[HoustonGuy]

Some guy, user named Muslix64, decrypted HD-DVDS(which permits recording of the disc to the computer HDD, I assume) AND has also done it supposedly with Blu Ray discs(which are supposedly tougher to decrypt) as of today. This guy must be a brilliant programmer- even the other very bright programmers on this board were amazed- link...
http://forum.doom9.org/showthread.php?t=119871
http://forum.doom9.org/showthread.php?t=120869

PS- I post this only as a newsworthy item that has already appeared in the NYT 3 days ago and that will have huge ramifications for marketing and security of these formats that were supposedly hacker proof and non-recordable DVDs. The bottom line from what I decipher is that the only way manufacturers of HD movies can prevent this is to assign every disc made with a different title and/ or volume key(presently all of same movies are identical for these two keys). To assign every individual movie disc with unique keys is presently not only production impossible but playback on players(that need the keys) a nightmare. Correct me if wrong.

 

[bobkart]

I read it a few weeks ago. What he did was write an application that can decrypt an HD DVD if you have the decryption key. He himself says that writing such an application can be done with public knowledge, since the encryption algorithm is documented as part of the AACS specification (it has to be or nobody could implement an HD DVD player). But you still need the decrytion key (a 64-bit number I think). This he discovered by hacking into the active memory of a certain HD DVD playing application. That part is "key" (pun intended). Part of the security of AACS relies on players being secure (as in you can't detect the decryption key from them). There is even a so-called "revocation list" that comes on discs that can revoke the AACS license of a player (software or hardware) found to be insecure. Once the AACS licensing authority learns that a given player has been compromised, it gets put on the revocation list and all discs pressed after that will not be playable on the leaky player. I read the entire thread as of a couple of weeks ago and it was interesting how many people did not get that he really hasn't broken the encryption scheme.

 

[HoustonGuy]

bobkart- with all due respect there are many on that board and independent security experts that disagree with your analysis. They claim he not only cracked it but that this represents a very major breach allowing copying- we will see. Players are numerous- people will go to various ones. There is no force on Earth that will prevent future hacking/penetration of any media- Do not you agree?

 

[bobkart]

From the first post in the first thread, by the author of the software:

Quote:
Originally Posted by muslix64 /forum/post/0


This software don't provide any cryptographic keys, so you have to add your own keys.

From the same person's first post in the second thread, where he also decrypted a BR disc:

Quote:
Originally Posted by muslix64 /forum/post/0


Janvitos gave me few files on the BD disc and a memory dump...

Note the "memory dump"; that's where the key is to be found, as I described.


The software can't decrypt an HD DVD discs's contents without the key (128 bits I am now reminded by reading these threads), which in these cases is gotten by dumping active memory (RAM) while the player application is running. Yes that works. One counter to that is that once the AACS licenseing authority finds out about the particular player involved, its license will be revoked. Yes there are a lot of players, but are they all vulnerable in this same way?


Regarding your question about is there a perfect encryption scheme, I think most people will agree that there isn't. But there could be one "good enough" as to be so nearly unbreakable that the difference doesn't matter. Is this an example of that situation? Hard to tell at this point. Perhaps not. My point is that AACS isn't "broken" in the sense that CSS was broken. A hole or two has been poked in it, that's all. Whether it will be broken completely remains to be seen.

 

[ncaahoops]

So it is true, people should eat their cereal! Then they can hack HD-DVD


(Apparently Muslix is the Canadian version of Kellogg's Mueslix cereal).


Now if he ate whole-wheat fiber-rich sugar-free cereal, he would have been able to hack Blu-Ray ;-)

 

[FullOnShred]

All these Media companies do by increasing their security standards is set up a MAJOR challenge to THOUSANDS (more???) of hackers (for lack of a better word), a number of which are operating at extremely high levels of skill and intelligence. There is no widely available media or playback device that will remain permanently uncracked. Nor will there be.

 

[kucharsk]



Quote:
Originally Posted by FullOnShred /forum/post/0


All these Media companies do by increasing their security standards is set up a MAJOR challenge to THOUSANDS (more???) of hackers (for lack of a better word), a number of which are operating at extremely high levels of skill and intelligence. There is no widely available media or playback device that will remain permanently uncracked. Nor will there be.

There certainly could be, if the industry wanted to put the effort into it.


For example, the encryption on banking transactions is a much more interesting target than being able to copy the new Superman movie, but the banking industry has a much higher incentive to keep their product secure.


The technology is in place on HD-DVDs to revoke "broken" keys; the question now is whether the industry will actually use it.

 

[FullOnShred]



Quote:
Originally Posted by kucharsk /forum/post/0


There certainly could be, if the industry wanted to put the effort into it.


For example, the encryption on banking transactions is a much more interesting target than being able to copy the new Superman movie, but the banking industry has a much higher incentive to keep their product secure.


The technology is in place on HD-DVDs to revoke "broken" keys; the question now is whether the industry will actually use it.

I will argue that what I said still stands...A widely available media and player combo will not remain unbroken. At some point I suppose a cost to efficiency model might be the prohibiting factor. I for one would certainly never, ever buy a DVD player that could "just stop working" because of an issue like that.