digg

Facebook Connect Join Digg About

Blu-Ray Encryption

dailytech.com Nice story on the defeat of Blu-Ray encryption.

Who dugg this? Made popular Jan 25, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

53 Comments

show profanity settings
expand all
  • inactive, on 10/12/2007, -2/+37Ok, these companies spend millions of dollars on research on a suitable encryption format designed to keep hackers out permanently. Now cue muslix64, who comes in and in a matter of weeks manages to decrypt BOTH high definition formats, and HE DOESN"T EVEN OWN a blu-ray player. If I were muslix I would be very scared right now, those companies will soon be looking for him.
  • inactive, on 10/12/2007, -2/+28What I love about this is that while it took three years from the introduction of CSS (1996) until the publication of DeCSS (1999), the encryption for HD-DVD and Blu-Ray have now both been broken before any of the products which use them have even reached any appreciable level of widespread consumer adoption. They basically got broken right out of the gate; it's totally incredible.
  • rockforever, on 10/12/2007, -0/+21Yeah, but the companies are even more scared, because even if he gets prosecuted, or whatever, someone else is just gonna take up his work and continue to break DRM schemes.
  • baxtermaddux, on 10/12/2007, -0/+19what im wondering is:

    is what that kid did really illegal? i dont understand what is illegal about demonstrating flaws in a products design? isnt that exactly what people like Consumer Reports do when they expose the weaknesses of products?

    and how could they track him down? would they use the ISP there to find out who he is? do forums log your ISP adress when you post in them? just curious for my own privacy
  • noamsml, on 10/12/2007, -0/+16It's not a backdoor, he simply used the fundemental weakness of DRM: In order for DRM to work, the user's computer *must* contain the decryption keys, as well as the decrypted content, at one point or another. This means that muselix64's hack doesn't even rely on the weakness of the encryption (AES is still considered pretty much unbreakable), but on the weakness of DRM itself.
  • dwbell, on 10/12/2007, -0/+14Is it illegal? Depends on where he lives. As much as I'm sure it pains them the MPAA and RIAA only write the laws in the USA.
  • thatbox, on 10/12/2007, -1/+13It's unfortunately illegal under the ill-conceived DMCA - it's a tool that circumvents copy protection schemes.
  • cynicist, on 10/12/2007, -0/+11DVD Jon (and friends) actually reversed a cipher, all muslix64 did was go around AACS by getting the keys out of the memory of the software player. AACS has not been cracked yet and it probably won't be for a long time. Fortunately we don't really need it to be when they gave us such an easy way to bypass it.
  • thatbox, on 10/12/2007, -0/+10Original author of the tool created it because his monitor was not HDCP-compliant, preventing him from enjoying his own purchased high-def content. ( http://www.slyck.com/story1390.html )
  • MrFlesh, on 10/12/2007, -0/+8I always find DRM hacks funny. But this is pretty much routine now-a-days. XP was hacked 3 hours after release. Vista was hacked before release. CD DRM was defeated by masking tape. DVD hacked. Itunes hacked. RFID was hacked. Now Blu-ray and HD-DVD. DRM doesn't work........period. It doesn't work for investors. It doesn't work for consumers. The new try at DRM is with hardware. I'm sure that will be broken as well.
  • jollyroger814, on 10/12/2007, -0/+8actually he has over 131 pages of submitted stories and over 1500 pages of stories he dugg.
  • inactive, on 10/12/2007, -0/+7"I can't imagine 20+ GB torrents being too popular. "

    *Looks over at fileserver*
    Nope, I can't imagine anyone wanting that much content.
  • kravex, on 10/12/2007, -0/+6Even better is that whole companies with lots of staff made these and some guy or kid on his home computer just cracked em, that's just so funny.
  • rompom7, on 10/12/2007, -0/+5I would be more worried being Jon Lech Johansen, the guy that cracked DVDs CSS. Sure it was a pretty basic brute force attack, but try explaining that to companies that have invested a lot more into DVD than Blu-Ray or HD-DVD. (I say they invested more because it has been around a long time now, everything is on DVD right now)

    What muslix64 did is far more impressive than cracking CSS. The damage is done now, and I'm sure if the big investors were given a chance to stop the crack, they would have done it. Since it has been cracked, theres no point in these big investors going after muslix64, they'd only be able to get chump change out of suing him. Unless they want to make an example from him to try and stop other hackers from decrypting future DRM protection systems (It never works, we've seen countless cases of virus writers having being sued to the bone, yet theres still viruses being written).
  • dwbell, on 10/12/2007, -0/+5I can't imagine 20+ GB torrents being too popular.

    I for one won't be buying an HD DVD player until I can put one in my computer, place an HD DVD disc that I bought in the drive I bought and watch the movie I paid for in Linux.
  • 7of7, on 10/12/2007, -0/+5So this is for totally legal uses right? It's not the case that a majority of people will use this to get content they didn't pay for, right? It's just for fair use backups, right? Because you know the entire "we hate DRM because we want to own stuff we've bought" argument will be completely invalidated if its true purposes are simply to make it even easier to get content that you haven't paid for.
  • noamsml, on 10/12/2007, -0/+5If he gets sued, we should all raise a riot. The guy did nothing but good in restoring consumer freedom, and the DMCA should go to hell.
  • AggieTales, on 10/12/2007, -1/+6In the US at least, just using the tool is illegal.....
  • MrFlesh, on 10/12/2007, -0/+4The PSP firmware also had ever changing DRM and people defeated that by constantly updating the hack or making loaders for earlier versions. Damn editor time limit. First hacks are never complete or pretty give it a month maybe two.
  • gwjc, on 10/12/2007, -0/+4Supplemental reading on AES-CBC @ http://www.faqs.org/rfcs/rfc3602.html
  • Jugalator, on 10/12/2007, -0/+4The HD-DVD version of The Chronicles of Riddick (25 GB) currently has 16 seeders and 375 leechers on The Pirate Bay. Could perhaps be more with a bit smaller size, but looks like reasonably many anyway.
  • 3dom, on 10/12/2007, -0/+4in decss they had to reverse a cipher, muslix64 basically found a backdoor of sorts and that it was much easier than what dvd jon and co had done- he said so in a recent slyck interview
  • Jugalator, on 10/12/2007, -0/+4"GOOD LUCK ON TRYING TO HACK EVERY COPY OF THE MOVIE TOO. "

    Ouch, my ears...

    Why is that needed anyway? If decrypted movies are already out, they are already out.
  • dwbell, on 10/12/2007, -0/+3I don't believe BD+ is implemented yet... could be wrong though.

    Anyway I'll call next month.
  • wonboodoo, on 10/12/2007, -1/+4Here's the thread comment where muslix64 goes into more detail on how he goes about finding the key: http://forum.doom9.org/showthread.php?p=941095#post941095 . Pretty straight-forward really, but kudos to him/her for coming up with it. When he found the HD-DVD keys the speculation was he was using a player that stored a key in plain-text and he was able to find the keys because of poor hardware design for a particular model. This is obviously not the case with the method he uses, he just needs a memory dump of the disc and the hardware is irrelevant.
  • 3dom, on 10/12/2007, -1/+4you are correct, I meant backdoor in the sense he'd found the keys unprotected in the memory as opposed to breaking encryption at the front gate to get to them
  • Yoshi39, on 10/12/2007, -0/+2No not popular at all
    Superman Returns HD-DVD 1080p
    Size: 28GB
    Downloaded: 820 times
    I can't tell you the name of the tracker because they ban anyone that talks about them in public...
  • lordsandwich, on 10/12/2007, -0/+2Quite possibly the only way for the **AA to find muslix64 is to petition doom9 for the forum logs, but the site is already known to be hosted in a DMCA-safe country. Heck, they're still offering downloads for DVD Decrypter and DVD Shrink, whose authors were threatened with lawsuits if they didn't try to take down all available copies.

    I think muslix64 is safe for the time being. :)
  • scorpionx, on 10/12/2007, -1/+3and how could they track him down? would they use the ISP there to find out who he is? do forums log your ISP adress when you post in them? just curious for my own privacy
    --------------------------
    Every forum I've ever used logs the IP address you posted with. That is how most admins and mods ban people from forums. I'm sure you could make the forum not log IPs but then you wouldn't have a way of banning people other than by user names, which doesn't work very well.
  • SyDIGG, on 10/12/2007, -0/+2BDA is holding BD+ in reserve. As of right now, the current Blu-Ray titles on the market do not have BD+. You bet that BDA is planning to implement this ASAP.
  • ericrous, on 10/12/2007, -0/+2Pirate Bay and AllofMP3 were in "DMCA-safe" countries too. Didn't stop police from kicking in THEIR doors. I just hope muslix64 has taken thorough precautions to ensure his anonymity; otherwise he he'll likely be arrested, sued out of existence, or both. The only free speech is anonymous speech.
  • inactive, on 10/12/2007, -0/+2muslix64 must get all the ladies. i mean... cmon.. i think his pick up lines go something like this..

    muslix64: "i cracked blu-ray will you go out with me"
    woman: (sprays him with mace) "stop stalking me!"
  • Vektuz, on 10/12/2007, -0/+2The whole DRM thing is stupid anyway.

    There are really two kinds of people who do the 'pirating'. One is a bunch of internet people that download torrents/upload to newsgroups. These people tend to download a movie, watch it, and delete it. These people would never have purchased or even watched the movie (perhaps at a friends house) in the first place, if it wasn't available. The net loss to the recording industries from these people is exaggerated by the studios, but I would argue its almost zero.

    The other kind is the kind of person who is part of a giant piracy group which creates images of these things, then mass reproduces them (physically) for sale in china/taiwan/korea/etc. THe net loss from these people is possibly billions of dollars

    The sad thing is that all of this DRM crap is only prevents the FIRST group of people (small time individuals).
    Because the SECOND group (huge pirating rings) simply get ahold of a real disk, and duplicate it bit for bit (including all the stupid DRM all over it) so that it plays just like the original. Duh. There's no DRM they can put on that crap to make it uncopyable by these people.


  • CovardeAnonimo, on 10/12/2007, -0/+2"DVD Jon (and friends) actually reversed a cipher, all muslix64 did was go around AACS by getting the keys out of the memory of the software player."

    people, DVDJon didn't reversed the cypher right away as many of you think. he used an atack similar to what muslix64 did, the diference is that DVDJon found the keys on the software's .EXE file itself, instead of the memory.

    reversing the cypher was done only after he had all the keys available. i remember that because i downloaded his source code from a newsgroup right after he released it, and it had all the keys right there.
  • llMll, on 10/12/2007, -0/+1hd dvd sucks

    blu ray is SOOOOOOO much better (by the numbers btw)
  • llMll, on 10/12/2007, -0/+1Ouch nothin...

    BD+ is not the same as DVD encryption. Every disc is encrypted differently and you have to hack every disc differently
  • edzieba, on 10/12/2007, -0/+1"Is it illegal? Depends on where he lives. As much as I'm sure it pains them the MPAA and RIAA only write the laws in the USA."
    Tell that to the RIAA/MPAA! Remember the whole thing with Piratebay? And now they're suing AllOfMP3? Neither of these reside in the US.
  • sprech, on 10/12/2007, -0/+0I have a theory about this. For every one programmer that writes a program that is meant to protect information, software, music, or keep people out of a website, there are 100 crackers working at a faster pace to crack it, patch it or get a serial number or password for it. That’s reality!
  • moduc, on 10/12/2007, -1/+1
    Misleading article. This is not the first. The guy did not circumvent the DRM scheme. He circumvent the DRM. The DRM scheme was published and all he did was implement it AND hacked a player. It's true that the DRM scheme has problem with protecting its key. But this is almost known to them, or anyone knowledgeable, that at the present time, there's no good way to protect content or method to produce content on the playing end, and also allowing the playing end to work.

    For people still have problem with this, here's further info: for the video to be played, the video is decoded on the playing end (video player, computer, whatever that is), and played. This decoding method is done on the "playing end". Since the decoding software/hardware is at the home of every consumer, the consumer would have the ability to analyze it. It's sure harder with hardware. So, I think instead of using software, provide decoding on the hardware level would make it harder.
  • wtf00, on 10/12/2007, -1/+1I could see this turn into cat and mouse game.. my question is if this getting crack because of key being openly in the memory how about when they update this exploit, and they encrypt the key in the memory too? how they going crack it than? brute force until end of time? whatever.. probably is going to be long time until we see true crack for blu-ray and hd-dvd..I'm dying for this corp unleash all there DRM protection scheme to fullest instead of portions.. so cracker have full thing work with and crack it completely.
  • raid5, on 10/12/2007, -0/+0thank you muslix64!
  • iBoxSecurity, on 10/12/2007, -1/+1so thats now been hd-dvd cracked and now blu-ray......
    So what new format will they come out with next week with unbreakable encryption that the community can break!?

    If muslix64 actually managed to break the encryption and can repeat this on the majority of disks then well done! I myself will be heading towards HD-DVD rather than blu-ray.

    ------------------------------------------------------------------------------------
    http://ibox-security.net/blog
    http://seanprice.net/blog
  • long1, on 02/07/2009, -0/+0How to ripping a Blu-ray disc, here are 4 solutions, you can choose to fit your need
    http://www.blurayripper.net/
    Blu-ray Decrypter download and guide
    http://www.blu-ray-decrypter.com/
    http://free.blu-ray-decrypter.com/
  • johnvid, on 10/12/2007, -0/+0REQUEST:

    I have just authored my first blu-ray disk (own footage)(Small enough to fit on conventional DVD media), , and want to test it. Due to the nature of the process I think the project needs to be on a blu-ray disk and played in a blu-ray machine, this article says VNC will play the files, but it only plays the MPEGS if you burrow into the correct folder(so no good for clients). I would rather play the Title as it is supposed to be viewed and preferably from a DVD. can anyone suggest a better player SW

    Anybody got any answers??? THanks
  • videosoftware, on 04/09/2008, -0/+0See the specs of Blu-ray and HD-DVD.
    http://www.video-x-ware.com
    http://www.video-x-ware.com/?p=12
  • craftgir, on 01/13/2009, -0/+0The thing is.....the hackers seem to always have the thing cracked as soon as it comes out.

    http://denondvdplayers.weebly.com/
  • bluemist, on 10/12/2007, -2/+1Can the HD formats be re-encoded to reduce filesize but still at the same resolution?
  • tavisjohn, on 10/12/2007, -3/+2DVDJohn's downfall (For cracking CSS) was that he provided easy to use tools that the average user could use. And he also provided regular updates, to compensate for the new modified encryption schemes that came out. The last straw was when SONY spend MONTHS on a new scheme for DVD's, and he had cracked, updated his app, and posted it on the web within 24 hours of the new scheme hitting store shelves!

    Yes he lost his domain for the tool. And yes he was legally prevented from doing ANYTHING reguarding hacking CSS ever again. (Someone else has designed a new front end tool that can detect the CSS encryption schemes that his original tool could not handle before, and tell it how to crack it!)

    Even if this hacker does nothing with his findings, all he has to do is post how to crack it on the web, and someone will make the tool, and it will eventually be soo easy that anyone with enough HD space, an HD/BLU RAY-DVD Burner, and blank media to copy HD movie content.
  • Fetching more discussions...
    Show 51 - 55 of 55 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.