DVD Security Group Says It Has Fixed AACS Flaws

SkillZ wrote to mention an article at the IBT site discussing a fix to the security breech of the HD DVD and Blu-ray media formats. "Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

i'm not so sure...

Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection.

Do they not understand, that if you can view it, you can copy it?

On the other hand, maybe they do understand, and HD-DVD/Blu-Ray 2.0 will offer only un-viewable content. Step 3, profit!

Re:i'm not so sure...

Netflix has employed that for quite some time

Re:i'm not so sure...

EODICPT ? That'll never fly. Surface Crack Rendering Application Technology for Copying Hazards. That's better.

Re:i'm not so sure...

Look, they're running a business, so they're not aiming for perfection, just profit. The protection is supposed to keep your neighbor from putting a HD-DVD and a blank into a computer and getting a perfect copy half an hour later. It is not supposed to keep a group of Chinese from remastering the disc with professional equipment. The industry can deal with professional piracy in different ways because that kind of piracy has to move big numbers of copies. The industry can not come to your neighbor and check that he legally owns all his HD-DVDs, so they make it inconvenient for him to create illegal copies. There are enough keys that they can keep revoking them until kingdom come without running out of keys. Hackers can probably get the new keys after a short while, but everybody who wants to make copies has to get updated illegal circumvention software everytime the keys are changed, which is impractical if you just want to make a quick copy of a rented or borrowed disc. People in the real world value their time, so you only have to make the time cost of copying high enough to make the legal offering more attractive.

Re:i'm not so sure...

I don't see how flashing my HD-DVD drive firmware because its key got revoked is any less onerous than downloading the latest crack from a random P2P network.

Besides we've been here before with DVD region encoding. Everyone got fed up and bought cheap region free DVD players as soon as the Chinese figured out there was a market for them.

Re:i'm not so sure...

In no way did I mean that just because the players were cheap and made in China they are somehow inferior quality. Quite the opposite in fact.

For example. I have a DVD player that made by a no-nane Chinese brand, bought for 30UKP (around 60USD). It's not region free but can be unlocked by a magic button press combination on the remote. Instructions for said inputting magic combination were given to me at the shop when I bought it. It plays anything I throw at it. Even half arsed DVD rips that I failed to burn correctly.

On the other hand, my father has an expensive Sony DVD player. It's region locked, doesn't upscale for his HDTV and takes great offence if anything is slightly out of spec on the DVD disc.

Now to bring this vaguely back on topic, from a consumer point of view, which is better? I suspect those without any knowledge of region encoding (or in the case of HD-DVD, DRM) most would simply conclude the more expensive player is 'broken' and opt for the cheaper region free/DRMless player.

Fair enough, at the moment with HD-DVD they do not have a choice. Bottom line is, while the average consumer might not care about their 'digital rights' they dam well care about their shiny new disks working in their shiny new HD-DVD player. This has the same beneficial effect to my mind, the end of DRM. The movie industry pisses off the average consumer at their peril.

Re:i'm not so sure...

The same story happened to me. At first I bought an expensive Sony DVD player just to notice that this doesn't play anything beside music CDs and DVDs correctly encoded. Then it took longer and longer to recognize slightly scratched DVDs (I have little children, so DVDs get scratched very easily), and finally it didn't recognize any of the DVDs my children liked to watch.

So I missed my parental opportunity to reduce the media consum of my children, went to an online shop and ordered the cheapest DVD player I could get for a mere 30 EUR (at the time just US$25), and - oh wonder! - all the scratched DVDs play again, additionally the DVDs my wellmeaning sister-in-law brought from the U.S., which didn't play before, and I can also look at the burned CD with all my family pictures, play MP3 CDs...

The expensive DVD player from Sony now sits in the kitchen and occasionally plays a normal music CD, when there is nothing in the FM worth listening to.

Re:i'm not so sure...

The "it's too large" argument won't hold anyway, if indeed it holds today.

Used to be, industry considered the ridicolous size of CDs protection enough -- 700MB or thereabout would take forever to download, and be completely cost-prohibitive to store on a hard-disc anyway.

Then lossy compression came, and gave results that are acceptable to 99% of the listeners for 1/8th the size or thereabouts, which means we're at less than 100MB for a CD.

Then bandwith grew -- 28.8 gave way to 56.6 gave way to 128kbps and then on to broadband -- initially 700kbps or thereabouts, today typically 2-4Mbps in the USA, 5 - 25 mbps in Norway.

Even at the lowest speed offered by my ISP (6 Mbps symetrical), downloading a 100MB album takes less than a minute and a half, which is trivial.

Then movies. DVDs -- it was argued, hold 5-10GB of data, so are completely impractical to pirate. The same story repeated. Compression came. You can download a 1-2GB version of a 10GB DVD with a quality good enough for 99% of the viewers -- there's much better codecs out there than the ones used on DVD.

1GB of data is like 15 minutes at full throttle even today (still with the LOWEST speed available from Lyse), even the full uncompressed DVD at 10GB or so would be downloaded in about 2 hours, which is still practical.

Now it's argued that whatever NextGen disc at 50GB or thereabouts will not be pirated because the size makes it impractical.

Give me a break. 99% of the people who listen to music find well-encoded 192kbps mp3 to be "good enough", the same people will very likely find a 1-5GB recompressed version of a blueray original "good enough" too. And they'll be able to download and store the original trivially a few years in the future anyway.

ps3 cell folding pirates

Someone just has to write a ps3 cell code to do the key guessing just like folding@home, 100,000 pirates, and whammo, it would be cracked really fast , maybe 24hrs. Ironically, that the device player to
make bluray popular could be used to actually crack the keys the fastest.

Re:ps3 cell folding pirates

It's really important that everyone understand that AACS copy protection cannot be brute forced. They're using AES for the actual encryption - if someone wrote a program that could crack that directly the news would be a lot more significant than "DVD copy protection hacked".

Given that AES won't be cracked, any attack on AACS copy protection must be a key recovery attack. Luckily, key recovery attacks aren't that hard when you get a key with every player you buy. But... the fact that cracking AES is hard means that reading HD-DVD/BluRay disks may become completely impossible when players are no longer available.

Hacking something together to read a Beta tape is possible. Annoying. It might cost tens of thousands of dollars to build. But it's possible - it's just analog magnetic patterns on a tape. Reading an HD-DVD without a HD-DVD player won't be possible. That'll be a serious issue for historians in the future, if people don't leave enough pirated DVD-R's around with the unencrypted content on them.

Re:i'm not so sure...

Bingo! It isn't. DRM has always been about distribution control, never about piracy. Witness that the stuff that actually is proven to hit the industry in the pocket book (large-scale for-profit piracy) isn't impressed by any of the DRM, and never will be. The only people it annoys are the ones who can't be arsed to figure out where to get DVD copiers from.

Control of the distribution channel is far more important to the industry than any measly piracy. Why? Because they're middle men, and technology that removes the middle man means that they don't have a job anymore. DRM is about job protection, not piracy prevention.

Re:i'm not so sure...

so you only have to make the time cost of copying high enough to make the legal offering more attractive.

Unfortunately, high prices and the lack of working copies/backups makes the legal offerings un-attractive for many. I have kids. I have cases that used to contain working DVD's. Lack of backups is a problem. I'm moving to a Linux Media Center PC. This new format is incompatible. A media server is a much better solution for most families than a shelf of out of order/broken/lost DVD's. The inability to make a backup/working copy is a crime. DVD's in the home make as much sense as a CD player tethered to your iPod instead of a hard drive. Kids don't take CD cases to school anymore. They know they get stolen, lost, broken, etc. They rip the CD's at home and load them on their iPod with the originals safely stored away.

SONY Dreamworks doesn't get it. I bought Open Season. It has some copy protection on it besides CSS. Guess which film won't be in the Media Center? Guess which brand I'm not buying in the future? Chances are that title won't be watched much simply because it's inconvienent. It's like copy protection on CD's. The kids have iPods. They rip their CD's. CD's that don't work are remembered. That artist and label get a critical review on their next release. Kids instead of buying CD's they can't use, look elsewhere such as P-P and sneakernet. Copy protection (Defective product) sends buying consumers elsewhere.

I remember what CD's and DVD's can't be ripped and who put them out.

Since I did buy Open Season, I will be looking for an already ripped copy or a solution to rip it myself. So far, the rip it myself solutions seem to be mostly commercial offerings.

Re:i'm not so sure...

As has been said before...
DRM is not about stopping serious copying groups... The warez scene will still rip this media and distribute it online, and dodgy street corner vendors will always have copies for sale. These people simply wouldn't watch these movies if they couldnt get free copies.

DRM is about preventing legitimate users (who are willing to pay) from doing things like format shifting. The media companies want those people who buy movies anyway, to buy additional copies to play on their ipods, portable players etc, rather than converting their existing media.

If I buy a CD, I can produce a copy for the car, i can rip it to my ipod, i can rip it onto my laptop. This is all covered by fair use in some countries. The RIAA/MPAA wants to take away our fair use rights so wring more money out of people...

If they openly admitted the purpose of DRM was to remove people's fair use rights and get more money out of legitimate buyers, there would be public outcry and they'd be taken to court. So instead, they try to claim it's to prevent organised piracy.

The constant cracking of their protection schemes just proves that it doesn't stop piracy _AT ALL_.. If preventing piracy was the true reason for DRM, they would have abandoned DRM years ago, as it's costing them a lot of money to develop while doing nothing to stop piracy.

Give it time...

and it will join the ranks of every other DRM mechanism devised.

Re:Give it time...

Yeah - but who wants to wait a whole day for that to happen...?

Re:Give it time...

I've got mod points but I'll save them, since I know you're going straight to +5 funny anyway.

I hope you are proud of yourself; You're what's known as a "tightmod".

Serious Question

"Corel has told users of its software that failure to download the free patch will disable the ability to play high-def DVDs."

Is this making a reference to the current crop of HD's that were purchased? Does the software phone home? Just curious. Any thoughts?

Re:Serious Question

Current players will work fine until you attempt to play a new HD-DVD with the "corrected" AACS. Then your player will cease to play all HD-DVDs until such time that you update with a hot, steaming pile of DRM horse shit.

We fixed it properly this time...

so don't even bother to try hack it. Please don't, please, please, pleaaaaaaaaaaaaaaaaaase.

They really want this to be perceived as tight to sign up content providers.

What about the other holes?

"AACS is a high-profile technology and is protecting high-profile content, so we fully expect there will be future attempts," Ayers said.

How about future successes [engadget.com]?

Re:What about the other holes?

You are entirely right. The volume key hack is pretty solid. In fact, if the Microsoft HD-DVD player were to be revoked and require a firmware patch to the existing runs of drives to play new discs, it really wouldn't make any difference at all. See the thing is, now that it is understood how to bypass AACS through the volume key, AACS could in fact keep revoking keys until they're blue in the face, but the process of extracting the volume key is already known, so it makes no difference.

Also, let me point out, I haven't read the code in its' entirety yet, but if I understand correctly, the volume key crack should actually be immune to key revokation, based on my understanding of AACS, key revokation should only effect device ids and once a method of extracting a volume ID is known, the revokation mechanism just no longer matters.

Of course, I'd also like to point out what others have already said. If a program exists that can read the data and decrypt it, then it's 100% obvious that the program can be reverse engineered. This is not an opinion, it's fact. I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

bypassing hardware dongles requires that you reverse engineer the driver to the dongle, this is just plain easy, all you need to do is find a disassembler that can handle the format, or if it's a kernel mode driver, then you just use a kernel mode debugger... not an issue. when you locate where the driver is being attached to from the program itself, then you just emulate the hooks. Even the most advanced dongles are easy to hack this way.

FlexLM... well... come on... this one is just so easy it's not worth talking about

Trial Periods... they can vary... depends on how obscure people want to make the code. But for the most part, they're not that hard. For example, I found a function reference in a DLL on PcAnyware (don't remember the version) called "TimeBomb()" which returned a boolean value. Not really that hard huh?

As for HD-DVD and BluRay... if all else fails, run the player (really really slow) through an emulator like QEmu and trap all IDE calls. Log the previous 1000 instructions run before the hook and then log until the first picture comes up. Then just review the log and read the source code left in the log. Hardest part is making it pretty enough to read... but if it means that much to you... well no problem.

- So... in brief... copyprotection is just a joke... laugh at it!

Re:What about the other holes?

I have on many occassions bypasses hardware dongles, FlexLM, trial periods, etc...

I instead of pirating and cracking, took the other road. I voted. Anything that required a hardware dongle is and always had been rejected. The new tack is using your hardware as a dongle with online activation. This is also rejected.

It is the primary reason for my move to Ubuntu instead of Vista.

It is the reason I did not accept the free upgrade to Light Factory. The upgrade removes the dependance on MS SQL server (hurrah), but also changed from a registration key (encoded with user name) to a single hardware online auth (boo hiss). I wrote the company and let them know why I moved to Freestyler instead. I am now moving to Q-Light a Linux console as part of my move from Windows.

Anybody want Lightfactory starter edition?

Vote against dongleware with your wallet. Don't pirate, use an alternative.

What do you think is more upsetting to Microsoft? Pirating MS Office or switching to Open Office? On one they can take legal action. On the other which is more offensive to them, they can do nothing.

Corporate Spin

Don't you just love the corporate spin: The AACS (Advanced Access Content System) just happens to be a mechanism to deny access to the content. The moniker certainly makes the technology appear benign to Joe Sixpack consumer.

Prediction of next article's title

HD-DVD Hacked (again)... This is just going to be a never-ending cycle.

"Fixed Flaws"?

If that's "fixing the flaws", then I guess whenever I fill my gas tank I'm "inventing perpetual motion".

The flaws aren't fixed. They're just papered over slightly more aggressively. Don't worry, there'll be more flaws.

Re:"Fixed Flaws"?

No, that will work fine too. They haven't changed a global key of any kind. They've just revoked the old key for new media. All the newer keys still work fine. You can conceptually think of it as all discs supporting thousands of keys, some of which are used by players and some of which simply exist for future not-yet-constructed players to use - there's plenty of possible keys left for new players to work on old discs.

When they revoke keys, they simply remove the old compromised keys from new discs, so players relying on those keys can't play anything.

Re:"Fixed Flaws"?

Well, OK.

You learn something old every day. Well, I do anyway.

Re:"Fixed Flaws"?

For a system which is fundamentally doomed to failure, AACS is pretty well-designed. :)

security breech

security breech

Is that like a chastity belt? Or maybe an adult diaper?

Even more reason to have nothing to do with it

I read this bit:

"New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed."

No one gives my computer instructions but me. So I will have nothing to do with either of these formats at all. I am just gonna say no and take my business elsewhere.

DVD is quite fine, and where it doesn't then there are hard drives. Hollywood can give me movies in a format I'll accept or they can e2fsck off.

Re:Even more reason to have nothing to do with it

Yeah see this is what always gets me about the DRM thing. Either you make it playable or you make it secure. Pick one.

The Sony rootkit fiasco really brought home, for me, the need of consumers to assert their rights over their devices. This computer on which I'm writing this is mine. If I had the choice of hardware that would do what I told it or hardware that would obey the whims of the MPAA/RIAA, I'd choose the open hardware. Given the choice of software that does what I tell it to or software that doesn't, the choice is obvious. If there is no choice, I write my own software.

The most insulting thing about the rootkit incident, as well as many such events since, is the notion that just because I'm using my computer to play content owned by someone else they somehow they own my hardware. That's simply not the case.

Here's what I want to know. They're sending a patch to the software that plays the discs, right? It's already too late to change what's on the actual discs because too many are already in the wild, so to speak. What if I just don't update my software/firmware? Or better yet, what if I write my own?

Re:Even more reason to have nothing to do with it

Nah, it takes 150 Million dollars to make a Hollywood blockbuster where you spend 1/3 on whiz-bang special effects, 1/3 on salaries for "star" actors and directors, 1/4 for advertising, and the rest for actual preparation of sets and filming. You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.

And as the price of Pro HDTV cameras and computers + digital editing S/W drop, you will be able to do a pretty decent all digital-straight to video for a lot less. Sure, you'll still have substantial costs for lighting equipment, audio equipment, makeup, getting filming permits, and so on. But you won't necessarily need to spend money on film and film processing. That's going to open the door to a lot more student and amateur film-making efforts. And yeah, it will still meet Sturgeon's Law, but there *will* be a lot more good stuff mixed in the avalanche of garbage that will fill sites like YouTube.

Re:Even more reason to have nothing to do with it

Best time travel movie I've ever seen [primermovie.com]. Cost of development? $10,000. Seriously.

Re:Even more reason to have nothing to do with it

You can still make decent movies today for about $10 million or less; it's just that you then need actual solid plotting, scripting, and acting because you don't have $140 million to paper over crap.

Indeed.

Look at Infernal Affairs - the original from which "The Departed" was remade - done in Hong Kong it had a budget of roughly 5M USD at the time. The Departed had a budget of roughly $90M and that does not take into account advertising. That's almost a 20:1 ratio and many people argue that "Infernal Affairs" is still the better movie.

Look at "Il Mare (Siworae)" - the original from which the recent Keanu Reeves/Sandra Bullock "The Lake House" was remade - a budget of under 2M USD versus roughly $40M for the remake and if IMDB's ratings are anything to go by, the original was better. Again a 20:1 ratio.

Furthermore, South Korea regularly turns out top caliber movies and yet the most expensive film they've produced, The Host, [wikipedia.org] had a budget of $10M. Most South Korean productions are well under half of that, often closer to $2M, and their quality easily surpasses most of what Hollywood does.

South Korea is one of the few markets in the world where local productions regularly beat out Hollywood for ticket sales (in part because of screen quotas, but that changed recently due to the US State Department doing the MAFIAA's biding and it still didn't put a dent in local cinema). These movies focus on story rather than flash, so there are less special effects. But otherwise the movies look just as good as anything from Hollywood - professionally lit, professional wardrobe, make-up, cinematography, and of course the most important part -- great story telling.

While production costs are cheaper in South Korea and Hong Kong than they are in Hollywood, they are not necessarily less than for a lot of "run aways" where Hollywood outsources various parts of the production to cheaper parts of the world.

So, yes it is easily possible to outdo Hollywood and even produce 'blockbuster quality' (if quality is the right term) movies for far far less than Hollywood does right now.

What about the lazy customer?

I am just wondering what "normal" customer's will think, I mean - geeks and technophiles understand the the new efforts to close AACS is just not a solution, just another workaround in a loosing battle. But I wonder what normal people think, I really doubt that average Joe will think that a patch to this system is really a good thing. Most people want to be able to copy their content, make backups, etc. One of the benefits for a lot of people with the DVD format is that DVD players are available as region free players, you can copy disks from friends, etc. I'm not saying that piracy is necessarily a good thing, just that far too many (and increasing) people enjoy that and that in itself will be a problem for the next-gen media players.

Respin

"Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set."

No no no. Let's just tidy that baby up a bit:

"Makers of software for playing the discs on computers are requiring consumers to download patches that will re-apply the product defects that computing professionals had removed in the weeks prior. Despite the fact that nothing is technically wrong with the older versions of the software, it is being intentionally rendered obsolete to force the update -- no new movies will be viewable on the old software."

Schwab

AACS == Barn - Horse

ISTR that Muslix64's attack worked by identifying the keys in active RAM. So how does revoking the keys defeat this attack?