Click Here to visit Embedded Automation - mControl
"Setting The Record Straight" muslix64 on AACS - Chris Lanier's Blog

"Setting The Record Straight" muslix64 on AACS

muslix64 e-mailed me this bit, as well as posted it at Doom9 and I assume various other places.  Text copied directly from e-mail. . .

I spent the last few days reading a lot of articles on BackupHDDVD, reading a lot of people's post/comments on various websites.

This is the time to set the record straight about this new tool and what the impacts are.

First I need to clarify some points.

Revocation:

In the AACS system, there is 4 types of revocation:
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation

There is no such thing as "title key revocation" and "volume key revocation"

-------------

Now, here is a list of affirmations I have seen lately.


Affirmation 1: You did not break AACS, just the player

My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.
Not that bad...


Affirmation 2: The BackupHDDVD circumvention tool won't last long

My comment: As long as insecure players will exist, it will last...
And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.
And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!


Affirmation 3: The keys can easily be revoked.

My comment: What keys are you talking about?
As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...


So what is the AACS revocation system good at?
It is good for that scenario:
Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.


Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.

My comment: BackupHDDVD is a proof of concept.

Picture this:
Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.
Or they can send the keydb.cfg file on P2P networks (BitTorrent, E-Mule, etc..)
See the problem now?


Affirmation 5: You can extract keys from software player on personal computer but not on hardware player.

My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)



Conclusion:

The attack I describe in "Affirmation 4", is not here yet, but it's coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.

To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don't know about the manufacturing process of the disk. This solution may not be possible.

The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every "pressing" of a movie.

When they design AACS, they assume people will look for the device keys. I don't care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.

There is 3 important things in cryptography:

1-Private key protection
2-Private key protection
3-Private key protection


Did I break AACS? I don't know. What do you think?

I'm not going to work on this anymore, I'm taking a vacation!

Related: No, AACS Was Not Cracked (12/27/06)  |  Cyberlink Responds to Alleged AACS Crack (01/02/07) 

Published Tue, Jan 2 2007 16:46 by chrisl
Filed under: , , ,

Comments

# re: "Setting The Record Straight" muslix64 on AACS

So were you right or wrong on the Chris, has AACS been comprimised or not?

Tuesday, January 02, 2007 5:49 PM by Albert

# re: "Setting The Record Straight" muslix64 on AACS

No, IMHO.  I'm not sure muslix64 knows either.

Ex1. "I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system."

Ex2. "Did I break AACS? I don't know."

I would say that he found a way to decrypt AACS protected content, however no one has yet to be able to find the keys needed.  Finding the needed keys is the important part.  Once found, the AACS docs provide just about all the information needed to decrypt the content.

Tuesday, January 02, 2007 5:57 PM by chrisl

# “Setting The Record Straight” muslix64 on AACS « Universe_JDJ’s News Blog

PingBack from http://universejdj.wordpress.com/2007/01/03/setting-the-record-straight-muslix64-on-aacs/

Tuesday, January 02, 2007 6:07 PM by “Setting The Record Straight” muslix64 on AACS « Universe_JDJ’s News Blog

# re: "Setting The Record Straight" muslix64 on AACS

Well who knew that AACS was, at least partially, defeated by the psychological problems of the "players" involved!

If I were the MPAA I would get rid of all of the "insecure players", and anyone else in the movie business who suffer from insecurities.  How can you trust anyone who is insecure!

Tuesday, January 02, 2007 7:26 PM by Insecure player

# re: "Setting The Record Straight" muslix64 on AACS

One of the advantages of HD-DVD over Blue-Ray has always been the the architecture/standard required that the media/player allowed the copying of the HD-DVD to a hard drive.

How does this intersect with all of this AACS blather?

Wednesday, January 03, 2007 8:14 AM by dnr

# re: "Setting The Record Straight" muslix64 on AACS

Chris,

From http://en.wikipedia.org/wiki/AACS"muslix64 exploit

On December 27, 2006 a person using the name "Bootie Loffelmacher" posted a utility named BackupHDDVD and its source code for a working AACS exploit on the doom9.org forums. A video of the hack can be found on YouTube. This hack appears to use a similar methodology to the DeCSS hack, exploiting weak player keys. Source The title keys are located on the disk in encrypted form, but need to be decrypted for content to be played; "muslix64" claims that the title keys were found in main memory."...."Thus, despite heavy investment and attention from leading manufacturers and content providers, the system appears to have been defeated before final license agreements were available from the legal department."

So, Wikipedia is publishing that AACS has in fact alreday been cracked.  You should go in and update the article.

Wednesday, January 03, 2007 9:04 AM by dnr

# re: "Setting The Record Straight" muslix64 on AACS

I wonder when they learn, that you can't make a lock (or a protection system) that someone won't open without a key?

I don't care about their precious content. If I won't be able to play it the way I want it I won't buy it. Sooner or later they will show it on TV, and I'll watch it for free without buying crappy HD-DVD or any special equipment for it :)

Friday, January 26, 2007 7:27 PM by anonymous