“We’ve just learned of this claim today and are checking into it,” said Andy Parsons, chair of the Blu-ray Disc Association and senior V.P. of product development at Pioneer Electronics, in an email.
The new crack follows that from earlier this year, when a hacker by the name of ***** broke the AACS system as it applied to each movie. While the earlier hack led to 100 HD-DVD titles and a small number of Blu-Ray movies being decrypted one-by-one, the so-called "processing keys" covers everything so far made.:
"Most of the time I spend studying the AACS papers," ***** said in his forum post revealing the successful assault on the next-gen DRM system. "... what I wanted to do is "record" all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. ... I now had the feeling I had something. And I did. ... Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed."
It's not yet clear what it means for the consumer's ability to copy movies, or, for that matter, that of mass-market piracy operations. The short form is that the user still needs a disk's volume ID to deploy the processing key and break the AACS encryption — but getting the ID is surprisingly easy.
***** found that they are not even random, but often obvious to the point of foolishness: one movie's Volume ID turns out to be it's own name and the date it was released. There isn't yet an automatic system, however, that will copy any disk, in the manner of DeCSS-based DVD copying systems.
Even so, the new method completely compromises HD-DVD in principle, as it relies on AACS alone to encrypt data, even if there are other parts of the puzzle that are yet to fit together. Blu-Ray has two more levels of protection: ROM-MARK (a per factory watermark, which might revoke mass production rights from a factory but not, it seems individuals) and BD+, another encyption system, which hasn't actually been used yet on sold disks (but which soon will be), meaning that its own status seems less obviously compromised.
How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies. Revoking the volume and processing keys that have been hacked would mean that all movies to date would not run on new players.
Publishers could randomly generate Volume IDs in future releases (as they are still needed for the current hack to work), which would make them harder to brute-force. That said, it's claimed that the "specific structure" of the Volume ID in memory makes it feasible to brute-force randomized ones anyway.