12/28/2006 8:41:29 AM, by Ken Fisher
Reports are circulating that the AACS content protection system shared by both Blu-ray and HD DVD has been cracked. None of the sites reporting this information have confirmed the crack, however, and our own investigation suggests that this is not a full working crack at this time. From the available details, the hack appears to only address AACS encryption, which means that Blu-ray would not be fully crackable using this method, as it has additional forms of DRM.
The crack was announced on the Doom9 forums, where user muslix64 revealed that his application "BackupHDDVD" would strip encryption from HD DVD discs. Details are very scarce, and we've had only limited time to investigate this matter. Here's what we've found, so far.
The BackupHDDVD does not take any HD DVD disc and rip it without intervention; that much is certain at this time. It is not a cracking tool but a circumvention tool. Currently one needs to somehow obtain each disc's encryption key to complete the process, and it is not clear how this is to be done. In the video posted to YouTube celebrating the hack (shown below), there's a brief shot of a key list containing information for for Full Metal Jacket, Van Helsing, Tomb Raider, Apollo 13, The Last Samurai, and The Fugitive. How muslix64 obtained these keys is not clear, but our
educated guess is that muslix64 has access to a cracked software player, and is using that device to sniff keys first. As Nate noted in his report "Hacking Digital Rights Management," many of these newer cracks—BackupHDDVD would qualify if verified focus on obtaining keys rather than cracking them. BackupHDDVD appears to be a "crack" of this sort.
Thus, the real story here isn't the decryption process, which appears to be nothing special, but rather the acquisition of the decryption keys. The video
suggests that PowerDVD was cracked in such a way as to reveal the keys, but that can only remain speculation at this time. Mostly likely, muslix64 used PowerDVD to play back movies, and he has discovered a way to read the keys from memory when that application is in use. He then feeds the keys into his decryption routine, which was written based on publicly accessible information made available by the AACS Licensing Authority.
If all of this pans out (and that's a pretty big if, at this time), we'll get the chance to see how robust key revocation is with AACS. The planners behind this next-gen content protection system designed it to deal with this kind of situation. That doesn't mean it will actually work, of course.
Hypothetical fallout could be something like this: if PowerDVD is the source of the keys, an AACS initiative will be launched to revoke the player's keys to render it inoperable and in need of an update. There is some confusion regarding this process, however. It is not the case that you can protect a cracked player by hiding it offline (the idea being that the player will never "update" with new code that way). Instead, the player's existing keys will be revoked at the disc level, meaning that new pressings of discs
won't play on the cracked player. In this way, hiding a player from updates will not result in having a cracked player that will work throughout the years. It could mean that all bets are off for discs that are currently playable on the cracked player, however (provided it is not updated). Again, this
is all hypothetical at this time.
We'll keep our eyes on this story as it develops. In the meantime, here's the "video" showing the crack in action.
[ Discuss ]
Copyright © 1998-2006 Ars Technica, LLC