Slashdot Log In
Analyst Says Blu-ray DRM Safe For 10 Years
Posted by
kdawson
on Mon Jul 09, 2007 07:42 PM
from the words-ripe-for-the-eating dept.
from the words-ripe-for-the-eating dept.
Mike writes to let us know that a poster on the AVS forum says that the latest issue of HMM magazine (no link given) contains a quote from Richard Doherty, a media analyst with Envisioneering Group, extolling the strength of the DRM in Blu-ray discs, called BD+. Doherty reportedly said, "BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 years." He added that if it were broken, "the damage would affect one film and one player." As one comment on AVS noted, I'll wait for the Doom9 guys to weigh in.
Related Stories
[+]
Blu-ray BD+ Cracked 521 comments
An anonymous reader writes "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: 'BD+, unlike AACS which suffered a partial hack last year, won't likely be breached for 10 years.' Only eight months have passed since that bold statement, and Slysoft has done it again. According to the press release,
the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market."
[+]
IT: Doom9 Researchers Break BD+ 345 comments
An anonymous reader writes "BD+, the Blu-ray copy protection system that was supposed to last 10 years, has now been solidly broken by a group of doom9 researchers. Earlier, BD+ had been broken by the commercial company SlySoft." Someone from SlySoft posts a hint early in the thread, but then backs off for fear of getting fired. The break is announced on page 15.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
That's the article... (Score:5, Insightful)
Re:That's the article... (Score:5, Funny)
There's a lot of quotation involved here.
Parent
Re:That's the article... (Score:5, Funny)
Parent
Re:That's the article... (Score:4, Funny)
Parent
MOD PARENT UP (Score:4, Funny)
Parent
Re:Reminds me of... (Score:4, Funny)
yeah this is karma burning night
Parent
Re:That's the article... (Score:5, Funny)
Parent
Re:That's the article... (Score:4, Funny)
Parent
Re:That's the article... (Score:5, Funny)
Oh, and I'd keep a close eye on your dog, Rusty, for the next few days. We've noticed some irregularities in his stool.
Parent
famous last words (Score:5, Insightful)
Re:famous last words (Score:5, Funny)
Parent
Re:famous last words (Score:4, Funny)
Parent
Re:famous last words (Score:5, Insightful)
The VM's have an ability to run native code, oestensibly to 'patch' a compromised decoder.
So.................., it seems the first step to cracking blueray has been identified. What a fuck up.
From here theres a 60 instruction VM.Rebuild the VM firmware using the native code execution capacities, and make sure the new VM cant 'see' its outside changes, and you may well have a (near) perfect irreversible hack.
This babys gunna sink in months.
Parent
Re:famous last words (Score:5, Informative)
"From a mathematical standpoint we cannot speak of a theoretically absolute unsolvability of a cryptogram, but due to the special procedures performed by the Enigma machine, the solvability is so far removed from practical possibility that the cipher system of the machine, when the distribution of keys is correctly handled, must be regarded as virtually incapable of solution."
-German cryptographer
http://www.nsa.gov/publications/publi00004.cfm [nsa.gov]
Parent
Re:famous last words (Score:4, Informative)
That's pretty much true, you know. IIRC, in the later days of WWII Enigma mesages were decyphered rather quicky because operators weren't working key schedules as they should. Some tidbits here [wikipedia.org]. Still, calling a cyper system "unsolvable" is just asking to be made a fool
Parent
Re:famous last words (Score:4, Informative)
PGP and media encryption schemes are completely different animals. As long as they keep making software players for these discs their encryption will be broken.
Parent
And... (Score:5, Funny)
In other news... (Score:5, Interesting)
Re:In other news... (Score:5, Insightful)
But neither of you are the market. Blu-Ray has Disney and A-list titles like The Incredibles. It is content that drives sales, not cracked DRM.
Parent
Re:In other news... (Score:5, Interesting)
The desire to have tangible media encrypted to shit is most annoying.
I've *bought* my movies on DVD. I've got better things to do than wait two weeks for a high def movie to download. And even when the last mile problem is solved, if they keep it free of DRM crap and sell it *at a reasonable price* (and, btw, I think a few bucks is a reasonable price when they don't have to print, press, package, or distribute anything). If you could download a HD movie in a few minutes for a few bucks and store it as long as you want it, why wouldn't you? I would.
The content people make me nuts. I won't buy *either* HD-DVD or Blu-Ray. Not. Gonna. Duuut.
Parent
Re:In other news... (Score:5, Interesting)
In the meantime, I've purchased an HDDVD addon for my Xbox 360, and hope that HDDVD will prevail. If it doesn't, I don't fear that I will have to repurchase my discs, just the player. I've taken a risk in purchasing the 360 addon, but its not really that big of a risk.
So, support the format of your choice, and don't worry about lost investment: You really only risk the player.
And as the VP of Marketing for Universal (HDDVD supporter) points out, this competition is good for one thing: Bringing HD video disc players down in price quicker than they would otherwise. Sony may own cameras that movies are shot with, media that they're recorded with, equipment they're transferred, processed, edited and mastered on, but at least there's a competitor for the media they're distributed on and the players that play them. I'd just rather they not have the whole ballpark.
Parent
Re:In other news... (Score:5, Funny)
Serenity
HD-DVD wins and it's not even close.
Parent
Oblig. (Score:5, Funny)
The DVD is UNCRACKABLE (Score:5, Funny)
An obvious typo (Score:5, Funny)
There you go, fixed that for you.
The makings of a decent /. poll (Score:5, Funny)
So far on this thread 3 dates have been suggested: 10 days, 2 weeks, and 10 weeks. This sounds like the beginning of a /. poll...
How long do you think it will take for Blu-Ray DRM to be cracked?Parent
Re:The makings of a decent /. poll (Score:5, Funny)
I already cracked it. I'm just waiting for them to release something with BD+ so I have something to decrypt.
Parent
Missing options (Score:5, Funny)
Parent
In some ways yes... (Score:4, Interesting)
* examine the host environment, to see if the player has been tampered with. Every licensed playback device manufacturer must provide the BD+ licensing authority with memory footprints that identifies their devices.
* verify that the player's keys have not been changed.
* execute native code, possibly to patch an otherwise insecure system.
* transform the audio and video output. Parts of the content will not be viewable without letting the BD+-program unscramble it.
Imagine something close to, I make a disk with a BD+ program that once I have the program loaded I can eject the disk and put in a protected one, the BD+ can help circumvent the protection, and circumvent the BD+ on that disk. Vuala! BD+ makes it easier for me to copy.
Re:In some ways yes... (Score:5, Insightful)
Or to execute malicious code and send all your private information to somebody.
Stay away from Blu-ray computer players.
Parent
Re:In some ways yes... (Score:5, Interesting)
Ah yes, indeed. You do miss something there though: The response has been signed using a public key, and that's sitting in circuits covered in epoxy. Thus The all powerful vm will say: Here is my checksum, and here's the signature for it. This is a very smart design. Not to mention that the cd includes a physical feature: BD-ROM mark, which is a small amount of cryptographical data that is stored physically differently from normal Blu-ray data. Bit-by-bit copies that do not replicate the BD-ROM Mark are impossible to decode. A specially licensed piece of hardware is required to insert the ROM-mark into the media during replication. Through licensing of the special hardware element, the BDA believes that it can eliminate the possibility of mass producing BD-ROMs without authorization. (wiki/blu-ray)
The more I read about this the more intriguing it gets.
Parent
Probably not (Score:5, Funny)
Unfortunately, this alienates most of the Chinese player manufacturing market. But it does have the bonus of coming with a free monkey.
Lets make a movie starring the DRM monkeys and then post it into the intertubes! This would send an inverse monkey (also known as a something awful member) past the event horizon, causing the entire twisted fucked up backwards universe that the movie industry lives in to collapse upon itself!!!
FREE MONKEYS FOR ALL!
Always keep your words soft and sweet... (Score:5, Insightful)
To quote Bruce Schneier, "Making bits not copyable is like trying to make water not wet." I dunno 'bout those Doom9 guys, but I know enough of Bruce Schneier's work to trust his opinion on this one. I don't know what the digital-media landscape will look like when all this settles out, but I *don't* think it'll be neatly and unbreakably wrapped in DRM containers with price tags on.
The funny thing with these quotes... (Score:4, Insightful)
Who're the most important in the success of a product?
Re:The funny thing with these quotes... (Score:5, Insightful)
The real customers care about what format has the most movies available.
The movie execs care about what format they feel protects and enhances their product the most.
Tada. Riddle solved. If the target audience for HD-DVD is going to be limited to "those who care about the DRM being cracked" then...HD-DVD is very, very doomed.
Parent
Re:The funny thing with these quotes... (Score:5, Interesting)
PS: I love Behind the Counter [blogspot.com].
Parent
2, 4, 6 8... (Score:5, Insightful)
Hmm, they seem to have skipped 8. The amount of gall in this little article (which is the PDF) is amazing. AACS was "partially" cracked. BD+ is a second line of defense, four times as safe, and just like six weak locks that you don't think work, which, by the way, is magic.
What is this guy smoking?
Re:2, 4, 6 8... (Score:5, Funny)
"If you see an apartment in a rough part of L.A."...
We may not know what this guy is smoking, but we know where he bought it.
Parent
What is the true purpose of the message? (Score:5, Insightful)
2) Go ahead, hacker, I am taunting you.
3) Consumer, buy Blu-ray discs because your local pirate won't be stocked for years.
4) Vendor, HDDVD is hacked, go with us for more sales instead of losing untold billions in piracy.
I'm sure there is an actual reason.
It's not really just an encryption scheme, though. (Score:5, Interesting)
http://www.cryptography.com/technology/spdc/bluray
This means that each Blu-Ray disc has a computer program compiled to execute within a proprietary, secure VM. What this means is that each disc has a program built into it whose purpose is to boot, validate that it is running on licensed hardware, enforce security policy, and if those checks are met, extract a key from its own memory and play the content.
What does this mean for people attempting to defeat the security?
Well it means that a full crack of BD+ will require crackers to implement a virtual machine which acts in exactly the same way as the hardware VM would act. This represents a what I will casually call a "larger challenge" than defeating CSS or AACS, in which you have to decrypt a key or a list of keys. In this case, you have to come up with something which can determine the full dynamic runtime execution path of a static binary - a currently unsolved problem in Computer Science, despite numerous attempts to do such a thing by some of the world's brightest minds.
Just putting the same source code through a randomizing compiler/packer/obfuscator of the types that game companies have been working on for a while makes the challenge immensely harder. Precedent? http://spa.jssst.or.jp/summer-2005/paper/05046.pdf [jssst.or.jp]
There's too much to talk about.
And who's deployed this type of technology already? Who has a secure virtual machine with secure bytecode doing challenge-response to determine hardware legitimacy? People Who Care: a lot [216.239.51.104].
The other major problem is that the challenge-response authentication made by the program contained in the disc against the embedded hardware will require a "real" cert to succeed. Yes this is the TPCA/Palladium "sky is falling" scenario come to pass. Either the implementors made a cryptography implementation mistake, or someone with a scanning, tunneling electron microscope figures out how to defeat the epoxy guards and actually read the private cert material off a chip, or someone with a previously unheralded supercomputer or mathematical technique breaks the key from a known subset of challenge/response pairs... - or, it will remain unbroken. It is strong, known algorithm public key cryptography.
What's really interesting about all this is if someone DOES find a way to break BD+, there is really strong incentive for them to use it to break & release movies rather than release code which performs the break. Why? Get yourself a windows VM and download all the latest in DVD-breaking binaries: ripit4me, dvd decryptor-last, dvdshrink-last, etc. Then set windbg to be your default debugger, and start trying to break very recent DVD releases. What you'll find is that the entertainment company is employing people to literally find security holes in the input to the cracking tools - the dvd image itself, and then embed "exploits" into their dvd images. There is data on those discs that has no other purpose than to crash certain binaries. It becomes obvious once you trap execution in a debugger and know a little bit about x86 asm. Don't get me wrong, they're not executing arbitrary code, just causing a DoS - but that's only because they know they can't. Some of the conditions they've found and abused are CERTAINLY exploitable. But they also know that putting shellcode in their DVDs defeats plausible deniability, which is a hell of an asset.
Now push this knowledge forward to BD+. If someone actually manages to set up a "shim VM" that executes BD+ language and acts as a proxy between secure hardware and the bytecode, and RELEASES that VM, then we know the entertainment companies are going to enter a reverse engineering arms race. They're
Sigh, I hate to burst your bubble... (Score:5, Interesting)
It's a fucking Java VM. It's not anything bizarre. It's Java. Completely free VM implementations for Java already exist.
Oh, how do I know it's a Java VM? =) I know the people at IBM who wrote the Java VM that's used to play BD+ Blu-Ray discs on the PS3.
Parent
Re:Sigh, I hate to burst your bubble... (Score:5, Informative)
The SPDC VM is not Java. I don't think you've asked the right questions of your "people at IBM who wrote the JVM used to play BD+". Here's Avi Rubin describing the SPDC VM [securityevaluators.com]:
(In case you're wondering, the JVM is not a "MIPS-like instruction set on 32-bit registers with a Program Counter and an Instruction Filter" --- but that wouldn't stop you from implementing such a VM IN Java, just as the JVM is itself rarely implemented in hardware --- thus the "V" in "VM".)
The person I know who's involved with BD+ [root.org] co-designed BD+.
Parent
Re:It's not really just an encryption scheme, thou (Score:5, Insightful)
In this situation there is nothing at all like this going on. We know that the code on the BluRay disk produces whatever output lets you view the disk not only in finite time but after a very short time.
In fact this situation offers no additional security over a well designed public crypto system AT ALL except for obscurity. The instructions for the virtual machine are just a very complicated sort of key, one that anyone who can crack the base level encryption can view. The memory footprints and all that jazz are only fancy ways of implementing a private key.
There are damn good reasons that the people who implement public key systems and symetric ciphers don't use VM instructions as their keys. A good crypto system is built around SIMPLE and well known mathematical problems because extra complications just provide more places an attacker can find a clever short circuit that you didn't think about. The only reason to think a crypto system is secure is because you think that the attacker doesn't have any shortcuts to compute things in the other direction much faster than brute force. The more complications in your system the more places he could discover a clever trick to undermine your security.
As I argued in my other post the benefits of the BD+ VM aren't really about security but about control. It doesn't make things much harder for the hackers but it does let the content producer execute more control over when things are decrypted. The only security advantage BD+ brings is obscurity and possibly the use of a better underlying crypto system than what AACS uses (the part that decrypts the VM at the beginning).
Parent
Re:It's not really just an encryption scheme, thou (Score:5, Informative)
Now it is true that for some programs determining what inputs that program halts on is an undecidable problem (consider an interpreter it executes it's input reducing this to the halting problem) Hence the reason I was quite careful to specify that I was talking about a program known to halt '(on a given input)'. In case that wasn't clear let me spell out the theorem more precisely: there is a program S(i,x) so that if the i-th Turing machine halts on input x S(i,x) outputs the states (tuples of tape, head etc..) that Turing machine enters while executing on that input. I mean fuck if we really want to get stupid about this there are only a finite number of programs/input pairs that could be encoded in all the molecules used by the Blu Ray disk/player so there is some program (a giant case statement) that tells you how each one of them behaves.
Of course such a program is totally useless and irrelevant to the question of cryptography. Thus the reason I pointed out that the halting problem simply doesn't apply here. The question in cryptography is not whether something can be computed but whether it can be done so efficiently.
--
Now I won't claim to be an expert in cryptography the same way I am in recursion theory aka computability theory but I do know a fair bit about it (being a mathematician some stuff leaks out) and you are pretty confused.
Just consider the S-box in a normal symmetric cipher (like DES). This tells you how to modify some of the bits of your input based on the value of other bits, i.e., the value of some bits of the content you are decrypting tells you how to change the value of other bits. If you wanted to you could describe this just the same way you did the BD+ VM system. Each encrypted piece of content comes along with instructions that execute on the S-box VM (and lots of other components) that tell you how to modify other bits of the input.
Any block cipher works by letting some bits read from the input affect how you decrypt other bits. The only question is how you do it. If you could make your cryptographic algorithm more secure by exchanging nice simple things like S-boxes for complex computer like VMs they would be doing it.
So what about your claim that BD+ lets them modify the cryptography after a break making it more secure? Well like AACS does, they can revoke the keys of compromised devices but the VM plays no role here. BD+ can't do more than this as Blu Ray players bought next year need to be able to play Blu Ray disks in 3 years which means there must be some pre-established algorithm that lets the current players decode the future disks. That algorithm IS the cryptosystem, calling it a VM doesn't change anything.
At the highest level of abstraction things ALWAYS look like this. Player has some secret information. The information on the disk is somehow encrypted so that it is (supposed to be) hard to compute the content stream without the secret info. The player applies some algorithm (in this case runs the virtual code in a VM after doing some other cryptographic verification) that then produces the content stream as a function of the player secret and the data on the disk. Making this function more complex by sticking a VM inside it only makes the decryption algorithm more obscure. Once you've figured out the algorithm in the BD+ docs, i.e., the non-secret part all the manufacturers get, it's just another cryptosystem.
The reason the Palladium/TPM people use VMs and the like isn't because they make things more secure. If all you wanted to do was prevent unauthorized people from reading your HD you would just encrypt it with a nice symmetric cipher and be done. They implement a VM because it gives them more control. So long as the system'
Parent
A question or two (Score:4, Interesting)
Break BD+ ? Inconceivable! (Score:5, Funny)
Let me put it this way: have you ever heard of Plato, Aristotle, Socrates? Morons.
It simply doesn't matter... (Score:5, Insightful)
If not HDCP directly, then the processor to LCD data path for some el-cheapo monitor which supports HDCP. There's always some point in the chain where protection is weak, or simply doesn't exist.
It is simply a futile endeavor as long as the consumer ultimately gets access to (i.e. can view/listen) to the content. Of course, they have no product if the consumer can't.
So HD-DVD is better for me as a consumer? (Score:5, Insightful)
The word from Doom9 (Score:5, Interesting)
BD+ isn't about security it's about CONTROL!! (Score:5, Interesting)
The basic idea here is that BD+ allows the BluRay maker to embed virtual machine code (and apparently native code) on their disks which are then executed on the host machine. This code then somehow verifies that the host machine is uncompromised (memory footprints apparently) and then executes whatever process is necessary to decrypt the key that allows content access. Now it seems likely that there is some additional decryption process similar to AACS that decrypts the BD+ virtual code. Perhaps this decryption process is implemented better than the one in AACS but that is the only security advantage BD+ provides.
The only extra security that BD+ can offer over an AACS type system is security through obscurity. There has to be some general cryptographic process to decrypt the BD+ VM instructions. Once decrypted an attacker who is aware of the BD+ standard just needs to emulate the virtual machine and have it pretend it is a valid device to access the content. The BD+ people can talk all they want about memory footprints and tamper checks but these are just a complicated private key for the device. Separating out these functions and putting them in a VM just makes the specification of the encryption scheme more complicated (and more obscure) but doesn't fundamentally increase the security.
So why do the studies want BD+? Well maybe they've been taken in by the claims of extra security but the more plausible reason is that they want the extra control BD+ gives them over their content BD+ might not be a real impediment for the serious pirate/hacker but it does allow the movie studios to implement even more fine grained control over how you use their content. The virtual machine might be set up to prevent you from watching the movie more than once, from using a streaming feature of the device, from using it after some fixed time. Imagine, for instance, movie companies creating tiered pricing based on how many rights you want to have. Say make you pay more if you want to stream it. Disney might release their next version of Aladdin on DVD in two classes. The 'gold' class that lasts forever and the standard class that only lasts 5 years. Well you get the idea.
So no I don't buy the argument that this feature makes the system much more secure (except insofar as it might eliminate some fuckups in how the AACS system was defined) but it certainly is in the Blu Ray consortium and movie theater's interest to portray it this way. Maybe this explains the much wider adoption of Blu Ray by the theaters.