First AACS Blu-Ray/HD-DVD Key Revoked

Thomas Charron writes "An update posted for Intervideo WinDVD 8 confirms that it's AACS key has been possibly revoked. WinDVD 8 is the software which had its device key compromised, allowing unfettered access to Blu-Ray and HD-DVD content, resulting in HD movies being made available via many torrent sites online. This is possibly the first known key revocation which has taken place, and little is known of the actual process used for key revocation. According to the release, 'Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled,' which pretty much confirms that the key revocation has already taken place for all newly released Blu-Ray and HD-DVD discs."

I don't completely get it.

[yagu (721525)]

I don't completely understand what's going on here. And that's exactly my point. I don't want to understand. Does this breach disable any user's player until they update their hardware? Will some disks play and others not? (I'm kind of making this up, but I'm role-playing what most consumers are experiencing based on my limited anecdotal observations).

I don't want to know the ins and outs of the security of the media. I want it to work like the old CD players. I insert a disk, I watch a movie. Simple. Easy. Done.

I think above and beyond the hurdle of introducing a new format, ahem, two new formats, for DVDs this kind of hiccup could be fatal to the rollout. People are annoyed enough with little things (cables plugged in wrong way, audio/video receivers improperly configured, etc.), when it comes to having to update firmware to be able to play stuff they've paid for, they're going to be mad. And maybe some, maybe many are going to rethink their upgrade plans and find regular DVD okay enough. And maybe people who have been considering HD DVD will stay away in droves. Fingers crossed.

Re:

[Gossi (731861)]

What this means is that *NEW* HD-DVD and Bluray discs won't work on old players, unless patched. It's a consumer nightmare as they won't know nor care about HD-DVD piracy -- they just want a disc which works.

Put simply: industry + clueless = idiots who damage their own profits. The music industry has proven this well already -- now it's time for the movie industry to not learn from the past.

Re:I don't completely get it.

[scottnews (237707)]

It means *NEW* HD-DVD and Bluray discs won't work on WinDVD 8. The key for WinDVD 8 has been revoked. Other players use different keys. Those have not been revoked. WinDVD has released a free update with a new key, and presumably an attempt to encrypt it.

This is why HD-DVD and Bluray players require a network jack. It allows for old keys to be removed and new ones to be implemented, among other things.

Re:

[smchris (464899)]

Count me confused too. So what will be _really_ cool (anarchy-wise) will be when people release hacks for consumer media hardware of the future the way people hack game consoles to play linux? How do they tell what hardware has been conpromised? Each Blu-Ray disk comes with an explicit agreement to let the industry probe your hardware?

Re:Network jack??

[badfish99 (826052)]

So when the key of your Samsung BD-P1000 is revoked, your player will no longer play any new disks that you buy. You will have to go out and buy a new player.

Re:Network jack??

[Dogtanian (588974)]

This entire thread is complete bullshit. Keys are not revoked via a network jack. Keys are revoked by the simple act of releasing new discs that don't support them.

Well, yes; I believe that was the point. WinDVD is able to be updated over the Internet, but this option isn't available for the Samsung DVD player (etc). If that were the only way of updating the firmware, then the industry would be faced with a choice of revoking the keys (i.e. having future releases no longer support that player) or not revoking them, thus leaving the crack open for exploit.

Of course, this is not the case; there are likely other ways of updating firmware on "real" HD-DVD players, but they're likely to be less transparent to consumers.

Re:

[JWW (79176)]

Oh, thats #$%#$% great, I can just see it now.

Instructions for continuing to be able to use your (friken expensive) player.

1) Use your computer to download the latest firmware.
2) Burn a CD/DVD (you sure as hell had better not need to burn a blu-ray or hd dvd disk!!)
3) Insert in you player and power cycle and hope the upgrade works and doesn't leave you with a brick.
4) Continue to pay a premium for content for your player knowing that you'll probably have to do this firmware shuffle at least twice a year.

or

D

Re:

[Skreems (598317)]

Uh huh. I'm saying I have a 32" LCD HD television, and normal DVD resolution is just fine for me. Yeah, if you pause it and try to count freckles on some guy in the background, HD-DVD is gonna work a lot better, but when you're watching a film from 10-15 feet back and people are moving around on screen, it really doesn't make a difference. The average consumer does not care. Don't get me wrong, HD sets have some advantages. For one, you can use progressive scan to get a brighter image and drop that annoying

All HD DVD players have a network port

[benwaggoner (513209)]

Having a network port is a mandatory feature for all HD DVD players, so updated keys and other updates can be easily delivered. It's mainly there for downloadable content (like adding subtitles in a new langauge for an existing disc).

Blu-ray, however, has networking optional, and most Blu-ray players don't have a port.

Yet another way in which the baseline functionality in HD DVD is much higher than Blu-ray.

Re:

[DDLKermit007 (911046)]

Right, you honestly think a studio will give you ned content for your movie like subtitles that they didn't have yet? They have your money, and they won't do one extra thing thats not physically encoded on the disk unless it's to lock you our, or make more money (count on commercials getting delivered this way).

Re:

[theJML (911853)]

So why is requiring me to run a network cable to my DVD Player a bonus? Can't I play a movie without having to worry about the current state of my network connection? Does my player really have to ask someone outside the house if it's ok to show me a movie? And honestly, I'll have to say when the network goes down, that's a perfect time to watch a movie... 'cause ya sure can't read slashdot. I remember the days when you all you needed was one utility company involved in movie viewing (power). What about all

Updates for hardware players unnecessary

[swillden (191260)]

Well, yes; I believe that was the point. WinDVD is able to be updated over the Internet, but this option isn't available for the Samsung DVD player (etc). If that were the only way of updating the firmware, then the industry would be faced with a choice of revoking the keys (i.e. having future releases no longer support that player) or not revoking them, thus leaving the crack open for exploit.

None of that matters for hardware players, because each individual player can be revoked independently, without affecting the one that came off the line immediately before it, or the one that came right after it. They don't bother issuing unique keyset to each copy of a software player, for obvious reasons, but hardware players all have unique key sets so if the keys in one of them are compromised, and known to be compromised, then that specific player can be revoked so that future disks won't play on it. No updates to other players are required.

What makes this magic possible is a very clever and sophisticated key derivation scheme. Basically, there is an enormous tree of trees of possible keys, and each player is given a carefully-chosen subset of them, which allows that player to derive a large part of the possible keys, but not all of them. To revoke a key essentially just means choosing to encrypt future disks with a key that particular player cannot derive with keys.

The number of key blocks that must be placed on each disk to make this scheme work is linear in the number of revoked players. In fact, it can be shown mathematically that if r players have been revoked, then at most 2r+1 key blocks are required on each disk. Simulations show that assuming a random distribution of revocations, on average only 1.28r blocks are required. Each key block is 16 bytes in length, so they can revoke millions of players without significantly affecting the space available on the disk.

Re:Network jack??

[mgv (198488)]

So when the key of your Samsung BD-P1000 is revoked, your player will no longer play any new disks that you buy. You will have to go out and buy a new player.

This entire thread is complete bullshit. Keys are not revoked via a network jack. Keys are revoked by the simple act of releasing new discs that don't support them.


So this bit is pretty well established

1. Player gets compromised (keys extracted somehow)
2. All new content no longer has a key for the compromised player.
      a. Your player cannot play these new disks
      b. The new content cannot be decrypted by hackers either.
      c. Anything currently released will still play fine.

Now the interesting bit is how to update the players. The key system on Blu-Ray is very clever, and allows enough keys that they will never run out, at least in practice. It was designed to allow revocation of multiple compromised players, hundreds of times over.

The real issue is that you don't want a legitimate player to stop working. A software player can easily be updated on the internet. But a hardware player cannot assume an internet connection. And consumers are going to get angry if their player stops working because someone somewhere managed to figure out its keys.

However, there is no reason why a firmware update for the hardware player cannot be included on all new titles released. There is plenty of space on a Blu-Ray disk to hold thousands of firmware patches, for every compromised hardware player. So the end users will get updated.

Which doesn't mean that a real hacker couldn't "upgrade" their program too, but its a world of difference between figuring out a single key and emulating the system through an upgrade.

However, the biggest reason for this system is that of forcing a delay.

If you stop keys being released for a few months you capture most of the sales market

Sure, you may lose the long tail of marketing, but if you can just keep the decryption keys out of circulation for a few months plenty enough people will buy the disks anyway.

And they can play this cat and mouse game for a long time to come....

My 2c worth,

Michael

Re:I don't completely get it.

[Kjella (173770)]

What this means is that *NEW* HD-DVD and Bluray discs won't work on old players, unless patched.

Actually:
1. New discs won't play on the players who has had their keys revoked. Just to make that clear, this only has any effect for users of the WinDVD software player.
2. If I remember correctly, the player will keep a version of the revocation keys. So from what I've understood, once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.

For a software player, this isn't more than what it just said - a required software update. It doesn't get nasty until hardware keys are found...

Re:I don't completely get it.

[SiliconEntity (448450)]

once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.

This myth appears to have originated...

It's not a myth at all. Try reading section 4.8 of the AACS Introduction and Common Cryptographic Elements [aacsla.com] spec:

An AACS licensed drive shall retain in non-volatile storage, the most recent Host Revocation List (HRL) data which it encounters and has verified. To do this, for the first AACS drive authentication to the media inserted, the drive shall read an MKB recorded on the media to check if its version is higher than the version of HRL that it has stored in its non-volatile memory... If the version of MKB recorded on the media is higher than the version of HRL that the drive has stored in its non volatile memory, the drive verifies the signature in the Host Revocation List Record of MKB as specified in section 3.2.5.2. If the signature is successfully verified, the drive shall replace the previously stored HRL data, if any, with the newly read HRL data.

What this means is that disks are distributed with Host Revocation Lists on them, cryptographically signed by AACS. Whenever a disk is inserted, the drive checks to see if the HRL on the disk is newer than the one it has in nonvolatile memory, and if so, it checks the AACS signature on the new one and stores it in memory. This allows a drive to refuse to talk to a given host software. Likewise there is a drive revocation list that the hosts are supposed to hold which tells them not to talk to certain drive versions, in case an attack is found in some models of drives.

Re:I don't completely get it.

[whyde (123448)]

When I first became aware of AACS, I read what I could of the spec and pondered whether it would be possible to produce and distribute a disc which deliberately uses the properties of NVM and the MKB/HRL specification to insert a bogus "maximum value" HRL which contains a do-nothing (or nothing useful) revocation list.

The net result of this is, once inserted, the disc guarantees that all future discs will play regardless of the player codes which have ever been, or will ever be, revoked. Since it has no concept of time except for the supposedly monotonically increasing version numbers of the HRL, it should be possible to max out the HRL value so no disc can ever update the player's revocation list.

I'd be suprised to find out that this is not possible.

Re:I don't completely get it.

[Skreems (598317)]

It's not. Or more specifically, not in the way you want.

Storing the revocation list like this is likely only useful so that the device can give the user specific instructions to go look for an update, and maybe disable itself even for older discs. Every new disc will still fail to provide a disc key to the player, as the player key will not be included in the tree of allowed ones. You still couldn't play new discs, the best you might do is prevent the player from understanding that it needs an upgrade.

Re:

[Erpo (237853)]

once you put in a disc which says "Hey, you're supposed to be revoked" that player will stop working until you get an upgrade.

This myth appears to have originated...

It's not a myth at all. Try reading section 4.8 of the AACS Introduction and Common Cryptographic Elements spec

It isn't a myth, but Host Revocation and Drive Revocation are trivial to bypass and are not what is being described in this article.

HRLs and DRLs only serve to stop Hosts (PCs) and drives (HD-DVD or Blu-Ray) from communicating with ea

It's hard to upgrade hardware

[jfengel (409917)]

It should be a lot more difficult to get the keys for a hardware player than for a software player. WinDVD made an easy target because it is running on a general-purpose computer, which means that the key is sitting there in memory at some point to be snooped out. It's not easy, I'm sure, to find that key among the many megabytes of code, but it's there.

A hardware player isn't a general purpose computer. I'm sure it's possible for somebody with the right hardware to snoop inside its memory (say, inserting a special thingamabob between the memory and the mother board that allows you to read all reads/writes as they go past), but it's not going to be readily available.

Presumably somebody will be the first one to do this, and that is sure going to be a bad day for both formats. People are prepared to upgrade their software; it happens all the time and it's a relatively painless process for most people. Upgrading your hardware is not going to be easy, and it may not even be possible. (I used to own a DVD player which was "upgraded" by downloading a patch, burning it onto a CD, and putting that in the machine, but I don't know if every DVD player supports that.)

If they start denying keys on hardware players, there will be a world of pain, but I don't expect this to shatter the world. They'll just advise everybody to download a patch with a new key.

thingamabob = logic analyzer

[DeadCatX2 (950953)]

Unfortunately, you're assuming that the memory holding the key is in a separate chip from the processor which will use it. These days, it's common for chips to have internal non-volatile storage (Flash). I bet (note: speculation) one of the design goals for AACS was to ensure that the key was never in-flight on a PCB trace. You can't probe a signal if it's routed internally in the silicon, never leaving the chip.

Re:thingamabob = logic analyzer

[Cassini2 (956052)]

You can't probe a signal if it's routed internally in the silicon, never leaving the chip.

Keeping a signal "locked" in the silicon is more difficult than one would like to think. Most of the chips with built in non-volatile memory have built-in interfaces to program that memory. These interfaces can be abused, and people have done it. Microchip's secure chips were breached. I am not sure where the hackers are at with the latest 32-bit and 64-bit hardware. It is hard to make something that "no one can copy". It is really hard when no physical security is present. People can remove the chips from the players and expose them to out-of-spec signals and voltage levels to find out what happens next.

Re:It's hard to upgrade hardware

[evilviper (135110)]

A hardware player isn't a general purpose computer.

Actually, it is. Toshiba's first HD-DVD players are, in fact, Pentium 4 computers.

(I used to own a DVD player which was "upgraded" by downloading a patch, burning it onto a CD, and putting that in the machine, but I don't know if every DVD player supports that.)

Not ALL, but the vast majority of DVD players can be flashed in the same manner.

Re:

[IamTheRealMike (537420)]

AACS contains traitor-tracing algorithms that allow you to locate the device key from a decrypted video, or released title key.

Re:

[evilviper (135110)]

The problem with that is then on every disc each key needs to be encoded.

No, it doesn't. Mathematics isn't nearly that primitive. You absolutely don't have to, nor does AACS store every individual key on a disk. It's called "broadcast encryption" and it existed before AACS. Each player doesn't have a single, globally unique key. It has several keys which, in combination, are globally unique. See: http://web.archive.org/web/20060604054302/http://w ww.lotspiech.com/AACS/ [archive.org]

Sorry, it just won't work.

Sorry

Awesome

[Vexorian (959249)]

No one can deny how convenient this is for the customers. The companies love us.

Re:Awesome Monopoly Powers, Activate!

[Migraineman (632203)]

Thank you for using the word "customers" instead of "consumers." Consumers are force-fed; customers have a choice.

But therein lies the problem with this situation. The **AA cartels have purchased the necessary legislation to reinforce their monopolies. When they revoke a DRM key that effectively bricks your hardware player for future media releases, what are you going to do? They've cost-shifted the upgrade burden onto you, and since they own the entire distribution chain, you can't take your business

If only people would wake up

[Toby_Tyke (797359)]

This is a perfect example of why monopolies are bad. This will resonate all the way down to Joe Sixpack in a form that he'll understand - "Damned 'new' movies don't play in my DVD player." He may not understand the ins and outs of DRM legislation, but he sure as hell knows what getting screwed by the establishment means.

And the establishment will respond thus:

Yeah, that copy protection sure is painful, huh? Goddamn those freedom hating movie pirates for making us put it on there. You know those guys f

let's have a vote

[by Anonymous Coward]

How many of you like to have your computers controlled by media corporations and Microsoft? Voting time is now. http://defectivebydesign.org/ [defectivebydesign.org]

Re:let's have a vote

[RightSaidFred99 (874576)]

You know, it's the damnedest thing. My computer is controlled by me. Everytime I see people whining about DRM I wonder what the fuss is. I run Windows XP and have had no issues with DRM because I don't buy DRM'd media. Instead of whining, I just put my money where my mouth is and so far I haven't fallen asleep cursing Microsoft or anyone else because I don't have any DRM issues to speak of. It's God Damned amazing.

soo....

[by Anonymous Coward]

so if WinDVD 8's AACS key gets banned, basically all WinDVD 8 has to do is issue a patch to give it a new key, so that future discs will work? seems like that would be something that would be hackable and exploitable... especially if other aacs keys are known, i imagine hacks would come out to change the program's aacs key to any known unblocked aacs key...

it's entirely possible that i have this all wrong.

Re:

[Dachannien (617929)]

Knowing the key in the first place is the exploit.

.. but what if a hardware player is compromised?

[uncleFester (29998)]

this is what's more curious to me.. when/if a hardware player ever is compromised, what are you gonna do then? the content owner denies your access to their content.. you think the manufacturer will step up with an "oops, our bad; here's a new unit to play stuff.." har.

i don't even know if this has happened with dvd or how possible it is.. but i have to think the potential is out there, and unless the unit has some sort of design foresight to resolve some issue (firmware updates to my bluRay player? and what kinda new 'security' hole is that?!?) i'd think you could be toast. .. that might actually be one class-action suit i could hop on and enjoy, just to watch potential legal fallout. :)

-r

Re:.. but what if a hardware player is compromised

[zippthorne (748122)]

Spam a bunch of new disks with an update patch?

Copyedit?

[interiot (50685)]

Can't Slashdot do a minimal amount of copyediting to stories before posting them?

An update posted for Intervideo WinDVD 8 confirms that it's AACS key has been possibly revoked. WinDVD 8 is the software which had it's device key compromised,

"Possibly" "confirmed" appears on its face as a likely contradiction, and it is... the linked article says "please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled".

Re:Copyedit?

[by Anonymous Coward]

... and for G*d's sake, it's "its," not "it's"!

(World's easiest job: slashdot "editor.")

Re:

[Dogtanian (588974)]

Can't Slashdot do a minimal amount of copyediting to stories before posting them? "Possibly" "confirmed" appears on its face as a likely contradiction

CowboyNeal reports that Slashdot will "definitely maybe" take up your suggestion. Noel Gallagher unavailable for comment.

hardware players?

[MoOsEb0y (2177)]

What are the implications for hardware players? Will they now need to be updated, or does this key revocation only apply for WinDVD in particular. If so, does this mean that it would be possible to hack apart a hardware HDDVD/Bluray player and take its key? This doesn't seem like a very secure system if that kind of attack is possible.

Re:

[Kjella (173770)]

What are the implications for hardware players?

None.

would [it] be possible to hack apart a hardware HDDVD/Bluray player and take its key?

Nobody's done it, but if it happened they coudl revoke that key. Of course, if you found a way to extract it from a class of players, they might have to recall all those players.

Great!

[Bri3D (584578)]

And the update must have the new key in it!
And we know how smart InterVideo have been about protecting the keys so far...

The fact of the matter is that if it can be decrypted and the user has physical access, there is *no way* to make "unbreakable" DRM. None. At all.
Especially on most modern CPU architectures where memory and the bus are unencrypted. The data *has* to go through RAM and over the bus.
Therefore there *is no protection*
It takes *one* decrypt to defeat their supposed purpose "keeping them dirty pirates from getting it" and this decrypt will *always* happen. But yet they waste millions in R+D money making ridiculously bad systems to try to prevent something that's physically impossible to prevent.

The Zero-day race is on

[jms (11418)]

Does anyone seriously doubt that there will be a day-zero crack of the new keys?

Re:Great!

[Nasarius (593729)]

And the clever cracking groups will grab a key and not tell anyone, just keep using it to make releases. It'll be amusing to watch and see what happens, though. Will they keep playing whack-a-mole when they can find which key has been extracted? Will they finally realize it's just not worth the effort? Or will they end up revoking all software player keys and forcing you to buy and use the hardware players? I'm betting on the latter.

Re:

[d-rock (113041)]

Exactly. I'm interested in how Corel is protecting the new key it's trying to distribute. I mean, if they can hack the AACS key out of the player why do they think that they won't break the update to get the new key? Even if they're using some sort of public/private key pair embedded in the software, that too should be easily extracted. I'd wager that the new key will be available very soon.

Derek

Re:

[Lumpy (12016)]

You are missing the fun part. Every one of these they do gets us closer to completely cracking it. and once they do we can have the entire pool of keys on a disc and that will kill their ability right there.

Re:

[Bri3D (584578)]

Wrong. Why?

The user still has to be able to *view* the content. There is no DRM for the mind (yet, hopefully ever).
No matter how much fancy full-pipeline encrypted hardware you build, the user still has to see it. And our minds don't support AES.

First AACS Blu-Ray/HD-DVD Key Revoked

[denmarkw00t (892627)]

...and certainly not the last. Beware, HD-DVD/Blu-Ray consumers, you're in for a bumby road of software patches and exploits that move twice as fast!

Ahh, certainty

[Moridineas (213502)]

"confirms that it's AACS key has been possibly revoked"

Well, I'm glad that's been confirmed...

New use for PS3 Linux

[supabeast! (84658)]

If anyone really wants to piss off Sony, start a PS3 Linux project to build a PS3-based supercomputer that can be used to crack all of the Blu-Ray keys.

Re:PS3

[ivan256 (17499)]

It's a networked device. They'd just put out a firmware update. Sorry to shatter your dreams.

It would be more interesting to find out what would happen if the key to the Sony standalone BluRay players was discovered.

Re:PS3

[swillden (191260)]

It would be more interesting to find out what would happen if the key to the Sony standalone BluRay players was discovered.

Actually, it's very well-known what would happen: They would revoke the individual player that had its keys compromised. Note: Just that single unit, not the whole line. The beauty/horror (depending on your perspective) of the AACS key revocation system is that it can target individual units without affecting any other units, and it can do this without requiring huge amounts of disk space to be devoted to key blocks, and without requiring any of the devices to get updates, even if millions of individual players are revoked.

What this means is that smart hackers won't reveal the player keys they extract. Instead, they'll use those keys to compute the media keys, and then they'll publish the media keys. Your HD-DVD/Blu-Ray ripper will just have to consult an on-line database to find the key for the disk you have and then it will be able to decrypt it just fine. The media cartel won't be able to revoke the player key used to compute the media keys, because it won't know which ones they are.

Re:

[ThePhilips (752041)]

Since you are selling not original - but copy - no way it would classify as "first sale". IOW, private copies are reserved for private use - sale/rent/etc aren't private uses.

P.S. IANAL