In a sign the high-definition format war is far from over, Toshiba on Monday dropped the suggested retail price of its entry-level HD DVD player to under $150. That puts the HD-A3 $250 cheaper than Sony’s PlayStation 3.
Not that we’d put it past Microsoft or anything, but we can already smell a rumor brewing where there is probably none regarding the long-speculated and continuously denied plans to integrate an HD DVD drive into the Xbox 360. Granted, Bill’s got to have something to talk about on stage at CES next week, but we we’re not putting much stock in the pure speculation of a fresh Seattle Times piece, which, without sources, simply holds that “Microsoft could also make a splash by announcing plans to give the Xbox 360 an internal HD-DVD drive”. Yep, they could do that which has been speculated endlessly since the HD DVD drive itself was announced in 2006 — or not. Guess we’ll find out for sure next week. Just don’t get your hopes up.
Oh, and those Xbox Live outages we’ve been covering? Rumor has it that Microsoft is going to do right by its customers and hook up Gold members with a little something — at least according to an unnamed Xbox insider. Guess we’ll see about that too one once things stabilize on the Live front.
If there is one thing that PlayStation 3 owners like even more than games — it’s porn. Okay, well maybe not *all* owners, but enough to convince the formerly HD-DVD exclusive porno company Digital Playground that they should be releasing their titles on Blu-ray as well, starting with the big budget smash hit, Pirates. As DP founder Joone (yes he has a one word name, evidently he doesn’t want his mommy to know what he does) explained, “A lot of people were e-mailing that bought a PlayStation 3 and they were basically saying, ‘When are you guys going to release Blu-ray?'”
The other thing that is interesting is that this is the first time that we have heard of the PlayStation 3 explicitly causing such an increased demand for HD movies that a studio changes its exclusivity stance in the HD format wars. For a long time, the HD-DVD camp has said that PlayStation 3 owners don’t buy movies. Well if porn is any indicator, looks like PlayStation 3 owners luuuv their high-def movies — as long as there are naked people in them at least.
[Via High-Def Digest]
Best Buy and Wal-mart had a campaign during the weekend where they sold the Toshiba HD-A2 for $100 – and that resulted in an impressive amount of HD DVD players sold. Over 90 000 players were sold during the weekend. Impressive. Is this the start of a price war between the blu-ray and HD DVD camps? I sure hope so – consumer power!
Toshiba HD-A2 model sells 90,000 over weekend [videobusiness.com]
That’s the so-called “Processing Key” that unlocks the heart of every HD-DVD disk to date. Happy Valentine’s day, AACS.
AACS, a DRM scheme used to encrypt data on HD-DVD and Blu-Ray disks, would appear to be cracked wide open by that short string of hexadecimal codes, as previously, only disk-specific Volume Keys were compromised. The new hack is the work of Arnezami, a hacker posting at the doom9 forums, fast becoming the front line in the war on DRM.
“The AACS is investigating the claims right regarding of the hack,” said AACS spokesporson Jacqueline Price. “It is going to take a appropriate action if it can be verified.”
Price said she could not disclose what their investigation might entail, or what “appropriate action” might be.
“We’ve just learned of this claim today and are checking into it,” said Andy Parsons, chair of the Blu-ray Disc Association and senior V.P. of product development at Pioneer Electronics, in an email.
The new crack follows that from earlier this year, when a hacker by the name of muslix64 broke the AACS system as it applied to each movie. While the earlier hack led to 100 HD-DVD titles and a small number of Blu-Ray movies being decrypted one-by-one, the so-called “processing keys” covers everything so far made.:
“Most of the time I spend studying the AACS papers,” Arnezami said in his forum post revealing the successful assault on the next-gen DRM system. “… what I wanted to do is “record” all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. … I now had the feeling I had something. And I did. … Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the “show” in my own memory. No debugger was used, no binaries changed.”
It’s not yet clear what it means for the consumer’s ability to copy movies, or, for that matter, that of mass-market piracy operations. The short form is that the user still needs a disk’s volume ID to deploy the processing key and break the AACS encryption — but getting the ID is surprisingly easy.
Arnezami found that they are not even random, but often obvious to the point of foolishness: one movie’s Volume ID turns out to be it’s own name and the date it was released. There isn’t yet an automatic system, however, that will copy any disk, in the manner of DeCSS-based DVD copying systems.
Even so, the new method completely compromises HD-DVD in principle, as it relies on AACS alone to encrypt data, even if there are other parts of the puzzle that are yet to fit together. Blu-Ray has two more levels of protection: ROM-MARK (a per factory watermark, which might revoke mass production rights from a factory but not, it seems individuals) and BD+, another encyption system, which hasn’t actually been used yet on sold disks (but which soon will be), meaning that its own status seems less obviously compromised.
How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies. Revoking the volume and processing keys that have been hacked would mean that all movies to date would not run on new players.
Publishers could randomly generate Volume IDs in future releases (as they are still needed for the current hack to work), which would make them harder to brute-force. That said, it’s claimed that the “specific structure” of the Volume ID in memory makes it feasible to brute-force randomized ones anyway.
Following are links to the current discussion at the doom9 forums, in which Arnezami and other provide regular updates on their progress. We don’t offer any warantee that the software implementations so far produced won’t blow up your computer or get you thrown in jail and whipped with wet towels by MPAA lawyers:
Proof of concept code for the process key hack is here: http://forum.doom9.org/showthread.php?p=953484#post953484
Implementation for Windows: http://forum.doom9.org/showthread.php?p=953496#post953496
Implementation for OSX: http://forum.doom9.org/showthread.php?p=953516#post953516a
Beginning two weeks ago, attorneys for the licensing authority for the Advanced Access Copy System used in both Blu-ray and HD DVD issued letters to multiple Web sites and services, including search engines, demanding they remove direct references to a 32-hexadecimal digit code they claim is a processing key that could be used to circumvent DRM protection in HD DVD discs.
“It is our understanding that you are providing to the public the above-identified tools and services at the above referenced URL,” reads one letter sent by AACS LA’s attorneys to a representative of Google, “and are thereby providing and offering to the public a technology, product, service, device, component, or part thereof that is primarily designed, produced, or marketed for the purpose of circumventing the technological protection measures afforded by AACS (hereafter, the “circumvention offering”). Doing so constitutes a violation of the anti-circumvention provisions of the Digital Millennium Copyright Act.”
The letter goes on to demand the removal of references to four Web sites whose articles include the code, as well as to any other material where the code may appear, otherwise “failure to do so will subject you to legal liability.” In an extra bit of irony, the document filename in one of the four URLs the attorneys cite is actually the 32-bit code itself.
The key in question appears to be the same one discovered by the Doom9 Forum user whose screen handle is arnezami, back in February as reported then by BetaNews. What this user discovered, other forum members verified, was a media key that software could use to identify itself as a validly licensed media player of HD DVD discs. While Linux media players could theoretically read the code from HD DVDs, they cannot decrypt that code since AACS LA has thus far declined to issue licenses – and thus, licensed media keys as well – to creators of open-source software, who could theoretically share that code in the act of source code distribution.
Word does not travel as fast as those who repeat online what they read elsewhere online believe it to; and thus, the existence of the discovered media key was only widely reported after a Digg user posted a link to an article where that key happened to appear. That article, appearing Monday on the blog Rudd-O.com – almost two and a half months after the key’s discovery – begins with the key itself, explains its discovery on the Doom9 Forum, and links to a 17-page autobiographical feature of the fellows who found it on Doom9 (through Digg) and repeated it on Rudd-O.com, entitled, “Stickin’ It to the Man: The Illustrated Report of an Epic Event.”
That article which links to “Stickin’ It to the Man” was itself Dugg, by way of another blog post – this time entitled, “Spread This Number. Now.” – which the author then self-Dugg, and in so doing, generated by his count 15,492 Diggs (votes of approval from Digg.com users).
It is that article with the high Digg count which caught the attention of AACS LA’s attorneys, who immediately issued a takedown notice. At first, Digg complied, removing references to “Spread This Number” and other material. In an explanation on Digg’s corporate blog, CEO Jay Adelson wrote, “We’ve been notified by the owners of this intellectual property that they believe the posting of the encryption key infringes their intellectual property rights. In order to respect these rights and to comply with the law, we have removed postings of the key that have been brought to our attention.
“Our goal is always to maintain a purely democratic system for the submission and sharing of information,” Adelson continued, “and we want Digg to continue to be a great resource for finding the best content. However, in order for that to happen, we all need to work together to protect Digg from exposure to lawsuits that could very quickly shut us down.”
Digg also apparently suspended the accounts of individuals who provided the original Digg links, including the one to “Spread This Number,” as its author posted on his own blog last night. However, multiple Diggs to the original Digg, including comments generated there, apparently remained.
There was an immediate public outcry from Digg users – which, for a story that took two and a half months to germinate, is perhaps noteworthy. However, many of the thousands of comments posted to already long threads appear to consist of meaningless data, side discussions irrelevant to the topic, spam, and even cute little pictures drawn with ANSI characters.
Regardless of the substance of the protest, it was enough to provoke Digg’s executives to reverse their course. In a blog post late last night whose title actually includes the media key code, Digg founder Kevin Rose wrote, “Today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code. But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company.
“If we lose, then what the hell, at least we died trying,” Rose concluded. Exactly what action Digg takes from this point on was not stated.
Next: Much hexadecimal ado about &00H?
The entire uproar over whether the posting of a 32-hex digit code should be censored as copyright infringement or upheld like a banner of liberty, overlooks a fairly significant technical issue: specifically, whether the media key, discovered last February after all, still works.
Last month, AACS LA began its first wave of distribution of so-called revocation keys. Through Internet connections and through the distribution of new HD DVD discs, these keys are matches to media keys considered to have been compromised, and this list is believed to contain the now-celebrated 32-hex digit code.
Whether a site posting a software patch that contains revocation keys may, in so doing, be distributing the media keys that were compromised – and thus violating the terms of the DMCA, as maintained by AACS LA’s lawyers – remains to be seen.
Meanwhile, members of the Doom9 Forum, including arnezami, have been working since last month to apply a homebrew patch to Microsoft’s Xbox 360 HD DVD attachment drive, after having reverse-engineered the firmware from two drives to compare the differences in their code and determine the locations of secret keys. Their stated objective is to make it possible for software to decrypt the contents of a disc using its volume key only – which is more easily located.
If they are successful, then theoretically software could be permitted which enables Linux users to play HD DVD movies without a processing key at all, which would have made this whole two-and-a-half month discovery process another chronicle of wasted time.
In his Freedom to Tinker blog yesterday, engineer Ed Felten – who last year demonstrated the ease in which an unauthorized party could break into a Diebold voting machine – made a poignant comment about this whole affair.
“It’s hard to see the logic in AACS LA’s strategy here,” Felten wrote. “The key will inevitably remain available, and AACS LA are just making themselves look silly by trying to suppress it. We’ve seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.”
5:35 pm May 2, 2007 – A spokesperson for the HD DVD Promotions Group denied to BetaNews late this afternoon that the organization had any involvement in the sending of takedown notices to Web sites and search engines. Press reports have cited, in addition to the AACS Licensing Authority, the HD DVD Promotions Group and the Motion Picture Association of America as being behind these notices; to the best of BetaNews’ knowledge, and based on the spokesperson’s comments to us, we believe these reports to be inaccurate.
- Cumulative Blu-ray movie sales to date number over 439,000 while HD-DVD numbers a little under 438,000. It doesn’t sound like much, but since Sony is reporting this you have to respect that they aren’t exaggerating the numbers. They expect the gap to widen in the coming months.
- The top two Blu-ray titles as of right now are Crank and Gridiron Gang.
- Thanks to the PS3, a Blu-ray movie buying frenzy began in January — BD titles outsold HD-DVD titles in a 3:1 ratio the first few weeks of January.
- Sony claims 40% market share in the Blu-ray world, thanks mostly to the PS3.