Hacks on high-definition DVD players confirmed

[TheUnknownComic]

http://news.com.com/Hacks+on+high-definition+DVD+players+confirmed/2100-1002_3-6153615.html

Hacks on high-definition DVD players confirmed

By Reuters

Story last modified Thu Jan 25 17:42:11 PST 2007

A consortium of movie studios and technology companies backing the encryption system for high-definition DVDs on Thursday confirmed that hackers have stolen "title keys" and used them to decrypt high-definition DVDs through flaws in DVD player software.
Both the title keys and a number of decrypted films have been posted on peer-to-peer Web sites for downloading and copying, a spokesman for the Advanced Access Content System Licensing Authority said on Thursday.

The large size of the files and the high cost of writable high-definition discs make large-scale copying of high-definition DVDs impractical, but the attacks on the new format echo the early days of illegal trafficking in music files, AACS LA spokesman Michael Ayers said.

"We want to make sure we address this now. It has a potentially limited impact now but some sobering possibilities," he said.

The hackers did not attack the AACS itself, but stole the keys as they were exchanged between the DVD and the player to strip the encryption from the film.

A large-scale failure of the AACS could be a threat to the $24 billion DVD industry, which has started to cool and was counting on next-generation DVD sales to reinvigorate it.

The hackers obtained the keys from "one or more" player applications, but AACS LA would not identify them or say whether their licensing would be revoked.

"We certainly have not ruled out any particular response and we will take whatever action is appropriate," Ayers said.

The security breach affects both of the high-definition DVD formats--Sony's Blu-ray and Toshiba's HD DVD, he said.

The confirmation of the attack comes about a month after a hacker called Muslix64 described in an online posting how he defeated the encryption system by using DVD player software.

AACS LA founders include IBM, Intel Microsoft, Panasonic, Sony, Toshiba, Walt Disney and Warner Bros. Studios, a unit of Time Warner.

[FulciLives]

I have a bad feeling that poor Muslix64 could be in a heap of trouble.

But the nonsense has to stop!

When we (the customer) buy a movie on optical disc or music on optical disc etc. we DEMAND to do with it what we want and as long as we keep it to ourselves then so be it.

If studios really wanted to cut down on piracy then they would lower the prices

- John "FulciLives" Coleman

P.S.
Check this out ---> BackupHDDVD

[TheUnknownComic]

http://gear.ign.com/articles/758/758675p1.html

HD-DVD, Blu-ray AACS Copy Protection Broken
Exploit developed within 6-months of launch. Hackers win, but for how long?
by Gerry Block

January 25, 2007 - In the run-up to the launch of the next-gen DVD formats HD-DVD and Blu-ray, a great deal was made of the new formats and the manner in which each would attempt to limit the ability of hackers to break copy-protection and rip the data. Hollywood studios have been in a tizzy since CSS-copy protection on regular DVDs was broken, and cited a pressing need to prevent pirates from jacking movies in full 1080p resolution. HD-DVD and Blu-ray make use of two methods of controlling the data, the HDCP "protected-pathway" of hardware authentication, and AACS signal encryption.

As we discussed last year, critical weaknesses with the HDCP system were discovered early in its development process (story). It has turned out, however, that AACS encryption is actually the first component of next-gen DVD to have been dismantled by the hacking community. In late December a hacker known as muslix64 posted on the Doom9 forums claiming to have defeated AACS. Two days later the individual posted the source code for the tool he developed for the process, BackupHDDVD.

The utility itself only does half the job, however. AACS encryption is based upon an exchange of title and volume keys between player and media. BackupHDDVD does not extract these keys, but merely uses known values to unlock the movie content from AACS protection so that it could potentially be ripped. In posts following his original announcement, muslix64 vaguely referenced that it was possible to extract keys held in memory when HD-DVDs are played with PowerDVD software on Windows computers. The developer of PowerDVD, Cyberlink, has been vociferous in denying that its software could be the source of the extracted keys.

(SEE ORIGINAL FOR IMAGE)

Weeks after the first announcement, Doom9 forum members were able to exploit InterVideo WinDVD 8 and extract keys for four HD-DVD releases, which are now distributed with BackupHDDVD. Shortly afterwards, about two weeks ago, history was made when a 20GB, 1080p rip of Serenity appeared on BitTorrent tracking lists. Just days ago muslix64 returned to announce an alpha version of BackupBluRay, a utility quite similar to BackupHDDVD that relies upon the same method of extracting keys stored in memory to circumvent AACS.

Exactly how long the hacking community will remain victorious in their battle with AACS remains to be seen. The AACS system was designed for the contingency of leaked or extracted keys and has integrated means of revoking player keys. The process would be as simple as pressing new HD-DVD discs that will insist, on attempted playback, upon updating the player software to lock out the compromised keys. There is debate, however, over exactly how specific the AACS Forum is able to be with regard to revoking keys, and locking out a player key may have consequences for uncompromised products. What headaches this system may cause for early adopting consumers remains to be seen and considering the long history of bumbling responses to such developments in the past, we have limited faith that the AACS forum and movie studios will develop a well reasoned response.

The AACS exploit was likely developed faster than the encryption designers expected and is yet another example in the ongoing truth that is the fact that the talent and motivation of the internet collective is always superior to the groups that design the defenses. The BackupHDDVD/BluRay programs are, however, based upon an exploit and do not break AACS to the degree that DeCSS cracks CSS encryption on normal DVDs. Regardless, the fact that within roughly 6 months of the release of HD-DVD and Blu-ray into the wild 1080p rips are being distributed on the net should once again cause the movie studios to consider whether they are pursing a wise path in their approach to DRM and encryption. The process of ripping next-gen DVDs was not developed by Chinese-pirates with replicator facilities but by activist-enthusiasts who are more interested in being able to enjoy their media without restriction than in profit-making piracy.

Stay tuned for more on this front as it develops.

[TheUnknownComic]

http://www.rockymountainnews.com/drmn/movies/article/0,2792,DRMN_23_5298508,00.html

New DVDs stir fears of hackers
By Alex Veiga, Associated Press
January 23, 2007

LOS ANGELES - A business group behind copy-protection software for next-generation DVDs was investigating reports that hackers found a way to circumvent its technology, a group member said last week.

"There are reports that indicate success by a number of hackers. We're still evaluating and determining what the most appropriate course of action is," said Michael Ayers, chairman of the group behind the Advanced Access Content System.

The system was created by a coalition of technology and entertainment companies, including The Walt Disney Co., Microsoft Corp., Intel Corp. and Panasonic.

The technology is used to protect high-definition DVDs in both the Blu-ray and HD DVD formats.

Ayers said hackers had apparently exploited a weakness in computer software used to view DVDs.

"We look at it as an attack on one particular implementation," he said. "It doesn't breach the security of the AACS technology as a whole, because that one implementation can be fixed. Once it's fixed, then that attack no longer works."

Ayers declined to say which DVD-viewing software had been targeted by hackers but noted that vulnerable versions of the software were no longer available.

A report published in The New York Times identified the DVD player software as WinDVD.

The software is distributed by InterVideo Inc., which was acquired last month by Canada-based Corel Corp.

A Corel spokesman said the company wasn't certain a breach had occurred, but that it had disabled a few software codes as a precaution.

[mar-mar]

wow im shocked at how fast hackers are workin on media these days. Especially last couple of years. Its almost like the major companies want this to happen so people from both sides of the fence will be on it..

[TheUnknownComic]

The New York Times is covering it today at:

http://thelede.blogs.nytimes.com/2007/01/26/gremlins-crack-industry-copy-protections-again/

An interview with Muslix64:

http://www.slyck.com/news.php?story=1390

[joepic]

AACS Attack: a Clear and Present Danger to DRM
http://www.slyck.com/story1391.html


The overwhelmingly successful attack against HD DVD and Blu-ray represents several well-entrenched facets of the online community. Perhaps most important is the inherent cooperation that manifests itself against a seemingly common enemy - DRM (Digital Rights Management.) Attached to this cooperation are the vast resources of the online community: primarily its virtually unlimited supply of talent, intellect, and most importantly, its rapid response to a commonly perceived threat.

It therefore comes as little surprise that muslix64's exploit of AACS, an attack that merely involves circumventing the copy-protection mechanism, has been downplayed extensively. According to AACS spokesman Michael Ayers, because of the current technology requirements necessary to obtain, download, and play an exploited high definition movie, the threat is currently limited in nature.

"The large size of the files and the high cost of writable hi-def discs make large-scale copying of high-definition DVDs impractical, but the attacks on the new format echo the early days of illegal trafficking in music files," Ayers said on Thursday.

“Impractical” is a strong word to describe the motivation of the file-sharing community. On AACS' homepage, which interestingly enough is splashed with a logo that reads "Share the vision", the attack is further downplayed in a statement released yesterday.

"AACS LA has confirmed that AACS Title Keys have appeared on public web sites without authorization. Such unauthorized disclosures indicate an attack on one or more players sold by AACS licensees. This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format."

However as muslix64 stated in an interview with Slyck.com, his exploit indeed is an attack on AACS - as AACS' strength is limited by its peripheral implementation.

"People say I have not broken AACS, but players. But players are part of this system! And a system is only as strong as his weakest link. Even if players become more secure, key extraction will always be possible."

In other words, one could argue that AACS has not been attacked directly - which in the strictest and most literal interpretation is true. However this is much like saying four stolen tires is not an attack on a car's engine. Either way, the individual is stuck - and like AACS, it has been merely ignored in exchange for the ultimate goal. In many ways, not attacking AACS directly is much worse than a direct assault, as it highlights the irrelevance of this once highly regarded copy "protection" scheme.

There has also been a tendency to downplay the exchange and distribution of high definition content online. The logic behind this suggests that because of the large file size of high definition movies, typically between 15 gigabytes and 30 gigabytes, it is "impractical" to share these movies online. Again, this has some truth - if more mainstream file-sharing applications such as BitTorrent were used.

However as many file-sharers are rediscovering Usenet, the limitations imposed by BitTorrent are rendered obsolete. Because of Usenet's ultra-fast and direct nature, the amount of time needed to download a 20 gigabyte movie is not exceptional. The arguments of impracticality, which echo the same arguments used for DVD rips and XviDs, are slowly disintegrating. Those on high speed cable connections can generally expect to download such large files after a good night's sleep.

The threat to AACS and DRM in general is indeed grave. Bandwidth speeds are increasing steadily as are hard drive storage capacities. Although HD DVD and Blu-ray hardware is currently expensive, this too will change in the near future. However, many file-sharers take a “slash and burn” approach to their downloading habits, as they prefer to simply download a movie and store it on their hard dive rather than burn it to disc. From there, a compromised high definition movie can be simply exported to a computer monitor or HDTV.

There’s no denying that high definition movies are being exchanged online as this article is being written. Usenet is the primary delivery mechanism at this point, and the number of available titles is increasing daily. While the practice of engaging in HD file-sharing currently represents the fringes of the P2P community, remember the first MP3 first showed up on the newsgroups in the not so distant past.