DVD Security Group Says It Has Fixed AACS Flaws 388
SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."
Serious Question (Score:3, Interesting)
Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?
We fixed it properly this time... (Score:3, Interesting)
They really want this to be perceived as tight to sign up content providers.
Even more reason to have nothing to do with it (Score:5, Interesting)
"New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed."
No one gives my computer instructions but me. So I will have nothing to do with either of these formats at all. I am just gonna say no and take my business elsewhere.
DVD is quite fine, and where it doesn't then there are hard drives. Hollywood can give me movies in a format I'll accept or they can e2fsck off.
What about the lazy customer? (Score:3, Interesting)
They don't get it - DRM is suicice (Score:3, Interesting)
The number one reason Vista is Sinking Like a Stone [dailytechnobabble.com], is "DRM problems and lack of anything even remotely demonstrating an understanding of how users want to use digital media." If DVD makers tighten up, people are going to route around them the same way they are routing around the RIAA member companies. They will flock to independent film makers and the big dumb publishers will watch their earnings collapse at 20% per year. Their greed goes beyond the already insane limits of copyright and that kind of thing is simply not fun.
Final Solution (Score:2, Interesting)
Re:Final Solution (Score:3, Interesting)
--
I know I'm getting offtopic here, but I personally know some people who are rich, own copyrighted content, and are absolutely obsessed with controlling it. They're not people I can understand. They think that every reasonable fair use right should be carefully meted out by themselves alone, that they should be able to revoke rights to anyone at any time for any reason, that allowing a user to copy their content without explicit licensing and permission would be the start of some file-sharing apocalypse. It's not even so much about the money with them as it is the power and control.
And every time they hear about DRM being broken they want some new, better way of controlling their media.
As much as I praise EMI for their actions of late, I can't help but think the people I know represent the bulk of the **AAs. The more we prove DRM is useless to a customer that has access to the hardware and software, the more appealing "Trusted Computing" will become to the Industry. Add a nanny-state government to that and you've got a recipe for disaster.
And the "average consumer" wouldn't raise a stink about it. Even a locked-down home-phoning appliance could run Microsoft Office and QuickBooks and HALO*, so 99% of people wouldn't care. Tell them it's more "secure" and they'll buy it.
(...wait, they already play HALO on locked-down home-phoning trusted-computing appliances...)
Re:They didn't fix anything (Score:5, Interesting)
So not only was AACS not really fixed (Just the key revoked) the velocity of revocation process is slower than the hacking process. And this revocation was a key for a software package, I imagine that the process for revoking the key for a hardware device, like the external Xbox360 HD-DVD drive to be slower, a lot slower.
Also given the nature of this sort of thing, I also figure pretty soon there will be increased interest in hacking a stand alone HD or BD player... as the price comes down I'm sure the allure of forcing revocation of a series of hardware players will attract attention.
I know I'd sure like to do it, if only to annoy and embarrass the AACS group.
how do you think the new patch adresses the issue? (Score:5, Interesting)
If you were the implementer of AACS on HD player SW, how would you hide the key? I can think of a few ways:
1. Keep the data in CPU registers and cache.
2. Split the keys up into smaller pieces, and spread them around when in memory.
It seems that both is basically security through obscurity, and that has not worked very well in the future.
If you respond to this with a clever way to do this, make sure you post the reason it will not stand up to hackers as well. Otherwise, keep it to yourself
Re:What about the other holes? (Score:5, Interesting)
Also, let me point out, I haven't read the code in its' entirety yet, but if I understand correctly, the volume key crack should actually be immune to key revokation, based on my understanding of AACS, key revokation should only effect device ids and once a method of extracting a volume ID is known, the revokation mechanism just no longer matters.
Of course, I'd also like to point out what others have already said. If a program exists that can read the data and decrypt it, then it's 100% obvious that the program can be reverse engineered. This is not an opinion, it's fact. I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...
bypassing hardware dongles requires that you reverse engineer the driver to the dongle, this is just plain easy, all you need to do is find a disassembler that can handle the format, or if it's a kernel mode driver, then you just use a kernel mode debugger... not an issue. when you locate where the driver is being attached to from the program itself, then you just emulate the hooks. Even the most advanced dongles are easy to hack this way.
FlexLM... well... come on... this one is just so easy it's not worth talking about
Trial Periods... they can vary... depends on how obscure people want to make the code. But for the most part, they're not that hard. For example, I found a function reference in a DLL on PcAnyware (don't remember the version) called "TimeBomb()" which returned a boolean value. Not really that hard huh?
As for HD-DVD and BluRay... if all else fails, run the player (really really slow) through an emulator like QEmu and trap all IDE calls. Log the previous 1000 instructions run before the hook and then log until the first picture comes up. Then just review the log and read the source code left in the log. Hardest part is making it pretty enough to read... but if it means that much to you... well no problem.
- So... in brief... copyprotection is just a joke... laugh at it!
Re:Even more reason to have nothing to do with it (Score:5, Interesting)
Re:CDs aren't a new format! (Score:2, Interesting)
I firmly believe that the demise of the Vinyl LP was orchestrated by the recording industry, in order to get consumers used to 'digital technology', and then down the track be able to control what those said consumers can do with things like DRM. I mean, it was impossible for record labels to stop you from copying compact cassettes and LPs, and this is purely because they're analogue in nature. Now that digital has been foistered onto us, we can be controlled. This is what has really led to the DRM explosion.
Unfortunately, if governments were actually here to protect our, the voters rights and interests, DRM would have been made illegal a long time ago. I most certainly would introduce this law in Australia if I had the senate majority and power, the US be damned.
You are quite correct in buying CDs from non RIAA labels (there's a website for this, can't remember it). It's a pity that the artists (well some of them are artists lol) have to suffer and have their income deprived. I can't understand why artists don't start pooling their resources together, creating an artist's record label - that is for the artists (and gives back the sales to the artist, less manufacturing costs etc). This is doable, other than with political and financial sabotage by the RIAA happening (and this would be highly visible to any court of law).
Has anyone ever asked themselves why the RIAA has it's own legislation where it can Ddos/dos suspected pirates Internet connections? If anyone else did this, it's a computer crime. Why is it that the RIAA has it's own legislation marking them as being exempt from US monopoly laws? Why is it that the RIAA has firmly pushed for the extension of copyrights (I can tell you why this is)?
Why is it that such a high percentage of the population doesn't realise any of this, let alone remotely think about it? A friend once told me that the right to breed should be directly linked to your IQ - in order to keep the species intelligent. I'm finding that I'm starting to agree with him...
Dave
Re:"Fixed Flaws"? (Score:3, Interesting)
If I'm interpreting http://forum.doom9.org/showthread.php?t=122363 [doom9.org] correctly, there would be 2^22 or 4 million possible keys available. I honestly don't see them running out anytime soon. On top of that, the AACS encryption could be extended pretty much indefinitely, and if the actual implementation is cleverly done, it may be possible to extend it without breaking any hardware players (at least, any players which aren't already revoked - if they actually start running out of keys it would have to be thanks to lots of hacked keys.) I truly don't expect this to happen - they're smart enough to be careful of this.
Re:What about the other holes? (Score:2, Interesting)
Re:i'm not so sure... (Score:4, Interesting)
So I missed my parental opportunity to reduce the media consum of my children, went to an online shop and ordered the cheapest DVD player I could get for a mere 30 EUR (at the time just US$25), and - oh wonder! - all the scratched DVDs play again, additionally the DVDs my wellmeaning sister-in-law brought from the U.S., which didn't play before, and I can also look at the burned CD with all my family pictures, play MP3 CDs...
The expensive DVD player from Sony now sits in the kitchen and occasionally plays a normal music CD, when there is nothing in the FM worth listening to.
Re:i'm not so sure... (Score:2, Interesting)
1. dd if=/dev/sr0 of=PansLabyrinth.bin
2. Burn the image back onto a blank medium
3.
4. Profit!
No need to go decrypting the content at any stage - if their customer's HDDVD player can unscramble the original it can unscramble the cloned copy. AACS is just another tool to maintain regional control.
Re:The game continues (Score:3, Interesting)
DRM can never prevent piracy, sufficiently knowledgeable people will always be able to crack any DRM scheme. It's not like normal encryption where the key is unknown, your player needs to have the key in order to play the media, so it's simply a matter of extracting the key from whatever obfuscation scheme is being used to hide it, rather than having to crack the encryption itself.
DRM is to prevent fair use, the people who buy legitimate media and exercise their fair use rights to make copies to play in their car, copies for the kids to ruin, rip to ipods etc, don't have the necessary knowledge to extract the keys so they will be forced to buy multiple copies instead of exercising their fair use rights, thus making the media companies more money.
Serious cracking groups will go on cracking every copy protection scheme thrown at them. And the people who obtain pirate copies will continue to do so, and they will benefit from having the freedom to use their pirated copies anywhere.
If you prevent piracy (and this is never gonna happen) most of these people will simply do without rather than start paying, many people simply cannot afford to pay full price.
ps3 cell folding pirates (Score:5, Interesting)
make bluray popular could be used to actually crack the keys the fastest.
Re:i'm not so sure... (Score:3, Interesting)
Subject (Score:3, Interesting)
They're going to have to institute an MS-like "patch Tuesday" to issue new keys.
On the down side, I'm going to have to wait until the weekend before the HDDVD hackers break the new scheme and resume their regular distribution schedule.
Comment removed (Score:3, Interesting)
Re:i'm not so sure... (Score:3, Interesting)
You meant that sarcastically, but actually, you're right [arstechnica.com].
Charging more for HD content isn't going to cut it because a lot of people *with* HDTVs like the quality of DVDs in a progressive scan player (which they are are over the last couple years).
First of all, both HD-DVD and Blu-Ray movies cost the same as DVD's - about $15-$20. Some are as low as $9. So that argument doesn't hold water.
Second, nobody who has an HDTV likes the quality of DVD vs. true HDTV. DVD's are watchable, but the quality difference is pretty obvious. I have never seen any HDTV owner that says otherwise. (Maybe going back to the early days of HDTV, when the resolution of those sets was hardly better than DVD. But that's not the case anymore.)
The industry needs a replacement for DVD, and HDTV owners do want one. It will likely turn out to be some combination of digital downloads and high-def optical discs, most likely Blu-Ray in the long run.
Re:Dear DVD Security Group... (Score:2, Interesting)
However, get 2 men on 2 PCs working together, it'll take up to 4000 years to break it.
4 men on 4 PCs will take about 2000 years to break it.
Hmmm. I wonder if the crackers have worked out how useful all those bot-nets could be? Move aside SETI@home!
(well.... it would be nice to think they were hacking my PC for something useful rather than just to send spam
Re:i'm not so sure... (Score:5, Interesting)
Unfortunately, high prices and the lack of working copies/backups makes the legal offerings un-attractive for many. I have kids. I have cases that used to contain working DVD's. Lack of backups is a problem. I'm moving to a Linux Media Center PC. This new format is incompatible. A media server is a much better solution for most families than a shelf of out of order/broken/lost DVD's. The inability to make a backup/working copy is a crime. DVD's in the home make as much sense as a CD player tethered to your iPod instead of a hard drive. Kids don't take CD cases to school anymore. They know they get stolen, lost, broken, etc. They rip the CD's at home and load them on their iPod with the originals safely stored away.
SONY Dreamworks doesn't get it. I bought Open Season. It has some copy protection on it besides CSS. Guess which film won't be in the Media Center? Guess which brand I'm not buying in the future? Chances are that title won't be watched much simply because it's inconvienent. It's like copy protection on CD's. The kids have iPods. They rip their CD's. CD's that don't work are remembered. That artist and label get a critical review on their next release. Kids instead of buying CD's they can't use, look elsewhere such as P-P and sneakernet. Copy protection (Defective product) sends buying consumers elsewhere.
I remember what CD's and DVD's can't be ripped and who put them out.
Since I did buy Open Season, I will be looking for an already ripped copy or a solution to rip it myself. So far, the rip it myself solutions seem to be mostly commercial offerings.
Re:i'm not so sure... (Score:3, Interesting)
When was the last time someone put in the disc for Pirates of the Carribean 2 and wanted to wade through 3 minutes of "Register this disc" crap.
I have no problem buying discs or even plunking down over $25 for a disc but I don't want crap. I copy all my DVDs for
-backup protection
-convience of movie only
Re:Something I don't understand.... (Score:3, Interesting)
That led me to think they had to use a revocation list scheme like CA's use. Because without it if , say, Bob's electronics decide to manufacture it's own drive then any HD content made BEFORE it was issued it's key wouldn't play on it. That would be a HUGE barrier to entry into the market.