Forgot your password?
typodupeerror
Movies Media Technology

DVD Security Group Says It Has Fixed AACS Flaws 388

Posted by Zonk
from the harder-boiled-egg dept.
SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."
This discussion has been archived. No new comments can be posted.

DVD Security Group Says It Has Fixed AACS Flaws

Comments Filter:
  • i'm not so sure... (Score:5, Insightful)

    by User 956 (568564) on Tuesday April 10, 2007 @11:59PM (#18685481) Homepage
    Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection.

    Do they not understand, that if you can view it, you can copy it?

    On the other hand, maybe they do understand, and HD-DVD/Blu-Ray 2.0 will offer only un-viewable content. Step 3, profit!
    • Re: (Score:2, Funny)

      Enhanced optical deflection impairment copy protection technology (read: pre-scratched).
    • by Anonymous Coward on Wednesday April 11, 2007 @02:49AM (#18686161)
      Look, they're running a business, so they're not aiming for perfection, just profit. The protection is supposed to keep your neighbor from putting a HD-DVD and a blank into a computer and getting a perfect copy half an hour later. It is not supposed to keep a group of Chinese from remastering the disc with professional equipment. The industry can deal with professional piracy in different ways because that kind of piracy has to move big numbers of copies. The industry can not come to your neighbor and check that he legally owns all his HD-DVDs, so they make it inconvenient for him to create illegal copies. There are enough keys that they can keep revoking them until kingdom come without running out of keys. Hackers can probably get the new keys after a short while, but everybody who wants to make copies has to get updated illegal circumvention software everytime the keys are changed, which is impractical if you just want to make a quick copy of a rented or borrowed disc. People in the real world value their time, so you only have to make the time cost of copying high enough to make the legal offering more attractive.
      • by EvilGrin666 (457869) on Wednesday April 11, 2007 @03:56AM (#18686437) Homepage
        I don't see how flashing my HD-DVD drive firmware because its key got revoked is any less onerous than downloading the latest crack from a random P2P network.

        Besides we've been here before with DVD region encoding. Everyone got fed up and bought cheap region free DVD players as soon as the Chinese figured out there was a market for them.
      • Re: (Score:3, Insightful)

        by Aladrin (926209)
        "The protection is supposed to keep your neighbor from putting a HD-DVD and a blank into a computer and getting a perfect copy half an hour later."

        They were already there. So why do they keep working on it? The answer is simple: That's not the goal.

        Seriously. You think my neighbor (or any of my family for that matter) could extract a volume key? I would need detailed instructions to do it. No, this already offers the minimal piracy protection that you think is the goal. And nothing short of 100% fool
        • by cheekyboy (598084) on Wednesday April 11, 2007 @06:18AM (#18687025) Homepage Journal
          Someone just has to write a ps3 cell code to do the key guessing just like folding@home, 100,000 pirates, and whammo, it would be cracked really fast , maybe 24hrs. Ironically, that the device player to
          make bluray popular could be used to actually crack the keys the fastest.
          • by Chandon Seldon (43083) on Wednesday April 11, 2007 @01:02PM (#18692311) Homepage

            It's really important that everyone understand that AACS copy protection cannot be brute forced. They're using AES for the actual encryption - if someone wrote a program that could crack that directly the news would be a lot more significant than "DVD copy protection hacked".

            Given that AES won't be cracked, any attack on AACS copy protection must be a key recovery attack. Luckily, key recovery attacks aren't that hard when you get a key with every player you buy. But... the fact that cracking AES is hard means that reading HD-DVD/BluRay disks may become completely impossible when players are no longer available.

            Hacking something together to read a Beta tape is possible. Annoying. It might cost tens of thousands of dollars to build. But it's possible - it's just analog magnetic patterns on a tape. Reading an HD-DVD without a HD-DVD player won't be possible. That'll be a serious issue for historians in the future, if people don't leave enough pirated DVD-R's around with the unencrypted content on them.

      • by Technician (215283) on Wednesday April 11, 2007 @08:30AM (#18688087)
        so you only have to make the time cost of copying high enough to make the legal offering more attractive.

        Unfortunately, high prices and the lack of working copies/backups makes the legal offerings un-attractive for many. I have kids. I have cases that used to contain working DVD's. Lack of backups is a problem. I'm moving to a Linux Media Center PC. This new format is incompatible. A media server is a much better solution for most families than a shelf of out of order/broken/lost DVD's. The inability to make a backup/working copy is a crime. DVD's in the home make as much sense as a CD player tethered to your iPod instead of a hard drive. Kids don't take CD cases to school anymore. They know they get stolen, lost, broken, etc. They rip the CD's at home and load them on their iPod with the originals safely stored away.

        SONY Dreamworks doesn't get it. I bought Open Season. It has some copy protection on it besides CSS. Guess which film won't be in the Media Center? Guess which brand I'm not buying in the future? Chances are that title won't be watched much simply because it's inconvienent. It's like copy protection on CD's. The kids have iPods. They rip their CD's. CD's that don't work are remembered. That artist and label get a critical review on their next release. Kids instead of buying CD's they can't use, look elsewhere such as P-P and sneakernet. Copy protection (Defective product) sends buying consumers elsewhere.

        I remember what CD's and DVD's can't be ripped and who put them out.

        Since I did buy Open Season, I will be looking for an already ripped copy or a solution to rip it myself. So far, the rip it myself solutions seem to be mostly commercial offerings.
        • Re: (Score:3, Informative)

          by Fordiman (689627)
          mencoder dvd://[title] -chapter [chapter] -ovc lavc -oac lavc -lavcopts vcodec=mpeg4:bitrate=1500:mbd=2:trell:v4mv:turbo:a codec=mp3:abitrate=192 -o "[DVD Name] - [title] - [chapter].avi"

          That will rip incorrectly most of the time; you need to do prescaling using -vf crop=w:h:x:y,scale=x:y,expand=x:y and data you can get from the stdout of mplayer dvd://[title] -chapter [chapter]

          Still, there ain't nothin' like gettin' yer hands dirtied on a command line.
      • Yeah, I used to think that ripping DVD was for folks who knew computers and were geeks. That was until I worked on a few barely computer literate people's computers and found ripping software! It gets better, while my SO was buying a DVD she'd found cheap at a grocery store the clerk running the checkout starts to tell her all about how to rent and RIP DVDs - then goes so far as to tell her it's perfectly legal! He even told her what software to use - she was pretty amused and just nodded while he went on a
    • by Bert64 (520050) <(bert) (at) (slashdot.firenzee.com)> on Wednesday April 11, 2007 @05:34AM (#18686845) Homepage
      As has been said before...
      DRM is not about stopping serious copying groups... The warez scene will still rip this media and distribute it online, and dodgy street corner vendors will always have copies for sale. These people simply wouldn't watch these movies if they couldnt get free copies.

      DRM is about preventing legitimate users (who are willing to pay) from doing things like format shifting. The media companies want those people who buy movies anyway, to buy additional copies to play on their ipods, portable players etc, rather than converting their existing media.

      If I buy a CD, I can produce a copy for the car, i can rip it to my ipod, i can rip it onto my laptop. This is all covered by fair use in some countries. The RIAA/MPAA wants to take away our fair use rights so wring more money out of people...

      If they openly admitted the purpose of DRM was to remove people's fair use rights and get more money out of legitimate buyers, there would be public outcry and they'd be taken to court. So instead, they try to claim it's to prevent organised piracy.

      The constant cracking of their protection schemes just proves that it doesn't stop piracy _AT ALL_.. If preventing piracy was the true reason for DRM, they would have abandoned DRM years ago, as it's costing them a lot of money to develop while doing nothing to stop piracy.
  • Give it time... (Score:4, Insightful)

    by Anonymous Coward on Wednesday April 11, 2007 @12:00AM (#18685489)
    and it will join the ranks of every other DRM mechanism devised.
  • Serious Question (Score:3, Interesting)

    by Anonymous Coward on Wednesday April 11, 2007 @12:02AM (#18685495)
    "Corel has told users of its software that failure to download the free patch will disable the ability to play high-def DVDs."

    Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?
  • by EmbeddedJanitor (597831) on Wednesday April 11, 2007 @12:04AM (#18685503)
    so don't even bother to try hack it. Please don't, please, please, pleaaaaaaaaaaaaaaaaaase.

    They really want this to be perceived as tight to sign up content providers.

  • by Tragek (772040) on Wednesday April 11, 2007 @12:04AM (#18685507) Journal

    "AACS is a high-profile technology and is protecting high-profile content, so we fully expect there will be future attempts," Ayers said.

    How about future successes [engadget.com]?
    • by Anonymous Coward on Wednesday April 11, 2007 @02:10AM (#18686033)
      You are entirely right. The volume key hack is pretty solid. In fact, if the Microsoft HD-DVD player were to be revoked and require a firmware patch to the existing runs of drives to play new discs, it really wouldn't make any difference at all. See the thing is, now that it is understood how to bypass AACS through the volume key, AACS could in fact keep revoking keys until they're blue in the face, but the process of extracting the volume key is already known, so it makes no difference.

      Also, let me point out, I haven't read the code in its' entirety yet, but if I understand correctly, the volume key crack should actually be immune to key revokation, based on my understanding of AACS, key revokation should only effect device ids and once a method of extracting a volume ID is known, the revokation mechanism just no longer matters.

      Of course, I'd also like to point out what others have already said. If a program exists that can read the data and decrypt it, then it's 100% obvious that the program can be reverse engineered. This is not an opinion, it's fact. I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

      bypassing hardware dongles requires that you reverse engineer the driver to the dongle, this is just plain easy, all you need to do is find a disassembler that can handle the format, or if it's a kernel mode driver, then you just use a kernel mode debugger... not an issue. when you locate where the driver is being attached to from the program itself, then you just emulate the hooks. Even the most advanced dongles are easy to hack this way.

      FlexLM... well... come on... this one is just so easy it's not worth talking about

      Trial Periods... they can vary... depends on how obscure people want to make the code. But for the most part, they're not that hard. For example, I found a function reference in a DLL on PcAnyware (don't remember the version) called "TimeBomb()" which returned a boolean value. Not really that hard huh?

      As for HD-DVD and BluRay... if all else fails, run the player (really really slow) through an emulator like QEmu and trap all IDE calls. Log the previous 1000 instructions run before the hook and then log until the first picture comes up. Then just review the log and read the source code left in the log. Hardest part is making it pretty enough to read... but if it means that much to you... well no problem.

      - So... in brief... copyprotection is just a joke... laugh at it!
      • by Technician (215283) on Wednesday April 11, 2007 @08:48AM (#18688315)
        I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

        I instead of pirating and cracking, took the other road. I voted. Anything that required a hardware dongle is and always had been rejected. The new tack is using your hardware as a dongle with online activation. This is also rejected.

        It is the primary reason for my move to Ubuntu instead of Vista.

        It is the reason I did not accept the free upgrade to Light Factory. The upgrade removes the dependance on MS SQL server (hurrah), but also changed from a registration key (encoded with user name) to a single hardware online auth (boo hiss). I wrote the company and let them know why I moved to Freestyler instead. I am now moving to Q-Light a Linux console as part of my move from Windows.

        Anybody want Lightfactory starter edition?

        Vote against dongleware with your wallet. Don't pirate, use an alternative.

        What do you think is more upsetting to Microsoft? Pirating MS Office or switching to Open Office? On one they can take legal action. On the other which is more offensive to them, they can do nothing.
    • This is exactly what I was hoping would happen. With the XBOX 360 HD-DVD player cracked, what are they supposed to do? Microsoft will throw their huge weight against any suggestion of revoking the player's keys. And if those keys did get revoked, I think they would have finally gone far enough to see a serious consumer backlash.

      I'm rooting against AACS for a simple reason: I want to buy hardware, software, and media that is 100% devoted to enabling me to do as much as possible as easily as possible. I don't
      • by Znork (31774)
        "I think they would have finally gone far enough to see a serious consumer backlash."

        If you consider that the difference between SD and HD isnt that obvious to the average ordinary viewing circumstances (see the earlier article on 1080p), and if they simply display upscaled SD instead of HD content if the key is revoked, I suspect that most consumers wouldnt even notice.

        Of course, as most DVDrips arent even SD quality, I'm not exactly sure how they imagine degrading to SD is going to prevent any random copy
      • Re: (Score:3, Insightful)

        by harl (84412)

        This is exactly what I was hoping would happen. With the XBOX 360 HD-DVD player cracked, what are they supposed to do? Microsoft will throw their huge weight against any suggestion of revoking the player's keys. And if those keys did get revoked, I think they would have finally gone far enough to see a serious consumer backlash

        The backlash will range from minor to nothing. One day you will turn on your XOBX 360 and it will said there is a new update ready for the XBOX 360. It will download and install. There are no easily available patch notes when you are in front of the machine. It will have some cool new feature in the dame update like the more informative achievement notification that is already announced. The update will change the keys. The vast majority of 360 owners will never know there was a crack nor that there

  • Corporate Spin (Score:2, Insightful)

    by JonathanR (852748)
    Don't you just love the corporate spin: The AACS (Advanced Access Content System) just happens to be a mechanism to deny access to the content. The moniker certainly makes the technology appear benign to Joe Sixpack consumer.
    • and other digital restrictions only available with Vista [badvista.org]. On second thought, I'll pass.

      • Thanks! (Score:2, Funny)

        by Anonymous Coward
        > badvista.org

        That sounds like a fantastic place to receive unbiased, neutral, well-researched information about a Microsoft product. Run by the FSF, no less! WOW!!

      • by Macthorpe (960048)
        Oh look at that! It's not 'only available in Vista', it's in every commercial HD-DVD and Blu-ray player [wikipedia.org]. It also only comes in to play if the content providers turn it on. Strangely enough, unless you buy DRM content, DRM isn't an issue. Isn't it funny how that works?

        I also love how you quote a competing operating system's propaganda site as a 'reliable source'. You're getting sloppy, Twitter.
    • by Jugalator (259273)
      See also... FairPlay... PlaysForSure...
  • "Fixed Flaws"? (Score:5, Insightful)

    by ZorbaTHut (126196) on Wednesday April 11, 2007 @12:10AM (#18685533) Homepage
    If that's "fixing the flaws", then I guess whenever I fill my gas tank I'm "inventing perpetual motion".

    The flaws aren't fixed. They're just papered over slightly more aggressively. Don't worry, there'll be more flaws.
    • by Duhavid (677874)
      That "flaw" being fixed...

      How does that work for the people that purchased media that
      used the keys which are now expired....
      • by ZorbaTHut (126196)
        Well, if they already purchased it, it just works - it's not like they can modify the disc media from a distance. Those people have nothing to worry about.

        The real issue is people who purchased [i]players[/i] which used the keys which are now expired. Those people must update their players. In the case of WinDVD, that means downloading an update. In the case of the XBox360 drive that will involve downloading an update. (The XBox360 key is not yet revoked, and in theory they might not revoke it.)
        • by Duhavid (677874)

          Well, if they already purchased it, it just works - it's not like they can modify the disc media from a distance. Those people have nothing to worry about.


          Until they purchase a new player and expect to play the old
          media on it....
          • Re:"Fixed Flaws"? (Score:5, Informative)

            by ZorbaTHut (126196) on Wednesday April 11, 2007 @01:01AM (#18685735) Homepage
            No, that will work fine too. They haven't changed a global key of any kind. They've just revoked the old key for new media. All the newer keys still work fine. You can conceptually think of it as all discs supporting thousands of keys, some of which are used by players and some of which simply exist for future not-yet-constructed players to use - there's plenty of possible keys left for new players to work on old discs.

            When they revoke keys, they simply remove the old compromised keys from new discs, so players relying on those keys can't play anything.
        • What happens if a disc using the revoked keys is placed in an HD-DVD player that no longer uses those revoked keys? As you noted, the disc cannot be changed from a distance. Does it turn into a coaster as far as all future HD-DVD players are concerned?
          If so, I imagine less technical users of those discs & players will be extremely annoyed. Think of all the HDTVs that can't pick up hi-def signals because the standards changed. This'll feel like that again.
          • by ZorbaTHut (126196)
            I have just answered that same question here [slashdot.org] :)

            Summary, though: a disc can be decrypted by an entire set of keys (I don't know the actual count, but I suspect it's at least thousands) and they can be revoked one at a time on a disc-by-disc basis. They won't be adding new keys (since that creates the exact problem you've described), they'll just be revoking old compromised keys, and presumably they have enough keys ready that they don't believe they will run out.
  • by caitsith01 (606117) on Wednesday April 11, 2007 @12:14AM (#18685547) Journal

    security breech

    Is that like a chastity belt? Or maybe an adult diaper?
    • Re: (Score:3, Funny)

      by Penguinisto (415985)
      If it comes from anybody that does DRM, I sure as hell wouldn't want to put it on (I'd imagine it to be something with spikes pointing inwards, somewhere around the rectal area...)

  • by Marcion (876801) on Wednesday April 11, 2007 @12:19AM (#18685569) Homepage Journal
    I read this bit:

    "New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed."

    No one gives my computer instructions but me. So I will have nothing to do with either of these formats at all. I am just gonna say no and take my business elsewhere.

    DVD is quite fine, and where it doesn't then there are hard drives. Hollywood can give me movies in a format I'll accept or they can e2fsck off.
    • Yeah see this is what always gets me about the DRM thing. Either you make it playable or you make it secure. Pick one.

      The Sony rootkit fiasco really brought home, for me, the need of consumers to assert their rights over their devices. This computer on which I'm writing this is mine. If I had the choice of hardware that would do what I told it or hardware that would obey the whims of the MPAA/RIAA, I'd choose the open hardware. Given the choice of software that does what I tell it to or software that doesn't, the choice is obvious. If there is no choice, I write my own software.

      The most insulting thing about the rootkit incident, as well as many such events since, is the notion that just because I'm using my computer to play content owned by someone else they somehow they own my hardware. That's simply not the case.

      Here's what I want to know. They're sending a patch to the software that plays the discs, right? It's already too late to change what's on the actual discs because too many are already in the wild, so to speak. What if I just don't update my software/firmware? Or better yet, what if I write my own?

      • by LocalH (28506)
        New discs. You won't be able to play those unless you update, or until more keys are exposed.

        What would be fun is if somehow all keys were exposed. What would they do then? It'd be CSS all over again.
      • Re: (Score:3, Insightful)

        If you use their software, then the software will choke when it encounters a disc produced in the future. That disc will contain a revocation list, and when your player finds itself on the revocation list, it will refuse to play all AACS-content (including stuff that previously worked), until you update. If you write your own software without a license, you violate the DMCA.
  • by ibib (464750) on Wednesday April 11, 2007 @12:25AM (#18685591) Homepage
    I am just wondering what "normal" customer's will think, I mean - geeks and technophiles understand the the new efforts to close AACS is just not a solution, just another workaround in a loosing battle. But I wonder what normal people think, I really doubt that average Joe will think that a patch to this system is really a good thing. Most people want to be able to copy their content, make backups, etc. One of the benefits for a lot of people with the DVD format is that DVD players are available as region free players, you can copy disks from friends, etc. I'm not saying that piracy is necessarily a good thing, just that far too many (and increasing) people enjoy that and that in itself will be a problem for the next-gen media players.
    • Re: (Score:2, Insightful)

      by Techman83 (949264)
      The problem is when Joe Six pack comes home on a friday night with a case of beer, couple of mates and a latest release movie, they are going to be mighty pissed off when there player prints "please update your dvd player" or something like it.

      Christ, It's not entirely difficult for someone that isn't phased by technology, but I know if I've kicked on my couch on a friday night with a beer, the last bloody thing I want to be doing is getting up, searching for my model of "insert new format player here" d
  • Respin (Score:5, Insightful)

    by ewhac (5844) on Wednesday April 11, 2007 @12:26AM (#18685595) Homepage Journal

    "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

    No no no. Let's just tidy that baby up a bit:

    "Makers of software for playing the discs on computers are requiring consumers to download patches that will re-apply the product defects that computing professionals had removed in the weeks prior. Despite the fact that nothing is technically wrong with the older versions of the software, it is being intentionally rendered obsolete to force the update -- no new movies will be viewable on the old software."

    Schwab

  • ISTR that Muslix64's attack worked by identifying the keys in active RAM. So how does revoking the keys defeat this attack?
    • by roesti (531884)

      So how does revoking the keys defeat this attack?

      The hackers only figured out how to get the old key. This is a new key. The hackers don't have the new key.

      What are you, stupid?

    • by Jugalator (259273)
      Maybe they store the key on a different memory address!
  • by hyrdra (260687) on Wednesday April 11, 2007 @12:29AM (#18685605) Homepage Journal
    They didn't fix any flaws. They just deactivated old keys and issued new ones. Supposedly InterVideo will be patched to be more secure (aka try to hide the new key). Maybe that is what they are talking about but it still does not fix any flaws by a long shot. Just look at all the cracked versions of software out there that have all kinds of fancy safety and protection mechanisms and are still cracked daily. As long as its in memory in unencrypted form for any amount of time, it can be obtained.

    What they have done is analogous to re-keying a lock that is susceptible to being picked -- it's only a matter of time before it is picked again. Lather, rinse, repeat. And how long before a hardware player is cracked? If I had one I'd bust into it to see what kind of flash it has. It probably has an on-board JTAG or other programming port to dump the memory like most consumer devices which are mass produced and then flashed assembly style, making obtaining the key quite easy. When the players come down in price I fully expect them to be cracked on a daily basis.
    • analogous ? (Score:5, Funny)

      by fahrbot-bot (874524) on Wednesday April 11, 2007 @01:00AM (#18685733)
      What they have done is analogous to re-keying a lock that is susceptible to being picked...

      I'm sorry, but this is /. and we only allow automotive analogies here. Please rephrase.

    • by Repton (60818)

      And how long before a hardware player is cracked?

      Uh, yesterday [slashdot.org]. It's not small beans either: It's the XBOX 360.

    • by bhima (46039) <Bhima.Pandava@gma i l . com> on Wednesday April 11, 2007 @01:40AM (#18685897) Journal
      Actually they (the Doom9 crowd and the Xbox360 hackers) have already discovered a method that recovers Volume Unique Keys which is completely unrelated to the method they used before. One which doesn't require reprogramming the device (Although they have already done that as well)

      So not only was AACS not really fixed (Just the key revoked) the velocity of revocation process is slower than the hacking process. And this revocation was a key for a software package, I imagine that the process for revoking the key for a hardware device, like the external Xbox360 HD-DVD drive to be slower, a lot slower.

      Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.

      I know I'd sure like to do it, if only to annoy and embarrass the AACS group.
      • Re: (Score:3, Informative)

        by Jah-Wren Ryel (80510)

        Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.

        It doesn't work like that. Or at least it isn't supposed to work like that.

        The AACS scheme has the ability to revoke individual players - not individual models, but actual single units. They use a lot of fancy set theory to do it, but in ess

  • breech? (Score:3, Funny)

    by natrius (642724) <niran@ n i r an.org> on Wednesday April 11, 2007 @12:30AM (#18685607) Homepage
    I feel sorry for anyone who has to give birth to DVDs, let alone backwards.

    Sharp edges. Ouch.
  • The game continues (Score:4, Insightful)

    by zappepcs (820751) on Wednesday April 11, 2007 @12:31AM (#18685611) Journal
    I guess that nobody with VC understands that DRM is simply a VERY expensive, very stressful game of whack-a-mole.

    It amazes me that so many people believe that they can do the DRM game and make huge money. Recent news tells me that if the US government is trying to influence other countries to do more about copyright infringement, well then, DRM must not work worth a damn, otherwise there would be no need for US Governmental intervention. With that bit of proof that it won't work, doesn't work, and can't work, it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.

    Media and content providers simply have to get on the right bandwagon... DRM isn't it. No matter what fantastically great work they do for any particular DRM scheme it will always end up broken. There is no method that can reasonably ensure secure keys when the unencrypted content has to be present to view it. Sigh, old dogs, new tricks, bad circus experiences....
    • by arkhan_jg (618674)
      it should be relatively obvious to all concerned that the only way that DRM *CAN* work is if governments create laws that make it illegal to not use DRM.


      Yeah, cos copyright law is already so well followed by the populace, I'm sure they'd be all broken up about breaking another law enforcing the use of DRM. Other than that, good post.
    • Re: (Score:3, Interesting)

      by Bert64 (520050)
      DRM is not for preventing piracy.
      DRM can never prevent piracy, sufficiently knowledgeable people will always be able to crack any DRM scheme. It's not like normal encryption where the key is unknown, your player needs to have the key in order to play the media, so it's simply a matter of extracting the key from whatever obfuscation scheme is being used to hide it, rather than having to crack the encryption itself.

      DRM is to prevent fair use, the people who buy legitimate media and exercise their fair use rig
  • by giminy (94188)
    If someone does break the new key, just wait. Please, wait. Until the format war is over, and there are thousands of titles out, everybody has a player, etc. Then announce.

    Thanks for listening.
    • Are you serious? Why? Are you worried that they'll eventually patch it enough that it will be unbreakable?

      If hackers wait until AACS is as ubiquitous as CSS is today before announcing a crack, then AACS will be a success. It needs to be cracked as soon as possible and as often as possible to show that DRM doesn't work.
    • No, no, no. (Score:5, Insightful)

      by Kadin2048 (468275) <slashdot.kadin@[ ]y.net ['xox' in gap]> on Wednesday April 11, 2007 @12:58AM (#18685723) Homepage Journal
      You're missing the point.

      The benefit of all these cracks isn't to allow people to copy the movies. That ability was never in doubt -- people will always be able to do that. They'll be able to do that regardless of what the content monopolies do, short of just deciding that they won't release movies anymore (which is fine; there's enough of a demand for entertainment that other people will do it -- there's nothing special about making movies that a lot of people can't do, it just takes a lot of money).

      Holding onto a crack until AACS is ubiquitous wouldn't do anything. The ultimate failure of AACS isn't, and never was, in doubt -- all DRM is flawed, and it will eventually be broken.

      The question is whether it's possible to convince both the studios/content-creators, and consumers, of the utter futility of DRM in the first place, so they'll stop trying to do it, and stop wasting everyone's time. DRM is nothing but a broken window: it's millions of man-hours and probably billions of dollars of resources diverted from other, more productive, tasks, both to create it and break it. That's the real cost of DRM.

      So if by releasing cracks for AACS every time they update it, as quickly as possible, it demonstrates to the studios that they're engaging in a war against a guerrilla enemy that they can't possibly defeat, regardless of how much money they spend, perhaps they'll throw in the towel sooner rather than later. It may be a slim chance, but given that Apple has started to see the light, there's some hope.

      That's the real benefit of these cracks. Compared to the economic and social cost of the wasted effort, the ability of people to pirate a few movies pales in comparison.
  • by Erris (531066) on Wednesday April 11, 2007 @12:36AM (#18685629) Homepage Journal

    The number one reason Vista is Sinking Like a Stone [dailytechnobabble.com], is "DRM problems and lack of anything even remotely demonstrating an understanding of how users want to use digital media." If DVD makers tighten up, people are going to route around them the same way they are routing around the RIAA member companies. They will flock to independent film makers and the big dumb publishers will watch their earnings collapse at 20% per year. Their greed goes beyond the already insane limits of copyright and that kind of thing is simply not fun.

    • by Macthorpe (960048)
      Read the comments for the article you linked to. The author gets torn to shreds by people with actual knowledge of Vista.
  • Final Solution (Score:2, Interesting)

    I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy their content without explicit licensing and permission would be the start of some file-sharing apocalypse.
    • Re: (Score:3, Interesting)

      Well, that teaches me for not using preview. Here's the non-HTML-formatted version (with real paragraphs!):
      --

      I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy
  • by appleguru (1030562) on Wednesday April 11, 2007 @12:51AM (#18685697) Homepage Journal
    From Engadget:

    In parallel efforts, hackers in both the Xboxhacker and Doom9 forums have exposed the "Volume ID" for discs played on XBOX 360 HD DVD drives. Any inserted disc will play without first authenticating with AACS, even those with Volume IDs which have already been revoked by the AACS LA due to previous hacking efforts. Add the exposed processing keys and you can decrypt and backup your discs for playback on any device of your choosing. Now go ahead AACS LA, revoke the Toshiba-built XBOX 360 HD DVD player... we double-dog dare ya.
    Sources:
    http://www.xboxhacker.net/index.php?topic=6866.0 [xboxhacker.net]
    http://forum.doom9.org/showthread.php?&t=124294&pa ge=6 [doom9.org]
    http://www.engadget.com/2007/04/10/aacs-hacked-to- expose-volume-id-windvd-patch-irrelevant/ [engadget.com]
  • Some of you might remember the DVD-Audio 'hack' [slashdot.org]. Well guess what? The Intervideo keys got revoked. Then guess what happened?

    That's right, the people that payed Intervideo for their player that was advertised to play DVD-Audio are TOL. Intervideo pulled the functionality out of their new players and the people that had bought the older version are only going to be able to playback DVD-Audio discs that were mastered pre-revoked keys. Unless they upgrade, in which case they can't play any DVD-Audio.

    I'm just s
  • by viking80 (697716) on Wednesday April 11, 2007 @01:49AM (#18685955) Journal
    Here is the important question:
    If you were the implementer of AACS on HD player SW, how would you hide the key? I can think of a few ways:
    1. Keep the data in CPU registers and cache.
    2. Split the keys up into smaller pieces, and spread them around when in memory.

    It seems that both is basically security through obscurity, and that has not worked very well in the future.

    If you respond to this with a clever way to do this, make sure you post the reason it will not stand up to hackers as well. Otherwise, keep it to yourself ;)
  • Hooray! (Score:5, Funny)

    by Philodoxx (867034) on Wednesday April 11, 2007 @02:12AM (#18686043)

    DVD Security Group Says It Has Fixed AACS Flaws
    So they've removed it completely?
  • Subject (Score:3, Interesting)

    by Legion303 (97901) on Wednesday April 11, 2007 @07:06AM (#18687263) Homepage
    "Ayers said future assaults by hackers can be similarly fixed by replacing compromised keys with new ones."

    They're going to have to institute an MS-like "patch Tuesday" to issue new keys.

    On the down side, I'm going to have to wait until the weekend before the HDDVD hackers break the new scheme and resume their regular distribution schedule. :(
  • by pandrijeczko (588093) on Wednesday April 11, 2007 @07:53AM (#18687693)
    Encryption is not designed to keep a piece of data hidden from prying eyes forever.

    Instead, it's about hiding data in such a way that it would take so much time and so much computer resource to break the encryption code to the point where it becomes impractical to even try doing it in the first place. In practical terms, for a specific encryption algorythm, it might, for example, be estimated that it would take 1 man on 1 PC up to 8000 years of continual effort to break a particular encryption algorithm.

    However, get 2 men on 2 PCs working together, it'll take up to 4000 years to break it.

    4 men on 4 PCs will take about 2000 years to break it.

    etc.

    Based on that assumption, I give your encryption keys 1 year at the most.

  • by JRHelgeson (576325) on Wednesday April 11, 2007 @08:43AM (#18688263) Homepage Journal
    We have fixed the problem this time.

    No, seriously, we did... Really.

    So, unless some miscreant goes out and breaks something, yes, it is fixed.

    Hackers of the world: It ain't broke, so please don't be taking it apart to find out why. Please! The fact that you can't watch movies you paid for on the equipment you own is a design feature. Please don't meddle with it, it will only make more work for us.

    {We have just raised the bar and thrown down the gauntlet, so: On your mark, get set, GO!}

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...