backtop

Print E-mail del.icio.us 33 comment(s) - last by scrapsma54.. on Jan 31 at 8:10 PM
AACS LA confirms the work of hackers

The AACS LA, those behind the advanced access content system protecting HD DVD and Blu-ray Discs, today responded to the recent defeat of its technology.

“AACS LA has confirmed that AACS Title Keys have appeared on public web sites without authorization,” read a statement from the AACS Web site. “Such unauthorized disclosures indicate an attack on one or more players sold by AACS licensees.”

The AACS is taking the stance that the exploit is a wake-up call to all licensees to ensure that the technology is implemented securely. PC software players, such as WinDVD, are particularly vulnerable to hackers.

“This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised.

“AACS LA employs both technical and legal measures to deal with attacks such as this one, and AACS LA is using all appropriate remedies at its disposal to address the attack,“ the statement concludes.

A hacker named “Muslix64” circumvented HD DVD copy protection during late December, resulting in the release of pirated copies on the Internet. Less than one month later, the same hacker was able to crack the encryption on Blu-ray Discs.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
The two doesn't add up
By AnnihilatorX on 1/26/2007 6:16:49 PM , Rating: 1
If you read Slyck's interview with Muslix64 here:

http://www.slyck.com/story1390.html

It seems that Muslix had extracted keys from the disc, and he specificly mentioned there's no point to hack player software; as extracting keys from disc is much easier. And as long as there is open source software like VideoLAN, any revoking of player license key in commercial players are pointeless.




RE: The two doesn't add up
By Christopher1 on 1/26/2007 6:34:16 PM , Rating: 5
Even if there WEREN'T open source softwares like VideoLAN, there wouldn't be any point.

The studios and people who are pushing these 'waste of money and time' encryption schemes, not ONE of which has never been cracked, even dating back to Sony's MiniDisc.

It's just a waste of time, money, energy..... you name it, it wastes it. They would be better off just making things AFFORDABLE so that normal people could buy them and wouldn't HAVE to pirate.


RE: The two doesn't add up
By ATC on 1/26/2007 8:55:17 PM , Rating: 2
I couldn't have said better myself.


RE: The two doesn't add up
By bob661 on 1/27/2007 1:34:44 AM , Rating: 3
quote:
It's just a waste of time, money, energy..... you name it, it wastes it.
Dude, if I could rate you higher than a 5 I would do it. It's not like the industry hasn't tried to make the encryption schemes hard to crack, it's just that the people cracking them are either just as smart or smarter than the people creating them. It's really a futile effort and a waste like Christopher1 said. It's WAY past time to move on here.


RE: The two doesn't add up
By ttowntom on 1/27/2007 12:38:13 PM , Rating: 5
quote:
so that normal people could buy them and wouldn't HAVE to pirate...

No one HAS to pirate movies or songs. Stop pretending your theft is justified. You're not exactly stealing food for your starving kids now are you?


RE: The two doesn't add up
By Christopher1 on 1/27/2007 4:23:29 PM , Rating: 5
Hey, I don't personally pirate anything. Anything I can get in the United States legally I buy legally. It's only things that I CANNOT get in the United States without paying way more than what they are worth (like Japanese-only video games that some people charge $100 dollars for when they are less than $15 in Japan) that I personally pirate.

I've even bought from Japanese game download sites rather than pirate something (even though I found the pirated version easily), and I wait until something comes down in price dramatically before I buy it (waited till Doom 3 and the expansion was $10 at Best Buy on sale before buying it).

I don't pirate music, movies, etc. that are available in the United States stores or able to be bought at the same price as overseas online, but I'd be lying if I said I don't understand why some people do.

The prices for most games, music and movies are just way too high for what they really are worth when they first come out and even afterwards, and the problem is that the studios just have not realized that yet.
They wonder why people pirate and say "It's because they are cheap!" No, most people are not cheap, they simply know that your product is not worth what you are charging for it.


RE: The two doesn't add up
By scrapsma54 on 1/31/2007 8:10:02 PM , Rating: 2
Now I think these people should be grateful that their content is too huge that a majority of people wouldn't download it. In fact a majority of people don't even own the proper hardware to run these. so all in all the rich people will take little time just to buy one of the stinkin disks. also how can one accomplish enough earth days to even Download a full copy of a 30gb movie? Pirating is a wake up call to these companies that is saying that your customers are not buying your stinking product for what you think its worth. Sony and Toshiba need to make a product that is innovative for its worth or make a sell a product for what it is worth.


RE: The two doesn't add up
By Ckilla on 1/26/2007 6:52:08 PM , Rating: 1
great read.... TY! i totally understand why he cracked it because i would have done the same. except im not that talented... for me if i buy something and i can't play it where i want then it's not worth my time and i wont buy it anymore.... i have better things to do with my time.


RE: The two doesn't add up
By Aversio on 1/26/2007 7:34:54 PM , Rating: 2
quote:
This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised.



Yeah... right. Once the cat is out of the bag it's damn near impossible to out back in. Do they really expect to convince anyone that the "hackers" can be stopped now?
The process is a bit quirky right now from what I read, but give it time. Most (if not all) of us here knew it was only a matter of time until AACS was broke in one way or another. Give it a few months for the programs to mature and your grandmother will be able to back up HD content.


RE: The two doesn't add up
By borowki on 1/26/2007 7:36:17 PM , Rating: 4
No, he didn't just extract the volume key off the disc. The key is stored encrypted on the disc. You need a device key in order to decrypt it. Presumably this is somewhat protected within WinDVD. What muslix did was to look for the volume key after WinDVD has decrypted it. The player clearly needs ready access to the volume key in order to decrypt the movie data. If you assume that the key is sitting somewhere in memory unprotected, then all you have to do is try every 16-byte segment in the dump file. Which ever that yields something resembling HD-DVD data is the key. Testing a couple million keys doesn't take long.


RE: The two doesn't add up
By hoppa on 1/27/2007 12:54:50 AM , Rating: 2
Not quite. He actually paged through the memory manually and found certain patterns between discs that he assumed would be keys. Once the patterns were recognized, it was just a matter of itteratively generating keys to fit that pattern until one worked. Less work and more clever than trying every 16 bit sequence in memory as a key.


RE: The two doesn't add up
By saratoga on 1/26/2007 9:42:42 PM , Rating: 2
You misunderstand him. He did hack the software, thats where he got the keys from. He didn't extract anything from the disk:

quote:
People say I have not broken AACS, but players. But players are part of this system!


So basically, he hacked a specific software program. His point is that the keys will always be vulnerable to anyone who wants them badly enough.


RE: The two doesn't add up
By lukasbradley on 1/27/2007 12:01:03 PM , Rating: 2
Excellent link. Thanks.


Hardware Lock
By xombie on 1/26/07, Rating: 0
RE: Hardware Lock
By WxGuy192 on 1/26/2007 9:01:29 PM , Rating: 1
What does MS have to do with this? If you want to look at propriety and DRM, you certainly must mention Apple if you mention MS. Apple is no better than Microsoft. Though, again, I'm not sure what either two have to do with DRM in next-gen DVDs...


RE: Hardware Lock
By mindless1 on 1/26/2007 10:20:29 PM , Rating: 2
Umm, no we can mention any one company we feel like using as an example without being obligated to suit your desire for utmost comprehensive list mode on a mere news post.


RE: Hardware Lock
By Live on 1/27/2007 7:46:16 AM , Rating: 2
What does M$ have to do with this you ask? Well how about this?

quote:
AACS LA founders IBM, Intel Corporation, Microsoft , Panasonic (Matsushita Electric), Sony, Toshiba, The Walt Disney Company, and Warner Bros. Studios


RE: Hardware Lock
By ncage on 1/26/2007 9:10:45 PM , Rating: 2
Doesn't really matter if there is a will there is a way. People end up making emulators that emulate the hardware and they can they get passed it. I doubt they will be able to come up with an encryption scheme anytime soon that some of these wiz kids will not be able to crack. The company should also look at the lawsuit against dvd john. Pretty much it failed and it should have failed. Anyone can make the argument that i just want to make backups of my movies. What is that so illegal if your not selling/distributing the content?


RE: Hardware Lock
By darkfoon on 1/26/2007 9:38:56 PM , Rating: 3
http://www.againsttcpa.com/

They're already working on a hardware lock-in that will prevent users from circumventing copy-protection of any kind.

Welcome to the age of you not actually controlling your computer.

We can't always rely upon the open-source community to bail us out of DRM jail, eventually there'll be nothing even they can do because the hardware itself will be against them, and we all know that hardware makes up at least 50% of the computer ;)
When all the latest and greatest hardware has TPM chips, will you be willing to use obsolete technology just to be able to have your freedom? What if obsolete hardware is disallowed access to the internet, or new software specifically checks for TPM chips, then will you be willing to live without the latest software, in addition to the latest hardware?

We, as consumers, have to make ourselves heard. So many computer users (read: young people) could care less about these issues; they expect somebody else to be watching out for them, somebody else to fix the problem, or they don't even know or care that a problem exists. Unfortunately for us all, there are too few people who are actually looking out for the rest of the computer world, and without the help of the masses of literate computer users, their voices cannot be heard by the computer industry; they are too small of a group.

I hope I (and Orwell) am wrong.


RE: Hardware Lock
By saratoga on 1/26/2007 9:49:06 PM , Rating: 2
quote:
They're already working on a hardware lock-in that will prevent users from circumventing copy-protection of any kind.

Welcome to the age of you not actually controlling your computer.


Err, DRM has been around for a long time. The age of not being able to control media on your computer began a long time ago. TPMs don't change anything in that sense.

Regarding controlling your computer, I don't see them having much of anyting to do with that either. A TPM is just hardware. Any software can use it, and anyone can decide not to run software on it. I realize it sounds scary, but it doesn't really have much relevance since you have to opt in. If you dislike it, then don't install MacOS. Problem solved.


RE: Hardware Lock
By mindless1 on 1/26/2007 10:22:44 PM , Rating: 2
YOu are obviously wrong, the intention is clealry that you will have no choice to opt out. Whatever "idea" there was, there is a difference between a concept and actually taking the next series of ACTIONS to try to enforce that idea on equipment someone else owns.