrypt that disk thousands of times with a library of pre-generated keys. Assign each player a key, quit putting that key on the disk when it's found to be compromised. Of course, you now have to re-encrypt thousands of keys for every title released, leading to possible exposure of the master database.

    "fix the fix": Randomly create a single "production key", encrypt it with every player key, and give the 'blob' to every HD-DVD production facility. Now exposure is limited to one key that can be changed without exposing the master keylist.

    Except someone was terminally lazy, and only did it ONCE. So EVERYONE USES THE SAME PRODUCTION KEY. Way to go! If you gave each studio their own, then compromises would be limited to a single studio's works (that were produced before the key was changed).

    Worse, you introduce an attack vector to your management that effectively hides it's origin. Any hardware or software player could be compromised, or you could have an inside leak of the key. As long as the exploiter doesn't say "I got this key from Sony's HD-501 player" you have no idea how they aquired it. Basically, they completely and utterly shat on the key-revocation scheme, with no possible solution.

    Whoops.

    Dear MPAA: Please contact me before starting your next hairbrained content protection scheme. You can pay me millions rather then billions and I'll give you one that's not so embarassingly horrible. I'm no cryptogropher, but goddamn, it's not like you hired any security people for anything you've done yet anyway.

The economy depends about as much on economists as the weather does on weather forecasters. -- Jean-Paul Kauffmann

Working...