RSSAACS Subversion Continues with Device Key Extraction
By Scott M. Fulton, III | Published February 26, 2007, 4:43 PM
A new user of the same online forum where one user last December reported having retrieved the title key for a specific HD DVD movie, and another user demonstrated a method for extracting a title key that could be applied to an automatic process, reports that he has been able to fish for the AACS device key -- the unique cryptographic element licensed to each player hardware or software component by AACS LA -- using a memory dump during the execution of the Windows-based player WinDVD 8.
Other users of the same forum, including the user with handle arnezami who earlier had automated the process to locate title keys, confirmed the discovery of device keys in independent tests.
While the discovery is nowhere close to having "cracked AACS" as one site puts it -- a screenshot of whose headline appeared on NBC News' local TV affiliates this afternoon as proof that it must have happened -- it shows that individual efforts to pick all the locks that comprise the AACS protection scheme are succeeding faster than had been earlier predicted.
Specifications published in February 2006 by the AACS Licensing Authority explain the purpose of the device key: "Each recordable medium that contains encrypted content will contain an MKB [media key block] in the Read/Write area. This MKB will enable all compliant devices, each using their set of secret Device Keys, to calculate the same Media Key as described in the Introduction and Common Cryptographic Elements book of this specification. If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that will cause a device with the compromised set of Device Keys to be unable to calculate the correct Media Key. In this way, the compromised Device Keys are 'revoked' by the new MKB."
In other words, each high-definition disc contains a special segment whose contents include the tools that a player would need to adapt to its own software, in order to decrypt the contents. That's the media key block. Its own title key, coupled with the device's own key, produce a secret key (not unlike the way SSL encryption works for the Web) that can decrypt the disc's contents.
Every manufacturer of consoles, components, and software is licensed a set of device keys for use with its equipment; theoretically, a set of such keys exist for each manufacturer, though it remains a matter of considerable speculation how unique each device key is.
That matter becomes extremely important as AACS faces the first of potentially many such challenges which its creators contended it was designed to not only face but thwart. According to the AACS specifications, newly published content can contain certain revocation data that alters the licensed device keys for any devices whose protection has been subverted using the methods the members of the Doom9 forum are now attempting. If AACS were to "throw the switch" -- and it wouldn't require a ceremony to do so -- new HD DVD discs played using the subverted software could change its device key so that the software can no longer play the movies they played before.
The extent to which revocation impacts a high-def component's ability to play movies -- whether it's just a few, or all movies produced before a certain date, or any movie whatsoever -- has yet to be seen. A very technically replete explanation of the revocation technique written by arnezami shows that these fellows are well aware of the potential storm they may be triggering.
But their aim -- at least the stated ones -- has not been to pirate and distribute movies, but to find a way to create everyday software for users to be able to back up the legitimately owned content of any HD DVD or Blu-ray Disc (which also uses AACS) to recordable medium. Some software presently available -- for instance, a new version of AnyDVD -- claims to be capable of backing up high-def discs whose title keys have already been retrieved by others, although such software is presently dependent on third parties who manually find title keys, although they're frequently posted to the Web.
Still, their work is being treated as an "attack" by AACS LA, thus heightening the possibility that it may respond in kind. Just how much the authority believes it's being attacked may yet be measured by the extent of device key revocations, if indeed they are to come.
Anything that can be viewed can be decoded. I just can't find it in me to care one way or the other. if they don't want Gold master equivalents to be out there, don't make them. HD-DVDs and Bluerays, are nothing that great to begin with. Except to the wacko technophiles that get off on spending more then they need too, for something that only a fool would care about. Ever hear a fool and his money is soon parted? That's HD TV people to a tee. And a curse on the FCC for legitimizing it for no reason but to be a petulance to the general populace. DVDs and Divx compression (for files) is all anyone should need. Anything more is luxury. Do they too deserve the right to archive their investment. YOU BET THEY DO. But I don't worry over it vanishing someday soon because its been cracked. Nope! I fully expect blueray and HD-DVD to vanish just as the superior beta and Laser disc formats did in their day for VHS and later DVD. DVD was never a broken medium, and as such its still the popular choice and will be for decades. only the select few "early adopters" will be inconvenienced either way. When enough of them wake up to the on going restrictions they bought into, they to will return to the well defined and adequate market of DVDs rather then be bothered with equipment upgrades, exchanges, or lack of HD formatted media.
PS: Tenoq thats the chief problem with the entire concept of the revocation technique... It drives all those Legitimate owners of a product to have no choice but to turn to illegal means to view what they legitimatly purchased. The same is true for Downloaded movies, TV shows, and Music. I can't tell you how many times I was burned in the early days with DRM on both music and videos. I still have DRM files that I paid for I will never be able to open again because the company changed or disappeared or whatever... Only solution the industry wants is to repurchase with the same restrictions Again. and thats BULL. When this happens on HD-DVDs and Bluerays discs, and it will, There will be a backlash you will never believe. I look forward to it.
Score: 0
|DVDs and Divx compression (for files) is all anyone should need. Anything more is luxury.
Yeah, damn those rich folks for being able to afford something better than you, even if, in your opinion, it's only marginally better. They should just stick with what you've got, since it's obviously good enough.
/sarcasm
Score: 0
|"...shows that these fellows are well aware of the potential storm they may be triggering."
Indeed. If the revocation technique is used, there are going to be some VERY pissed off early adopters who suddenly find certain discs don't work any more. I'd be interested to see how that little problem unfolds: are studios going to be replacing customer's discs free of charge? Or are they going to expect them to buy new ones?
More and more it seems like these HD movie formats are really going to struggle capturing the market. The potential for consumer backlash is very real: with any luck, we might get the industry to rethink the way they're trying to cripple use of their products.
Score: 0
|EXACTLY.
Score: 0
|"Some software presently available -- for instance, a new version of AnyDVD -- claims to be capable of backing up high-def discs whose title keys have already been retrieved by others, although such software is presently dependent on third parties who manually find title keys, although they're frequently posted to the Web."
In the case of AnyDVD, they claim this is not how they are getting around the AACS on HD-DVDs. They have stated this since the beginning. Personally, I believe their statements to be true but the first round of revocations will be the real proof.
Score: 0
|