HD-DVD and Blu-Ray Protections Fully Broken

gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."

Nice.

In five years, when I finally buy into HD television and content, there should be an assload of free content out there to download.

Re:Nice.

... as if a million RIAA execs cried out in terror and were silenced at once...

Re:Nice.

Why the fuck would the Recording Industry Association of America care about movies being pirated, precisely?

(Seriously, I see this far too often on Slashdot. It annoys me. A lot.)

Re:Nice.

Why the fuck would the Recording Industry Association of America care about movies being pirated, precisely?

Because they have a very strong sense of empathy?

I mean, they are suing grandmas and invalids, how can they not?

Re:Nice.

Its important to be fair and ensure both formats are equally broken.

Re:Nice.

An 'assload' is the metric name for 'buttload', both of which are greater than or equal to 1 'shitload' or 'crapload', respectively. I know the whole Imperial/metric conversion thing is problematic at times, but you could've at least Googled this before asking such a silly question.

Re:Nice.

Actually, wouldn't the correct metric term be "arseload"?

Re:Nice.

Actually, wouldn't the correct metric term be "arseload"?

That's an Imperial assload; it's only used in Britain. It's equal to 1.24 U.S. assloads.

Re:Nice.

That's an Imperial assload; it's only used in Britain. It's equal to 1.24 U.S. assloads.

Your figures are incorrect, the comparative sizes of arse/asses between the two nations means that there are in fact 1.6 UK arseloads to every US assload.

Re:Nice.

Actually, it's calculated by the internal volume, not the external surface area. We Americans are lard asses, but the British are full of shit.

Re:Nice.

Which kinda explains why America is so focussed on oil and British ideas never float....

*ducks* hehehe :)

Re:Nice.

There's also the fuckton and metric fuckton, thus far the heaviest units of measurements I've come across.

Re:Nice.

Well, seeing that the average ass on Slashdot is probably about three to four feet wide, two feet high (from a sitting position) and about a foot deep from front to back, that means at most eight cubic feet of HD DVDs ripped and placed online. In reality, I'm not sure what the parent poster was that happy about since eight cubic feet of DVDs is actually not that much. I would have been inclined to say, "Great! This means that when I buy into HD stuff in five years, there should be more HD content online than there have been cocks in porno actress Houston's Yoni. If you catch my drift..." A little more accurate.

Re:Nice.

Editor's Note: Houston is a porno actress who was supposed to gang bang 500 men and wound up gangbanging 620 men instead. So the parent post would suggest that only 620 movies would be online in five years. I suspect that there will be many more movies online.

Re:Nice.

8 cubic feet gives a cube with sides of 60,96 cm, which fits at least 5*5= 25 stacks of DVDs. With a thickness of 11,2 mm, this gives a total of 1350 DVDs. Turns out it is quite a lot after all, with a slashdotter's ass having a bandwidth of 40,5 TB/load, assuming single-sided, double layer HD DVDs.

Latency is horrible though, for more reasons than I care to imagine.

OK, time to switch now!

The time has come to make the upgrade.

DVD-JON

I wish Jon Johansen would have done it so he could be called HD-DVD Jon, or maybe Blu-Ray Jon.

Re:DVD-JON

Yeah, but now we got HD-DVD Blu Arnezami. That's at least as easy to say and remember as DVD-JON.

What?

Re:DVD-JON

I wish someone named Charles could have cracked Blue-Ray so we could have Blue-Ray Charles.

drm

years to create, weeks to break- sounds about right.

Re:drm

The solution is obvious, we need even tighter, more intrusive DRM!

Re:drm

Sure! Why don't they just hook a padlock through our taints and latch us to a movie theater seat.

Oh no! Not Howard the Duck again!!! For the love of God!!NO!!!

Re:Economics 101 (was: Cue Nelson)

I consider it a victory though I don't have, nor plan to have, a High Definition player. I have an HD TV, and an XBox 360.

Why won't I buy the $200.00 HDDVD player from MicroSoft?

Well, I've said it before, and it bears repeatin'...

I'll buy new content when those ASS-WIPES in Hollyweird stop putting advertisements in front of the movies on DVDs! GODDAMN, I'm SICK of wading through bullshit ads for movies that stopped playing in theatres years ago when I watch an old DVD.

Pull out your Matrix DVD or your 2001: A Space Odyssey DVD and insert it into your DVD player or PS2. What happens? THE MOVIE starts to play, doesn't it?

Now try that with any DVD you bought in the last three or four years. Pisses you off, doesn't it? Yeah, me too.

They can KISS MY ASS! Even though I'm not buying their HD disks I'm still laughing my ass off at this and looking forward to more penetrations of their security. (Hey, this is Slashdot. We gotta' have pron! Just not HD Pron. Pimples and hairs where they shouldn't be. YEECH!)

props to Muslix64 and hackers everywhere

It puts a smile on my face knowing that a small group of unpaid media hackers are able to crack the AACS encryption scheme what tooks many developers and millions in R&D to create, in just a few short weeks.

Vista Help Forum [vistahelpforum.com]

Re:props to Muslix64 and hackers everywhere

cpearson,

It has always been easier to destroy/crack something than to create it in the first place.

It is not a great undertaking to break a DRM scheme. It is not comparable to cracking strong encryption (which takes lots of horse power). The basic concept of DRM is fundamentally flawed and therefore open to attack.

DRM by its nature is both widely available and has to function on a user's local device or PC. The wide availability (unlike an encrypted message with a unique key) means the attacker has easy access both the algorithm and protected content. This mathematically greatly reduces uniqueness. One only has to setup the correct environment and observe how it functions with a legal copy. And since the DRM scheme is most likely non-unique on a copy by copy basis the affect instantly cascades. Unlike getting a randomly encrypted file you have access to the algorithm (the software) and you have access to the keys.

The big issue in DRM is how to obfuscate your algorithm and how to keep people from getting access to the stream in the clear. Both of these tasks are next to impossible to carry out effectively.

So anyone, even the very same "small group of unpaid media hackers" in question, would have to spend a large amount of effort trying to come up with better and better obfuscation schemes. While cracking the DRM will take far less resources, focus, or time.

Cracking DRM is more akin to white box QA or reverse engineering.

All that said I'm secretly glad someone stepped up and did this :-) DRM as it exists today is pointless, useless, and gets in the way of a customers fair use of something they have purchased.

I'm willing to bet 5 years from now we will see far less DRM in use and those still using it won't be selling as much music or as many movies as those not using it.

Re:props to Muslix64 and hackers everywhere

Or as someone once put it, there is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.

Not true at all...

The IRS perfected it years ago... Ive been trying to decode my goddam tax return for the past two weeks and I still cant crack it.

We should just let them handle music distribution... "Put the song title from box 34 into this box, but only on a leap year that ends in an odd number...."

Re:props to Muslix64 and hackers everywhere

I like Bruce Schneier's aphorism: trying to make bits not copyable is like trying to make water not wet.

Re:props to Muslix64 and hackers everywhere

Sorry everybody, but it's not.

That said, they have got a player key now, so all disks published to date can be decoded.

Each player has its own player key, and each disk accepts any player key in its list (the player key is used to decode the volume key which decodes the film).

With this player key, they can decode any HD-DVD which has been printed already. However, as the key has now been compromised, future disks will not accept that player key. The software will have its player key updated, but the software will be tightened in an attempt to remove this loophole.

Take a look at the archives of http://www.freedom-to-tinker.com/ [freedom-to-tinker.com] for a detailed discussion.

Re:props to Muslix64 and hackers everywhere

However, as the key has now been compromised, future disks will not accept that player key.

Sure they can remove the compromised player key from the acceptable list. But it remains to see whether they'll actually do it. Presumably there's a decent number of blameless consumers already using that player. What's the commercial impact of pissing them off?

Re:props to Muslix64 and hackers everywhere

The contract for software players could require that players work just like Firefox... when a new version is found, they automatically and silently download it, and when the player is started the next time, they offer to seamlessly install it for the user. From what I've heard, this may be built in to all/most software players, making it relatively painless to force-upgrade software players at least.

(which would mean that hardware keys are actually more valuable to extract, so maybe that's the hacker community's next step?)

Re:props to Muslix64 and hackers everywhere

No, but they could very easily put the update on newly released discs....with all the space they have, I think they can spare a few zeros and ones to include software that updates the system.

I wouldn't be suprised if this has already happend at least once or twice.

Re:props to Muslix64 and hackers everywhere

Presumably there's a decent number of blameless consumers already using that player. What's the commercial impact of pissing them off?

It's HD-DVD/Blu-Ray we're talking about. I bet both of the consumers will be really pissed.

Rich.

Re:props to Muslix64 and hackers everywhere

You would be correct, execpt what has been relesed is not the player key. In fact the player (device) key is one of the two that have not been released, the other one being the root key held by AACS LA. The key that has just been released and reusulted in this article is the processing key which can (and probably will) be changed for any disc authored after the previous key bacame known. The key difference is that the player key is linked to the specific player whereas the processing key is specific to the hddvd/blueray discs created with it and will continue to be valid for those discs even after new ones are produced with a new key. Relasesing a device key would be counterproductive as indiviual device keys can be blacklisted meaning if you had one you would have to break a new player device (hardware or software).

Re:props to Muslix64 and hackers everywhere

Informative? INFORMATIVE?

Man, you people better hope I don't get this one on metamod (which I suppose now I've tossed out the window, but oh well).

This is the same head-in-the-sand crap we've been hearing for months now. "It will be ROCK SOLID! No way will anyone ever break it! This is the absolute best, most secure copy protection ever! We fin...wait, what? It's broken already? DAMN!"

It's dead. You lost. As we all have been telling you for months now. "All is not lost, we'll change the key!" Yes. You will. And in less time than it took you to change the key, and at far lesser expense...we'll get that one too.

Face it. We're coming to your house. If you take the numbers off, we'll just go to the house with no numbers. If you take the numbers off from the neighbor's house, we'll just come to the house next to the house with no numbers.

You. Lost.

Re:props to Muslix64 and hackers everywhere

Erm, it's a simple distributed attack. While the group that succeeded was small, the cost (in man hours) of all groups that attempted but failed must also be considered, is likely not a small number.

I think this is a fundamental problem that the people backing DRM forget. They're massively outnumbered, and it's just a matter of making it not worth the rest of the human population's time to break their stuff. So far, not gone so well for them...

Re:props to Muslix64 and hackers everywhere

You still believe that Mossad/CIA fairy tale? That's just a story The Man puts out to appease the people who are too smart to believe the Bin Laden hoax, but not smart enough to question anything else.

Open your eyes and see the truth, man! 9/11 was executed by the International Male Models' Union working in conjunction with Major League Baseball. It's so obvious you probably overlooked it at first, but dig deeper. It checks out.

All DRM implementations will be broken.

DRM is fundamentally broken by design. Ciphers of this kind rely on the attacker not getting hold of the key. At the same time, the recipient needs the key to get the data. I can never work because the attacker is the same person as the recipient.

In effect, DRM is security through obscurity.

How much longer will we have to put up with this crap before the media companies realise this and stop inconveniencing their customers and wasting our money and time as well as their own?

Re:All DRM implementations will be broken.

Indeed. These guys should have listened to Cory Doctorow when he was talking at Microsoft [uberm00.net]. Unfortunately, it seems they didn't get it either.

Re:All DRM implementations will be broken.

It can never work because the attacker is the same person as the recipient.

That's why TPM is being pushed by DRM proponents: TPM means your computer no longer trusts you (its owner). It means that someone that can convince Verisign to sign their key will be able to have access to all your secrets- including the ones that you do not. It already happened. [microsoft.com]

Forget all that jibber-jabber about whether they have a right to protect their "copyrights", or even if you have any rights to copy: they clearly cannot be trusted with your secrecy and your privacy.

Re:All DRM implementations will be broken.

And the problem with TPM is that you still have access to the hardware. If you've got that and enough time and skill, TPM eventually won't matter, either.

Re:All DRM implementations will be broken.

Hmm... the logical conclusion is the MPAA needs site security in people's homes so they can prevent access to the hardware. They're probably working on it right now. Maybe some sort of USB powered taser would work?

Re:All DRM implementations will be broken.

I was thinking along the lines of having the hardware on a platform in the middle of an aquarium surrounded by sharks with fricken tasers on their heads.

Re:All DRM implementations will be broken.

Just FYI, use of an electron microscope is pretty cheap too. I'm charged £35 ($70) an hour.

"...trying to get content without paying for it?"

I have paid for every single DVD I own. No good deed goes unpunished, I am repeatedly subjected to unskippable previews, FBI warnings, commentary disclaimers and the same fscking flying logo and equally annoying jingle at 4 places before actually getting to the content I purchased. If I were stupid enough to buy into HD/BR I additionally lose my control over the resolution I want. This isn't about Imaginary Property rights, it's about THEIR control of MY property.

Re:"...trying to get content without paying for it

I have paid for every single DVD I own.

Me too, every one.

Usually in spindles of 100.

Re:All DRM implementations will be broken.

I wouldn't be quite so optimistic. The difference is that at least some of the people involved in crafting TPM know something about security, as opposed to the people doing DRM and touch-screen voting machines. There has been quite a bit of art and work involved in developing tamper-resistant chips, and at least some of the TPM implementations use this art.

Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.

Then again, TPM isn't bad, on it's own. It really depends on who owns the TPM. As long as I own it, it just might be good. The moment someone else owns it, then I merely pretend to own my system that has it, and that's bad. Some time ago, I picked the (M) stuff for the kernel build on my Thinkpad, and have been building them ever since. I've never used them yet, but if SOMEBODY is going to be controlling that chip, I want it to be ME.

Re:All DRM implementations will be broken.

Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.

Unless you change the laws of physics it is completely impossible to build a secure TPM chip. TPM is an inconvenience, nothing more, just like DRM. DRM, no matter how implemented, involves supplying the same person with:

a) the ciphertext
b) the plaintext
c) the decryption key

All of those things must be present on the user's system for DRM to work. TPM etc are merely means to try to make it hard for the user to access the key, and they never work. One way of thinking about it is: a TPM chip "hides" certain details inside a little bit of plastic. It is security through obscurity and nothing more, and so long as the chip emits any EM radiation the internal details will ultimately be inferable, although it is doubtful that going so far as reading internal bits via EM fields will be required.

But if it is, we can all take comfort in the fact that Maxwell's equations aren't just a good idea: they're the law.

Re:All DRM implementations will be broken.

It's merely a matter of making it hard enough to stop most attacks. By the time you're sniffing on-chip signals with RF, you're way past "most". By the way, on really good secure chips there's a heck of a lot more to the package than "a little bit of plastic." Some "secure chip" packages are designed to keep the chip from being de-packaged, or to at least guarantee that the chip will be "correctly" damaged in the de-packaging process.

I don't doubt that with a complete lab and some really good hackers, a even well-designed TPM setup can eventually be compromised.

But I'd also assert that a well-designed TPM setup is WAY beyond the resources of DVD John, the AACS crackers, and maybe even the distributed.net efforts.

By the way, by that last token, all security is by obscurity, because you're always hiding the key, and ultimately that's a key part of what the TPM does.

A few quick searches on TPM can strip away most of the arrogance on both sides, the "anything will fall" side as well as the "unbreakable" side. I can't substantiate it here and now, but I suspect that TPM can be good enough to defeat any software-only attack, and would really require significant hardware resources to compromise.

But the key point in here is a general lack of confidence in the ??AA's ability to do good encryption/DRM. At the moment, they just don't have the mindset for it.