The New HD-DVD/Blu-Ray Hack: What It Might Mean For Us

Picture_7_8 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

That’s the so-called “Processing Key” that unlocks the heart of every HD-DVD disk to date. Happy Valentine’s day, AACS.

AACS, a DRM scheme used to encrypt data on HD-DVD and Blu-Ray disks, would appear to be cracked wide open by that short string of hexadecimal codes, as previously, only disk-specific Volume Keys were compromised. The new hack is the work of Arnezami, a hacker posting at the doom9 forums, fast becoming the front line in the war on DRM.

“The AACS is investigating the claims right regarding of the hack,” said AACS spokesporson Jacqueline Price. “It is going to take a appropriate action if it can be verified.”

Price said she could not disclose what their investigation might entail, or what “appropriate action” might be.

“We’ve just learned of this claim today and are checking into it,” said Andy Parsons, chair of the Blu-ray Disc Association and senior V.P. of product development at Pioneer Electronics, in an email.

The new crack follows that from earlier this year, when a hacker by the name of muslix64 broke the AACS system as it applied to each movie. While the earlier hack led to 100 HD-DVD titles and a small number of Blu-Ray movies being decrypted one-by-one, the so-called “processing keys” covers everything so far made.:

“Most of the time I spend studying the AACS papers,” Arnezami said in his forum post revealing the successful assault on the next-gen DRM system. “… what I wanted to do is “record” all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. … I now had the feeling I had something. And I did. … Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the “show” in my own memory. No debugger was used, no binaries changed.”

It’s not yet clear what it means for the consumer’s ability to copy movies, or, for that matter, that of mass-market piracy operations. The short form is that the user still needs a disk’s volume ID to deploy the processing key and break the AACS encryption — but getting the ID is surprisingly easy.

Arnezami found that they are not even random, but often obvious to the point of foolishness: one movie’s Volume ID turns out to be it’s own name and the date it was released. There isn’t yet an automatic system, however, that will copy any disk, in the manner of DeCSS-based DVD copying systems.

Even so, the new method completely compromises HD-DVD in principle, as it relies on AACS alone to encrypt data, even if there are other parts of the puzzle that are yet to fit together. Blu-Ray has two more levels of protection: ROM-MARK (a per factory watermark, which might revoke mass production rights from a factory but not, it seems individuals) and BD+, another encyption system, which hasn’t actually been used yet on sold disks (but which soon will be), meaning that its own status seems less obviously compromised.

How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies. Revoking the volume and processing keys that have been hacked would mean that all movies to date would not run on new players.

Publishers could randomly generate Volume IDs in future releases (as they are still needed for the current hack to work), which would make them harder to brute-force. That said, it’s claimed that the “specific structure” of the Volume ID in memory makes it feasible to brute-force randomized ones anyway.

Following are links to the current discussion at the doom9 forums, in which Arnezami and other provide regular updates on their progress. We don’t offer any warantee that the software implementations so far produced won’t blow up your computer or get you thrown in jail and whipped with wet towels by MPAA lawyers:

Proof of concept code for the process key hack is here:

Implementation for Windows:

Implementation for OSX:

AACS LA Versus Digg, Google in DMCA Showdown Over Leaked Key

Beginning two weeks ago, attorneys for the licensing authority for the Advanced Access Copy System used in both Blu-ray and HD DVD issued letters to multiple Web sites and services, including search engines, demanding they remove direct references to a 32-hexadecimal digit code they claim is a processing key that could be used to circumvent DRM protection in HD DVD discs.

“It is our understanding that you are providing to the public the above-identified tools and services at the above referenced URL,” reads one letter sent by AACS LA’s attorneys to a representative of Google, “and are thereby providing and offering to the public a technology, product, service, device, component, or part thereof that is primarily designed, produced, or marketed for the purpose of circumventing the technological protection measures afforded by AACS (hereafter, the “circumvention offering”). Doing so constitutes a violation of the anti-circumvention provisions of the Digital Millennium Copyright Act.”

The letter goes on to demand the removal of references to four Web sites whose articles include the code, as well as to any other material where the code may appear, otherwise “failure to do so will subject you to legal liability.” In an extra bit of irony, the document filename in one of the four URLs the attorneys cite is actually the 32-bit code itself.

The key in question appears to be the same one discovered by the Doom9 Forum user whose screen handle is arnezami, back in February as reported then by BetaNews. What this user discovered, other forum members verified, was a media key that software could use to identify itself as a validly licensed media player of HD DVD discs. While Linux media players could theoretically read the code from HD DVDs, they cannot decrypt that code since AACS LA has thus far declined to issue licenses – and thus, licensed media keys as well – to creators of open-source software, who could theoretically share that code in the act of source code distribution.

Word does not travel as fast as those who repeat online what they read elsewhere online believe it to; and thus, the existence of the discovered media key was only widely reported after a Digg user posted a link to an article where that key happened to appear. That article, appearing Monday on the blog – almost two and a half months after the key’s discovery – begins with the key itself, explains its discovery on the Doom9 Forum, and links to a 17-page autobiographical feature of the fellows who found it on Doom9 (through Digg) and repeated it on, entitled, “Stickin’ It to the Man: The Illustrated Report of an Epic Event.”

That article which links to “Stickin’ It to the Man” was itself Dugg, by way of another blog post – this time entitled, “Spread This Number. Now.” – which the author then self-Dugg, and in so doing, generated by his count 15,492 Diggs (votes of approval from users).

It is that article with the high Digg count which caught the attention of AACS LA’s attorneys, who immediately issued a takedown notice. At first, Digg complied, removing references to “Spread This Number” and other material. In an explanation on Digg’s corporate blog, CEO Jay Adelson wrote, “We’ve been notified by the owners of this intellectual property that they believe the posting of the encryption key infringes their intellectual property rights. In order to respect these rights and to comply with the law, we have removed postings of the key that have been brought to our attention.

“Our goal is always to maintain a purely democratic system for the submission and sharing of information,” Adelson continued, “and we want Digg to continue to be a great resource for finding the best content. However, in order for that to happen, we all need to work together to protect Digg from exposure to lawsuits that could very quickly shut us down.”

Digg also apparently suspended the accounts of individuals who provided the original Digg links, including the one to “Spread This Number,” as its author posted on his own blog last night. However, multiple Diggs to the original Digg, including comments generated there, apparently remained.

There was an immediate public outcry from Digg users – which, for a story that took two and a half months to germinate, is perhaps noteworthy. However, many of the thousands of comments posted to already long threads appear to consist of meaningless data, side discussions irrelevant to the topic, spam, and even cute little pictures drawn with ANSI characters.

Regardless of the substance of the protest, it was enough to provoke Digg’s executives to reverse their course. In a blog post late last night whose title actually includes the media key code, Digg founder Kevin Rose wrote, “Today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code. But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company.

“If we lose, then what the hell, at least we died trying,” Rose concluded. Exactly what action Digg takes from this point on was not stated.

Next: Much hexadecimal ado about &00H?

The entire uproar over whether the posting of a 32-hex digit code should be censored as copyright infringement or upheld like a banner of liberty, overlooks a fairly significant technical issue: specifically, whether the media key, discovered last February after all, still works.

Last month, AACS LA began its first wave of distribution of so-called revocation keys. Through Internet connections and through the distribution of new HD DVD discs, these keys are matches to media keys considered to have been compromised, and this list is believed to contain the now-celebrated 32-hex digit code.

Whether a site posting a software patch that contains revocation keys may, in so doing, be distributing the media keys that were compromised – and thus violating the terms of the DMCA, as maintained by AACS LA’s lawyers – remains to be seen.

Meanwhile, members of the Doom9 Forum, including arnezami, have been working since last month to apply a homebrew patch to Microsoft’s Xbox 360 HD DVD attachment drive, after having reverse-engineered the firmware from two drives to compare the differences in their code and determine the locations of secret keys. Their stated objective is to make it possible for software to decrypt the contents of a disc using its volume key only – which is more easily located.

If they are successful, then theoretically software could be permitted which enables Linux users to play HD DVD movies without a processing key at all, which would have made this whole two-and-a-half month discovery process another chronicle of wasted time.

In his Freedom to Tinker blog yesterday, engineer Ed Felten – who last year demonstrated the ease in which an unauthorized party could break into a Diebold voting machine – made a poignant comment about this whole affair.

“It’s hard to see the logic in AACS LA’s strategy here,” Felten wrote. “The key will inevitably remain available, and AACS LA are just making themselves look silly by trying to suppress it. We’ve seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.”

Update ribbon (small)

5:35 pm May 2, 2007 – A spokesperson for the HD DVD Promotions Group denied to BetaNews late this afternoon that the organization had any involvement in the sending of takedown notices to Web sites and search engines. Press reports have cited, in addition to the AACS Licensing Authority, the HD DVD Promotions Group and the Motion Picture Association of America as being behind these notices; to the best of BetaNews’ knowledge, and based on the spokesperson’s comments to us, we believe these reports to be inaccurate.

[originating url]

Nokia XpressMusic 5700 cell phone ready for European tour


You can’t throw a Bluetooth earpiece without hitting a music phone these days, but Nokia’s latest multimedia phone adds something new to the field. What’s the word I’m looking for…? A turn? A spin? In any case, if you want to fire up music, video, or the 2-megapixel camera onboard the XpressMusic 5700, you just rotate the keypad. That’s quite a… um, bend? Loop-de-loop? I don’t know.

The 3G phone uses a an microSD card for storage, with a 2-GB card getting you about 1,500 songs. Possibly notable is its ability to play music protected with Windows Media Digital Rights Management (WM DRM) as well as MP3, AAC and MP4 files. “Stereo” speakers are built right in, and you get some no doubt really crappy earphones in the package, so you’ll probably be more inclined to use a pair of Bluetooth headphones (which probably aren’t included, despite some photographic clues) since, hey, you can with this baby.

The XpressMusic comes to Europe this spring and will cost 350 euros. No plans for any U.S. gigs at this time. Check out another pic of the XpressMusic after the jump.

Nokia, via Engadget


Studios Take Claims of AACS Crack Seriously

After a daring programmer evidently seeking notoriety posted a relatively convincing looking homemade video to YouTube on Wednesday, purportedly showing an HD DVD video disc with AACS copy protection being cracked on a Windows-based system, a spokesperson for the AACS Licensing Authority told Reuters this morning it is seriously investigating the legitimacy of the claim.

It was the AACS LA that released last February – after production of high-definition disc components had already begun – interim specifications for how high-definition content must be formatted and organized to enable protection from components that will utilize AACS copy protection. The first wave of HD DVD and Blu-ray disc players did not implement AACS in full; most notably, they omitted the Internet-oriented clearing house scheme for mandatory managed copy (MMC), which AACS LA now says is optional.

But the key component of AACS is an advanced disc encryption scheme whose relative impermeability has actually been overstated more by those who would seek to crack the scheme rather than protect it. Over the past year, AACS LA has presented a surprisingly pragmatic viewpoint about the possibility, if not the inevitability, of the encryption scheme being cracked.

Yet AACS is a more complex scheme than its CSS predecessor for DVD, in that it enables new encryption mechanisms to be adopted and even retrofitted to existing firmware, if and when existing mechanisms are cracked. So one unexplored question in the wake of news that a fellow calling himself “Muslix64” has cracked the encryption mechanism on at least one, perhaps two, HD DVD discs, is whether the “self-healing” nature of the broader AACS scheme will minimize the damage from this crack, as it was originally designed to do.

Higher-level spokespersons for AACS LA have been contacted by BetaNews, and may become available after the holidays.

Partial source code for Muslix64’s purported tool, called BackupHDDVD, was posted to a file posting service, which has mirrored access to the file. Members of a highly frequented DVD technologists’ forum were able to obtain access to the Java code package, and have commented that it appears to be legitimate.

Based on BetaNews’ analysis of the material seen thus far, if Muslix64’s description of his eight-day task is accurate, then whether he actually, formally “cracked AACS” could be called into question. Promising to reveal more after the holidays – probably after stories such as this one have made the rounds – Muslix64 wrote that, in trying to adapt a method for his PC-based HD DVD drive to play a movie through his non-HDCP compliant video card to his new high-def monitor (a feat many high-def PC users are indeed technologically prohibited from doing), he discovered after learning how AACS works from publicly available documentation that the title key – the principal component the studios use to encrypt and decrypt the disc masters – are retrieved from the disc by his HD DVD player software, and then stored in an unencrypted portion of memory. In the video, that player software is revealed to be CyberLink PowerDVD 6.5 HD DVD Edition.

One element of the AACS scheme that distinguishes it from CSS is its use of a separate decryption key, called the revocation key because it can be revoked by the AACS clearing house in the event that discs using that key have been cracked. The result is supposed to be that the once-cracked media becomes unreadable by AACS-endowed players connected to the Internet.

If Muslix64’s description is correct, then CyberLink may have committed a major blunder: Its implementation could actually leave the title key exposed, which a player could use instead of the revocation key for decryption of a copied disc, thereby bypassing at least one “self-destruct” feature.

“The title keys are located on the disk in encrypted form,” Muslix64 writes in the Readme file for his BackupDVD utility, “but for a content to be played, it has to be decrypted! So where is the decrypted version of the title key?” He later answers his own question: within a database-formatted configuration file that PowerDVD at some point loads into memory, apparently in the clear. Elsewhere, the Readme file advises users to restrict their use of the program to HD DVD discs whose content they already rightfully own.

But even Muslix64’s explanations leave open one possibility: that the title key exposure could be limited to just a few HD DVD discs.

“The design is not that bad,” Muslix64 writes, referring to AACS, “but it’s too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs to get the keys!…And the ‘Revocation system’ is totally useless if you use the Title key directly.”

Conceivably, an insecure player implementation may not expose the title keys from every HD DVD disc, especially since AACS implementations have been evolving from their interim versions in February to reportedly more rigid, recent versions in recent months.

Nonetheless, the revelation of a new and perhaps successful attempt to back up HD DVD content to a more flexible form will, no doubt, resurrect the old arguments over individuals’ rights to the content they purchase. Do they truly own the content they buy, and if so, how can they then be legally restricted from taking care of it by backing it up safely and securely? Or is the distribution of digital content via videodisc a form of “extended lease,” whose terms of use can be protected and enforced automatically by copy protection schemes and digital rights management systems whose integrity can be likened to that of the most illustrious sandcastles? It’s beginning to look a lot like 2007 will look and sound a lot like 2006.

Microsoft and Toshiba demo the Xbox 360 HD DVD and 2nd Gen HD DVD Players

Reader Pete was lucky enough to attend a presentation that Microsoft and Toshiba were giving about their respective HD DVD players—Microsoft with a production sample Xbox 360 attachment and Toshiba with their HD-A2 and HD-XA2 second-generation HD DVD players.

Was he impressed? Can the Xbox 360 HD DVD attachment be used on a PC? When will these new Toshiba players launch?

We got to view some HD-DVDs discs that aren’t out yet, and the picture quality was absolutely stunning. [redacted] made it clear that we couldn’t discuss what titles we saw. These were 4th or 5th generation HD-DVD titles, and they really have the VC-1 encoding down to a science. They told us to keep the actual bit-rates secret, but they are only slightly higher than regular DVD bitrates which is astounding. (and we’re talking about 1080p 24fps video here).

We watched everything on a 50″ Pioneer Elite 1080p plasma, which I kind of thought was cheating – everything looked incredible on it. The 360 was hooked up via component, outputting 1080i. Definitely no 1080p over component – that’s blocked by the AACS copy protection. The plasma, however reconstructed the 1080p from the discs perfectly, and it you would expect it to for $10k.

Some things I found out, and can talk about is the 360 HD-DVD drive can be plugged into a PC and it will be recognized as an optical drive, but will not play HD-DVD movies. I asked what if you have the proper HD-DVD software on the PC, to that [redacted] said that he didn’t know, it hadn’t been tried yet- maybe there’s something there…

He toed the old 360-won’t-have-HDMI line. He cited cost as the deciding factor when they were developing the hardware. He said that the HDCP and the ICT flag will never be a issue because the install base of the 360 HD-DVD drive will be so large (he said millions, maybe tens of millions) that any studio that decided to implement ICT would be roasted alive in the press. They wouldn’t say how many HD-DVD drives would be available at launch (Nov 17, i think), but later on during different questions/conversations they said there would be “a couple hundred thousand”, and “several hundred thousand” for the holidays. Random 360 HD-DVD bits – all the HD-DVD decoding is done in software, the HD-DVD drive will come with the media remote and the King Kong HD-DVD.

We all got “preliminary” spec sheets on the new HD-A2, and HD-XA2 – no new info there, although the HD-A2 is supposed to drop next week, HD-XA2 drops in Nov/Dec.

I asked if the old models would ever get 1080p output through firmware, to which they replied an definitive no, but the old players would not be abandoned, firmware-wise.

So to summarize, the 360 HD DVD can be hooked up to a PC, and has a slight chance it can be used as a player if you have the right software. The first generation HD DVD players from Toshiba are SOL and will never get 1080p, and the Xbox 360 HD DVD will only have 1080i via component.

Thanks Pete!

[originating url]