Chris Lanier

The latest on the 'Net is that AACS DRM used by both Blu-ray and HD DVD has been cracked using BackupHDDVD tool. We don't condone piracy here at RedmondGadgets.com, but if this is true it's definitel ...

Will be interesting to see what happens when they start to revoke keys. What if I falsely claim that I cracked a box and can get the keys needed to copy a movie? What does it take for them to revoke keys? A rumor or hard evidence?

No system that allows private keys to be stored in  the clear in memory will be resistent to this attack, it was interesting that the guy only needed 3 days to get it done and release alpha code. TPM's need to be used to generate the keys although at some point that key needs to be loaded in memory so I can't see a watertight way around it.

The claim was never that it was cracked. To have it cracked they would have had to break the actual encryption. It was claimed that it was hacked, which implies a way around the DRM, and not that the DRM had been defeated entirely. But in the end we do have a proof of concept that shows there are flaws in AACS. And yes the key will propably be revoked. That's one of the "features" of AACS. But now that it has been done once, it can be done again from a different player. And it's only a matter of time till the hardcore hardware hackers start hooking up logic analyzers to the set top HDDVD players to get those keys. What will end up happening is that as more and more players are hacked, hollywood will have to revoke more and more keys, which in turn will piss off more and more innocent consumers. Eventually the public outcry about disabled players will make them stop revoking keys, and if they don't stop revoking keys people will just stop buying it.

Uh, I was pretty sure that the exploit that was released was key-independent.

Wrong! What happened was that the TITLE KEY was found in memory. Not the player key.

AACS's Revocation method won't do a damn thing. Those titles that have been released are compromised, now and forever. If you have the title key, then you can decrypt the data on the disc directly. You don't need the player key except for a title you have not read before.

They could release new versions of the titles with new title keys. But then somebody uses a normal player and peeks in memory again to see the title key and poof, it's cracked. And the title key has to be in memory somewhere. It's needed to decrypt the disc.

PingBack from http://www.techenclave.com/forums/hd-dvd-aacs-protection-decrypted-84188.html#post524608

"Wrong! What happened was that the TITLE KEY was found in memory. Not the player key."

I agree, as one can see in the released YouTube video where he even demos the method, it's all about keys for the actual titles, not about the player. And at least from my understanding of this right now, releasing new title keys have to be hell for the economy involved in doing it versus the ease of re-doing it for a hacker simply by using this very same hacked player again.

PingBack from http://www.techsmessage.com/2006/12/28/hd-dvds-drm-is-officially-cracked/

"but I don't see that AACS was cracked."

then why the *** did you made the front page on digg?

I don't know what rock I was under when this came out. But it would appear that someone has cooked up

PingBack from http://universejdj.wordpress.com/2006/12/29/hd-dvd-aacs-was-not-cracked/

This is not the first HD-DVD or Blu-Ray backup.

Some guys in Germany already automated a frame capture method months ago that works with any software player by pulling the screens out of the video RAM.

Besides, pro pirates often get the data before it's even pressed, often before it even hits the big screen.  Anything you have made in China, India or Mexico will be copied.

I can't believe they're so backward.  To sell something it must show value to the people you sell it to or they will not pay for it.  The hardware industry should have learned by now with DCC, SACD, DVD-A, HDMI and the other expensive train-wrecks the RIAA and MPAA have caused.

It doesnt matter if a player doesnt store the Title key in memory, as it was stated, and as the XBOX was hacked by an MIT student, you can intercept the key between the disc and player.  All you have to do is figure out which portion of the circuit the key is passing through, and viola.

In french it's "voila" not "viola", because "viola" means "raped"... Anyway. I agree with the "Wrong!" comment.

Correct me if i'm wrong but with distributed computing, would it not be possible for some clever coders to create an application which can attempt to discover all the working keys through brute force analysis. everyone could download a client and leave it running in the background much like seti or cancer research p2p clients. these keys could then be published as and when they are discovered.

Is this sort of thing possible and if so why hasn't anyone taken a stab at it yet?

Forget about a distributed attack. This is encrypted with AES-128 - you would need bilions of  years to crack it with current methods.

Yeah but with computing power hallways on the rise and the introduction of programming techniques to take advantage of the massive computing power of modern graphics cards I think that this insurmountable problem will clear up faster than you might expect. Maybe I'm just an optimist or am I completely delusional. I sometimes get taken up in the hype so maybe my estimates of computing power could be overestimated.

PingBack from http://www.cartoonsfans.com/blog/2006/12/29/x-men-3-reviews-and-ratings-no-hd-dvd-aacs-was-not-cracked/

Como predijimos antes, un intrépido hacker acaba de declararle al mundo que acaba de romper la protección AACS (Advanced Access Content System) que es la tecnología que protege contra copias tanto a los HD-DVD como a los discos Blu-ray de video de alta

It really depends on your definition of cracked. No, the encryption itself wasn't cracked. If you have the key you don't need to crack anything. However, the security of the software was cracked, which goes to prove the old adage that secrets stored in software don't stay secret very long.

These title keys may get revoked, but that won't stop other ones from getting discovered the same way. In the end, if you want to stop copying of the media you need to stop distributing it. Personally, I don't see why the industry doesn't just provide those of us who only want a backup to keep the kids from destroying the disks with a legitimate way to do that. Then they could devote the legal, political, and industry efforts toward going after the industrialized, government supported bootlegging in China and the rest of Asia and Russia. That's where the big money is lost, but the industry doesn't seem to dare to go there, and the U.S. Government and Industry  seem too intent on cow-towing to the Chinese government to dare do much about it.

This is nothing but a hoax. To download the sourcecode, the provider asks you to enter 5 lines of access keys, while the field just allows 4. Of course I could pay pay to get: nothing. Haha. Anyone downloaded the programm at all?

PingBack from http://www.zatznotfunny.com/2006-12/digital-media-bytes-15/

I would also like to know what will happen if somebody releases a title key, but won't tell which player he hacked... Would they revoke all keys?

Totally agree with Otto's post - this whole AACS thing does not seem to be about protection from pirates. It rather is intended to serve the content producers in a way so they can disable playback on older devices for example (to force people to buy newer hardware) and so on.

As encryption scheme it is inherently flawed - simply because there is still a need to decrypt disc content with the key supplied on that same disk (very secure ;-)) albeit in magled form. For some people who equiate this to AES encryption cracking - there is really no need. All that has to be done to beat the AACS is to get that title key of the disk. For now it is done via flaws in player software butI can't see why it could not be done algoritmically later. After all I know of no existing cypher that allows effective "encrypt with one key decode with many" style encryption and that is exactly how title key seems to be encrypted on a disk. And for a software players - as Otto said - the player will absolutely have to keep the decrypted key somewhere (memory or other structure) to decrypd the disk content so it will always be succeptible for attacks like this hack.

IMHO the only tough way of protection is by using online services that require obtaining decryption keys online (like WM9+ DRM) but I can't see that happening in standalone consumer boxes.

PingBack from http://www.krunker.com/2006/12/29/was-aacs-really-cracked/

Everyone is *assuming* that Cyberlink's PowerDVD is the source of the key being found in memory, but there is no evidence of that!

The assumption comes from the fact that in his YouTube video this cracker played the dumped video with PowerDVD - but for all we know, he could have used something totally different to get hold of the keys.

If that source is not identifiable, then *any* HD-DVD release could have it's key extracted in the same manner. This key could then be used with Muslix's program to extract the unencrypted file and put it on the 'net! So yes, OK, the encryption has not been broken exactly, but its been circumvented - and that's all that might be needed!

PingBack from http://www.ps3network.com/forums/ps3-general-discussion/1852-next-gen-formats-already-hacked.html#post18693

With the HD DVD AACS Crack/Hack that supposedly happened last week, I said that Cyberlink would most

Hey guys...Seeing that software players do exist, extracting Title keys should not be out of the realm of possibilities. For this purpose, i have started a website that will eventually list title keys that have been compromised.

Check out http://www.aacskeys.com ... Before you flame, there is obviously nothing of importance on it yet. I am hoping to also include compromised device keys(i probably wont publish these right away).

PingBack from http://www.llbbl.com/2006/12/28/aacs-encryption-cracked/

Do I get this correct?

All pressings from a particular master are identical to each other. So all discs of the same title from the same master have the same title key.

But (subject to key revocation) any disc will play on any player. Which suggests a single algorithm to decrypt the title key. If you change the algorithm, then all discs made prior to the change will not work, and if you revoke the title key, all discs of that title made before the change will not work. (Those sorts of revocations do not sound like viable business models to me.)

Which suggests that to totally crack aacs, you need the title key algorithm, plus programs like the one released recently - all the rest of the content protection system is then by-passed.

That all seems a bit too easy to me.

if you read his letter he mentions the volume key is not encrypted or proected that should give you an idea of how he did it   plus how hard is it to reverse anything like that  not very

PingBack from http://www.zatznotfunny.com/2007-02/how-hd-dvd-protection-was-possibly-defeated/