RSSNew AACS Protection Cracked Already
By Nate Mook | Published May 17, 2007, 11:36 AM
The cat and mouse game continued Thursday between the movie industry and those wanting open access to the content they purchase. Software vendor Slysoft released an update to its popular AnyDVD HD program that copies the latest HD DVD and Blu-ray titles - bypassing the newest AACS copy protection.
Like CSS is for DVD, AACS (view specs) keeps high-definition discs encrypted such that they cannot be copied. Two main keys are utilized by the standard: a device key used by hardware and software players, a volume key stored on each movie title that can be used to decrypt its contents.
A number of volume keys have been leaking since both HD DVD and Blu-ray discs went on sale, but the complexity of finding and integrating every single key into a software copy mechanism is daunting. Instead, hackers have focused on device keys, which are used to automatically access volume keys.
In February, the device key for licensed software player WinDVD was found, and in March the device key used by PowerDVD was extracted from the program. Because of the risk of leaking device keys, AACS LA -- the licensing authority behind the copy protection standard -- built in a revocation system, which it activated in April.
AACS LA provides both disc and player manufacturers with a common software decryption tool called a media key block (MKB). Using the device keys assigned to player manufacturers by AACS LA, players retrieve information from special locations on each disc that enables them to calculate the MKB.
Citing from AACS' own documentation: "If a set of device keys is compromised in a way that threatens the integrity of the system, an updated MKB can be provided by the AACS LA that will cause a product with the compromised set of device keys to calculate a different key than is computed by the remaining compliant products. In this way, the compromised device keys are 'revoked' by the new MKB."
Essentially, newer high-def movies will ship with a revocation key that disables the device key that has been compromised. AACS in April revoked the keys used by WinDVD and PowerDVD, requiring the players be updated or not be functional with the latest content.
Of course, those hackers who accessed the device keys in the first place can simply do so with the updated versions of the software - which it appears they have done. Decrypted content must exist in memory at some point in order for it to be played, which means that the tools for that decryption must be addressable, if only briefly.
The second and third discs in the newly released Matrix Trilogy on HD DVD are protected by the new AACS MKB - version 3. But less than 24 hours after their release, AnyDVD HD 6.1.5.1 Beta was made available with support for the discs.
AACS LA was notably unhappy with those publishing leaked device keys on Digg, but it has yet to take action against Slysoft. The company bills its software as a way to backup movies already purchased, and does not condone piracy.
A bill re-introduced in the US House of Representatives would make exceptions to the law so that individuals could subvert copy protection for personal purposes only, which would make it impossible for studios to prove copyright infringement violations against individuals unless they could prove their copying falls outside of fair use provisions.
With legislation such as the FAIR USE bill having a better chance of passage than ever before, content providers will certainly be searching for new legal precedent for charges against suspected violators. One such approach will be to claim that the device keys are property of AACS LA, and by integrating them into software such as AnyDVD HD, it could constitute a misappropriation of stolen property.
Two thumbs up for the capable persons finding ways around the digital aids!
Score: 0
|YES!!!!!
Score: 0
|DRM is turning into a techno-welfare industry, where it simply continues on an infinite quest to lock up things which will always be unlocked by others. It keeps both sides busy, and generates revenue.
Score: 0
|Yep - just like anti-virus software!
Score: 0
|It's because they made such a big deal over a 32 digit hex number. These guys (Doom9) are just aching to bust thier balls now.
I can't wait to see the reaction on this one.
Score: 0
|THE AACS LA is fighting a battle that they will never win...
Score: 0
|Who isn't? We're all going to die some day.
Score: 0
|...it seems like AACS LA needs to get their head out of their ass, stop crying like a baby, and make good software.
they keep crying that hackers are ruining it for them. Screw you. make decent software that cant be hacked. ffs re-releasing MKB is the dumbest idea ever...Banning after you know the key is out...Without changing anything...your only helping the hackers get better at cracking your protocol.
time for a redesign.
Score: 0
|Nothing is unhackable...it doesn't matter what they do...it WILL be hacked, if it can be created, someone can uncreate and recreate it.
Only way to stop this endless cycle is to make the format fair and acceptable to the users using it. If people pay money for something and find that there is a limit to what they can do with it (due to DRM)...they will find a way around it. There is nothing you can do about that, and no amount of money will stop the masses from doing it.
Score: 0
|Come on.. why even protect this stuff.. How much money does AACS LA make to issue new keys?
What ever it is it's too much.
But what if the AACS LA does serious bodily injury to the people of DVDAny where?? will that apply to the new IP laws?
Score: 0
|Copywriting, trademarking, or patenting a number is just wrong. It's a number, and numbers or words for that matter which serve a programmatic purpose cannot be made protective speech. It isn't in the best interest of anyone.
Score: 0
|It isn't in the best interest of anyone.
It certainly seems to be in the best interests of the AACS LA. As well as numerous record labels, movie studios, et all.
I'm not saying the current situation we find ourselves in is perfect by any means, but simply generalizing that protecting the digital key to your content is wrong is frankly, a tad naive. It completely ignores the rights of those who produce the content to retain any control over it's form, distribution or sale.
Score: 0
|Thats bull crap. So lets start copyrighting device keys.. That'll teach ya! Look at this.. Maybe they claim that this 3d:.... binary is property, but what about other methods to create the same instance? Maybe the old fasioned VB Chr() methods to recreate these device keys trasnalting into binary. How about using a class function out of order representing a different device key, but then re-ordering them to officiate a different key. Can they legally hold all of these methods as a case of "stolen property" just because they represent the same number? Its like rewriting internet explorer... If I think of IE in a completely different, write my own version, but it accesses the internet still, is it illegal? No, not unless i infringe on patents, meaning using the same PROCESS to get to the same result. My process can be much different, but I still get the internet.. ;] Blah, hogwash.. AnyDVD is awesome, nuff said. ;]
Score: 0
|Process is great, but you must consider purpose as well.
That said, I think AnyDVD is safe. It's the idiots posting the keys and posting the content ripped using that key that are causing the problems.
Score: 0
|"One such approach will be to claim that the device keys are property of AACS LA, and by integrating them into software such as AnyDVD HD, it could constitute a misappropriation of stolen property."
It could, if AnyDVD was based in the US. It's not, it's in Antigua.
Score: 0
|