AACS Device Key Found 351
henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."
Re:Will they actually do it? (Score:5, Insightful)
Re:Will they actually do it? (Score:5, Insightful)
Introduction of hardware DRM (Score:5, Insightful)
Of course such restrictions would make debugging your own programs harder if it was always on.
Go to plan B (Score:5, Insightful)
Sure it will be somewhat inconvienient and more expensive for customers, but that's the price they are choosing to pay when they turn a blind eye to piracy.
Re:Will they actually do it? (Score:4, Insightful)
Now we go one baby-step down the path where debugging tools like the ones used by these "hackers","pirates", and "anti-establishmentarians" require a license to own and use, because tools like this can apparently cause more damage to our society than an unlicensed firearm can do in a school...
From The Right To Read [gnu.org]:
--jeffk++
Re:Will they actually do it? (Score:5, Insightful)
Assuming they keep their word, and revoke the keys as they're found, software players will become nearly unusable, with patches every few weeks to update the key, attempt to obfuscate it more, and make it usable with new disks again. If they go that route, it's only a matter of time until software HD-DVD/BR players are permanently blacklisted and cease to exist. Consumers won't like that much. We'll see special cables running from new drives to new video cards, because consumers will not put up with a lack of being able to play HD discs on their computers. And the ones that bought software players will be ROYALLY pissed.
If they let it slide, or just sue the people who found the key in the memory dumps, but do not revoke software player keys there's STILL no way to put the cat back in the bag - HDDVD/BR content protection is finished.
Which way will it go?
I don't know what is the idea behind this (Score:2, Insightful)
Re:Introduction of hardware DRM (Score:5, Insightful)
This is crackable anyways. The original Xbox was cracked by someone building their own data sniffer hardware installed on the system bus. No kidding. People will go to pretty much any length, including hardware modification, to break out of constricting usage limitations (aka DRM)...
Re:Fair-use community? (Score:1, Insightful)
key in memory - on some PCs yes (Score:5, Insightful)
It will work something like this:
There will be two channels of data, one from the media source to the dongle, and one from the dongle to the playback device.
The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.
The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.
The dongle will be a "black box," protected by hardware features and possibly legal protection: "Tamper with this for the purposes of understanding it and go to jail."
The dongles will be handed out like candy for little or not profit, but they will be revoked individually if any one is compromised. People concerned about privacy and tracking implications will trade dongles or simply buy them by the bucketful.
I don't know if these dongles will be USB dongles or if they will be on a faster bus or maybe even connected directly to the video playback circuitry.
Mark this post, it may prove useful in challenging future dongle patents.
Re:The hackers are moving too early... (Score:4, Insightful)
Ultimately, the only real way to protect content is going to have remote-controlled content-monitoring LCD shutters surgically implanted in everyone's eyes as soon as they are old enough to enjoy TV (and these creeps would do just that if they could get away with it.) Anything else will be circumvented sooner or later, which they know perfectly well. It's also why the content companies are pushing so damned hard to export US/EU-style IP law around the world and have copyright infringement treated as a heinous crime akin to murder. Once the cops (everywhere) are accustomed to treating copyright infringers as serious criminals, the MPAA and their ilk are hoping and praying that people won't do it anymore.
I think they will be disappointed. I hope they will. There aren't enough jails to hold everyone that ever violated a copyright, or exercised fair-use rights in countries that support them.
Re:Miserable? (Score:5, Insightful)
Re:Will they actually do it? (Score:2, Insightful)
Ugh (Score:5, Insightful)
- WinDVD is not handling its device key in a secure manner
- WinDVD cannot be trusted
- WinDVD won't be getting another player key
Or even worse:
- WinDVD did its best to protect its device key
- It's impossible to protect a device key in a program that people can reverse-engineer [true]
- We'd better not allow any software to read AACS-protected content
Although this may all be moot anyway, as they can extract future process keys with relatively little effort (though it'll be a lot more effort if hackers have to break hardware systems instead of software).
DRM is provably insecure (Score:5, Insightful)
Re:whoopty doo (Score:1, Insightful)
Re:Will they actually do it? (Score:3, Insightful)
Fortunately, it's still in infancy :) (Score:5, Insightful)
So, of course; don't buy them. Tell your friends not to buy the, and spread the word. If technology was selected based on worth and merit, we'd all have been using beta-max and mini-discs. But consumers don't always go for quality, innovation or convenience. Most often they like whet their friends have, they like what they already have, and sometimes? They just follow the pr0n industry (uh oh, did i just predict the HD-DVD?) THe point being, this one is easy to 'nip in the bud.'
Now, if you were to start a large-scale boycott of xxAA products? That would rock the boat. But I'm not holding my breath for you.
Re:Ugh (Score:3, Insightful)
here is a little secret for you. Hardware players do not exist. every HD-DVD player and Blu Ray Player is a software player. and hacking those is not any harder, just requires different tools they have to be built or bought instead of warezed off of a bittorrent site.
Re:Will they actually do it? (Score:1, Insightful)
Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has.
Margaret Mead
Re:Will they actually do it? (Score:3, Insightful)
Making a key per player copy is infeasible. How would you do that? Basically, every disk would need to have the data encrypted with each player's key. That number would be in the millions.
Not if you're trying to prove a point ... (Score:5, Insightful)
If you're trying to demonstrate that DRM is futile waste of energy, it's in your best interests to release as early as possible.
Releasing an exploit a couple of years after the technology is first released gives people the impression that the DRM was "good" for those two years. On the other hand, releasing the exploit a week later drives home the point that the copy-protection racket is selling nothing but snake oil.
Re:Will they actually do it? (Score:3, Insightful)
Re:fair-use community? (Score:3, Insightful)
Re:key in memory - on some PCs yes (Score:5, Insightful)
First off, this isn't even remotely new. Dongles for copy protection are as old as the concept of copy protection. AutoCAD used a dongle. I'm sure there are dozens of other examples. But they haven't been widely implemented for the same reason this won't be. Cost.
It's too expensive to ship a sophisticated $20 part with a pressed disc that costs $1 to make and you're selling for $20. Dongles have only really been used in very expensive software packages for this reason.
Also, the whole content industry is moving to a "download over the Internet" model. Bill Gates was right when he said this is likely to be the last physical format war. Any solution that is not software only is a non-starter in this context.
The dongle will decrypt data from the media source, or possibly ordinary RAM. In some cases, will be done with the aid of software tokens purchased from rights owners. In others, it will merely verify region, time-expiration, and other restrictions embedded in the media are complied with. In some cases, part of the key will be downloaded from the Internet in real time, or a time-bombed key will be renewed at regular intervals.
If you're going to require an internet connection, what's the point of the dongle? Just make the user verify the key in real time against the server for every play. This would already have been implemented if they thought users would stand for it. They won't.
The dongle will re-encrypt the data so the playback hardware can play it, but memory-snoopers can't access it.
This makes no sense. The playback hardware presumably doesn't have encryption capability. If it does, and it has the encryption hardware built in, what is the point of the dongle? You're also expecting a DONGLE to decrypt, encrypt, and transfer HD video in full resolution all in real-time. That's a pretty beefy dongle. See above for the cost issues.
I think it's worth expanding on this point. Do you really understand how sophisticated the dongle you're talking about would have to be? It would have to include a CPU, memory, and storage to do the encryption. And how they're totally useless unless you ship a SEPERATE one attached to EACH video you want to play? The keys have to be individual for each "disc" (or instance of video) and ROM-burned, not flashable. The idea of some sort of "dongle vault" or multikey that allows you to used multiple stored keys is fatally flawed for a vast number of reasons. The most basic being that it would make hacking the dongles extremely attractive.
Now if you're thinking of "embedding" this dongle into the computer itself, it's been done. This is the whole concept of the TPM chip and concerns about it being used for DRM. This solution is also not feasible for any number of reasons.
I don't know if these dongles will be USB dongles
No, it will have to be a proprietary interface. USB is too easy to sniff.
maybe even connected directly to the video playback circuitry.
So users are going to have to crack their case open every time they want to play a video? I think not.
Mark this post, it may prove useful in challenging future dongle patents.
None of this is either novel or practical.
Re:Care to show a proof? (Score:3, Insightful)
At some point between the information and your eyes and ears, the information must be in "plaintext." (Otherwise you can't see it or hear it.) At that very point, the information stream can be intercepted and stored. This is true even if we have jacks in the backs of our heads to accept personal AV signals.
Here's another way to look at it: in the theoretical environment in which the decryption takes place, the person playing the part of consumer also plays the part of adversary. DRM systems give information to the adversary in plaintext. Alice wants to send a message to Bob. But she wants to send it to Bob in a way that Bob can't comprehend it... but he can, but he can't...
Yeah, so it's brain-dead. But there you go.
Most cracks happen earlier than between the emitter and the eyeballs. As long as the digital signal is converted to an analog signal in an environment that can be totally observed, the process of decryption can be observed and replicated. If someone ever designs a perfect black box, we'll possibly have no way to capture the digital signal. But we'll still be able to capture it before it reaches the eyeballs.
This is as close to a proof as you're likely to get on Slashdot.
Re:what about memory encryption? (Score:3, Insightful)
Re:Care to show a proof? (Score:3, Insightful)
Re:DRM is provably insecure (Score:4, Insightful)
Re:Fortunately, it's still in infancy :) (Score:4, Insightful)
I think that where MD really fell down was that Sony hadn't quite realized that people were ready to start treating their music as a digital resource that could be manipulated by computer. MiniDisc is a format that is based around MD player/recorders functioning as single-use appliances. Most people changed how they thought about music somewhere between 1996-2002, depending on how wired they were. They realized that music formats were digital and that music could be downloaded, stored, and manipulated on computer. MD was a format that didn't allow these functions, and so it was useless. Not a bad format for what it did, but it missed a shift in how people thought about what music did.
As a side note, I think that the same shift is happening with television. It's taken longer to catch on, but now everyone's starting to understand that the episode of Lost they missed doesn't mean they have to beg to borrow a tape off some friend because it's on the internet and can be downloaded if they want to...
Re:The "Man" is me. (Score:4, Insightful)
And I believe player pianos were supposed to break musical profits. and TV was supposed to break movies' business model. and cassettes were supposed to destroy record companies. And Valenti compared VCRs to the Boston Strangler. And music and movie downloads are supposed to break the RIAA and MPAA members. Both outfits are making more money today than they did last year, and the year before.
You are wrong. And you've bought laws to invade our lives and put grandmothers in prison. The least we can do is break your balls, over and over and over.
and please, do, go out of business.
Re:Fortunately, it's still in infancy :) (Score:5, Insightful)
A lot of the time it seems like Sony exists solely to push their proprietary formats
I'm not quite sure what the logic is behind creating their own format for everything (Memory Stick instead of CF or SD, ATRAC instead of MP3 or Vorbis, Blu-Ray instead of HD-DVD)... seems to me that the R&D money could have been spent elsewhere, perhaps on more useful things.
Of course (Score:3, Insightful)
Now that picture and audio quality is already better than humans can perceive, I wonder what new marketing bullshit feature they'll come up with this time to persuade the public they really need spend thousands more on yet newer hardware just because it has even more restrictive DRM and no bacwkard-compatability.
Look out for super ultra mega HD resolution media and players with 12.1 audio and smellyvision coming to your local store soon!
If only they had peer-reviewed... (Score:2, Insightful)