Last December, a hacker named “Muslix64” circumvented HD DVD
copy protection, resulting in the release of pirated
copies on the Internet. Less than one month later, the same Muslix64, with
the help of another hacker, was able to crack the encryption
on Blu-ray Discs.
On Sunday, another Doom9 forum poster named “arnezami”
presented the next great breakthrough in HD DVD and Blu-ray Disc decryption. Previously,
every HD movie needed its own unique key in order to be decrypted; but with
arnezami’s discovery, there is one key to rule them all -- at least for now,
until the Advanced Access Content System Licensing Administrator gets on it.
What arnezami found was the Processing Key, which appears to
be the silver bullet in decrypting all existing HD DVD and Blu-ray Discs. Arnezami was armed only with an Xbox 360 HD DVD
player and the bundled King Kong movie. Other Doom9 forum contributors posted
their keys to HD DVD movies such as The Departed and Spy Game, which were
proved decryptable using the Processing Key.
Figuring that the copy protection schemes on Blu-ray Disc are
similar to HD DVD, other posters reported data from Talladega Nights and House
of Flying Daggers, which were also decrypted using the Processing Key found
from King Kong.
Arnezami unlocked the secrets to HD DVD and
Blu-ray Disc encryption without the use of any hacked software or hardware. “Most
of the time I spend studying the AACS papers,” he wrote. “A good understanding
of how things worked have helped me greatly in knowing what to find in the
first place (and how to recognize something).”
Arnezami started his quest by finding the Volume ID to King
Kong, which motivated him to find the Media Key. After a few trial and error
attempts, arnezami had the idea to of watching the data move from the HD DVD
drive to the memory on his computer. “What I wanted to do is ‘record’ all changes
in this part of memory during startup of the movie,” he wrote in his
explanation. “Hopefully I would catch something interesting.”
“In the end I did something a little more efficient: I used
the HD DVD VUK extractor and adapted it to slow down the software player (while
scanning its memory continuously) and at the very moment the Media Key was
detected it halted the player,” arnezami continued. “I then made a memdump with
Using this method, arnezami found that his first C-value was
a hit, leading to the discovery of the Processing Key. “I now had the feeling I
had something,” he said.
Arnezami isn’t revealing which software player he used to
expose the key information for fear that the Advanced Access Content System Licensing Administrator would crackdown on the software
developer. What he did want to say, however, is that he made his discovery
simply by watching the data as it passed through his system.
quote: Its all moot anyways, because as soon as Penryn comes along the hardware and the compatible OS (e.g. Vista, and later) will lock users out of DRM protected memory pages, so hacks like this will "become a thing of the past". Then the only way to get a mem dump would be to force the entire OS to halt and dump the entire memory, then reboot.