Claim of a Blu-ray BD+ Crack

Google85 writes in with a brief Enquirer piece reporting on an announcement on a German site that SlySoft claims to have cracked BD+, the extra copy-protection layer in Blu-ray. Here is the German original.

Problems?

[AlphaDrake]

Was it this extra layer of protection that was causing some players to have some ungodly load times that was mentioned on /. a little while ago? And if the companies spent half as much money on increasing space/fixing problems as they did useless protection schemes, we'd be on Terabyte sized dvd's by now :P

Re:So i guess if true

[cromar]

I'd like to see Fox (or any other studio) sue the MPAA asking for arbitrarily large amounts of cash to compensate them for all the piracy this weak crypto causes. It would be really nice for the tables to turn a bit.

Just cracked?

[Splab]

I'm a bit confused about what has been cracked and not, lately quite a lot of BlueRay and HDDVD movies have shown up in 1080p format on my favorite torrent site. Ok, they might not have "cracked it" whatever that means, but they sure as hell have started distributing the movies.

keeping people in a job...

[logicassasin]

This "War On Piracy" does nothing more than keep people in jobs, much like the "War On Drugs". Like the drug war, piracy cannot be stopped unless it's made legal, but to do that you would put those in charge of fighting said illegal activity out of a job.

It's stupid...

Any digital content that can be seen or heard can be duplicated with some form of analog technology. Copy protected CD's can be recorded with near perfect quality simply by flying the audio from a CD player into a PC equipped with a $100 pro-level audio card (like the Emu 0404 or M-Audio Audiophile 2496). DRM protected mp3/wma/etc files can be duplicated through two pc's in exactly the same fashion as a CD. Copy protected DVD's can be duplicated by recording it's content from a DVD player into a PC with a decent video capture card.

And that's just the tip of it.

Nothing they do keeps DVD's off the streets. Every trip to the grocery store I make, I get a guy or gal coming up to me selling the latest movie for $10 on DVD (3 for $25!) or the latest yet-to-be-released CD for $5.

It's not going to stop. No amount of copy protection will help, no law passed will deter, it's a useless waste of money, but it keeps a few folks in a job.

Re:How to translate MPAA claims.

[AchiIIe]

It's great news but keep in mind the entire procedure has not been cracked yet. There are three major layers of security in a Blu Ray Player
1) AACS (currently we have ways to sniff the code out of software, cat and mouse game for now) (Cracked - sort of)
2) BD+ (The virtual machine decrypting the AACS content) (Cracked)
3) BD ROM MARK - A small key that has been stored on the cd using alternate technological means. This is an extra key that is read using only BLU RAY players using mysterious methods.

Without the BD ROM Mark the disk can't be decrypted quite yet.
The article makes no claim that this has been cracked.

Re:So i guess if true

[Anonymous Coward]

They knew it would be cracked this way, but they expect BD+ to protect them trough the first weeks of release (when most money is made), unlike AACS which was fully cracked and now completely useless.

As of now there are no universal cracks in the wild for BD+ and no vulnerabilities were found in BD+ yet. The keys need to be cracked from a new software players version, every cycle of disk release. This doesn't make the scheme uncrackable, but it takes time to crack every time and that was the whole idea. It requires time, cannot be done computationally, and most importantly the work needs to be done every cycle of release.

If you read the doom9 forum, SlySoft explained that they cracked specific discs, and they said it took them 3 week to extract the keys from the software player. Now these keys will be revoked in the next cycle, and the software player they extract the keys from will have it's key revoked and will require an update. This update will use a new obscuring scheme for the keys, and it will require another 3 weeks to crack.

Re:How to translate MPAA claims.

[Dr Kool, PhD]

Wrong, ROM-Mark is irrelevant. BD-R media has no ROM-Mark and pretty much every player these days can play BDMV from BD-R. People have been ripping and burning to BD-R for some time now.

Can't be Done

[Bellum Aeternus]

This just brings me back to my original hypothesis that it is impossible to encrypt something one time that you want to be easily distributed to the masses. There's just no way to say "here's the encrypted content and the key, but the key only works when we say so" unless you have some kind of root server doing the authentication in real-time and creates randomize keys for every download/view (think TSL). Even then, the user on the recieving end can (in theory) just record the incoming stream and redistribute.

It's time for the media distributors of the world to wise up and realize that they just cannot protect their content through DRM. The best they can hope for is to make it tough on Joe Sixpack, and rely on legal means to tackle the large scale pirates. (think 1980's style).

If BD+ is cracked, then the writing is pretty much on the wall for DVDs and we'll see a faster migration to online, streaming content. So let the "you cannot save this file" wars begin (ala Flash and QuickTime) - soon people (smarter than me) will spend time on fixing, er um... breaking that too.

AACS Encryption Getting Better?

[rsmith-mac]

This is a bit off-topic, but on the subject of HD encryption, is it me or does it seem like HD-DVD/BR discs are getting harder to crack? There have been several big releases lately that have taken a while to crack the encryption on and rip; the HD-DVD version of Transformers for example wasn't broken until some two weeks after the disc was released. Obviously the MPAA's engineers can't completely fix AACS due to flaws in its design, but they seem to be getting better at using what they have and keeping groups from cracking their discs for a bit longer.

On the whole this is still a loss for the MPAA, but none the less being able to stop people for even a couple of weeks would likely encourage anxious people to buy movies they'd otherwise pirate, so it would seem the MPAA hasn't completely lost yet.

Re:Direct TV

[Em Adespoton]

This raises an interesting point... why don't the movie moguls just go to a smart card based system? All hardware players are shipped with a SIM that comes from the distributors, software players require a reader hooked up to the PC. If a key is cracked, the SIM range is blocked on future discs, and a person needs to get their SIM replaced but can keep the same hardware. As with Direct TV, there are multiple ways to beat the system, but the moving target is MUCH easier for the media moguls to keep up with. On the PC side, this SIM card could also be used to provide online content to people with a specific disc in their drive, which would tie the SIM into a service agreement that could be revoked when evidence of tampering is found. Not that I'm FOR any of this mind you (except for the online streaming content), but this system seems so much more obviously effective than what they're trying to do right now. Think about it: buy the box set to your favourite TV show and get access to bonus features, interviews, and a sampling of later shows not included in the set via an online service via keys stored on your SIM and on the disc. They wouldn't even need user-side DRM, but could use it as device verification for your free subscription account instead.

Re:So i guess if true

[Em Adespoton]

Sure it will take a while for the new code to be released, but it will subsequently delay those who would pirate these films at least temporarily once the new codes are out.

Hmm... I guess I must not be keeping up with the changing definition of Pirate -- my immediate thought was, "wait a minute, the people mass producing the discs with the old code can still do so; the old code doesn't cease to be valid...." Then I realized you were talking about people ripping a legally purchased video to a DRM-less format, not people mass distributing discs for profit.

Seriously, I think the one thing this format has going for it is that unless the master copy is pirated and distributed in a DRM-less format, the MPAA members will have a window with each release where the market won't be flooded with free versions of their product, so people who want "zero-day" entertainment will be more likely to see it on TV/in the theatre/buy the DVD.

Re:They're sometimes not that bright...

[Opportunist]

The price isn't even the point. I do agree that they're cheap enough. But as you said it: It's a lot of wasted space. A current hard drive could hold 30+ HD-movies easily, or 100-200 in DVD quality. You could put your whole DVD collection on hard drive and drop the originals into some storage.

Or ... can you? No, at least not legally. Media shifting is intrinsically impossible due to DRM. So you're stuck with those reflective plastic discs, no chance to transfer them to your hard drive, hell, chances are good that you can't even watch them on your computer unless it happens to have some system so locked down that you can't do anything else sensibly with it. You prefer Linux? Then you better not prefer watching your movies from your computer.

That's the reason why people (ok, geeks) loathe DRM. It's not that we have to buy movies, I buy movies I enjoy enough to watch them more than just once (so far there's been three). But I want to watch them the way I want.

Re:So i guess if true

[Anonymous Coward]

Ah, no, I personally enjoy cracking things for the sheer fun of it; I like the challenge (I also have too much free time). Though granted things this annoy me, or things that did annoy me and make me go out of my way for something would put it higher on my list of things to do.
It can be extremely satisfying successfully cracking something, especially if you're the first to do it.

Re:Direct TV

[Anonymous Coward]

Didnt even read you post - reason described below:

Repeat after me:

There is no way to control data after it was given away until you can control all equipment
that the data passes (including the human brain). It will not work. Never. Ever. No way.
You can not give data away and at the same time not give up control over it.

Jesus...