HD-DVD Copy Protection cracked....now what? (1 Viewer)

I don't want to violate any rules here, but I think the video itself is OK as it doesn't really show the details.

Link

I'm just curious as to if this will affect future studio support for HD-DVD, or if BD is vulnerable to the same thing.

The program was supposedly released today and is called "BackupHDDVD". The guy has a whole FAQ and a diary on how he cracked the AACS.

I could care less about copying these things but am really curious as to how this is all going to play out in the industry.

No surprise. There hasn't been a single disc-based copy protection scheme devised that HASN'T been cracked. HD-DVD and Blu-ray will be no different. The industry will never learn.

If HD-DVD can be cracked, no doubt Blu-Ray can also. This is not good news for either camp. What if the studios get spooked and slow down releases? Everyone would be better off if this crack had not occurred.

I wouldn't worry. The only thing that would slow releases down is a drop in sales.

He seems to be holding his cards very close to his chest.


My guess is that one or more components in the decoding chain has a bug that exposes the key to public view. Like CSS before it, AACS allows for revocation of keys-- so that the compromised devices won't be able to play future titles, until the flaws are patched. Unlike CSS, AACS probably is not so massively flawed that a brute force solution will render key revocation pointless.

(CSS used a 40 bit key-- insecure even by the standards of the time. Cryptoanalysis of the CSS algorithms revealed that due to various flaws, it was equivalent to a 25 bit cipher-- crackable in minutes. )

True, but to this day it's impossible to play a burned Xbox or PS2 disc without having some sort of modification done to your hardware which very few people do. If I'm reading this correctly, it sounds like you could burn one of these and play it on an HD-DVD player right out of the box. For the moment, it's irrelevant since HD-burners and recordable media are years away from making the "rent, rip, and return" scenario from being cost effective for the average Joe. I don't understand why they didn't go with the same sort of protection that is applied to videogames.

Has SACD been cracked?

I don't think so.....

Marek

http://www.engadget.com/2006/12/27/a...kuphddvd-tool/

SACD isn't popular enough to be on hackers' radar screen cause there's not enough good titles on it.

what really excites me is the possibility of playing back 1080p on my HTPC! i've read that it can be done with XBox360's HD-DVD USB drive, only under $200. that's awesome, but i gotta get HDCP display+ HDCP crypto-rom video card.

So does this mean there will probably be a step-up in the implementation of the ICT flag?

ict would be useless since people can access decrypted full 1080p. it's almost like DVDShrink.

Well, if AACS has truly been cracked, then HD-DVD may be on it's way out. Blu-Ray can fall back on it's alternative protection schemes, but so far as I know HD-DVD only had AACS. The studios will avoid handing out unprotected HD movies like the plague. Of course HD-DVD could obsolete the existing players by implementing a different protection scheme in newer players, or possibly retroactively implement it on any previous players that would support it.

My guess is that they found an exploit in a software player that exposed the keys somehow. This would explain why you need individual keys for each movie. If AACS was truly cracked, then there would be no need for having a unique key for each movie.

ICT won't matter because hdcp is broken. (as a practical matter, specialized hardware must be used to convert the hdmi signal into something useful, whereas libdvdcss or backuphddvd can be run on general purpose computers. If ICT is implemented, eventually people will get fed up and start using the necessary hardware, with forged keys.)

I'm kind of surprised it took this long. With the HD-A1 begin a basic Linux box it shouldn't have been too hard to crack. I expect BR will be cracked by the middle of 2007.

Blu Ray has already been cracked. People have been able to make a bit-for-bit copy on the hard drive of the PS3.

- Steve

Which does absolutely nothing as it hasn't been cracked. All they have is a bit for bit copy of an encrypted disc image which does absolutely nothing. The whole point of the AACS encryption is that even if you bit for bit copy the disc, the content is still secure.

What has happened with HD-DVD is that you can rip an unencrypted copy of the movies onto your harddrive that you can then play at will. You can then transfer a copy from your harddrive to a server or share the copy with anyone you want. In effect, Hollywood's worst scenario has happened; the 1080p digital copy of all the HD-DVD movies on the market have been compromised.

Comparing an encrypted useless copy of a Blu-Ray movie to an unencrypted playable HD-DVD copy isn't even remotely equal.

Take two computers. Put the disc in one of them. Copy the content to the hard drive, and copy that content to the hard drive of the other machine. Play the content. If it's playable, then, yes, you have broken the copy protection.

Here's how the whole scheme works.

The film is encrypted-- without the title key, the files on the disc are just random noise, and this random noise can be freely copied.
The disc contains the title key, as well, but that's encrypted. If the title key is not decrypted, it can't be used to to decrypt the movie.

The player has a key which it can use to decrypt the movie. This key is only provided to the manufacturer on the condition that the player contain elements that frustrate attempts to copy decrypted content or keys. For instance, hdcp must be used on the dvi or hdmi out. Macrovision must be used. The player must respect region coding. The manufacturer must post a bond. And so on.

If the player is found to allow copying, the keys are revoked, and the player must be redesigned before new keys are issued. Sometimes this is as simple as a firmware update. Until the player is updated, it will not play newly issued discs.


libdvdcss doesn't need keys to work. The only remedy would be to cease all production of DVDs, because the flaws are in the CSS algorithm itself--not the accidental disclosure of keys.

I've heard that if AACS fails, a new scheme could be implemented relatively easily, at least on bluray.

Let's get one thing straight. Linux is not insecure. Linux can be configured to allow direct access to the underlying hardware-- so that the user with appropriate credentials can use that hardware in ways not considered to be essential or socially appropriate by commercial manufacturers. Consider the Ping of Death. Such mischief can be curtailed at the driver level, but on linux, it's easy enough to rewrite the driver reinstate the potentially malicious behavior.

But that's only possible if you can recompile and reinstall the kernel-- and such operations usually require root access and physical access to the machine. There are methods of escalating privilege, but linux is not designed around the principle that all users should have root--quite the opposite. At the same time, it is designed around the principle that the owner of the machine, not bill gates or the content companies should have root access, and all the freedom that that implies.

When you buy an appliance that runs linux, you may or may not get root access. The HD-A1 is an appliance that runs linux. It does not provide the user with root access, just as a NSA computer does not grant root credentials to every cracker that stumbles upon it.

I'm not saying Linux is insecure I'm saying its easier to crack than other scenarios. Its a simple question of which setup is easier to crack? One running on a known operating system like Linux or Windows or one running on a completely proprietary OS? Give me Linux or Windows any day.

Arstechnica.com has a really good article on this as well. See here.