Studios Take Claims of AACS Crack Seriously

After a daring programmer evidently seeking notoriety posted a relatively convincing looking homemade video to YouTube on Wednesday, purportedly showing an HD DVD video disc with AACS copy protection being cracked on a Windows-based system, a spokesperson for the AACS Licensing Authority told Reuters this morning it is seriously investigating the legitimacy of the claim.

It was the AACS LA that released last February – after production of high-definition disc components had already begun – interim specifications for how high-definition content must be formatted and organized to enable protection from components that will utilize AACS copy protection. The first wave of HD DVD and Blu-ray disc players did not implement AACS in full; most notably, they omitted the Internet-oriented clearing house scheme for mandatory managed copy (MMC), which AACS LA now says is optional.

But the key component of AACS is an advanced disc encryption scheme whose relative impermeability has actually been overstated more by those who would seek to crack the scheme rather than protect it. Over the past year, AACS LA has presented a surprisingly pragmatic viewpoint about the possibility, if not the inevitability, of the encryption scheme being cracked.

Yet AACS is a more complex scheme than its CSS predecessor for DVD, in that it enables new encryption mechanisms to be adopted and even retrofitted to existing firmware, if and when existing mechanisms are cracked. So one unexplored question in the wake of news that a fellow calling himself “Muslix64” has cracked the encryption mechanism on at least one, perhaps two, HD DVD discs, is whether the “self-healing” nature of the broader AACS scheme will minimize the damage from this crack, as it was originally designed to do.

Higher-level spokespersons for AACS LA have been contacted by BetaNews, and may become available after the holidays.

Partial source code for Muslix64’s purported tool, called BackupHDDVD, was posted to a file posting service, which has mirrored access to the file. Members of a highly frequented DVD technologists’ forum were able to obtain access to the Java code package, and have commented that it appears to be legitimate.

Based on BetaNews’ analysis of the material seen thus far, if Muslix64’s description of his eight-day task is accurate, then whether he actually, formally “cracked AACS” could be called into question. Promising to reveal more after the holidays – probably after stories such as this one have made the rounds – Muslix64 wrote that, in trying to adapt a method for his PC-based HD DVD drive to play a movie through his non-HDCP compliant video card to his new high-def monitor (a feat many high-def PC users are indeed technologically prohibited from doing), he discovered after learning how AACS works from publicly available documentation that the title key – the principal component the studios use to encrypt and decrypt the disc masters – are retrieved from the disc by his HD DVD player software, and then stored in an unencrypted portion of memory. In the video, that player software is revealed to be CyberLink PowerDVD 6.5 HD DVD Edition.

One element of the AACS scheme that distinguishes it from CSS is its use of a separate decryption key, called the revocation key because it can be revoked by the AACS clearing house in the event that discs using that key have been cracked. The result is supposed to be that the once-cracked media becomes unreadable by AACS-endowed players connected to the Internet.

If Muslix64’s description is correct, then CyberLink may have committed a major blunder: Its implementation could actually leave the title key exposed, which a player could use instead of the revocation key for decryption of a copied disc, thereby bypassing at least one “self-destruct” feature.

“The title keys are located on the disk in encrypted form,” Muslix64 writes in the Readme file for his BackupDVD utility, “but for a content to be played, it has to be decrypted! So where is the decrypted version of the title key?” He later answers his own question: within a database-formatted configuration file that PowerDVD at some point loads into memory, apparently in the clear. Elsewhere, the Readme file advises users to restrict their use of the program to HD DVD discs whose content they already rightfully own.

But even Muslix64’s explanations leave open one possibility: that the title key exposure could be limited to just a few HD DVD discs.

“The design is not that bad,” Muslix64 writes, referring to AACS, “but it’s too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs to get the keys!…And the ‘Revocation system’ is totally useless if you use the Title key directly.”

Conceivably, an insecure player implementation may not expose the title keys from every HD DVD disc, especially since AACS implementations have been evolving from their interim versions in February to reportedly more rigid, recent versions in recent months.

Nonetheless, the revelation of a new and perhaps successful attempt to back up HD DVD content to a more flexible form will, no doubt, resurrect the old arguments over individuals’ rights to the content they purchase. Do they truly own the content they buy, and if so, how can they then be legally restricted from taking care of it by backing it up safely and securely? Or is the distribution of digital content via videodisc a form of “extended lease,” whose terms of use can be protected and enforced automatically by copy protection schemes and digital rights management systems whose integrity can be likened to that of the most illustrious sandcastles? It’s beginning to look a lot like 2007 will look and sound a lot like 2006.

Princeton professor sez cracking HDCP is "eminently doable"

It seems that HDCP, the high def content protection scheme that’s all the rage among Hollywood types, may not be as secure as the suits had hoped: Princeton University computer science professor Ed Felten takes a look at the standard’s supposedly well-known security flaws and dumbs down the basic tech on his blog so all us non-math majors can understand. Basically, HDCP relies on a handshake between connected hardware wherein the two devices send each other a set of rules to be applied to the forty-or-so numbers that constitute both devices’ “secret vector” — if each device reports the same numerical result (as the pre-determined mathematical rules dictate they should), sweet high definition content can begin to flow freely. According to Felt, all it takes to figure out a given device’s secret vector or create a workable “phantom” vector is to perform a number of handshakes equal to the number of elements in the secret vector, followed by a little bit of algebra to tease out the results from a matrix of equations (follow the “Read” link for a better explanation). Although HDCP-restricted HDMI and DVI connections aren’t prevalent enough yet for anyone to have actually undertaken this project (either that, or fear of legal reprisals has kept any successful cracks from being published), the simple fact that it’s doable could mean nightmares for Tinseltown sooner rather than later.

[Via Boing Boing]

Xbox 360’s HD DVD drive already functioning on PCs

In you haven’t had enough Xbox 360 (let alone Wii and PlayStation 3) news lately, we’ve got one more tidbit for you. While we knew the device would sport USB connectivity, the recently released (and unboxed) HD DVD add-on drive has reportedly already been hacked to function on plain ole PCs, no Xbox 360 necessary. Utilizing Toshiba drivers, users have apparently been able to not only view the file contents of their HD DVD flicks directly within a Windows XP environment, but have been able to play back the film on PCs well-spec’d enough to handle the load. By enabling the computer to read the UDF (Universal Disc File system) v2.5 — which is currently used by Toshiba’s first generation HD DVD drives — you can avoid throwing down the coin required for an Xbox 360 if you so choose. But as these roundabouts always go, we wouldn’t count on things working out so smoothly for too much longer, especially with HDCP always lurking and waiting to pounce.