Print 58 comment(s) - last by wallijonn.. on Jan 30 at 5:15 PM

Lord of War gets defeated by high-definition hackers
The hacker who cracked HD DVD strikes again by defeating Blu-ray Disc encryption

Late last year, a crafty individual who goes by the name “Muslix64” circumvented the copy protection scheme used to protect HD DVD. Given the similarities between the copy protection methods used in the high-definition optical formats, it was only a matter of time before Blu-ray Disc’s protections would be bypassed. However, Muslix64 has no access to Blu-ray hardware, limiting his exploit methods to HD DVD. That is, until Muslix64 came across some specific data for Blu-ray Disc, allowing him to apply his methods to the yet-uncracked format.

Another individual interested in Blu-ray’s protection scheme, “Janvitos,” who also participates in the same online forum where Muslix64 revealed his HD DVD work, posted a message showing the directory structure from a Lord of War Blu-ray Disc movie. Janvitos extracted the information by going through his system’s memory with WinHEX after playing the movie on his computer using WinDVD.

The memory dump information caught the attention of Muslix64, who replied to the thread saying, “In less [than] 24 hours, without any Blu-Ray equipment, but with the help of Janvitos, I managed to decrypt and play a Blu-Ray media file using my known-plaintext attack.” Muslix64 then posted a file as an example of his decryption work, though he did say that his method does not address BD+.

Muslix64 then went on to explain how he was able to accomplish this feat with his plaintext attack method. “This is a very basic, but [powerful] crypto attack that I have used to decrypt both [HD DVD and Blu-ray] formats,” he wrote. “After reading posts of people trying to get the keys in memory, I realized, I have a different way of looking into the problem…A lot of people try to attack the software, I'm attacking the data!”

“So I spent more time analysing the data, to look for patterns or something special to mount my known-plaintext attack,” Muslix64 explains. “Because I know the keys are unprotected in memory, I can skip all the [painful] process of code reversal.”

Although Muslix64 did not have any Blu-ray equipment at his disposal, he was still able to recover the keys with the help of Janvitos’ memory dump file and media file. Blu-ray media files are divided into individual aligned units. The first 16 bytes of each unit are not encrypted, with the rest being encrypted using AES in CBC mode. Muslix64 examined the non-encrypted portions of the data and found a reoccurring pattern, which he used to mount his known-plaintext attack.

Muslix64 goes on: “In most cases, the know-plaintext attack is in fact a guessed-plaintext attack. We ‘assume’ the data will look like something we ‘guessed’ when decrypted. Most of the time, it works! Knowing that, all you have to do, is to write a small program that scan a memory dump file, that comes from of a software player while it was playing the movie. The key is in that file, you have to locate it.”

Once the value and position of the key is in memory, all one has to do is to use a memory landmarking function to locate the key and defeat the encryption. The method discovered by Muslix64 and Janvitos is specific to Blu-ray, though similar means were used to decrypt HD DVD. This hack was made possible by the fact that the keys were not protected in memory when running video-playing software on the PC.

Even without any Blu-ray hardware at his disposal, Muslix64 shortly followed his findings reveal with the alpha release of BackupBluRay V.0.21, software he wrote to decrypt Blu-ray Discs. Limitations to his software at this time are that it doesn’t support BD+ or volume unique keys and that it only supports one CPS key per disc. Users wishing to utilize the software will also have to provide their own CPS unit key.

Those who have tried the software report that they have successfully been able to decrypt and copy their own Blu-ray Discs for playback on both PC software and set-top players. If the cracking of HD DVD and the release of pirated files is of any indication, however, Blu-ray may soon see illegal copies hitting the black market and parts of the Internet.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: good job hollywood!
By thejez on 1/24/2007 10:15:28 AM , Rating: 2
so what do you propose? NO movies on the PC? No HD-DVD players for the PC?

Make no mistake, the MPAA and the RIAA are driving this not MS and not the hardware people... THEY say, "You want to play our disks, then play by these rules" -- so your company makes DVD drives and HD-DVD players etc... what are you going to do? tell them no thanks?? You dont really get options here because the RIAA and the MPAA OWN content that YOU want to consume... so you have to consume their content on their terms...

the thing i dont understand yet is how Linux/XOS fits in here.... do they not have any DRM? Can you simply play an unprotected HD-DVD movie on linux with no DRM? It seems to me if the terms dictated by the MPAA arent complied with you may very well arrive at a situation whre those disks simply cant be played on these OS's until they come into comliance.... or if what you are saying is really true and Vista is the real issue here (adding extra DRM not required to play this content) and not Linux then it would seem people will gravitate toward the more open system... but does anyone think the MPAA/RIAA will let that happen? I think its going to come to comply with us or "no content for you"....

Now the other point to the argument is of course is it even possible to really secure something that has to be consumed by the end user at some point.... somewhere in the chain of all this elaborate security the fact remains that the content MUST be displayed... and if it can be displayed then it can be copied... like has been said many many many times before... DRM doesnt prevent pirating but only makes life miserable for those who actually choose to purchase the content...

RE: good job hollywood!
By Beh on 1/24/2007 12:34:42 PM , Rating: 2
From what I remember while using Ubuntu linux, you can't even play regular DVDs without installing some packages of dubious legal status. You'll probably be able to play HD-DVD and Blu-ray on linux eventually but it likely wont be through any officially supported means. As far as OSX is concerned, it should be even easier for Jobs to convince the Mac zealots that DRM is what they want.

RE: good job hollywood!
By stmok on 1/24/2007 3:50:59 PM , Rating: 2
Yes, Linux requires that you install DVD support manually. (Depending on which distro, its often a very trivial exercise). This is because, to actually play DVD movies on Linux, you have to circumvent CSS. Circumventing protection mechanisms isn't legal in some countries.

I suspect you're right about Blu-ray/HD-DVD and Linux. Someone will probably port Muslix64's source code into C/C++ for the Linux version. (Or possibly a project like VLC or MPlayer will implement the necessary bits to play such media).

RE: good job hollywood!
By thejez on 1/24/2007 4:11:31 PM , Rating: 2
so then Vista really doesn't matter then in this equation.... since I can continue to watch ripped content instead of native in Vista (like I would do in Linux)... doesnt matter how much DRM they pack in since DRM cant/doesnt prevent backups with proper tools.

The whole concept (DRM) is a bad one and will probably do nothing more than drive more people to piracy because of how cumbersome it is for people who try to play by the rules... i already gave up on buying music online because of how hard it was to move the files to my new machine... i'll never buy a song online again... its worth buying the whole disk just so I can rip it myself at a high bitrate and share it with any of my devices....

RE: good job hollywood!
By glynor on 1/24/2007 4:33:08 PM , Rating: 4
And you really think if Microsoft told them "shove it" we won't play in your sandbox then, and there will be no HD disc format for PCs, that the MPAA's tune wouldn't have changed?

With their market share and power? That'd have as likely killed BluRay and HD-DVD as anything!

Microsoft has plenty of power here, they just chose not to use it because they agree with the content owners. They do the same thing with their software!!

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings
Related Articles
First Pirated HD DVDs Released
January 17, 2007, 4:30 PM
Hackers Claim HD DVD Encryption Circumvented
December 28, 2006, 12:24 PM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki