AACS Device Key Found 351
henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."
Will they actually do it? (Score:5, Interesting)
Will they actually revoke these software players from all new disks?
Its time for them to put their money where their mouth is and actually block access to these broken players.
If they allow it to continue, all their movies will be piratable (insert oh noes! here).
I wonder how pissed off people will be if they can't play their new movies?
Re:Will they actually do it? (Score:5, Interesting)
selling a secret to consumers... (Score:2, Interesting)
You can't sell a product with a "secret" key inside it to tech-savvy consumers and expect it to remain secret for any extended period of time.
It just won't work. It's time for this incovenience to end (not that it will).
The hackers are moving too early... (Score:1, Interesting)
DeCss worked because there were a good few million players out there - CSS couldn't be replaced - the critical mass numbers had been passed.
I just get the feeling that the hacker groups are just doing the media companies work for them - use them to show up all the holes then go and make some major modifications before the product goes mass market (which isn't going to be for another year or three the way things are looking at the moment).
Re:Introduction of hardware DRM (Score:1, Interesting)
The other side of the coin would be if [they] implemented an API to insert new DRM into this protected environment on your motherboard... well, there you go again, back to square one.
The only way this DRM will actually work is to release hardware only products; and not even that is 100% safe. But hey, look at Xbox360, it's standing up good against the hackers. (Yes, you can still pirate the games, but that is not due to the XBox firmware being hacked, it's the DVD players).
Okay that does it (Score:2, Interesting)
How many keys are there? Why aren't there just one? What's the difference? IS there any difference?
Is this better than the last key uncovered? Are there more keys to uncover?
What is the final ACCS "key"? How many levels are there?
I'm not being ignorant, I'm just confused, and I'm sure I'm not alone.
Thank you.
This is great news (Score:5, Interesting)
Re:Miserable? (Score:4, Interesting)
When I explained to them why their disc wouldn't play, they were mad. When I gave them a working copy of the disc, they were happy.
Re:key in memory - on some PCs yes (Score:4, Interesting)
Re:Miserable? (Score:1, Interesting)
Now, just like DVDs... (Score:1, Interesting)
Like most of us, I never did embrace the original DVDs until the copy protection on those was broken, too. Ever since it was, I have bought plenty of them.
Re:Will they actually do it? (Score:5, Interesting)
Re:key in memory - on some PCs yes (Score:3, Interesting)
As a refinement to the idea, the dongle could send the decrypted video straight to the video card to play on an overlay. That would probably work better since it wouldn't be so easily circumventable.
However even then 1) you could circumvent it using custom hardware snooping the video card's data bus and 2) it'd mean all codecs etc would need to be on the dongle, which'd prevent new codecs being introduced or old ones being patched - firmware updates wouldn't be possible as that would provide the program code which could be decompiled to retrieve the key (even if it was encrypted someone would crack or leak the key).
The problem is that there's ALWAYS the ultimate analog hole - at some point it has to be playable so that we can actually watch it. That means the customer's device must decrypt it at some point and that means there's always going to be some way of getting at the data. They're fighting a battle they've already lost. They're just making customers and their hardware jump through endless loops, some of which are harmful to the customer, while not actually doing anything which'll stop the really determined people (pirates).
Re:Fortunately, it's still in infancy :) (Score:5, Interesting)
Sooner or later it's going to be your torso, unless you keep buying product. I didn't want to have to do this, but as nobody seems tyo be getting the joke [penny-arcade.com]
I guess they aren't the worst format ever invented, but they don't really fit anywhere. They're not quite good enough for professional use, but they were too expensive and user-unfriendly for recreational use. Most people can't stand the interface of minidisc players. Some players made it really hard to work out how to even start a recording.
The other problem was that to get the audio off the device onto your computer, you had to play back the content in real-time. I don't know of anyone who had a minidisc drive in their computer which could read the disc as data. Same for transferring audio from the computer to disc. May as well use a proper DAT tape if you have to do that.
The blank discs were also expensive, and when they did introduce the "Net MD" that could connect to a computer, the Sony software sucked, and it was full of proprietary formats.
Compare to the CD - cheap, ubiquitous, and you can rip or burn an entire CD in minutes - which was standards-compliant and could be used almost anywhere. Plus it has better audio quality.
Which is why i don't understand why Sony made the MD format. It wasa obvious that hard drives and flash memory was the future - and they introduced a new optical audio disc right at the end of the optical audio disc's popularity and usefulness. Kind of like someone releasing a new line of 5.25" floppy disk drives with improved storage, at the same time as almost everybody had moved to 3.5" floppies.
Why didn't Sony just release their own "iPod" instead? They could have made a "pro" line of HD-based players that had professional quality audio inputs for recording, and a "consumer" line focused on playback, portability and fashion.
Re:Miserable? (Score:5, Interesting)
But then, I'm not trying to do something with it that I shouldn't, like copying it when the purchase agreement clearly says I'm not suppose to...
What purchase agreement? I agreed to nothing when I bought it. And I'll do whatever the hell I want with the property that I own. Much like I don't use CDs anymore when playing audio content, I don't want to use DVDs when playing movies. So I rip and watch on a HTPC. The process is much more complex than ripping an audio CD, mostly because of the DRM.
The physical media that we buy can become scratched and broken, even when we take care of it. And thanks to the convenient duplicity of ideology that is held by the content companies, we are said to be buying only a license to the content, which happens to have a copy along with it on the media. Good luck getting replacement media so you can exercise that license if a disc happens to get scratched. They want to have their cake and eat it too, so we get, "You should take better care of your discs." and DRM protecting the content.
This is BULLSHIT. There's really no way to get the message across to them, so no more. I won't buy another movie on DRM-protected media. Until they change, or offer a (paid for) download of the video without DRM, I won't be buying another movie. I'll rent from an online source and rip to a media server. Yeah, I'll still watch them and get the content, but I won't purchase the discs anymore.
Illegal? Probably. Unethical? I don't think so, and really, I don't care.
Re:Will they actually do it? (Score:3, Interesting)
Each copy of the media key consumes 32 bytes. 16 bytes for a descriptor and 16 bytes for the encrypted key. So, on average, the publishers have to use another 40 bytes of disk space per player key published. Given that single-layer HD-DVDs hold 15,000,000,000 bytes, they have plenty of space to handle any conceivable number of revoked players.
I went through some numbers in this comment [slashdot.org]
As for startup time, the process of comparing each descriptor in the MKB to the device's own "key path" is quite efficient. It requires four 32-bit integer operations, two ANDs and two comparisons. On average, 50% of the checked descriptors will fail after the first AND/compare and the second pair of operations can be skipped entirely. Even a very low-powered processor will be able to check over a million of descriptors per second.
Reading the MKB might be a bigger issue, and it's not very big. The nominal data rate of HD-DVD is 40Mbps = 5MBps. For one million revoked keys, it would take a device eight seconds to read the entire MKB from the disk. BUT, even first-gen players are probably capable of somewhat higher data rates, reducing that time -- and 8 seconds is only mildly annoying anyway. I also highly doubt we'll see a million revoked devices unless they decide to revoke large blocks (all of a particular model, for example), and contiguous blocks of devices require far fewer MKB entries to revoke.
No, I think the key revocation scheme is eminently workable, except for one thing: If the hackers can just crack a nice, constant stream of devices, say, one per week, every released disk will be decryptable by the time it hits the shelves. See, publishers can only revoke players whose keys have been published. But it takes at least a week or two between the moment the disks are pressed and the time they hit the shelves. In the meantime, another player key set will be released.
So, while the math is cool, and the system does provide the ability to revoke individual players (something I would have said was impossible), it's unlikely that it will pose much difficulty to those who want to copy their disks.
Solution is easy, pity it's illegal. (Score:3, Interesting)
You can also get rid of the obnoxious "No UOP" functions, and other garbage. If you're like me, you can just do a title rip, and strip out all the crap besides the movie itself, and pretend you're in a theater. (Well, without the 15 minutes of ads and previews. So basically, not like a theater at all, anymore.)
I used to do this to most of my DVDs, but then I built a MythTV box, and started using its built-in DVD player, which is a beautiful little thing* that doesn't do anything besides just play the main title, sans mandatory-previews, menus, and other shit normally foisted off on the viewer by the studio. I tried testing a scratched disc in a regular player after getting used to it, and I wanted to claw my eyes out, just waiting for it to craw though the mandatory-view crud.
* I think it's MPlayer. If you really want, I think you can use Xine instead and get the menus back, but I'd sooner shove a hot poker in my eye.
It's those pesky users that are the problem. (Score:4, Interesting)
First they'll just make precompiled debuggers illegal. And then when that doesn't work, they'll make compilers illegal. And when people go after the hardware, they'll pot the whole motherboard in epoxy, doped with iron filing and wired with self-destruct mechanisms. And only signed code will run as root or system, so even if you do get a compiler, you'll have to somehow forge Microsoft Central Control's signature to run it on the bare metal. Oh, and the whole thing will probably brick itself if it doesn't dial in for re-verification and updates on a weekly basis. Hell -- don't even let the user install any software: if they want something, they can call Microsoft with their MasterCard in hand, pay for it, and it'll get downloaded to their machine overnight.
There's precedent for most of this already; the US government has already mandated that all VCRs look for and cripple themselves if they detect Macrovision signals, so it's really not much of a hop from there to a "full length" mandatory HDCP. Since the only way you can make DRM stick is by not letting the user actually do anything, that's the obvious solution. Just lock them out.
Re:Will they actually do it? (Score:2, Interesting)
However, the moment they start revoking players, the sh*t will really hit the fan. They'll have thoroughly pissed off legitimate users who aren't even trying to exercise any of their fair use rights (apart from watching the thing). This is the sort of thing that can really alienate their supporters (including politicians).
Re:Actually, they were, once. (Score:3, Interesting)
Re:Fortunately, it's still in infancy :) (Score:2, Interesting)