New AACS Crack Called "Undefeatable" 554
Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."
Re:Got it! (Score:0, Informative)
Re:Got it! (Score:2, Informative)
There may not be a compromised Blu-Ray drive (yet) but this will allow people to discover weaknesses in AACS itself, just like it was discovered afterwards that the CSS key on DVDs could easily have been brute forced within 24 hours.
teehee. it was inevitable. (Score:5, Informative)
"what physical science can devise and synthesize, physical science can analyse and duplicate" - e. e. doc smith (one of my favorite authors).
sorry almost forgot the obligatory 09F911029D74E35BD84156C5635688C0!
Re:Get 'em while you can (Score:4, Informative)
that did not even slow me down in the 80's and early 90's with the VideoCipher II boards. After 1 week we found a easy way to "unpot" the board and continue on.
I personally hope they try it, it will be amusic to watch their attempts fail as they try things that early hackers defeated decades ago.
Re:Get 'em while you can (Score:5, Informative)
The article is a little old, the links to the doom9 forum go to posts from early last month. Within a few days of those posts, there was a link to xboxhackers where they were able to accomplish the same thing without having to patch the firmware, ie, no desoldering.
You got that right. (Score:4, Informative)
With the size of today's hard drives, carrying around physical DVDs to watch on one's Powerbook just seems silly. Rip 'em (I personally think most movies look fine using MPEG-4 2-pass, target size of 700MB) and chuck 'em on your hard drive; uses a lot less battery power and it's one less thing to have to keep in your laptop bag.
Re:Erm (Score:3, Informative)
Re:Get 'em while you can (Score:5, Informative)
Re:Poor Sony? (Score:5, Informative)
Sony's probably really happy about it, actually. If they can show that HD-DVD is worthless, studios will drop it in favor of the far more DRM-heavy Blu-Ray.
There are things that Blu-Ray could use (they're in the spec) but possibly aren't at the moment.
Basically, HD-DVD only has AACS to protect it. It doesn't have region coding (yet?) or other crap that just didn't work on DVD (someone at the DVD Forum saw the writing on the wall for region codes and just didn't put them in for HD-DVD). Every HD-DVD/DVD combo has the Region 1 logo, followed by "DVD Only" - implying that the region code is strictly for the DVD part. Same goes on the HD-DVD player - Region 1 logo, "DVD Only".
Blu-Ray has the BD+ protection, plus something they call ROM Mark. And of course, region codes. Though, Sony at least tried to be reasonable, and instead of the 9-odd regions of DVD, they reduced it to 3. ROM Mark protection basically says every Blu-Ray disc has to have a fingerprint that tells the type of the disc, and who pressed it. So if a flood of pressed Blu-Ray discs come out, the Blu-Ray association can find out who pressed it, pull their license and shut them down. (And discs without said mark... just don't work). It also keeps stuff like movies from being played if they're on the wrong medium (e.g., BD-R).
Blu-Ray is far more technologically advanced (25GB/layer) than HD-DVD, however, the latter makes use of existing DVD production lines (trivial upgrade, which is why HD-DVD/DVD flipper discs are around), and uses lessons learned about DVDs to produce a better product (like the uselessness of region coding). I suspect that the DVD production tools also underwent just minor changes (support for new codecs and JavaScript) since the HD-DVD releases seem to be of better quality despite the fact that they're 20GB smaller (dual layer BD vs. dual layer HD-DVD) to fit the data... (extras and everything).
Re:Let's celebrate DRM (Score:2, Informative)
Re:At what point... (Score:5, Informative)
Wrong. See USC title 17 sections 107 thru 109 [copyright.gov].
Re:Didn't know they were there yet (mod parent up) (Score:5, Informative)
Strangely, this was announced April 9th, while the article was published April 15th.
Re:ZKP (Score:3, Informative)
And then somebody cracks it.
Re:At what point... (Score:1, Informative)
Them: "Sorry. How about, the right to private exhibition? Only $5."
You: "Now you're talkin'!"
Them: "So we have a deal?"
You: "Yep." [you hand them a fiver, and they hand you a DVD.]
[...]
Certainly the movie studios are obnoxiously attempting to prevent format-shifting, in order to sell you the same movie twice. But that doesn't mean they are violating any of your rights.
The Volume ID is just one piece (Score:5, Informative)
The Volume ID is a small bit of data that's stored partially in the lead-in section, and partially in some other non-data area physically on the disc (which I don't fully understand, and apparently isn't available in the public HD-DVD documentation and is only available under NDA). Compliant drives only read and provide the volume ID after completing a cryptographic handshake, which hasn't been broken yet. So now they've made a firmware patch so the drive reads the Volume ID without authorization, without going through the as-yet-uncracked crpyto authorization process.
The purpose of the Volume ID is to prevent copying a disc by simply copying all its data. Because the Volume ID isn't stored within the data sectors, it can't be read normally. Well, that is, without impersonating the software (which hasn't been accomplished yet), or without a modified drive that doesn't require the software to authenticate before reading and returning the data.
That's all. Just one piece, not a full crack of AACS.
Re:Undefeatable? (Score:3, Informative)
09f911029d74e35bd84156c5635688c0
$
"I swear you honor, my computer came up with it randomly"
Re:Let's celebrate DRM (Score:3, Informative)
Incorrect summary once again (Score:5, Informative)
QUOTE - Original post [doom9.org]
In order to decrypt a disc you need the keys the content is encrypted with. These we usually refer to as Volume Unique Keys (although technically VUKs give Title Keys which are used to decrypt the content but this amounts to the same thing). What is important is that VUKs cannot be revoked. In other words: once we have a VUK for a disc then the AACS decryption-protection is broken for that disc. AACS cannot undo this.
So how can we get VUKs?
There are several ways to get VUKs for discs. But none of them are permanent solutions for retrieving all VUKs for all discs (released in the future).
* Get the VUKs out of "old" versions of a Software Player * Get a Volume ID (unique per movie) and a Processing Key (unique per Media Key Block version) and calculate the VUK.
The first method will expire quickly: we can now use WinDVD to retrieve VUKs out of its memory. But when new discs come out they won't work with this old version of WinDVD so you would have to install a new version. Therefore making this method obsolete for new discs.
The second method requires not one piece of information (like taking a single VUK out of the memory of WinDVD) but two pieces of information. We have several techniques now for a drive to reveal the Volume ID of a disc. So this part of the method is permanent. However the Processing Key will change every time they change to a new MKB version. And since we also need this second piece of information to calculate a VUK for a disc we always need to get the new Processing Key out of some player (whether its a Software Player or a standalone). The Processing Key (or better a Device Key) is very powerful though: if found it makes it possible to decrypt all discs released so far (assuming we can also retrieve the Volume IDs of those discs).
UNQUOTE
Moral of the story: We still need the processing key and that can be changed by the AACS, or by the abuse of language, "revoked". So the new AACS Crack is not "Undefeatable".
The only development since the time this article was written is that the firmware doesn't need to be changed anymore for the drive to reveal the VolumeID. There are some standard commands which get the job done.
Re:Got it! (Score:5, Informative)
effect verb - cause to happen; bring about.
affect verb - 1 make a difference to; have an effect on. 2 touch the feelings of.
(source: Compact OED, www.askoxford.com)
So 'affect' is the closest verb in meaning to the noun 'effect', which is what 'effective' is derived from. Confusing, but that's English for you.
Re:Why is it so hard to copy disks? (Score:3, Informative)
Re:Got it! (Score:5, Informative)
-5 Funny.
There you go.
Re:Why is it so hard to copy disks? (Score:3, Informative)
The uncopiable CDs have sectors that are effectively not written correctly according to the standard. It's possible to sense when it isn't written correctly with a player, but a writer isn't capable of writing such incorrectly-written sectors.
Re:Perhaps if this is proven to be true.... (Score:3, Informative)
Wikipedia [wikipedia.org] agrees with this.
Re:Maybe it's just me... (Score:3, Informative)
Er, sure they have... satellite decryption does emulate the access mechanism but it works pretty well for most access mechanisms that have been reverse engineered. (not all have.) In Europe most DVB systems use a PCMCIA card (the CAM IIRC) to do the decryption itself, and those cards have smartcard slots in them that hold subscriber information. I think they call it CAM/CI. Sometimes the decryption is integrated into the decoder (making it an IRD or Integrated Receiver Decoder), thereby requiring only a smartcard.
The decryption is usually emulated on hacked receivers, on a PC as a filter between the hardware itself and the recording/playing software, or as a programmable CAM.
Many times the only way they can successfully stop these hacks is by replacing the older technology (software updates, new smartcards, or new CAMs/receivers). Otherwise they can only try to outsmart them for a week or so by messing with the keys.
Re:Maybe it's just me... (Score:2, Informative)
I guess I haven't been watching free Dish Network for years then.
Seriously though, the only reason the trickier forms of sat encryption (like DC2) haven't been hacked is because the exact same content is available from providers that use less robust encryption. Why hack the hard stuff when you can get the same programming by hacking the easy stuff?
The same can't be said for HD-DVD and BluRay though as they have a monopoly on the content.
Re:Maybe it's just me... (Score:3, Informative)
What the SatTV companies do makes it sufficiently difficult and ensures that no single crack will crack the entire system. Unfortunately (for RIAA/MPAA/Content Protectors/etc), when it comes to read-only media like CD, DVD, HD-DVD, BR-DVD, etc, or even media that is not always in a drive that method is impossible to do since it needs a connection to the key distributor at all times, or on cycle.
Re:Undefeatable? (Score:3, Informative)
Don't they teach counting in college anymore?