Work Around for New DVD Format Protections

An anonymous reader writes "For the new Blu-ray and HD-DVD formats, Hollywood implemented a complete copy protection scheme; almost everything has to be encrypted and authenticated. Despite the crypto-stuff in Advanced Access Content System and High Bandwidth Digital Content Protection, they left the backdoor wide open — they forgot about the PrintScreen button. Using this function you can create exact digital copies of a film picture-by-picture and reassemble them into a stream."

hrmm

[paradigmdream]

thats quite a bit of work to copy a movie

form. This "front" is obvious.

[yagu]

problematic for other reasons

This copy protection quagmire (we need to come up with a withdrawal plan)... it creates problems in other ways on other fronts.

Consider the long discussed issues in general with DRM and DRM's interference with easy adoption of new (and really potentially very cool) technology for consumers. This has been discussed to death on slashdot as well as other forums -- and remains one of the foremost threats to the success of HD in any

What may be less obvious is what starts to happen when these tiny holes appear in the digital dike, and the industry discovers they're gaping holes, and the patching begins, to the detriment of other accepted technology.

In the case of this described "hole", a screen print? This becomes the DRM's worst nightmare? If they succeed in lobbying the PC industry and others and get this hole blocked, all of a sudden a long-accepted practice, i.e., screen printing, becomes suspect and may even be taken away as an option because it is potentially used for pirating.

Don't discount the possibility this could happen. A few years ago all may have pooh-poohed the idea as preposterous because computers just plain old didn't have the horse power and storage to pull this kind of feat off. Today they do. And if someone does start pirating DVDs this way it would be predictable the MPAA could go after that technique, maybe successfully.

Unintended consequences. I would find it highly objectionable to see the capabilities of my computers to expand and my ability (or permission) to use those capabilities diminished.

Get right.

[RedOregon]

Hollywood didn't implement squat.

They browbeat/bribed the companies that developed the software to implement it.

Splitting hairs, maybe, but Hollywood would have trouble implementing a flush toilet.

Re:hrmm

[Anonymous Coward]

Writing a single script is a lot of work to remove the protection from an any number of movies?

Re:lots of pictures

[paradigmdream]

and you would still have to rip the audio stream and add that in

Real pirates DUPLICATE

[erroneus]

To make "other" copies is too troublesome. As always, real pirates will use the means they always have. They will work "off hours" at DVD publishing sites making uncounted copies indistinguishable from the counted copies. They will have the production equipment in their homes to make exact duplicates.

This is not about stopping piracy because these measures to nothing to address the two primary methods. What it does thrwart is casual consumer copying to better ensure that the consumers will buy multiple copies of the same stuff.

What I am saying is not new and has been repeated since the creation of the first DVD format.

So you had to tell the world?

[Jeff DeMaagd]

Really, I resent the fact that some DVD players block image capture for the occasional still frame. I would hate to see the software players remove the feature from the high def software players because some clueless weenie had to announce it to the world.

Those Idiots

[frogstar_robot]

Now was not the time to splatter this information all over the world. If they had waited for wider deployment, this hole could have been kept wedged open as closing it on hundreds of thousands of clients wouldn't have been terribly practical.

Remember would be DVD-Jons, if you find DRM holes in new media tech SHUT YOUR YAP UNTIL EVERYBODY AND HIS DOG HAS BOUGHT SOME. THEN RELEASE THE INFO. When you do release the information, do so complete with "mom friendly" utilities and use warez "spreaders" to be sure everybody and his dog can start using it right away. This also complicates shutting the hole in various social and technical ways.

hrmm-Doing the fanny-wave.

[Anonymous Coward]

Well see now, the analoge hole argument ignores little details like that, and plays up the "see! see! you can't stop us from getting what we want". It's basically a game of one-upmanship, not of technical superiority.

Of course everyone misses the point that DRM and other mechanisms isn't about stopping every "infringer", any more than having police is about zero crime. One just needs to keep the problem to the background noise level.

DMCA and Circumvention

[Anonymous Coward]

Err... Isn't even this post a violation of the Digital Millennium Copyright Act and its anti-circumvention terms? The law basically says it's illegal for you to fix a design defect (like DRM). I believe it's also illegal to share information on how to point toward a way to fix a DRM problem. Hmmm....

I can't believe prison is a threat for someone writing news like this. Too bad the poster of this news had to be anonymous to engage in free speech! Time to kill this stupid law!

DirectX recorder

[cjb-nc]

DirectX recorders exist, primarily used for recording videos in games. I'm pretty sure most DVD player apps use the same directx layer, and so could easily be recorded by such a program. This is just an idea off the top of my head.

Result: watch for the MPAA to start outlawing your favorite DirectX recorders in the near future. Seems they will always find it easier to prosecute the loopholes than to fix their own stuff.

Does HDCP solve this?

[MasterC]

High-Bandwidth Digital Content Protection [wikipedia.org] (HDCP) "protects" DVI & HDMI interfaces but for this to work on a regular PC then the OS has to be in on the deal as well, right? So if a drive and video card support the devil that is HDCP, does this "back door" work if the OS is in on the HDCP? I would venture a "no" on that one.

Taking print screens is a weak solution, but a solution nonetheless. All it takes is one person to have the patience or scripting skills to automate this for a copy to hit the internet. One. That's the problem with DRM in that it may deter most people but to be totally effective it requires determent of everyone. Feeding millions of individual frames to an encoder is not beyond some people, I'm sure. Especially since hollywood raised the stakes.

If this is a back door, then it's one of those miniature clown doors. When someone figures out a way to completely strip out AACS (like what was done with CSS) then we can call AACS hacked and laugh again at the never-winable battle that is DRM.

DRM is unwinable because you have to give the decryption key to the user so that they can use the product. If you don't give them the key then they can't use it. So DRM gives the encrypted data and the decryption key to the user every time.

Re:hrmm

[govtpiggy]

But how long would it take to create a program that does it and syncs the audio as well? I'm sure there's a way to stream the images onto a single large file rather than dealing with compiling millions of saved images. Even if it does take a week to run on an average computer it only has to be done once before it gets spread around the net. And there will always be pirate groups that will do it regardless of the "time spent:money gained" ratio. The real question is whether it'll prove to be less effort to replicate them this way or to find a more direct way around the encryption.

If it can be seen it can be copied

[sxmjmae]

Anything that appears on my computer screen I can copy - even streaming video.
It is not that hard of thing to do, even if you have to write the code yourself.

Not so much, really

[Weaselmancer]

It would be a lot of work, if you did it manually. The print screen button is really just a proof of concept idea. Remember that the device is a computer and they excell at repetition.

For example, it wouldn't be too hard to write a DirectX driver for a virtual display device that simply passes every frame it sees into a filter for recording. Same should work for audio, really. Just take the inbound stream and stash it somehwere. As long as you've got the bandwidth inside the machine to move the data and the space to store it, why not?

This is why MS is pushing so hard for that "driver verification" thing. User created drivers can bypass the DRM just before the media gets pushed out to the hardware. The Windows box simply isn't built for DRM level trust at all points in a broadcast. Yet, anyways. It's still possible to break the chain somewhere and extract content. I'm guessing that'll always be the case too, at least for a good long while. Only way to get around that with what we have today would be if MS started selling PCs that are welded shut.

Re:Not really a backdoor

[ratboy666]

This *is* a backdoor. The digital data is in the frame buffer, but cannot be extracted (programs that are not trusted cannot be run). The Print Screen function is trusted, and so can run even with end-to-end crypto. The Print Screen function has access to the entire frame buffer. I don't know of another way to do this -- this one is actually brilliant.

And, Print Screen can be scripted. The player can ALSO be "scripted". As in, pause, and single step ("consumer" features). As to the speed of such a utility -- I would estimate that the re-encode process for a typical movie would take around 400 minutes (on a "typical" high end PC, see next paragraph for the amount of data involved). Ripping the audio track is more difficult (especially in full 5.1+ glory), but the technology for that is known. Time for that is real-time. Pulling a figure out of my ass, I would think a usable rip would take 800 minutes.

It's not "2 trillion" screen captures. It is a lot of data, though. At maximum resolution (1920x1080p) its 2 million pixels per frame. At 24bpp, that's 672 GB per hour (108,000 frames). The data HAS to be jammed through an encoder right away. This, of course, introduces new artifacts (its not going to be a "perfect" first generation copy). But its still going to be better than DVD quality.

I believe that the keys for this software will be revoked, and the current users (if any) "upgraded".

The point that this attack makes is that "DRM" is actually rather laughable. Your audience needs the decrypt keys, and yet can't be trusted with the decrypt keys... It just isn't stable.

Ratboy.

Feature not a bug...

[Distan]

Neither of these formats is going to go anywhere unless there is a way to make backup copies. This so-called "hole" is actually a feature, not a bug.

I predict that this format war will end when one of these two formats finally has a robust backup solution. At that moment in time, the other format will be dead.

Re:DirectX recorder

[Wesley Felter]

Vista's Protected Video Path will presumably disable all such recorder software. DirectX recording may work on XP, but I suspect the XP-based HD-DVD/Blu-ray players will use "proactive renewal" where you have to install new DRM patches every month to keep up with all the hacks. These patches will probably incorporate PunkBuster-style scans for known "bad processes".

Re:hrmm

[fozzy1015]

As others have said, if you can hit print screen to save a frame then a program can be made to do it for the entire movie.

You know, this is just like the equivalant of saying that audio can always be copied because no matter how protected the data on the media is, you can always either hold a microphone up to the speaker or run the speaker output right back into the line-in.

With video and audio there will always be some stage where the material is in it's raw format and in a memory buffer. At that point it can be copied. This is of course assuming the protection is unbreakable which has yet be proven true for anything yet.

Just like iTunes "DRM"

[nickheart]

**warning, rant**

I'm sorry, but am i the only one who thinks all these codecs, DRM tools and other garbage are just a waste of time?
There are already many ways to get a clean WAV file from anything playing on your computer, drivers that hook into the direct sound and just copy what ever is there. Or how about just burning the CD from iTunes, then ripping it with a freeware tool?
What these XXAA need to do is just understand that if you can watch/listen to it, it can be copied. That's it! Make people want to buy the product for other reasons. I own sooo many different seasons of different television shows because i like to have the boxes sitting on display. Anywho, is this really news? another attempt to create "un-copy-able" media failed?
thanks for listening

**end rant**

Re:hrmm

[kimvette]

I don't know about your computer but on mine the printscreen function isn't exactly speedy, neither in Windows nor in Linux. I doubt 24fps or 30fps is doable with such a script. Right now DVDs can be ripped and transcoded faster than realtime.

The best solution is to crack the new encryption (worst case use brute force harnessing setiathome-style P2P networks to speed up the process), obviously.

Why would I want to it cracked (I'm not the one to crack it, I'm no cryptographer)?

  - I run Linux. I should not be locked out of media I purchase over the counter? Sure, you'd argue I dual boot my system, so why not reboot to Windows? Well, I have booted Windows MAYBE three times this year, twice to pull files from my telephone and once to run OCR (since gocr and orcad suck).

  - When I buy a DVD, CD, or Foo-DVD, I OWN that copy, and short of commercial redistribution of copies, I can legally do pretty much whatever I want with that media and the content, providing it is within Fair Use guidelines. Viewing on Linux is fair use. Transcoding for viewing on my crappy old iPaq is fair use. Ripping and transcoding to keep a copy on my computer's HDD is fair use. Giving copies away is a grey area and not so clear cut. Commercial distribution of those copies is right out, well outside of the realm of Fair Use.

  - I run CRT monitors since LCDs atill lag behind in resolution, color purity, and contrast ratio. They may be desk estate and power hogs, but (at the high end) they're superior to LCDs in many ways at this time. I should not be forced to view content at standard definition 720x480 or 640x480 because I have a higher-end monitor which lacks DVI and therefore no HDCP. Ditto for the television I'll be buying - the one I want with a sufficiently high contrast ratio, image quality, and a plethora of inputs (and is NOT Sony) lacks HDCP. Why should I be forced to view downsampled content?

MPAA: If you do lock users out of legally-purchased content, you do so at your own demise. I for one will not purchase DRM media where the DRM cannot be stripped off and recoup my Fair Use rights to PURCHASED content (that's right, it's PURCHASED, not LICENSED, you MPAA asshats). You will be creating a pirate market the likes of which you have never imagined, because when you fuck over your LEGITIMATE paying customers, they compare the two options and see that they are better off engaging in copyright infringement than paying for a crippled product. I'll become one of those pirates the day you kill off DVD. Right now I buy, on average, anywhere from 5 to 15 DVDs a month - my collection in the last few months has quickly grown from under 150 to over 300, to the point where I can't even keep all the rips on my computer any more. I'm the kind of customer you don't want to alienate because I am a PAYING customer and I purchase a lot of movies (I hate rentals). If I download a commercial work, it's to preview it to decide whether or not I want to buy it (e.g., THX-1138, which I wasn't sure would interest me, but ended up liking so I purchased it). You'll be losing me as a customer if you follow through on this in your quest to get perpetual copyrights and eliminate fair use. In other words: Fuck you, MPAA.

Of course

[lapagecp]

I am suprised at the number of people talking about how hard this would be to do. Its actually pretty easy. Hitting the print screen button is calling an operating system feature that can easily be called with another program. The whole thing could be autimated with a program pretty easily. The real issue here is that no matter how hard you try at some point the DVD has to show up on a screen. That means pixel 1,1 is going to be blue and pixel 1,2 is going to be green. There has to be a point where the image is not incrypted and thats the point at wich "hackers" will capture it. The same is true for Audio. At some point it has to go to the speaker. The only way to stop this effect is to require tv/monitors to recieve an encrypted signal. Before you start yelling I know that this is already happening but whats also happening is that people aren't adopting it because they don't see a point. You loose a big demographic if you tell people there old equipment won't work with there new equipment.

Re:Does HDCP solve this?

[Stalyn]

TC(Trusted Computing) solves this. TC puts encrypted data in memory that is unavailable to unauthorized programs(the OS as well). And if they try to access this memory the hardware component, in the worst case scenario, becomes a brick or more likely the component just shuts down.

That's the real fear of DRM with TC. In essence you won't even own your computer anymore.

Re:hrmm-Doing the fanny-wave.

[rolfwind]

How is DRM going to keep it to background level noise when one crack is all it takes to spread it to the internet?

DRM is less than useless right now because all it succeeds in doing is annoy real paying customers and teaching them the cracked versions are better after all. It's bad enough I am forced to watch the blue FBI screen everytime I watch a DVD (actually, on most anime, they are smart enough not to include that from what I have seen, but not Hollywood), and be dragged through several commercials if they are really sadistic - sometimes I have the feeling that the companies are intentionally promoting copyright-infringement with these tactics.

That may change with TPM, but I have given up so much media by this point (TV, most Hollywood movies, RIAA Music, etc) that I won't bother buying anything more than anime unless they start producing an inferior product and blaming the audience for lousy sales. My time can be better spent learning, coding or doing some sport in the future.

Re:hrmm

[Dun Malg]

Of course, you're sacraficing quality.

How? Does the image you're capturing somehow become less than what's on the screen?

It just wouldn't be worth it. Firstly, it would probably take a week.

24fps movie, even capping only 1fps will take a mere 48hrs. I'm sure you are aware of the myriad of little programs you can find that will "push the printscreen button" automatically. Did you really think anyone was suggesting you do it by hand?

Secondly, Sound synchronization would prove to be hard to say the least

The frames are assembled at 24 fps. Sound is recorded realtime separately. Synchronization is as easy as finding a scene with a sharp, percussive noise (e.g. slamming door) and lining up the sound with the picture. Now the whole movie is in sync. That's how they do it in real life editing film.

and finally, NOONE would want to do this. The 'time-spent: money-gained ratio' would be horrible.

You did think they were suggesting someone might do this by hand! HAHAHAHAHA!

Trusted Platform Module

[tepples]

Now with virtualization technology, where the OS is running virtually, or in VMWare, you'll be able to do a "Print screen" at a higher level than the OS

But if the PC's Blu-ray Disc or HD-DVD player detects that the operating system is running virtualized, or if you have your computer's Trusted Platform Module turned off, then the software will decode at 960x540 at best or refuse to run at worst.

Ground-breaking new idea!

[Anonymous Coward]

"DRM is less than useless right now because all it succeeds in doing is annoy real paying customers and teaching them the cracked versions are better after all."

Okay, folks, here's how you deal with DRM. It's really easy, so listen carefully and you'll never have to deal with DRM again!

First, don't buy the movie or pay to see it in a theatre. Second, don't pirate the movie. Third, don't even bother to see it at a friend's house, regardless whether he/she bought it or pirated it. Fourth, just don't see the movie, period!

Our consumer society needs to get over this perceived need (desire, really) to participate in contrived money-making schemes that are presented as "culture." One way to recognize contrived nonsense advertised as the biggest thing to ever happen ever is to see of the authors/producers/etc. put DRM into place. Putting DRM on something means they are privately convinced their product cannot stand on its own merit.

"My time can be better spent learning, coding or doing some sport in the future."

Yes, and this is true for everyone.

Re:Not really a backdoor

[himurabattousai]

I have to agree. This is brilliant, and rather amusing as well. While definitely not a task for the masses, it does show that sometimes the best solution to a high-tech problem is a low-tech answer. Scripting "print screen--paste--save" for some ungodly number of frames certainly qualifies as low-tech, even primitive. And yet, the brilliance lies in the simplicity. As for the amusing part--how many millions of dollars and thousands of hours went into developing locks that can be picked with the repeated and automated push of five total buttons? I'll sleep well thinking about this one.

Re:hrmm

[corychristison]

Oh, so you mean pull a Microsoft?

... sorry. I just HAD to. :-)

Re:hrmm

[David Gould]

But we also have the right to try to crack it.

(Well, we did until the DMCA...)

We still have that right, it's just being violated by a corrupt government.

Re:Trusted Platform Module

[mrchaotica]

Well, except for the whole Treacherous Computing thing, that is, because the entire point of it is that there would be an unbroken chain of "Trusted [sic]" hardware and software leading from the framebuffer itself to the TPM to the virtualization software itself to the OS to the application.

In other words, if the entire system is "Trusted [sic]" then the system will know that it's "safe" to play at full resolution because nothing including the VM will take a screenshot. If, on the other hand, there is a "non-Trusted [sic]" object anywhere on the chain it would immediately assume that it was compromised and would play at the low resolution to begin with.

So no, virtualization -- or any other "take a screenshot"-like method -- will not work. Not to mention that such a workaround is lossy anyway, and is therefore not a solution.

In the end there is only one solution to this whole mess: outlaw DRM, and crack the encryption for all the DRM that already exists. I don't have much hope for the US (or the world in the short term), but eventually it will have to happen or else we'll fall into this sort [gnu.org] of dystopia.