AACS Device Key Found

henrypijames writes "The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to locate the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now."

Will they actually do it?

[LiquidCoooled]

Will they actually do it?

Will they actually revoke these software players from all new disks?
Its time for them to put their money where their mouth is and actually block access to these broken players.

If they allow it to continue, all their movies will be piratable (insert oh noes! here).

I wonder how pissed off people will be if they can't play their new movies?

Re:Will they actually do it?

[ijakings]

Of course they will. Remember who we are dealing with here. These people take old pensioners and small children to court over the flimsiest of evidence... they dont have much of a Public image left to lose.

selling a secret to consumers...

[LackThereof]

This was only a matter of time.

You can't sell a product with a "secret" key inside it to tech-savvy consumers and expect it to remain secret for any extended period of time.

It just won't work. It's time for this incovenience to end (not that it will).

The hackers are moving too early...

[Anonymous Coward]

They are going too soon. None of the HD formats have "taken off" yet (in any mass market sense - they are high end luxury goods).

DeCss worked because there were a good few million players out there - CSS couldn't be replaced - the critical mass numbers had been passed.

I just get the feeling that the hacker groups are just doing the media companies work for them - use them to show up all the holes then go and make some major modifications before the product goes mass market (which isn't going to be for another year or three the way things are looking at the moment).

Re:Introduction of hardware DRM

[romland]

In the long run this wouldn't work anyway, at least not on PC's as we know them today. For every device released on the market (be it a media player or some software that types your thoughts) you'd have to plant new DRM in your box, think it would fly with normal users? Doubtful.

The other side of the coin would be if [they] implemented an API to insert new DRM into this protected environment on your motherboard... well, there you go again, back to square one.

The only way this DRM will actually work is to release hardware only products; and not even that is 100% safe. But hey, look at Xbox360, it's standing up good against the hackers. (Yes, you can still pirate the games, but that is not due to the XBox firmware being hacked, it's the DVD players).

Okay that does it

[Anonymous Coward]

Would someone PLEASE explain once and for all how AACS works? How is this any different from the previously found keys?

How many keys are there? Why aren't there just one? What's the difference? IS there any difference?

Is this better than the last key uncovered? Are there more keys to uncover?

What is the final ACCS "key"? How many levels are there?

I'm not being ignorant, I'm just confused, and I'm sure I'm not alone.

Thank you.

This is great news

[(H)elix1]

I've got one of those 30" dell monitors. Problem is it does not have the fancy encrypted link, so 'useless' as a blueray/hd-dvd monitor. With this stuff getting cracked, I am looking forward to VLC playing not only my stack of DVD and whatever the next generation of movies I end up buying and re-encoding.

Re:Miserable?

[Anonymous Coward]

My parents bought a DVD with a narrated tour of some ruins they visited on vacation outside the country in order to show their friends. It wasn't region 1, so they couldn't play it. They, like the average non-geek, had no idea about region coding, and of course didn't know that they had to look for a certain "type" of DVD.

When I explained to them why their disc wouldn't play, they were mad. When I gave them a working copy of the disc, they were happy.

Re:key in memory - on some PCs yes

[Anonymous Coward]

In future, patent your idea and give it to the FSF or some other fanatical anti DRM organisation. If you don't have the money to pay for the patent then I will donate (at least a large chunk) of it personally (via the FSF - make your need for money pubic, not what the patent is).

Re:Miserable?

[Anonymous Coward]

I put a DVD in the player, and most of the time the brightness keeps fading in and out. My DVD player is connected to my VCR which is connected to my TV which has only one input. Apparently somebody expects that I copy a DVD to a VHS tape and tries to prevent that by requiring the DVD player to afflict the output signal with Macrovision. I think I don't need to explain how utterly idiotic and counterproductive that is.

Now, just like DVDs...

[Anonymous Coward]

HD-DVD and Blu-Ray are for the first time suddenly becoming more appealing to me, and I might buy some.

Like most of us, I never did embrace the original DVDs until the copy protection on those was broken, too. Ever since it was, I have bought plenty of them.

Re:Will they actually do it?

[Mad Marlin]

Someone needs to find the key for the PlayStation 3. That will really twist Sony's panties in a knot. Must protect BluRay ... Must protect PlayStation 3 ...

Re:key in memory - on some PCs yes

[SteveAyre]

However, if you find a way to claim to the device that you're a legitimate player, then the dongle will be sending you the media stream in a form you can decrypt so it'll be no different to normal really.

As a refinement to the idea, the dongle could send the decrypted video straight to the video card to play on an overlay. That would probably work better since it wouldn't be so easily circumventable.
However even then 1) you could circumvent it using custom hardware snooping the video card's data bus and 2) it'd mean all codecs etc would need to be on the dongle, which'd prevent new codecs being introduced or old ones being patched - firmware updates wouldn't be possible as that would provide the program code which could be decompiled to retrieve the key (even if it was encrypted someone would crack or leak the key).

The problem is that there's ALWAYS the ultimate analog hole - at some point it has to be playable so that we can actually watch it. That means the customer's device must decrypt it at some point and that means there's always going to be some way of getting at the data. They're fighting a battle they've already lost. They're just making customers and their hardware jump through endless loops, some of which are harmful to the customer, while not actually doing anything which'll stop the really determined people (pirates).

Re:Fortunately, it's still in infancy :)

[dangitman]

Well who's torsos are we talking about here? I mean, is it my torso? Or perhaps Condoleeza Rice's torso?

Sooner or later it's going to be your torso, unless you keep buying product. I didn't want to have to do this, but as nobody seems tyo be getting the joke [penny-arcade.com]

Not the same quality as CDs, but certainly good enough for a portable player. They're much smaller than CDs, and don't skip as much.

I guess they aren't the worst format ever invented, but they don't really fit anywhere. They're not quite good enough for professional use, but they were too expensive and user-unfriendly for recreational use. Most people can't stand the interface of minidisc players. Some players made it really hard to work out how to even start a recording.

The other problem was that to get the audio off the device onto your computer, you had to play back the content in real-time. I don't know of anyone who had a minidisc drive in their computer which could read the disc as data. Same for transferring audio from the computer to disc. May as well use a proper DAT tape if you have to do that.

The blank discs were also expensive, and when they did introduce the "Net MD" that could connect to a computer, the Sony software sucked, and it was full of proprietary formats.

Compare to the CD - cheap, ubiquitous, and you can rip or burn an entire CD in minutes - which was standards-compliant and could be used almost anywhere. Plus it has better audio quality.

Of course, as I write this, I'm listening to my iPod, which would answer why MDs didn't take off

Which is why i don't understand why Sony made the MD format. It wasa obvious that hard drives and flash memory was the future - and they introduced a new optical audio disc right at the end of the optical audio disc's popularity and usefulness. Kind of like someone releasing a new line of 5.25" floppy disk drives with improved storage, at the same time as almost everybody had moved to 3.5" floppies.

Why didn't Sony just release their own "iPod" instead? They could have made a "pro" line of HD-based players that had professional quality audio inputs for recording, and a "consumer" line focused on playback, portability and fashion.

Re:Miserable?

[cptgrudge]

But then, I'm not trying to do something with it that I shouldn't, like copying it when the purchase agreement clearly says I'm not suppose to...

What purchase agreement? I agreed to nothing when I bought it. And I'll do whatever the hell I want with the property that I own. Much like I don't use CDs anymore when playing audio content, I don't want to use DVDs when playing movies. So I rip and watch on a HTPC. The process is much more complex than ripping an audio CD, mostly because of the DRM.

The physical media that we buy can become scratched and broken, even when we take care of it. And thanks to the convenient duplicity of ideology that is held by the content companies, we are said to be buying only a license to the content, which happens to have a copy along with it on the media. Good luck getting replacement media so you can exercise that license if a disc happens to get scratched. They want to have their cake and eat it too, so we get, "You should take better care of your discs." and DRM protecting the content.

This is BULLSHIT. There's really no way to get the message across to them, so no more. I won't buy another movie on DRM-protected media. Until they change, or offer a (paid for) download of the video without DRM, I won't be buying another movie. I'll rent from an online source and rip to a media server. Yeah, I'll still watch them and get the content, but I won't purchase the discs anymore.

Illegal? Probably. Unethical? I don't think so, and really, I don't care.

Re:Will they actually do it?

[swillden]

How large can r get before there's some serious performance issues (either filling up the disc or requiring a long boot-up time)?

Each copy of the media key consumes 32 bytes. 16 bytes for a descriptor and 16 bytes for the encrypted key. So, on average, the publishers have to use another 40 bytes of disk space per player key published. Given that single-layer HD-DVDs hold 15,000,000,000 bytes, they have plenty of space to handle any conceivable number of revoked players.

I went through some numbers in this comment [slashdot.org]

As for startup time, the process of comparing each descriptor in the MKB to the device's own "key path" is quite efficient. It requires four 32-bit integer operations, two ANDs and two comparisons. On average, 50% of the checked descriptors will fail after the first AND/compare and the second pair of operations can be skipped entirely. Even a very low-powered processor will be able to check over a million of descriptors per second.

Reading the MKB might be a bigger issue, and it's not very big. The nominal data rate of HD-DVD is 40Mbps = 5MBps. For one million revoked keys, it would take a device eight seconds to read the entire MKB from the disk. BUT, even first-gen players are probably capable of somewhat higher data rates, reducing that time -- and 8 seconds is only mildly annoying anyway. I also highly doubt we'll see a million revoked devices unless they decide to revoke large blocks (all of a particular model, for example), and contiguous blocks of devices require far fewer MKB entries to revoke.

No, I think the key revocation scheme is eminently workable, except for one thing: If the hackers can just crack a nice, constant stream of devices, say, one per week, every released disk will be decryptable by the time it hits the shelves. See, publishers can only revoke players whose keys have been published. But it takes at least a week or two between the moment the disks are pressed and the time they hit the shelves. In the meantime, another player key set will be released.

So, while the math is cool, and the system does provide the ability to revoke individual players (something I would have said was impossible), it's unlikely that it will pose much difficulty to those who want to copy their disks.

Solution is easy, pity it's illegal.

[Kadin2048]

Rip the disc, disable Macrovision, and burn it back out to a blank DVD. Problem solved.

You can also get rid of the obnoxious "No UOP" functions, and other garbage. If you're like me, you can just do a title rip, and strip out all the crap besides the movie itself, and pretend you're in a theater. (Well, without the 15 minutes of ads and previews. So basically, not like a theater at all, anymore.)

I used to do this to most of my DVDs, but then I built a MythTV box, and started using its built-in DVD player, which is a beautiful little thing* that doesn't do anything besides just play the main title, sans mandatory-previews, menus, and other shit normally foisted off on the viewer by the studio. I tried testing a scratched disc in a regular player after getting used to it, and I wanted to claw my eyes out, just waiting for it to craw though the mandatory-view crud.

* I think it's MPlayer. If you really want, I think you can use Xine instead and get the menus back, but I'd sooner shove a hot poker in my eye.

It's those pesky users that are the problem.

[Kadin2048]

Simple on a computer today, sure. But if you follow the path laid by DRM and the desires of the studios and media companies, I'm not sure it would be so simple in a decade or so.

First they'll just make precompiled debuggers illegal. And then when that doesn't work, they'll make compilers illegal. And when people go after the hardware, they'll pot the whole motherboard in epoxy, doped with iron filing and wired with self-destruct mechanisms. And only signed code will run as root or system, so even if you do get a compiler, you'll have to somehow forge Microsoft Central Control's signature to run it on the bare metal. Oh, and the whole thing will probably brick itself if it doesn't dial in for re-verification and updates on a weekly basis. Hell -- don't even let the user install any software: if they want something, they can call Microsoft with their MasterCard in hand, pay for it, and it'll get downloaded to their machine overnight.

There's precedent for most of this already; the US government has already mandated that all VCRs look for and cripple themselves if they detect Macrovision signals, so it's really not much of a hop from there to a "full length" mandatory HDCP. Since the only way you can make DRM stick is by not letting the user actually do anything, that's the obvious solution. Just lock them out.

Re:Will they actually do it?

[TheVelvetFlamebait]

I don't think they care one way or the other. As long as they only sue "pirates", and vilify them to the public, they will have a Public image in some eyes.

However, the moment they start revoking players, the sh*t will really hit the fan. They'll have thoroughly pissed off legitimate users who aren't even trying to exercise any of their fair use rights (apart from watching the thing). This is the sort of thing that can really alienate their supporters (including politicians).

Re:Actually, they were, once.

[TheRaven64]

I was on my school's shooting team here in the UK. We had an armoury on the school grounds, with a load of .22 target rifles and L89s and a couple of LSWs (both SA 80 variants [wikipedia.org]. I used to shoot a couple of times a week. I haven't touched a gun since I went to university though; after a while they just got a bit boring (squeeze trigger, make hole in far-away thing gets old quickly).

Re:Fortunately, it's still in infancy :)

[jamar0303]

What? MDs are great! More durable than CDs and they can hold more data now with Hi-MD. I had an MD player all the way up until I got a cellphone that played MP3s. Sure, the first versions of SonicStage sucked, but the later versions work pretty well (the Japanese version does, at least).