Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Media Encryption Security Your Rights Online

New AACS Crack Called "Undefeatable" 554

Posted by kdawson from the go-ahead-revoke-all-the-keys dept.
Tuoqui writes "With all the focus on the infamous hexadecimal number, people may be ignoring a bigger weakness in the AACS armor, which emerged two weeks ago. Some hackers have figured out how to crack AACS in a way that cannot be defeated, even by revoking all the keys in circulation."
This discussion has been archived. No new comments can be posted.

New AACS Crack Called "Undefeatable" More

New AACS Crack Called "Undefeatable"

Comments Filter:

  • Re:Got it! (Score:5, Interesting)

    by elrous0 ( 869638 ) * on Thursday May 03, 2007 @11:21AM (#18973077)
    Blu-ray will be effected too, since it uses AACS. Of course, Blu-ray has an added layer of protection which they've never actually used before. This will prompt Sony to tout Blu-ray to studios as a solution to the crack. It will also prompt Sony to cry when, exactly 5 minutes after it's first used, a hacker cracks it too.

  • Get 'em while you can (Score:5, Interesting)

    by Kadin2048 ( 468275 ) <slashdot.kadin@xox y . net> on Thursday May 03, 2007 @11:22AM (#18973081) Homepage Journal
    Basically this crack relies on using a Microsoft HD-DVD drive for the XBox 360, with a special firmware patch (which requires you to remove the firmware chip, flash it, and then solder it back in). With a hacked drive, you can apparently get the Volume ID, which is one of the parameters used in the encryption, directly off of the disc. Normally the Volume ID isn't passed to the host computer, I think.

    Anyway, in the bizarro-world that the people who write DRM systems inhabit, I think that this will probably just push them to make the drives harder to "tamper" with; I fully expect that they'll eventually just pot the circuit boards in epoxy or something, to keep you from desoldering the chips.

    So if you're interested in this stuff, you might as well go out and get one of the MS drives or other first-gen drives, because I suspect the hacking possibilities may decrease over time; it's going to be these early drives which are the most hackable.

  • The Art of Information (Score:5, Interesting)

    by Nom du Keyboard ( 633989 ) on Thursday May 03, 2007 @11:34AM (#18973331)
    For a real laugh, check-out the formerly-known-as Secret Number as Photoshop art. [wired.com] My personal favorite is #12. The funniest part of all was as I went through the list, an animated ad for Blu-Ray high-definition movie playback popped in after image #9. It doesn't get better than that!

  • Re:Get 'em while you can-MISSING THE POINT (Score:5, Interesting)

    by Nom du Keyboard ( 633989 ) on Thursday May 03, 2007 @11:42AM (#18973499)
    You're missing the point here. Everybody doesn't have to do this. One person does this and posts Volume Keys for each new release, allowing everyone else to simply decode with the volume key. If this truly can't be revoked, then it doesn't matter it they make it inaccessible tomorrow. Not until every existing modded player breaks beyond repair would it be secure again.

  • ZKP (Score:2, Interesting)

    by wwmedia ( 950346 ) on Thursday May 03, 2007 @11:54AM (#18973645)
    i wonder why they didnt use a zero knowledge protocol http://en.wikipedia.org/wiki/Zero-knowledge_proof [wikipedia.org] to defend them disks, bundling the keys with the cds is only delaying the inevitable

  • Re:Got it! (Score:1, Interesting)

    by Anonymous Coward on Thursday May 03, 2007 @11:57AM (#18973681)
    I've always had my personal favorite...
    http://linux.slashdot.org/comments.pl?sid=133782&c id=11170090 [slashdot.org]
  • The article is a little old, the links to the doom9 forum go to posts from early last month. Within a few days of those posts, there was a link to xboxhackers where they were able to accomplish the same thing without having to patch the firmware, ie, no desoldering.

    That's pretty interesting. (In TFA the [hack|crack]er is quoted as saying that one of their goals is to eventually be able to pull the Volume Unique Key from the drive without a hardware hack, but he made it seem pretty far off.) I didn't know they had gotten to that point already.

    Slightly OT: I'm really hoping that someone will write up a good introduction to how AACS works, in semi-layman's terms. I've read the official AACS documentation (as much of it is public, anyway) and it's not the easiest thing in the world to get your head around, if it's not your field already. It's obvious these Doom9 guys know their shit, but it would be nice if somebody made some documentation just so the rest of us know what the hell is going on; AACS has so many keys and keyblocks and keys-within-keys-within-keys that I'm never quite clear what exactly they've cracked, or which key is required to read the actual content without any other intervention from the player.

    It would really be good if Wikipedia handled that, but right now the AACS article is just a lot of news-bites about the progress of the hacking, and it's very light on the technical stuff (and it's currently locked due to some pissing contest or other).

  • At what point is enough just enough already?! (Score:5, Interesting)

    by blindd0t ( 855876 ) on Thursday May 03, 2007 @12:13PM (#18974009)
    I own 2 legitimately, untampered-with DVD players, several computers with DVD drives, and an old XBox. When I rent or purchase a DVD that I am unable to play on any of these devices, nothing makes me more livid (especially when I'm already moody because I'm hungry and planned to eat while watching the DVD). It's actually to the point now where I look at the back of the DVD to see who the publisher is before renting or purchasing it, because I've found my devices especially have trouble with Sony DVDs, of course. I've never even made a copy of a DVD or pirated any DVDs, but I can honestly say that as it becomes more painful for me to legitimately watch my DVDs, I will eventually be driven to circumvent their DRM entirely as that would be less painful of a process. It just pisses me off, but there are some movies I would really enjoy watching and owning a legitimate copy of, but I simply won't spend a penny of mine if Sony's name is on it. Furthermore, Sony's BS about hardware manufacturers needing to keep up-to-date with their latest DRM mechanisms doesn't bode well either - I'm not replacing any of these devices which work perfectly fine with the exception of their purposely fouled media.

  • Re:Get 'em while you can (Score:3, Interesting)

    by Miseph ( 979059 ) on Thursday May 03, 2007 @12:18PM (#18974099) Journal
    I read that response, I think the point the other guy was trying to make is that you aren't the intended receiver, your hardware is, and your hardware is only telling you certain pieces of information as it sees fit.

    To put into the context of this discussion: you buy an HD-DVD, you insert it into your player, and you watch the movie. The disc constitutes the totality of the message, the sender is the manufacturer, and the recipient is your player. Within the larger message is contained the movie, and the message itself instructs your player to show you the movie if, and only if, certain conditions are met. The inaccurate part of your .sig is not that we are not a recipient, it's that we aren't the recipient of the message we think we're receiving.

    The real weakness in DRM is that there is an approximately infinite number of potential attackers spending an approximately infinite amount of time and using an approximately infinite number of discrete messages attempting to break the code, and that furthermore these attackers ALREADY KNOW what the decoded message is supposed to look like, AND have unlimited unmonitored access to an approximately infinite number of valid recipients. It follows that the encryption WILL be compromised no matter how good it is, because the attackers have so much access to all but one party in the scheme (the sender) that it can never be good enough.

  • Old security law... (Score:3, Interesting)

    by geoff lane ( 93738 ) on Thursday May 03, 2007 @12:53PM (#18974729)
    When you have access to the replay hardware, no "encryption" can ever be secure.

  • Re:At what point... (Score:3, Interesting)

    by flanksteak ( 69032 ) * on Thursday May 03, 2007 @01:30PM (#18975263) Homepage

    Exactly!

    Software has long been sold as a license transaction, not a physical item or intellectual property transaction.

    Entertainment products are still treated as physical items, when really the manufacturer would prefer it be a license but without the right to back up the "software". By keeping the distinction fuzzy, the argument can be left unresolved.

    Because of this, my biggest fear with all the fires stoked by the *AA orgs is not that they actually expect to be able stop casual or large-scale copying, but that they keep the argument alive long enough to scream that it can't be stopped. Then they say that because of that, they should be subsidized by taxes on blank media (like what happened with DAT or what happens now with blank discs in Canada). In essence, control the argument so that your point can't be refuted, then say the problem is endemic and find a "solution" that generates revenue but still leaves you with your original "problem" that can be trotted out anytime someone raises a valid point about your original argument.

  • Re:Maybe it's just me... (Score:4, Interesting)

    by alienw ( 585907 ) <alienw.slashdotNO@SPAMgmail.com> on Thursday May 03, 2007 @01:36PM (#18975363)
    There is no practical insulating material that is also a good conductor of heat. Electrical insulators are always pretty good thermal insulators. Of course, nobody says you couldn't embed a metal slug into the epoxy -- that's how we cool chips. There is also no good reason to encase the whole board. A much simpler solution would be to integrate the decryption hardware into one chip, and encrypt the firmware or put it inside the chip. Not much of a chance of anyone cracking that.

    I wonder why the HD-DVD people don't get together with the satellite people? Satellite TV is extremely secure and has never really been cracked successfully. Most cracks involve emulating a smartcard, which is easy since the smartcards still use early 80s technology. Even then, nobody has really done a crack that wasn't fixed within a week.

  • Re:Perhaps if this is proven to be true.... (Score:3, Interesting)

    by jZnat ( 793348 ) * on Thursday May 03, 2007 @01:46PM (#18975519) Homepage Journal
    Millions of people have experienced DRM and are most likely annoyed by it. Ever watched a DVD with unskippable adverts? Or unskippable anything? This is due to the DRM in DVDs. People know what DRM is like, but they don't know what it's called.

  • Re:Perhaps if this is proven to be true.... (Score:3, Interesting)

    by shark72 ( 702619 ) on Thursday May 03, 2007 @02:25PM (#18976195)

    "I thought the *real* pirates where the guys who were doing bit for bit copies of the disks, encryption and all, so they could sell them? Cracks mean nothing in that context."

    Nope, trading HD-DVD movies via BitTorrent with links you found on The Pirate Bay is piracy, too. The relevant definition of "pirate" is pretty broad -- dictionary.com has it as "a person who uses or reproduces the work or invention of another without authorization." Nothing about how it's copied, how it's distributed, or whether it's sold.

    My unsolicited advice is not to worry too much about others' perception of your actions; I don't think there's a need to call sellers of pirated DVDs "real pirates" to justify your own piracy. If you enjoy using cracking software to create "back ups" to share, or if you enjoy torrenting HD-DVDs, then don't sweat it. All that matters is your own moral compass, and not some arbitrary third person's. Enjoy your movies, and enjoy the money you've saved.

  • Re:Got it! (Score:3, Interesting)

    by SeaFox ( 739806 ) on Thursday May 03, 2007 @03:49PM (#18977805)

    Blu-ray will be effected too, since it uses AACS. Of course, Blu-ray has an added layer of protection which they've never actually used before. This will prompt Sony to tout Blu-ray to studios as a solution to the crack.

    If I were a studio, I would ask for some sort of guarantee the protection would not be crackable easily. Like a financial penalty if the format is cracked within __ years of its release. Maybe Sony would work a little harder at their DRM if they had to pay out the nose for being flimsy.

Slashdot Top Deals

8 Catfish = 1 Octo-puss

Close