What is Digg?46 Comments
- Alfdog, on 10/12/2007, -1/+39The hack Muslix64 did was just that a simple "hack", he even admits that, but everyone knows that it's only a matter of time until it is fully broken. "Everything that has a beginning has an end..." some old black lady told me that.
- dtd00d, on 10/12/2007, -0/+18It is inevitable.
- SamX, on 10/12/2007, -1/+19If he a Human makes it, another will HACK it.
- insomniac8400, on 10/12/2007, -0/+16I think it's rediculous that these players are going to need firmware updates to play the newest disks. A european country needs to rule it illegal to protect american consumers.
- SoxFanNH, on 10/12/2007, -0/+14Yup, they wouldn't go out of their way to say this unless they were worried...
- spin, on 10/12/2007, -0/+13Not sure who said this, but:
Technology cannot build a wall that technology cannot knock down. - lostboy, on 10/12/2007, -1/+13well let's be precise.
It's true it hasn't been broken, but if the aim of AACS is to prevent you copying then yes it has been broken. - edzieba, on 10/12/2007, -0/+10AACS itself will probably not be broken.
However, DRM requires you to hold in your possession the keys for decrypting the content. Those keys may be encrypted by another key, but then you will also need THAT key in your possession. At some point, there will be a key in plaintext. Finding that plaintext key is then synonymous with 'breaking' AACS.
It's the fatal flaw of DRM itself. To play the content, it must be decrypted. To decrypt it, you must have the key. - inactive, on 10/12/2007, -2/+11trust me its has been seriously compromised
- narduk, on 10/12/2007, -0/+9"in theory it should be possible for the AACS LA to identify the players responsible for the breach and prevent later pressings of discs from playing back on those players until they are updated."
That is really not cool. - GMorgan, on 10/12/2007, -0/+7Eventually they will start falling every day then they will just give up until the next generation where you will be required to interface yourself with the MPAA and any person who tries to watch unauthorised content will be shut down.
- LurkerSteve2, on 10/12/2007, -0/+7It only takes one guy to crack the movie and upload it. In a few days, thousands will have it seeded.
Sucks to be the MPAA. - trogdor282, on 10/12/2007, -0/+7Exactly. This is basically the AACS people saying, "IT'S NOT OUR FAULT!! THE HACKERS CHEATED!!!!1!"
- SystemsGuy, on 10/12/2007, -1/+8I would respectfully disagree. To date, no one has found a venerability / attack vector on the AACS algorithm - what they have found is a way to compromise the keys in software implementations of licensed players. The algorithm takes this into account by allowing the compromised keys to be revoked - a "key" part of any encryption scheme. This does not, unfortunately, mean that the algorithm itself has been "cracked"...
- streak, on 10/12/2007, -0/+7I believe you mean "them there" profits.
- trogdor282, on 10/12/2007, -1/+6"The algorithm takes this into account by allowing the compromised keys to be revoked"
He's using a compromised player to extract _media_ keys. Revoking these keys would mean that all legitimite copies of that particular movie would quit working in all players. I doubt the MPAA has the balls to do that.
They can revoke the player keys but the damage is already done. - Phil246, on 10/12/2007, -0/+5its been compromised yes, but not seriously.
Now, if someone were to get a hold of the master keys for all players THEN it would be seriously compromised - rtilford, on 10/12/2007, -0/+5it always amazes me when loads of big companies, put loads of money into a system like this and it gets broken by a few dedicated people. All for protecting there profits. What a shame the big companies cannot be as greedy as they would like!
- legalcondom, on 10/12/2007, -2/+6"Does a human really need to spend money on watching a movie ?"
People should work to enjoy things, it makes the sweet sweeter when they know the bitter. - SoxFanNH, on 10/12/2007, -0/+4Sounds like a load of BS to me, guess I won't be looking into a player anytime soon until this all pans out..
- inactive, on 10/12/2007, -0/+3Or shot by special guns built into the DVD players.
- pabster, on 10/12/2007, -0/+2Does the fact that AACS (the AES encryption itself) wasn't technically "broken" really matter here?
The goal behind AACS is to prevent exactly what we are now able to do. Create a perfect digital copy of the source material directly from the high definition disc.
No matter how they try to spin it, their goal has not been met.
As someone else said, why bother forcing your way in to an armed fortress when you can just go around the back and kick off a rusty padlock? - brianbennett, on 10/12/2007, -2/+4So say we all.
- inactive, on 10/12/2007, -0/+1@phil246 "its been compromised yes, but not seriously."
I think you mean 'compromised., but not completely'.
All its going to take is a little time and HD-DVD/bluray will be as wide open as DVDs have become. It still baffles me that DVDs are still CSS encrypted, even though that particular DRM system has been broken for over 6 years! - HappyScrappy, on 10/12/2007, -0/+1It's more than theory, it will be done. The player key for this program will be expired and future titles will not run on it and so cannot be broken on it. The program will be updated and the new version will play future titles.
- AReallyGoodName, on 10/12/2007, -1/+2trogdor you have it backwards.
A key being revoked will prevent a particular player from playing all movies.
It won't stop a particular movie being played in all players. - inactive, on 10/12/2007, -0/+1key exchange protocols anyone?
- Soulscribe, on 10/12/2007, -0/+1But if you don't share your key with others, how will the MPAA ever be able to revoke the key. Couldn't someone just write a program that looks for a key in a computer's memory, and then uses that key to decrypt movies the owner of that computer wants to copy. But the program never broadcasts that key to the world. Wouldn't there be no way for the MPAA to revoke the key?
- daeken, on 10/12/2007, -0/+1They're quite right, it hasn't been seriously compromised. But now that we have keys for given discs, it will make it a lot easier to find them in new players. Known-plaintext attacks are very, very effective and it's only a matter of time before whatever obfuscation method they're going to use on keys is cracked using already known keys.
So no, this isn't a serious compromise, but once a key is out, you can't expect anything dealing with that key to ever be secure again. - SystemsGuy, on 10/12/2007, -0/+1trogdor282 - Agreed - I'm not commenting on what the companies in question have the balls to do, just commenting on what options are available. They will probably revoke the player key (if they can identify the player..), thus making it impossible for that player to read disks pressed after the key is revoked. I suspect that they would also require the vendors to re-key media that has already been released with new volume keys.
So in short, you are quite right - this one leak will probably show just how big a set the MPAA has - they could also invalidate the existing media keys, rendering the current compromised volume keys useless - and unplayable on all new players... - jull1234, on 10/12/2007, -0/+1How would a "good" implementation store the keys in memory?
- grumpyrain, on 10/12/2007, -0/+1Well he has his 15 minutes of fame now. Considering AACS isn't actually broken (unfortunately it is not as dumb as CSS and isn't likely to be broken DVD Jon style), I would have preferred if he kept the technique under wraps until the compromised player is installed everywhere.
- zbeast, on 10/12/2007, -0/+1No system, no matter how complex will ever stand-up to a dedicated attract by it's users.
If it were not for the flawed implementation by that developer.
this video is a good example of how you would attract a system looking for a way into its
defences.
http://video.google.com/videoplay?docid=-4356347903120410001 - grumpyrain, on 10/12/2007, -0/+1at least using a simple XOR so that the dump didn't make the position of the keys so obvious.
- GMorgan, on 10/12/2007, -0/+1Not all people know how to copy DVDs now. When AACS is cracked they will still keep it for years because only a few will know how even with DVDShrink equivalents around.
- grumpyrain, on 10/12/2007, -0/+1The problem with Muslix going public here is that he is pointing out that padlocked gate. IMO, it would have been much more effective for them to never find out how people found their way into the armed fortress. The problem is that the keys will simply be revoked and the applications will be fixed.
- pabster, on 10/12/2007, -0/+1Don't give the bastards any ideas.
- deadbaby, on 10/12/2007, -0/+1Bad player implementation eh? I guess this adds to the theory that DRM won't be perfected until it's impossible to playback the content on ANY device at all.
- grumpyrain, on 10/12/2007, -0/+1I hope not. It is based on AES, so if that is compromised we have larger troubles than pirated movies. Everything from your personal information to biometrics is secured using variants of AES. I am trying to think of an analogy here:
Imagine someone designs an amazingly secure lock. Someone else uses this lock to protect something valuable. They have a spare key cut for a friend. Although that friend doesn't just give it out to anyone, they leave it in their coat pocket at a dinner party and someone else sneaks the key to clone it.
The lock itself is no less secure, but the key needs to be changed. For movie titles, that is not a problem. Once you realise one key has been compromised, just change the key used in future stamping. But it is a lot harder when the player key is compromised. For software, they could just force a critical update download with the new key, but if your HDDVD or BluRay player in the lounge room key is compromised, there is no simple way to update it which means you can not revoke device keys. - inactive, on 10/12/2007, -0/+1At which point DRM is pretty much useless =P (well it could prevent file sharing by tying it to a user, but since everything must be allowed to play it one could look at the open source apps or other APIs to find the decryption scheme )
- inactive, on 10/12/2007, -0/+1@grumpyrain: I don't think they can revoke the player keys, thats why Muslix64 chose them, some old lady isn't going to understand why her new HD-DVD player wont play any HD-DVDs when they tell her that the DRM protection scheme was broken... Hell i wouldn't take that crap personally >.>
- olegk, on 10/12/2007, -1/+1Not true. In fact, programmers who implemented the algorithm for that particular software player did it.
It's like I tell my friend my credit card number, and he gives it to everybody else. - vancanucksfan, on 10/12/2007, -1/+1Why is this a surprise? Any piece of software on an an open box platform(ex:PC) can be reverse engineered. If we can snoop the CPU, then we can do whatever the hell we want regardless of the amount of copy protection in a piece of software. Even if they updated the players to have better copy protection, it's only a matter of time until someone cracks it again and gains access to the keys. The only solution to this problem is to not allow software players on PCs that allow playback of these formats. Stand alone hardware players are extremely secure as the software is stored inside a very tamper resistant chip . Extracting the software and/or accessing the CPU from these chips will be quite a challenge.
- MrViklund, on 10/12/2007, -1/+1Well. I hope AACS "WILL" be seriously compromised very soon...
- inactive, on 10/12/2007, -7/+5Does a human really need to spend money on watching a movie ?
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is