VideoBusiness (http://www.videobusiness.com/article/CA6403011.html)

DEC. 28 | LIKE SCROOGE SHOWING up at a holiday party, reports surfaced over the Christmas break that AACS—the supposedly unbreakable encryption used on HD DVD and Blu-ray discs—had in fact been broken, by a hacker calling himself Muslix64.

According to the thread he or she started on the Doom9 Forum, Muslix was able to write a Java-based command-line utility for Windows called BackupHDDVD that allowed him to move unencrypted files containing Full Metal Jacket, Van Helsing, Tomb Raider and a handful of other movies to his hard drive.

Muslix even posted a video on YouTube, tauntingly titled “AACS is Unbreakable,” purportedly showing the utility in action.

He/She then released the source code for others to try, complete with FAQ.

The postings set off an orgy of gloating and wild speculation over how the studios might respond to the purported crack on hacker forums, including a prediction that HD DVD studios would now defect to Blu-ray, since the latter format includes the extra BD+ layer of copy-protection.

Yet like Dickens’ story of redemption, the studios have reason for cheer amid the grim holiday tidings.

For one thing, AACS wasn’t really cracked, as that term is commonly understood. Claims to the contrary are based on limited understanding of how AACS was designed to work.

For another, the compromise of a handful of titles now, while the number of discs and players in the market is still insignificant, provides a low-cost, low-risk opportunity to test how well AACS can respond to being compromised.

ACCORDING TO THE DOOM9 postings, Muslix64 was using the USB-enabled HD DVD add-on for his Xbox 360 to view HD DVD discs on his PC, using Cyberlink’s PowerDVD player software.

Using BackupHDDVD, he/she was apparently able to retrieve the title-specific decryption keys from the player memory during playback and then feed them into his/her own decryption procedure as outlined in the public documents available on the AACS Licensing Authority Web site.

The keys themselves apparently remain encrypted, however.

The basic approach with BackupHDDVD is not all that different from DeCSS, the first widely distributed crack of the CSS-encryption used on standard DVDs.

Like BackupHDDVD, DeCSS works by uncovering the decryption keys and using them to create unencrypted files on a hard drive.

In other important ways, however, there is a world of difference between the two scenarios, related to the designs of the respective encryption systems themselves.

CSS relied on a single set of keys that were used to encrypt every DVD and were provided to every DVD player, both hardware and software.

Once those keys were uncovered the first time, the system was fatally compromised. The same utility can be used to rip any DVD for all time.

AACS, on the other hand, was designed specifically to cope with the challenge presented by BackupHDDVD.

Both the PowerDVD player software and the titles themselves carry unique keys, which, if hacked, can be revoked. In principle, the damage can be limited to only those copies of Full Metal Jacket and the others currently in the market and to the PowerDVD player.

THE CHALLENGING PART will be getting the system to work as designed. And here, BackupHDDVD could be a blessing in disguise, giving the studios and software makers a chance to uncover potential bugs in the system while the numbers—and the potential damage—remain small.

First, additional forensic work will have to be done to determine exactly what BackupHDDVD does, to determine exactly where the compromise occurred.

If the player’s keys were indeed compromised, those keys could be “revoked,” meaning all discs pressed from that point forward would be unplayable in the cracked players.

That would have the effect of revoking the players of many people who had done nothing wrong, however, and would actually shield the guilty party or parties from having their players “updated” with new keys.

A more likely scenario is that the player’s existing keys would be revoked at the disc level. New copies of those titles would be replicated using new keys, so that the new discs would not play in the compromised players.

Updated keys for the PowerDVD player could then be distributed via new discs so that innocent owners of PowerDVD can continue to use their players.

How quickly that can all be made to happen, however, and with what degree of due-process for Cyberlink remain unclear. What procedures exist, exist only on paper and have never been tried in the real world.

But the studios might as well find out now, when the damage affects only a few catalog titles and a handful of players.

The postings set off an orgy of gloating and wild speculation .

No S*&^T. Sounds like 90% of the posts on the next gen forums on AVS.

It's easy to migrate files to HDD, you need software to play. As shown on the video.

The postings set off an orgy of gloating and wild speculation .

Yep. Esp by people who had nothing to do with the "cracking" ....

Lets say there are 128 billion different keys. If there are, how in the hell is AACS going to monitor and revoke that many? The math doesn't work. They put 6 million BR Movies into production, 3/4 of the way, they realize the encrytion has been compromised and revoke the key. By that time the new key is uploaded into the software (PC) or Hardware (CE Player), the hackers have what they need to replicate. By then the encrytion has been removed from the film. Its not going to work. When a software crack does become available, PCs will be able to do the math. A current Dual Core can't do it. When we get 6,8 or even 10 core 64 Bit PCs, then the average user will have the horsepower to mathmatically break the encryption.
It will happen and I bet sooner than later!

Lets say there are 128 billion different keys. If there are, how in the hell is AACS going to monitor and revoke that many? The math doesn't work. They put 6 million BR Movies into production, 3/4 of the way, they realize the encrytion has been compromised and revoke the key. By that time the new key is uploaded into the software (PC) or Hardware (CE Player), the hackers have what they need to replicate. By then the encrytion has been removed from the film. Its not going to work. When a software crack does become available, PCs will be able to do the math. A current Dual Core can't do it. When we get 6,8 or even 10 core 64 Bit PCs, then the average user will have the horsepower to mathmatically break the encryption. It will happen and I bet sooner than later!
"The postings set off an orgy of gloating and wild speculation"

Emphasis mine. :rolleyes:

It's funny. Twice in the other thread, so gleefully started by a BD fanboy I might add, I specifically asked for proof that this "hack" allowed the hacker to burn the movie to an HD DVD and play it in a standalone player.

Twice that was ignored.

Mainly because of course there is no such proof. And instead of realizing it's a real-world difference between copying the files and playing it on your PC, and making and playing backups on your Toshiba or Xbox 360, the BD fanboys continued to argue the technical specs of BD+ and carry on like HD DVD was finally at it's death knell.

Just what we need, yet another thread on AACS issues. This one adds little info that isn't already known and widely discussed in the other umpteen threads.
Mods need to close and/or combine all into one thread.

If the title wasn't cracked, and merely the necessary decryption keys obtained an reused, how would this have affected BD?

With the protection intact, wouldn't the BD player have looked for the ROM-Mark? This wouldn't have existed on an HDD or disc based copy.

Gary

This is so stupid in my opinion. New keys in disc or player will not work. As long as the "new" player can play the "new" disc. The "new" keys will be found!.

You cannot hide this fact. All you have to do is to sniff the key from memory when the movie is playing and voila you get your key.

You can change it a million times and it won't matter.

So you don't need to crack the AACS code to copy movies as the title implies.

As I said before stupid!

agree with Gary. Even though it does not seem that AACS is hacked, for all intense and purposes if it is as described above it is a big hit for HD DVD and one that shows the importance of the BD rom mark in anti piracy. Even if playback SW is fixed to not show the files, the trick is out of the bag now. And unless someone builds SW for HD DVD that can differentiate between ROM, non-ROM disks and HDD if people can make unlimited illegal copies to the studio it is the same thing.

The amount of FUD spread is insane.

First of all there was no hacking on the encryption. The software was designed piss poor. The real world analogy would be a massive bank vault with the combination placed in plain view. There was no excuse for PowerDVD making such a stupid mistake. Encryption keys can and will be better protected.

Second BD-ROM Mark would not have prevented this "hack". The drive would have detected a valid ROM Mark and begun the hardware level decryption. The AACS stream would have been passed to the player and then the title key would have been grabbed. Same exact outcome. One the title is decrypted and stored on a HDD it can be burned to EITHER BD-R or HD DVD-R. Both systems would simply look at the recordable disc as a user created disc and playback without issue.

Lastly 128bit encryption has 2^128 possible values (not 128 billion). Brute force simply will not work on AACS (which is based on AES). Given a computer than can try 1 trillion possible values per second (well beyond current computational abilities) a computer would need 5,395,141,535,403,010,000 years working 24/7 to try just 50% of the possible codes. Given a network of 1 million such computers (each trying 1 trillion codes per second) it would take still nearly 5 billion years just to try half the possible solutions. If AES can be cracked on a home PC in our lifetime we have some huge problems. AES is used to protect everything from banking interchanges, nuclear missle launch codes, and classified documents.

Let's get the facts straight before this thread goes any further. This is not a hack of AACS rather it shows a sloppy implementation by a vendor. AACS was designed to heal around such an issue. First a new version of powedvd will be created. This version will protect the cryptographic data. Next a new AACS device key will be created for the new version. Next the old version's device key will be added to the blacklist. The old version will not be able to decrypt future movie releases.

The only titles affected are the 150 or so HD DVD titles (plus any currently in the pipeline). If the exploit affects the BD version also (which we don't know yet) then it would affect the 100 or so BD titles. All future titles can be protected by creating a new version of the software that solves this flaw. Even the at most 250 affected titles can be encrypted with new title keys and new device keys which would prevent their decryption on the old software. Once the movies who have their title keys revealed have sold out and/or recalled by the studios they will be replaced with the same movie having new titles keys and a new device blacklist.

This is exactly the kind of issue that AACS was designed to handle. If handled quickly and properly it can show the studios that AACS is indeed robust enough to handle exploits from faulty software.

You're swimming upstream. Facts and logic have little impact when the BR spin machine is in full force. The now 12-page thread above is a textbook example of a strawman argument perpetrated by the BR crowd. You have some of BR's biggest cheerleaders jumping for joy shouting "This is the end of HD-DVD! Yaaaaaay!"...

Why let facts get in the way of a good story?

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.

First of all there was no hacking on the encryption. The software was designed piss poor. The real world analogy would be a massive bank vault with the combination placed in plain view. There was no excuse for PowerDVD making such a stupid mistake. Encryption keys can and will be better protected.


Agree, but who talked about a hack? The guy (due to PowerDVD) found out how to make good copies. These copies even though illegal look good to any player because everything is in order

Second BD-ROM Mark would not have prevented this "hack". The drive would have detected a valid ROM Mark and begun the hardware level decryption. The AACS stream would have been passed to the player and then the title key would have been grabbed. Same exact outcome. One the title is decrypted and stored on a HDD it can be burned to EITHER BD-R or HD DVD-R. Both systems would simply look at the recordable disc as a user created disc and playback without issue.

no, the copied content is encrypted BD. Unless someone creates a fake BD SW any SW (like PowerDVD) will need to look for the BD rom , not find it on the HDD copy or the BD-R copy or the HD DVD copy (if HD DVD had a burner) or DVD copy.


Lastly 128bit encryption has 2^128 possible values (not 128 billion). Brute force simply will not work on AACS (which is based on AES). Given a computer than can try 1 trillion possible values per second (well beyond current computational abilities) a computer would need 5,395,141,535,403,010,000 years working 24/7 to try just 50% of the possible codes. Given a network of 1 million such computers (each trying 1 trillion codes per second) it would take still nearly 5 billion years just to try half the possible solutions. If AES can be cracked on a home PC in our lifetime we have some huge problems. AES is used to protect everything from banking interchanges, nuclear missle launch codes, and classified documents.

Who said anything about hacking AACS. CSS was also not hacked, one guy found one key and built a SW player that decrypts the content with an illegal key.


Let's get the facts straight before this thread goes any further. This is not a hack of AACS rather it shows a sloppy implementation by a vendor. AACS was designed to heal around such an issue. First a new version of powedvd will be created. This version will protect the cryptographic data. Next a new AACS device key will be created for the new version. Next the old version's device key will be added to the blacklist. The old version will not be able to decrypt future movie releases.

Agree, but before anything else all the keys for all the HD DVD movies can be had. So any one for all existing HD DVD movies until the point when the powerDVD key is revoked are compromised. AACS also has a procedure. The key can’t be revoked for several months.

The only titles affected are the 150 or so HD DVD titles (plus any currently in the pipeline). If the exploit affects the BD version also (which we don't know yet) then it would affect the 100 or so BD titles. All future titles can be protected by creating a new version of the software that solves this flaw. Even the at most 250 affected titles can be encrypted with new title keys and new device keys which would prevent their decryption on the old software. Once the movies who have their title keys revealed have sold out and/or recalled by the studios they will be replaced with the same movie having new titles keys and a new device blacklist.

1) agree it is obvious for movies that will be out before revocation
2) disagree on BDs, the ROM mark won’t be there so every BD player should dismiss them
3) the movies who’s keys are stolen on HD DVD become public domain even if the SW player is fixed
4) even if the SW player is fixed and the same trick can’t be used. A lot more is known about AACS and hackers know exactly where the weakest link lies.
5) What you and every other person that dismisses it as not a hack so not important is missing is that this shows how problematic it can get depending only on AACS. Yes this happened in 2006 with barely over 100 titles but what if it happens when there are 1000, 10000? This can re-happen at any time from the creator of any legitimate SW vendor.

This is exactly the kind of issue that AACS was designed to handle. If handled quickly and properly it can show the studios that AACS is indeed robust enough to handle exploits from faulty software.

It is not up to AACS but Power DVD. AACS can revoke the player, but there is the red tape. Someone needs to raise the issue in front of the board, then Power DVD needs to have the time to formulate the plan (AACS Rules) then AACS needs to give them the time to fix the issue. The only good thing is if PowerDVD comes out with a fast fix and then they can ask AACS to revoke (early on) the key to force the upgrade on their customers (revocation and renewal). Because AACS can't react fast, their hands are tied

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.

why is it in my interest that others make illigal copies?

Who said anything about hacking AACS. CSS was also not hacked, one guy found one key and built a SW player that decrypts the content with an illegal key.
Well, the important difference is that CSS is compromised forever. AACS isn't. Also, CSS is vulnerable to brute force hacks, as it only uses 40-bit encryption.


Agree, but before anything else all the keys for all the HD DVD movies can be had.
New printings of the discs would use new keys.

Anyways I think the biggest mistake here is that the DVD Forum (and Blu-ray Alliance) didn't try to hack PowerDVD (or WinDVD) themselves as soon as they got a copy. I guess they trusted that company's QA a little too much.

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.You're peddling propaganda.

And you should take a look at Windows Vista sometime before you get all high-and-mighty about one of the primary companies pushing HD-DVD.

You're peddling propaganda.

And you should take a look at Windows Vista sometime before you get all high-and-mighty about one of the primary companies pushing HD-DVD.

This statement is ludicrous. Microsoft didn't make Vista secure to screw over consumers of high-def optical formats, they made it secure to prevent the daily holes and exploits in XP which require 5-6 patches every single month. Get a clue.

The person peddling propaganda here isn't me.

Well, the important difference is that CSS is compromised forever. AACS isn't. Also, CSS is vulnerable to brute force hacks, as it only uses 40-bit encryption.

but that was not how CSS was hacked. As for ACSS no one knows. It is not even a matter of broken for ever but one o0f it happened once it can happen again. In essence it is not one insane studio called Fox saying “I don’t trust AACS and someone might be able to circumvent it” but proof it6 can be done. Even if this one hole is plugged don’t you think even in the mind of others it is now “what if happens again?”

New printings of the discs would use new keys.[quote]

maybe, maybe not. It is irrelevant. Those disks (and any other ones until Power DVD is fixed are now public, anyone that uses the technique can make limitless copies of the movie and distribute it. And the movie keys can’t be revoked. In a way there is no reason to make copies with new keys, the people that will buy won’t make copies and the people that will DL copies won’t buy.
[quote]
Anyways I think the biggest mistake here is that the DVD Forum (and Blu-ray Alliance) didn't try to hack PowerDVD (or WinDVD) themselves as soon as they got a copy. I guess they trusted that company's QA a little too much.
The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.

I now own both formats... but I refuse to drink the Blu KoolAid that makes fanatics delusional.

If you're referring to the Jonestown massacre, it was actually FlavorAid....not Kool-Aid.

The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.
Every SW player? You mean all 2 of them?

There still has been zero confirmation from any 3rd party that any title keys have been compromised.

It would be funny if this was a hoax.

OK I will make this short and simple because it seems logic doesn't work well for BD fanboys.

1) Rom mark only works for ROMS. BD players don't look for a "ROM Mark" when you insert a BD-R or BD-RE

So if the BD version of the same software has the same flaw then BD offers NO protection beyond HD DVD against this exploit. We will have to wait and see if the BD version uses the same flawed AACS routines that the HD DVD version does. Since code sharing and reuse is not only common but favored in large software development this is rather likely.

The same exploit can be applied to a BD Disc.
Step 1)Insert valid BD ROM. Drive verified ROM-Mark and allows playback.
Step 2)Drive passes encrypted keys and encrypted data stream to player
Step 3)Player uses it's device key to decrypt the title key
Step 4)Player stupidly keeps the decrypted title key in memory
Step 5)"hacker" uses memory dump or debugger to grab BD title key

Now a simple modification of the author's source code allows for the creation of a BD Decrypter. Output is a decrypted version of the BD files.

Once the files are decrypted free and clear they can be uploaded to p2p, stored on HDD, burned to HD DVD, burned to BD-RE, etc.

ROM MARK does nothing to stop casual piracy. ROM Mark would prevent a comercial pirate from taking that decrypted movie and using a production line to stamp out fake BD-ROMs. Since these BD-ROMs would be missing the ROM-Mark the drive would not allow playback.

Let me say it one more time just in case it is confusing.
Any BD title without BD+ (which is 100% so far) can be exploited and decrypted the very same way as this HD DVD title. Once decrypted free and clear there is NOTHING in either format to prevent distribution (except by BD-ROM).

Give me a break. I've seen HD-DVD zealots yacking on about how HD-DVD has 'won' now because of this hack - the ability to steal content seems to be what will tip most people over the edge in this 'war'.

Don't act like this is a one sided thing - there are giant idiots on both sides of the coin.

That said, this 'hack' does allow exactly what you are asking for. The data is decrypted and can be burnt to any disc with enough capacity to hold it. Having burnt my own HD-DVD discs, I can say this with some authority.

Consider yourself no longer ignored.

How much are blank HD DVD discs? Aren't they more than the cost of the movie?

This is funny.

Both formats SUCK for consumers. You're basically trying to justify your bias by saying "i got stabbed once, but you got stabbed twice so that's A LOT worse". Both of us got stabbed, dude.

You also have to remember that we're in the middle of a totally idiotic format war here... both Toshiba and the BDA (Blu-ray is NOT a Sony format - tell that to Pioneer with all the R&D money they've spent) have effectively screwed us over.

And you have the nerve to call anyone else a fanboy?

It never ends with you people.

I'll take the single knife wound over two knife wounds any day myself, thank you very much.

So, which format are you supporting? Are you putting your money where your mouth is and refusing to purchase either format, sticking with regular DVDs? Because if you have purchased either HD DVD or Blu-Ray, then guess what, you're just a giant hypocrite and should shut up right now.

You mean, 1?

Toshiba manufactured the 360 add-on. Yes, the software is MS.. so we'll call it 1.5. :)
Not true. There is no software to playback HD DVD in the 360 drive. Only the hardware. The software is in the console.

OK I will make this short and simple because it seems logic doesn't work well for BD fanboys.

1) Rom mark only works for ROMS. BD players don't look for a "ROM Mark" when you insert a BD-R or BD-RE

So if the BD version of the same software has the same flaw then BD offers NO protection beyond HD DVD against this exploit. We will have to wait and see if the BD version uses the same flawed AACS routines that the HD DVD version does. Since code sharing and reuse is not only common but favored in large software development this is rather likely.

The same exploit can be applied to a BD Disc.
Step 1)Insert valid BD ROM. Drive verified ROM-Mark and allows playback.
Step 2)Drive passes encrypted keys and encrypted data stream to player
Step 3)Player uses it's device key to decrypt the title key
Step 4)Player stupidly keeps the decrypted title key in memory
Step 5)"hacker" uses memory dump or debugger to grab BD title key

Now a simple modification of the author's source code allows for the creation of a BD Decrypter. Output is a decrypted version of the BD files.

Once the files are decrypted free and clear they can be uploaded to p2p, stored on HDD, burned to HD DVD, burned to BD-RE, etc.

ROM MARK does nothing to stop casual piracy. ROM Mark would prevent a comercial pirate from taking that decrypted movie and using a production line to stamp out fake BD-ROMs. Since these BD-ROMs would be missing the ROM-Mark the drive would not allow playback.

Let me say it one more time just in case it is confusing.
Any BD title without BD+ (which is 100% so far) can be exploited and decrypted the very same way as this HD DVD title. Once decrypted free and clear there is NOTHING in either format to prevent distribution (except by BD-ROM).


thanks for the clarification.

Yes, that's what I meant. Either way, my point was that Toshiba, to the best of my knowledge, is currently the only company manufacturing HD-DVD hardware.
NEC manufactured the drive in the Toshiba HD-A1. Liteon manufactures the drives for HP and has been contracted to build drives for MS.

The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.

Yep we have all this digital mayhem as proof to that.

article in New York Times today about this:

Studios’ DVDs Face a Crack in Security


By JOHN MARKOFF
Published: January 1, 2007

snippet:

"If the HD-DVD protection system has indeed been compromised, it was not immediately clear which camp would benefit most directly.

Some posters in Internet discussion groups have argued that the cracking of HD-DVD may increase the popularity of the system among consumers eager to make copies of movies they have purchased.

At the same time, a weakened encryption system could undermine studio support, causing some to turn to the Blu-ray technology instead and giving the Blu-ray group an advantage in offering a wider range of content."

Just FYI guys.

In the original forum where the news of the AACS crack claim was placed, there is starting to be more and more doubts on the validity of the claim.

First the software version used 6.5 is OEM, and not in general release anymore, and cannot be readily downloaded.

Next noone can find the keys to use, even trying his memory dump techniques.

In short in the past week, no one can replicate his results, and here are some recent comments about it.

http://forum.doom9.org/showthread.php?t=119871&page=8

Each day that goes on without someone else actually providing a key or at least confirming spotting one makes me more skeptical this is real.
I am afraid you are not understanding...once this version of PowerDVD is blacklisted it won't work anymore with newer released titles. The newer released HD-DVDs will know that this version of powerDVD has been compromised and will refuse to work. You either update to a newer version of powerDVD or you are stuck with only be able to play the old (150 or so HD-DVD) titles that have come out up to now. I've got the 360 HDDVD drive in hand. In the youtube video it shows that he is using powerDVD 6.5 . I'm only finding 7.0 online. Should I try to find 6.5 or go with 7.0? Am I the only one who thinks this was a hoax? But you cannot playback FROM HD, right ? Now I'm starting to think that video (on tube) might be... fake. BTW , the original poster has not posted anywhere again since his announcement post.....

Just FYI guys.

In the original forum where the news of the AACS crack claim was placed, there is starting to be more and more doubts on the validity of the claim.

First the software version used 6.5 is OEM, and not in general release anymore, and cannot be readily downloaded.

Next noone can find the keys to use, even trying his memory dump techniques.

In short in the past week, no one can replicate his results, and here are some recent comments about it.

http://forum.doom9.org/showthread.php?t=119871&page=8


BTW , the original poster has not posted anywhere again since his announcement post.....
Lots of people have the 6.5 software.

Just FYI guys.

In the original forum where the news of the AACS crack claim was placed, there is starting to be more and more doubts on the validity of the claim.

First the software version used 6.5 is OEM, and not in general release anymore, and cannot be readily downloaded.

Next noone can find the keys to use, even trying his memory dump techniques.

In short in the past week, no one can replicate his results, and here are some recent comments about it.

http://forum.doom9.org/showthread.php?t=119871&page=8


BTW , the original poster has not posted anywhere again since his announcement post.....

You know, when I originally read about AACS being cracked a couple of days ago and watched the video.... I was never convinced that the video proved a damn thing. People all immediately jumped the gun and in some cases believe everything they see and hear on the internet with little to no hard evidence. Him typing in DOS mode with his "backupHDDVD" was unimpressive as I could create a simple backupHDDVD batch file to show the same thing when in reality it would do nothing.

The only hard evidence (for me anyway) is if people can replicate what this guy supposedly has done. I'm still waiting. I'm surprised I haven't heard more people call this out as a hoax considering the timing of the post and his youtube flick.... a couple of weeks before the 2007 CES, interesting to say the least.

Also, funnily he never published the title keys ... may be FBI will get him before he comes out with all the details ....

Lots of people have the 6.5 software.
Lots of people will have to upgrade their 6.5 software.

I just find it surprising that noone has posted saying they can replicate his results.

or use his technique to find the results in memory.

or that he hasn't posted again, even someone claiming to be him under a different alias.

Lots of people have the 6.5 software.

But enough to make this a country-wide piracy epidemic that would shift the balance of power in the HD disc war?

But enough to make this a country-wide piracy epidemic that would shift the balance of power in the HD disc war?

The Cyberlink Power DVD 6.5 software was only shipped as an OEM release with HD DVD drives. It was not sold as a standalone release.

The cracker said he was using a Xbox 360 drive. Why would he do this if he already had a HD DVD drive?

Or if he already had a copy of Power DVD 6.5 or got it from a waerz site, wouldn't he just be able to play the film clip straight from the disc? If you look at the youtube video, the windows titlebar for the running application is blurred out.

All the posted application does without the keys is transfer the encrypted files to the harddrive.

You could make up the video without even having be able to actually run the decrypted files, the video playback could be just watching legimate playback on a PC through a HD DVD drive, (or the Xbox 360 add on ??) wit the HD DVD still in the drive.

But enough to make this a country-wide piracy epidemic that would shift the balance of power in the HD disc war?
No, but I didn't say it would. I was just implying his posting of that quote* of a person saying they couldn't find the 6.5 version has absolutely no bearing on whether or not this AACS workaround is real.

*"I've got the 360 HDDVD drive in hand. In the youtube video it shows that he is using powerDVD 6.5 . I'm only finding 7.0 online. Should I try to find 6.5 or go with 7.0?"


The cracker said he was using a Xbox 360 drive. Why would he do this if he already had a HD DVD drive?
Why not? And anyways, I suspect he may have gotten an "evaluation copy" of it.

Or if he already had a copy of Power DVD 6.5 or got it from a waerz site, wouldn't he just be able to play the film clip straight from the disc?
Yes, but this was a hack post after all. Not very people would be interested if he posted: "Hey I got PowerDVD 6.5 and I can play HD DVD! OMG!"

All the posted application does without the keys is transfer the encrypted files to the harddrive.
The implication is that the files are decrypted on his hard drive.

You could make up the video without even having be able to actually run the decrypted files, the video playback could be just watching legimate playback on a PC through a HD DVD drive, (or the Xbox 360 add on ??) wit the HD DVD still in the drive.
Yes, the video could be fake, but I don't think your reasons prove anything either way.

Yes, but this was a hack post after all. Not very people would be interested if he posted: "Hey I got PowerDVD 6.5 and I can play HD DVD! OMG!" My point was that he could have created his video without him even being able to do what he is claiming.

It could still be a hoax.

My point was that he could have created his video without him even being able to do what he is claiming.

It could still be a hoax.
Yes, it could. However, you haven't discredited his video at all, so as far as we know, it could also be real.

The implication is that the files are decrypted on his hard drive. Yes if the title keys are placed in his input file before the program is run. If the keys are not placed there, all his application does ( and the video shows) is copy the encrypted files onto the harddrive with decyrpting them.

Yes, it could. However, you haven't discredited his video at all, so as far as we know, it could also be real. Yep it could be.

But the more time passes, the chance that it was a hoax increases.

BTW, I still think this was a real vulnerabilty, what he did was real and could be duplicated by a early version of one of the two software players. But the distribution of those players is limited and the practicable effect of this will be small. I'm just finding it curious that no one else is claiming they can duplicate the feat after a week. Thats unusual for this kind of thing.

What I find amusing is the fact that there are posts out there from n00bs thinking that we're gonna have top quality 1080p reencodes on torrent sites that will fit on a DVD-R or something using DivX. I guess people don't quite understand the point of H.264 & VC-1 on HD DVD & Blu-ray. :p

That said, we could start seeing 4-8 GB 720p reencodes showing up nonetheless, using H.264, DivX, or WMV.

That is, if anyone can replicate this so-called workaround.

What I find amusing is the fact that there are posts out there from n00bs thinking that we're gonna have top quality 1080p reencodes on torrent sites that will fit on a DVD-R or something using DivX. I guess people don't quite understand the point of H.264 & VC-1 on HD DVD & Blu-ray. :p

That said, we could start seeing 4-8 GB 720p reencodes showing up nonetheless, using H.264, DivX, or WMV.

That is, if anyone can replicate this so-called workaround.

What? Are you indicating that we will be able to get an encoded copy of the original encoded copy to fit on a 9GB disc. Wow, that video must be awesome!! :rolleyes:

What? Are you indicating that we will be able to get an encoded copy of the original encoded copy to fit on a 9GB disc. Wow, that video must be awesome!! :rolleyes:
Actually, the Xbox 360 720p HD movie download for the 2h12 minute long V for Vendetta is only about 6 GB.

http://www.blogsmithmedia.com/www.engadget.com/media/2006/11/xbox_vod_17.jpg

Not the same quality as HD DVD, but definitely good enough for bootlegged videos.

What I find amusing is the fact that there are posts out there from n00bs thinking that we're gonna have top quality 1080p reencodes on torrent sites that will fit on a DVD-R or something using DivX.

Not so noobish. Using x264 you can get 2 hours of 9mbit video with Dolby Digital in 8.5GB. As computer playback allows more heavy compression (hd-dvd limitations aren't actually that severe), you can get terrific quality in that. Obviously you'll struggle with longer movies, and it's not going to be exactly the same as a typical HD-DVD (12-15mbit), but the quality will be pretty close for many discs.

Also, if you have a 720p display just re-encode to that, and you'll get utterly minimal quality loss as 9mbit is a very light compress.

Not so noobish. Using x264 you can get 2 hours of 9mbit video with Dolby Digital in 8.5GB. As computer playback allows more heavy compression (hd-dvd limitations aren't actually that severe), you can get terrific quality in that. Obviously you'll struggle with longer movies, and it's not going to be exactly the same as a typical HD-DVD (12-15mbit), but the quality will be pretty close for many discs.
It will be relatively good, but 1080p 9 Mbps x264 won't be in the same league as HD DVD by a long shot.

BTW, home brew x264 is not as good as commercial VC-1 at the same bitrate.

Also, if you have a 720p display just re-encode to that, and you'll get utterly minimal quality loss as 9mbit is a very light compress.
Well, I already said that. ;) 720p encodes would make for a perfect way for people to distribute HD content illegally. One could get a short 720p movie onto a DVD-5, even if it would be more compressed than most AVSers would like.

Cyberlink Responds to Alleged AACS Crack (http://msmvps.com/blogs/chrisl/archive/2007/01/02/463980.aspx)

With the HD DVD AACS Crack/Hack that supposedly happened last week, I said that Cyberlink would most likely issue some additional information on the matter. I just got an e-mail from the people at Cyberlink with some great information. Above all, Cyberlink is sure PowerDVD's implementation of AACS fully protects HD DVD contents.

First of all, PowerDVD complies to AACS compliance rules to ensure HD DVD contents are fully protected. Cyberlink is confident that PowerDVD fully protects HD DVD contents.
Secondly, PowerDVD does not keep "Title Keys" in system memory. Cyberlink is not sure how the user got the Title Key and notes that the released tool nor the video on YouTube provides the information on obtaining the Titles Keys.
Thirdly, there are no evidences that the user is using PowerDVD to hack/crack HD DVD video content. He or she was simply using PowerDVD to playback the video that was ripped with other software. PowerDVD supports evo video file format playback.
Overall, it doesn’t look like AACS or Cyberlink have found any faults in PowerDVD. So, at this point no updates will be issued for PowerDVD and the verdict is still out on whether or not additional playback software was used to obtain the Title Keys. No one has yet to prove that the keys can be obtained through a memory dump or any other methods.

Yet again, AACS wasn’t cracked/hacked and the one piece of the puzzle for obtaining the Title Keys doesn’t appear to add up.

Thanks goes out to Cyberlink for the information.

I'm thinking hoax. People will do anything for attention. Someone would have duplicated this by now and be very proud of themselves for having done so, and would post it somewhere. It's awfully suspicious that hasn't happened yet.

Elaborate hoax...

By an anonymous person...

Focused against HD DVD...

Just before CES...

Hmmmm...

Elaborate hoax...

By an anonymous person...

Focused against HD DVD...

Just before CES...

Hmmmm...

I'm right there with you. And where is the updated version on Jan 2? It's getting near the end of the day.

I'm also fairly certain that SOMEONE else would have got this to work by now. 7 weeks to duplicate something in the hacker community with hints and videos would have been done by now.

Chris

Elaborate hoax...

By an anonymous person...

Focused against HD DVD...

Just before CES...

Hmmmm...

If a hoax I wouldn't put it past Sony to do something like this. They have the means and the motive, regardless of the fact that no Blu-Ray movie disc contains any additional 'protection'.

This was posted on doom9 by muslix64 a little while ago:

I spent the last few days reading a lot of articles on BackupHDDVD, reading a lot of people's post/comments on various websites.

This is the time to set the record straight about this new tool and what the impacts are.

First I need to clarify some points.

Revocation:

In the AACS system, there is 4 types of revocation:
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation

There is no such thing as "title key revocation" and "volume key revocation"

-------------

Now, here is a list of affirmations I have seen lately.


Affirmation 1: You did not break AACS, just the player

My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.
Not that bad...


Affirmation 2: The BackupHDDVD circumvention tool won't last long

My comment: As long as insecure players will exist, it will last...
And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.
And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!


Affirmation 3: The keys can easily be revoked.

My comment: What keys are you talking about?
As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...


So what is the AACS revocation system good at?
It is good for that scenario:
Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.


Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.

My comment: BackupHDDVD is a proof of concept.

Picture this:
Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.
Or they can send the keydb.cfg file on P2P networks (**********, E-Mule, etc..)
See the problem now?


Affirmation 5: You can extract keys from software player on personal computer but not on hardware player.

My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)



Conclusion:

The attack I describe in "Affirmation 4", is not here yet, but it's coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.

To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don't know about the manufacturing process of the disk. This solution may not be possible.

The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every "pressing" of a movie.

When they design AACS, they assume people will look for the device keys. I don't care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.

There is 3 important things in cryptography:

1-Private key protection
2-Private key protection
3-Private key protection


Did I break AACS? I don't know. What do you think?

He admitted, "I did not break AACS" and then says he doesn't know if he broke AACS. Bottom line: he did not break AACS.

His "Affirmation 2" and "Affirmation 3" are interesting.

Indeed, if only the title keys are released along with an AACS decryption engine like what he released (well, the AACS decryption spec/algorithm IS public), it would be difficult for AACS to pin-point the insecure player or how that insecure player was attacked.

Well, so far, we do not have that many software players and he did say which version of a player he used. So, that will make the job easier for AACS although it's not clear still how to scan for the memory for the title keys.

But his scenario IS interesting. If the attackers just release the title keys, it might take AACS a long time to find the insecure player, to confirm the attack and to issue a revocation.

Edit: Well, it seems that Cyberlink's official position currently is that they think their software is adhering to the AACS spec and do not know how the attacker retrieved the title keys (or they said the attacker did not explain how he/she did it :p). The only thing this attacker needs is just one title key released somewhere. Then we know a HD DVD player is not completely following AACS. Maybe the attacker will wait until he gets all 163 title keys using NetFlix or something...

Hong.

From the AACS spec:

Media Key
A key that is used to unlock the Title Keys stored on a media that contains Titles protected by AACS. The Media Key can be computed by successfully processing a MKB.

Media Key Block (MKB)
A critical component of the subset difference tree key management system. The MKB is a data block that provides access to a common key (Media Key) that can be accessed by any device that contains the necessary secret keys and has not been revoked. Refer to Chapter 3 for additional details.

If you check out Chapter 3, I suspect that if I were to go after this one, I'd start searching PowerDVD and/or WinDVD for strings of 0123456789ABCDEFH. ;)

Cheers!
MarkF

If you check out Chapter 3, I suspect that if I were to go after this one, I'd start searching PowerDVD and/or WinDVD for strings of 0123456789ABCDEFH. ;)

Cheers!
MarkF

Or in binary you could just search for strings of 1's and 0's. ;)

- Tom

Hi, Tom!

I actually wasn't kidding about that pattern! To peek at a little bit of the spec again (from Chapter 3 of the common section of the spec):A properly formatted MKB shall have exactly one Verify Media Key Record. It shall precede the Explicit Subset Difference Record, the Subset Difference Index Record, and the Media Key Data Record, although it may not immediately precede them. Bytes 4 through 19 of the Record contain the ciphertext value

Dv = AES-128E (Km, 0123456789ABCDEF16 || XXXXXXXXXXXXXXXX16)

where XXXXXXXXXXXXXXXX16 is an arbitrary 8-byte value, and Km is the correct final Media Key value. The presence of the Verify Media Key Record in an MKB is mandatory. The device may use the Verify Media Key Record to verify the correctness of a given MKB, or of its processing of it. If everything is correct, the device should observe the condition:

[AES_128D(Km, Dv)]msb_64 == 0123456789ABCDEF16

where Km is the Media Key value.Hmmm... where's the DEADBEEF16? :)

Cheers!
MarkF

Hi, Tom!

I actually wasn't kidding about that pattern! To peek at a little bit of the spec again (from Chapter 3 of the common section of the spec):Hmmm... where's the DEADBEEF16? :)

Cheers!
MarkF

Darn! I was sure you were joking since ALL memory is full of those hex characters. I hadn't realized they had enclosed a helpful constant that (without obfuscation techniques) you could search for in code. ;)

I guess I'll have to sit down and really study the AACS spec one of these days.

- Tom

Lets face it and be serious.

soon or later both formats gets cracked, its FACT!
so all this discoussion about "AACS got cracked" ect is senseless...

i remember there was a same discoussion when the DVD got out :)
its impossible to safe movies from beeing copyed for good.

Dont your agree with that?

Lets face it and be serious.

soon or later both formats gets cracked, its FACT!
so all this discoussion about "AACS got cracked" ect is senseless...

i remember there was a same discoussion when the DVD got out :)
its impossible to safe movies from beeing copyed for good.

Dont your agree with that?

will it?

ohh but of course!!

has it happened. Nope.

and here are my thoguhts on this situation as it stands right now.

I did a heck of a lot of reading yesterday.

the problem is not going to be the volume key. As that is per disc family anyway and is updated as much as by each run for some studios. The issue, everyone is so caught up on and hyped up about the volume key that they are running through and falling into the tiger traps (Device Keys). Seeing as this "crack" is being done by the Xbox HD-DVD connected to a PC. It is highly possibly (and most likely scenario) that they will blacklist ALL xbox360 HD-DVD drives connected to the pc as the AACS still has that provision in place in thier Interim License agreement (finalization happens Jan 31, 2007). Guess what that will make all those Xbox360 HD-DVD player? Big expensive dvd players when connected to a pc and that is about it as the HD-DVD player must read the bootup code of the HD-DVD and the minute it goes into AACS mode it WILL get disabled thanks to the update. The only time they will be good for HD-DVD is when they are connected to Xbox360 and then that is downloading the keys from XboxLive.

The more this continues the more this seems like they were hoping this would happen. Ie , looks like they have been "had" boys!

This might setback software players on PCs for a while.

Muslix64 explains it well, hackers like carjackers will go after the easiest targets --- the weakest links in the chains. If the volume keys are that easy to get from PowerDVD 6.5, then even if 6.6 or 7.0 protects it better, the path to take for attacks by competent system programmers is clear.

Anyone knows if powerDVD 6.6/7 will load even if a kernel debugger is loaded in the system?

will it?

ohh but of course!!

has it happened. Nope.

and here are my thoguhts on this situation as it stands right now.

I did a heck of a lot of reading yesterday.

the problem is not going to be the volume key. As that is per disc family anyway and is updated as much as by each run for some studios. The issue, everyone is so caught up on and hyped up about the volume key that they are running through and falling into the tiger traps (Device Keys). Seeing as this "crack" is being done by the Xbox HD-DVD connected to a PC. It is highly possibly (and most likely scenario) that they will blacklist ALL xbox360 HD-DVD drives connected to the pc as the AACS still has that provision in place in thier Interim License agreement (finalization happens Jan 31, 2007). Guess what that will make all those Xbox360 HD-DVD player? Big expensive dvd players when connected to a pc and that is about it as the HD-DVD player must read the bootup code of the HD-DVD and the minute it goes into AACS mode it WILL get disabled thanks to the update. The only time they will be good for HD-DVD is when they are connected to Xbox360 and then that is downloading the keys from XboxLive.

The more this continues the more this seems like they were hoping this would happen. Ie , looks like they have been "had" boys!

Whoa, wait a minute here, AACS is not in the xbox360 hd-dvd players is it? I thought the elliptical curve is done all in software. Is part of the AACS actually within the drive itself?

Whoa, wait a minute here, AACS is not in the xbox360 hd-dvd players is it? I thought the elliptical curve is done all in software. Is part of the AACS actually within the drive itself?


actually

for HD-DVD to work it IS part of AACS :)



A Player shall enter into AACS Mode before executing its boot sequence if and only if it decides that a Disc to be played back is an AACS Disc.


An AACS-Compliant HD DVD-ROM/DVD-ROM drive may support commands for format layer-change, which enable to change the format for a hybrid disc, i.e. an HD DVD-ROM/DVD-ROM Twin Format Disc, without disc ejection or power-off. Note that, however, from the viewpoint of the AACS content protection scheme, format layer-change from a layer which is protected by AACS to a layer which is not
protected by AACS shall be regarded as disc ejection, even if no disc ejection is in fact occurred at the format layer-change. See the AACS Introduction and Common Cryptographic Elements for the drive behavior at disc ejection.


AACS specification is applicable to a PC-based system. In such a system, a drive and PC host act together as the Recording Device and/or Playback Device for AACS protected content. Note that a new, robust and renewable form of drive authentication is introduced; recording or playback of AACS protected content is not permitted using drives that only support authentication associated with the Content Scramble System (CSS) for DVD-Video. The procedure for recording or playback of the content is the same as described in relevant document of AACS specification, except for additional steps that are required for the host to read and verify the integrity of the Volume Identifier, Pre-recorded Media Serial Number, Media Identifier and Protected Area Data values it receives from the drive, and to ensure the Protected Area Data is securely written to the media.



Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys maybe different in different media types. These Device Keys, referred to as Kd_i (i=0,1,…,n-1), are provided by AACS LA, and are used by the device to process the MKB to calculate Km. The set of Device Keys may either be unique per device, or used commonly by multiple devices. The license agreement describes details and requirements associated with these two alternatives. A device shall treat its Device Keys as highly confidential, as defined in the license agreement.

If this happens, these people are going to wind up in court defending a class action lawsuit so fast, it will make the Sony rootkit debacle look like childs play.

When a product is sold that supports specific functions, and those functions are disabled without compensating the owners or providing alternate methods for using these functions, then the vendor has committed a breach of contract and is liable for damages.

Vern

Ain't going to happen, stopping Xbox 360 HD DVD playback.

But It does look like he didn't actually break anything and was showing a theoritical concept based on his understanding of the key structure, which may or not be valid.

In other words, its a hoax. Wishful thinking and maybe possible, but for now its a hoax.

...is sold that supports specific functions, and those functions are disabled without compensating the owners or providing alternate methods for using these functions, then the vendor has committed a breach of contract and is liable for damages.Only if the XBox360 can't play HD-DVDs anymore, not PCs.
Amir stated many times (before the add-on was released) that it is not designed to work with a PC.
When pressed, he admitted that no special measures were taken to prevent it from being used with a PC.

Making it not work with PC for good won't be a breach of contract.

Diogen.

Good point, stopping PC playback on the Xbox device could happen as its not a stated use.

Only if the XBox360 can't play HD-DVDs anymore, not PCs.
Amir stated many times (before the add-on was released) that it is not designed to work with a PC.
When pressed, he admitted that no special measures were taken to prevent it from being used with a PC.

Making it not work with PC for good won't be a breach of contract.

Diogen.
Microsoft now offically supports the XBox 360 HD DVD add on with Windows XP (running Windows Update will install the proper device drivers for it).

Microsoft now offically supports the XBox 360 HD DVD add on with Windows XP (running Windows Update will install the proper device drivers for it).


actually

as Microsoft will tell you

Having drivers available does not mean it is supported by them. See the countless scripts that Microsoft publishes but as we say in the computer world, use at your own risk.

If this happens, these people are going to wind up in court defending a class action lawsuit so fast, it will make the Sony rootkit debacle look like childs play.

When a product is sold that supports specific functions, and those functions are disabled without compensating the owners or providing alternate methods for using these functions, then the vendor has committed a breach of contract and is liable for damages.

Vern


What People?

the people that bought an XboX360 HD-DVD player and made it work with a PC? lol

yeah. Hmm let see MS sells the HD-DVD player for the XboX360 NOT the PC. So the owners can no show damages as they were using it in a PC not an XboX360 or how I like to tell users, they were using it in an unsupported emviroment ;)

quite simple really :)

that they will blacklist ALL xbox360 HD-DVD drives connected to the pc


I am not sure I am following you here. Could muslix64 get the keys without the software player?


Quote
"As long as insecure players will exist, it will last...
They can do player revocation, so I will just change the player I'm using, big deal"

I also find muslix64 statement self-contradicting. If revocation doesn't work, why does he need to rely on insecure players? Why does he even need to change his player?

actually

for HD-DVD to work it IS part of AACS :)
I meant, that the player key is not necessarily in the drive itself, but is stored in PowerDVD. If the player key is in the drive itself, then however PowerDVD is obtaining that volume key and not protecting it, that's powerDVD's fault, not the drive's.

However, if this is true, then there is no way of disabling PowerDVD, unless you disable the drive's devicekey. My understanding is that the volume key is actually constructed by powerDVD, not from the drive. I could be wrong, as I am basing this on 3rd sourced information the Toshiba HD-A1's drive.

If the player key is in the drive itself, then however PowerDVD is obtaining that volume key and not protecting it, that's powerDVD's fault, not the drive's.


Ditto. I am not sure how Figgie get the idea about the add-on drive. Muslix64 said he was able to get the un protected volume unique key to decrypt the media key. If this is true, the device key and media key are not compromised. If powerdvd has not successfully protected that volume unique key, then powerdvd's device key needs to be revoked that current version could no longer get volume unique key from future release.

I am also confused by the "I bypass all the revocation system" statement from Muslix64. Obviously, he needs to rely on a insecure but legitimate player to get the volume unique key, doesn't he?

Windows Vista contains official support for the 360 HD DVD Player built in, the drivers are actually included on the Vista DVD. There is no way that MS would kill PC HD DVD playback now, after the fact, when it is officially supported already in Vista. Especially since Vista has been specifically designed to enforce HD DVD and Blu-Ray's security requirements. It will even properly detect the ICT flag and degrade all analog outputs if ICT is ever enabled.

There is no way that MS would kill PC HD DVD playback now,


First, MS couldn't blacklist this drive, it is AACS's job. Second, if the drive is revoked, it will be a cross platform thing. I don't think you can disable it in PC while allow it on xbox360.

Ummm, the drive itself is just a dumb HD DVDROM drive. There are no electronics in the drive which could be said to be blacklisted. I doubt there is anything related to AACS in the 360 player, it's just an HD DVDROM drive in a white box with some SATA->USB converter chip inside.

I think it would be PowerDVD 6.5 HD that would be 'blacklisted' as well as PowerDVD 6.6 for BD (all builds).

I am also confused by the "I bypass all the revocation system" statement from Muslix64. Obviously, he needs to rely on a insecure but legitimate player to get the volume unique key, doesn't he?

Yes, what he is talking about is other people using it.

Take random guy 1, who downloads said program and a list of volume keys for movies that he owns.

No revocation that is available can stop random guy 1 from decrypting them. ( Other than revoking all compromised *media* - which would prevent legitimate copies from playing in legitimate players ).

The revocation system is aimed at the people who are providing the volume keys, but the setup that he has come up with means that they don't ever need to provide the device keys that they used to get the title keys, which makes it much harder to revoke them, and also means that revoking them after the fact does nothing but stop them from getting new ones.

No revocation that is available can stop random guy 1 from decrypting them. ( Other than revoking all compromised *media* - which would prevent legitimate copies from playing in legitimate players ).

The revocation system is aimed at the people who are providing the volume keys, but the setup that he has come up with means that they don't ever need to provide the device keys that they used to get the title keys, which makes it much harder to revoke them, and also means that revoking them after the fact does nothing but stop them from getting new ones.

I think you are missing the point. Once an insecure player which leak volume key emerges, all the titles released are compromised. Nobody could do anything about that. The goal of the revocation system is to keep future release safe.

For example, Powerdvd has failed to protect the volume unique key. Muslix64 found the hole and all the HD DVD and bluray released were compromised. That is it. Then Powerdvd's device key would be revoked and could no longer decrypt the volume unique key on future release. That's why Muslix64 needs a insecure but legitimate player. Everybody does. Once that insecure player become revoked, people needs to move on and "pray" for another insecure player to emerge.

I think you are missing the point. Once an insecure player which leak volume key emerges, all the titles released are compromised. Nobody could do anything about that. The goal of the revocation system is to keep future release safe.

For example, Powerdvd has failed to protect the volume unique key. Muslix64 found the hole and all the HD DVD and bluray released were compromised. That is it. Then Powerdvd's device key would be revoked and could no longer decrypt the volume unique key on future release. That's why Muslix64 needs a insecure but legitimate player. Everybody does. Once that insecure player become revoked, people needs to move on and "pray" for another insecure player to emerge.

Exactly except the studios can make it much more difficult with AACS vs CSS. A title can have one of 64 titles keys. So each duplication line could use a different key. As the studios see title keys appear they could change those lines. Over the course of 4 years a popular title could have one of many keys some of which are cracked and some of which are not. Now imagine j6p has MI3 and tries to use a program to rip it, except he has the wrong MI3. Now there is nothing on the box to indicate which key it is encrypted with. The ongoing war to be more like radar detectors vs cops instead of the hole blown wide open by CSS where one piece of software could decrypt all copies of all DVD ever made and ever made in the future. All this assumes the author has actually done anything.

I still think this is a hoax though. The facts that we know:
The author released a piece of software which removed the encryption IF the user has a title key.
There is nothing in the software that in itself is an exploit it simply follows the publicly available AACS specs.
The real exploit has is the ability to obtain a correct title key and the author has done nothing to prove it.
The author makes a vague claim that he pulled the key from memory.
The author has not released the title key of one HD DVD title.
No other hacker anywhere in the world has been able to publicly duplicate his success.
The software provider has stated that they do not keep the key in plaintext in main memory.

Sound suspicous? Oh BTW yesterday i found a flaw in SSL. Every single website is now subject to this exploit. Of course I am not going to provide any evidence of my claim but all those e commerce sites better be afraid because I am coming after them. :D

I meant, that the player key is not necessarily in the drive itself, but is stored in PowerDVD. If the player key is in the drive itself, then however PowerDVD is obtaining that volume key and not protecting it, that's powerDVD's fault, not the drive's.

However, if this is true, then there is no way of disabling PowerDVD, unless you disable the drive's devicekey. My understanding is that the volume key is actually constructed by powerDVD, not from the drive. I could be wrong, as I am basing this on 3rd sourced information the Toshiba HD-A1's drive.


Player key??

ok lets review shall we?

since I don't know what I am talking about...

I'll use Muslix post itself


......
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation
.......

Important things in bold.

and since I don't know anything... let go to the AACS



A Player shall enter into AACS Mode before executing its boot sequence if and only if it decides that a Disc to be played back is an AACS Disc.


An AACS-Compliant HD DVD-ROM/DVD-ROM drive may support commands for format layer-change, which enable to change the format for a hybrid disc, i.e. an HD DVD-ROM/DVD-ROM Twin Format Disc, without disc ejection or power-off. Note that, however, from the viewpoint of the AACS content protection scheme, format layer-change from a layer which is protected by AACS to a layer which is not
protected by AACS shall be regarded as disc ejection, even if no disc ejection is in fact occurred at the format layer-change. See the AACS Introduction and Common Cryptographic Elements for the drive behavior at disc ejection.


AACS specification is applicable to a PC-based system. In such a system, a drive and PC host act together as the Recording Device and/or Playback Device for AACS protected content. Note that a new, robust and renewable form of drive authentication is introduced; recording or playback of AACS protected content is not permitted using drives that only support authentication associated with the Content Scramble System (CSS) for DVD-Video. The procedure for recording or playback of the content is the same as described in relevant document of AACS specification, except for additional steps that are required for the host to read and verify the integrity of the Volume Identifier, Pre-recorded Media Serial Number, Media Identifier and Protected Area Data values it receives from the drive, and to ensure the Protected Area Data is securely written to the media.



Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys maybe different in different media types. These Device Keys, referred to as Kd_i (i=0,1,…,n-1), are provided by AACS LA, and are used by the device to process the MKB to calculate Km. The set of Device Keys may either be unique per device, or used commonly by multiple devices. The license agreement describes details and requirements associated with these two alternatives. A device shall treat its Device Keys as highly confidential, as defined in the license agreement.

what you guys don't understand is the volume key can be gotten, that was never my contention. The Device key and Drive key (both in the Xbpx360 HD-DVD add on otherwise no HD-DVD support!!) can still make that $199 a dvd player and nothing more without some serious hacking. In other words, one lock down 3 more to go. ;)

the whole lot of you are looking at the volume key but running right into the tiger trap (Device Keys and Drive Keys along with thier certificates). Reminds of a horse with the blinds on running past the water well because no peripheral vision.

Ummm, the drive itself is just a dumb HD DVDROM drive. There are no electronics in the drive which could be said to be blacklisted. I doubt there is anything related to AACS in the 360 player, it's just an HD DVDROM drive in a white box with some SATA->USB converter chip inside.

wrong answer

taken from someone with an HD-DVD drive connected to PC

you have TWO items upon connection

XBOX 360 HD DVD Memory Unit <-- firmware upgrades along with revocation list as it needs to be in NVRAM according to AACS prelim specs.
XBOX 360 HD DVD Player <-- Player itself.

ok lets review shall we?

that you guys don't understand is the volume key can be gotten

The device key is in the software player. The drive only has the drive key(if there is one). According to you, both key are in the drive. If so, what type of key does the software have? Volume key is caculated using the powerdvd device key and according to muslix64 someone failed to protect the result. Muslix64 said he needs to rely on insecure but legitmate player. He never said as long as he got the addon, he was good to go. AFAIK, all CE device might have different key per player or per family. For software, each version has the same device key for every copy sold. Software device key is required to be upgrade every 6-12 month given no hack confirmed.

For the addon drive, the device key is in the fall update of XBOX360. If that device key is compromised, xbox360 will require another update.

XBOX 360 HD DVD Memory Unit <-- firmware upgrades along with revocation list as it needs to be in NVRAM according to AACS prelim specs.


According to AACS, the CRL(content revocation list) is first embedded on the disc and then stored in the non-volatile memory. The non-volatile memory on xbox360 addon doesn't have any revocation list so far. Once future release update the CRL, the player will update the list on the memory according to the CRL on the disc.
quote
"A Content Revocation List (CRL) is also embedded onto media and then stored in non-volatile memory by players and contains a list of content that contains a valid signature but has since been revoked."

According to AACS, the CRL(content revocation list) is first embedded on the disc and then stored in the non-volatile memory. The non-volatile memory on xbox360 addon doesn't have any revocation list so far. Once future release update the CRL, the player will update the list on the memory according to the CRL on the disc.
quote
"A Content Revocation List (CRL) is also embedded onto media and then stored in non-volatile memory by players and contains a list of content that contains a valid signature but has since been revoked."


Very good

magic word is so far. ;)

and I am talking about the DRL not CRL.

If this little program is infact LEGIT (he is in EU and afriad of US Law, how odd??) then you can guarantee that the "so far" will no longer apply. Of course, all we have is speculatives and nothing else as Muslix posted information, that mind you, is available freely from AACS. ;)

Very good
and I am talking about the DRL not CRL.




So I don't know what you are talking about. I couldn't find DRL in the AACS 0.9. On pg 17, there is only CRL in the graph. Maybe you can help me. Why are you keep spreading the FUD that addon drive will be blacklisted? According the AACS, the software player is the device here, thus have the device key. According to mulsix64, it is the software failed to protect the caculated result.

Why do you need to blacklist the addon drive again?

The device key is in the software player. The drive only has the drive key(if there is one). According to you, both key are in the drive. If so, what type of key does the software have? Volume key is caculated using the powerdvd device key and according to muslix64 someone failed to protect the result. Muslix64 said he needs to rely on insecure but legitmate player. He never said as long as he got the addon, he was good to go. AFAIK, all CE device might have different key per player or per family. For software, each version has the same device key for every copy sold. Software device key is required to be upgrade every 6-12 month given no hack confirmed.

For the addon drive, the device key is in the fall update of XBOX360. If that device key is compromised, xbox360 will require another update.

according to me? No not according to me. I could care less where the keys are located at. What I am trying to do is get you lemmings to quit following blindly and look at the ENTIRE picture. Everyone so concerned with the volume keys but that is only 1 of 4 possible things. For the crack to work, all 4 gates must be unlocked NOT 1.

1 volume key is comp'd. Big woop. DRL the problem child in this case the Xbox360 add on, and start again from scratch OR hack the firmware to prevent that.

as for me, if MP3 encoding is any indication. I will pass on this waste of time.

So I don't know what you are talking about. I couldn't find DRL in the AACS 0.9. On pg 17, there is only CRL in the graph. Maybe you can help me. Why are you keep spreading the FUD that addon drive will be blacklisted? According the AACS, the software player is the device here, thus have the device key. According to mulsix64, it is the software failed to protect the caculated result.

Why do you need to blacklist the addon drive again?

FUD?

the root of all stupidity is ignorance.

Chapter
4.1 Drive Certificate
4.3 Drive Authentication Alogrithm for AACS
4.8 Updating Host revocation list in Non-volatile Memory of Drive
4.9 Updating Drive Revocation List in Non-Volatile memory of Host

An AACS licensed drive shall retain in non-volatile storage, the most recent Host Revocation List (HRL) data which it encounters and has verified.

An AACS licensed PC host shall retain in non-volatile storage, the most recent Drive Revocation List (DRL) data which it encounters and has verified.

My advice

instead of skimming the AACS Specs Common rev .91

read the damn thing before you start declaring someone is spreading FUD.

kthanks.

1 volume key is comp'd. Big woop. DRL the problem child in this case the Xbox360 add on,

Again, why revoke the addon instead of Powerdvd? You said add-on has both device key and drive key. According to AACS, the software player should have the device key. Mulisix said insecure player, didn't he? Why are you accusing the addon to be the problem child instead of the software player? You are still spreading FUD. Copy and paste AACS wouldn't do you any good.

Chapter
4.1 Drive Certificate
4.3 Drive Authentication Alogrithm for AACS
4.8 Updating Host revocation list in Non-volatile Memory of Drive
4.9 Updating Drive Revocation List in Non-Volatile memory of Host



How many times do you have copy and paste this? Please explain why the drive is the problem here? Does the drive contain the volume key? Could mulsix64 extract volume key using any player given the addon drive?

How many times do you have copy and paste this? Please explain why the drive is the problem here? Does the drive contain the volume key? Could mulsix64 extract volume key using any player given the addon drive?


apparently alot since you do not get it. :)


here let me explain to you once again. Dumbing it down even further.

The only way PC are playing HD-DVD right now is with the Xbox360 add on. If there was no Xbox360 addon, there would be NO HD-DVD playing on a PC until someone else MADE an HD-DVD drive.

CAPICHE??

really K.I.S.S does apply here (Keep It Simple Stupid)

I was being nice, minus well drop the charades

just because your ignorant little mind does not comprehend does not mean it is not valid.

copying and pasting AACS does me a lot of good as my information is backed on FACTS not on what you "THINK" is the right thing..


I was being nice too. :) You said you spend time to read AACS and then quote
"The Device key and Drive key (both in the Xbpx360 HD-DVD add on otherwise no HD-DVD support!!)" So the addon has the device key not the software player? :)



Xbox360 drive is supposed to be for Xbox not PC. People using them for PC HD-DVD. Problem child is not the software player. Problem child is xbox360 HD-DVD drive being used on PC. Blacklist xbox360 HD-DVD drives as they sit today. Problem solved. Simple really.

Ok, now I get your point. 2nd grade English works better. The software player failed to do the job. But instead of punishing/revoke the insecure software, hey why don't we just forbid all the ROM device? :D

I was being nice too. :) You said you spend time to read AACS and then quote
"The Device key and Drive key (both in the Xbpx360 HD-DVD add on otherwise no HD-DVD support!!)" So the addon has the device key not the software player? :)




Ok, now I get your point. 2nd grade English works better. The software player failed to do the job. But instead of punishing/revoke the insecure software, hey why don't we just forbid all the ROM device? :D

and BACK to the AACS we go

xbox360 HD-DVD is ONE of many HD-DVD rom devices. so DRL/HRL the Xbox360 HD-DVD add on is only blacklisting ONE "device family" and more specifically one HD-DVD player family for the PC. ;)

as for the PowerDVD being the problem child, big assumption since no other "cracker" "h@c|<3r" ,engineer has been able to replicate the results even with the his code :)


Funny that the baby cryers are the ones that got the xbox360 hd-dvd to play on a PC. I love this!!

xbox360 HD-DVD is ONE of many HD-DVD rom devices. so black listing the Xbox360 is only blacklisting ONE "device" and more specifically one HD-DVD player family for the PC. ;)



Didn't I say 2nd grade English worked better? There is Drive revocation and
Device revocation (with MKB) in AACS, agreed?

Simple question, who has the device key here? The software player or the add-on drive? Could mulisx64 get the volume unique key without a so called insecure but legitmate software player? I am curious why you never said anything about the software player while FUD again and again on the add-on?

Quote
"Funny that the baby cryers are the ones that got the xbox360 hd-dvd to play on a PC. I love this!! "

Ok, I think I know the reason now.:D

Didn't I say 2nd grade English worked better? There is Drive revocation and
Device revocation (with MKB) in AACS, agreed?

Simple question, who has the device key here? The software player or the add-on drive? Could mulisx64 get the volume unique key without a so called insecure but legitmate software player? I am curious why you never said anything about the software player while FUD again and again on the add-on?

ohh that is quite simple

muslix is full of crap is why. :)

As was stated on his own thread,

He posts a screenie with "keys" blackedout, then post the movie playing. The then when asked, gives no information at all? Then decides to go on vacation, Yep sounds like a full working program to me!! A program to trick everyone ;)

and BACK to the AACS we go

xbox360 HD-DVD is ONE of many HD-DVD rom devices. so DRL/HRL the Xbox360 HD-DVD add on is only blacklisting ONE "device family" and more specifically one HD-DVD player family for the PC. ;)

as for the PowerDVD being the problem child, big assumption since no other "cracker" "h@c|<3r" ,engineer has been able to replicate the results even with the his code :)


Funny that the baby cryers are the ones that got the xbox360 hd-dvd to play on a PC. I love this!!
I am new here and am trying to understand what you are saying. Are you implying that the HD-DVD drive has two device keys (one that the 360 uses and the other that the pc uses)? Because the blacklisting of the HD-DVD drive should make it not work in the 360 either.

ohh that is quite simple

muslix is full of crap is why. :)




Really? :) So nothing has been compromised? Why do we need blacklist the add-on again? Yes, to make those baby cry. :D


Also, why don't you answer the simple question that who has the device key, the software player or the add-on drive? You spend a lot of time reading AACS,no?

Because the blacklisting of the HD-DVD drive should make it not work in the 360 either.

According to my understanding, the drive revocation will be a cross platform thing. But I am stupid. :)

Really? :) So nothing has been compromised? Why do we need blacklist the add-on again? Yes, to make those baby cry. :D


Also, why don't you answer the simple question that who has the device key, the software player or the add-on drive? You spend a lot of time reading AACS,no?


actually we nor the AACS do not :)

see this entire situation has been hypothetical and nothing else. You know kind of like, if china invades USA war hypothetical.

as for the keys. A "flying Spahgehtti monster" can have the keys. In the end it is irrelevant.

According to my understanding, the drive revocation will be a cross platform thing. But I am stupid. :)

as always, you forgot one important thing. Certificate for the drive can be updated also (part of that AACS prelim specs ;) ) and since the drive can be revoked against a PC and not against the Xbox360 (you know part of the Host Revocation List). ;) Drive works in xbox but not pc.

with that said,

read the AACS Specs .91 and understand it.

Once you have understood it, you will know why this little thing by muslix if it actually works is a non-issue at the end.

With that said, I am done with this class.

as for the keys. Irrelevant to the debate at hand.


Where is the key or who has the device key is irrelevant to the discussion. Sure, blacklist the add-on drive on PC and make everyone who want a reasonable priced HD DVD ROM for PC cry is your top priority. I know where you are coming from and hope everyone does.

Where is the key or who has the device key is irrelevant to the discussion. Sure, blacklist the add-on drive on PC and make everyone who want a reasonable priced HD DVD ROM for PC cry is your top priority. I know where you are coming from and hope everyone do.

assumptions and terrible one at that.

reasonable priced HD-DVD rom?

Last I checked the PC has nothing for it in regards to HD-DVD rom. The xbox360 HD-DVD player was adapted (please notice the keyword) to it but don't confuse that as it being natively supported on PC.

So in otherwords, I don't feel sorry, have pitty, etc. for anyone that expected this to work from the beginning on a pc, then MS plugs that up and makes it NOT work with PC. It was never intended for that use from the beginning. ;)

Even if the 360 add on is revoked for use on a PC, there still are the BD drives (albeit >$500 expensive) that have been used on the PC with WinDVD and PowerDVD. People were complaining that there was no HD DVD capability before the 360 add on because the NEC HD DVD ROM drive would not work with either WinDVD or PowerDVD. So if the 360 add on was revoked (and HP and Buffalo HD DVD ROM drives) -- then cracker attention would focus on BD with the PC software players.

This is assuming that keys actually have been uncovered in memory by PC software players -- no proof of this yet! CyberLink has said it was not them -- we need to hear from InterVideo about WinDVD.

read the AACS Specs .91 and understand it.

You don't even know who has the device key and want others to understand the AACS?

(you know part of the Host Revocation List). Drive works in xbox but not pc.

No, I don't know. Since you have read AACS, why don't you explain it in 2nd grade English? :) My guess, if the host is revoked, no drive would work on that host including the bluray burner/ROM also.

as always, you forgot one important thing. Certificate for the drive can be updated also (part of that AACS prelim specs ;) ) and since the drive can be revoked against a PC and not against the Xbox360 (you know part of the Host Revocation List). ;) Drive works in xbox but not pc.

with that said,

read the AACS Specs .91 and understand it.

Once you have understood it, you will know why this little thing by muslix if it actually works is a non-issue at the end.

With that said, I am done with this class.

So AACS would be revoking the players ability to use the drive and not the drive itself. Is there some generic PC Host key? i.e. I built my computer I buy the drive, video card, software to play movies. Where is the HRL in effect?

I don't mean to sound argumentative, I was just looking to be able to understand this situation.

What I gathered:
1. Drive has its own license/revocation system
2. Player has its own license/revocation system
3. Disc (Media) has its own license/revocation system

And you are saying that the drive is the reason the player was or was not hacked, and that it should be revoked.

assumptions and terrible one at that.

reasonable priced HD-DVD rom?

Last I checked the PC has nothing for it in regards to HD-DVD rom. The xbox360 HD-DVD player was adapted (please notice the keyword) to it but don't confuse that as it being natively supported on PC.

So in otherwords, I don't feel sorry, have pitty, etc. for anyone that expected this to work from the beginning on a pc, then MS plugs that up and makes it NOT work with PC. It was never intended for that use from the beginning. ;)


I thought you are done with the class. The addon is natively supported on PC. Noboday has adapted anything. FUD again? Actually MS intentionally use addon as an excuse to sell cheap HD DVD ROM for PC users. It was intended for that use from the beginning. You just couldn't get over the fact that HD DVD ROM could be bought so cheap compare to the bluray drive. You don't need feel sorry for anything. Because, the addon is supported from day 1 and will always be supported on PC just like any other drive.

And you are saying that the drive is the reason the player was or was not hacked, and that it should be revoked.

Bingo! That is his FUD from the beginning.

Even if the 360 add on is revoked for use on a PC.

My understanding:

If a host is revoked, then no drive will work on that host including the bluray drive.
If a drive is revoked, then that drive will not work on any host.

Figgie is trying to misled people into thinking AACS could revoke the add-on for PC alone without giving any reason why AACS should revoke the drive not the player in the first place. Oh, he gave the reason-FUD that addon was not supposed to be work on PC.

The addon is natively supported on PC. Noboday has adapted anything. FUD again? Actually MS intentionally use addon as an excuse to sell cheap HD DVD ROM for PC users.

ahh the wave of stupidity ensues.

Really?

Please link us all where Microsoft OFFICIALLY (Press release, Technet article, support documentation, call to Microsoft themselves) says that xbox360 HD-DVD drive is SUPPORTED on the PC platform and not some speculative BULLSHIT based on your opinion.

My understanding:

If a host is revoked, then no drive will work on that host including the bluray drive.
If a drive is revoked, then that drive will not work on any host.

Figgie is trying to misled people into thinking AACS could revoke the add-on for PC alone.


mislead, no.

read the AACS documentation regarding HRL/DRL. those are facts not speculative statements as has been your case so far.

And to help along.

Page 39 (page 51 of 82 when opened in AdobeReader).

enjoy!!

Really?


MS VP said in this forum in the insider thread that MS did not create any obstacle for the drive to work on PC. Well, sure it is not official, but it just works. :D When asked why MS could sell the drive so cheap while HP drive would be around $300-400. MS VP said they didn't have to provide any 800-customer support and playback software. Do you have to adapte anything? No, plug and play. Boy, it was smooth. Cry baby?

And you are saying that the drive is the reason the player was or was not hacked, and that it should be revoked.

The drive?

it could have been a Drive created by Matsushita for the PC. Manufacture is irrelevant and the drive is irrelevant.

It is not more cut and dry than what I am going to write next. If you do not understand this, then I can not help you.

What better way to test the AACS ability, then to DRL/HRL a piece of equipment that was never a PC equipment anyway ;)

that was never a PC equipment anyway ;)


Let me give you another clue. The addon is a Toshiba SD-S802A drive. Don't cry when you find the same family in the future HP/LiteOn PC drive.

Well, sure it is not official, but it just works.


See how simple that was.

So do a lot of other items "just" work then stop "just" working. ;)

this remeinds me of when Zenith stopped doing upconvert via component output with the new firmware...history repeating itself again.

Let me give you another clue. The addon is a Toshiba SD-S802A drive. Don't cry when you find the same family in the future HP/LiteOn PC drive.


sniff sniff...

link me to that drive when ever you get a chance please. For SALE, TODAY. :)

sniff sniff...

link me to that drive when ever you get a chance please. For SALE, TODAY. :)
Ummm... I have one. I think his clue should have made it clear.

Works fine on a PC, both with XP and Vista. Works with OS X too.

P.S. The drive Xbox 360 drive is officially supported by Cyberlink on Windows PCs.

then stop "just" working. ;)




The add-on will stop working if it is compromised just like any other device/drive/player. However, it will not stop working on PC just because it doesn't sells as a PC drive. That is the FUD you are trying to spread from the beginning. FUD as fear.

The add-on will stop working if it is compromised just like any other device/drive/player. However, it will not stop working on PC just because it doesn't sells as a PC drive. That is the FUD you are trying to spread from the beginning. FUD as fear.


bwaahahaha

hahahahahahahah

Please link us all where Microsoft OFFICIALLY (Press release, Technet article, support documentation, call to Microsoft themselves) says that xbox360 HD-DVD drive is SUPPORTED on the PC platform and not some speculative BULLSHIT based on your opinion.http://www.avsforum.com/avs-vb/showthread.php?t=748426

See Update 3, first post.

I'll be interested to see how you explain why Microsoft would put these drivers on Windows Update. Note that the drivers are not "Toshiba" but specifically for the Xbox 360 HD-DVD Memory Device.

Ummm... I have one. I think his clue should have made it clear.

Works fine on a PC, both with XP and Vista. Works with OS X too.

P.S. The drive Xbox 360 drive is officially supported by Cyberlink on Windows PCs.

question still NOT answered.

link me to where MS officially supports it on PC (regardless of OS), MIPS, RISC etc. Oh it doesn't you say?

as was posted before.

It "just works". :)

then the lot of you should be greatful that it does ;) but don't be suprised when that rug gets pulled ;)

See how simple that was.



You couldn't provide any evidence showing that the add-on drive is being compromised on PC.
You couldn't provide any evidence that the add-on is different from a PC drive.
You don't even understand which party should have the device key.
You couldn't provide any evidence that the software player is secure in this case. (while even muslix64 said you need a insecure software player. Well you called him full of crap anyway)



Well, you just go ahead and spread the FUD that add-on will be revoked on PC because it is not sold as a PC drive.

http://www.avsforum.com/avs-vb/showthread.php?t=748426

See Update 3, first post.

I'll be interested to see how you explain why Microsoft would put these drivers on Windows Update.

Mike,

thank you for that. so if i have a problem I can call MS and they will support this on a PC (answer is NO)? If I email them, they will support this (answer is no also)?

I have been dealing with MS for quite some time. As I posted before and I will say it again. Drivers release by MS does not mean support from them. It means use at your own risk, but if you fry something don't blame us. Hell I have AMD drivers in my computer that MS publishes. Support goes to AMD not MS ;)

You couldn't provide any evidence showing that the add-on drive is being compromised on PC.
You couldn't provide any evidence that the add-on is different from a PC drive.
You don't even understand which party should have the device key.
You couldn't provide any evidence that the software player is secure in this case. (while even muslix64 said you need a insecure software player. Well you called him full of crap anyway)



Well, you just go ahead and spread the FUD that add-on will be revoked on PC because it is not sold as a PC drive.

add-on drive being comprimised?? wtf you talking about now? Please quote me where I stated that. PLEASE.
I understand where the keys need to be. It is in black and white literally. I am not giving you the answer when you can look up the information yourself (www.aacsla.com)

reason I called muslix full of crap was because not one bit of evidence that his little progie infact works. Just him and NO ONE else got it to work (except the one guy in [H]ardforums where he is also just as vague, imagine that!).

two instances and no other proof. In otherwords this and all the other threads are based on "IF".

I love the "what if" games!

Figgie---third-party drivers on Windows Update is one thing. So yes, I can download my Intel networking drivers from Microsoft, and I have no illusions that Microsoft is supporting them. But these are Microsoft drivers. Maybe they send me to the Xbox 360 folks, but last time I checked they cut the checks.

In fact, with Windows Vista, it's even easier:

http://www.360insider.net/2006/11/12/hd-dvd-drives-works-natively-in-vista/

In fact, if you run Windows Vista 64-bit edition, you don't even need new software to play HD-DVD movies---the support is built into WMP 11. Plug in the drive, let the automatic driver install finish, pop in a disc, and go.

but don't be suprised when that rug gets pulled ;)

Pulled just because you said it is not supposed to be a PC drive?

Let me get this straight. Only AACS has the right to revoke this drive. Agree? AACS would not revoke any device which is not confirmed to be compromised. Agree? Oh, AACS doesn't act based fanboyism, agree?

Now tell me, if the add-on drive is not compromised. Why it will stop work on PC again? What makes it different than any other drive device?

Pulled just because you said it is not supposed to be a PC drive?

Let me get this straight. Only AACS has the right to revoke this drive. Agree? AACS would not revoke any device which is not confirmed to be compromised. Agree? Oh, AACS doesn't act based fanboyism, agree?

Now tell me, if the add-on drive is not compromised. Why it will stop work on PC again? What makes it different than any other drive device?


really you work for AACSLA???

you guess is as good as anyone elses on this board on what would cause a DRL/HRL. You know kind of like this entire "what if" series.

In fact, if you run Windows Vista 64-bit edition, you don't even need new software to play HD-DVD movies---the support is built into WMP 11.

Really? I should re-install the Vista from x86 to 64bit tonight. :) Thanks for the hint.

More:

http://www.windows-now.com/blogs/robert/archive/2006/10/25/Xbox-360-HD_2D00_DVD-on-Vista-Confirmed.aspx

Of course, he's apparently half wrong about the failure to ship decoder software. 64-bit Vista has some.

you guess is as good as anyone elses on this board on what would cause a DRL/HRL.

I don't work for AACS, but I have a brain to know the revocation procedure isn't based on fanboyism, hatred, or ego.

Figgie---third-party drivers on Windows Update is one thing. So yes, I can download my Intel networking drivers from Microsoft, and I have no illusions that Microsoft is supporting them. But these are Microsoft drivers. Maybe they send me to the Xbox 360 folks, but last time I checked they cut the checks.

In fact, with Windows Vista, it's even easier:

http://www.360insider.net/2006/11/12/hd-dvd-drives-works-natively-in-vista/

In fact, if you run Windows Vista 64-bit edition, you don't even need new software to play HD-DVD movies---the support is built into WMP 11. Plug in the drive, let the automatic driver install finish, pop in a disc, and go.


Mike,

not for anything but what did you think Xbox360 was built on? Custom XP code? I sure hope Vista has native next-gen storage support as that what they were touting since the begining of last year! DRM galore etc.

also I have every single flavor of MS OS at work here.

none of our windows Updates for XP SP2, windows 2000 SP4, windows 2003 SP1 that have the HD-DVD drives have the drivers avalable to download from Windowsupdate, and from talking with our TAM the driver won't be either for now. Vista is another beast as it sits right now.

not for anything but what did you think Xbox360 was built on? Custom XP code?Not compiled for Intel, that's for sure. Given that the Xbox360 is PowerPC based, the Xbox360 testing process didn't exactly leave an Intel Windows-XP native driver lying around as a side effect.

EDIT: The Xbox 360 has its roots in Windows 2000, not Windows XP, if this guy is to be beleived:
http://www.windowsfordevices.com/news/NS3988467635.html

But even if I granted your argument, 64-bit Vista is a completely different beast, thanks to its stricter driver signing criteria. I think you have a far better case that the drivers for XP are unsupported. But if 64-bit Vista supports the drive out of the box, then Microsoft has apparently decided to believe in its new security model and take Vista and the Xbox 360 drive seriously.

Not compiled for Intel, that's for sure. Given that the Xbox360 is PowerPC based, the Xbox360 testing process didn't exactly leave an Intel Windows-XP native driver lying around as a side effect.


Ok sorry about that.

xbox360 uses Vista as its underlying "OS" not XP.

No. Check my edit. It's Windows 2000, not Vista or XP. There is NO WAY that the Vista code would have been ready for the 360. I'm only mildly surprised they didn't go with XP, but what they really did was start from the existing Win2000 Xbox codebase.

So can we turn down your attitude at least a notch or two now?

The drive?

it could have been a Drive created by Matsushita for the PC. Manufacture is irrelevant and the drive is irrelevant.

It is not more cut and dry than what I am going to write next. If you do not understand this, then I can not help you.

What better way to test the AACS ability, then to DRL/HRL a piece of equipment that was never a PC equipment anyway ;)

Oh, well kill the player on the pc for all I care as long as the 360 isn't affected... (one would think that it is the fault of the player... they could just write the player to think that the hd-dvd drive is an invalid drive)






Is there some generic PC Host key? i.e. I built my computer I buy the drive, video card, software to play movies. Where is the Host Revocation List in effect?

No. Check my edit. It's Windows 2000, not Vista or XP. There is NO WAY that the Vista code would have been ready for the 360. I'm only mildly surprised they didn't go with XP, but what they really did was start from the existing Win2000 Xbox codebase.

So can we turn down your attitude at least a notch or two now?


guess I was wrong but Windows 2000 is NOT right either.

http://blogs.msdn.com/xboxteam/archive/2006/02/17/534421.aspx

Some custom code they wrote for it that is not win2k or Vista related. though the wierd part is they DO infact use Win32 api for drivers. Odd on a 64 bit system......

Yes, that thread's interesting, thanks! One of the commenters links to the post I copied above as possibly the "source" of the Win2000 rumors. But I have to be honest: while I'm sure it has been customized far beyond any recognizable similarity to Win2K, I'm not sure I believe that they borrowed no code from Win2K when the started the Xbox project.

Back to the central issue though, it should be clear now that the signed 64-bit Windows Vista drivers for the HD-DVD drive can't be explained away as some artifact of an Xbox development effort. While they may not be going public with it yet, it seems clear that Microsoft had some intention on enabling the use of the drive on the right hardware.

I wouldn't be surprised, frankly, if there wasn't some larger strategy here; that Microsoft was preparing to use the 360 drive on the PC as a way to stimulate further HD-DVD format adoption at some point in the future.

Yes, that thread's interesting, thanks! One of the commenters links to the post I copied above as possibly the "source" of the Win2000 rumors. But I have to be honest: while I'm sure it has been customized far beyond any recognizable similarity to Win2K, I'm not sure I believe that they borrowed no code from Win2K when the started the Xbox project.

Back to the central issue though, it should be clear now that the signed 64-bit Windows Vista drivers for the HD-DVD drive can't be explained away as some artifact of an Xbox development effort. While they may not be going public with it yet, it seems clear that Microsoft had some intention on enabling the use of the drive on the right hardware.

I wouldn't be surprised, frankly, if there wasn't some larger strategy here; that Microsoft was preparing to use the 360 drive on the PC as a way to stimulate further HD-DVD format adoption at some point in the future.

oh no I whole heartedly agree with you that MS wants to spur sales of HD-DVD drives (searching has dug up the close tie ins between them and toshiba).

My stance on this "issue" is that part of the AACS is drive revocation and device revocation. Will the AACS use it? who knows but the ability is there.

Is there a crack out there. Well to two poeple YES. No one else has gotten it to work.

but I found some intresting thing regarding Toshiba and MS and how close in bed they really are :)

http://blogs.msdn.com/andypennell/archive/2006/11/08/comparing-the-xbox-360-hd-dvd-add-on-with-the-toshiba-a1-hd-dvd-player.aspx

Figgie,

Despite your 20+ posts and constant personal attacks against other members you simply have explained one thing. Why the hell would the Xbox360 drive be revoked when the compromise was in the PowerDVD player (according to the author)?

First thing is it would solve nothing as other BD drives and HD DVD drive both on the market and coming soon will be affected equally by this exploit.

Second thing is revocation is used to block exploited or tampered hardware not simply to enforce a "xbox360 is for xbox and not PC policy".

Nothing has convinced me yet that the author isn't simply a liar. Would be kinda stupid is AACSLA revoked a drive that was in compliance over a non issued caused by a "hacker" making a movie that proves nothing.

searching has dug up the close tie ins between them [MS] and toshiba).


Stop the presses!!! Our ace cub reporter has uncovered a bombshell :D

Figgie,

Despite your 20+ posts and constant personal attacks against other members you simply have explained one thing. Why the hell would the Xbox360 drive be revoked when the compromise was in the PowerDVD player (according to the author)?

because they can. Will they? depends on what type of proof of concept they want to show. if any at all. Can you imagine the PR on that, "hacker gets keys but is foiled by HD DVD (since it happened on HD-DVD, the news will run as is typical of them) new security measure."

First thing is it would solve nothing as other BD drives and HD DVD drive both on the market and coming soon will be affected equally by this exploit.

Second thing is revocation is used to block exploited or tampered hardware not simply to enforce a "xbox360 is for xbox and not PC policy".

With the number of adopters as it sits right now. Why would AACS (that means MS has given the OK) not be ready to hit the big red button then say, "Hello fellow members of the AACSLA, today we had a live fire test of the revocation system and it does in fact work (if it actually works that is)". With the amount of user testing that takes place with other electronic equipment. I would not be surprised at all to see such an event take place.

Nothing has convinced me yet that the author isn't simply a liar. Would be kinda stupid is AACSLA revoked a drive that was in compliance over a non issued caused by a "hacker" making a movie that proves nothing.

well this has been the "big what if" game that I elluded to earlier.

What if.....................

Stop the presses!!! Our ace cub reporter has uncovered a bombshell :D

ummmm....ok!

because they can. Will they? depends on what type of proof of concept they want to show. if any at all. Can you imagine the PR on that, "hacker gets keys but is foiled by HD DVD (since it happened on HD-DVD, the news will run as is typical of them) new security measure."

You still have answered why the would revoke the HD DVD Addon Drive key instead of the PowerDVD device key. The "problem" isn't with the HD DVD Addon. If they did what you expect them to I would see a headline more like "Hacker gets keys and studios get scared. HD DVD drive revoked which pisses off millions of legitimate users. Hacker now stealing BD movies since the problem was never with the friggin drive" Well maybe that is too long for a headline but I guess you get the point.

I think it is likely this is a hoax or the "hacker" gained access to the title key from another non hacking means (insider, works in authoring, etc). If the "hack" is legit than I expect a revocation but it will be of the flawed software not the properly functioning HD DVD Addon Drive.

The AACS optical media has four blocks of data stored on it for revocation on different levels, as far as I can read from the AACS spec.

- Host Revocation List: it requires the "drive" to have a non-volatile storage to maintain the list.

- Drive Revocation List: it requires the "host" to have a non-volatile storage to maintain the list.

- Media Key Block (MKB): it is used to revoke a "device" (on a PC, it's usually the software player such as PowerDVD). I don't think it requires any non-volatile storage.

- Content Revocation List: it requires the "licensed device" to have a non-volatile storage to maintain the list.

Although I did not see it explicitly mentioned, personally I think these NV storages should also be encrypted to prevent certain types of attacks.

BTW, I wonder how they assign the host ID for a PC...

Hmm... What was the discussion, btw? :p

Hong.

I have to agree that revoking all Xbox 360 HD-DVD hardware (or, at least, all current hardware) doesn't pass the smell test. One of the points of the AACS design is to allow revocation to be targeted to very specific points of compromise. Revoking the drive would be cutting the nose off to spite the face. Of course, this all assumes that we take at face value that muslix64 acquired the keys from PowerDVD.

Don't understand why there is still argument, the guy admits himself that he is an:

"ID 10 T User"

You have your answer there.

Peace out.

Cheers...
Duy-Khang Hoang

Hi Folks, the keys that MUSLIX claimed to have were title keys. I don't think that players would be revoked due to titles keys being exposed as they wouldn't know which players.

I put my thoughts about this MUslix episode up here: http://www.hdnowonline.com/Comment_Who_Is_Muslix.html

I think the timing of the whole thing right before CES has raised a few eyebrows, but hey-ho...

ID10T user. :)

My god, I forgot that tech support joke.

Reminds me of the pictures of coffee cups in CD rom trays.

http://en.wikipedia.org/wiki/Id10t

think it is likely this is a hoax or the "hacker" gained access to the title key from another non hacking means (insider, works in authoring, etc). If the "hack" is legit than I expect a revocation but it will be of the flawed software not the properly functioning HD DVD Addon Drive. You could make the video even if you never did the hack if you wanted to create an hoax.

Recap and commentary on cdrinfo:

AACS Hacker Replies to Controversial Press Comments (http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=19400)

Still doesn't make sense. The AACS can change the media block key which would "revoke" players of that type from playing future discs, so most consumers will update the firmware or software of the compromised player or be limited for future releases.

If the compromised movie software is decrypted and distributed thats huge bandwidth and limited to a few titles.

If the goal is to have DeCSS style backup available to home users, one would have to have a dedicated player at your house, that would be revoked for future title playback, so it would not work to copy the releases that didn't have the updated media key. It couldn't play (nor back up new movies)

If this worked it wouldn't help home copying, it could only create a limited way to unencypt a limited amount of movies that could be distributed from a central site for download. That should be easy to shut down than broken DeCSS where anyone with a DVD burner can backup a disc.

So what we still have is a limited vulnerability of a few discs that can only be copied from a drive that would not be able to play future releases. If what he said is not a hoax.

What am I missing here?

Don't understand why there is still argument, the guy admits himself that he is an:

"ID 10 T User"

You have your answer there.

Peace out.

Cheers...
Duy-Khang Hoang

Of course, luckily for me the tag is a joke that most in the computer field understand.

ID10T user. :)

My god, I forgot that tech support joke.

Reminds me of the pictures of coffee cups in CD rom trays.

http://en.wikipedia.org/wiki/Id10t

lol

glad you liked it. Every once in a while someone gets it ;)

PIBKC is another favorite ;)

PIBKAC ???

Problem is Between Keyboard And Chair?

PIBKAC ???

Problem is Between Keyboard And Chair?


yeah

I never put the "And" in there though :)

Recap and commentary on cdrinfo:

AACS Hacker Replies to Controversial Press Comments (http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=19400)
A "hacker" with a press agent? :)

Seriously, tho, the talk by some people about all Xbox HD DVD players being "revoked" is complete nonsense.

In that article, even Muslik says "If someone publishes only volume keys, there is no way to know from which player these keys where extracted, making the revocation system useless... - I will just change the player I'm using,"

"This would make that player unable to play new titles," said Muslix64. "But the author of this program can pre-extract a bunch of device keys from different players and release them, one at a time, when the previous one have been blacklisted,"

Revocation of all Xbox player would have no effect whatsoever, and would spark a lot of lawsuits. It is not going to happen... I think that various folks who are promoting this idea have "other agendas" to create a little FUD, perhaps...

Muslik is not making sense to me. If they revoke the current keys to all software-based players, the leak stops, right? Yes, some titles will be in the wild, but that's an understood risk of the AACS system anyway.

EDIT: Oh, nevermind, I should have read the article first. He depends on having a steady stream of insecure players; which, he says, "will always exist." That's a bit of wishful thinking on his part. I think I'd be more impressed if he cracked, say, WMP 11 on Vista 64-bit.

I'm going to ask this again: Has anyone actually FOUND the keys? Because so far I haven't heard of anyone doing it. Until someone duplicates this effort, it's just a bunch of hot air.

Muslik is not making sense to me. If they revoke the current keys to all software-based players, the leak stops, right? Yes, some titles will be in the wild, but that's an understood risk of the AACS system anyway.

EDIT: Oh, nevermind, I should have read the article first. He depends on having a steady stream of insecure players; which, he says, "will always exist." That's a bit of wishful thinking on his part. I think I'd be more impressed if he cracked, say, WMP 11 on Vista 64-bit.

I would be even more impressed if even one, I repeat one, title key was somehow made public (plain manila envelope, cut out newspaper letters ??) and anyone, somebody, could duplicate his results.

Even with no one being able to find the keys in the manner he has said he has done, no one has even demonstrated that a single key has been compromised.

His video proves nothing, you can cut and past that video from legitimate still secured authorized playback.

Every day goes by and it smells more like a hoax.

A "hacker" with a press agent? :)

Seriously, tho, the talk by some people about all Xbox HD DVD players being "revoked" is complete nonsense.

In that article, even Muslik says "If someone publishes only volume keys, there is no way to know from which player these keys where extracted, making the revocation system useless... - I will just change the player I'm using,"

"This would make that player unable to play new titles," said Muslix64. "But the author of this program can pre-extract a bunch of device keys from different players and release them, one at a time, when the previous one have been blacklisted,"

Revocation of all Xbox player would have no effect whatsoever, and would spark a lot of lawsuits. It is not going to happen... I think that various folks who are promoting this idea have "other agendas" to create a little FUD, perhaps...

you mean like this entire "what if" from muslix? :)

I am very skeptical about what Muslix64 has accomplished so far.

OTOH, I believe that if the source code for any HD DVD or BD software player was widely circulated on the net it would be a very short time before we were all ripping them. This should be provably true since the players obviously contain all needed info to decode a disc of either format. If we could easily read and understand that info then we'd have it too.

But, if so, then the time to crack either is bounded only by the time to dis-assemble. And this in turn is bounded only by the limited interest in these formats so far and the limited number of hackers making the effort.

So it is just a matter of time. I just don't think that time has come yet. ;)

- Tom (who is NOT working on it)

128 bit keys

I am very skeptical about what Muslix64 has accomplished so far.Somewhere between publicity stunt and far worse, in my humble opinion.

OTOH, I believe that if the source code for any HD DVD or BD software player was widely circulated on the net it would be a very short time before we were all ripping them. This should be provably true since the players obviously contain all needed info to decode a disc of either format. If we could easily read and understand that info then we'd have it too.
I don't think this is accurate. You'd still need keys of all sorts. I am not sure, as I am not an AACS guru. Otherwise, wouldn't you just be doing what Muslix (http://www.oopsweb.com/2003/hikaku/03b/7.jpg) has done; build a keyless decoder?

I am very skeptical about what Muslix64 has accomplished so far.

May be he thinks he has exposed a chink in the armor of AACS i.e. he thinks if you (somehow) hack and get title keys (or is that volume), AACS will not be able to correct itself. And ofcourse he says he has been able to hack and get the keys.

According to this thread:
http://www.avsforum.com/avs-vb/showthread.php?t=774256

There is a text file on The Hulk HD-DVD disc that contains the keys. Could it be that easy? Has anyone tried this?

Could it be that easy?No. :)

It looks like some progress has been made...
http://forum.doom9.org/showthread.php?t=119871&page=27

It looks like it's WinDVD that is "leaking".

Diogen.

Prof. Felten has his analysis (http://www.freedom-to-tinker.com/?p=1104) of AACS on his site "Freedom to Tinker".
It's a 3-part article with the next part coming tomorrow. Interesting read: blacklisting, revocations, decryption oracle, traitor tracing, etc.

The first response to the first part of this series (probably shortly after the article was published) is from DVD-Jon: pointing out that no keys were provided with the BackupDVD code. Is he Muslix?

Diogen.

"AACS is unbreakable!"... NOT!

"AACS is unbreakable!"... NOT!

To be fair, it hasn't been broken. They exploited the fact that the application apparently left the keys in memory.

-pd

There are now volume keys posted at that doom9.org thread for Serenity, King Kong, and 12 Monkeys.

IT HAS BEGUN
THERE IS NO FATE BUT WHAT WE MAKE FOR OURSELVES
THE FUTURE IS NOT SET

Not only are the volume keys available but the entire Serenity movie is available for download if you know where to look.That one has been selling well pretty consistently on Amazon. It will be interesting to see if that continues.

I wonder how this information affects the conspiracy theory talk. If this guy's goal was to just hurt HD DVD before CES, it seems like he would have given people some more clues and not allowed it to take as long as it did for them to realize they were making a false assumption about what he did (at least from my understanding of it).

--Darin

Not only are the volume keys available but the entire Serenity movie is available for download if you know where to look.

This hack is the real deal. Confirmed on multiple titles by multiple people. It will be interesting to see how AACS handles this. This seems to be one of the contingencies they planned for. I wonder if current owners will be inconvenienced in any way.

Yes the news is that people are now sharing all the HD-DVD movies over **********.


Wow. Good for Blu-ray I guess and BD+ and ROM mark.

edit, OMG the word "***torrent" is blacked out here??

That one has been selling well pretty consistently on Amazon. It will be interesting to see if that continues.

As you can't burn the files onto HD DVD-R (because there are no burners) I can't imagine that it will make a massive amount of difference.

The only way to play this is on a properly equipped PC, not a standalone. The real danger will be a dual layer DVD re-encode using x264, and even then you'll still need a mighty PC to play it.

So essentially what do we have? Lower quality pirated HD movies. The thing is that with 16mbps h.264 direct satellite feeds cropping up on Usenet, there is already a thriving pirate scene with HD content of excellent quality.

This hack is the real deal.

Actually there is no hack. Windvd put the title key in clear memory. That is all. I would be more interested that someone could get the title key from Powerdvd. Obvisouly, nobody could for the past week and it was only on XP.

This seems to be one of the contingencies they planned for.

Windvd's device key and sequence key will be revoked right away. If AACS is really serious, they shouldn't handle out key to software until Vista PVP is used.

Wow. Good for Blu-ray I guess and BD+ and ROM mark.




You are missing the point. ROM mark does nothing against this internet distribution or BD-R/RE. BD+ isn't deployed yet.

Windvd first has the bluray version. If those guy could afford the >$500 bluray burner, we will see bluray copy on the net first. Actually, I am very sure we will see Black Hawk Down in the usenet soon.

"What's with all the crappy titles?!!!"

Now you know.

Universal must be scared to death at this point.

Universal must be scared to death at this point.

Are you saying all studios will be scared to death just because windvd put title key in the clear?

Are you saying all studios will be scared to death just because windvd put title key in the clear?

If a flood of their (edit: all studios') titles starts to appear on the P2P, yes I think their will be a pause. I doubt any title about to be pressed now will go ahead until the keys are updated. From the release lists, it would seem this could harm BD more than HD DVD.

Universal, by concensus, has put out the most high quality titles. All of which are currently at risk of being put in the clear.

Gary

If a flood of their titles starts to appear on the P2P,

Who is their? All the release from both format will appear on P2P. I don't know why Universal is any special? Just because HD DVD addon is cheap and the someone happens to ripped Universal release first?

Who is their? All the release from both format will appear on P2P. I don't know why Universal is any special? Just because HD DVD addon is cheap and the someone happens to ripped Universal release first?

Sorry. They is the studios. All of them.

I'm not singling this out to be Universal exclusively. I merely point out that by concensus they have release the highest percentage of quality titles so far, and hence have the highest risk.

Gary

So, where is the web site with the conspiracy theory that this hack is the work of HD DVD supporters wanting to stop the flood of BD titles?

We need some conspiracy theory balance!

You know how we were all waiting on someone to figure out where AACS was hiding those dagnab private keys? BackupHDDVD seemed to work as advertised, but it needed access to the hard-coded "Volume Unique Keys" that unlock the encryption of each HD DVD disc. Well, the friendly folks at Doom9's Forum finally tracked down that elusive key in memory, and have already started leaking keys for a few HD titles, including nerd-fave Serenity (which has quickly made its way to the torrents), Peter Jackson's King Kong, and the ever-popular 12 Monkeys. It's still unclear at this point how HD DVD's key-revocation technology will affect HD DVD players and their users, and currently there a few playback issues with the ripped HD movies, even on fast machines. Still, it sounds like the hackers won't have too much trouble replicating their success, even if they lose a few ripped keys or even HD DVD players in the process to big bad MPAA, and we're guessing playback issues will be eventually sorted.

http://www.engadget.com/2007/01/13/round-one-goes-to-the-hackers-backuphddvd-rips-open-aacs/

The compromise has been used by more people to unlock more titles.

Though apparently not all titles have worked.

In any case it seems that most of the current HD DVDs are up for grabs for anyone who can put this together (and it is not all that hard to do).

People are making a big deal about Universal since this could effectively make their titles available for burning to BD discs.

There is no conspiracy - the 'hacker' has made mention of going after BD+ once he feels happy that HD DVD features are all dealt with.

In any case, this is real and I think it will become pretty wide spread pretty quickly for those who want to do it.

It will be interesting to see if this affects the planned release of the HD DVD writing drives since that will open up the current batch of titles for ripping and reproduction... assuming the blank discs cost less than movies (which currently is not the case!).

There is no conspiracy - the 'hacker' has made mention of going after BD+ once he feels happy that HD DVD features are all dealt with.


Excuse me but the guy has done almost nothing related to hack AACS. All he does is writing a AES-128 container and find that Windvd8 has put the title key in the clear. He couldn't even get the key from Powerdvd on XP.

Windvd is obvisouly so stupid that they didn't even bother to hide the title key. At least I hope muslix64 is not that stupid to feel happy.

Excuse me but the guy has done almost nothing related to hack AACS. All he does is writing a AES-128 container and find that Windvd8 has put the title key in the clear. He couldn't even get the key from Powerdvd on XP.

Windvd is obvisouly so stupid that they didn't even bother to hide the title key. At least I hope muslix64 is not that stupid to feel happy.

I didn't say he would succeed ;)

I just said that he does not seem to have a bias.

Also it is the Volume keys that are being shared, though each of the title keys are apparently there also.

Agreed that AACS is not compromised.

Though with a number of keys becoming available, the chances of determining the key making methods are getting higher....

"Hack" can mean many things including finding exploits in a program. This IS a hack.

It is not because Windvd didn't even try to protect the key in the first place. Nobody has exploited anything. It is clear in the memory. If muslix64 is able to get the title key from Powerdvd, then it is a hack. AFAIK, with all the effort for the past two weeks, nobody succeed.

Though with a number of keys becoming available, the chances of determining the key making methods are getting higher....

Well, with the bit level, I doubt 150 keys would be enough to get it done. If AACS is completely compromised, I bet these two formats are DOA.

Chris

If a flood of their (edit: all studios') titles starts to appear on the P2P, yes I think their will be a pause.Since Fox seems to be about the most protective (at least from things I see here) I do wonder if they will pause now. Different studios could make different choices here, but a pause by one or more wouldn't surprise me. Especially if they can just modify some AACS info on the discs and release them in way that they won't play on that version of WinDVD. I'm not sure how long that would take.

As far as high quality content, I remember when Sony used "Charlie's Angels: Full Throttle" for an early test disc. I figured it was because they wanted to use something that people wouldn't waste time trying to hack.

--Darin

Windvd's device key and sequence key will be revoked right away. If AACS is really serious, they shouldn't handle out key to software until Vista PVP is used.

To hell with that, this is just bad programming that was exploited. They can implement a secure software implementation on XP. Let them revoke the WinDVD key, that is fine. Let Intervideo suffer and take a bit vs punishing everyone who uses XP and companies who can implement a secure playback method on XP.

-pd

Since Fox seems to be about the most protective (at least from things I see here) I do wonder if they will pause now. Different studios could make different choices here, but a pause by one or more wouldn't surprise me. Especially if they can just modify some AACS info on the discs and release them in way that they won't play on that version of WinDVD. I'm not sure how long that would take.

As far as high quality content, I remember when Sony used "Charlie's Angels: Full Throttle" for an early test disc. I figured it was because they wanted to use something that people wouldn't waste time trying to hack.

--Darin

Darin-

I agree with you here. Futhermore, I believe the response to this will be much more severe than users here expect.

Chris

They can implement a secure software implementation on XP.

To be honest with you, I don't think anyone could implement a secure playback software on XP. You might be able to protect the key. But you couldn't prevent fake drive attack.

Microsoft declined to take the risk (XP HD disc player). That spoke volumes then. None of what has transpired surprises me.

As for the studio reaction, I think massive pressure will be brought the bear to disable PC software players until a solution can be found.

That could mean any title just about to go into production will be delayed for a new AACS block. Anyone know the lead time on replication?

Gary

That could mean any title just about to go into production will be delayed for a new AACS block. Anyone know the lead time on replication?

Gary

I think windvd's device key and sequence key will be blacklisted in the next replication cycle. The replication plant could reflect this change in realtime. At least, this is the impression after reading the 0.9.

Xing's css key was revoked 3-4 month later, IIRC.

Microsoft declined to take the risk (XP HD disc player). That spoke volumes then. None of what has transpired surprises me.

As for the studio reaction, I think massive pressure will be brought the bear to disable PC software players until a solution can be found.

That could mean any title just about to go into production will be delayed for a new AACS block. Anyone know the lead time on replication?
You sum up my take on this exactly. I agree with lymzy that PC hi def disc players are likely to only be able to run on something like 64 bit Windows Vista in the near future. I wonder what Apple will have to offer as far as a Trusted Programming Mechanism?

A hair-thin crack developed in the armor of AACS.
Now the question is whether it will be patched to be made invisible before a wedge is nailed into it to pry it open (like CSS).

Time will tell.

Diogen.

We shall see how long it takes to hear something from AACS. I never looked at the list of founding members, but Sony, MS, Toshiba, Disney, Warner etc are all on it. That's a pretty big chunk of both formats so my guess it the response will apply for both as well.

Chris

In any case it seems that most of the current HD DVDs are up for grabs for anyone who can put this together (and it is not all that hard to do).

People are making a big deal about Universal since this could effectively make their titles available for burning to BD discs.

I wouldn't be surprised to read about a sales rush for the HD-DVD 360 drive now ... some of those forum boards are sooooo busy, you get "the server too busy" response ...

That could mean any title just about to go into production will be delayed for a new AACS block. Anyone know the lead time on replication?There are legal issues involved. The studios can't just start revoking software from other companies. A determination has to be made through an official process, I'd assume through the AACSLA.

A hair-thin crack developed in the armor of AACS.
Now the question is whether it will be patched to be made invisible before a wedge is nailed into it to pry it open (like CSS).


I don't get your point. Xing first leaked a CSS key. Jon took advantage of this and wrote decss. However, J6P soon found out that Decss no longer worked on new release after Xing's key was revoked. Then someone else came in and brutal crack the 40bit CSS. DVD was not considered crack until then. It has almost nothing to do with Jon and the original DECSS/Xing.


To apply the same logic, someone needs to crack AES128 by brutal force. But this is not going to happen in my life time.

There are legal issues involved. The studios can't just start revoking software from other companies. A determination has to be made through an official process, I'd assume through the AACSLA.

Right. And they probably will want to wait for that new AACS data block before going into production.

I wasn't trying to imply they'd do anything themselves, beyond wait for a solution.

Gary

...To apply the same logic, someone needs to crack AES128 by brutal force. But this is not going to happen in my life time.I didn't mean to imply AES128 will be cracked in your lifetime.
All DRM cracks in recent memory (not DVD) were based on intercepting keys in the open: DVD-A, WMV-HD (T2, later patched), even the first generation XBox done by an MIT student. Now the same with WinVDVD's implementation of AACS (interestingly, WinDVD was the player leaking DVD-A keys as well).

Now it is more an issue of logistics (based on Amir's comments, AACS was built with cracks like this in mind). Can WinXP be banned as a playing invironment? Will it be? Can computer playback be banned outright?

Diogen.

Now it is more an issue of logistics (based on Amir's comments, AACS was built with cracks like this in mind). Can WinXP be banned as a playing invironment? Will it be? Can computer playback be banned outright?


I'm surprised the AACS didn't insist on the WMV-HD model for XP (and other unsecure) general PC playback: Internet connection required, and per view license.

It would mean that this would have already been solved.

Gary

I'm surprised the AACS didn't insist on the WMV-HD model for XP (and other unsecure) general PC playback: Internet connection required, and per view license.IIRC, only the first two (?) WMV-HD titles were aquiring licenses over the net. It was replaced with on-disk license generators.
Amir said at that time it was a mistake (online licensing) and won't happen again.

MS had the luxury of having just one player play those titles.
Even ZP and TT were not independently developed WMV-HD players.

Diogen.

All DRM cracks in recent memory (not DVD) were based on intercepting keys in the open: DVD-A, WMV-HD (T2, later patched), even the first generation XBox done by an MIT student. Now the same with WinVDVD's implementation of AACS (interestingly, WinDVD was the player leaking DVD-A keys as well).


IIRC, DVD-A hack was not based on interception keys either. It was via fake driver to cheat Windvd into hand over the already decrypted audio bits. A backdoor hack it was. Really, DVD-A couldn't even be considered cracked because Windvd's key could be revoked although the released titles were compromised.

Today, we have not seen any hack. Just a AES-128 container using a title key in the clear to perform a AES function.

Amir said at that time it was a mistake (online licensing) and won't happen again.


It is not a mistake. It is a experiement. It won't happen again becaused this kind of DRM will turn off sales.

It is not a mistake. It is a experiement. It won't happen again becaused this kind of DRM will turn off sales.Semantics.
It was decided it's not the right way to go.
Can this be brought back for compromised players? Does AACS have such a provision (aquiring keys ovnline)?

The next couple months will be very intereting in terms of what DRM (and everything using it) is capable of.

Diogen.

Today, we have not seen any hack. Just a AES-128 container using a title key in the clear to perform a AES function.

For those who object to the word hack I suppose we could all agree to call it a banana. But the fact remains that there are now confirmable keys being posted to the net and it appears that all HD DVD movies (and probably BD movies) sold to date can thus have the copy protection removed from them by sufficiently determined banana farmers.

I don't think revoking any current software players will change this for discs already in circulation so we can probably expect most of those movies to also eventually be posted somewhere.

- Tom

I think you're missing the point here. What difference does it make if its a fake driver or backdoors or exploits?

What is my point?
People think this is the first crack which will led to the meltdown of AACS are kdding themselves. There is no hack/exploit in this case just a copy&paste.

Who cares how it is done.


Of course nobody cares unless they couldn't rip for free anymore.

...People think this is the first crack which will led to the meltdown of AACS are kdding themselves.Actually, considering this "banana" is less than 2 days old, I don't think many people think this way.
Certainly not the ones that did it: Muslix made sure that everybody interested read the AACS white paper.

Considering this whole hidef DVD business is still on life support, it is hard to take any drastic measures without the risk of killing it on the spot. But studios will be upset and rightfully so. Something has to be done. Amir mentioned that everybody agrees that some "leakage" is inevitable. Maybe so far it is still on the acceptable level and it will be business as usual.

Diogen.

Yes. As someone who has already invested $thousands in both formats I hope legitimate owners will not be affected in any way. A little while ago on digitalbits there was speculation about possible disc exchanges. I really hope that isn't true. If they are going to fix this they need to do it in a way that is completely transparent to the user.

I'm thinking that "they" are going to revoke the keys to all current software players and not issue keys to any software players in the future that do not run on operating systems that have protected data paths. In other words, the XP software players won't be able to play discs anymore. Only players that run on Vista and OSX Leopard (if it provides protected data paths) will be able to play HD-DVDs.

This reminds me of something Amir said regarding Microsoft's refusal to make an XP player; that it would be too hard to protect the keys using software-only techniques on XP. He said that others might take the chance and do so. WinDVD (or is it PowerDVD?) took the chance, and clearly failed, badly.

Now, if software players even on OSes with protected data paths are compromised, then look for software players to be shut out altogether as the indudstry simply refuses to issue keys to any software player.

If your "investment" was in hardware players, then this won't affect you. So far the hackers haven't attacked hardware players.

To those wondering when the formats would support Mandatory Managed Copy, looks like for the first discs it is pretty much now. And HD DVD might have beat Blu-ray to supporting MMC, but only by just a little bit as it looks like people just need to go get Blu-ray drives for PCs to enable it there. :)

If the studios provide actual MMC then maybe people won't be as inclined to set themselves up to use one of these home rolled versions.

--Darin

Semantics.
It was decided it's not the right way to go.
Can this be brought back for compromised players? Does AACS have such a provision (aquiring keys ovnline)?


I was more refering to a per use license for the PLAYER, not the content. The player would need to phone home to insure it is an acceptable version and not modified, before it allows content to play.

In this way the players would already be fixed.

And this would only happen in the environments the player maker deems untrustworthy. Vista provides the software services for this purpose, so it wouldn't be required under Vista.

Gary

To those wondering when the formats would support Mandatory Managed Copy, looks like for the first discs it is pretty much now.

More like NUC - non-mandatory unmanaged copy ;)

Windvd's device key and sequence key will be revoked right away. If AACS is really serious, they shouldn't handle out key to software until Vista PVP is used.

Right. Infact before these were announced, that was the impression - that we won't have a PC s/w player on XP. But PowerDVD/WinDVD were brave enough to put out their HD versions ... No wonder Amir was saying MS won't make a s/w player on XP.

Right. Infact before these were announced, that was the impression - that we won't have a PC s/w player on XP. But PowerDVD/WinDVD were brave enough to put out their HD versions ... No wonder Amir was saying MS won't make a s/w player on XP.

In retrospect it looks foolish, risky, and downright dangerous to all of us.

Gary

Right. Infact before these were announced, that was the impression - that we won't have a PC s/w player on XP. But PowerDVD/WinDVD were brave enough to put out their HD versions ... No wonder Amir was saying MS won't make a s/w player on XP.

Isn't there something like an 8 mega$ fine for having sloppy AACS security? I don't remember where I got that idea but somehow that figure sticks in my mind from one of the early hidef DVD threads.

As much as I have been waiting for a convenient crack (banana) for non-HDMI Win/XP PC playback before buying into either format I actually hope that fine is levied. It would be nice to set the precedent that software vendors have some security liability and may be responsible for financial damage cause by lax security precautions. ;)

- Tom

Isn't there something like an 8 mega$ fine for having sloppy AACS security? I don't remember where I got that idea but somehow that figure sticks in my mind from one of the early hidef DVD threads.

Yes. $8M ....

As much as I have been waiting for a convenient crack (banana) for non-HDMI Win/XP PC playback before buying into either format I actually hope that fine is levied. It would be nice to set the precedent that software vendors have some security liability and may be responsible for financial damage cause by lax security precautions. ;)

I do think s/w sellers jumped the gun here ....

To those wondering when the formats would support Mandatory Managed Copy, looks like for the first discs it is pretty much now.
--Darin

Wouldn't this be more like unmanaged copy ?

Art

Wouldn't this be more like unmanaged copy ?

ArtThat's just how it should be.

I control the disk I purchase, and can convert it to play on the device I choose. That's why I'm leaning HD-DVD, and am firmly backing SD-DVD for at least the near future.

..."they" are going to revoke the keys to all current software players...And as long as it hasn't been proven that PowerDVD is "leaking", it will sue AACS LA...

Diogen.

That's just how it should be.

I control the disk I purchase, and can convert it to play on the device I choose. That's why I'm leaning HD-DVD, and am firmly backing SD-DVD for at least the near future.

There is a lot of debate about who owns what with modern media and intellectual property.

But my own personal policy is, "I bought it, I own it".

- Tom

IIRC, DVD-A hack was not based on interception keys either. It was via fake driver to cheat Windvd into hand over the already decrypted audio bits. A backdoor hack it was. Really, DVD-A couldn't even be considered cracked because Windvd's key could be revoked although the released titles were compromised.

This is incorrect. The WinDVD DVD-A hack consisted of decrypting the disc (AOB files with CPPM encryption), demuxing the MLP files and/or decoding the MLP content to WAV as there is no available (cheap) MLP decoder.

Tomas

Really, DVD-A couldn't even be considered cracked because Windvd's key could be revoked although the released titles were compromised..
That could be only in theory. But, in reality, there is no any use to revoke keys. The same type of "hack" can be applied to PowerDVD player, CPPM device keys can be extracted from firmware, revoked device keys in WinDVD/PowerDVD can be replaced with extracted firmware keys, standalone DeCPPM utility (based on keys, stolen from firmware) can be developed, etc... There are too many ways to neutralize revocation.

CPPM device keys can be extracted from firmware


Firmware from where and for whom?

...The same type of "hack" can be applied to PowerDVD player,
...CPPM device keys can be extracted from firmware,
...revoked device keys in WinDVD/PowerDVD can be replaced
...standalone DeCPPM utility (based on keys, stolen from firmware) can be developed,Before you show how this is done, this remains a J6P claim, in the "wishful thinking" category, nothing more.

Diogen.

Firmware from where and for whom?

From some DVD-Audio compartible DVD player. Suppose that device keys from that player are exposed. How many players will be compomized with just one key set? Many... Cannot see any reason for anybody to publish someone's secrets (device keys should be treated as highly confidential according to specification).

Before you show how this is done, this remains a J6P claim, in the "wishful thinking" category, nothing more.

Ok, this is J6P claim. Continue disbelieving...

From some DVD-Audio compartible DVD player. Suppose that device keys from that player are exposed.

From CE players? Is this a fact or you assumption?

For anyone who might still think that these hackers favor Blu-ray over HD-DVD and are doing this to bring down HD-DVD, this is on the front page of doom9.net for 1/13:

If you had any doubts about the validity of BackupHDDVD - the time for doubts has come to an end today. Next stop: Blu-Ray. And in the meantime, please forgive that the forum is a bit slower than usual.. we're going for a new user record.

It will be interesting to see how Fox reacts when their BD titles become free for download or streaming since they are the most concerned about this issue.

From CE players? Is this a fact or you assumption?
Yes, this is a fact.

Yes, this is a fact.

So you are saying the hackers was able to steal the device key from the CE players and put it into rip software? Do you have a link?
BTW, if the CE players have not protected their device key. The whole family could be banned easily by AACS.

The story is beginning to spread:

arstechnica: First pirated HD DVD movie hits B1tT0rrent (http://arstechnica.com/news.ars/post/20070115-8622.html)

webpronews: First HD-DVD On B1tT0rrent, MPAA Trembles (http://www.webpronews.com/topnews/topnews/wpn-60-20070115FirstHDDVDOn**********MPAATrembles.html)

And the BD side has no reason to be smug:

Possible Blu-ray title/volume key exploit found on PS3 (http://www.hdtvblogger.com/?p=39)

I tried to post that info in the news thread... it got deleted.

But yeah, methinks they have removed those torrents for now (going by some of the comments left on those websites).

Cheers...
Duy-Khang Hoang

But yeah, methinks they have removed those torrents for now (going by some of the comments left on those websites).

Not only have they not removed them but they added two new ones bringing the number up to 5.

BTW, if the CE players have not protected their device key. The whole family could be banned easily by AACS.

It would certainly be a sad day if the Toshiba players got banned by AACS!

Not only have they not removed them but they added two new ones bringing the number up to 5.

Which gives the lie to any claims that this was done in the name of "Fair Use".

So, where is the web site with the conspiracy theory that this hack is the work of HD DVD supporters wanting to stop the flood of BD titles?

We need some conspiracy theory balance!
Yep - Muslix keeps *saying* he's going to do a Bluray version, but yet happily continues milking the publicity for the HD DVD keys he's releasing.

I'm fairly convinced it's an anti-HD DVD campaign at this point, and until he writes a Bluray version and provides the means of obtaining the Bluray keys, I will not change my mind.

Forgive me if I predict that he will not do this until after the "powers that be" discover and close the "weakness" he claims to have found...

Not only have they not removed them but they added two new ones bringing the number up to 5.

Sorry that I am quoting myself but I had to correct myself:

Make that a total of 6 are now out.

Sorry that I am quoting myself but I had to correct myself:

Make that a total of 6 are now out.

Can you also count how many DVDs are out and while you are at it how many DVDs were sold in '06 ? ;)

Can you also count how many DVDs are out and while you are at it how many DVDs were sold in '06 ? ;)

Oh, I get it. Sarcasm.

I guess you don't find this alarming. Six in two days means that the entire HD DVD library will be out in about two months.

Its much more than 6 (http://www.hdkeys.com/).

Its much more than 6 (http://www.hdkeys.com/).

Those are the just the keys. Most of those have not been ripped yet. The key count is up to 47 according to doom9. So in the next few weeks those will be coming. :mad:

Yep - Muslix keeps *saying* he's going to do a Bluray version, but yet happily continues milking the publicity for the HD DVD keys he's releasing.

I'm fairly convinced it's an anti-HD DVD campaign at this point, and until he writes a Bluray version and provides the means of obtaining the Bluray keys, I will not change my mind.

Forgive me if I predict that he will not do this until after the "powers that be" discover and close the "weakness" he claims to have found...

your theories are bogus..... the one and only reason HD DVD was attacked first, is that Microsoft released a 199$ HD DVD drive.

Also, Muslix himself has never posted a volume key, its other members of doom9.

your theories are bogus..... the one and only reason HD DVD was attacked first, is that Microsoft released a 199$ HD DVD drive.

Also, Muslix himself has never posted a volume key, its other members of doom9.
I think what no one realizes is how sad a day this is for both Bluray and HD DVD.

A Bluray version will follow within days - Muslix won't do it, but someone else will. The same software that plays HD DVDs will show keys for Bluray also.

So, short-term, there'll be loads of "hurrahs" from those looking for illegal copies - but medium-term, both formats are now fatally wounded, perhaps.

Bluray's BD+ protection layer is far from implementation, as it doesn't seem to be finalized yet - so at the very least, BR studios are going to freeze further releases out of a modicum of caution.

Hats off to the AACS-LA folks for making their protection so limp and for not doing a better job of inspecting and policing the players...

Those are the just the keys. Most of those have not been ripped yet. The key count is up to 47 according to doom9. So in the next few weeks those will be coming. :mad:

Is this what you mean?

http://forum.doom9.org/showthread.php?t=120611

Is this what you mean?

http://forum.doom9.org/showthread.php?t=120611

Yes and there are others that have not been updated for some reason.

Blu-ray keys may be eminent (http://www.hdtvblogger.com/?p=39).

The AACS protection system clearly appears to have been too weak. Yes, we all know that the encryption has NOT been cracked (as stated on my site), but the "system" has allowed Volume keys to be found, which will result in both Bluray and HD DVD movies being compromised.

The AACS protection system clearly appears to have been too weak. Yes, we all know that the encryption has NOT been cracked (as stated on my site), but the "system" has allowed Volume keys to be found, which will result in both Bluray and HD DVD movies being compromised.

The point is that AACS can't control improper player implementation, but does have revocation rules built in. AACS planned on this scenario and should now take steps to 1) penalize if appropriate, 2) Add compromised players to the revocation list.

True? If so, AACS has delivered exactly what was promised.