AACS Not So Cracked After All

[MidnightWatcher]

VideoBusiness

DEC. 28 | LIKE SCROOGE SHOWING up at a holiday party, reports surfaced over the Christmas break that AACS—the supposedly unbreakable encryption used on HD DVD and Blu-ray discs—had in fact been broken, by a hacker calling himself Muslix64.

According to the thread he or she started on the Doom9 Forum, Muslix was able to write a Java-based command-line utility for Windows called BackupHDDVD that allowed him to move unencrypted files containing Full Metal Jacket, Van Helsing, Tomb Raider and a handful of other movies to his hard drive.

Muslix even posted a video on YouTube, tauntingly titled “AACS is Unbreakable,” purportedly showing the utility in action.

He/She then released the source code for others to try, complete with FAQ.

The postings set off an orgy of gloating and wild speculation over how the studios might respond to the purported crack on hacker forums, including a prediction that HD DVD studios would now defect to Blu-ray, since the latter format includes the extra BD+ layer of copy-protection.

Yet like Dickens’ story of redemption, the studios have reason for cheer amid the grim holiday tidings.

For one thing, AACS wasn’t really cracked, as that term is commonly understood. Claims to the contrary are based on limited understanding of how AACS was designed to work.

For another, the compromise of a handful of titles now, while the number of discs and players in the market is still insignificant, provides a low-cost, low-risk opportunity to test how well AACS can respond to being compromised.

ACCORDING TO THE DOOM9 postings, Muslix64 was using the USB-enabled HD DVD add-on for his Xbox 360 to view HD DVD discs on his PC, using Cyberlink’s PowerDVD player software.

Using BackupHDDVD, he/she was apparently able to retrieve the title-specific decryption keys from the player memory during playback and then feed them into his/her own decryption procedure as outlined in the public documents available on the AACS Licensing Authority Web site.

The keys themselves apparently remain encrypted, however.

The basic approach with BackupHDDVD is not all that different from DeCSS, the first widely distributed crack of the CSS-encryption used on standard DVDs.

Like BackupHDDVD, DeCSS works by uncovering the decryption keys and using them to create unencrypted files on a hard drive.

In other important ways, however, there is a world of difference between the two scenarios, related to the designs of the respective encryption systems themselves.

CSS relied on a single set of keys that were used to encrypt every DVD and were provided to every DVD player, both hardware and software.

Once those keys were uncovered the first time, the system was fatally compromised. The same utility can be used to rip any DVD for all time.

AACS, on the other hand, was designed specifically to cope with the challenge presented by BackupHDDVD.

Both the PowerDVD player software and the titles themselves carry unique keys, which, if hacked, can be revoked. In principle, the damage can be limited to only those copies of Full Metal Jacket and the others currently in the market and to the PowerDVD player.

THE CHALLENGING PART will be getting the system to work as designed. And here, BackupHDDVD could be a blessing in disguise, giving the studios and software makers a chance to uncover potential bugs in the system while the numbers—and the potential damage—remain small.

First, additional forensic work will have to be done to determine exactly what BackupHDDVD does, to determine exactly where the compromise occurred.

If the player’s keys were indeed compromised, those keys could be “revoked,” meaning all discs pressed from that point forward would be unplayable in the cracked players.

That would have the effect of revoking the players of many people who had done nothing wrong, however, and would actually shield the guilty party or parties from having their players “updated” with new keys.

A more likely scenario is that the player’s existing keys would be revoked at the disc level. New copies of those titles would be replicated using new keys, so that the new discs would not play in the compromised players.

Updated keys for the PowerDVD player could then be distributed via new discs so that innocent owners of PowerDVD can continue to use their players.

How quickly that can all be made to happen, however, and with what degree of due-process for Cyberlink remain unclear. What procedures exist, exist only on paper and have never been tried in the real world.

But the studios might as well find out now, when the damage affects only a few catalog titles and a handful of players.

[vancouver]

Quote:

Originally Posted by MidnightWatcher

The postings set off an orgy of gloating and wild speculation .

No S*&^T. Sounds like 90% of the posts on the next gen forums on AVS.

[Davinleeds]

It's easy to migrate files to HDD, you need software to play. As shown on the video.

[nataraj]

Quote:

The postings set off an orgy of gloating and wild speculation .

Yep. Esp by people who had nothing to do with the "cracking" ....

[paintit77]

Lets say there are 128 billion different keys. If there are, how in the hell is AACS going to monitor and revoke that many? The math doesn't work. They put 6 million BR Movies into production, 3/4 of the way, they realize the encrytion has been compromised and revoke the key. By that time the new key is uploaded into the software (PC) or Hardware (CE Player), the hackers have what they need to replicate. By then the encrytion has been removed from the film. Its not going to work. When a software crack does become available, PCs will be able to do the math. A current Dual Core can't do it. When we get 6,8 or even 10 core 64 Bit PCs, then the average user will have the horsepower to mathmatically break the encryption.
It will happen and I bet sooner than later!

[MidnightWatcher]

Quote:

Originally Posted by paintit77

Lets say there are 128 billion different keys. If there are, how in the hell is AACS going to monitor and revoke that many? The math doesn't work. They put 6 million BR Movies into production, 3/4 of the way, they realize the encrytion has been compromised and revoke the key. By that time the new key is uploaded into the software (PC) or Hardware (CE Player), the hackers have what they need to replicate. By then the encrytion has been removed from the film. Its not going to work. When a software crack does become available, PCs will be able to do the math. A current Dual Core can't do it. When we get 6,8 or even 10 core 64 Bit PCs, then the average user will have the horsepower to mathmatically break the encryption. It will happen and I bet sooner than later!

"The postings set off an orgy of gloating and wild speculation"

Emphasis mine.

[Michael Mullis]

It's funny. Twice in the other thread, so gleefully started by a BD fanboy I might add, I specifically asked for proof that this "hack" allowed the hacker to burn the movie to an HD DVD and play it in a standalone player.

Twice that was ignored.

Mainly because of course there is no such proof. And instead of realizing it's a real-world difference between copying the files and playing it on your PC, and making and playing backups on your Toshiba or Xbox 360, the BD fanboys continued to argue the technical specs of BD+ and carry on like HD DVD was finally at it's death knell.

[builty]

Just what we need, yet another thread on AACS issues. This one adds little info that isn't already known and widely discussed in the other umpteen threads.
Mods need to close and/or combine all into one thread.

[dialog_gvf]

If the title wasn't cracked, and merely the necessary decryption keys obtained an reused, how would this have affected BD?

With the protection intact, wouldn't the BD player have looked for the ROM-Mark? This wouldn't have existed on an HDD or disc based copy.

Gary

[MORPHIII]

This is so stupid in my opinion. New keys in disc or player will not work. As long as the "new" player can play the "new" disc. The "new" keys will be found!.

You cannot hide this fact. All you have to do is to sniff the key from memory when the movie is playing and voila you get your key.

You can change it a million times and it won't matter.

So you don't need to crack the AACS code to copy movies as the title implies.

As I said before stupid!

[AnthonyP]

agree with Gary. Even though it does not seem that AACS is hacked, for all intense and purposes if it is as described above it is a big hit for HD DVD and one that shows the importance of the BD rom mark in anti piracy. Even if playback SW is fixed to not show the files, the trick is out of the bag now. And unless someone builds SW for HD DVD that can differentiate between ROM, non-ROM disks and HDD if people can make unlimited illegal copies to the studio it is the same thing.

[namechamps]

The amount of FUD spread is insane.

First of all there was no hacking on the encryption. The software was designed piss poor. The real world analogy would be a massive bank vault with the combination placed in plain view. There was no excuse for PowerDVD making such a stupid mistake. Encryption keys can and will be better protected.

Second BD-ROM Mark would not have prevented this "hack". The drive would have detected a valid ROM Mark and begun the hardware level decryption. The AACS stream would have been passed to the player and then the title key would have been grabbed. Same exact outcome. One the title is decrypted and stored on a HDD it can be burned to EITHER BD-R or HD DVD-R. Both systems would simply look at the recordable disc as a user created disc and playback without issue.

Lastly 128bit encryption has 2^128 possible values (not 128 billion). Brute force simply will not work on AACS (which is based on AES). Given a computer than can try 1 trillion possible values per second (well beyond current computational abilities) a computer would need 5,395,141,535,403,010,000 years working 24/7 to try just 50% of the possible codes. Given a network of 1 million such computers (each trying 1 trillion codes per second) it would take still nearly 5 billion years just to try half the possible solutions. If AES can be cracked on a home PC in our lifetime we have some huge problems. AES is used to protect everything from banking interchanges, nuclear missle launch codes, and classified documents.

Let's get the facts straight before this thread goes any further. This is not a hack of AACS rather it shows a sloppy implementation by a vendor. AACS was designed to heal around such an issue. First a new version of powedvd will be created. This version will protect the cryptographic data. Next a new AACS device key will be created for the new version. Next the old version's device key will be added to the blacklist. The old version will not be able to decrypt future movie releases.

The only titles affected are the 150 or so HD DVD titles (plus any currently in the pipeline). If the exploit affects the BD version also (which we don't know yet) then it would affect the 100 or so BD titles. All future titles can be protected by creating a new version of the software that solves this flaw. Even the at most 250 affected titles can be encrypted with new title keys and new device keys which would prevent their decryption on the old software. Once the movies who have their title keys revealed have sold out and/or recalled by the studios they will be replaced with the same movie having new titles keys and a new device blacklist.

This is exactly the kind of issue that AACS was designed to handle. If handled quickly and properly it can show the studios that AACS is indeed robust enough to handle exploits from faulty software.

[heavyharmonies]

You're swimming upstream. Facts and logic have little impact when the BR spin machine is in full force. The now 12-page thread above is a textbook example of a strawman argument perpetrated by the BR crowd. You have some of BR's biggest cheerleaders jumping for joy shouting "This is the end of HD-DVD! Yaaaaaay!"...

Why let facts get in the way of a good story?

[Faceless Rebel]

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.

[AnthonyP]

Quote:

First of all there was no hacking on the encryption. The software was designed piss poor. The real world analogy would be a massive bank vault with the combination placed in plain view. There was no excuse for PowerDVD making such a stupid mistake. Encryption keys can and will be better protected.

Agree, but who talked about a hack? The guy (due to PowerDVD) found out how to make good copies. These copies even though illegal look good to any player because everything is in order

Quote:

Second BD-ROM Mark would not have prevented this "hack". The drive would have detected a valid ROM Mark and begun the hardware level decryption. The AACS stream would have been passed to the player and then the title key would have been grabbed. Same exact outcome. One the title is decrypted and stored on a HDD it can be burned to EITHER BD-R or HD DVD-R. Both systems would simply look at the recordable disc as a user created disc and playback without issue.

no, the copied content is encrypted BD. Unless someone creates a fake BD SW any SW (like PowerDVD) will need to look for the BD rom , not find it on the HDD copy or the BD-R copy or the HD DVD copy (if HD DVD had a burner) or DVD copy.

Quote:

Lastly 128bit encryption has 2^128 possible values (not 128 billion). Brute force simply will not work on AACS (which is based on AES). Given a computer than can try 1 trillion possible values per second (well beyond current computational abilities) a computer would need 5,395,141,535,403,010,000 years working 24/7 to try just 50% of the possible codes. Given a network of 1 million such computers (each trying 1 trillion codes per second) it would take still nearly 5 billion years just to try half the possible solutions. If AES can be cracked on a home PC in our lifetime we have some huge problems. AES is used to protect everything from banking interchanges, nuclear missle launch codes, and classified documents.

Who said anything about hacking AACS. CSS was also not hacked, one guy found one key and built a SW player that decrypts the content with an illegal key.

Quote:

Let's get the facts straight before this thread goes any further. This is not a hack of AACS rather it shows a sloppy implementation by a vendor. AACS was designed to heal around such an issue. First a new version of powedvd will be created. This version will protect the cryptographic data. Next a new AACS device key will be created for the new version. Next the old version's device key will be added to the blacklist. The old version will not be able to decrypt future movie releases.

Agree, but before anything else all the keys for all the HD DVD movies can be had. So any one for all existing HD DVD movies until the point when the powerDVD key is revoked are compromised. AACS also has a procedure. The key can’t be revoked for several months.

Quote:

The only titles affected are the 150 or so HD DVD titles (plus any currently in the pipeline). If the exploit affects the BD version also (which we don't know yet) then it would affect the 100 or so BD titles. All future titles can be protected by creating a new version of the software that solves this flaw. Even the at most 250 affected titles can be encrypted with new title keys and new device keys which would prevent their decryption on the old software. Once the movies who have their title keys revealed have sold out and/or recalled by the studios they will be replaced with the same movie having new titles keys and a new device blacklist.

1) agree it is obvious for movies that will be out before revocation
2) disagree on BDs, the ROM mark won’t be there so every BD player should dismiss them
3) the movies who’s keys are stolen on HD DVD become public domain even if the SW player is fixed
4) even if the SW player is fixed and the same trick can’t be used. A lot more is known about AACS and hackers know exactly where the weakest link lies.
5) What you and every other person that dismisses it as not a hack so not important is missing is that this shows how problematic it can get depending only on AACS. Yes this happened in 2006 with barely over 100 titles but what if it happens when there are 1000, 10000? This can re-happen at any time from the creator of any legitimate SW vendor.

Quote:

This is exactly the kind of issue that AACS was designed to handle. If handled quickly and properly it can show the studios that AACS is indeed robust enough to handle exploits from faulty software.

It is not up to AACS but Power DVD. AACS can revoke the player, but there is the red tape. Someone needs to raise the issue in front of the board, then Power DVD needs to have the time to formulate the plan (AACS Rules) then AACS needs to give them the time to fix the issue. The only good thing is if PowerDVD comes out with a fast fix and then they can ask AACS to revoke (early on) the key to force the upgrade on their customers (revocation and renewal). Because AACS can't react fast, their hands are tied

[AnthonyP]

Quote:

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.

why is it in my interest that others make illigal copies?

[BuGsArEtAsTy]

Quote:

Who said anything about hacking AACS. CSS was also not hacked, one guy found one key and built a SW player that decrypts the content with an illegal key.

Well, the important difference is that CSS is compromised forever. AACS isn't. Also, CSS is vulnerable to brute force hacks, as it only uses 40-bit encryption.

Quote:

Agree, but before anything else all the keys for all the HD DVD movies can be had.

New printings of the discs would use new keys.

Anyways I think the biggest mistake here is that the DVD Forum (and Blu-ray Alliance) didn't try to hack PowerDVD (or WinDVD) themselves as soon as they got a copy. I guess they trusted that company's QA a little too much.

[Rob Zuber]

Quote:

Originally Posted by Faceless Rebel

I find it sad that the BD fanboys are jumping up and down cheering for a format which has more pervasive, invasive, draconian, and excessive DRM than HD DVD. Talk about being so blind as to not be capable of seeing their own interests as consumers with regards to fair use and that kind of thing.

You're peddling propaganda.

And you should take a look at Windows Vista sometime before you get all high-and-mighty about one of the primary companies pushing HD-DVD.

[Faceless Rebel]

Quote:

Originally Posted by Rob Zuber

You're peddling propaganda.

And you should take a look at Windows Vista sometime before you get all high-and-mighty about one of the primary companies pushing HD-DVD.

This statement is ludicrous. Microsoft didn't make Vista secure to screw over consumers of high-def optical formats, they made it secure to prevent the daily holes and exploits in XP which require 5-6 patches every single month. Get a clue.

The person peddling propaganda here isn't me.

[AnthonyP]

Quote:

Well, the important difference is that CSS is compromised forever. AACS isn't. Also, CSS is vulnerable to brute force hacks, as it only uses 40-bit encryption.

but that was not how CSS was hacked. As for ACSS no one knows. It is not even a matter of broken for ever but one o0f it happened once it can happen again. In essence it is not one insane studio called Fox saying “I don’t trust AACS and someone might be able to circumvent it” but proof it6 can be done. Even if this one hole is plugged don’t you think even in the mind of others it is now “what if happens again?”

[quote]New printings of the discs would use new keys.[quote]

maybe, maybe not. It is irrelevant. Those disks (and any other ones until Power DVD is fixed are now public, anyone that uses the technique can make limitless copies of the movie and distribute it. And the movie keys can’t be revoked. In a way there is no reason to make copies with new keys, the people that will buy won’t make copies and the people that will DL copies won’t buy.

Quote:

Anyways I think the biggest mistake here is that the DVD Forum (and Blu-ray Alliance) didn't try to hack PowerDVD (or WinDVD) themselves as soon as they got a copy. I guess they trusted that company's QA a little too much.

The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.

[Jackinbox]

Quote:

I now own both formats... but I refuse to drink the Blu KoolAid that makes fanatics delusional.

If you're referring to the Jonestown massacre, it was actually FlavorAid....not Kool-Aid.

[BuGsArEtAsTy]

Quote:

Originally Posted by AnthonyP

The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.

Every SW player? You mean all 2 of them?

[Ruined]

There still has been zero confirmation from any 3rd party that any title keys have been compromised.

It would be funny if this was a hoax.

[namechamps]

OK I will make this short and simple because it seems logic doesn't work well for BD fanboys.

1) Rom mark only works for ROMS. BD players don't look for a "ROM Mark" when you insert a BD-R or BD-RE

So if the BD version of the same software has the same flaw then BD offers NO protection beyond HD DVD against this exploit. We will have to wait and see if the BD version uses the same flawed AACS routines that the HD DVD version does. Since code sharing and reuse is not only common but favored in large software development this is rather likely.

The same exploit can be applied to a BD Disc.
Step 1)Insert valid BD ROM. Drive verified ROM-Mark and allows playback.
Step 2)Drive passes encrypted keys and encrypted data stream to player
Step 3)Player uses it's device key to decrypt the title key
Step 4)Player stupidly keeps the decrypted title key in memory
Step 5)"hacker" uses memory dump or debugger to grab BD title key

Now a simple modification of the author's source code allows for the creation of a BD Decrypter. Output is a decrypted version of the BD files.

Once the files are decrypted free and clear they can be uploaded to p2p, stored on HDD, burned to HD DVD, burned to BD-RE, etc.

ROM MARK does nothing to stop casual piracy. ROM Mark would prevent a comercial pirate from taking that decrypted movie and using a production line to stamp out fake BD-ROMs. Since these BD-ROMs would be missing the ROM-Mark the drive would not allow playback.

Let me say it one more time just in case it is confusing.
Any BD title without BD+ (which is 100% so far) can be exploited and decrypted the very same way as this HD DVD title. Once decrypted free and clear there is NOTHING in either format to prevent distribution (except by BD-ROM).

[aaronwt]

Quote:

Originally Posted by dylanneild

Give me a break. I've seen HD-DVD zealots yacking on about how HD-DVD has 'won' now because of this hack - the ability to steal content seems to be what will tip most people over the edge in this 'war'.

Don't act like this is a one sided thing - there are giant idiots on both sides of the coin.

That said, this 'hack' does allow exactly what you are asking for. The data is decrypted and can be burnt to any disc with enough capacity to hold it. Having burnt my own HD-DVD discs, I can say this with some authority.

Consider yourself no longer ignored.

How much are blank HD DVD discs? Aren't they more than the cost of the movie?

[Faceless Rebel]

Quote:

Originally Posted by dylanneild

This is funny.

Both formats SUCK for consumers. You're basically trying to justify your bias by saying "i got stabbed once, but you got stabbed twice so that's A LOT worse". Both of us got stabbed, dude.

You also have to remember that we're in the middle of a totally idiotic format war here... both Toshiba and the BDA (Blu-ray is NOT a Sony format - tell that to Pioneer with all the R&D money they've spent) have effectively screwed us over.

And you have the nerve to call anyone else a fanboy?

It never ends with you people.

I'll take the single knife wound over two knife wounds any day myself, thank you very much.

So, which format are you supporting? Are you putting your money where your mouth is and refusing to purchase either format, sticking with regular DVDs? Because if you have purchased either HD DVD or Blu-Ray, then guess what, you're just a giant hypocrite and should shut up right now.

[amirm]

Quote:

Originally Posted by dylanneild

You mean, 1?

Toshiba manufactured the 360 add-on. Yes, the software is MS.. so we'll call it 1.5.

Not true. There is no software to playback HD DVD in the 360 drive. Only the hardware. The software is in the console.

[BOBBY DIGITAL]

Quote:

Originally Posted by namechamps

OK I will make this short and simple because it seems logic doesn't work well for BD fanboys.

1) Rom mark only works for ROMS. BD players don't look for a "ROM Mark" when you insert a BD-R or BD-RE

So if the BD version of the same software has the same flaw then BD offers NO protection beyond HD DVD against this exploit. We will have to wait and see if the BD version uses the same flawed AACS routines that the HD DVD version does. Since code sharing and reuse is not only common but favored in large software development this is rather likely.

The same exploit can be applied to a BD Disc.
Step 1)Insert valid BD ROM. Drive verified ROM-Mark and allows playback.
Step 2)Drive passes encrypted keys and encrypted data stream to player
Step 3)Player uses it's device key to decrypt the title key
Step 4)Player stupidly keeps the decrypted title key in memory
Step 5)"hacker" uses memory dump or debugger to grab BD title key

Now a simple modification of the author's source code allows for the creation of a BD Decrypter. Output is a decrypted version of the BD files.

Once the files are decrypted free and clear they can be uploaded to p2p, stored on HDD, burned to HD DVD, burned to BD-RE, etc.

ROM MARK does nothing to stop casual piracy. ROM Mark would prevent a comercial pirate from taking that decrypted movie and using a production line to stamp out fake BD-ROMs. Since these BD-ROMs would be missing the ROM-Mark the drive would not allow playback.

Let me say it one more time just in case it is confusing.
Any BD title without BD+ (which is 100% so far) can be exploited and decrypted the very same way as this HD DVD title. Once decrypted free and clear there is NOTHING in either format to prevent distribution (except by BD-ROM).

thanks for the clarification.

[GMan4911]

Quote:

Originally Posted by dylanneild

Yes, that's what I meant. Either way, my point was that Toshiba, to the best of my knowledge, is currently the only company manufacturing HD-DVD hardware.

NEC manufactured the drive in the Toshiba HD-A1. Liteon manufactures the drives for HP and has been contracted to build drives for MS.

[HorrorScope]

Quote:

Originally Posted by AnthonyP

The issue is that one organization can’t test for everything. Don’t forget every SW player, every HW manufacturer….. is in a rush to recoup their R&D.

Yep we have all this digital mayhem as proof to that.