Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Doom9 Researchers Break BD+

Posted by kdawson on Saturday November 01, @01:27PM
from the blue-hooray dept.
An anonymous reader writes "BD+, the Blu-ray copy protection system that was supposed to last 10 years, has now been solidly broken by a group of doom9 researchers. Earlier, BD+ had been broken by the commercial company SlySoft." Someone from SlySoft posts a hint early in the thread, but then backs off for fear of getting fired. The break is announced on page 15.
drm hardhack encryption haha sony
it encryption
story

Related Stories

[+] Hardware: Analyst Says Blu-ray DRM Safe For 10 Years 493 comments
Mike writes to let us know that a poster on the AVS forum says that the latest issue of HMM magazine (no link given) contains a quote from Richard Doherty, a media analyst with Envisioneering Group, extolling the strength of the DRM in Blu-ray discs, called BD+. Doherty reportedly said, "BD+, unlike AACS, which suffered a partial hack last year, won't likely be breached for 10 years." He added that if it were broken, "the damage would affect one film and one player." As one comment on AVS noted, I'll wait for the Doom9 guys to weigh in.
[+] Blu-ray BD+ Cracked 521 comments
An anonymous reader writes "In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: 'BD+, unlike AACS which suffered a partial hack last year, won't likely be breached for 10 years.' Only eight months have passed since that bold statement, and Slysoft has done it again. According to the press release, the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market."
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Congratulations! (Score:5, Insightful)

    by symbolset (646467) on Saturday November 01, @01:28PM (#25596341)

    A hearty congratulations to the brilliant programmers of Doom9, including Oopho2ei - who claims not to be a "professional programmer".

    • Re:Congratulations! (Score:5, Interesting)

      by TubeSteak (669689) on Saturday November 01, @01:52PM (#25596521) Journal

      What's more impressive is that the thread was started August 24th,
      which means it took them 5 weeks and a few days to break BD+.
      Kudos to them.

      Is this just for MKBv7 (Media Key Block) or is BD+ permanently broken?

      • Re:Congratulations! (Score:5, Informative)

        by Jah-Wren Ryel (80510) on Saturday November 01, @02:46PM (#25596935)

        Is this just for MKBv7 (Media Key Block) or is BD+ permanently broken?

        For the most part it is permanently broken. BD+ is just a very simple virtual machine - these guys reimplemented the virtual machine. So the disc publishers can write all kinds of new copy prevention code in the BD+ 'language' but the doom9 guys' VM will be able to execute it pretty much like any sanctioned BD+ VM would. The disc publishers might start exploiting non-standard or undefined behavior in the BD+ VMs (presumably most hardware players all just run the same BD+ VM from macrovision, so any bugs in it should be the same across most if not all hardware players) but such shenanigans won't be too hard to reverse engineer and include into the clone VM.

        Now when the publishers switch to MKBv8 that will be a new set of AACS keys that will need to be rediscovered, but that's independent of and in addition to BD+.

      • by Angstroem (692547) on Saturday November 01, @01:50PM (#25596497)

        ...start reading on page 15, it'll discuss (a) what they did and (b) how resistant it is against potential counterattacks by the BD+ people.

        Mind you, the idea was not to break the underlying encryption scheme (breaking AES could still turn out being hard for the next couple of years...), but rather disable the BD+ security layer.

        • by IamTheRealMike (537420) on Saturday November 01, @02:30PM (#25596813) Homepage

          As far as I can tell, it wasn't actually disabled though. What they guy did is write his own BD+ VM. An impressive feat for sure, but that attack was always anticipated. As the dude says later,

          Apart from that the purpose of the program (called "content code") running inside the player on a virtual machine is to detect any known compromised players or known unlicensed emulators (like ours). The content code is give a wide range of opportunities to do that. For example it has (limited) access to the player memory and can even execute arbitrary code on the machine though we haven't seen that yet and our emulator doesn't support this either.
          As long as we have access to a working (licensed) players all these measures are useless as we can record traces from this player and adjust the data "injected" in the virtual machine address space by traps or events to perfectly match our recordings. Even if whitebox attack resistant AES or ECDSA algorithms are used and nobody manages to break them we can still use the obfuscated algorithms and their keys.

          So basically the disk authors can keep up for as long as they can trace the VM of an existing licensed player. They don't need to do that currently because no publishers are searching for their VM specifically.

          They'll probably be able to do this for as long as publishers want their discs to be playable on software players, simply because it's quite easy to reverse engineer x86 code on a PC, when you have a debugger and plenty of Jolt. I don't know what the BluRay player market looks like. If most BluRay players are hardware based, then as a movie studio I'd be tempted to simply write some BD+ code that looked for existing software players and banned all of them. Then the "trace a licensed player" step outlined above suddenly turns into a silicon reverse engineering problem instead of a software reverse engineering problem. Much harder.

          That said, I doubt they'd actually do that. Presumably they allowed software players for a reason, despite knowing they were way easier to hack than hardware players.

          • by c (8461) <beauregardcp@gmail.com> on Saturday November 01, @03:13PM (#25597105)

            > If most BluRay players are hardware based, then as a movie studio I'd be tempted to simply write
            > some BD+ code that looked for existing software players and banned all of them. Then the
            > "trace a licensed player" step outlined above suddenly turns into a silicon reverse engineering
            > problem instead of a software reverse engineering problem. Much harder.

            Even then, you can still run the BD+ code in the VM, and trace it under the VM, and figure out what makes it fail, and ensure that it sees a VM environment which doesn't look like an existing software player. Or any kind of software player. And you may have the ability to modify the software player to explore what triggers the problem (a lot of people who's software players no longer play the latest releases would be rather thankful for a patch).

            Harder, but a boatload easier than tracing silicon.

            The BD group pretty much has to outlaw software players entirely to avoid this kind of attack.

            c.

      • As always with DRM (Score:5, Insightful)

        by symbolset (646467) on Saturday November 01, @01:51PM (#25596505)

        The content must contain sufficient information for the content to be decoded. Anything one software can do, another software can do (see Knuth, et seq). Therefore if there's an available software that can decode the encrypted content it must be possible for open software to decode the encrypted content. Removing the encryption using open software eliminates the protections against copying provided by the closed software and the game is over.

        Thus DRM is a fool's errand. It always has been.

        The illusion of protectability is however easy to sell for vast sums of cash to content owners who desperately want it to be possible.

        • by Bender0x7D1 (536254) on Saturday November 01, @02:16PM (#25596713) Homepage

          Therefore if there's an available software that can decode the encrypted content it must be possible for open software to decode the encrypted content.

          Possible != Feasible. It is possible for me to brute force AES-256 but it isn't feasible for me to do so.

          • by sjames (1099) on Saturday November 01, @03:02PM (#25597025) Homepage

            Therefore if there's an available software that can decode the encrypted content it must be possible for open software to decode the encrypted content.

            Possible != Feasible. It is possible for me to brute force AES-256 but it isn't feasible for me to do so.

            The point is, the 'legitimate' (w/ DRM I use that term loosely) doesn't brute the key, and the legitimate software can be watched in action. That means that reverse engineered Free software can be created to do the same thing.

            Hardware trickery to make it harder to do that also increases the incentive to find a way. Somebody somewhere will find a way to dissect it.

            The job is even harder since it will always be a plaintext attack.

        • A lot of people are just not buying content - even though they would like to buy content - because they know that money spent that way is wasted and they don't want to throw their money away again.

          At the risk of my karma, I'm going to mention that no one I know seems to fall into your generalization of people not buying Blu-Ray discs or players because of DRM. The most commonly cited reason for discs is lack of ubiquitous players (in cars, portable players, friends houses, etc) and the most common reason cited for players is the expense of a Blu-Ray mechanism. In fact, breaking the DRM makes Blu-Ray riskier for investors and therefore likely will increase costs (higher risk means higher cost) in the short term.

          All in all, because Blu-Ray is 10x the bandwidth of any online "HD" movie source (and I use that term loosely for online offerings) and because online DRM is so much worse, I don't see it going away. Instead I see it likely to win over DVD-- DRM or not-- but not until manufacturing costs ramp down due to better technologies and economies of scale.

          Consider this. Is a DRM-free H.264/AAC mp4 file more convenient, or is a DRM-laden disc that you can play in your car, computer, PS3, portable system, or friend's house by carrying around a 16 gram disc? I suspect for geeks it's the former, but for most consumers it's the latter, and it's really just about making players ubiquitous. The odd player out is, of course, the iPod. It's the one thing that is both ubiquitous and doesn't favor the disc. If the Blu-Ray consortium came to some agreement with Apple there it would go a long way towards gaining acceptance.

          • by symbolset (646467) on Saturday November 01, @02:57PM (#25596993)

            no one I know seems to fall into your generalization of people not buying Blu-Ray discs or players because of DRM.

            We shall see. Most people don't know really why they're not trusting of innovation in content technology. The advantages of open content though are immediately obvious and so when the content owners open up the content it starts flying out the door.

            All in all, because Blu-Ray is 10x the bandwidth of any online "HD" movie source (and I use that term loosely for online offerings) and because online DRM is so much worse, I don't see it going away. Instead I see it likely to win over DVD-- DRM or not-- but not until manufacturing costs ramp down due to better technologies and economies of scale.

            "Never underestimate the bandwidth of a station wagon full of backup tapes." Technology has passed this one by, but the truth of it remains. Content providers would do well to sell the right to the content separately, and let people figure out how to get the content on their own. If they must, they can offer content at kiosks you take your external hard drive to. The tree huggers should like the idea of transport-media free content distribution at the very least - that's less mylar disc in the landfill.

            Consider this. Is a DRM-free H.264/AAC mp4 file more convenient, or is a DRM-laden disc that you can play in your car, computer, PS3, portable system, or friend's house by carrying around a 16 gram disc?

            For the car and portable system a downrezzed movie that fits on an 8GB SDHC card are sufficent, and that form factor is considerably more convenient than a disc that doesn't even fit in your pocket - and is too fragile to carry that way anyway. People do this on their EEE all the time. A 360GB external 2.5" USB drive is bigger and heavier but smaller than a BD with case so it still fits in your pocket, is less susceptible to scratching, fits multiple movies on one disk, and has many other advantages.

            Open content means you can make backups. You can convert to your target platform. You can move your content to where you want it and any technology that can play it will continue to play it for all time. DRM content does not have any of these advantages. Most importantly that last one.

  • Unfortunately (Score:5, Insightful)

    by Anonymous Coward on Saturday November 01, @01:30PM (#25596357)

    Unfortunately this will probably just mean that a ton of consumers will be SOL when they implement new encryption schemes on BluRay that aren't supported by some existing players.

    • Re:Unfortunately (Score:5, Insightful)

      by Wuhao (471511) on Saturday November 01, @01:34PM (#25596389)

      Wonderful. Finally, people won't look at me like I'm from Mars when I tell them that DRM affects legitimate paying customers like them.

    • by symbolset (646467) on Saturday November 01, @01:40PM (#25596441)

      Sony isn't having a ton of luck building an installed base of users of BD, even after buying their competition into submission. If they obsolete their installed base they have to start over again with thet negative examples of HD-DVD and the additional strike of cyclic obsolescence against them. It would be too obvious that the purchase of their content is actually a short term lease. That would be the death of BluRay before it's even well started, and it wouldn't even buy them an additional year before it was cracked again.

      It's more likely that we're nearing the end of this DRM nonsense forever. Finally!

      Or am I too optimistic of their intelligence? History does weigh heavily against my hopefulness here.

    • Re:Unfortunately (Score:5, Insightful)

      by Lumpy (12016) on Saturday November 01, @01:53PM (#25596523) Homepage

      Oh I hope so. I hope that Sony and the rest of those idiots over-react hard and screw most all customers with BluRay players.

      Disrupting the consumers from viewing the new shiney will actually make them sit up and pay attention. I hope this screws a lot of people really hard to the point they say "HEY! WHAT THE HELL!"

      Now they need to crack HDCP.

      • Re:Unfortunately (Score:5, Interesting)

        by Firethorn (177587) on Saturday November 01, @02:14PM (#25596695) Homepage Journal

        Disrupting the consumers from viewing the new shiney will actually make them sit up and pay attention. I hope this screws a lot of people really hard to the point they say "HEY! WHAT THE HELL!"

        I think this has actually happened a couple times. My first negative experience with DRM was as a kid - I bought a video game that kept insisting I 'insert the original disc'. Turns out they fubared the pressing such that even the original disc was seen as copied - didn't impress me with the quality control. It was something where pulling even a single disc and trying it out would have found the problem.

        My second was with an E-Book program. I decided to check out this 'ebook' thing, downloaded the one Stephen King wrote years ago - the idea was that if you liked the book, you paid for the next installment. While I found the installment nice, the reader broke so many things that after reading it I uninstalled the reader and therefore the book. Never again. For example, it mostly broke copy/paste, as well as various other things in attempting to stop screen captures.

        I mean, if I had wanted to copy the book, it would have only taken a few hours of my time to [i]retype the bloody thing[/i] using dual screens or even two computers. It wasn't a hugely long book, and I am a trained(if out of practice) typist. If I wanted to do a lot of books, some sort of OCR system would work.

        Or just find & download it off the internet today.

        Especially with the popularity of MP3 players that are quickly turning into media players, the 'average user' is seeing the effects of DRM more and more. Especially when they buy that DVD duplicator and discover it won't work for 'copyprotected' discs.

  • cool! (Score:5, Interesting)

    by Anonymous Coward on Saturday November 01, @01:33PM (#25596383)
    The best part of all: the DMCA makes it perfectly legal to use with Linux since OEMs don't provide linux codecs.
  • Kudos to them (Score:5, Informative)

    by Enderandrew (866215) <enderandrew@ g m a il.com> on Saturday November 01, @01:40PM (#25596431) Homepage Journal

    That being said BluRay burners are expensive enough, and the blank media is expensive enough that I'll probably still buy my BluRay movies on Amazon.com (where I routinely find cheap deals as opposed to retail stores charging $35 per movie).

    • Re:Kudos to them (Score:5, Interesting)

      by jmorris42 (1458) * <jmorris AT beau DOT org> on Saturday November 01, @01:56PM (#25596537) Homepage

      > That being said BluRay burners are expensive enough, and the blank media is expensive enough that I'll probably
      > still buy my BluRay movies on Amazon.com.

      Which is perfectly good. I didn't buy my first DVD though until the protection was broken and I have no intention of buying anything BD until it is broken. I'm sure I'm not alone in this. Who wants to buy a BD movie until they can pull a copy to a DVD for portable players off in the rest of the house, the in car players, etc. Until we can yank clips out of one. Until we can play then on our non-Windows machines.

      Once stable build of mplayer support this stuff and the battle of key revocation settles down I'll think about investing in the stuff. Not before.

  • And YET AGAIN... (Score:5, Insightful)

    by Khyber (864651) <khyberkitsune@gmail.com> on Saturday November 01, @01:46PM (#25596477) Journal

    The common man proves that if man can make it, man can break it.

    This is a lesson companies will NEVER LEARN when it comes to DRM.

  • by janek78 (861508) on Saturday November 01, @01:51PM (#25596507) Homepage

    I don't really care if I can copy my BluRay disks or not (I'm too lazy to back up my movies - if I break a disk and I like the film, I get a new one).

    But I would love to be able to play my legally bought films under Linux without having to reboot (or having to go to jail for that matter). Maybe one day. :)

  • How does it work? (Score:5, Insightful)

    by tangent3 (449222) on Saturday November 01, @02:02PM (#25596587)

    Hoping some expert can describe how this all works to the masses out here. From a quick glance through the forum, this is what I think is happening...

    BD+ movies are released with corrupted data
    A conversion table is required to fix the corruption
    The conversion table is built using code on the BD+ disk that runs on the BDVM.

    The bulk of the work on the forum thread seems to be an effort to reverse engineer the opcodes and libraries (called TRAPs?) available in the BDVM, and to reimplement the VM.

    I'm not a security or crypt expert, but I can't imagine how anyone can expect this kind of security to remain secure for 10 years.

  • by nzgeek (232346) * on Saturday November 01, @02:06PM (#25596613) Homepage Journal

    I think a quote from a famous internet wordsmith [penny-arcade.com] is in order here:

    Someone needs to emphasize this in such a way that the right people see it: people who pirate software enjoy cracking it. The game itself is orders of magnitude less amusing. And their distributed ingenuity will smash your firm, secure edifice into beach absolutely every Goddamn time. There are no exceptions to this rule.