Efforts that began in December 2006
and continued through February 2007 lead to the discovery of the Processing Key
used to encrypt high-definition media with the Advanced Access Content System.
The work of a small hacking community created essentially a silver bullet that
was able to defeat the copy protection of all HD DVD and Blu-ray Disc media on
the market at that time.
The Advanced Access Content System Licensing Administration
(AACS LA) acknowledged
the effectiveness of the hack and began to enact measures to restore the
integrity of its technology. Beginning May 22, which is most notably the
release date of the Matrix trilogy on HD DVD, all high-definition titles
shipped with Media Key Block (MKB) v3 – a new encryption key version that would
render the previously discovered Processing Key obsolete.
Interestingly enough, the AACS’ updated protection measures
appeared to be defeated by SlySoft, makers of AnyDVD HD software, before the
new MKB versions officially hit streets. The AACS has yet to officially issue a
statement and is current investigating the latest attack on the system,
according to comments made by Richard E. Doherty, director of technology
strategy at Microsoft, who is also actively involved with the AACS.
The initial method used by hackers to snoop the sensitive
encryption keys from HD DVD and Blu-ray were accomplished using PC software.
More specifically, hackers took advantage of holes in WinDVD to read data
straight from the PC’s memory. While such a hack may not have been possible
without the existence of software players, the AACS appears unshaken about
high-def media on computers.
“Just to clarify, the original attack was on certain
software players that proved to be vulnerable, and did not and does not
represent a widespread break in the AACS ecosystem ... In the past PC's have
typically been a big target for hacking activities, as they are designed to run
arbitrary software programs. But the line between PCs and traditional CE
devices is clearly blurring – and many of the best PVR systems (in my opinion)
are highly customizable and capable of running user-designed software,”
explained Doherty, also pointing to how a Windows Media Center box could be
strong addition to home theatres.
“Keep in mind, however, that AACS is aware of the history
and attack vectors of PC playback systems, and there are several technical
measures (such as KCD and the entire proactive renewal system) that are
designed specifically to address the particular issues of PC-based protection,”
The uncovering of the Processing Key to HD DVD and Blu-ray
happened in February, leaving some to wonder why it wasn’t until months later
until the appearance for a new MKB. Doherty provides the answer, “AACS of
course has the technical means to revoke overnight. But the current license
agreement generally provides for 90 days. This is to allow time for the
manufacturer to repair the product and presumably fix the vulnerability, and
time to rollout the patches to the affected users.”
The apparent grace period is done in the interest of
consumers, as if the key were revoked immediately, legitimate consumers could
find themselves with an unplayable disc until a software update. Despite the
quick ‘rehack’ of the AACS, the system is designed to avoid another complete
defeat like CSS – the technology used to protect DVD.
“You have seen a revocation cycle occur which has required
upgrades to certain software players to make them more robust to known styles
of attack. The AACS system was designed to deal with these sorts of attacks,
and remains intact as a technology. This is in contrast to CSS, which is
vulnerable to direct, brute-force attacks,” said Doherty, who then explains it
in even simpler terms. “The analogy we sometimes give is: if you lock your
house, but leave the keys lying on the street, then there's really nothing
wrong with the locks or with the concept of locks in general. If you don't find
the keys, you can change the locks if you like.”