DVD Security Group Says It Has Fixed AACS Flaws

SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

What about the other holes?

[Tragek]

"AACS is a high-profile technology and is protecting high-profile content, so we fully expect there will be future attempts," Ayers said.

How about future successes [engadget.com]?

Re:Serious Question

[topical_surfactant]

Current players will work fine until you attempt to play a new HD-DVD with the "corrected" AACS. Then your player will cease to play all HD-DVDs until such time that you update with a hot, steaming pile of DRM horse shit.

Already hacked via Xbox 360 add on VID

[appleguru]

From Engadget:

In parallel efforts, hackers in both the Xboxhacker and Doom9 forums have exposed the "Volume ID" for discs played on XBOX 360 HD DVD drives. Any inserted disc will play without first authenticating with AACS, even those with Volume IDs which have already been revoked by the AACS LA due to previous hacking efforts. Add the exposed processing keys and you can decrypt and backup your discs for playback on any device of your choosing. Now go ahead AACS LA, revoke the Toshiba-built XBOX 360 HD DVD player... we double-dog dare ya.

Sources:
http://www.xboxhacker.net/index.php?topic=6866.0 [xboxhacker.net]
http://forum.doom9.org/showthread.php?&t=124294&pa ge=6 [doom9.org]
http://www.engadget.com/2007/04/10/aacs-hacked-to- expose-volume-id-windvd-patch-irrelevant/ [engadget.com]

Re:"Fixed Flaws"?

[ZorbaTHut]

No, that will work fine too. They haven't changed a global key of any kind. They've just revoked the old key for new media. All the newer keys still work fine. You can conceptually think of it as all discs supporting thousands of keys, some of which are used by players and some of which simply exist for future not-yet-constructed players to use - there's plenty of possible keys left for new players to work on old discs.

When they revoke keys, they simply remove the old compromised keys from new discs, so players relying on those keys can't play anything.

Re:Even more reason to have nothing to do with it

[timmarhy]

anytime you purchase a dvd they are giving you the dvd - in exchange for money. dude, seriously just give up and admit your wrong, and that you jumped the gun. he made no suggestion of piracy at all, just that he was voting for a better format with his wallet - and i agree with him and i suspect most other people do to.

Re:"Fixed Flaws"?

[joe_adk]

Plus, how many keys do they have before they exhaust them all?

They probably have somewhere around 340,282,366,920,938,463,463,374,607,431,768,211,45 6 (some math type dude could prob give you a more accurate number). But I doubt that they would use every combination.

Re:They didn't fix anything

[Jah-Wren Ryel]

Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.

It doesn't work like that. Or at least it isn't supposed to work like that.

The AACS scheme has the ability to revoke individual players - not individual models, but actual single units. They use a lot of fancy set theory to do it, but in essence each player is supposed to have a unique set of keys - possibly hundreds of keys out of a total of many thousands (hundreds of thousands perhaps). Each disc has the information on it to allow thousands of different keys to decrypt it. The way it works is that of all the keys on the disc, it is expected that each individual player will have at least one key that matches.

Thus the way they revoke a specific unit is (if they can identify the unit, say the guy was foolish enough to publish the keys he extracted) that they do a bunch of math to figure out what set of keys to put on the new discs such that the compromised player will not have any of his keys on the new discs, but all other players will still be able to find at least one matching key on the new discs.

Remember that this is all in theory, and we have seen evidence that not all of AACS has been implemented yet or is even being used correctly. So it is entirely possible that some of the early units are "simplified" and every unit of a single production run or even every unit of a single model all have the same subset of keys on them. If that's the case, revoking one such player will revoke all such players. But if hardware manufacturers did it "right" then they are supposed to be able to revoke individual players.

Re:What about the other holes?

[IamTheRealMike]

Volume key hacks are not solid. How many times is it necessary to point this out on discussions about AACS? The specification contains a wide variety of traitor-tracing algorithms that let you find a hacked player key given only the released volume keys, or even only the decrypted video itself.

Re:i'm not so sure...

[EvilGrin666]

In no way did I mean that just because the players were cheap and made in China they are somehow inferior quality. Quite the opposite in fact.

For example. I have a DVD player that made by a no-nane Chinese brand, bought for 30UKP (around 60USD). It's not region free but can be unlocked by a magic button press combination on the remote. Instructions for said inputting magic combination were given to me at the shop when I bought it. It plays anything I throw at it. Even half arsed DVD rips that I failed to burn correctly.

On the other hand, my father has an expensive Sony DVD player. It's region locked, doesn't upscale for his HDTV and takes great offence if anything is slightly out of spec on the DVD disc.

Now to bring this vaguely back on topic, from a consumer point of view, which is better? I suspect those without any knowledge of region encoding (or in the case of HD-DVD, DRM) most would simply conclude the more expensive player is 'broken' and opt for the cheaper region free/DRMless player.

Fair enough, at the moment with HD-DVD they do not have a choice. Bottom line is, while the average consumer might not care about their 'digital rights' they dam well care about their shiny new disks working in their shiny new HD-DVD player. This has the same beneficial effect to my mind, the end of DRM. The movie industry pisses off the average consumer at their peril.

Re:how do you think the new patch adresses the iss

[ceroklis]

1. If you run the software in a CPU emulator, you can stop at anytime and read the registers. So the distinction between memory and registers is irrelevant.

2. Hiding the key is easy, but I don't know how useful it really is.

Here are some ideas on how I would do it:

1. Instead of calling a standard AES routine that needs the bytes of the key to be in successive memory locations, recode the routine to take bits of the key from different areas of memory.

2. Suppose (to simplify) that we combine a player key (PK) (that we want to hide) with a disc key (DK)(on the disc) to produce a media key (MK). Then we combine an encrypted sector (ES) with the media key (MK) to produce a decrypted sector (DS). Suppose (for illustration) that keys are 256 bits and blocks 4096 bits long.

I would follow these steps: write a single function f(DK, ES) = DS in a simple algebraic language. PK exists as constants in the function body. With a preprocessor, convert this function into 4096 boolean functions of 4352 inputs and output C code to compute their minimal disjunctive form. Recovering PK is equivalent to brute-forcing AES.

Please correct me if I am wrong.

Re:CDs aren't a new format!

[Legion303]

"You are quite correct in buying CDs from non RIAA labels (there's a website for this, can't remember it)."

http://www.riaaradar.com/search.asp [riaaradar.com]

Re:"Fixed Flaws"?

[Goaway]

For the millionth time: AACS players have individual keys. You never need to revoke an entire line of players, because you can just revoke a single physical unit.

Re:i'm not so sure...

[Fordiman]

mencoder dvd://[title] -chapter [chapter] -ovc lavc -oac lavc -lavcopts vcodec=mpeg4:bitrate=1500:mbd=2:trell:v4mv:turbo:a codec=mp3:abitrate=192 -o "[DVD Name] - [title] - [chapter].avi"

That will rip incorrectly most of the time; you need to do prescaling using -vf crop=w:h:x:y,scale=x:y,expand=x:y and data you can get from the stdout of mplayer dvd://[title] -chapter [chapter]

Still, there ain't nothin' like gettin' yer hands dirtied on a command line.

Re:Serious Question

[topical_surfactant]

Don't shoot the messenger, champ.

"Our recommendation is for anyone using HD DVD or Blu-ray disc playback to download the update in order to ensure that both their existing titles and newly purchased titles will continue to play," Hughes said. "If someone inserts an HD or Blu-ray disc with the new licensing keys, it will result in HD/BD playback of previous titles being disabled until (users) install the free update."

(From the end of: http://news.com.com/Analyst+Corels+DRM+patch+only+ a+bandage/2100-7355_3-6174893.html [com.com] )