RSSHD DVD User Claims to Have Bypassed AACS Encryption
By Scott M. Fulton, III | Published February 13, 2007, 5:16 PM
In a separate matter perhaps inspired by, but otherwise unrelated to, last December's discovery of how a software-based HD DVD player may have left title keys exposed, giving users access to one of the key components necessary for them to back up their content onto separate discs, another user has posted the source code that may enable HD DVD users to determine the title keys for themselves.
In tests over the past few days by users of the Doom9 Forum, people putting this software to use appear to have isolated and identified title keys for their HD DVD movies - the cryptographic components necessary for players, or for anyone, to decrypt content. So while this method is technically not an "AACS crack," as some have been led to believe, though which the source code's author himself has never claimed, if this method does lead to the identification of title keys, conceivably at least some users may become armed with the tools they need to back up HD DVD content without cracking AACS.
One of the testers of this source code, who thus far reports success, described the situation this way: The producers of movie videodiscs, he wrote, have "a near hopeless task. They have to let people watch movies, so no matter how much advanced cryptography they use, they have to give the users the keys to decrypt the data. The keys have to be inside the player, so the best they can do is make it hard to get those keys. That's what's being done here - people are finding the keys that they give us. I see no sign that anyone is breaking any encryption by figuring out keys they don't give us (the master key held by the AACS [Licensing Authority]) or even calculating the keys they've already given us (device keys) as opposed to finding them in memory when being used."
In other words, the encryption scheme in AACS could theoretically be made infinitely stronger; in the end, it might not matter. Decrypted content must exist in memory at some point in order for it to be played, which means that the tools for that decryption must be addressable, if only briefly.
A February 2006 explanation of the cryptographic process by the AACS LA explains the interlocking mechanism of keys that are assigned to the disc's manufacturer and the player's manufacturer, the combination of which makes the disc's contents intelligible. As it describes, AACS LA provides both disc and player manufacturers with a common software decryption tool called a media key block (MKB). Using the device keys assigned to player manufacturers by AACS LA, players retrieve information from special locations on each disc that enables them to calculate the MKB. So the media key is never laid bare on the disc someplace.
Each AACS-capable recorder encrypts the contents of each disc using a title key that it generates in advance as a combination of the usage rules and other elements. That title key is then encrypted itself using what's called the volume unique key (VUK), and placed on a location on the disc where the player locates it and decrypts it using the media key. The title key is what the player then uses to decrypt the contents.
The author of the AACS bypass attempt code, whose screen handle is arnezami, described the process of locating the media key as a matter of creating a control program that slowed down the playback of an HD DVD disc, searching for changes in critical locations in memory. Once those changes are made, playback halts, and the changed memory contents are tested for a sequence of bytes that can be validated as a media key.
From there, arnezami needed a volume ID - a sequence which, when combined with the media key, could yield the VUK. In a bizarre twist, he learned the volume ID was actually guessable, at least for one disc: It was a decimal-encoded permutation of the production date of the disc (9/18/06).
After that, arnezami reported, finding the title key was a matter of simple math. He actually illustrated the process on the Doom9 forum using a version of a diagram created by AACS LA itself.
A recent discussion about arnezami's work on Digg.com quickly degenerated into an argument over the author's identity, the identity of somebody claiming to be the original claimant to the AACS crack, the identities of several other people - some of whom may actually be the same person, or perhaps no one at all - and the appropriate usage of certain derogatory adjectives.
The question on the minds of many HD DVD users is whether such actions as arnezami's - the validity of which seems moderately genuine at this point - could trigger the AACS LA to pull the proverbial trigger: specifically, to begin circulating revocation keys that disable once valid media keys from being able to locate the proper VUK.
Citing from AACS' own documentation: "If a set of device keys is compromised in a way that threatens the integrity of the system, an updated MKB can be provided by the AACS LA that will cause a product with the compromised set of device keys to calculate a different key than is computed by the remaining compliant products. In this way, the compromised device keys are 'revoked' by the new MKB."
Thus the media key block contains information that a device uses to decrypt future discs, written in such a way that their very use revokes the ability for that device to read existing discs. It doesn't keep a "blacklist" of cracked title keys, as some have described, but instead uses a trick of math to make title keys that have been distributed to the public fail to work. New MKBs could conceivably be acquired by players through dedicated Internet connections or, if not connected, through new discs that contain MKB updates along with their existing content.
If AACS LA does decide to pull the trigger for the first time, some HD DVD users who were never party to this action in the first place could discover their license to view the content they've purchased has been revoked. In such an event, the legal authority for an outside agency to declare purchased content invalid at will may receive its first major challenge.
So they can revoke my key and my player wont play my bought discs anymore?
Refund anyone?
Australian courts have ruled (see PS2 and mod chips) that once you buy a product, it is yours and can do what you want to it.
If the company can effectively destroy my discs or hardware, i am entitled to a refund. Right? i mean they are hacking MY hardware without my permission.
Score: 0
|If the company can effectively destroy my discs or hardware, i am entitled to a refund. Right? i mean they are hacking MY hardware without my permission.
Thats exactly how I see it
Score: 0
|As long as you are making copies from discs you already paid for only to backup for your own library, there's no problem in my opinion.
Pretty soon they'll be saying you cant loan store bought DVD's to your friends and family. It's only 1's and 0's people, this crap isnt as important as family or health, quit making such a big deal over someone copying a DVD or CD.
If the creators don't like the fact that movies and music can be easily copied, they should go find another line of work.
Score: 0
|As long as you are making copies from discs you already paid for only to backup for your own library, there's no problem in my opinion.
We agree...in opinion. In law, however, there's no guaranteed right to do so.
Pretty soon they'll be saying you cant loan store bought DVD's to your friends and family.
They already do. And it's well within their rights.
It's only 1's and 0's people, this crap isnt as important as family or health, quit making such a big deal over someone copying a DVD or CD.
Spoken like a true meat-puppet. Create a series of 1's and 0's that consumers want, then we'll talk.
If the creators don't like the fact that movies and music can be easily copied, they should go find another line of work.
Nah, they'll just make it harder and harder to do and raise prices to pay for all that research while their at it.
Of course, you *could* just pay for what you consume. Seems a lot more logical than asking the creators to give their work away for free and be happy about it.
Score: 0
|The old media companies can close their eyes, put their hands over their ears, and sing "LA LA LA LA." But they cannot change the fundamental inescapable fact, if it can be played it can be copied.
Score: 0
|I really don't think that's the point. Most of this is simply aimed at casual copiers. In that respect, it is for the most part, working.
Everyone here seems to be under the impression that DRM exists solely to inconvenience them or to "put an end" to *all* piracy.
In truth, it's neither. It exists to protect the creators of content, to deter (not end) IP infringement, and to protect the income path from consumer to creator.
Score: 0
|I dont think the casual copiers are the problem. The Problem are the piriates in China , Russia etc... Who make 1000's of copied movies and sell them on the black market !
The avrage Joe wants to copy movies for his-her library thats all... and they should be able to do just that !
Score: 0
|The avrage Joe wants to copy movies for his-her library thats all... and they should be able to do just that !
According to whom?
Score: 0
|Me. And about 200 million other people.
Score: 0
|Ah. Consumers...
To damn bad.
You didn't create it. When you create something? Then you can tell me how much it should cost.
'Til then...Tough sh1t.
You want socialism? Move to ... Oh yeah, that never worked. Anywhere.
Score: 0
|That's like sticking a banana in your ear to keep away tigers....
Score: 0
|Hey, if that works for you, who am I to say differently.
Score: 0
|Nominating PCT once again for Shill Of The Year...
Score: 0
|So no argument other then insults? Please enlighten us why the creators of content shouldn't be paid?
Score: 0
|That makes ...NO sense whatsoever? Who the hell do you think the large scale pirates are SELLING to in the first place? Come on now you can do it...that's right...average consumers. What a retarded argument.
Score: 0
|lmao...
Being a proponent of free-market and capitalism makes me a shill?
Interesting definition of shill. You might want to look that up.
Score: 0
|Yea, it's just crazy. I have sympathy for anyone trying to outwit the collective brain.
Score: 0
|Just wait. Direct-to-Eye/Ear digital interfaces are on the way [grin]
--->They have to let people watch movies, so no matter how much advanced cryptography they use, they have to give the users the keys to decrypt the data.
Score: 0
|I almost want them to start revoking keys so an outside place will be all up in their grill saying "wtf you doin?? you can't do that!" Hopefully the Gov would do that and end up forcing HDDVD to give us something nicer or permanently block the use of that tactic.
Score: 0
|The sooner these companies stop wasting money with DRM and lawsuits, and bring their prices in line with consumer wishes, the richer they'll get. Otherwise, pirates will make sure their revenues continue to devolve. DRM doesn't work, but piracy always does.
Score: 0
|If it can be seen or heard, it can be cracked.
Score: 0
|BWAHAHAHA
It was only a matter of time...
Score: 0
|as for making dvd's cheaper, this won't stop crackers cracking,
it's a bit like stopping a kettle boil,
or stopping a dog from barking,
or stopping a lift from going up and down,
crackers crack, that's there nature,
they like challenges, and they like breaking something that most claim can't be broken,
a cracker finding out that companies are protecting tiltes, and putting advance restrictions at there will, is what drives most crackers to say, hey, that's not fair,
which is where fair rights come into play,
we buy the disc, we should be allowed to make a legit backup copy for our own piece of mind,
i know i know, the company has the right to protect there work, and profits, granted, that's a controversial subject which will never be solved, all i want to stress is why crackers crack,
to them it's a challenge, they don't care about cost, they care about 2 things,
1 fair rights, being bounded by restrictions which are not acceptable,
2 because advance encryption is there to be beat, why, simple, because it's something that poses a challenge,
and what do crackers get out of it, they win, yes of course, but more importantly, they come out of it, more intelligent, cracking a multi billion pound protection improves there skills tremendously
i don't know what the solution is, no one really does, but i do know that making things more and more secure is clearly not the way to go, there just teaching crackers better skills, and giving crackers more challenges,
fair rights, i do support, just for record, if you own the original then one should be allowed to make a backup copy,
this i believe will be the solution in the end,
a special dye on the disc will come about, which will allow 1 copy to be recorded, the the disc's dye will change, and no more copies will be possible, the copy itself will have to be done in a spacific way of course, as once the user has the files, then the user could make as many copies as he/she would desire, obviously a solution would have to be found to counteract this problem, but stopping people making a copy for themselves is the biggest problem, and it's this issue that gets most attention, because this is not playing fair.
physics will be the answer, not advance cryptography,
Score: 0
|this ld and noone will read it but i will put my 2 cents in:
"crackers crack, that's there nature,
they like challenges, and they like breaking something that most claim can't be broken,"
some who cant find something better to do than sit and look at 1s and 0s till they find out how to make ILLEGAL copies needs to be shot for being a loser and a theif!
"a cracker finding out that companies are protecting tiltes, and putting advance restrictions at there will, is what drives most crackers to say, hey, that's not fair,"
tell me how thats not fair?? when u spend millions to creat ur art and millions to make sure that it isnt ILLEGALLY stolen how can anyone defend the thief in this situation.
people creat things then put them out there for people to choose to buy it or not. if your not willing to pay for it your not entitled to have it because u deem paying for it "isnt fair" WTF???
"we buy the disc, we should be allowed to make a legit backup copy for our own piece of mind,"
no thats merely attempting to undermind the infrastructure of capitalism. honestly u dont need a "backup" copy of a movie you already own. ur time and money are better spent buying a new one in case its damaged then spending days cracking the encryption.
"to them it's a challenge, they don't care about cost, they care about 2 things,
1 fair rights, being bounded by restrictions which are not acceptable,
2 because advance encryption is there to be beat, why, simple, because it's something that poses a challenge,"
the restrictions are not unnacceptable. they are there to prevent the things THEY OWN from being stolen. if u had something valuable u wouldnt give it away with a smile either. dont say u would!
and no encryption isnt there to be beat. this isnt a stupid game. its there to make it harder to steal their products. walmart has cameras so people dont walk around stealing things. encryption is EXACTLY the same thing. go to walmart and steal a dvd then, when they arrest you, say their restrictions are "unnacceptable" LMAO
i am all for a free market but i believe u pay for what you consume. if everyone went around grabbing what they wanted without paying for it then the movie makers, bands, game developers will stop making their products. so if u steal it u obviously want it correct? is it worth the fact that those things u want wont be there anymore if u continue stealing them?
Score: 0
|