AACS - BUSTED!

AACS - BUSTED!

Summary: AACS took years to develop and millions of dollars to bring it to the consumer market and yet it's been completely broken within weeks of high definition Blu-ray and HD-DVD players falling into the hands of hackers.

SHARE:
TOPICS: Security
12

[Updated: Feb 13, 2007 @ 4.15 pm] I've just found out that SlySoft have a beta version of AnyDVD HD in the pipeline.  This application is able to rip HD-DVDs (but not Blu-ray discs).  Details here and here. 

AACS took years to develop and millions of dollars to bring it to the consumer market and yet it's been completely broken within weeks of high definition Blu-ray and HD-DVD players falling into the hands of hackers. 

At least the hackers have been fair and busted both formats at the same timeA hacker on the Doom9 forum called Arnezami has released details of a crack that allows the processing key, media key and the volume ID to be extracted.  The critical factor here is the discovery of the processing key.  This single key allows for the easy decryption (as easy as decrypting a DVD) of every single Blu-ray and HD-DVD disc released so far.

[poll id=81]

The crack was beautifully simple - just a matter of keeping an eye on the information stored in RAM and watching out for changes.  It doesn't get much simpler than that.  This crack builds on work carried out by another hacker called Muslix64.

Secure DRM such as AACS relies on no vendor making a mistake.  Every product from every vendor needs to be 100% perfect.  Any mistakes creates cracks that the hackers can exploit. It seems that the studios became overconfident with regards to AACS and made some very basic mistakes, such as this with regards to the volume ID:

Its incredible how not random this Volume ID is. I just figured out what these "unique" 6 bytes are:

09 18 20 06 08 41

Here is part of the entry in our volume key list:

King Kong |V|09/18/06|

Yep its a date (09/18/2006) and time (08:41) of the production. Although its done very weird since the hex is interpreted as decimals. But most importantly the Volume ID is not just guessable its even predictable! Incredible.

What does this mean?

This means that (especially for future software player updates) there would be no need for anyone to do a memdump/debug or anything. Only once per Media Key Block Version does the Media Key have to be extracted by one person in the world. If this is released everyone can decrypt any disc!!

That's really sloppy.  The kind of sloppy that leads to a crack.

My guess is that by the end of the month we'll see this a GUI wrapper around this hack and then anyone with a HD-DVD or Blu-ray drive and software player will be able to decrypt HD discs.

That's it.  Game over for AACS.  At least the hackers have been fair and busted both formats at the same time.

How will the studios respond?  Will they release the lawyers or just continue using AACS and pretend that the crack doesn't exist?  Will this crack help speed up HD adoption?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • It's laughable....

    ... how stupid is it to use the date and time? Have we or have we not spent YEARS telling users never to use guessable passwords and here we have a "security" product making a fundamental blunder.

    If this is the quality of systems work involved then they would have been better saving the money they spent on it and treating themselves to a bigger dividend on the profits.
    bportlock
  • HD suddenly looks a lot more attractive, yes.

    It might even be worth buying myself that new monitor to view it on - a saw a very reasonably priced 1680x1050 LCD display with an 8ms response time last week...

    So if an Open Source application can now be written to decrypt a HD disk and send the video stream down a standard (i.e. not HCCP compliant) DVI connection to Uncle Joe's current monitor, does this mean that all the DRM code in Vista was a waste of time?
    Zogg
    • Yes

      Great point. I bet M$ is just soooo happy about having spent so much time on that
      now. Instead of blowing time on that maybe they could have REALLY made a truly
      killer OS, but no, they did not.
      IAHawkeye
  • Adrian, right on!

    It really is futile what the RIAA and MPAA are doing is it not? I'm actually very
    happy about this. Maybe someday, after enough money has been spent on failure,
    and enough profits lost from ill will because of this DRM crap, we will finally see
    them start to just offer entertainment for reasonable prices.

    They have to know that anything they come up with WILL be hacked. That's just
    the game, and they are not that good at it. I think it's because putting in any
    system that could PHERHAPS work would be so expensive, for both them, and the
    hardware manufacturers that it just won't happen.
    IAHawkeye
  • How many hundreds of millions of $?

    With literally, Vista, from the ground up implementing DRM everywhere, to the point of encrypting/decrypting traffic on the bus, what, honestly is the $ cost that DRM added to MS in development, testing. It has to be a substantial percentage of all the Billions they threw into development.

    How much of the cost of current HD players is a direct result of the DRM requirements. I mean, come on, if I can buy a regular DVD player for $20 at WallyWorld, without DRM and just a better laser/drive, would the unit cost be an actual what, $200 at this time? How many tens of millions has Sony and Toshiba eaten in the DRM fiasco, broken and their players have yet to reach a fraction of a percent of market penetration?

    How many tens of thousands of corporate work hours were spent on the specification, deployment, meetings, tech trials, etc by the entire DRM consortium.

    And it appears that 8 days of effort by a talented hacker (who self admittedly took the wrong track) and the current scheme is worthless. Absolutely worthless.

    So now it comes down to choices for the MPAA.
    1) Revoke all current keys, rework the encryption and cause ALL CURRENT TITLES to become frisbees once a player is updated or
    2) Not update all players, current movies still play, however, make all current players UNABLE TO PLAY any future titles.

    BD-Plus is not available yet, and if Sony has any intelligence left in their management, they will leave BD-Plus as the horror film that was never made.

    And all I can do is smile, smile, smile at all the money coming out of every one of their bottom line and profit margins as DRM continues to be the "Black Hole that Won't Quit".

    If the MPAA takes EITHER choice 1 or choice 2 without either replacing all disks or players, HD in it's current incarnation is deader than a doornail.

    The coming days and weeks will be fascinating to watch. This does, completely open the door to HD drive in Linux, since it will now be trivially easy to create the wrapper to tell the player "All is Fine".

    It would be the ultimate irony if Linux adoption actually grew directly as a result of HD being much more economical, easy, and of higher quality on Linux as opposed to Windows. I wonder if MS has a backup plan to rip the DRM out of their platform if, as we all hope, DRM is truly in it's death throes?

    TripleII
    TripleII-21189418044173169409978279405827
    • Yep, you pretty muched summed it up nicely.

      I do not however, agree with you on the Linux prediction. Simply for the reason
      hacks will be available for Winblows and Mac too. So this will balance out on all
      systems. It will take other things to happen to push Linux adoption. I personally
      do hope that Linux (And of course Mac) adoption continues to increase, but for
      the right reasons. Because people enjoy choice, and are looking for something
      better.

      Amen to DRM dying. Can't happen too soon. The DRM terror has reigned for too
      long, maybe the rebellion has destroyed the DRM star for good? (yeah, star wars
      stuff may be corny, but we are all geeks here right?)
      IAHawkeye
  • Suckers

    Millions of dollars, thousands of man hours, all shot down in a matter of days by a couple of unpaid hackers. Sigh, when will the idiots learn that DRM is a suckers game? Or will they just keep throwing money away on something that will never work and that their paying customers hate?
    tic swayback
    • The real problem....

      ... is that many DRM-producing programmers are just ordinary guys'n'gals. Some of these uber-hackers read in binary!! How many "standard" programmers have the autism-like capability to read through memory dumps and stack traces to uncover this stuff.

      Thank god for the uber-geek!
      bportlock
      • You nailed it there ...

        Spot on.
        Adrian Kingsley-Hughes
        • Ditto (nt)

          (nt)
          klumper
    • Suckers...

      Yes and no, we will pay for their stupidity every time someone purchases a HD-DVD or Blue Ray DVD. Because they will bake the cost of their failures into the price of their products.

      I wish they would learn, if they charged a fair price for the products more people would purchase them, As of right now there is to much money to be made by selling pirated copies of movies.
      mrlinux
  • Just goes to show you

    We need tougher copyright laws.
    none none