HD DVD's AACS Protection Bypassed. In Only 8 Days?!

Dashken · 29th Dec 2006, 07:14 PM

Quote:

A hacker which goes by the name of Muslix64 claims on a forum that his “saga’ of breaking the AACS protection (considered unbreakable) only lasted 8 days, instead of the four weeks initially programmed.

The hacker not only offers a link to the executable and the source code, but also sends a link that redirects you to…YouTube, showing in detail how he cracked the AACS protection that hindered him from watching HD movies on Windows.

But what is the famous AACS? The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, which will allow restricting access to and copying of the next generation of optical discs and DVDs.

The group developing it includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba, and Sony. The standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc.

The proposal is based on broadcast encryption using Naor-Naor-Lotspiech subset difference trees. The proposal was voted one of the technologies most likely to fail by IEEE Spectrum magazine. Concerns about the approach include its similarity to past systems that failed, such as Content Scrambling System (CSS), and the inability to preserve security against attacks that compromise large numbers of players. Indeed, Jon Lech Johansen (known colloquially as "DVD Jon") who defeated the original CSS encryption expected AACS to be cracked by Winter 2006/2007.

AACS utilizes cryptography to control the use of digital media. AACS-protected content is encrypted under one or more title keys using the Advanced Encryption Standard (AES). Title keys are derived from a combination of a media key and several elements, including the volume ID of the media (e.g., a physical serial number embedded on a DVD), and a cryptographic hash of the title usage rules.

The principal difference between AACS and earlier content management systems such as CSS is in the means by which title-specific decryption keys are distributed. Under CSS, all players of a given model are provisioned with the same, shared decryption key. Content is encrypted under the title-specific key, which is itself encrypted under each model's key.

In CSS, each volume contains a collection of several hundred encrypted keys, one for each licensed player model. In principle, this approach allows licensors to "revoke" a given player model (prevent it from playing back future content) by omitting the encryption key corresponding to that model. In practice, however, revoking all players of a particular model is costly, as it causes many users to lose playback capability. Furthermore, the inclusion of a shared key across many players makes key compromise significantly more likely, as was demonstrated by a number of compromises in the mid-1990s.

The approach of AACS provisions each individual player with a unique set of decryption keys which are used in a broadcast encryption scheme. This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles.

What determined Muslix64 to attempt (and eventually succeed) to break the AACS is what he considered “unfair”: “when I realized the 2 software players on windows don't allowed me to play the movie at all, because my video card is not HDCP compliant and because I have a HD monitor plugged with DVI interface, I started to get mad... This is not what we can call "fair use"! So I decide to decrypt that movie. I start reading the AACS specification I have found on the net. I estimate it will take me about 4 weeks of full time job to decrypt that. I was wrong, it was in fact, easy...”(more about this subject here: http://forum.doom9.org/showthread.php?t=119871)

The implications of this already-tested bypass-method are numerous, but perhaps the most important are linked to the HD DVD vs. Blu Ray battle. This could mean that Sony’s investment in PS3 (with the famous Blu Ray optical drive attached) will become the company’s biggest blunder, since consumers will likely prefer HD DVD instead of the Blu Ray. But that could also mean that major movie studios (who are interested in keeping their intellectual property protected) will either go towards Blu Ray (despite customers’ preferences, of course…) or they will make their products even more expensive, since money invested in new DRM mechanisms need to be recovered…

Source: http://www.playfuls.com/news_05648_H... y_8_Days.html

ZuePhok · 29th Dec 2006, 08:53 PM

good job!
hahahaha padan muka to the consortium!

SAMSAMHA · 30th Dec 2006, 12:34 AM

I guess that's good news

. I really don't like the idea that the os and the lcd makers force us to buy a new hardware just to watch HD stuff. I think it's stupid. They need to work a way to protect their property not force us to buy new stuff.

29th Dec 2006, 08:53 PM	#2 (permalink)
ZuePhok Hold me back! I can't stop posting!!! Join Date: 16 Dec 2002 Location: Floating Island Of Mandango Posts: 8,615 Reputation: 2946 Rep Power: 43	good job! hahahaha padan muka to the consortium! __________________ my motto: poison first, think later.

30th Dec 2006, 12:34 AM	#3 (permalink)
SAMSAMHA Super Active Join Date: 13 Oct 2004 Posts: 2,356 Reputation: 197 Rep Power: 8	I guess that's good news. I really don't like the idea that the os and the lcd makers force us to buy a new hardware just to watch HD stuff. I think it's stupid. They need to work a way to protect their property not force us to buy new stuff.