What is Digg?37 Comments
- britkev1, on 10/12/2007, -1/+9So basically as long as your player software/firmware is not updated, the disc will play fine? I guess thats what I am reading. Cool with me!
- kutsal, on 10/12/2007, -2/+10@jacobee591
"I'm just wondering why anybody would want to backup a disk that large"
Because they want to see if they could. The same concept as "why would anyone want to run Linux on ".. Or why would anyone want to send probes to Mars..
The answer is always similar to "because we want to see what happens when we try"... - ExSlashdotter, on 10/12/2007, -0/+5More like "The bomb has been defused. All your base are belong to DVDJon."
- ChewyBass, on 10/12/2007, -0/+5I may be mistaken, but say you buy Pirates of the Carribean and the key is cracked, they invalidate that key either by uploading a firmware update or one on the next HD DVD you play, then P of C would not be viewable. Are the studios going to supply you with a workable disk, or as always someone that isn't doing illegal sharing gets stiffed. It seems that the studios are in a corner, they either stiff their customers for a few hackers, or its back to the drawing board.
- JimXugle, on 10/12/2007, -0/+5You could always brute force all 32^15 keys...
00000000000000000000000000000000
00000000000000000000000000000001
...
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - goatrandy, on 10/12/2007, -0/+4Deluxe247 - That's just not true. If you've ripped your disc, it is no longer encrypted and therefore cannot be 'revoked'. If you already have the discs key it cannot be revoked. They can change it in the next pressing of the disc, but not revoke it on the current batch. Plus the only key that they can revoke is the machines key, not the movies key.
So by sharing the movie keys extracted from your compromised software/hardware you can allow others to rip it without divulging which software/hardware you used and thereby prevent them from revoking your compromised systems key. They just plain won't know which 'device' to ban, because the movie key is the same for all systems, it's just the players key that changes. - dasilva333, on 10/12/2007, -0/+4posted by muslix64 on youtube:
http://www.youtube.com/watch?v=_oZGYb92isE&eurl= - DASH, on 10/12/2007, -0/+4The article states that he didn't crack it, it says that he simply found the private key and was able to provide it to something else that authenticated the key and he then was able to back up the disk.
If I missed something someone feel free to correct me. - generalleoff, on 10/12/2007, -0/+4Does not explain anything new and they even managed to confuse the RIAA with the MPAA.
- Jugalator, on 10/12/2007, -0/+3People keep talking about key revocation lists and patches being applied, or even re-encrypted HD-DVD's if a volume key is leaked (imagine the extra costs for media companies for *that*), but what I don't honestly understand is why hackers should even care about all that?
If a hacker finds out for example a volume key -- like it seems this hacker did unless it's some sort of hoax -- the person can just use it along with this tool to decrypt the disc, and the work is done, right? Then it's just a matter of spreading the decrypted, DRM-free, disc on a file sharing network as an image file. Business as usual, in other words. Who'd care about revocation lists? Sure, movie companies can start pressing new HD-DVD's with different encryption keys but that'd be too late anyway as the decrypted disc would already be out. Few pirates would be stupid enough to go to a *retail store* and get a fresh disc and start crying about how a leaked key didn't work on it. :-s - Deluxe247, on 10/12/2007, -0/+3http://forum.doom9.org/showthread.php?p=924730#post924730
Read this first if you don't know mucha bout how HD-DVD and playbacks work. The link is to the release of v1.00 by Muslix64, and he also started the thread. Lots of information from people who KNOW what they are talking about. Might want to read before you comment on blogposts based on THIS actual thread. A lot of in depth conversations - but no real proof that it works. - Deluxe247, on 10/12/2007, -0/+2(This was posted yesterday...)
The original thread where Muslix posted is on the doom9 forums - you can check it out there if you want to do more research on the subject. People are still skeptic and this was only a "proof of concept" that it could be broken - but without actually providing people with this elusive key to PROVE he really found one and it works, it's nothing more than hearsay.
I want to believe, but I'll wait for a smarter hacker than me (i.e. anyone on the planet) to actualy prove out the concept. Just because it sounds good and 'works' on paper doesn't mean its completely legit. - Deluxe247, on 10/12/2007, -2/+4They will work with any HD DVDs you have purchased prior to the revocation of those numbers. As new HD DVDs are released they add new revocation numbers to them. So basically you buy a new one, pop it in your machine, and it autoupdates itself. You don't actually have to do a 'driver update' or something of that sort.
So basically unless you ONLY want to watch your old movies, eventually you are going to get revoked. Oh, and they don't play AT ALL right now. This is just proof of concept but missing a major element to actually playback the dumped movie. - vibez, on 10/12/2007, -0/+2Just remember that no one has yet to prove this really works. He has provided no evidence to suggest he knows how to extract the keys needed. Take it with a pinch of salt
- silverstrike, on 10/12/2007, -0/+2No one is trying to "crack" public-key crypto here.
We're probably going to have to wait for a P=NP proof for that to happen anyway.
They're just trying to crack THIS public-key crypto, and crypto algorithms are prone to flaws, bugs, and vulnerabilities just like all algorithms. - se7en11, on 10/12/2007, -0/+2I agree. Hackers are always going to be right on the heels of cracking new technology. The people that get these movies illegally whether it be via torrents, copies or however are probably not he ones that would buy the movie anyway.
- JimXugle, on 10/12/2007, -0/+2No... Content Scrambling system ( http://en.wikipedia.org/wiki/Content_Scramble_System )
It's the encryption system used on regular DVDs. - mohaine, on 10/12/2007, -0/+2It doesn't work that way.
I'm pretty sure AACS works something like this:
1. The Video is encrypted via a secret key. This is the disk key. You must have this key to decode the disk's video stream.
2. The disk key is encrypted via each player's key and a copy of this encrypted version is added to the disk. Each disk has one copy of the encrypted disk key for every player that will ever exist. Assuming a few million of potential players (one player key per model?), this should only add up to a few MB of data.
To revoke a key for a player, they just leave that player's encrypted disk key off of future disks. Existing disks that have the key will still work though. - goatrandy, on 10/12/2007, -0/+2Actually it would be easier to record the content of eax while playing a movie back with PowerDVD, and then try them all until one is the key. It has to be in a register as plain text at least once for playback to work.
- superkendall, on 10/12/2007, -0/+2Why can't you simply watch them at full resolution on your monitor?
The flag that is used to limit resolution of playback (ICT) is not currently enabled for any movies, nor is it likley to ever be since it would inconvenience too many people. - mohaine, on 10/12/2007, -0/+2@badantheugly
.... or selling the crack to some underworld pirate...
Commercial pirates don't really care about CRAP(a.k.a. DRM) because they will just produce a raw copy of the entire disk, DRM and all. No decryption required. No reason not to make the copies just like the original.
This CRAP is really just to stop casual copiers and fair use. - Aninhumer, on 10/12/2007, -0/+2Yeah, and blu ray will never be hacked?
If anything this is good news for HDDVD backers, it wouldn't get cracked so quickly if people didn't like it.
(Obviously it's bad news for the studio, but they can't stop this happening) - ScottMaximus1, on 10/12/2007, -2/+3The Bomb has been defused
Counter-Terrorists Win - aegis9975, on 10/12/2007, -1/+2First off, Pirates of the Caribbean won't be coming to HD-DVD anytime soon since it doesn't have Disney studio support. More importantly, if they do revoke the private title keys in future players, expect early-adopters that bought compromised movie to be screwed on newer players.
- superkendall, on 10/12/2007, -0/+1How are they "going to upload a firmware update"?
You can't have firmware updates for every player on the planet in every disc. Furthermore there is no need for network connectivity with any HD-DVD or Blu-Ray player, despite some people's fantasies to the contrary. - cypher35, on 10/12/2007, -2/+3Cascading Style Sheets? O_O
- hoowahman, on 10/12/2007, -0/+1Why are you people digging this guy down?
- inactive, on 10/12/2007, -0/+1once the keys start rolling in you should find them at http://www.aacskeys.com
- inactive, on 10/12/2007, -0/+1Okay. It seems like nobody that is blogging the HDDVD crack can figure this out. To get the title keys in their decrypted form, muslix64 played the hddvd while hooked up to a vga monitor, then somehow grabbed the unencrypted key from RAM. Whatever software dvd player he used (on the forum) stored the unencrypted key somewhere in RAM when it was played, muslix64 just grabbed it somehow.
at least i think... - Timmmm, on 10/12/2007, -0/+0There seems to be a lot of confusion about this. Here's how it works:
Each HDDVD/blu-ray release gets a title key, a media key (volume key) and media key block (MKB) that is generated by the MPAA. The title key is encrypted with the media key, and that is encrypted with the MKB.
The MPAA also issues all device manufacturers (PowerDVD, hardware DVD players, etc.) with a device key. Each gets a different device key. This is kept secret as much as possible - obfuscated in software, and protected in hardware somehow.
Now, in order to play a disc, the device uses its device key and the disc MKB to decrypt the media key. Then it can easily decrypt the title key and use that to decrypt the content. The clever bit is that the MKB only works with certain device keys. The MPAA presumably has a bank of valid device keys (say 10,000 of them) that they issue. Initially all disc MKBs will work with all device keys. However, if a device turns out to be insecure, then its device key will be revoked. This means that subsequently pressed discs will have a MKB that doesn't work with the compromised devices' device key. It will be issued with a new key if it is software, or fail to work it if is hardware (without a firmware update).
Now as I understand it, this 'crack' find the currently playing title key from memory using PowerDVD. While you can get the current titles' title keys (all you need to decrypt the content), all that will happen is that PowerDVD will update their software to make this 'crack' not work, and their old device key will be revoked so the old PowerDVD can't find out the title key in the first place. This might have already happened in fact - does HDDVDBackup work with newly pressed CDs? Has PowerDVD been updated?
So this 'crack' (it isn't really a crack in any sense) isn't really a long-term solution.
The only way I can really see that you can get around AACS in the long term is to either: Break into the MPAA's HQ and steal all their device keys, or find the device keys from a large number of hardware players - I doubt the MPAA would revoke them all and break everyones hardware.
More info here: http://www.aacsla.com/marketplace/overview/aacs_technical_overview_040721.pdf - esquire360, on 10/12/2007, -0/+0my hope is that i can use this to buy hd-dvd's and rip them and watch them on my 24inch dell 2405fpw that doesn't have hdmi, only dvi. I don't want to have to run vga. so this will be cool.
- sancho, on 10/12/2007, -0/+0@super:
Don't underestimate the power of standards.
I don't know if it is done this way, but it would be easy enough for the standard to be written such that the player has to accept key updates. This way, a full firmware update isn't required, just a small bit of memory in the system. The keys could be serialized (that is, older keys couldn't overwrite keys in the memory of the player if the keys in memory have a newer serial number) and would be raw, encrypted data that the player reads and then stores however it sees fit. - Porkchoppa, on 10/12/2007, -3/+2CounterStrike Source!
Now I'm gonna get you with an Uzi! - rabidsnail, on 10/12/2007, -1/+0Does anybody know of a good emulator/VM that allows memory and register dumps? Because that's all you need. To get the keys off of a hardware player is a difficult and expensive proposition (you need a high speed logic analyzer to act as dummy ram, if I'm not mistaken). If you have a software player all you have to do is run it in a VM, dump the memory and registers at the appropriate time, and sift through them later. It's also always going to put it in the same place, so you can automate the process. This way in order to make it even very difficult they would have to ban software players altogether. You could also try using a debugger or memory editor, too, but they might be able to play games to prevent you from accessing its memory space. It's impossible to do that with a VM.
- badantheugly, on 10/12/2007, -2/+1I believe that there are $Millions prizes on offer for anyone that can crack public key cryptography.
Question: if you had a genuine crack (and this doesn't appear to be it) would you be able to make more money by claiming the prize, or selling the crack to some underworld pirate?
Of course, if you actually had a crack, would you want to publicise it by claiming the prize? You'd become famous as "the guy who broke all the tubes", then you'd get to spend the rest of your life in Area 51 ;-) - daridave, on 10/12/2007, -4/+2NOT cool with me.
I am hating this. I prefer HD DVD to Blu-Ray, I consider this terrible news. - jacobee519, on 10/12/2007, -9/+5And as long as it's updated, it'll keep getting cracked. I'm just wondering why anybody would want to backup a disk that large. It'd seem to me that it'd be more convenient to just keep them on their respective disks than back them up as an enormous file. But then again, my two terabyte raid configuration isn't in from newegg... yet. :D
© Digg Inc. 2009
— Content created and posted by Digg users is