HD-DVD and Blu-Ray Protections Fully Broken 682
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
Can this be fixed? (Score:5, Interesting)
industry's response? (Score:5, Interesting)
Now we get to see... (Score:4, Interesting)
Should be interesting...
Re:I disagree (Score:5, Interesting)
The same method used to acquire this key can be used to acquire future keys. All it takes is one determined hacker willing to rifle through his memory addresses for the key.
I do not see a terribly effective fix for this - your key has to exist somewhere, and even in a CPU register it is still in memory more often than not.
Re:I disagree (Score:1, Interesting)
Correct. And there are plenty of things that can be done to make this a lot harder. What was broken was a poor implementation of a decoder. I suspect that not only will that key be revoked, but also that player author may lose their right to future keys until they show that they have fixed this problem adequately.
This is not remotely "fully cracked". However, IF the cracker had not revealed what player was involved, and instead just provided a website for obtaining the disc keys, THEN you could call it "fully cracked", since that would provide the ability to decode without the ability to revoke. As long as the crackers feel the need to prove that they really cracked the DRM by providing all the details of how it was cracked, it can never be "fully cracked".
In hindsight, we may see that the downfall of DRM crackers is the same hubris that brought about the downfall of DRM.... *sigh*
Here we go again... (Score:5, Interesting)
And because of that, when I put my iPod shuffle through the wash I was able to replace it with a good AAC-playing MP3 phone and flip the bird to Steve Jobs. Same thing with these...I want my media in formats I can move around and use to my liking.
I'm not going to pay for the same content twice, ever. And if I can't get my content in a cracked DRM or DRM-free format, I'll just pirate it. That'll show 'em.
DRM still helps the DVD consortium (Score:4, Interesting)
Re:Now we get to see... (Score:5, Interesting)
Revoking keys would have a huge negative impact on the adoption of HD-DVD and Blue-Ray. Look at the backlash from the Sony rootkit -- that was something a lot of consumers were/are unaware of. It's harder to be unaware of the fact that your $900 dvd player no longer works, or your $2000 HDTV doesn't work. The inevitable lawsuits aren't worth it.
This is not a shock (Score:2, Interesting)
They'd have stuck with CSS, but to attract new investors they needed a "shiney new more unhackable scheme". It's impossible to implement such a scheme without complete control over all the hardware. But, in the end, the very act of protecting the content is, legally, protection enough.
The only good turnout for "us" (the consumer, fair use advocate, or even casual pirate) is if the industry decides it's not worth it to set the lock in the first place.
There was never a doubt that it'd be possible to extract the data.
arms race (Score:5, Interesting)
First, making the volume information secure, and file content, was pretty pointless because if you had strong security on it, it would be too slow to do anything useful. For the data, you could wait longer, but at the end of the day, all of it was moot because once either catalog or data is decrypted... its there. So, you decrypt on the fly, or use adaptive methods that attempt to hide information, it all leads to...
The Cost of protection geometrically increases to the linear Time to break it.
And in the end, all the protection does is buy you a little bit of time, because for every couple of guys thinking up the next best protection scheme, once it hits the world, you have 100+* the resources trying to break it.
In the end, the best protection we came up with was something everyone hates... a hardware key that imlpemented the decryption, and sell that key with the media. Economically not viable to copy, but still does nothing once unprotected.
The problem (Score:3, Interesting)
Recently, I put up a GeoCache puzzle cache. The idea was that folks would have to figure out the puzzle to find out the GPS coordinates of the cache. I was very clever and devious. I was humbled when the thing was found within 6 hours of publication.
How was it done?
To make a long story short, it was a "known plaintext attack." Since I am required to publicize a pair of coordinates somewhere within a couple miles of the cache (to make the geocache site's search engine work correctly - so that folks from New York won't solve the puzzle and get screwed when the cache is 2000 miles away), this lets attackers look for solutions that result in numbers "near" the posted coordinates.
This is what makes movie DRM untenable. Since the format of the disks is publicly known (to insure that UNencrypted disks operate correctly), attackers know that they can discard solutions after decrypting very little of the ciphertext (probably just one byte).
With sufficiently large keys, even that becomes a huge problem, but the fact that the format of the plaintext is known is still a huge advantage for the attackers.
Re:Not Really Broken (Score:5, Interesting)
Good thing Intel put in those nice debugging registers that let you dump the contents of SSE registers at arbitrary intervals (e.g. after every SSE operation by the debugged process).
Re:Now we get to see... (Score:5, Interesting)
Re:Not Really Broken (Score:3, Interesting)
Lots of media/volume/whatever keys are known.
If a new (Windows XP) player arrives, with new title keys, it's decryption function will create the same output.
All you have to do is to look for that output - and you are near the decryption function. Hiding it registers won't help, you might run Windows XP in an emulator, or you could write a kernel driver that generates an insane amount of interrupts and check from every interrupt.
The only thing that might help is to abandon the idea of
- Windows XP software players
- Windows Vista players that play the movie at all if there is a single piece of untrusted software (debugger, performance logging, whatever) or hardware (RDMA capable nic).
The whole tilt-bit and degrade quality stuff won't help - as far as I see the keys are identical, the degradation happens later.
Let's wait what happens.
Re:All DRM implementations will be broken. (Score:3, Interesting)
Presumably you don't even need access to the hardware - just emulate all the hardware (including the TPM) and you can poke around at the hardware's innards all you want then.
The end of software players? (Score:5, Interesting)
Ummm, how about no more new keys for software players. As long as there are software players it seems obvious that it will be possible to reverse engineer what they are doing to shake out the keys. But if the industry decides that SW players are too weak, they simply revoke keys for them and don't issue new ones. The end of software players and the end of the risk.
So the format wars are over :) (Score:2, Interesting)
Re:Nice. (Score:2, Interesting)
Is there *nothing* that Google can't find an answer for?
Books are very different (Score:2, Interesting)
-Prints are inferior because they are hard to bind well.
-Electronic copies don't appeal to most readers because the display is uncomfortable (though I'm fine with it.)
In the few areas of book publishing where book prices exceed the cost to print up a tolerable copy, or where the original is incovenient to buy, book piracy is common. Most university textbooks and many reference volumes are available online. You can download complete archives of many comic book series.
Piracy aside, book publishers aren't exactly doing well in our economy. What the music industry can do that the book industry has trouble with is convince millions of people they have to own *this CD*, not any other CD. What has music industry execs terrified is the fear that the children who are five years old today will have too many choices available from their PCs in seven years, and they won't enter into the teen music mentality that dominated the late 20th century and trained most adults to keep buying RIAA titles. Restricting choice through DRM or whatever else they can dream up is their only hope.
Re:Print 'em up! (Score:3, Interesting)
09 F9 11 02
9D 74 E3 5B
D8 41 56 C5
63 56 88 C0
though preferably with a font that won't confuse Ds with 0s, Bs with 8s, Es with Fs, and As with 4s due to fading. Using lowercase letters you only have confusion between bs and 6s:
09 f9 11 02
9d 74 e3 5b
d8 41 56 c5
63 56 88 c0
Then a few variant forms depending on the direction your language traditionally reads, but also allows for other glyphs with less confusion.
(Interesting that there are no As in the key.)
If the key changes, we could refer to this key (and disks encoded with it) with the shorthand FDebDCC, named for the alphabetic hexits in the key. Other keys' alphabetic contributions should be sufficiently random for reference.
Non-TPM boxes (Score:3, Interesting)
The problem will be that they stop releasing HD players for non-TPM boxes. They will simply drop support, and tell you that if you want to play HD movies, to "upgrade" your hardware to their satisfaction. The only thing that will stop them from doing so is if they realize that the customers are on to them, are specifically avoiding TPM hardware, and that there are enough of them out there that they are cutting into the bottom line in a way that significantly comprimises their long-term market position.
The record companies, for example, are taking the long view of DRM for music: they are willing to wait for the CD to become obsolete while forcing DRM on the next generation (digital distribution), even though forcing DRM on digital distribution severely hampers adoption of digital distribution. The only thing that will change their strategy is if they realize that the market will *never* go digital enough for them to not have to release their content on CD until they drop DRM.
I doubt that the market for non-TPM boxes will be "_HUGE_" enough for the MPAA to abandon their plan to require it unless every-day consumers feel the sting of DRM in their every-day use.
The best way for this to happen is for devices to proliferate the market wich take advantage of the crack-ability of CSS: players that take ripped DVDs, store and organize them, and are as simple and intuitive as Apple products: it has to be an appliance.
Re:props to Muslix64 and hackers everywhere (Score:5, Interesting)
Re:look at book publishers... (Score:4, Interesting)
Making analog copies (of a book) is time consuming and impractical.
Making digital copies of a book - like a PDF - is easy and is done all the time. Nobody buy e-books, you just download it for free. Because one person paid for it and decided (conciously or not) to eliminate the profit from any future purchases by making it available to everyone for free.
The problem with digital copies is there will always be someone that is hell-bent on destroying the ability of the original publisher to derive profit from future sales. Happens with software, happens with music and it will be happening more with movies.
Re:The end of software players? (Score:3, Interesting)
What they need is to support public key for these things. Giving a unique key to every player, and forcing people to register their players, would mean that if a player key was cracked, they'd know exactly who did it and could file the appropriate charges. This would even help accomplish a wet dream of the MPAA--true region protection. Registration could use a variety of methods to check your location and ensure that you're using the correct region in the correct country. No one would dare sell their players to overseas folks for fear of their key being compromised.
Well. It could work, in theory.
Re:All DRM implementations will be broken. (Score:5, Interesting)
Unless you change the laws of physics it is completely impossible to build a secure TPM chip. TPM is an inconvenience, nothing more, just like DRM. DRM, no matter how implemented, involves supplying the same person with:
a) the ciphertext
b) the plaintext
c) the decryption key
All of those things must be present on the user's system for DRM to work. TPM etc are merely means to try to make it hard for the user to access the key, and they never work. One way of thinking about it is: a TPM chip "hides" certain details inside a little bit of plastic. It is security through obscurity and nothing more, and so long as the chip emits any EM radiation the internal details will ultimately be inferable, although it is doubtful that going so far as reading internal bits via EM fields will be required.
But if it is, we can all take comfort in the fact that Maxwell's equations aren't just a good idea: they're the law.
Re:props to Muslix64 and hackers everywhere (Score:4, Interesting)
The contract for software players could require that players work just like Firefox... when a new version is found, they automatically and silently download it, and when the player is started the next time, they offer to seamlessly install it for the user. From what I've heard, this may be built in to all/most software players, making it relatively painless to force-upgrade software players at least.
(which would mean that hardware keys are actually more valuable to extract, so maybe that's the hacker community's next step?)
Re:All DRM implementations will be broken. (Score:2, Interesting)
Re:props to Muslix64 and hackers everywhere (Score:4, Interesting)
I wouldn't be suprised if this has already happend at least once or twice.
Re:All DRM implementations will be broken. (Score:3, Interesting)
Basicly there are many good reasons security by obscurity works when you're trying to guard off a few unique installations like military bases or valuable servers, temporary information like troop movements, covert information like recon capabilities and such. Everything from the classification system to camouflage suits is security by obscurity - you'd be just as dead in a pink bunny suit as army green if the bullet hit you wrong. Hell, even body armor probably counts because it only makes the vunerable parts more obscure to hit.
However, most of all security by obscurity isn't good to hide a system. If I see one military unit moving, it's a small piece of tactical information. If I from that could deduce how every other military unit was moving, it'd be a disaster. Particularly with computers, which you can poke and prod until you've figured out how it'd respond to almost anything. If they try to ban software players (I'd like to see them try when HTPCs, Windows Media Center and FrontRow is taking off), it'd still be picked apart because one break can decrypt every disc since the last break, it's like a jackpot that keeps growing. Right now it's reset and won't start counting again until the keys are revoked. But the higher the number of movies get, the more effort someone will put into it. Even with the most tamper-resistant TPM chip around, I think there'll always be someone...
Re:props to Muslix64 and hackers everywhere (Score:4, Interesting)