It was the AACS LA that released last February – after production of high-definition disc components had already begun – interim specifications for how high-definition content must be formatted and organized to enable protection from components that will utilize AACS copy protection. The first wave of HD DVD and Blu-ray disc players did not implement AACS in full; most notably, they omitted the Internet-oriented clearing house scheme for mandatory managed copy (MMC), which AACS LA now says is optional.
But the key component of AACS is an advanced disc encryption scheme whose relative impermeability has actually been overstated more by those who would seek to crack the scheme rather than protect it. Over the past year, AACS LA has presented a surprisingly pragmatic viewpoint about the possibility, if not the inevitability, of the encryption scheme being cracked.
Yet AACS is a more complex scheme than its CSS predecessor for DVD, in that it enables new encryption mechanisms to be adopted and even retrofitted to existing firmware, if and when existing mechanisms are cracked. So one unexplored question in the wake of news that a fellow calling himself “Muslix64” has cracked the encryption mechanism on at least one, perhaps two, HD DVD discs, is whether the “self-healing” nature of the broader AACS scheme will minimize the damage from this crack, as it was originally designed to do.
Higher-level spokespersons for AACS LA have been contacted by BetaNews, and may become available after the holidays.
Partial source code for Muslix64’s purported tool, called BackupHDDVD, was posted to a file posting service, which has mirrored access to the file. Members of a highly frequented DVD technologists’ forum were able to obtain access to the Java code package, and have commented that it appears to be legitimate.
Based on BetaNews’ analysis of the material seen thus far, if Muslix64’s description of his eight-day task is accurate, then whether he actually, formally “cracked AACS” could be called into question. Promising to reveal more after the holidays – probably after stories such as this one have made the rounds – Muslix64 wrote that, in trying to adapt a method for his PC-based HD DVD drive to play a movie through his non-HDCP compliant video card to his new high-def monitor (a feat many high-def PC users are indeed technologically prohibited from doing), he discovered after learning how AACS works from publicly available documentation that the title key – the principal component the studios use to encrypt and decrypt the disc masters – are retrieved from the disc by his HD DVD player software, and then stored in an unencrypted portion of memory. In the video, that player software is revealed to be CyberLink PowerDVD 6.5 HD DVD Edition.
One element of the AACS scheme that distinguishes it from CSS is its use of a separate decryption key, called the revocation key because it can be revoked by the AACS clearing house in the event that discs using that key have been cracked. The result is supposed to be that the once-cracked media becomes unreadable by AACS-endowed players connected to the Internet.
If Muslix64’s description is correct, then CyberLink may have committed a major blunder: Its implementation could actually leave the title key exposed, which a player could use instead of the revocation key for decryption of a copied disc, thereby bypassing at least one “self-destruct” feature.
“The title keys are located on the disk in encrypted form,” Muslix64 writes in the Readme file for his BackupDVD utility, “but for a content to be played, it has to be decrypted! So where is the decrypted version of the title key?” He later answers his own question: within a database-formatted configuration file that PowerDVD at some point loads into memory, apparently in the clear. Elsewhere, the Readme file advises users to restrict their use of the program to HD DVD discs whose content they already rightfully own.
But even Muslix64’s explanations leave open one possibility: that the title key exposure could be limited to just a few HD DVD discs.
“The design is not that bad,” Muslix64 writes, referring to AACS, “but it’s too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs to get the keys!…And the ‘Revocation system’ is totally useless if you use the Title key directly.”
Conceivably, an insecure player implementation may not expose the title keys from every HD DVD disc, especially since AACS implementations have been evolving from their interim versions in February to reportedly more rigid, recent versions in recent months.