backtop


Print 33 comment(s) - last by scrapsma54.. on Jan 31 at 8:10 PM

AACS LA confirms the work of hackers

The AACS LA, those behind the advanced access content system protecting HD DVD and Blu-ray Discs, today responded to the recent defeat of its technology.

“AACS LA has confirmed that AACS Title Keys have appeared on public web sites without authorization,” read a statement from the AACS Web site. “Such unauthorized disclosures indicate an attack on one or more players sold by AACS licensees.”

The AACS is taking the stance that the exploit is a wake-up call to all licensees to ensure that the technology is implemented securely. PC software players, such as WinDVD, are particularly vulnerable to hackers.

“This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised.

“AACS LA employs both technical and legal measures to deal with attacks such as this one, and AACS LA is using all appropriate remedies at its disposal to address the attack,“ the statement concludes.

A hacker named “Muslix64” circumvented HD DVD copy protection during late December, resulting in the release of pirated copies on the Internet. Less than one month later, the same hacker was able to crack the encryption on Blu-ray Discs.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The two doesn't add up
By AnnihilatorX on 1/26/2007 6:16:49 PM , Rating: 1
If you read Slyck's interview with Muslix64 here:

http://www.slyck.com/story1390.html

It seems that Muslix had extracted keys from the disc, and he specificly mentioned there's no point to hack player software; as extracting keys from disc is much easier. And as long as there is open source software like VideoLAN, any revoking of player license key in commercial players are pointeless.




RE: The two doesn't add up
By Christopher1 on 1/26/2007 6:34:16 PM , Rating: 5
Even if there WEREN'T open source softwares like VideoLAN, there wouldn't be any point.

The studios and people who are pushing these 'waste of money and time' encryption schemes, not ONE of which has never been cracked, even dating back to Sony's MiniDisc.

It's just a waste of time, money, energy..... you name it, it wastes it. They would be better off just making things AFFORDABLE so that normal people could buy them and wouldn't HAVE to pirate.


RE: The two doesn't add up
By ATC on 1/26/2007 8:55:17 PM , Rating: 2
I couldn't have said better myself.


RE: The two doesn't add up
By bob661 on 1/27/2007 1:34:44 AM , Rating: 3
quote:
It's just a waste of time, money, energy..... you name it, it wastes it.
Dude, if I could rate you higher than a 5 I would do it. It's not like the industry hasn't tried to make the encryption schemes hard to crack, it's just that the people cracking them are either just as smart or smarter than the people creating them. It's really a futile effort and a waste like Christopher1 said. It's WAY past time to move on here.


RE: The two doesn't add up
By ttowntom on 1/27/2007 12:38:13 PM , Rating: 5
quote:
so that normal people could buy them and wouldn't HAVE to pirate...

No one HAS to pirate movies or songs. Stop pretending your theft is justified. You're not exactly stealing food for your starving kids now are you?


RE: The two doesn't add up
By Christopher1 on 1/27/2007 4:23:29 PM , Rating: 5
Hey, I don't personally pirate anything. Anything I can get in the United States legally I buy legally. It's only things that I CANNOT get in the United States without paying way more than what they are worth (like Japanese-only video games that some people charge $100 dollars for when they are less than $15 in Japan) that I personally pirate.

I've even bought from Japanese game download sites rather than pirate something (even though I found the pirated version easily), and I wait until something comes down in price dramatically before I buy it (waited till Doom 3 and the expansion was $10 at Best Buy on sale before buying it).

I don't pirate music, movies, etc. that are available in the United States stores or able to be bought at the same price as overseas online, but I'd be lying if I said I don't understand why some people do.

The prices for most games, music and movies are just way too high for what they really are worth when they first come out and even afterwards, and the problem is that the studios just have not realized that yet.
They wonder why people pirate and say "It's because they are cheap!" No, most people are not cheap, they simply know that your product is not worth what you are charging for it.


RE: The two doesn't add up
By scrapsma54 on 1/31/2007 8:10:02 PM , Rating: 2
Now I think these people should be grateful that their content is too huge that a majority of people wouldn't download it. In fact a majority of people don't even own the proper hardware to run these. so all in all the rich people will take little time just to buy one of the stinkin disks. also how can one accomplish enough earth days to even Download a full copy of a 30gb movie? Pirating is a wake up call to these companies that is saying that your customers are not buying your stinking product for what you think its worth. Sony and Toshiba need to make a product that is innovative for its worth or make a sell a product for what it is worth.


RE: The two doesn't add up
By Ckilla on 1/26/2007 6:52:08 PM , Rating: 1
great read.... TY! i totally understand why he cracked it because i would have done the same. except im not that talented... for me if i buy something and i can't play it where i want then it's not worth my time and i wont buy it anymore.... i have better things to do with my time.


RE: The two doesn't add up
By Aversio on 1/26/2007 7:34:54 PM , Rating: 2
quote:
This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised.



Yeah... right. Once the cat is out of the bag it's damn near impossible to out back in. Do they really expect to convince anyone that the "hackers" can be stopped now?
The process is a bit quirky right now from what I read, but give it time. Most (if not all) of us here knew it was only a matter of time until AACS was broke in one way or another. Give it a few months for the programs to mature and your grandmother will be able to back up HD content.


RE: The two doesn't add up
By borowki on 1/26/2007 7:36:17 PM , Rating: 4
No, he didn't just extract the volume key off the disc. The key is stored encrypted on the disc. You need a device key in order to decrypt it. Presumably this is somewhat protected within WinDVD. What muslix did was to look for the volume key after WinDVD has decrypted it. The player clearly needs ready access to the volume key in order to decrypt the movie data. If you assume that the key is sitting somewhere in memory unprotected, then all you have to do is try every 16-byte segment in the dump file. Which ever that yields something resembling HD-DVD data is the key. Testing a couple million keys doesn't take long.


RE: The two doesn't add up
By hoppa on 1/27/2007 12:54:50 AM , Rating: 2
Not quite. He actually paged through the memory manually and found certain patterns between discs that he assumed would be keys. Once the patterns were recognized, it was just a matter of itteratively generating keys to fit that pattern until one worked. Less work and more clever than trying every 16 bit sequence in memory as a key.


RE: The two doesn't add up
By saratoga on 1/26/2007 9:42:42 PM , Rating: 2
You misunderstand him. He did hack the software, thats where he got the keys from. He didn't extract anything from the disk:

quote:
People say I have not broken AACS, but players. But players are part of this system!


So basically, he hacked a specific software program. His point is that the keys will always be vulnerable to anyone who wants them badly enough.


RE: The two doesn't add up
By lukasbradley on 1/27/2007 12:01:03 PM , Rating: 2
Excellent link. Thanks.


"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)

Related Articles
Blu-ray Encryption Defeated
January 23, 2007, 6:49 PM
First Pirated HD DVDs Released
January 17, 2007, 4:30 PM
Hackers Claim HD DVD Encryption Circumvented
December 28, 2006, 12:24 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki