Tech News

HD-DVD DRM copy protection broken

By Steve Ragan Dec 31, 2006, 4:51 GMT

Its official, the hacker known only as Muslix64 has successfully cracked the copy protection on HD-DVD called AACS. Muslix64 released the source code, as well as a video that he shot proving the concept of the decryption. Designed as a program to make back-up copies of HD-DVD movies already owned, the software is quickly picking up buzz in chat rooms, and forums across the web.The video and link to download are currently listed at the forum where the announcement was made. The forum, Doom9 located at http://forum.doom9.org, is a known DVD hangout for those who like to discuss DVD movies, and technology. When this announcement was made originally, the first response made by user linx05 was “Is this for real?” Quickly other users downloaded the software and checked out the source code released with it. It is real. Watching the video, you see the software in action, and there is a promise of more code and maybe keys coming to the public in January. According to the author, Muslix64, the process after some trial and error was easy, “It took me around a week to do. But I [had] wasted few days trying to work on too complicated [of an] approach. In fact, it is very simple.” According to him, the process and idea came to him after reading an online document about AACS. “The program itself has nothing special. It simply implements the AACS decryption protocol. I have followed the freely available documents about AACS. Have a look at www.aacsla.com the trick is to find what they call the "Title keys.” So I figured out how to extract them.” However when asked about those title keys, or rather how to extract them, “I won't explain it in detail. Read the AACS doc first. You will understand.The title keys are located on the disk in encrypted form, but for a content to be played, it has to be decrypted! So where is the decrypted version of the title key? Think about it...”It is expected that the source code will be further developed, and that a user interface will soon be released. In addition, there are talks about ports to Linux, and OS X. One user, hechacker1, asked the most important question for those who are waiting, “So who is going to take this program to the next step?” The answer may be everyone or no one. The download and source code are legal, regardless of what other stories about this say. This is because no decryption keys are released with it and the keys in the cfg file are all null. However, with the promise of more information coming in 2007, the growth of HD-DVD decryption source code may run away as DeCSS source did after it was released. Analysts look at this topic two ways. Some say it was bound to happen because they warned Intel, Disney and others who had a hand in developing AACS, that it was doomed from the start because it shared similar encryption to other methods already public knowledge. Others say this might give the slow growth in the HD-DVD market its much needed push to make this a popular brand. One doom9 forum member zilexa agrees, “Now that you made the playback of HD-DVD almost as easy as a normal DVD movie, this could very well be THE reason for people to upgrade to a HD-DVD player! (And since Bluray uses AACS as well this could mean the same thing for Bluray). Since there has not been a bump for HD-DVD and Bluray like there was when DVD was released, it didn't seem very realistic these new HD players would break through. But now with your work, this could lead to a breakthrough in the near future!” This story will continue long into the coming year. As other coders use the source further develop the concept, and the Hollywood studios, and technology experts look to place a new method of encryption in players or HD-DVD movies to block this. One thing is certain doom9 just got a whole slew of new readers, and members and the world will wait to see what comes next on January 2nd.

Headlines from The Tech Herald

Talkback

Add your comment

page: 1

Jeff DahlgrenDec 31st, 2006 - 06:27:06

AACS Is Not 'Technically' cracked
Although it appears that 'muslix64' has developed a work around via key or volume information on HD-DVD the medias continuing rant that the encryption is 'cracked/hacked' is misleading. After reviewing the source code itself it appears that quite possibly the 'fix' is only an update away. It is by no means (yet) as significant as the DeCss crack was to DVD. Put simply, the encryption was not 'defeated' rather it's implementation was.

That said, it clearly leads to further questions as to the implications, if any, regarding Blu-Ray as it uses an additional layer of copy protection. The case is, and should be, still 'out' regarding the discovery's long term impact.

Jeff Dahlgren
www.networkwarriors.com

Report this comment

BrightStarDec 31st, 2006 - 07:58:18

Well, in my opinion, If the PRICE of DVD / HD-DVD / Blu-Ray disc etc movies/medias were not so HIGH, then, probably, this WAVE could have been reduced a bit. But MAIN POINT here is that, ULTIMATELY someone will definitely crack, whatever ENCRYPTION or Secured System is used or placed, even if it were built with billions of dollars, cause, its in our nature to understand/decrypt everything as much closely as possible. Movie & other industries' developers who developed the previous super encryption 'CSS' for DVD, was also got broken/hacked. Why they are thinking it will not be same again, i wonder. Encryption WILL NOT and CANNOT stop people from stop watching movies or stop listening to music. It is not the main factor in this case. Encryption or Secured system, can only make it LITTLE HARDER, thats the only thing which will/can be achived, and expected. When movies can be sold with a PRICE TAG which is AFFORDABLE to a POOR PERSON and people who earns below AVERAGE, then, probably, only then, hacking might stop. 'Encryption' will still be broken even then, if not by at least, just for FUN or to show ACHIEVEMENT. Amount of PROFIT from selling these medias need to be in a range, for example, in between 1% to 33%, then that will be JUSTIFIED and REASONABLE. Of course this limit will VARY on different FACTORS, but should stay CLOSE. But when profit goes beyond that invincible border of within reasonable, then that is UNREASONABLE, which results in these hacking/DECRYPTION. Link to the his(?) article is http://forum.doom9.org/showthread.php?t=119871 . ~BrightStar.

Report this comment

ToniDec 31st, 2006 - 10:48:47

When will the companies understand that, by purchasing expensive copy protection systems, they are being lured in a fraudulent scheme?

Since we have general-purpose systems, copy protection is theoretically impossible. In order to allow legitimate users to access the product, you must provide the content, an implementation of the algorithm and the key. So you're also providing it for others. It's intrinsecally unsecure, no matter how obscurely you implement the decryption process. So it's only a matter of time until someone finds his/her way through.

A second step is cracking the actual code. Also, just a matter of time and more powerful computers. Although in this case the 'time' involved could be years (or millions of years ;) ), in real life this has not been the case still.

Have a nice new year, MPAA/RIAA.

Report this comment

BrightStarDec 31st, 2006 - 12:29:45

Since a bug of a media player is exploited (most likely ?), to extract the final keys (for decrypting the bottom layer encryption which is AES encryption), by partially breaking the AACS encrption (which stays on top of AES encryption,) by using a media player's key or decode key ... this process will allow currently existing 150 (plus couple of more in the pipeline, maybe) HD-DVD / Blu-Ray movies to be decrypted. But starting from the future new movies, that specific media player key/keys can be banned, thus it will fail to read/decrypt (AACS encryption of) any new movie, and this counter measure feature was already built into AACS encryption mechanism, to anticipate, that someone might get access to (player) key(s). Then again, some hacker will again find another player key which will again let the hacker decrypt movies, existing at that period -150. Then again, that/those key(s) can be banned, and new keys will be used for new movies. Looks like, cat and mouse chasing. But when (the bottom layer) AES encryption code itself, can also be decrypted (rightaway), then this chasing might finally stop or slow down, like DeCSS hack has done for CSS encryption on DVD movies. On the other hand, since the Blu-Ray disc mechanism can implement its own proprietary/custom encryption (BD+) also, as a second layer of protection other than the AES, will come into use then. Then again, CSS used positive list as player key in DVD discs, but AACS uses negative list in HDDVD/BluRay, so, some hacker can find a way to stay out of that. So the game of cat and mouse chase, goes on.

Another protection against piracy is, Win Vista's ability to utilize the new security mechanism to stop piracy by implementing fully AACP compatible hw/sw chain/stack. Which makes me think twice, if i should upgrade to Win Vista, when i will not be able to make even one backup copy, of my own/purchased movie, what if, it gets damaged by someone by accident, thus render it faulty ? And i thought, i'm allowed to, and, have my right to protect, which is/are under my custody or owned by or licensed to me ? If i'm not allowed to make one backup copy, then, i expect, i must/should receive a fresh movie in case of any damage, from the hd-dvd/bluray movie studio, who released it. Doesn't that sound fair ? Is there any law or 'people's fair right act' - PFRA, like DMCA ? Looks like my government, which is for protecting people's right, instead, protecting corporations, amazing. If corporations can have right, then people must have right, over and above them. When laws are actually illegal laws, where people are not over and above the corporation, then, these kind of hacking will be kept on by the hackers.

Report this comment

KWDec 31st, 2006 - 22:43:17

Putting it simply - If I purchase a film, I want to be able to watch it when and where I like, instead the film companies try screwing us for ever penny they can. To often the film companies use the pretext of piracy to force these ridiculous measures on us, when in fact how can I be a pirate when I already own the film and have absolutely no intention of distributing it - all I want is to be able to watch it on my PC or mpeg4 player - its only thanks to the endeavours of people like Muslix64 that allow me to do this.

Piracy is actually a farcicle issue, the film companies say it loses them money - do they not realise that 99% of people with illegal copies would not have brought the product anyway, so how can they lose something which they never had or were going to get?

So Mr Film Company - stop whinging, stop trying to rip us off and finally give the consumer what they want, in the end you'll find it much more profitable.

Report this comment

ZOMGJan 1st, 2007 - 00:39:50

HAX!!!!!11ONE!!

Report this comment

SolitoNJan 1st, 2007 - 00:45:16

Not to sound pessimistic or defeatist, but all software security schemes will eventually be circumvented, no matter the complexity. This statement was made by an engineer for an anti-virus software company (I can't remember which one). In his words, securing software systems is a constant battle, but one that hackers/crackers will eventually win. I'm not sure WHY that is, cause he didn't elaborate, but it seemed to be a thoughtful comment rather than a pessimistic one...Kinda makes all these efforts at encryption or intrusion prevention (on PCs) seem futile...

Report this comment

supersnailJan 1st, 2007 - 09:23:44

The point I'd like to make is that if I BUY a DVD movie, that particular purchase is mine, I am free to do what I like with it so long as I don't make a profit out of someone else's work.

I AM FREE TO BACKUP MY DVDs. But with the encryption that is included on CDs and DVDs these days that is very hard to do with out some 3rd party software that has probably been hacked together as a crack and possibly illegal.

So who is infringing the law here? The movie/music corporations who wont allow me to back up my EXPENSIVE DVDs and CDs (especially if bought in the EEU), or the hacker that develops a routine that alows me to that which by law I am allowed to do.

Keep developing the HD DVD crack and port it soon to OS X please.

Report this comment

Bin WaitinJan 1st, 2007 - 10:08:56

Yay!! Happy New Year, Motion Picture Association of America!

Report this comment

Doh!Jan 1st, 2007 - 10:16:32

Quick! Somebody shut off the internet! Oh, man, who let that one slip?

It is futile to try to prevent people from sharing information. Security measures only provide a time frame where the technology is 'protected', sort of like the patent system.

That's the sound of 'Inevitability'

If the CIA let the Atom Bomb slip through their fingers, I don't think 'Kindergarten Cop II' has much of a chance... Ya know?

keep at it hackers, you are the only ones keeping us free.

Report this comment

page: 1

Add your comment

Monsters and Critics

Tech

Tech News

HD-DVD DRM copy protection broken

Headlines from The Tech Herald

Talkback

Most Popular Articles on M&C Today

Additional Headlines

In Monsters and Critics

Corporate

The Fine Print