Of course they will. But all we can talk about is what's available now. We don't now it it's one year, 2 years, 5 years or 10 years.

Probably between 2 and 3 is my best guess.
That sounds about right.

If that's the case, then it would be faster than CD, and about the same as DVD, IIRC.

do you really think hackers will look at BD+... or any sort of DRM and say "we give up"?

I said nothing about them giving up, I just said they would need to work twice as hard

Well, you think I took a position which I did not. I didn't say HD content should be distributed without copy protection. I said that we don't need too much copy protection. As long as we provide good enough safeguards so that large majority of people purchase content rather than steal it, our job is done. Putting more copy protection in there just antagonizes consumers, retarding the market growth.So you are saying copy protection is required, but you want to say the copy protection level that you have selected is the right level. An now you want to convince everyone that everything above that is "too much DRM"! Now where have I heard that before! This crusade against BD+ sounds like FUD at best. Actually, it is funny since I know you.

Yet they have all published using identical forms of copy protection in each format.BD+ was always going to be the second line of defense even though technically it is possible to use it independent of AACS. No surprise there. BD+ will be used when it is ready. Point is, it not possible on HD-DVD. No matter how you slice it, I get a feeling that your trying the same old arguments justifying the decisions HD-DVD made to come to market first. BDA made certain choices (better choices in my opinion: high bandwidth, higher capacity => good for consumers; better copy protection => good for studios), and got delayed because of that. Not quite unexpected.

There is no such fact. BD+ has not been deployed. You have to wonder why. And once it is deployed, what do you do if it is hacked the first day? Would you still say it is better? Oh, you are saying on paper it is better. I think we have heard that before :).It will be deployed when it is ready and required. You should also not worry about it because HD-DVD cannot use this line of defense. By the way, I don't think you have all the inside information about what is being done on BD+ on different fronts. I can bet you don't know much about what goes on inside of Sony regarding BD+ (correct me if I am wrong). Nobody has said BD+ is easy in any case. Your innuendos are getting tiresome! Try something new. Try hard facts, for example. I remember your BD50 science fiction. We all know how that turned out. :rolleyes:

By the way, if BD+ is deployed, and it is hacked on the first day, it will just mean either hackers are getting better, or someone is giving them information they need. Hmmmm! (j/k about the last part). In any case, it will be broken sooner or later. BD+ still remains the second line of defense until then. Put your best foot forward.

do you really think hackers will look at BD+... or any sort of DRM and say "we give up"?

From my reading of BD+, it sounds a lot like the systems used by the Satellite vendors encryption cards, at least similar to DirecTV. A long time ago I had a friend who was very into satellite card "programming" (as they like to call it). Basically the cards ran small bits of software and had some amount of non-volatile memory.

Occasionally the satellite company would send bits of code down the stream to execute on these cards which were called (by them or by the hackers) "ECMS" (electronic counter-measures). When modified cards ran these programs they would "crash" the card which then required various measured to "reboot".

For a long time the piracy was relatively easy and people were modifying cards and using them for months & years. But a few years ago the frequency of ECMs increased as the satellite vendors tried to crack down, and it become a constant arms race.

Basically if you want to keep a modified satellite system going today, its pretty much a full-time job and you'll experience a lot of downtime as each new ECM takes various time to find a workaround, so you will have free TV maybe 80% of the time and probably spend hours a day and quite a bit of $$ on keeping up with the whole thing. I get the impression that they have very successfully shut down casual signal pirates using these methods and only the most hardcore are still around in that community.

So if BD+ is a similar scheme, the big difference is that the BD+ encoded titles themselves are the carriers of the "ECMs". So when a new title comes out, if a user has a modified piece of hardware, trying to run that title will cause their player to crash (not sure how permanently). So word would quickly spread on the internet "Don't try to boot title X if you have modified your player with hack Y" or something. Then days/weeks later someone would have a new hack that makes it safe to play that title and things proceed.

So in a lot of ways, if this is the case, BD+ would be easier to avoid than satellite ECMs because the user choses when to load new software, rather than it coming down from the sky whenever the box is turned on.

I am very curious how a secure BD+ virtual machine can be created on a PC player at all. One of the reasons that it works on the satellite boxes is because its embedded in a card and its difficult to extract the actual code running. But it seems realtively easy to extract code running on a PC. So it would seem that the source code or whatever for the BD+ virtual machine would be an easy target for pirates and therefore make it easier for them to work around/emulate.

I am very curious how a secure BD+ virtual machine can be created on a PC player at all.

Maybe someone will even use the BD+ VM to sniff AACS media key. Who knows? :)
Someone say BD+ is good because it brings content. I say without BD+ studio would still have to publish on bluray/HD DVD.

Actually, I am willing to discuss fair amount. And I will do so with a more extensive posting here later. It would be great if paidgeek engages but something tells me it is difficult for him/her to do so....

Yup, this is the crux of the misunderstanding. Without knowing what kind of lock BD+ provides, you have no way of determining its true effectiveness. I will post later on how the system works to shed more light on this (have to go to Doctor for the terrible cold I have come down with :().

Amir, these insinuations as to Paidgeek's tech savvy are just not cool. I'd certainly prefer if you answered my own raised points (http://www.avsforum.com/avs-vb/showthread.php?p=9299693&&#post9299693) with a greater frequency; it seems that when it's not convenient or in the best-image interests of Microsoft for you to reply to questions or comments raised, you simply do not.

And that second quote just says it all; after all the song and dance so far as to the 'weak underpinnings' of BD+, just more cloak and dagger from you. I really do hope you shed some light - some real light - such that those of us with an understanding of these technologies can judge for ourselves, rather than simply giving scraps of information and then informing everyone what conclusions they should "obviously" reach from said scraps are. If there's info to be put on the table, just put it on the table. If there's not, then please, no more leading and teasing.

By the way, on the side I hope you feel better from your cold.

Indeed, hope you feel better amir, i am just now recovering from a nasty cold which lasted nearly a week!

Yup, this is the crux of the misunderstanding. Without knowing what kind of lock BD+ provides, you have no way of determining its true effectiveness. I will post later on how the system works to shed more light on this (have to go to Doctor for the terrible cold I have come down with :().

Several posts seem to ignore the fact that the BD+ program is included on the same disc it is designed to protect. If the code is poorly written, it only makes the disc vulnerable that contained the BD+ program in the first place. It is mis-leading to say that BD+ adds vulnerability to Blu-ray. You may be able to make your own disc more vulnerable, but not someone else's.

BD+ was always going to be the second line of defense even though technically it is possible to use it independent of AACS.


Are you sure that BD+ VM will not open more windows/holes in the PC environment?

BD+ hasn't even been deployed so it can't be hacked. my understanding is that BD+ will be deployed in the event of widespread copying - which means that AACS has already been cracked.

Remember that this "backup" software is not actually backup software. All it is is an implimentation of the publically available AACP spec. This is something that could have been readily accomplished long before now. What is not provided is what the AACP is actually all about -- the keys.

He apparently managed to ferret out the title key by examining the memory of a newly released software HD playback program. However, this possibility is something that the AACP design is predicated on. You can be quite certain there will be serious communications with that software company (who were obviously not thinking very clearly) and other developers will be required to be far more careful. In addition, that player will almost certainly be shut down.

Ultimately, all that "backup" program will consist of is exactly what it is right now -- an implimentation of the publicly available AACS spec. In other words, AACP has NOT been cracked, except in the sense of a temporary leak. Actually, the timing is very good since it places all on guard (and notice) -- especially the software player developers.

In this case BD+ will provide an additional layer of security for BD, whereas hd dvd has none left.

But if BD+ hasn't been deployed, the discs face just the same limited potential vulnerability as any other disc using AACS. BD+ will only be useful to ensuing generation releases. And as noted above, AACP is still intact -- the only way AACP key protection can truly fail is if valid keys become readily available and new ones leaked following assignment, and there's no reason to suppose that's likely to happen.

But if BD+ hasn't been deployed, the discs face just the same limited potential vulnerability as any other disc using AACS. BD+ will only be useful to ensuing generation releases. And as noted above, AACP is still intact -- the only way AACP key protection can truly fail is if valid keys become readily available and new ones leaked following assignment, and there's no reason to suppose that's likely to happen.

Trevor, exactly. But that ability to roll it out on future generations of discs is precisely what makes it viable as a second line of defense. Thus when AACS gets cracked, it's not BD that's been cracked as well, but BD 'pre-BD+' titles. When BD+ implementations get cracked, their effect is limited, and future discs are again protected until new cracks come out.

There will always be hackers that can stay ahead of the game, but when the effort needed to do so goes to that level, you will be able to weed a lot of the 'NetFlix' piracy out. It simply will not be the point-and-click ease with which the 90%+ of current casual pirates are able to do it with DVD Decrypter. When you start jacking up the effort required to pirate, the casual pirates go to retail. The hardcore will always succeed, but they form a much smaller base of lost revenue.

I have no rational or logical basis on which to judge analogies from either side.

Why not just let your own common sense, the known facts, and the logic of the presented arguments direct your view? Consider all the posts and information divulged by both Paidgeek and Amir. If in the end, your common sense and analysis of Paidgeek's position seems reasonable, then you support his view. If your common sense and analysis of Amir's position seems reasonable, then support his view.

I am very curious how a secure BD+ virtual machine can be created on a PC player at all. One of the reasons that it works on the satellite boxes is because its embedded in a card and its difficult to extract the actual code running. But it seems realtively easy to extract code running on a PC. So it would seem that the source code or whatever for the BD+ virtual machine would be an easy target for pirates and therefore make it easier for them to work around/emulate.
That's exactly it, once something hits personal computers there are no limits.

If there was a way to bet whether or not Lord of the Rings or Star Wars would hit the torrent sites in 1080p shortly after the release of those movies on either format I would put a couple paychecks on YES right now.

Every studio is way too freaked out right now IMO. Amir seems to convey to me that Microsoft understands at least my point of view which is that I certainly have the means and the know how to take advantage of pirating techniques developed by others but my time is valuable and I'm more than willing to pay for HD movies if someone can deliver them to me with a minimal amount of hassle and especially without trojan programs running on my computer should I choose to view those titles on that platform.

I want to make it clear that I do NOT think AACS has been compromised. my point is that BD+ can be deployed on future discs to secure content IF AACS has been compromised. how can BD+ weaken AACS if AACS has already been cracked?

Steve:

I made a similar comment on another forum last night :D

Cheers,

Feeble minds think alike!

Oh For God's Sake! Just Give Us Mmc Now And Be Done With It!

There are too many posters on this forum that read certain statements on the internet and think that they themselves have gained the ability to speak authoritatively on the matters at hand because they think they are correctly parroting those claims.
I know what you mean - I used to walk around saying that Blu-ray 50GB discs were never going to happen, but I was completely misguided by a few posters on here.

Why not just let your own common sense, the known facts, and the logic of the presented arguments direct your view? Consider all the posts and information divulged by both Paidgeek and Amir. If in the end, your common sense and analysis of Paidgeek's position seems reasonable, then you support his view. If your common sense and analysis of Amir's position seems reasonable, then support his view.This would be the right way to go about on open forums!

Also, we can read up on whatever pieces of documents are available. But as far as BD+ is concerned, there are many unknowns because apart from the basic control-flow (if you will), there are things that the BD+ program on the disc can do and it will depend a lot on that code.

One thing I learned researching this... The player key is unique to the individual player, NOT just the version/model of the player. So, it seems it's gonna be somewhat hard to track down which individual copy of PowerDVD 6.5 with HD it was and revoke that key. I suppose they could decide to revoke ALL 6.5 keys though when Cyberlink releases 6.6. This would be a pain, but would be feasible with PC software, especially if there were a message that pops up telling the user to do the upgrade. It would be much harder with standalone players, but it's unlikely many of the future hacks will be with standalone players.

AACS allows for either unique keys based on versions or on individual systems. The system owner has the option to choose either one with certain requirements for each method. Likely a software player would opt for a unique key per version not per unit sold. The reason being is that if a software player can be hacked any of the units sold can be hacked and it would be simpler to release an upgrade with a new key and revoke the older version completely.

BTW the "hacker" did nothing to hack the software. We also at this point don't know if it is PowerDVD or winDVD. The software has a critical flaw in that it keeps the title key in memory as plain text. This essentialy is a poor handling of cryptographical information. The author simply "finds" the title keys in memory likely by either a memory dump or using a debugger. The software itself is flawed and will need to be replaced. Revoking the author's key would be useless as the flaw exists in every copy sold. This is a good indicator why most software players will likely have one key per version. This version needs to be replaced with one not having the key memory flaw and it's current device key revoked.

I know what you mean - I used to walk around saying that Blu-ray 50GB discs were never going to happen, but I was completely misguided by a few posters on here.

I am surprised at how many people got PhDs in Cryptography and Electronic countermeasures overnight after this news broke out. I see everyone from a particular camp hypothesizing and theorizing on the benefits and weaknesses of various DRM schemes and questioning the claims of known "insiders" in the field.

I don't find this funny, but I find it as another glaring example of how blinded people become when fighting for their biases. I cannot believe the hordes of fanatics praising overbearing DRM schemes without knowing the ins and outs of it. :confused: :rolleyes: :(

There will always be hackers that can stay ahead of the game, but when the effort needed to do so goes to that level, you will be able to weed a lot of the 'NetFlix' piracy out. It simply will not be the point-and-click ease with which the 90%+ of current casual pirates are able to do it with DVD Decrypter. When you start jacking up the effort required to pirate, the casual pirates go to retail. The hardcore will always succeed, but they form a much smaller base of lost revenue.

Recognizing this thread is mostly opinion and conjecture (both sides of the fence), I'm expecting that AACP key protection (given appropriate ccoperation on the part of CE participants) will be adequate to prevent all but the very serious attackers, thereby achieving the same end -- minimizing impact on revenues.

It seems to me, the more ongoing effort (spelled expense) the vendor has to expend in order to achieve a high level of protection, the more unit volume will be required in order to offset said expense. When it's felt necessary to update the defenses with every release, I would guess a state of diminishing returns is settling in and it's time to re-evaluate the strategy. It could easily be cheaper to allow a slightly higher rate of loss.

Also, if Amir's view is correct, that the VM itself can be turned into a loop hole via a Trojan Horse, then that whole house of cards collapses. Still, all conjecture.

Are you sure that BD+ VM will not open more windows/holes in the PC environment?lymzy, you have made several posts on this. Sorry for not replying earlier. I had to go through a lot of posts!

I fully agree with your hint. The BD+ VM is the key to this. If that is not secure, then all bets are off. No other process should have access to any resources used by the VM (at least not in plain view), and only program that can be run by the VM should be the one on the disc (in other words, there should not be a way to fool the VM into running arbitrary Java code) -- just a couple of examples. I would assume that would be the goal. And we can gather that much info from public documents. Now, how is this implemented is the question, isn't it? PC definitely is a difficult platform as far as security is concerned. I would think it is much easier on SoCs. I have a feeling that BD+ on PC will take some time! :)

The second line of questions many of us have is about the BD+ code on the disc itself. In my opinion, it is more about the fears of it doing something evil (or false positives). I don't think we will know about this until it is finalized. I have a feeling this is one of issues being discussed for the final agreement. However, from security point of view, it is only good or bad for that particular disc.

All these arguments aside, I think AACS is beautiful. It will be a hard nut to crack. It is the player implementation that is faulty. Problem is, there will always be a faulty player implementation. Same goes for BD+ implementation. In the modern world, all that a copy protection tries to do is to provide a barrier to cross, and a hindrance. With BD+ the possibility is that each disc can provide a new barrier to cross, or at least a new hindrance. The BD+ VM implementation is the key, though.

Recognizing this thread is mostly opinion and conjecture (both sides of the fence), I'm expecting that AACP key protection (given appropriate ccoperation on the part of CE participants) will be adequate to prevent all but the very serious attackers, thereby achieving the same end -- minimizing impact on revenues.

I don't disagree; in that scenario I doubt BD+ would ever be put into play. But it's an option the studios have to fall back on, and options are something that no doubt they view positively. ROM-Mark also is a big plus, something that I feel I must consistently highlight in this thread.

It seems to me, the more ongoing effort (spelled expense) the vendor has to expend in order to achieve a high level of protection, the more unit volume will be required in order to offset said expense. When it's felt necessary to update the defenses with every release, I would guess a state of diminishing returns is settling in and it's time to re-evaluate the strategy. It could easily be cheaper to allow a slightly higher rate of loss.

Depends on the title I imagine; with the right coders at the right price the incremental cost wouldn't be *too* large I imagine, but yes you're right that this is not something the studios would want to mess with more than they have to. Granted if it did get rid of that large casual pirate base, they may think it worth it anyway. This is all in the future mind you, under an assumption that HD optical formats have taken hold and volumes are 'mass.'

Also, if Amir's view is correct, that the VM itself can be turned into a loop hole via a Trojan Horse, then that whole house of cards collapses. Still, all conjecture.

Well I think there needs to be some clarification on this. It's not the studio DRM/IP protection scheme that collapses per se, rather it's a potential security vulnerability that's opened up on the playback device... and really we're talking mainly about the PC here. Another one of the reasons of course why MS has been so tepid about Java and Vista. Like I've been defaulting to BD+ being a potentially strong defense against pirates, I will default also to it leading to potential exploits on the desktop. But this thread is about the studios and my posts have been in that context.

I don't think any of the BD studios want to use BD+ unless they need to; but they have chosen to have that 'nuclear' option available to themselves.

Amir, these insinuations as to Paidgeek's tech savvy are just not cool. I'd certainly prefer if you answered my own raised points (http://www.avsforum.com/avs-vb/showthread.php?p=9299693&&#post9299693) with a greater frequency; it seems that when it's not convenient or in the best-image interests of Microsoft for you to reply to questions or comments raised, you simply do not.

And that second quote just says it all; after all the song and dance so far as to the 'weak underpinnings' of BD+, just more cloak and dagger from you. I really do hope you shed some light - some real light - such that those of us with an understanding of these technologies can judge for ourselves, rather than simply giving scraps of information and then informing everyone what conclusions they should "obviously" reach from said scraps are. If there's info to be put on the table, just put it on the table. If there's not, then please, no more leading and teasing.

By the way, on the side I hope you feel better from your cold.

If you are so knowledgable, as you claim. Why don't you explain exactly how BD+ works? If you can , of course'. Why do Amir or paidgeek have to do it if your an expert on the subject?

If you are so knowledgable, as you claim. Why don't you explain exactly how BD+ works? If you can , of course'. Why do Amir or paidgeek have to do it if your an expert on the subject?

Trgraphics, read my posts in this thread. Read all of them, because I already addressed your question as well. If you don't understand them, then leave it alone. I don't 'claim' to be knowledgable; my proof is in the pudding. I'm not an A/V insider, but you better believe I understand technology. Can you say the same? The onus is on Amir to describe now why he feels BD+ as it is spec'd would be 'weaker' than what one would understand a typical virtual machine running self-contained code to be capable of. He says that he will shed light on this; let's see the light be shed.

When Amir responds to posts, receives a counter-response, and doesn't answer... perhaps your accusing 'Gaze of Sauron' should be pointed elsewhere in terms of where 'easy' facts might be coming from.

Do you expect any major movement from studios? this news happened just before CES 2007. Will Universal shift their position becoming neutral? Will Warner or Paramount become blu-ray exclusive? What do you think? discuss! civilizedly!


Depends on how AACS deals with the issue.

Ofcourse as such, this "break" means nothing if others can't reproduce the hack. And then if AACS can quickly repulse the attack, studios would actually like AACS and start to trust it.

ROM-Mark also is a big plus, something that I feel I must consistently highlight in this thread.

What would the advantage be to having ROM-Mark in the specific situation being discussed? (Decryption to HDD.)

I don't think any of the BD studios want to use BD+ unless they need to; but they have chosen to have that 'nuclear' option available to themselves.

Actually, I understand only Fox made that choice. The others had other reasons probably related to early expectations of BR market ascendancy.

I don't think any of the BD studios want to use BD+ unless they need to; but they have chosen to have that 'nuclear' option available to themselves.

And why is BD+ a "nuclear" option ? Are you asserting that it is unbreakable ? :p

What would the advantage be to having ROM-Mark in the specific situation being discussed? (Decryption to HDD.)

There are a lot of situations being discussed; apparently there is no consensus on what this thread is even about. I maintain though that the original premise is: What do studios consider when a DRM scheme is potentially hacked

And to that I answer: they consider security. In that setting, ROM-Mark provides a very real advantage. No, not against 'ripping' though.

Actually, I understand only Fox made that choice. The others had other reasons probably related to early expectations of BR market ascendancy.

Only FOX, pushed it... that we know... but they all made the choice. Otherwise, it just simply wouldn't be included.

And why is BD+ a "nuclear" option ? Are you asserting that it is unbreakable ? :p

I am asserting that it's results are unpredictable on the whole. But yes, powerful from a DRM standpoint.

(And how would I be asserting that it is unbreakable? I'm going to guess that you also have not read this thread all the way through... like the parts where I and others address what happens when it's broken)

do you really think hackers will look at BD+... or any sort of DRM and say "we give up"?

This is how I feel about the whole issue, and why the whole thing is as non-eventful to me as a rather boring event comparable to going out and buying socks.

There will ALWAYS be hackers, and as the technology gets smarter, so will the hackers.

While a full album of MP3s can be downloaded very fast on a DSL/Cable/FIOS connection or a few hours on dial-up, and video/DVD rips take considerably longer, an HD-DVD (15gb/30gb) or Blu-Ray (25gb/50gb) disc would take CONSIDERABLY longer for those in the majority of areas... and probably will for years to come when HD DVDs (or Blu-Ray) titles could be found fairly cheap in stores.

~Alan

Trevor you double posted; my response is above.

I am not Amir, but I can see where he's coming from on this, though I don't necessarily agree. If there is a software solution which expects a handoff of AACS-protected data and then goes directly to decode and from there directly to display, you have 1) the handoff, 2) the decode-to-display to protect. Two "chinks" in the armor, but if those capabilities are built into something fundamental and very protected like the OS kernel, or better yet hardware, they are reasonably safe. Or as safe as any secrets can be on a reasonably open-platform PC.

However, if you add in another stage to the process, such as "Run VM programs on the AACS data before sending it to the decoder" or "Run VM programs on the decoded data before it gets sent to the display", you've added another potential chink or two in the armor. In each case, you're intercepting data away from the "known good" and presumably very security-hardened AACS solution path and each potentially provides a new method for enterprising "enthusiasts" to use to get at the data.

Microsoft can update Windows all the time, so even if a vulnerability is found in the kernel operations for AACS or video decode, Service Pack 12 (which fixes a bunch of other important problems) can include fixes for the AACS stuff by default. However, if BD players are third-party software, MS cannot in good conscience include things in their Service Packs to disable it: tinkering with third-party software without user permission could get them sued, or at the very least accused of malware.

I am very surprised the software solutions jumped the gun on this: I expected them to wait for Vista, as it has, from what I have been told, more hooks into things like hardware protected memory (which users would not be able to freely access from the OS, thus making the current hacks impossible). But I suspect that they were under pressure to produce something which would work on people's machines out there ASAP, and since Vista's late they had to go with what they could do in XP.

I am asserting that it's results are unpredictable on the whole. But yes, powerful from a DRM standpoint.

Yes, it is unpredictable. Thats what makes it unacceptable on a HTPC. See my question about it in the insider thread ...


And how would I be asserting that it is unbreakable?

Because of the use of a strong term like nuclear ...

I'm going to guess that you also have not read this thread all the way through... like the parts that address what happens when it's broken

I'm going to guess that you are a newbie at AVS. We have been discussing BD+ for many many months. There are only questions about it and no answers.

Only FOX, pushed it... that we know... but they all made the choice. Otherwise, it just simply wouldn't be included.

That would be true in the case of the HD-DVD Forum, but it's not at all clear for the BDA. My guess would be Sony would have done whatever they reasonably could to bring Fox aboard. There's no reason to presume a voting procedure by which they all chose it. As you said, BD+ is nothing more than an option.

I am very surprised the software solutions jumped the gun on this: I expected them to wait for Vista....

Very true. Infact as you probably remember we were discussing that XP s/w solutions would not be available. Now PowerDVD maker will face some music and probably stiff penalty ....

As they say, Fools rush in where angels fear to tread ....

Yes, it is unpredictable. Thats what makes it unacceptable on a HTPC. See my question about it in the insider thread ...

Or why don't you see my post #278 in this thread?

Because of the use of a strong term like nuclear ...

It was between nuclear and Pandora's Box; I chose nuclear because it gives the proper emphasis for why studios would want it.

I'm going to guess that you are a newbie at AVS. We have been discussing BD+ for many many months. There are only questions about it and no answers.

Who's "we?" Not me. You're right, I am new, but not green...

I've posed questions to Amir; they are straightforward. He says that he will provide insights into the BD+ framework. Let's see them. If it indeed looks weak, it will be obvious to anyone with any knowledge on the subject, and I'll be the first to admit it. But until then, BD+ = dynamic encryption scheme running self-contained code on a virtual machine is what I'm going on. And that is not 'weak' DRM. It's a PC security risk, which I readily acknowledge, but it's not weak DRM.

Trgraphics, read my posts in this thread. Read all of them, because I already addressed your question as well. If you don't understand them, then leave it alone. I don't 'claim' to be knowledgable; my proof is in the pudding. I'm not an A/V insider, but you better believe I understand technology. Can you say the same? The onus is on Amir to describe now why he feels BD+ as it is spec'd would be 'weaker' than what one would understand a typical virtual machine running self-contained code to be capable of. He says that he will shed light on this; let's see the light be shed.

When Amir responds to posts, receives a counter-response, and doesn't answer... perhaps your accusing 'Gaze of Sauron' should be pointed elsewhere in terms of where 'easy' facts might be coming from.

I am most certainly not an expert in this field. Just a poor laymen trying to understand if I should stop buying HD disks.:) just kidding.

The more open the discussion, the better. I just don't feel that insulting true insiders is a way to get that information. A true insider is obviously handicapped on what they can say. And to take that as not knowing the subject matter or not being willing to divulge as many details as you would like,is to me, insulting to that person.

I'm sure you probably work for someone somewhere and they probably wouldn't appreciate you talking openly about their intimate business details either. NDA's are no laughing matter, if you have ever had to sign one. I do quite often and I take them very seriously, as should anyone.

I'm sure you probably work for someone somewhere and they probably wouldn't appreciate you talking openly about their intimate business details either. NDA's are no laughing matter, if you have ever had to sign one. I do quite often and I take them very seriously, as should anyone.

I've signed them, issued them, and yes I do take them seriously. This conversation can function on a very high level IMO and take place without any NDAs being broken, because the technologies are all understood. Or at least... they seem to be. Amir keeps alluding to 'if we only knew how weak it was...' type stuff, which normally I would just brush aside - because no, I don't want or expect anyone to break NDAs - except then he goes on to say that he in fact will expound on this point.

Well, great! I'm ready for the exposition if and when it takes place.

<cut>...and since Vista's late they had to go with what they could do in XP.So it is Microsoft's fault! :p :)
j/k


Nice explanation of the PoV, by the way. Wonder why Amir can't do the same! :)

So it is Microsoft's fault! :p :)
j/k


"Luke, you're going to find that many of the truths we cling to depend greatly on our own point of view." :D


Nice explanation of the PoV, by the way. Wonder why Amir can't do the same! :)

Because I like to speak in vague generalities and he likes to offer real tangible details? :)

... true insiders ...What if 'true' insiders are not telling the truth? That's why we have checks and balances on this forum in the form of 'non-true-insider' experts.

Another thing: Nobody should be insulted. Not just the insiders. Sometime this rule is very hard to follow when someone keeps on insulting your intelligence. But we do have to follow this rule. I would readily apologize to Amir if my tone to him is insulting (I don't think it is, though).

Because I like to speak in vague generalities and he likes to offer real tangible details? :)Maybe I am getting too personal on Amir, so I will leave it at that. I would say this though: His posts on this subject were less tangible collectively than your one post. Yes, it is about the PoV, I agree. And may be, our perception. Once (or many times) beaten, (at least) twice shy! :)

However, if BD players are third-party software, MS cannot in good conscience include things in their Service Packs to disable it: tinkering with third-party software without user permission could get them sued, or at the very least accused of malware.My understanding is that Vista can revoke drivers that are leaking "premium" content such as BD or HD-DVD.

Market growth without profit is useless.
Wasn't that the whole point of the Xbox? To get a piece of the market, knowing it wouldn't turn a profit?

As for the 'hack', I think it exploits the biggest hole in AACS and any form of copy protection or security for that matter....human error. The guy got lucky this time and found a mistake right away. Can it be fixed? Sure. Will it happen again? Of course. Pobody's Nerfect.

One thing I learned researching this... The player key is unique to the individual player, NOT just the version/model of the player. So, it seems it's gonna be somewhat hard to track down which individual copy of PowerDVD 6.5 with HD it was and revoke that key. I suppose they could decide to revoke ALL 6.5 keys though when Cyberlink releases 6.6. This would be a pain, but would be feasible with PC software, especially if there were a message that pops up telling the user to do the upgrade. It would be much harder with standalone players, but it's unlikely many of the future hacks will be with standalone players.AACS allows for either unique keys based on versions or on individual systems. The system owner has the option to choose either one with certain requirements for each method. Likely a software player would opt for a unique key per version not per unit sold. The reason being is that if a software player can be hacked any of the units sold can be hacked and it would be simpler to release an upgrade with a new key and revoke the older version completely.

BTW the "hacker" did nothing to hack the software. We also at this point don't know if it is PowerDVD or winDVD. The software has a critical flaw in that it keeps the title key in memory as plain text. This essentialy is a poor handling of cryptographical information. The author simply "finds" the title keys in memory likely by either a memory dump or using a debugger. The software itself is flawed and will need to be replaced. Revoking the author's key would be useless as the flaw exists in every copy sold. This is a good indicator why most software players will likely have one key per version. This version needs to be replaced with one not having the key memory flaw and it's current device key revoked.
OK, that makes more sense. One key per version for a software package is a logical choice. One key per individual unit for standalones may make sense too, although it'd probably be difficult to track down individual standalones too. However, if they could track down individual standalones and revoke their keys individually, that'd be a good way to kill modded units without p!ssing off everyone else who happens to have the same (but non-modded) model.

So, how would they track down an individual standalone? Aside from very PC-based standalone solutions, would it even matter?

Or is this individual key thing something that will be used to prevent cloning of hardware for knock-off standalones?


I am not Amir, but I can see where he's coming from on this, though I don't necessarily agree. If there is a software solution which expects a handoff of AACS-protected data and then goes directly to decode and from there directly to display, you have 1) the handoff, 2) the decode-to-display to protect. Two "chinks" in the armor, but if those capabilities are built into something fundamental and very protected like the OS kernel, or better yet hardware, they are reasonably safe. Or as safe as any secrets can be on a reasonably open-platform PC.

However, if you add in another stage to the process, such as "Run VM programs on the AACS data before sending it to the decoder" or "Run VM programs on the decoded data before it gets sent to the display", you've added another potential chink or two in the armor. In each case, you're intercepting data away from the "known good" and presumably very security-hardened AACS solution path and each potentially provides a new method for enterprising "enthusiasts" to use to get at the data.

Microsoft can update Windows all the time, so even if a vulnerability is found in the kernel operations for AACS or video decode, Service Pack 12 (which fixes a bunch of other important problems) can include fixes for the AACS stuff by default. However, if BD players are third-party software, MS cannot in good conscience include things in their Service Packs to disable it: tinkering with third-party software without user permission could get them sued, or at the very least accused of malware.

I am very surprised the software solutions jumped the gun on this: I expected them to wait for Vista, as it has, from what I have been told, more hooks into things like hardware protected memory (which users would not be able to freely access from the OS, thus making the current hacks impossible). But I suspect that they were under pressure to produce something which would work on people's machines out there ASAP, and since Vista's late they had to go with what they could do in XP.
Are you suggesting that had Vista been released already, they wouldn't have bothered with an XP release? That doesn't make sense to me, as the vast majority of the installed base will be XP for quite some time to come.

Then again, you could be right. I'd wager that OS X 10.4 Tiger will never get HD playback software, at least from Apple, but that it will be widely available on OS X 10.5 Tiger. However, these types of OS-selective releases tend to be more common on OS X than on Windows.

As others have reported, it is not AACS that has been hacked. It's the PowerDVD 6.5 that had a large gaping security hole in that the final codeword(s) (key) after the hashing and after elliptical cuve --- that final thing that is needed to feed to the AES cipher is visible in system memory.

If this is indeed what happened, cyberlink just got a huge problem of the same magnitude as Xing got themselves into.

As for methods to scan memory, all you need is a flat selector that has access to all linear memory, since the pre-hash keys are on the disk, as long as you know what they are, you can scan for those first in memory and just sort of look at the neighboring bytes.

Are you suggesting that had Vista been released already, they wouldn't have bothered with an XP release? That doesn't make sense to me, as the vast majority of the installed base will be XP for quite some time to come.


I'm suggesting that it could have been done that way, and that's the way I expected it to turn out. While it's true the installed base of Vista would have been small and grown slowly, I think it would have easily kept pace with the installed base of HD DVD and BD drives-- would the nuts (and I use that term with affection) who spent the last month hacking away at old versions of PowerDVD and WinDVD registry entries just to get the Xbox360 HD DVD add-on to work have balked at purchasing Vista to get playback capability, if Vista had been available? I doubt it.

What I was saying is that Vista has (much-maligned) security capabilities which I thought would be used to make the software immune to this kind of thing, and I am surprised (though not shocked) that Cyberlink and Intervideo took the DRM risks of releasing prior to Vista. I suspect they were talked into it by the BD and HD DVD teams, who really wanted to be able to claim a win in the PC space as soon as possible-- what good would the Sony and Toshiba laptops have been if they came with a big disclaimer: "[Blu-ray|HD DVD] capabilities not available until the debut of Windows Vista! Coming soon!"

As it was, I'm sure they had no objection to taking the money at the insistence of Tosh and Sony that XP would be fine for their solutions, and once that camel's nose was in the tent...

I'm suggesting that it could have been done that way, and that's the way I expected it to turn out. While it's true the installed base of Vista would have been small and grown slowly, I think it would have easily kept pace with the installed base of HD DVD and BD drives--
Yes, but the two groups might not overlap as much as you may think.

would the nuts (and I use that term with affection) who spent the last month hacking away at old versions of PowerDVD and WinDVD registry entries just to get the Xbox360 HD DVD add-on to work have balked at purchasing Vista to get playback capability, if Vista had been available? I doubt it.
I see the PC crowd as vastly different from the AVS Forum crowd.

I fully expect an HD DVD-ROM drive + HD DVD playback software to be available in 2007 for $149. That IMO would entice a fair amount of people to buy the drives plus software for playback on their 24" Dell monitors or whatever. The same would not be true if they would have to spend another $200 or whatever to buy and install Vista, and kill compatibility with a bunch of their Windows programs in the process.

What I was saying is that Vista has (much-maligned) security capabilities which I thought would be used to make the software immune to this kind of thing, and I am surprised (though not shocked) that Cyberlink and Intervideo took the DRM risks of releasing prior to Vista.

I don't know of anything in Vista that would have stopped this exploit. This was piss poor programming. It's that simple. The programmer left cryptographic data in plain text in main memory. A simple memory dump is all that is needed to find the necessary data. Vista would have done nothing to stop this.

The programmer needs to be fired along with the QA team. This is like a first year CS student mistake. The same problem would occur if you were running any type of cryptographic system and you leave a "secret" key open for snooping (SSL, PGP, game ecryption, any DRM, file ecnryption, etc).

To fix this the publisher simply needs to release a new version that protects the keys better and revoke the key for the current version. New HD DVD will include the revoked key in their blacklist thus making playback on the flawed version impossible. This does nothing to protect the 150+ HD DVD titles plus possibly 100+ BD titles. It will however make future titles immune from this problem.

If you took this version of the playback software and ran it on Vista you could extract the key from main memory exactly the same way you would in XP.

I maintain though that the original premise is: What do studios consider when a DRM scheme is potentially hacked

Anything can be "potentially" hacked. Right now, BD+, alive or dead, could be "potentially" hacked. That's what hackers do, THEY HACK.

I feel the need to ask this again, because the champions of "DIE HD DVD" can't seem to answer this yet.

Is there a video of this guy dropping this movie to a burned HD DVD, and playing it in a standalone player?????????

Because if there isn't, then it's relatively safe to say that Universal, and Warner, and Paramount aren't sitting in their office corners shaking in disbelief thinking the average joe 6 pack is going to somehow magically be able to copy all his Netflix movies or download them from **********.

(Disclaimer, Michael Mullis and all entities of Michael Mullis Enterprises do not condone the illegal use of ********** or any other P2P method of downloading material) :)

Bottom line, once again. Some guy got his PC software to play a movie he copied off of an HD DVD after doing some hacking. This isn't someone dropping their HD DVD into their Pioneer DVD replicator and then returning the movie to Best Buy knowing they got the best of the big movie companies.

By the way, the guys over at Digital Bits have an interesting take on this situation:

http://www.thedigitalbits.com/#mytwocents

So basically, what we're likely about to witness is the AACS system demonstrating its own deliberately built-in ability to take a bullet and self-heal for the very first time in a real world situation. Fascinating.

There's much more than that, but I found this sentence quite interesting.

I don't know of anything in Vista that would have stopped this exploit. This was piss poor programming. It's that simple. The programmer left cryptographic data in plain text in main memory. A simple memory dump is all that is needed to find the necessary data. Vista would have done nothing to stop this.

...

If you took this version of the playback software and ran it on Vista you could extract the key from main memory exactly the same way you would in XP.

This version? Certainly! My point was that a Vista-only version could have been more secure if it used HW virtualization to run the app in its own protected memory space. Reading up more on the matter, though, I'm not sure how much of Trusted-Platform is making it into Vista, so it's possible it would have been a wash.

And that is not 'weak' DRM. It's a PC security risk, which I readily acknowledge, but it's not weak DRM.

PC security risk = National Security Risk (according to homeland security). Forget about DRM ... that can actually result in real nuclear secrets being stolen. Or have you forgotten about "since nobody has heard about rootkit, it is not a problem" kind of mentality that some BD group members have ? How can you trust those guys to do the right thing when it comes to PC security ?

And unless your livelyhood depends on pleasing studios with more and more DRM, I don't see why PC security risk should be downplayed, like you are doing here.

BTW, per se, I've nothing against BD+. I'e earlier indicated that if a known PC security company (like norton) were to write and maintain BD+ code that will be on all BD discs, I might even accept it on a HTPC. Not some company that thinks it is okay to roast the PC in an effort (that too feeble) to secure their content ....

PC security risk = National Security Risk (according to homeland security). Forget about DRM ... that can actually result in real nuclear secrets being stolen. Or have you forgotten about "since nobody has heard about rootkit, it is not a problem" kind of mentality that some BD group members have ? How can you trust those guys to do the right thing when it comes to PC security ?

And unless your livelyhood depends on pleasing studios with more and more DRM, I don't see why PC security risk should be downplayed, like you are doing here.

BTW, per se, I've nothing against BD+. I'e earlier indicated that if a known PC security company (like norton) were to write and maintain BD+ code that will be on all BD discs, I might even accept it on a HTPC. Not some company that thinks it is okay to roast the PC in an effort (that too feeble) to secure their content ....

Following through on your concerns about PC security, could anyone trust Microsoft after their track record?

Following through on your concerns about PC security, could anyone trust Microsoft after their track record?

I guess not many - other than the 1B or so people :p

PC security risk = National Security Risk (according to homeland security). Forget about DRM ... that can actually result in real nuclear secrets being stolen. Or have you forgotten about "since nobody has heard about rootkit, it is not a problem" kind of mentality that some BD group members have ? How can you trust those guys to do the right thing when it comes to PC security ?

Nataraj, again... I'm simply speaking to the topic. BD+ is DRM. It's potentially strong DRM, and that is a bonus for the studios if the day comes (which is the topic of debate). I'm not making a judgement as to whether BD+ makes the world a safer place; were that thread set up, believe me I wouldn't be in there defending this thing. And that thread has actually been done already a couple of times if I recall. But the entire premise of debate here is whether it is 'weak' or not, not whether it is 'dangerous' or not.

And unless your livelyhood depends on pleasing studios with more and more DRM, I don't see why PC security risk should be downplayed, like you are doing here.

I'm not downplaying it at all. It is a risk to PC security. However, at the same time that it totally irrelevant to the topic.

BTW, per se, I've nothing against BD+. I'e earlier indicated that if a known PC security company (like norton) were to write and maintain BD+ code that will be on all BD discs, I might even accept it on a HTPC. Not some company that thinks it is okay to roast the PC in an effort (that too feeble) to secure their content ....

Norton... Believe me when I say I view Norton as a virus itself.

Listen, again this thread isn't about what's going to make your HTPC experience a pleasant one. I sympathize with your concerns, but it's a dead horse. The thread is about whether that 'too feeble' comment you made is indeed accurate or not. In fact, IMO it's not even about that... because even were it to be feeble, it's *still* non-zero in its benefits to studios, which means among studios - not hardware makers, not consumers - among studios... it is an advantage to have security-wise over formats that don't.

This conversation is all filler IMO until Amir drops the bomb with the BD+ 'scoop,' but I'm happy to hold until then. As far as I'm concerned, from a piracy perspective there's no reason I've yet heard to view BD+ as 'fluffy.'

I guess not many - other than the 1B or so people :p

The old stanby: Correlation does not imply causation.

Give those same billion people a poll as to their thoughts on MS and security, and then we'll talk.

I guess not many - other than the 1B or so people :p

Indeed, so why should any bungle be of any significance, if one particular company could get away with multiple? Let me know if you need a hint.

I guess not many - other than the 1B or so people :p

Lol, thanks for the laugh. Considering I've spent the last few days removing no less than 200 viruses and 50 spyware apps from a Windows XP machine, your comments are very funny.
People use Windows because there is no real alternative, not because they trust it.

If movies can be copied readily, HD DVD will die. Same thing will happen to BD. The leakage has to be small enough to be tolerated. Today, we have an example of this with ICT where full resolution analog output is allowed. There is already equipment to capture that signal but by the time you recompress it and use it, the hassle factor becomes high enough that you do not lose significant amount of sales. Hence the reason the flag is not set today. The cost benefit ratio is not right to do so, given the angry reaction of early adopters and now, making Xbox 360 less functional.


Interesting, I once helped develop one of the very 1st identity fraud detection systems for one of the big 3 credit agencies and the same principals are applied. At a certain point inconvenience to the end user and cost of implementation will trump absolute security.

The basic premise of cost/benefit "appropriate level of deterrence" is used in practically all piracy/fraud detection systems. In fact it's used in deterring crime in general, since only *some* criminals are ever caught in most any area of concern and law enforcement itself works on a finite set of resources.

Interesting that you use ICT as an example because it implies that early adopter reaction was key in mitigating the use of ICT but that is only because the effects of ICT were publicly known in time for consumers to register a concern.

In the case of a DRM system like BD+ the public cannot register concern since not enough is disclosed to deduce any possible adverse results. Perhaps that's the beauty of such a DRM, unimplemented and with details remaining secret it can always be held up as as a potential benefit, a trump card to played at some point but nothing to worrry about at any point.

Perhaps the dvd forum should create some secondary DRM layer and define it only in vague terms which can't be criticized. It could be used in marketing efforts and may never even need to be actually implemented. At the worst case something may actually have to be developed and implemented at some future point and at the best case it's marketing genuis making all concerned feel much more 'secure' against the bad guys ;)

Perhaps the dvd forum should create some secondary DRM layer and define it only in vague terms which can't be criticized. It could be used in marketing efforts and may never even need to be actually implemented. At the worst case something may actually have to be developed and implemented at some future point and at the best case it's marketing genuis making all concerned feel much more 'secure' against the bad guys ;)

Dahlsim the reason why this situation is not analogous... and indeed doesn't even make sense... is because BD+ is being marketed towards the studios - or we'll just say FOX - by an industry group; and the studios themselves take a role in crafting said spec and it's implementation. Hell it's not even being marketed at all. The theory behind BD+ was well known and understood, FOX just asked that it 'happen' to secure their allegiance. It's not like these are marketing firms selling the public Cheetos*; these are large corporations setting their own agendas.

* (Cheetos is a registered trademark of the Frito-Lay corporation)

* (Cheetos is a registered trademark of the Frito-Lay corporation)

LOL!

As the owner of both formats, what disturbs me even more, is people like Petra unable to contain all the pent up excitement over this possible crack. They can spin it anyway they want, but they are more than "happy" about this. Good lord people, your acting like your life depends on this. Sad very sad.

Market growth without profit is useless.
Mostly true but not if the intention is to grow (while haemmoraging money as the xbox did/does) until no competition is left in the market, thus giving the company economies of scale and the freedom to initiate monopolistic practices.

Dahlsim the reason why this situation is not analogous... and indeed doesn't even make sense... is because BD+ is being marketed towards the studios - or we'll just say FOX - by an industry group; and the studios themselves take a role in crafting said spec and it's implementation. Hell it's not even being marketed at all. The theory behind BD+ was well known and understood, FOX just asked that it 'happen' to secure their allegiance. It's not like these are marketing firms selling the public Cheetos*; these are large corporations setting their own agendas.

* (Cheetos is a registered trademark of the Frito-Lay corporation)

My post was somewhat tounge in cheek but I do find analogous elements here.

I understand Studios/content owners are the target market here for DRM as a product, but there's often more than 1 layer of 'user' for products. Studios here are the direct potential users of the DRM, to protect their content. Users often play some role in the design & crafting of custom software so the Fox role is not unusual.

Consumers are not the direct users of ICT either, the implementation of the ICT *feature* though is for benefit of Studios clearly affects consumers who are the end users of the products. Would BD+ affect legitimate consumers in any way? Ideally I'm sure it should not but even savvy consumers can't analyze that due to it's a stealthy nature.

I'm simply saying perhaps such a secrect DRM layer could be useful for the dvd forum in marketing to studios as well. :)

xbdestroya

ROM-Mark also is a big plus, something that I feel I must consistently highlight in this thread.

And to that I answer: they consider security. In that setting, ROM-Mark provides a very real advantage. No, not against 'ripping' though.

Just had a mental break through on why ROM-Marking won't work.

Commercial Pirates simply won't mark their discs as ROMs. From my "professional knowledge" of optical disc manufacturing (recordable and pressed) i see no technical reason why a pressed discs cannont be ID'd as a recordable disc thus bypassing the entire ROM Marking protection system.

This is esentially an inverse system to what is used to plack backup games on the xbox 360.

For those tha care I am not a industry insider, but my "professional knowledge" comes from a background in managing the importation and quality control of recordable DVDs, preparing master tapes for commercial production of DVDs, and have experimented in copy protection methods for recordable discs (notable forced crc errors).

PS (my partner makes me point this out to people).

"proof is in the pudding." is a nonsensical phrase. it should be "The proof of the pudding is the eating." ;)

I would not be at all surprised if the only long term available PC hi def shiny disc player app software will have to run on the 64 bit Windows Vista OS that only uses signed (http://www.osnews.com/story.php?news_id=13388) drivers (ones that have kernel mode access). Slashdot has an interesting discussion going on about how to prevent debuggers gaining access to critical player sw memory by using TPM, etc. If PowerDVD and/or WinDVD (who do both BD and HD DVD) really did expose the disc title keys to being sniffed out, then all the current released titles for both BD and HD DVD might have their keys published on P2P. What is that? 150+ for HD DVD and 100+ for BD? Future disc title keys could be protected by revoking the existing Windows XP sw players' keys.

AACS will have to do due diligence to protect disc title keys from ordinary expert power users. Getting MMC out would remove one of the major reasons/rationals for these ordinary users to go to using P2P networks to grab title keys.

Big commercial pirates can always modify a display and do a last minute A/D capture of the video and audio. And then use HD DVD format to stamp out discs (since HD DVD does not require the BD ROM watermark). Bigger market reason for low cost chinese HD DVD players.

Just had a mental break through on why ROM-Marking won't work.

Commercial Pirates simply won't mark their discs as ROMs. From my "professional knowledge" of optical disc manufacturing (recordable and pressed) i see no technical reason why a pressed discs cannont be ID'd as a recordable disc thus bypassing the entire ROM Marking protection system.

It's not a matter of choice. All BD stamping equipment by default includes the ROM-Mark; it's not 'opt in'... and frankly it's not 'opt out' either. If you're pressing, the mark is there.


Big commercial pirates can always modify a display and do a last minute A/D capture of the video and audio. And then use HD DVD format to stamp out discs (since HD DVD does not require the BD ROM watermark). Bigger market reason for low cost chinese HD DVD players.

Yeah that would work, and I think the idea has been floated before in this thread. Granted, I don't think that does anything further to endear the studios to HD DVD were it to happen.

Lol, thanks for the laugh. Considering I've spent the last few days removing no less than 200 viruses and 50 spyware apps from a Windows XP machine, your comments are very funny.
People use Windows because there is no real alternative, not because they trust it.

You know, as a Network Engineer and a PC Tech, I always find blaming Microsoft for users surfing porn and opening up spam and contracting viruses and spyware funny. Because most of my clients are companies and small corporations, I teach these people how to use their computers. Oh, and I equip them with the tools to fight those things. And as it turns out, I'm thankfully spending my time on other things and not cleaning people's computers.

200 viruses?? Damn, you might want to find out where that person was surfing. Because anyone who got 200 viruses and 50 spyware apps is doing some serious web surfing where they shouldn't be. But don't blame them. Blame Microsoft. That's easier. ;)

And I thought Macs were the Windows killers? Wait, or was that Linux? OS/2 Warp maybe?

Lol, thanks for the laugh. Considering I've spent the last few days removing no less than 200 viruses and 50 spyware apps from a Windows XP machine, your comments are very funny.
People use Windows because there is no real alternative, not because they trust it.

Did you tell the person "to use protection" next time??

You know, as a Network Engineer and a PC Tech, I always find blaming Microsoft for users surfing porn and opening up spam and contracting viruses and spyware funny. Because most of my clients are companies and small corporations, I teach these people how to use their computers. Oh, and I equip them with the tools to fight those things. And as it turns out, I'm thankfully spending my time on other things and not cleaning people's computers.

200 viruses?? Damn, you might want to find out where that person was surfing. Because anyone who got 200 viruses and 50 spyware apps is doing some serious web surfing where they shouldn't be. But don't blame them. Blame Microsoft. That's easier. ;)

And I thought Macs were the Windows killers? Wait, or was that Linux? OS/2 Warp maybe?

Eh, porn is the birth right of internet noobs and nerds !! It is a travesty that MS cannot ensure safe and secure access to the most base entertainment without the fear of contracting viruses and worms..

It is also human instinct to want to poke at unfamiliar things. Once again, MS is to blame for not protecting me against my own idiocy.

It's not a matter of choice. All BD stamping equipment by default includes the ROM-Mark; it's not 'opt in'... and frankly it's not 'opt out' either. If you're pressing, the mark is there.

In that case then how does ROM Marking provide any protection?

Once again, MS is to blame for not protecting me against my own idiocy.

Sure. Lets blame the car companies for all the accidents ... ;)

BTW, can we get back on topic .... ?

Right, but if you were using OS X, Linux, or OS/2... you could be an idiot all you wanted and not come out of it completely infested.

The point is not that Windows is to blame for peoples viruses, because it's not; the people themselves are usually to blame. The point is that Nataraj was being ridiculous by equating Windows to security, and saying that 1 billion people are running it due to the ease with which said security helps them sleep at night.

In that case then how does ROM Marking provide any protection?

The base premise is simply this: every piece of stamping equipment has a unique ID associated with it. If you do counterfeit, those discs can be traced directly back to the individuals that bought the replicator from whence said copies came from. And of course, they will then be tracked down and prosecuted.

Couple this to the fact that a lot of the illicit DVD replication operations take place at night in factories that have otherwise legitimate operations during the 'day,' and the risk of losing all ability to produce discs and your shirt along with it looms pretty large.

The base premise is simply this: every piece of stamping equipment has a unique ID associated with it. If you do counterfeit, those discs can be traced directly back to the individuals that bought the replicator from whence said copies came from. And of course, they will then be tracked down and prosecuted.

Couple this to the fact that a lot of the illicit DVD replication operations take place at night in factories that have otherwise legitimate operations during the 'day,' and the risk of losing all ability to produce discs and your shirt along with it looms pretty large.
Rather informative post, dude. thanks

The base premise is simply this: every piece of stamping equipment has a unique ID associated with it. If you do counterfeit, those discs can be traced directly back to the individuals that bought the replicator from whence said copies came from. And of course, they will then be tracked down and prosecuted.

Couple this to the fact that a lot of the illicit DVD replication operations take place at night in factories that have otherwise legitimate operations during the 'day,' and the risk of losing all ability to produce discs and your shirt along with it looms pretty large.

I believe you are correct about unique ID's in stamping machines, but this is not ROM Mark. The ROM mark contains information required to decrypt the disc, but the data is hidden in such a way that a special machine is required to embed the signal in the disc. It is designed to make it difficult to copy a disc "bit for bit" even with professional skills and equipment. Only licensed authorized replicators can obtain ROM mark equipment.

It's not a matter of choice. All BD stamping equipment by default includes the ROM-Mark; it's not 'opt in'... and frankly it's not 'opt out' either. If you're pressing, the mark is there.



Yeah that would work, and I think the idea has been floated before in this thread. Granted, I don't think that does anything further to endear the studios to HD DVD were it to happen.

Once bits are in the open pirates can push to other formats anyway, FVD (http://www.theregister.co.uk/2005/11/30/fvd_volume_production/), VMD (http://www.reghardware.co.uk/2006/05/08/nme_vmd_us_launch/), EVD (http://www.reghardware.co.uk/2006/12/07/china_unveils_54_evd_players/) etc. esp. in other countries.

I believe you are correct about unique ID's in stamping machines, but this is not ROM Mark. The ROM mark contains information required to decrypt the disc, but the data is hidden in such a way that a special machine is required to embed the signal in the disc. It is designed to make it difficult to copy a disc "bit for bit" even with professional skills and equipment. Only licensed authorized replicators can obtain ROM mark equipment.

Paidgeek, thanks for the additional insights. Let me ask you if you know; is the mark associated with... an identifier for the equipment that embeds it, the production run itself, the film, a multiple of these, or simply something that must be present in a pressed disc for playback? I understand that the latter is the key anyway via licensed equipment, but what I'm wondering is if there are any forensic indicators associated with the marks.

Once bits are in the open pirates can push to other formats anyway, FVD (http://www.theregister.co.uk/2005/11/30/fvd_volume_production/), VMD (http://www.reghardware.co.uk/2006/05/08/nme_vmd_us_launch/), EVD (http://www.reghardware.co.uk/2006/12/07/china_unveils_54_evd_players/) etc. esp. in other countries.

No argument there. But at the same time, among wealthy first-worlders looking for Blu-ray discs to play on their BD players, a lack of BD fakes will be of direct benefit to the studios. You're not on the streets of NYC looking for BD films and you walk away with an EVD instead, y'know?

Actually, I am willing to discuss fair amount. And I will do so with a more extensive posting here later. It would be great if paidgeek engages but something tells me it is difficult for him/her to do so....

Amir, I have to give you some solid props on this. Good or bad you are much more open to discussion and replies the paidgeek.

Its funny, but to me you too almost personify the formats you represent.

Amir, I have to give you some solid props on this. Good or bad you are much more open to discussion and replies the paidgeek.

Its funny, but to me you too almost personify the formats you represent.Learn what an NDA is, please.

Given Amir's track record here, which I've been following for more than a year, I personally believe it is highly unlikely that Amir will give us an accurate description of BD+.

The old stanby: Correlation does not imply causation.

Give those same billion people a poll as to their thoughts on MS and security, and then we'll talk.


Hate to go off topic but "security" is one of the best illusions out there. As long there is a financial stake in finding exploits for majority leaders in their respective fields, there will be those who flock towards it.

If OSX or some other Linux form became the maketshare leader tomorrow, you'd all of a sudden find "windows" to be more secure and Linux to be more open. It's very simply a numbers game. People who plan to make a living off exploits will target the systems with the highest user rate. We're not talking script kiddies. We're talking people who sell exploits on the black market/

Back on topic:
While BD+ is DRM, there is also a chance that BD+ being exploited could have the hacker bypassing AACS protection completely and backdooring the content out. Until we see BD+ in action (let's get those specs finalized first eh?) on public releases for some time, we can only make stuff up about it. Add with the limited info and all the secrecy around a lot of BR associations, one side is no more right or wrong than the other.

Learn what an NDA is, please.

Given Amir's track record here, which I've been following for more than a year, I personally believe it is highly unlikely that Amir will give us an accurate description of BD+.

I don't know....he was pretty right on a lot of the BD-J/BD-Live info even when constantly slammed from the "Rob Zuber's" of the world......

ignore.

The ROM mark contains information required to decrypt the disc, but the data is hidden in such a way that a special machine is required to embed the signal in the disc. It is designed to make it difficult to copy a disc "bit for bit" even with professional skills and equipment. Only licensed authorized replicators can obtain ROM mark equipment.

So can one press a BD compatible disc without a ROM Mark?

So can one press a BD compatible disc without a ROM Mark?

Without a ROM-Mark, a pressed disc will not play in a BD playback device.

The base premise is simply this: every piece of stamping equipment has a unique ID associated with it. If you do counterfeit, those discs can be traced directly back to the individuals that bought the replicator from whence said copies came from. And of course, they will then be tracked down and prosecuted.

Couple this to the fact that a lot of the illicit DVD replication operations take place at night in factories that have otherwise legitimate operations during the 'day,' and the risk of losing all ability to produce discs and your shirt along with it looms pretty large.

According to this whitepaper by Phillips
http://www.ip.philips.com/download_attachment/5759/pitoresc_bdrommark.pdf

The movie industry in particular has called for an effective copy protection solution. A key element in providing such solution lies in the combination of the BD-ROM Mark with the use of state-of-the-art encryption technology The BD-ROM Mark is a physical mark that will be present on all BD-ROM discs with prerecorded audio-visual content. The ‘payload’ of the mark is a 128-bit key, without which
the encrypted content on the disc cannot be decrypted. The effectiveness of the BD-ROM Mark is based on the fact that it cannot be copied by disc
recorders.

The encryption scheme, together with the BD-ROM Mark will protect content against consumer level copying, including bit-to-bit copies. Additionally BDROM
Mark will provide an answer to the problem of professional and semi-professional copying, which today represents a major threat to the revenues of the
publishing industry.

To maximize security in the manufacturing stage, the BD-ROM Mark can only be applied using equipment available to licensed BD-ROM disc manufacturers. And to ensure effective copy protection on a continuing basis, the license for insertion of the BDROM Mark is renewable at intervals to be determined by the authorization body. This provides an effective level of protection against situations such as theft of mastering equipment.

I have often seen the mark described as a unique ID on the stamper but I haven't seen any spec or paper to back that up and other whitepapers like the one above are seem to contradict that description. The reference to mastering equipment would seem to indicate the mark is a part of the master not the stamper.

You know, as a Network Engineer and a PC Tech, I always find blaming Microsoft for users surfing porn and opening up spam and contracting viruses and spyware funny. Because most of my clients are companies and small corporations, I teach these people how to use their computers. Oh, and I equip them with the tools to fight those things. And as it turns out, I'm thankfully spending my time on other things and not cleaning people's computers.

200 viruses?? Damn, you might want to find out where that person was surfing. Because anyone who got 200 viruses and 50 spyware apps is doing some serious web surfing where they shouldn't be. But don't blame them. Blame Microsoft. That's easier. ;)

And I thought Macs were the Windows killers? Wait, or was that Linux? OS/2 Warp maybe?

At the risk of continuing slightly longer off topic, the machine in question was updated from Win 98 to XP, had no antivirus or firewall in place, and was not running SP1 or 2. Sure I installed a bunch of protection stuff, but considering the machine is on dialup internet its just a losing battle. Try getting XP SP2 at 10 kbytes per sec, not to mention the hundreds of post-SP2 patches.
God knows that the people were surfing to accumulate that much crap.

Microsoft's major security updates to Vista are proof enough that they got it so very very wrong in all prior versions.

Without a ROM-Mark, a pressed disc will not play in a BD playback device.

Are you sure? Only questioning as your previous description of what ROM Marking is was somewhat wrong.

According to this whitepaper by Phillips
http://www.ip.philips.com/download_attachment/5759/pitoresc_bdrommark.pdf

I have often seen the mark described as a unique ID on the stamper but I haven't seen any spec or paper to back that up and other whitepapers like the one above are seem to contradict that description. The reference to mastering equipment would seem to indicate the mark is a part of the master not the stamper.

Ok, now why don't people read through the thread before they hit the reply button? ;)

Yeah Namechamps what I understood it to be, was a 'watermark' associated with the production line/equipment from whence the discs came; sort of what you linked to, only the first two paragraphs. Paidgeek then corrected me saying that the Mark is actually applied by an additional tool (available only to the trusted), and now your link provides another aspect by pointing out that said tool has a license key that must in fact be updated at rgular intervals in order to continue putting out valid ROM-Marks. I'm not sure that the Mark itself is associated with the master though so much as mastering equipment without said tool/license is essentially useless.

I'm still curious to know if the ROM-Mark includes any sort of forensic information as to it's origins, but good find there.

Are you sure? Only questioning as your previous description of what ROM Marking is was somewhat wrong.

I'm sure; that's the entire premise of the technology in the first place.

And hey if you want reconfirmation, then you've already got it. Requirement for playback on BD devices is actually what this sentence of Paidgeeks means:

The ROM mark contains information required to decrypt the disc...

Yes, but if the disc isn't encrypted then the ROM Mark isn't required?

Yes, but if the disc isn't encrypted then the ROM Mark isn't required?

I see your angle there. When I prior thought that the ROM-mark inclusion was an inherent part of the BD stamping process, I would have told you that it didn't even matter. However as Paidgeek pointed out that it's a step in the chain of production on a seperate device, and you're talking about stamping an already decrypted image, I think that's a good question.

Barring an immediate answer to this, what we would need to know is:

1) To what extent can the stamping process and 'Mark'ing process be independent of one another in BD replication?

and

2) Assuming they can in theory be fully independent: will a BD playback device differentiate and expect a ROM-Mark (and thus not play) when fed a non-Mark'd, non-encrypted pressed disc... as opposed to an individually authored burned disc?

These questions are technically very simple; unfortunately for definitive answers we just sort of have to wait for folk with 'yes/no' type knowledge to drop by and provide some answers. Hopefully Paidgeek knows and can answer; that would certainly be easiest!

Pretty much everything about BD+ and BD-ROM Mark that's not under lock and key (well, a good lock and key) has been posted here, numerous times. Even pretty pictures.

To answer some of the above, though, a BD-ROM Mark is applied via a licensed black box bolt-on to Blu-ray optical mastering equipment. And yes, because each black box is assigned to a replicator by the BD-ROM Mark licensing entity (ironically 3C as it exists today, AKA Sony, Philips and MEI), each black box has a unique signature, so if a licensed install becomes, um, compromised, 3C knows where to go looking.

The BD-ROM Mark exists (1) to keep unlicensed entities (AKA pirates) from replicating discs that can be played back in BD-ROM devices and (2) to stop casual bit-for-bit copies of BD-ROMs to BD-R/REs. And yes, *all* commercial BD-ROMs are required to be authored with a BD-ROM Mark and *all* BD-ROM players are required to react to the non-presence of a BD-ROM Mark on a BD-ROM.

As for BD+, well...

The VM supports 60 instructions with a mere 100 LOC. Tiny. It works by performing a media transform function--based on a fixup table (FUT) loaded from the BD+ scrambled disc--in realtime, *after* the AACS decryption phase. In other words, the post-AACS decrypted A/V stream that has been intentionally corrupted in the authoring phase has FUT corrections applied, yielding a usable/viewable/listenable A/V stream. It can also be used for forensic marking to identify the source of illegally distributed content. The API supports player environment checking and--dum, dum, dum--native code execution. In order to subvert BD+, according to the BDA, one must first overcome the AV content security system (e.g. extract AACS keys) and second overcome the title-specific security code (e.g. reverse engineer the security code).

There are three levels of BD+ deployment: transform code, using a FUT as noted above, which can be included on any title; basic countermeasure, a BD+ response to a known hack (after a hack study has been carried out by the content provider and confirmed by the player manufacturer) that tries to foil the hack; and, finally, the piece de resistance, advanced countermeasure, where BD+'s ability to load native code is used to run code directly on the player host process, deployed only after a basic countermeasure has failed. Despite what the BDA says in the press, advanced countermeasures can brick devices--that's the point. To protect against false positive countermeasures, BD+ supports the concept of a BD+ Key, to cryptographically differentiate a target, hacked player from a non-hacked, legitimate player.

As of yet, BD+ content code has not been used on any BD-ROM title. It's not yet licensable in terms of a CPA.

The BD-ROM Mark exists (1) to keep unlicensed entities (AKA pirates) from replicating discs that can be played back in BD-ROM devices and (2) to stop casual bit-for-bit copies of BD-ROMs to BD-R/REs. And yes, *all* commercial BD-ROMs are required to be authored with a BD-ROM Mark and *all* BD-ROM players are required to react to the non-presence of a BD-ROM Mark on a BD-ROM.

Do bit-for-bit copies of HD DVD's work?

Also, it seems that if pirates could use this purported crack to get plain text movies and rom mark stopped them from selling them on BD's then they could just burn the cracked movies to HD DVD's instead, and sell them that way. Does anything stop this?

- Tom

Alex, thanks for a very insightful post. I would like to add to the question above. When the BD content gets finally copied bit-for-bit, what is preventing the pirates from burning the movie to a BD-RE? How will the players recognize a copied BD movie from a home movie burnt to BD recordable media? Why does everyone think the pirates need to make commercial stamped movie discs from the compromised titles instead of distributing them on recordable media?

Alex, thanks for a very insightful post. I would like to add to the question above. When the BD content gets finally copied bit-for-bit, what is preventing the pirates from burning the movie to a BD-RE? How will the players recognize a copied BD movie from a home movie burnt to BD recordable media? Why does everyone think the pirates need to make commercial stamped movie discs from the compromised titles instead of distributing them on recordable media?
Mass pirating costs too much unless you use stamped media.

Paidgeek, thanks for the additional insights. Let me ask you if you know; is the mark associated with... an identifier for the equipment that embeds it, the production run itself, the film, a multiple of these, or simply something that must be present in a pressed disc for playback? I understand that the latter is the key anyway via licensed equipment, but what I'm wondering is if there are any forensic indicators associated with the marks.

The ROM mark contains a key that is needed to complete crypto decoding of AACS. Data is stored elsewhere on the disc that identifies the replicator and content company.

The ROM mark contains a key that is needed to complete crypto decoding of AACS. Data is stored elsewhere on the disc that identifies the replicator and content company.

Hi Paidgeek,

Could you give us sort of a work flow in terms of how the various DRM schemes AACS, BD+ and ROM-Mark depend on and interact with each other?

Psssh! I had it 90% correct from the beginning then anyway; just didn't realize the 'Marker' box was an add-on to the mastering equipment rather than integral to said equipment. Thanks Amillian and Paidgeek for casting it all into concrete though. :)

@trbarry: Lot's of your questions have already been answered if you read through the thread I'm sure, but yes, a compromised BD image could be stamped onto HD DVD.

At the risk of continuing slightly longer off topic, the machine in question was updated from Win 98 to XP, had no antivirus or firewall in place, and was not running SP1 or 2. Sure I installed a bunch of protection stuff, but considering the machine is on dialup internet its just a losing battle. Try getting XP SP2 at 10 kbytes per sec, not to mention the hundreds of post-SP2 patches.
God knows that the people were surfing to accumulate that much crap.


At the risk of staying on this for a second because the pissing match going on between everyone on BD+ despite no one yet producing proof an HD DVD has been duplicated and played an a standalone machine is starting to get a little boring, I realize all that. I was merely saying it's still not Microsoft's fault these people used their computer for improper means. I liken it to people suing car manufacturers for making a car go fast enough to get pulled over by radar.

Yes, Vista does a lot with security that they didn't do in past OS's. But security breaching wasn't as complex back in the 98 days either.

And reloading a Windows 98 machine took a mere 25 minutes. Those were the days! :)

@trbarry: Lot's of your questions have already been answered if you read through the thread I'm sure, but yes, a compromised BD image could be stamped onto HD DVD.
The disc wouldn't work. It would have to be reauthored.

AFAIK, the disc wouldn't work. It would have to be reauthored.

Right, but there's no significant barrier to doing that. The key point is that a pirated BD movie could end up on stamped HD DVDs, but to end up on stamped BD's is a great deal harder.

Right, but there's no significant barrier to doing that.
If you're going to reauthor a disc, you don't even need to decrypt it in the first place.

I have often seen the mark described as a unique ID on the stamper but I haven't seen any spec or paper to back that up and other whitepapers like the one above are seem to contradict that description. The reference to mastering equipment would seem to indicate the mark is a part of the master not the stamper.

you are miss reading what Philips said. Also the plan was moded a bit.

the rom mark is the equivalent of a finger print on the disk. That finger print is then numerized and you get a 128 bit key. The original plan (latter dropped) was that during the mastering the content would get the equivalent of that 128 bit key. So if the disk had value X the disk had value X and the player would play the disk if it got X from both of them (i.e. if the disk was made on line Y and the master for line Z the player would reject the disk because Y is not Z). This plan was later dropped because studios and replicators complained. It ended up locking both of them into replicating on particular lines.


Here are some examples of the issues raised
1) the replicator created the master for line 1 but line 1 brakes and it will be several days before it gets repaired, he would need to pay for a new master
2) the replicator created a master for line 1 thinking it would be available earlier on then 2 but the movie that was previously in line for one had some delays and 2 got freed up first, the replicator has wasted time
3) A studio made three masters for three lines 1,2 and 3 now all the movies have sold out and they want some more copies what if 1,2 and 3 won’t be available for some time but 4 will be idle much earlier, who pays for the new master?
4) A studio makes a master for replicator X, a bit later they change to go with Y , what happens? All their masters are no more good.

The ROM mark is still there (physically on the disk) but the link to the master is broken. All player will do is look if there is a ROM mark on the disk (indicating it is a ROM disk) and in cases where illegal ROMs are created the BDA can check the ROM mark and find out who manufactured it.

If you're going to reauthor a disc, you don't even need to decrypt it in the first place.

Ok I think we may be going in circles around each other here, so let me put forth the scenario I'm talking about, and you tell me the parts you feel are superfluous.

I'm saying that in a situation where AACS (and BD+ if in effect) has been compromised, you could pull a decrypted BD disc image, reauthor for HD DVD, and ultimately begin a mass replication effort on HD DVD.

So can we get confirmation if ROM marking definetly adds a second layer of encryption to a BD disc? I.e. it's more than a ID tag.

If yes to the above, does the decryption using the ROM Mark key take place within the optical drive?

So can we get confirmation if ROM marking definetly adds a second layer of encryption to a BD disc? I.e. it's more than a ID tag.

no, not encryption. Think of it like region coding on DVD. The first thing a player does (on an AACS encrypted title) is look for confirmation that it is a ROM disk. The same way that the first thing a DVD does is make sure the RC on the disk matches the RC on the player

thanks Alex and PG for great posts. I do think now that studios will feel a lot more secure with Rom Mark wrt mass piracy. If AACS is cracked at some future time, how will the mgmt of HD-DVD-releasing studios justify their support?

If AACS is cracked at some future time, how will the mgmt of HD-DVD-releasing studios justify their support?

Sales figures. If it makes a profit and shows acceptabel growth then i doubt any studios would drop the format.

OK, this is "Amir on drugs." Let me know if you like him better this way. If so, I can add Vicodin to my daily regiment (although I would have to figure out what to do with the constant drool over the keyboard). :D

Anyway, looks like Alex and Archibael have stolen some of my thunder :). Fortunately, Alex’s post reiterates facts in public regarding BD+ which I am going to use in this post so no concern about NDAs here.

One of the key things to understand here is “separation of church and state” between AACS and BD+. As AACS is format neutral, and has different governance than BDA, the two subsystems by explicit agreement between the two orgs, must and do run independently. This is true both from technical and business point of view. This will become important later on.

Second, I am going to treat BD+ as a black box and not talk about what it does as it runs its programs. There are issues involved there but are immaterial to point I am trying to make here.

Now, let’s talk about the system at a high level. For BD+ to provide secondary level of protection, what comes out of the AACSs system must still be obscure. Otherwise, BD+ wouldn’t be able to protect anything beyond AACS. I hope we all agree on this key point, especially those promoting the added value of BD+ here.

Given the above and independence of the two subsystems, here is how the system works. The a/v stream is first “obfuscated” (as opposed to encrypted) by BD+ engine. The modified stream is then encrypted by AACS. The resulting stream is then packaged and put on disc. So what is on disc is the combination of both systems manipulating the stream in sequence.

At decode time, the inverse happens. AACS decrypts its stream and then hands over the obfuscated bits to BD+. BD+ then does its inverse logic to create the compressed streams ready to be decoded and played.

Everyone agree so far? Pretty simple and logical but key to the argument.

Now, here is where theory and practice create two different worlds. In theory, one would assume that two locks are better than one. In practice though, both locks have one key: BD+. Reason is simple. All a hacker has to do is go after BD+. Once he/she is able to break that component, one has full access to the a/v stream at that point. In other words, there is no reason or requirement to break AACS. AACS has done its job and is out of the picture by the time BD+ sees the stream. So capturing the output of BD+, gives you everything you need, and there is no need to break AACS.

This is why the Mark Knox like of "BD+ closes one door, but opens many windows" came from. BD+ creates new attack points which do not exist in an AACS-only system.

Should the above occur, it actually creates a nasty logistical situation. Since AACS is not hacked in this circumstance, revoking keys and such does no good. The licensee would not go for it anyway as that subsystem has not been attacked. Nor would it result in fixing the problem because the break is not occurring at AACS level. We will have a situation where an AACS stream is compromised, yet AACS is powerless to deal with it. The separation between the two orgs per above, makes management of such breaches much more complicated than it would be otherwise.

As you see, while on paper BD+ seems to provide secondary level of protection, in practice, at best it changes one set of locks for another. As such, the prudent way to look at BD+ is NOT to think of it as additional protection, but as a set of tools for content owners to implement other forms of content protection, such a more robust region control, etc.

AACS has done its job and is out of the picture by the time BD+ sees the stream. So capturing the output of BD+, gives you everything you need, and there is no need to break AACS.When playing HD-DVD in Windows Vista, is there not software and hardware involved after AACS has done it's thing?

When playing HD-DVD in Windows Vista, is there not software and hardware involved after AACS has done it's thing?
Good question :).

Nothing in Vista automatically provide such a service (contrary to internet reports stating otherwise). There is a new infrastrcture in Vista to make it more difficult to dump memory or intercept interfaces between modules, should the application choose to use it (alas, to my knowledge, none of the BD/HD DVD players use this infrastructure yet).

The ideal system would build AACS using the new functionality in Vista to gain additional safeguards against some attacks. In that sense, you are right that BD+ could also be put in the same airlock to make it more robust. But in that respect, is is no more secure than AACS would be in the same circumstance. If someone is able to hack AACS in this new infrastructure, they can use the same technique with BD+.

Now, here is where theory and practice create two different worlds. In theory, one would assume that two locks are better than one. In practice though, both locks have one key: BD+. Reason is simple. All a hacker has to do is go after BD+. Once he/she is able to break that component, one has full access to the a/v stream at that point. In other words, there is no reason or requirement to break AACS. AACS has done its job and is out of the picture by the time BD+ sees the stream. So capturing the output of BD+, gives you everything you need, and there is no need to break AACS.


Ok - I agree with everything you said up to this point. This vulnerability assumes that its somehow easy to intercept the "post-AACS/pre-BD+" signal path and then, by breaking BD+, decode it.

What I don't understand is why that is any different than saying a hacker could simply intercept the post-AACS signal path from an HD-DVD player and then their job is done?

Why is the AACS-->Output pathway somehow less vulnerable than the intermediate AACS-->BD+ pathway that you imply would be simple for a hacker to grab? Is it because in an HD-DVD player the Decode/Output happens inside silicon and on BD it has to go through a bus somewhere?

And if the pathways are equally vulnerable to interception, that it seems like there's little reason to both with EITHER of the locks and pirates will just make a hacked player to pilfer its bits.

^ The correct term is Cracker not Hacker.
http://en.wikipedia.org/wiki/Cracker_%28computing%29

What I don't understand is why that is any different than saying a hacker could simply intercept the post-AACS signal path from an HD-DVD player and then their job is done?
That end point is indeed very vulnerable and must be protected well. The claim was that BD+ would make the overall level of protection available in the system to be higher than AACS alone. As I have explained, there is no added protection here. Both systems can be equally subject to attack, if they use comparable level of security in their implementations.

Why is the AACS-->Output pathway somehow less vulnerable than the intermediate AACS-->BD+ pathway that you imply would be simple for a hacker to grab? Is it because in an HD-DVD player the Decode/Output happens inside silicon and on BD it has to go through a bus somewhere?
For the purposes of this discussion, and to be 100% fair, one has to assume that whatever measures are available to AACS, would also be available to BD+. So it would not be fair for me to say that AACS would be in hardware, but BD+ in software. The pipeline would not allow this anyway as BD+ must happen after AACS.

Having said this, putting BD+ down low in the output hardware kind of screws things up architecturally as it needs to read and execute programs on disc and would seem very kludgey to see some GPU having APIs to read BD disc structure and such. But I can imagine a system still being built this way, while not very pretty :).

And if the pathways are equally vulnerable to interception, that it seems like there's little reason to both with EITHER of the locks and pirates will just make a hacked player to pilfer its bits.
Such is life in software land :). One has to keep updating the system and make it harder and harder for people to reverse engineer it. As such, I much rather have one system to keep secure than two, with the weakest link compromising the other. The worst case scenario is a hacker showing both being broken at once. Now you have double the development/test time to make both subsystems secure. That would make life more miserable than would already be.

The other thing to note is the level of countermeasures in the face of breaches in each system. AACS as everyone knows, has many techniques because it is the primary (and currently the only) copy protection for both formats. BD+? What are its countermeasures? What happens when it is hacked? Is its obfuscation technology as good as true encryption?

As such, the prudent way to look at BD+ is NOT to think of it as additional protection, but as a set of tools for content owners to implement other forms of content protection, such a more robust region control, etc.And the same can be said about the new security infrastructure in Vista. There's no reason why this system couldn't be used to enforce "more robust region control" or whatever.

Other post-AACS signal path would have to be approved by AACS to get the master key. Once it is compromised, the key could be revoked by AACS org. But I don't think BD+ is an AACS approved DRM and BD+ doesn't need AACS key to get the post AACS signal. Correct me if I am wrong.
Very correct. BD+ is not an "output protection" technology. And such, it is not part of the approval and management of such signals (as HDCP). BD+ is designed to be transaprent to AACS as not require collaboration between the two orgs.

And the same can be said about the new security infrastructure in Vista. There's no reason why this system couldn't be used to enforce "more robust region control" or whatever.
True. The new features allow any media pipeline to work better in this respect. As you know, there is no region control in HD DVD so there would be no need for it there. But that subsystem could have been used to create a more robust region control for BD, assuming their licensing enforces some level of robustness there (which I believe it does -- paidgeek?)

Given the above and independence of the two subsystems, here is how the system works. The a/v stream is first “obfuscated” (as opposed to encrypted) by BD+ engine. The modified stream is then encrypted by AACS. The resulting stream is then packaged and put on disc. So what is on disc is the combination of both systems manipulating the stream in sequence.

At decode time, the inverse happens. AACS decrypts its stream and then hands over the obfuscated bits to BD+. BD+ then does its inverse logic to create the compressed streams ready to be decoded and played.

Everyone agree so far? Pretty simple and logical but key to the argument.

Now, here is where theory and practice create two different worlds. In theory, one would assume that two locks are better than one. In practice though, both locks have one key: BD+. Reason is simple. All a hacker has to do is go after BD+. Once he/she is able to break that component, one has full access to the a/v stream at that point. In other words, there is no reason or requirement to break AACS. AACS has done its job and is out of the picture by the time BD+ sees the stream. So capturing the output of BD+, gives you everything you need, and there is no need to break AACS.

This is why the Mark Knox like of "BD+ closes one door, but opens many windows" came from. BD+ creates new attack points which do not exist in an AACS-only system.

Amir here's the hole in this argument though, and the reason for which BD+ does provide a material line of defense. We're viewing BD+ as a scheme studios will implement only when AACS itself has been compromised (or some other triggering event occurs). In a world where AACS is already compromised, it does not matter that BD+ provides a vector of attack circumventing it, because in effect it has become the *sole* barrier to entry to begin with.

AACS may be enough, and if so... perhaps we'll never see BD+ put into play.

As I mentioned earlier in the thread, I'm sure even the studios themselves would rather not rely on it if they don't have to. But at least one of them did want the option. And if BD+ does become the defensive line in light of a broken AACS, it is not a weak defense in that the entire encrytption system can be switched up from 'revision' to 'revision' as it gets broken down.

True. The new features allow any media pipeline to work better in this respect. As you know, there is no region control in HD DVD so there would be no need for it there.You're fudging things. With BD+, you're talking about all the things that "could" be done. Here, with HD-DVD, you revert to only talking about the past. Once Vista security is in place, the content industry could decide to something else with it.

Amir here's the hole in this argument though, and the reason for which BD+ does provide a material line of defense. We're viewing BD+ as a scheme studios will implement only when AACS itself has been compromised (or some other triggering event occurs). In a world where AACS is already compromised, it does not matter that BD+ provides a vector of attack circumventing it, because in effect it has become the *sole* barrier to entry to begin with.
...

Not Amir, but I have a question about this. It would seem that the very existance of BD+ means any player has to have a hook (interface) to give BD+ access to all the AACS-decrypted data. So, even if BD+ is never assigned to do anything, the extra interface would if compromised provide the bad guys a possible point of access to write this now-uncrypted movie to disc. Am I missing something here? Why couldn't that happen?

I suppose it is possible BD+ can ensure only disc resident code is run. But there is not enough published data about it to really verify that.

- Tom

You're fudging things. With BD+, you're talking about all the things that "could" be done. Here, with HD-DVD, you revert to only talking about the past. Once Vista security is in place, the content industry could decide to something else with it.
Content industry has 3 votes out of 19 in DVD Forum. While those are powerful votes, at the end of the day, HD DVD is a spec that all the industries have to agree with or it won't pass. With a standard already implemented in the market, it gets harder and harder to go back and add features to it, especially when some of the studios mentioned want to have nothing to do with region coding.

And no, I am not talking about the "past." I am talking about the present. At present, you have region codec BD discs and players. There is none for HD DVD. You are welcome to predict the future though. But while you are at it, consider that BD+ gives the content industry the tool that you worry about. Ability to constantly change and redefine what you can do with their media. Unlike the set of functionality that you can touch and smell in AACS, BD+ allows an open-ended execution environment which can implement new measures long after the format is spec'ed. After all, there is no way to spec what program can be written in the future. And with much of that capability hidden from you, you have no way to guage the level of concern either.

Vista has nothing to do with any of this as hardware players already provide that level of security and possibly more.

But we digress.

Amir, your entire argument is an argument against allowing high def playback in PCs.

If you're going to reauthor a disc, you don't even need to decrypt it in the first place.

reauthor <> re-encode.

Amir, your entire argument is an argument against allowing high def playback in PCs.
Actually, same thing applies to hardware systems. Remember, I made my case for having equal protection for both subystems. It doesn't matter what level that is.

But yes, making software players robust against attacks is challenging. AACS has provisions to help with this with more frequent key rotations and such. But ultimately, we have shown that a system that gets breeched and fixed, winds up being more secure over time, than one that does not for a while. How many people reach for spare tire when they have a flat, just to find out it is also flat? :)


Also recall what I said regarding leakage. No one is trying to build a system that can not be broken. They are trying to make a system that you all accept as consumers, and makes good business sense for the industry providing it.

Oh C ock!

http://www.nytimes.com/2007/01/01/technology/01hack.html

The old stanby: Correlation does not imply causation.

Give those same billion people a poll as to their thoughts on MS and security, and then we'll talk.


Window's very ubiquity makes it more of a target though- not necessarily, as some have implied, because Microsoft is so irresponsible. It's a problem Apple doesn't have to deal with as frequently because they aren't so target rich.

If OS X and Windows were to switch market positions, Apple would have to deal with the same volume of issues. I somehow suspect that the PR would be just as negative as well.

There is only one way to create true hard(er)-to-tamper software, and that is to have certain classes of applications that needs to be hard(er)-to-tamper be not runnable if the system detects a debugger is scanning certain memory addresses or single stepping CPU operation is happening.

As long as a resourceful hacker can write his own app (or use existing kernel debuggers if the app is foolish enough to not shut down when it detects such debuggers) that causes a breakpoint type interrupt whenever a certain memory address is read, a Xing/PowerDVD style hack is only a question of how much time the hacker wishes to spend.

Even if somehow the final location of the codeword is obfuscated and physically far away from the pre-hash public disk keys read from the disk, even if the linear address of the final codewords can change, as long as you can still read linear memory and place a trigger whenever that linear memory address range is touched, no Software Player is safe under any OS.

What is even more a concern of systems unprotected from this means of attack is that traps placed on such linear address ranges will give the hacker the address of the instruction that reads that linear memory address range and in turn the executing code that runs the actual hashing functions can be scanned, and in turn disassembled offline. With repeated attacks after gleaning more and more information about the software player, eventually the private keys of the players themselves can be obtained, at which point AACS (for these keys at least) is truly broken and the hundred odd disks out there will be public domain. Further obfuscation that causes your code and data to be randomly placed at different linear addresses upon each run of each reboot only deters the less experienced hacker and only when there is truly a large number of locations where this can happen and there is no discernable pattern.

Any competent system programmer who wants to turn his attention to this type of hobby knows this, meaning that this is a widely understood tool among certain classes of programmers who have to understand CPU architecture.

There is no COPP, no PBDA no ISDB-T protection that is tamper-proof in software unless there are system monitors in place that detect errant behavior of certain physical address ranges showing up on the system memory controller address lines can be detected by hardware means (and such hardware means cannot be shut-off).

Oh C ock!

http://www.nytimes.com/2007/01/01/technology/01hack.html

Wow in the NY times right before CES. Hate to rain on the parade of the fanboys but this will just entrench Disney and Fox further into the BD only camp.

Wow in the NY times right before CES. Hate to rain on the parade of the fanboys but this will just entrench Disney and Fox further into the BD only camp.

And ensure that no franchise content is released by them for the foreseeable future. Right now the only plus I see for either format is the free publicity.

http://www.google.com/trends?q=Blu-ray%2C+HD%20DVD

Despite the media frenzy, there is still no confirmation from any second party that the hacker's attempt was successful.

Amir, regarding BD+, the paper often cited by paranoid HD-DVD supporters (http://securityevaluators.com/eval/spdc_aacs_2005.pdf), says:

We conclude that in many instances the SPDC framework offers significant advantages in content protection over AACS alone.and

SPDC also provides mechanisms by which content creators can overcome or repair device implementation flaws, and provides a generally more resilient level of system security than can be provided by key management and device-revocation systems alone.
This is why the Mark Knox like of "BD+ closes one door, but opens many windows" came from.Come now, Amir. Mark Knox was speaking as a Toshiba HD-DVD representative. He has political reasons to describe HD-DVD positively.

Can you point to an independent security analysis whose conclusions agree with yours?

Can you point to an independent security analysis whose conclusions agree with yours?
A requirement for that would be for BDA to offer up their specifications to an independent evaluator without requiring an NDA. Without access to the specs or a gag order, the evaluator can not do its job or report on its results respectively.

So folks throw rocks at AACS whose specification is open, but refuse to disclose their own spec. You see why we insist that BDA put BD+ specifications in public as their first gesture to prove its worth?

For now, you have to accept the fact that two bi-partisan organizations which have BD companies as their majority members, DVD Forum and AACS, both analyzed the claims of CRI and found to be without merit. And refused to adopt it.

You can also ask paidgeek if his employer and or that of Disney, pushed for adoption of CRI technology (which BD+ is based on) when it was proposed to above organizations. And if not, why not. Again, with Disney, Matsushita/Panasonic and Sony, they would have a strong chance of getting AACS to approve CRI's technology. Indeed, that paper came out when the first effort, in DVD Forum, came about so there are no secrets in there for the people in the industry.

Between a paid for analysis and the word of DVD Forum/AACS, I would take the latter. Your mileage may vary.

You know what Rob .... Happy New Year. And you too Amir!

You know what Rob .... Happy New Year. And you too Amir!
Thanks Jeff. :) Same to you and everyone else!

For now, you have to accept the fact that two bi-partisan organizations which have BD companies as their majority members, DVD Forum and AACS, both analyzed the claims of CRI and found to be without merit. And refused to adopt it.Refused to adopt? Yes. Found to be without merit? Where is the public evidence for that statement? Refusal to adopt can be for a large variety of reasons, including political reasons.

Despite the media frenzy, there is still no confirmation from any second party that the hacker's attempt was successful. The inability to duplicate his results is significant.

You would have thought we would have heard something by now.

Refused to adopt? Yes.
Gald we are making some progress here :).

Found to be without merit? Where is the public evidence for that statement? Refusal to adopt can be for a large variety of reasons, including political reasons.
:eek: You think BDA adopted BD+ for non-political reasons? As has been widely reported, BD+ was given to Fox to get their support for BD+, not because there was a technical working group that studied the facts for a few months and concluded AACS needed BD+ to rescue it, as the paid-for report claims (which I have shown here does not in practice). If that is not "political" I am not sure what the term means in this context.

As to providing additional proof that refusal in DVD Fourm/AACS was due to merits of their proposal, I have given you great tools to do so but you seem to be ignoring them. So once more, please ask paidgeek if DVD Forum/AACS analyzed CRI's proposal and refused to adopt it due to "political" reasons. Surely you believe his answers.

Just FYI guys.

In the original forum where the news of the AACS crack claim was placed, there is starting to be more and more doubts on the validity of the claim.

First the software version used 6.5 is OEM, and not in general release anymore, and cannot be readily downloaded.

Next noone can find the keys to use, even trying his memory dump techniques.

In short in the past week, no one can replicate his results, and here are some recent comments about it.

http://forum.doom9.org/showthread.php?t=119871&page=8
Each day that goes on without someone else actually providing a key or at least confirming spotting one makes me more skeptical this is real.I am afraid you are not understanding...once this version of PowerDVD is blacklisted it won't work anymore with newer released titles. The newer released HD-DVDs will know that this version of powerDVD has been compromised and will refuse to work. You either update to a newer version of powerDVD or you are stuck with only be able to play the old (150 or so HD-DVD) titles that have come out up to now.I've got the 360 HDDVD drive in hand. In the youtube video it shows that he is using powerDVD 6.5 . I'm only finding 7.0 online. Should I try to find 6.5 or go with 7.0? Am I the only one who thinks this was a hoax?But you cannot playback FROM HD, right ?Now I'm starting to think that video (on tube) might be... fake. BTW , the original poster has not posted anywhere again since his announcement post.....

chill. rome wasn't built in a day.

http://www.betanews.com/article/Studios_Take_Claims_of_AACS_Crack_Seriously/1167427818

a spokesperson for the AACS Licensing Authority told Reuters this morning it is seriously investigating the legitimacy of the claim.

One element of the AACS scheme that distinguishes it from CSS is its use of a separate decryption key, called the revocation key because it can be revoked by the AACS clearing house in the event that discs using that key have been cracked. The result is supposed to be that the once-cracked media becomes unreadable by AACS-endowed players connected to the Internet....

If Muslix64's description is correct, then CyberLink may have committed a major blunder: Its implementation could actually leave the title key exposed, which a player could use instead of the revocation key for decryption of a copied disc, thereby bypassing at least one "self-destruct" feature.But even Muslix64's explanations leave open one possibility: that the title key exposure could be limited to just a few HD DVD discs.
Conceivably, an insecure player implementation may not expose the title keys from every HD DVD disc, especially since AACS implementations have been evolving from their interim versions in February to reportedly more rigid, recent versions in recent months.

http://www.betanews.com/article/Studios_Take_Claims_of_AACS_Crack_Seriously/1167427818

The result is supposed to be that the once-cracked media becomes unreadable by AACS-endowed players connected to the Internet


This is incorrect. AFAIK, the CRL(content revocation list) is on the disc. Once the disc's media key is leaked, it is cracked. AACS couldn't revoke a disc, it instead put the compromised player's master key in the CRL list on future release. Therefore, the compromised player's master key could no longer decrypt the media key on the future release. The "connected to the internet" part is creative journalism.

This is incorrect. AFAIK, the CRL(content revocation list) is on the disc. Once the disc's media key is leaked, it is cracked. AACS couldn't revoke a disc, it instead put the compromised player's master key in the CRL list on future release. Therefore, the compromised player's master key could no longer decrypt the media key on the future release. The "connected to the internet" part is creative journalism. yah, the only way that would happen was if a required firmware or software update "from the internet". But that would be a nuclear issue that would stop some people from playing already released media, and that's probably never going to happen. Much more likely is that future pressings of that title would have a seperate key.

What is the possibility that future HD DVD pressings would include mulltiple title keys in there production for different lots of the discs?

That I guess would entail different glass masters, and would probably be feasible for each batch, or each replication line, but not in the smaller one line production lots.

I did a "quick" read on the the AACS White Paper (http://www.aacsla.com/marketplace/overview/aacs_technical_overview_040721.pdf) and it isn't as simple as "cracking" 128bit Wireless WEP Encryption that I've read on the web. Anyone can go on the web and say they cracked AACS, so unless the crack can be proven true it's false, for that one title on that one software player version. :rolleyes:

The weakest link of any Encryption system is going to be the software players for either HD DVD and BluRay. So writing very secure software players will be a BIG factor if a Hacker is willing to spend months doing so and very few will.

Media producers can easily change the "key" on a the same single title say very 100,000, 10,000 or 1,000 run.

Also, 128bit key gives you 3.4e+38 keys that is 34 with 37 zeros! :eek:

...Angelo

This is starting to smell fishier and fishier to me.

You think BDA adopted BD+ for non-political reasons?Who said that? You're changing the subject. It's amazing that you think "Trust the DVD Forum!" is a rational argument.

Continuing this discussion is impossible because the mods will just delete my comments anyway, while leaving Amir's intact.

"Trust the DVD Forum!"


They did so well on the recordable formats :rolleyes:

Who said that? You're changing the subject. It's amazing that you think "Trust the DVD Forum!" is a rational argument.
I didn't change the subject. You are the one the brought up the topic of "political" selection so I answered it.

But yes, I trust DVD forum far, far more than ISE who was paid by CRI to do the "study" which you posted. Ditto for AACS and its extensive deliberations before refusing to adopt BD+. Neither org was paid by us, CRI, Fox or anyone else to make the selection it did. And again, both DVD Forum and AACS are bipartisan groups, with majority influence of BDA companies.

I have said before that what is considered to be good copy protection technology is subject to debate. To settle it, we don’t listen to one company but to a set of companies arriving at a consensus. This is why AACS is not just made up of content companies. It is instead, made up of IT, CE and content companies.

You don’t say why you don’t like the work of AACS above, but throw rocks at DVD Forum which also has BDA companies in it and indeed, they hold majority vote and were fully involved in evaluation and rejection of CRI’s proposal. If you know something to be faulty in that process, let’s hear that. Without it, you don’t win an argument, but serve to insult the many people who do this for a living.

They did so well on the recordable formats :rolleyes:
Now, this is what I call changing the subject ;).

You're wasting your time arguing with Rob.

Anyways, I look forward to next weekend. CES was always going to be interesting, but now even more so. Regardless if this AACS-workaround video is real or not, DRM is definitely going to be a topic of heavy discussion.

In any case, aside fom hardware and studio announcements for support of one format vs. the other (or both), I'd like to hear more on the topic of Mandatory Managed Copy at CES.

This is starting to smell fishier and fishier to me.

Like I said-- I've always been skeptical. There is a serious video discontinuity between the WB logo and the movie itself, and if you read some of the HTPC threads on the Xbox360 drive, there were some folks who got to watch the intro logo before the player shut down for content protection reasons (I think it was HDCP, but I don't recall precisely).

I can understand how "Muslix64" could have accomplished what he claimed, but it would be funny if this were all a (not-so elaborate) hoax.

Originally Posted by Rob Zuber "Trust the DVD Forum!"


They did so well on the recordable formats

I presume that was scarcastic. Going offtopic (i know), but one of the many reasons why i dislike Ssony is because they and their associated companies ruined the whole recordable DVD format by introducing the DVD+RW and later DVD+R formats, simply because they didn't want to pay the royalties/licensing fees for the exisiting technologies approved by the DVD Forum.

I presume that was scarcastic. Going offtopic (i know), but one of the many reasons why i dislike Ssony is because they and their associated companies ruined the whole recordable DVD format by introducing the DVD+RW and later DVD+R formats, simply because they didn't want to pay the royalties/licensing fees for the exisiting technologies approved by the DVD Forum.How so?

I presume that was scarcastic. Going offtopic (i know), but one of the many reasons why i dislike Ssony is because they and their associated companies ruined the whole recordable DVD format by introducing the DVD+RW and later DVD+R formats, simply because they didn't want to pay the royalties/licensing fees for the exisiting technologies approved by the DVD Forum.

Now we are way off topic, but the big players of the DVD+RW Alliance were Dell and HP. It was the Set-Top Kids(DVD Forum) agains the PC Geeks( DVD+RW Alliance). That's what it was really about.

It created consumer confusion without adding any benifit over the existing approved technologies (DVD-R/DVD RAM).

I have work colleges who waste many hours per year scratching their heads wondering:

- why the blank DVDR they inserted into their DVD recorder cannot be written to.
- why some of our pre-recorded archive discs cannot be ready on certain PCs.

Unfortunetly for our company we use thermal printable discs, hence even educated computer users have a hard time determinine if one disc is a DVD+R or a DVD-R (due to thermals not being labeles). It wasn't until i started that they received sufficient education to tell the difference within 2 seconds just by looking at the discs - previously they just used tiral a error method.

Going further back in time when i managed the importation of optical media for a different company, post the DVD+RW launch approx 90% of all enquiries surround consumer confusion about optical disc compatibility. Now because our company valued good serivce many hours were wasted explaining this to the customer.

I'm also still answering many questions on various forums directly relating to this issue.

big players of the DVD+RW Alliance were Dell and HP.

Sony, Ricoh and Philips were also big players in the DVD+RW Alliance.

From wikipedia:
http://en.wikipedia.org/wiki/DVD_plus_RW_Alliance

Alliance leaders

Eight companies form the leadership of the Alliance:

* Dell Computer Corp.
* HP (Hewlett-Packard Co.)
* Mitsubishi Chemical Corp.
* Royal Philips Electronics N.V.
* Ricoh Company, Ltd.
* Sony Corp.
* Thomson SA (RCA)
* Yamaha Corp.


PS this is getting way offtopic so i'll stop here, but if anyone wants to continue the history of recrodable DVD and how the consumer got screwed, start a new thread in the appropraite forum and PM me the link.

kdragon - sent you a PM in reply to your post below.

gooki, I didn't realize this is off topic. Sorry guys. Just one post...

Your reasoning is correct, but I think the failure of DVD recordable media has many more reasons. Confusing +R with -R is only one of the reasons. Too slow, expensive, compatibility issues with DVD players, risk of coasters (combined with price), etc. Added problem of hard disks getting cheaper. On the other hand, +RW provided good alternative to RAM (which never caught on in US). So, there were positives too.

IMO, as far as recordable media are concerned, more choices are better. On ROM side, I think one format is better.

--
Anyway, let's continue with the thread topic.

The inability to duplicate his results is significant.

You would have thought we would have heard something by now.

Not that it means a whole lot more, but there's a guy over here claiming to have some success.

http://www.hardforum.com/showthread.php?t=1137390&page=3

Amir here's the hole in this argument though, and the reason for which BD+ does provide a material line of defense. We're viewing BD+ as a scheme studios will implement only when AACS itself has been compromised (or some other triggering event occurs). In a world where AACS is already compromised, it does not matter that BD+ provides a vector of attack circumventing it, because in effect it has become the *sole* barrier to entry to begin with.

Amir, any response to this? Makes sense to me.

Amir here's the hole in this argument though, and the reason for which BD+ does provide a material line of defense. We're viewing BD+ as a scheme studios will implement only when AACS itself has been compromised (or some other triggering event occurs). In a world where AACS is already compromised, it does not matter that BD+ provides a vector of attack circumventing it, because in effect it has become the *sole* barrier to entry to begin with.

AACS may be enough, and if so... perhaps we'll never see BD+ put into play.

As I mentioned earlier in the thread, I'm sure even the studios themselves would rather not rely on it if they don't have to. But at least one of them did want the option. And if BD+ does become the defensive line in light of a broken AACS, it is not a weak defense in that the entire encrytption system can be switched up from 'revision' to 'revision' as it gets broken down.
xbdestroya, are you an insider or have affiliation with a BD hardware or software manufacturer?

Not that it means a whole lot more, but there's a guy over here claiming to have some success.

http://www.hardforum.com/showthread.php?t=1137390&page=3from that forum
Yes, it played back without the HD-DVD in the drive, but it was only because I didn't know and left PowerDVD open, which still had the key stored in it for the session. Upon further review, if I close PowerDVD and try to play it back off the hard drive, it is just a black screen and gets no audio or scratched/bliping audio. I'm still searching for keysstill looking for the keys.....

Its not proven that AACS was cracked and even if it was I wouldn't be shocked. Anything that was made can be brought down. Any program can be hacked. The only thing adding things like AACS does is delay the amount of time before it happens.

Amir, any response to this? Makes sense to me.

What if someone is able to sneak a "malicous code" onto the BD+ VM when playing the title? The VM just follow the "instruction" and hand over the AACS decypted stream?

from that forum
still looking for the keys.....

Yes, but if you keep reading, w1retap or whatever his name is claims to have found "encryption" (<-- does he mean "title"?) and volume keys, and even some kind of Managed Copy ID, apparently.

Amir, any response to this? Makes sense to me.
I thought Tony already answered one aspect of it. That is, as long as BD+ is implemented in the player, then it exists as an interface into AACS which can be hacked. When there is code and engine that could something, hackers will put it to their use.

But the bigger issue is the wrong assumption xd makes. That BD+ is some kind of fire extinguisher you use when AACS breaks. Such is not the case (see the one exception below). To wit, if BD+ was available day 1, Fox would use it, day 1 – whether AACS was hacked or not. Again, if anyone doubts this, they can ask paidgeek for confirmation.

As I have said before, BD+ requires the functional foundation of AACS. No one will, and I claim will be allowed, to publish a BD discs with BD+ but without AACS.

And to the extent some BD studio publishes their entire library using BD+, they have the exposure I have spoken about.

There is however, one use of BD+ which is to examine a machine that is hacked, and decide to shut down that machine/application completely, so that it can no longer play any discs. Alex talks about this in his post. As you can imagine, this going to make a lot of consumers pretty upset, who would not have a clue on how to exploit any AACS breaches. But putting that aside for a moment, shutting down a player for good, requires permanent, persistent and hack proof changes to your player/machine. Yet, BDA claims that BD+ code is temporary. If the code is temporary, it can not perform this function so there is no value to them on this front. If it is not temporary, and can make such changes happen, then there are going to be a lot of angry people going after them, because the sky is the limit of what could happen to your machines, especially if you allow the possibility of programming/implementation errors in BD+.

If it is not temporary, and can make such changes happen, then there are going to be a lot of angry people going after them, because the sky is the limit of what could happen to your machines, especially if you allow the possibility of programming/implementation errors in BD+.
Amir, I understand what you're saying, but to the uninitiated like me, the "sky-is-the-limit" argument sounds like a sky-is-falling argument to be honest.

In any case, so far the description of BD+ is very vague for those of us not in the know, which makes it impossible for us to know what it means one way or another. Mind you, at the moment it's moot, since BD+ is currently vapourware.

from that forum
still looking for the keys.....

Scroll down further. Post #56.

I thought Tony already answered one aspect of it. That is, as long as BD+ is implemented in the player, then it exists as an interface into AACS which can be hacked. When there is code and engine that could something, hackers will put it to their use.

But the bigger issue is the wrong assumption xd makes. That BD+ is some kind of fire extinguisher you use when AACS breaks. Such is not the case (see the one exception below). To wit, if BD+ was available day 1, Fox would use it, day 1 – whether AACS was hacked or not. Again, if anyone doubts this, they can ask paidgeek for confirmation.

I was honestly going to leave the lack of response to my post alone, but it being brought up again puts me back in 'the mode.' ;)

No one is disagreeing that for BD+ to function as intended, AACS needs to be there. And also, no one is arguing that BD+ itself provides another vector for AACS circumvention. But what we are saying, is that it is an additional encryption layer to be broken, and in a world where AACS has been otherwise cracked (I agree we do not live in that world as yet), the fact that it can serve as a barrier in and of itself to IP piracy makes it a powerful anti-piracy tool. On top of that, the method itself is robust, capable of of putting an entirely new encryption system on disc, release to release. So if AACS were to break, I just don't understand where one could argue that the studios would not want to have this tool available to them, all things being equal. It's a tool; whether you use them or not, better to have more tools at your disposal than less.

As far as Paidgeek and BD+ implementation, the only thing he has said on the matter in the Insiders thread is that Sony presently has no plans for using such, and the implication would be it won't be putinto play until needed (which I read as AACS failing). If FOX is prepared to just go full speed ahead, well... it is what it is.

all things being equal. It's a tool; whether you use them or not, better to have more tools at your disposal tan less.



The BD+ VM is always there whether you use them or not. All things are not equal.

Lymzy I don't follow you - what's yoru angle with that?

Lymzy I don't follow you - what's yoru angle with that?

Could someone exploit BD+ VM on PC platform and let AACS hand over the decrypted stream? Can you guarantee it is impossible?

Scroll down further. Post #56. oops, missed that. Didn't say he found them unencrypted though ;)

Seems a bit funny that he says he found them and then shows no proof.

bwhahaha.. found encryption keys, volume keys, and the MCM managed copy V-ISAN ID. Now I'm just working on hashing the whole HD-DVD.. its taking a while.. lol. After that, I'll try the ripping program for playback off the hard drive. Then, if that works, its off to HDbits.

maybe this is why



Cyberlink Responds to Alleged AACS Crack

http://msmvps.com/blogs/chrisl/archive/2007/01/02/463980.aspx

Could someone exploit BD+ VM on PC platform and let AACS hand over the decrypted stream? Can you guarantee it is impossible?

Well, this scenario is exactly that which Amir is saying could happen; my thoughts on such are in the post of mine your originally responded to. It's less a matter of 'is it possible' than 'is it relevant?' And I would say that is all a matter of when BD+ is deployed, and why. But I see what you're going for, and in answer... it can be exploited, but it would be a disc to disc affair, as different encryption systems can be employed across different titles. And remember, that BD+ code is all self-contained on the disc.

And I would say that is all a matter of when BD+ is deployed, and why.

BD+ virtual machine is always in the system from day 1. Let's say Jon writes a BD+ code and he is able to cheat the machine into thinking this is the BD+ code deployed by the studios. What will happen? All the bluray titles could be ripped even when AACS is not cracked and BD+ code has never been deployed. To make the matter worse, there is no way to revoke the BD+ VM.

BD+ virtual machine is always in the system from day 1. Let's say Jon writes a BD+ code and he is able to cheat the machine into thinking this is the BD+ code deployed by the studios. What will happen? All the bluray titles could be ripped even when AACS is not cracked and BD+ code has never been deployed. To make the matter worse, there is no way to revoke the BD+ VM.

Well let me ask you instead; why do you think writing a faux BD+ script would circumvent the BD+ native on discs? When you put that legitimate disc in, it's going to run it's *own* scripting.... doesn't matter what else you've created on the side. And again, it brings us to the original point - you would need to crack the encryption scheme associated with each BD+ 'revision' on these discs to be able to feed the playback device (or ripping software) the 'affirmative' result it requires to allow decryption to go forward.

Well let me ask you instead; why do you think writing a faux BD+ script would circumvent the BD+ native on discs? When you put that legitimate disc in, it's going to run it's *own* scripting.... doesn't matter what else you've created on the side.

Ok, since you say it doesn't matter, I will take it as a fact. I guess secure virtual machine is easy to implement in the open platform after all. :) BTW, there is no BD+ codes on the discs for now. As for your question, why do you think AACS could be cracked/circumented?

Ok, since you say it doesn't matter, I will take it as a fact. I guess secure virtual machine is easy to implement in the open platform after all. :)

It's just that the relevant code is self-executing and cordoned off on a physical media. Again I'm not saying that you couldn't somehow insert yourself into the runtime process, but, well it goes beyond the scope of what I can comfortably speak to (I'm not completely L337 or anything). It would be a hard undertaking though.

I think attacking the actual encryption schemes themselves (or finding exploits elsewhere) seems like a more 'naked' target than trying to execute a plan that requires what would have to be some sort of faux shell VM that will interrupt or circumvent wholesale the BD+ execution, yet at the same time seem 'normal' enough to trigger BD+ execution in the first place. Since one of BD+'s primary objectives is to detect exactly this sort of tampering on the firmware level (and on the PC I guess we'll say 'virtual' firmware), I mean I don't know...

BTW, there is no BD+ codes on the discs for now.

Hopefully AACS is enough and BD+ will never be needed. In truth I'm not trying to talk BD+ up at all! I've been here singing the praises for ROM-Mark instead as a practical, harmless, anti-mass piracy measure. But Amir keeps trying to position this thread such that BD is perceived as somehow less secure in relation to HD DVD from an IP protection standpoint, due to the inclusion of BD+ in the spec. Again, that is only the case within a certain context. When BD+ titles actually launch, we can evaluate the situation vis a vis the state of AACS hacking. Until that point in time, BD+ remains a tool in reserve; neither an additional defense, nor an 'open window!' ;)

Until that point in time, BD+ remains a tool in reserve; neither an additional defense, nor an 'open window!' ;)

But BD+ VM is always open to attack because it is implemented from day one in the player. So I doubt the "nor an open window" part.

What happens in the scenario that a BD disc without BD+ is deceived into handing over the unencrypted AACS stream because somone creates a fake BD+ VM? In this scenarion there is no BD+ encryption to break.

I said nothing about them giving up, I just said they would need to work twice as hard

indeed, since the specs are unknown and there is no BD+ "protected" BR disc. That like trying to guess the particular day, direction, and strength of ONE hurricane in 2007 right NOW as of this post.

But BD+ VM is always open to attack because it is implemented from day one in the player. So I doubt the "nor an open window" part.

Lymzy I don't know what else to tell you. Ammilans gives a great BD+ breakdown in post #350 of this thread. If nothing I've written, and nothing he wrote, assuage your concerns on the matter... well then that's understandable, but there's nothing else I can say that hasn't been said. It's not the virtual machine that needs to be attacked, it's the BD+ implementation on whatever the disc in question is.

Lymzy I don't know what else to tell you. Ammilans gives a great BD+ breakdown in post #350 of this thread. If nothing I've written, and nothing he wrote, assuage your concerns on the matter... well then that's understandable, but there's nothing else I can say that hasn't been said. It's not the virtual machine that needs to be attacked, it's the BD+ implementation on whatever the disc in question is.

Yes, but I think it has been stated that the current BD+ implementation onl all discs so far is known to leave the data unchanged. Thus it needs no further decryption. However if you still can somehow insert your own BD+ function you will not have to decrypt anything but instead can save plain text data to disc, for subsequent fun & piracy. I see no way around this logic unless BD+ can ensure nobody else can use the interface.

- Tom

Does anybody know whether current software BD players on PC implement the BD+ VM or not? If it already exists, somebody may decide to have fun with it!

A white paper from Dell regarding the three CPS schemes and their interaction:
PROTECTING CONTENT ON THE BD-ROM (http://www.dell.com/downloads/global/vectors/brcp.pdf)

An old presentation from blu-raydisc.com:
Overview of BD-ROM security (http://www.blu-raydisc.com/assets/downloadablefile/5th_japan_05-13343.pdf)

Most probably these are already posted. When I looked at this presentation (much) earlier, I didn't pay attention to the 'native code' part. Thanks to amillians for that.

Here's my take on the whole thing:

http://www.hdnowonline.com/Comment_Who_Is_Muslix.html

And I don't think that BD+ is a factor yet, as they've hardly penned the thing, let alone contracts, yet...

Rdjam, all I can say is that this article of yours is right in line with the depth of the rest of your posts here. You see right through all of the illusions, don't you? Such as:

2) "Muslix", as he calls himself, is not even the correct spelling. We feel that this means he is attempting to indicate he is domiciled in Europe, when he is likely actually in the US. (It's "Mueslix", son...)

Go get 'em tiger.

In the words of Daffy Duck: "ththte powerth of deductifph reathoning!" :p

Oh, and as my article says, AACS has not been cracked. The tool published by the tool is only a textbook AACS decoder which cannot crack keys. They would need to be supplied..

From rdjam's article:
6) YET, "Muslix" has chosen to release a select few HD DVD AACS title codes, but not a tool to crack them, and has only chosen to do so against HD DVD, but not Bluray....
Maybe I missed something here but I do not believe Muslix published any keys at all.

There are dummy lines for a few movies in his released config file but they all have keys of 0's. There are some long hash values on each line others have taken to be keys but they alone will not decrypt anything. So, unless I did not download the correct elite hacker version Muslix64 has not made any movies vulnerable or shown that any keys can yet be extracted.

- Tom

Maybe I missed something here but I do not believe Muslix published any keys at all.Please don't let mere facts get in the way of a good conspiracy theory! :D

Go get 'em tiger.

Is that a call for FBI ? ;)

Here's my take on the whole thing:

http://www.hdnowonline.com/Comment_Who_Is_Muslix.html

All right! For quite some time I had the sneaking feeling that this whole "rdjam" persona and all those hilarious thing posted under it was some kind of elaborate comedic internet performance, but this new "conspiracy theory" is really so far out that surely everyone must get the joke now:

And finally, why did he choose to write the "tool" in Java? The obvious answer is that it is what he is most comfortable with. Given how close the Java camp and Sun are, as an integral part of the Bluray disc association, it seems to indicate, again, that "Muslix" is not actually an HD DVD supporter, but more likely in the Bluray camp. This is a more tenuous conclusion, but a reasonable one nonetheless. Of course, it is possible that using Java was just a "dig" at the HD DVD camp, an "insider joke", if you will. But then this would also indicate that this is an attack on the HD DVD format by desperate Bluray supporters.

Comedy gold! :)

All right! For quite some time I had the sneaking feeling that this whole "rdjam" persona and all those hilarious thing posted under it was some kind of elaborate comedic internet performance, but this new "conspiracy theory" is really so far out that surely everyone must get the joke now:



Comedy gold! :)


Ok since consipracy theories are abound..

I will post mine :)

the problem is not going to be the volume key. As that is per disc family anyway and is updated as much as by each run for some studios. The issue, everyone is so caught up on and hyped up about the volume key that they are running through and falling into the tiger traps (Device Keys). Seeing as this crack is being done by the Xbox HD-DVD connected to a PC. It is highly possibly (and most likely scenario) that they will blacklist ALL xbox360 HD-DVD drives connected to the pc as the AACS still has that provision in place in thier Interim License agreement (finalization happens Jan 31, 2007). Guess what that will make all those Xbox360 HD-DVD player? Big expensive dvd players when connected to a pc and that is about it as the HD-DVD player must read the bootup code of the HD-DVD and the minute it goes into AACS mode it WILL get disabled thanks to the update. The only time they will be good for HD-DVD is when they are connected to Xbox360 and then that is downloading the keys from XboxLive.

The more this continues the more this seems like they were hoping this would happen or in other words.... "Looks like we been "had" Jimmy!!!"

From rdjam's article:

Maybe I missed something here but I do not believe Muslix published any keys at all.

There are dummy lines for a few movies in his released config file but they all have keys of 0's. There are some long hash values on each line others have taken to be keys but they alone will not decrypt anything. So, unless I did not download the correct elite hacker version Muslix64 has not made any movies vulnerable or shown that any keys can yet be extracted.

- Tom
Good point, Tom.

He mentioned somewhere that he had, and that he was going to release more. But we never actually saw them - the "keys" on the screen in the video were apparently just hash values...

I'll update the story.

Ok since consipracy theories are abound..

I will post mine :)

the problem is not going to be the volume key. As that is per disc family anyway and is updated as much as by each run for some studios. The issue, everyone is so caught up on and hyped up about the volume key that they are running through and falling into the tiger traps (Device Keys). Seeing as this crack is being done by the Xbox HD-DVD connected to a PC. It is highly possibly (and most likely scenario) that they will blacklist ALL xbox360 HD-DVD drives connected to the pc as the AACS still has that provision in place in thier Interim License agreement (finalization happens Jan 31, 2007). Guess what that will make all those Xbox360 HD-DVD player?
Highly unlikely - doesn't each player have its own key? I feel that, if anything, it's more likely that only "Muslix's" player will become a doorstop...

Couldn't happen to a nicer guy ;)

Highly unlikely - doesn't each player have its own key? I feel that, if anything, it's more likely that only "Muslix's" player will become a doorstop...

Couldn't happen to a nicer guy ;)


each device family has an assigned DEVICE key. It is assigned PER FAMILY. Ie Xbox360 HD-DVD has one key for the lot of them. Same with Toshiba HD-a1 which is Different than HD-A2. BUt within the HD-A2 all the Device keys are the same. Think about it like the landord in the apartment building having all the keys to all the apartements. In one fell swoop, can change the locks on all the doors. How can this be stopped?

simple.

Can not ever put another newer HD-DVD in the player and can not ever update the PC with HD-DVD. So you are stuck with the movies you have.

Story is corrected now. Thanks again, Tom.

rdjam

here we go :)

Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys maybe different in different media types. These Device Keys, referred to as Kd_i (i=0,1,…,n-1), are provided by AACS LA, and are used by the device to process the MKB to calculate Km. The set of Device Keys may either be unique per device, or used commonly by multiple devices. The license agreement describes details and requirements associated with these two alternatives. A device shall treat its Device Keys as highly confidential, as defined in the license agreement.

Every Java developer is now a Blu-Ray supporter and has been placed on rdjam's enemies list. You've been warned.

Every Java developer is now a Blu-Ray supporter and has been placed on rdjam's enemies list. You've been warned.
Says you, of course.... ;)

Story is corrected now. Thanks again, Tom.
Cool story, rdjam :D Wait, what's the reason to make things so complicated? All that jazz is supposed to be much simpler. I personnaly believe in that he did that he claimed, and he didn't have enough courage to prove what he did. So, he'll wait for someone fearless to prove what he claimed. Not too fair, but that's life :)

Story is corrected now...Somebody said that every genius explanation of events is a simple one.
That does not mean that every simple explanation is a genius one.

This "From the Frontlines..." opus of yours must be a joke, right?

1. ""Muslix", as he calls himself, is not even the correct spelling..."
rdjam is not even the correct spelling, it must be roadjam, were did the vowels go?

2. "he is attempting to indicate he is domiciled in Europe, when he is likely actually in the US." Do you know any of the European languages? The sentence structure is definitely not American. Unless he asked somebody else to write all the text files for him, he is not from the US.

3."If it was truly through a weakness in a PC player program as he lets others imply, then why did he not indicate how?" WTF is this question all about?

4. "Cyberlink has now denied that Muslix got the keys via their PowerDVD program, lending credence to Muslix having obtained insider information." Did you read any of Muslix posts? He talks about Volume Key, CyberLink - about "Title Keys".

5. "He promises to "release" HD DVD title codes in the future, which looks more like corporate blackmail to us than anything else." He never did promise that, from what I read. BTW, who is it "us" in the last part of the sentence?

I won't go into "tapped out this program in 8 days, with no previous experience. uh huh...." and "why did he choose to write the "tool" in Java?"

He - Muslix - could be full of BS, but your "analysis" is much more so.

Diogen.

Cool story, rdjam :D Wait, what's the reason to make things so complicated? All that jazz is supposed to be much simpler. I personnaly believe in that he did that he claimed, and he didn't have enough courage to prove what he did. So, he'll wait for someone fearless to prove what he claimed. Not too fair, but that's life :)
"mommyman"?.. slightly aggressive for your first post, eh Muslix? ;)

All the talk about the simplest explanations are correct...

Simplest explanation is that the codes were given to Muslix by an insider, and until they can find a crack exploit, releasing the codes would expose them to risk...

IMHO...

Very interesting thread, where most posts are highly educating regarding AACS, BD+ and BD-Rom mark...

At the risk of getting flamed, the more time goes, the less I see AACS as being broken, and the more I see it as a rumor being started to bring panic among HD-DVD supporting movie studios...

How convenient was it to come up with such a story right before CES... How telling that nobody can duplicate Muslix results... Where are the HD-DVD files on the internet ? Every time something gets cracked, you can immediately find them spreading like wildfire on Usenet, ********** and the likes... Where are these HD movie files ? By now they should be easily available...

Desperate times call for desperate measures. So far I see no proof that this is not a hoax. If indeed ever proven as a hoax, you have to wonder what were the motives...

He - Muslix - could be full of BS, but your "analysis" is much more so.

Diogen.
In *your* opinion.

Relax a little... no need to get so excited...

Very interesting thread, where most posts are highly educating regarding AACS, BD+ and BD-Rom mark...

At the risk of getting flamed, the more time goes, the less I see AACS as being broken, and the more I see it as a rumor being started to bring panic among HD-DVD supporting movie studios...

How convenient was it to come up with such a story right before CES... How telling that nobody can duplicate Muslix results... Where are the HD-DVD files on the internet ? Every time something gets cracked, you can immediately find them spreading like wildfire on Usenet, ********** and the likes... Where are these HD movie files ? By now they should be easily available...

Desperate times call for desperate measures. So far I see no proof that this is not a hoax. If indeed ever proven as a hoax, you have to wonder what were the motives...
Exactly where I'm coming from.

At a time when Bluray is on the ropes, just two weeks before CES, and just a couple weeks after an article on copying Bluray movies with the PS3 - it just sorta "popped out" ;)

I've seen plenty dirtier tricks in business - so my radar pricked up immediately at how convenient it was...

In *your* opinion. Of course. Never claimed to be expressing somebody else's opinion.
This is your prerogative "...which looks more like corporate blackmail to us...".
Or is it your habit to talk about yourself in plural like the last Russian tsar?

BTW, did you send the link with your "analysis" to the studious?

Diogen.

EDIT: I'm still waiting to see a link proving this statement of yours
"He promises to "release" HD DVD title codes in the future, which looks more like corporate blackmail to us than anything else." or edit it out of your opus.

Well, I think its possible that the entire episode is a hoax, and the video playback seen, was not actually a playback of a decrypted file, but a playback down in a normal authorized manner. So "insider information" is not even required if it was an hoax.

But, about the grand conspiracy theory, I'm a firm believer in Occam's Razor. the simplest explanation here is someone trying to generate feedback on a forum and claiming a bit more than what he has actually done.

Or an individual trying to discredit HD DVD or in a misguided way credit it as more hacker freindly on that forum.

Far more likely its a misguided twerp than a corporate cabal.

Nice reading though.

If you take out the conspiracy part, its a fairly accurate read though.

Exactly where I'm coming from.

At a time when Bluray is on the ropes, just two weeks before CES, and just a couple weeks after an article on copying Bluray movies with the PS3 - it just sorta "popped out" ;)

I've seen plenty dirtier tricks in business - so my radar pricked up immediately at how convenient it was... My friend, I think you radar may be a bit sensitive.

I do agree that the timing was suspicious, although my reading of his posts and any follow up ones, gave me the distinct impression that those guys were unaware that CES was even going to be happening soon.

It is funny though, how quickly some other sites picked up on this HD DVD "bad news" before CES, as they certainly knew CES was happening.

Of course. Never claimed to be expressing somebody else's opinion.
This is your prerogative "...which looks more like corporate blackmail to us...".
Or is it your habit to talk about yourself in plural like the last Russian tsar?
Me and my bro', baby, me and my bro'... perhaps you haven't read "About Us" on the petition site...

Me and my bro', baby, me and my bro'...Thanks, baby, thanks...
Is this bro' - thing you second personality and how many of them are there?

Diogen.

My friend, I think you radar may be a bit sensitive.

I do agree that the timing was suspicious, although my reading of his posts and any follow up ones, gave me the distinct impression that those guys were unaware that CES was even going to be happening soon.

It is funny though, how quickly some other sites picked up on this HD DVD "bad news" before CES, as they certainly knew CES was happening.
Heh! :) I think we are both getting the sensitive radar now :D

Thanks, baby, thanks...
Is this bro' - thing you second personality and how many of them are there?

Diogen.
We're ignoring you right now...

- Yeah, exactly!

- - - ME TOO!

:p

"mommyman"?.. slightly aggressive for your first post, eh Muslix? ;)
No, not me. And (to be precise) it's my 2'nd post in here :) In my first I wrote that AACS (BD+ too...) cannot protect against such kind of attack. Just because of the fact that 'software cryptography' is not suitable for such thing as content protection. It needs a strong hardware support.

So, the simplest true is that both companies (InterVideo, CyberLink) have almost nothing to protect players against reversing. It's not their fault, while on PC such protection is just a wild dream...

Again, I'm asking the question: Where's watermarking that Verance has developed for HD/BD content protection? At least on paper it looks like protection against standard Joe or Muslix.

Again, I'm asking the question: Where's watermarking that Verance has developed for HD/BD content protection? At least on paper it looks like protection against standard Joe or Muslix.
That provision is not in the interim AACS agreement.

And no, it is not meant as this sort of protection. A watermark can not protect the content that is in, against these sorts of attacks.

Hope this is not old news or the 3rd link to the news
http://forum.doom9.org/showthread.php?t=119871&page=13

At a time when Bluray is on the ropes, just two weeks before CES, and just a couple weeks after an article on copying Bluray movies with the PS3 - it just sorta "popped out" On the ropes?!? That statement has as much logic as your "article", from which I'll note just a few of your more ridiculous assertions:
1) Coming only two weeks before the 2007 Consumer Electronics Show (CES), at which HD DVD was said to be in a good position for more announcements of support, we consider the "timing" of this action to be highly suspect.In addition, he has done his best to get the maximum publicity for his action by posting videos on youtube and on various forums.This sounds like a schizophrenic conspiracy theory. I'm sure there's no possibility he wasn't just looking to make a name for himself.
3) The "hack" that he has released actually equally affects both HD DVD and Bluray, yet he has only released a version to attack HD DVD.Then why would this be about harming HD-DVD if it actually harms both?
As a defence, he claims to only own an HD DVD player, which would indicate to most that he is an exclusive supporter of the HD DVD format.In a schizophrenic fantasy, sure. Most people would assume he preferred to spend $199 for an Xbox add-on drive rather than $800 for a Blu-ray burner.
8) How did he obtain these key codes? If it was truly through a weakness in a PC player program as he lets others imply, then why did he not indicate how?Perhaps he wants to finish the job he started rather than release everything he knows and end up with someone else taking credit?
11) And finally, why did he choose to write the "tool" in Java? The obvious answer is that it is what he is most comfortable with. Given how close the Java camp and Sun are, as an integral part of the Bluray disc association, it seems to indicate, again, that "Muslix" is not actually an HD DVD supporter, but more likely in the Bluray camp.Or maybe he used Java because is is [b]the most popular programming language on the planet[b]?!? Or because it's taught in virtually every university worldwide? No, that would be far too naive a conclusion to reach. Surely it's because he's sending an obscure message to everyone that Blu-ray ROX and HD-DVD SUX! Hey, RDJam, maybe if you write down every 7th letter in the source code you'll find a secret message from the DVD Forum Steering Committee congratulating you on all you've done for the format!

We're ignoring you right now...

- Yeah, exactly!

- - - ME TOO!

:p

Well now things are really starting to come together!

Not only is rdjam a prolific conspiracy theorist, apparently there's some multiple personality disorder thrown in there as well. ;)

So what I'm getting from the thorough analysis that has been run by all twelve of rdjam, is that...

1) Muslix is a 15-year old American operative hired by the BDA to shake things up for HD DVD before CES. They didn't hire him to actually crack anything either, only to post that he did. Such is the insidious nature of the BDA...

2) He can't spell and it's absolutely *imperetive* to his cover that people think he's in Europe... even though, quite obviously, this pretender is an American. And you know what that means!

3) His claim as to only having an HD DVD add-on is bullsh*t; this guy is extremely well funded by the BDA and has entire rows of both BD and HD DVD drives running constantly

4) On top of it all, this freewheeling maniac uses Java as his calling card... JAVA!

http://www.engadget.com/2007/01/03/what-exactly-does-backuphddvd-do-oh-and-version-1-0-is-release/

This has been both a fascinating and educating thread at the same time. I haven't read through the above story just yet, but maybe the story has some more "legs"...

Robert

All right! For quite some time I had the sneaking feeling that this whole "rdjam" persona and all those hilarious thing posted under it was some kind of elaborate comedic internet performance, but this new "conspiracy theory" is really so far out that surely everyone must get the joke now:



Comedy gold! :)
Damn, I use ignore and he starts turning out good comedy. Life is just not fair. Where was the comedy before? Not done, not cricket.

Every Java developer is now a Blu-Ray supporter and has been placed on rdjam's enemies list. You've been warned.
Makes me rather glad I almost flunked my java module in University. I used to need gallons of Java to stay awake through a Java lecture.

On the ropes?!?
He means 'on the ropes' as in 'relaxing on a hammock'. Freudian slip probably :D

I predict that Muslix64's claims will be neither proved nor disproved before CES.

I also predict those claims will make HD DVD more popular with consumers and less popular with Hollywood, who will again decide they would rather folks did not play movies on PC's. But it will change nothing of the economics of the situation.

- Tom

If it walks like a duck, talks like a duck, and dumps duck cr*p on your head when your about to head out on the town, then it's probably a duck. :p

Sheesh!
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-- Albert Einstein


Diogen.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-- Albert Einstein


Diogen.
Aww, you're too sweet. That wouldn't have been an insult would it...

It's nice that all the Bluray boys are here in this thread expressing their concern - no, truly, it's touching! :p

Aww, you're too sweet. That wouldn't have been an insult would it...Geez...
What did I do to get off your ignore list?
Please tell me, I'd really like to avoid making that mistake again.

"Bluray boys...." If you (and your bro') continue on these forums for another 6 months or so in the same capacity, I might become one.

Diogen.

Similar to the above statement by diogen, a personal narrative (feel free to stop here cos its OT):

When I first came to AVS, I was a massive admirer of VC1 and admired MS for its work on it. I was also an occasional xbox gamer, never having touched a PS2 or gamecube. So, i was definitely not pro-BD. I didnt hate it but I didnt support it over HD-dvd. I came to AVS to learn.

Frankly, I was won over to BD's side due to content, higher capacity and most importantly, the All-in-elegance of the PS3, as announced by Sony back then. That was all from the technical angle.. I still had nothing against HD-dvd, only that I saw better use for my money, given that a choice had to be made.

Personally speaking, I was turned off from HD-dvd by the smoke and mirrors tactics. Most egregious was the "BD50 is science fiction" routine which turned me off MS, frankly. I know its prob not objective but can't help it. Human beings are stone age animals in a digital age world and all that.

Lately (last 6 months), certain hd-dvd supporters became so nauseating that I now have an ignore list of about 40, I reckon and am turned off of HD-dvd quite vehemently in favour of BD. Certain BD supporters are nauseating too and they get blocked, but Imo, its a lesser number. Perhaps thats cos 3/4 of the AVS posters seem to support HD-dvd (as per polls), but my (or anyone else's) emotions cant get normalized..

End OT.


P.S. I lurked for ages before signing up.

P.P.S The point of the above is that from a strictly utilitarian perspective, certain supporters' posts are harming the chances of their format of choice more than helping, primarily due to the hostility and invective thrown around. I have been guilty of it too but I *think* that's only when provoked.. Gandhi I am not.

That provision is not in the interim AACS agreement.

And no, it is not meant as this sort of protection. A watermark can not protect the content that is in, against these sorts of attacks.

Agreed, definitely it cannot protect but makes illegal duplication a bit inconvenient (need to decode content, wipe watermarks out, then re-encode). Better than nothing...

why would you have to wipe out the watermarks?

Lately (last 6 months), certain hd-dvd supporters became so nauseating that I now have an ignore list of about 40, I reckon and am turned off of HD-dvd quite vehemently in favour of BD. Certain BD supporters are nauseating too and they get blocked, but Imo, its a lesser number. Perhaps thats cos 3/4 of the AVS posters seem to support HD-dvd (as per polls), but my (or anyone else's) emotions cant get normalized.. That kinda sounds like putting your fingers in your ears and going "nah nah nah..." I can't hear you... that you dislike hearing any information that you don't agree with or fear being wrong

40 seems a bit excessive for either side, don't you fear missing any of the good parts?

Agreed, definitely it cannot protect but makes illegal duplication a bit inconvenient (need to decode content, wipe watermarks out, then re-encode). Better than nothing...

Again though, you will not be mass replicating these discs without the ROM-Mark equipment. The situation you (and Amir) describe only applies to individual or low-volume burning efforts. The mass piracy remains blocked, unless as suggested before, hacked titles are released as pirated HD DVD presses.

why would you have to wipe out the watermarks?
Player with watermark detector will not play watermarked content from unprotected media. The other way out is to deactivate this detector in player firmware, but it's not that easy (if even possible).

Player with watermark detector will not play watermarked content from unprotected media.IIRC that is for pressed ROM discs only.

IIRC that is for pressed ROM discs only.
Sorry, didn't get about IIRC :confused: What did you mean?

Sorry, didn't get about IIRC :confused: What did you mean?If I Recall Correctly the watermark is used to prevent playback of a stamped (mass produced) BD ROM (that does not have a valid watermark).

I believe there is an audio watermark also, and it's not stamped (the smart way to do it).

And there has to be a way around the stamped watermark, ala Managed Copy.

If I Recall Correctly the watermark is used to prevent playback of a stamped (mass produced) BD ROM (that does not have a valid watermark).Probably you are thinking about ROM Mark.

The watermark would be in the video/audio stream itself, and remain even after decoding. Not that it is happening anytime soon based on what insiders said recently.

If I Recall Correctly the watermark is used to prevent playback of a stamped (mass produced) BD ROM (that does not have a valid watermark).
Then we discuss different kinds of watermaks :D I wrote about warermarks in audio/video stream, which survive even you record on camera set in front of HD monitor.