AACS - BUSTED!

Summary:AACS took years to develop and millions of dollars to bring it to the consumer market and yet it's been completely broken within weeks of high definition Blu-ray and HD-DVD players falling into the hands of hackers.

[Updated: Feb 13, 2007 @ 4.15 pm] I've just found out that SlySoft have a beta version of AnyDVD HD in the pipeline.  This application is able to rip HD-DVDs (but not Blu-ray discs).  Details here and here. 

AACS took years to develop and millions of dollars to bring it to the consumer market and yet it's been completely broken within weeks of high definition Blu-ray and HD-DVD players falling into the hands of hackers. 

At least the hackers have been fair and busted both formats at the same timeA hacker on the Doom9 forum called Arnezami has released details of a crack that allows the processing key, media key and the volume ID to be extracted.  The critical factor here is the discovery of the processing key.  This single key allows for the easy decryption (as easy as decrypting a DVD) of every single Blu-ray and HD-DVD disc released so far.

[poll id=81]

The crack was beautifully simple - just a matter of keeping an eye on the information stored in RAM and watching out for changes.  It doesn't get much simpler than that.  This crack builds on work carried out by another hacker called Muslix64.

Secure DRM such as AACS relies on no vendor making a mistake.  Every product from every vendor needs to be 100% perfect.  Any mistakes creates cracks that the hackers can exploit. It seems that the studios became overconfident with regards to AACS and made some very basic mistakes, such as this with regards to the volume ID:

Its incredible how not random this Volume ID is. I just figured out what these "unique" 6 bytes are:

09 18 20 06 08 41

Here is part of the entry in our volume key list:

King Kong |V|09/18/06|

Yep its a date (09/18/2006) and time (08:41) of the production. Although its done very weird since the hex is interpreted as decimals. But most importantly the Volume ID is not just guessable its even predictable! Incredible.

What does this mean?

This means that (especially for future software player updates) there would be no need for anyone to do a memdump/debug or anything. Only once per Media Key Block Version does the Media Key have to be extracted by one person in the world. If this is released everyone can decrypt any disc!!

That's really sloppy.  The kind of sloppy that leads to a crack.

My guess is that by the end of the month we'll see this a GUI wrapper around this hack and then anyone with a HD-DVD or Blu-ray drive and software player will be able to decrypt HD discs.

That's it.  Game over for AACS.  At least the hackers have been fair and busted both formats at the same time.

How will the studios respond?  Will they release the lawyers or just continue using AACS and pretend that the crack doesn't exist?  Will this crack help speed up HD adoption?

Topics: Security

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.