The DRM AACS revolt with digg.

Great news :D. I'm now one step closer to ordering a HD-DVD player. My family were one of the unlucky ones who bought a "HD" set that doesn't have a digital input supporting HDCP :mad: .
 
yak.h'cir said:
Seeing as the key does seem to have been broken relatively quickly, and now its been done once it must be much easier to do it again whats the point of spending so much money on the DRM? It's going to be broken either way it seems!
I think they went to far with this one and it's completely backfired. It's clear any sort of copy protection, digital signatures, etc. are ultimately useless because someone will find a way to crack it. If they want people to buy DVDs, they're going to have to think of a way to make people want to buy them, rather than finding more and more ways to prevent people from downloading them and annoy paying customers in the process. Not that it will be easy. I mean what could they possibly give away with a DVD that would make it worth the money considering you could get the film for free?
 
TBH I'm surprised this thread's still here... the AACS-LA are pretty trigger-happy at present and are coming down on any sites posting the code like a ton of bricks.
 
Mattus said:
TBH I'm surprised this thread's still here... the AACS-LA are pretty trigger-happy at present and are coming down on any sites posting the code like a ton of bricks.

surly thats not a crime? i could post up my credit card pin number, all good. You use it then there is a problem. Its only numbers you need to know how to use it.
 
Yeah all I know is that those numbers have something to do with decrypting HD DVDs. I don't know how I'd actually go about doing that using those numbers.
 
The thing is, it is helping them in a way as the site where it was posted first was very hard to find in the mess of the hex numbers. I know what the number is but I still haven't a clue how I would go about using it.

(I wanted to know for interest sake and not to use them. I haven't even held a HDDVD disk...)
 
Isn't the current BBC report saying that that code is now obsolete anyway, but they are still persueing the posters of said code as a matter of course?
 
ok i didnt read all the thread, but i dont understand what its about.

can someone explain??
 
Ex-RoNiN said:
Isn't the current BBC report saying that that code is now obsolete anyway, but they are still persueing the posters of said code as a matter of course?

The code is still valuable as there are loads out there already, it also works for bluray and hddvd.
 
TheCrow said:
surly thats not a crime? i could post up my credit card pin number, all good. You use it then there is a problem.

What if somebody else posted your credit card number without your permission? That's more equivalent to this situation.
 
Mattus said:
What if somebody else posted your credit card number without your permission? That's more equivalent to this situation.

Not really with a credit card number its only the number you need and you ca buy whatever you want, with this you can't do anything with just the code on its own.
 
johnnyfive said:
Not really with a credit card number its only the number you need and you ca buy whatever you want, with this you can't do anything with just the code on its own.
Surely you'd need at least the cardholders name to use the card?
 
johnnyfive said:
All the discs released thus far can be circumvented.

They are to change the keys for the discs made after april 23rd so I hear. None have arrived yet, but when they do a new "master" key will be needed. I think the hackers will go for a key on a standalone player next as revoking that would cause an uproar to all the consumers who bought it.

Couldnt they just issue a firmware update. As I understand it this new system is stronger then dvd because the key can be updated instead staying constant like dvd was
 
silversurfer said:
Couldnt they just issue a firmware update. As I understand it this new system is stronger then dvd because the key can be updated instead staying constant like dvd was

Not quite, they can change the number posted all over the net so it will not affect new HD-DVDs but there is a bigger problem at hand it seems. Someone has gone even deeper and managed to work out how to get them number easily so even a change of number won't work (from what I can gather). The only way would be to change the whole process, making all players out now (including Blu ray players it seems) obselete, a firmware update would not work.

I don't know If I can link to the site, its not dodgey but I dont know how much OcUK cares about it so here is a quote instead which I think is ok...

“We’ve just learned of this claim today and are checking into it,” said Andy Parsons, chair of the Blu-ray Disc Association and senior V.P. of product development at Pioneer Electronics, in an email.

The new crack follows that from earlier this year, when a hacker by the name of ***** broke the AACS system as it applied to each movie. While the earlier hack led to 100 HD-DVD titles and a small number of Blu-Ray movies being decrypted one-by-one, the so-called "processing keys" covers everything so far made.:

"Most of the time I spend studying the AACS papers," ***** said in his forum post revealing the successful assault on the next-gen DRM system. "... what I wanted to do is "record" all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. ... I now had the feeling I had something. And I did. ... Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed."

It's not yet clear what it means for the consumer's ability to copy movies, or, for that matter, that of mass-market piracy operations. The short form is that the user still needs a disk's volume ID to deploy the processing key and break the AACS encryption — but getting the ID is surprisingly easy.

***** found that they are not even random, but often obvious to the point of foolishness: one movie's Volume ID turns out to be it's own name and the date it was released. There isn't yet an automatic system, however, that will copy any disk, in the manner of DeCSS-based DVD copying systems.

Even so, the new method completely compromises HD-DVD in principle, as it relies on AACS alone to encrypt data, even if there are other parts of the puzzle that are yet to fit together. Blu-Ray has two more levels of protection: ROM-MARK (a per factory watermark, which might revoke mass production rights from a factory but not, it seems individuals) and BD+, another encyption system, which hasn't actually been used yet on sold disks (but which soon will be), meaning that its own status seems less obviously compromised.

How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies. Revoking the volume and processing keys that have been hacked would mean that all movies to date would not run on new players.

Publishers could randomly generate Volume IDs in future releases (as they are still needed for the current hack to work), which would make them harder to brute-force. That said, it's claimed that the "specific structure" of the Volume ID in memory makes it feasible to brute-force randomized ones anyway.
 
Last edited:
I would star out the 2 names in that quote. It goes over the boundary which I think is fair to talk about here. (can find the site with info on how to do it on google very easily.)
 
Back
Top Bottom