Originally Posted by lymzy
I think you are missing the point. Once an insecure player which leak volume key emerges, all the titles released are compromised. Nobody could do anything about that. The goal of the revocation system is to keep future release safe.
For example, Powerdvd has failed to protect the volume unique key. Muslix64 found the hole and all the HD DVD and bluray released were compromised. That is it. Then Powerdvd's device key would be revoked and could no longer decrypt the volume unique key on future release. That's why Muslix64 needs a insecure but legitimate
player. Everybody does. Once that insecure player become revoked, people needs to move on and "pray" for another insecure player to emerge.
Exactly except the studios can make it much more difficult with AACS vs CSS. A title can have one of 64 titles keys. So each duplication line could use a different key. As the studios see title keys appear they could change those lines. Over the course of 4 years a popular title could have one of many keys some of which are cracked and some of which are not. Now imagine j6p has MI3 and tries to use a program to rip it, except he has the wrong MI3. Now there is nothing on the box to indicate which key it is encrypted with. The ongoing war to be more like radar detectors vs cops instead of the hole blown wide open by CSS where one piece of software could decrypt all copies of all DVD ever made and ever made in the future. All this assumes the author has actually done anything.
I still think this is a hoax though. The facts that we know:
The author released a piece of software which removed the encryption IF the user has a title key
There is nothing in the software that in itself is an exploit it simply follows the publicly available AACS specs.
The real exploit has is the ability to obtain a correct title key and the author has done nothing to prove it.
The author makes a vague claim that he pulled the key from memory.
The author has not released the title key of one HD DVD title.
No other hacker anywhere in the world has been able to publicly duplicate his success.
The software provider has stated that they do not keep the key in plaintext in main memory.
Sound suspicous? Oh BTW yesterday i found a flaw in SSL. Every single website is now subject to this exploit. Of course I am not going to provide any evidence of my claim but all those e commerce sites better be afraid because I am coming after them.