HD-DVD AACS hacked

HD-DVD AACS hacked

Summary: A hacker going under the alias "muslix64" has written a utility which is capable of decrypting a AACS (Advanced Access Content System) protected HD-DVD discs.

SHARE:
TOPICS: Security
26

A hacker going under the alias "muslix64" has written a utility which is capable of decrypting a AACS (Advanced Access Content System) protected HD-DVD discs.

The decryption tool, called BackupHDDVD, is a Java-based command-line utility which decrypts the .evo video files found on a HD-DVD disc and saves them to your hard drive so they can be played using HD-DVD playback software.

I've taken a look at the source code for BackupHDDVD (which is currently included with the software download) and it seems genuine enough.  According to the comprehensive FAQ which accompanies the source code, BackupHDDVD simply implements the AACS decryption protocol as outlined at aacsla.com (the official AACS website).  Title keys, which are required to decrypt the movie files, are stored encrypted on the HD-DVD disc but this hack seems to rely on the fact that CyberLink PowerDVD 6.5 HD-DVD extracts these keys and doesn't protect them well enough (I'm a little hazy on this because "muslix64" is is being vague as to how he got hold of the title keys).  What I am sure of is that BackupHDDVD doesn't extract the keys itself, it merely relies on having access to the keys.  They key here (if you pardon the pun) is that "muslix64" has found a way to get at these keys.

Here's what "muslix64" thinks of the AACS protection mechanism:

What do you think of the technical aspects of AACS?

The design is not that bad, but it's too easy to have an insecure player implementation somewhere. And just one bad implementation is all it needs to get the keys! There will always be insecure implementations of a player somewhere! And the "Revocation system" is totaly useless if you use the Title key directly.

The point about the revocation system being next to useless is spot on - if you have access to title keys, you totally bypass the revocation system automatically.  Also, to be honest I never saw the revocation system as being all that effective - if the media companies revoked a key this would mean that legitimate owners couldn't play contents which they had bought.  This would no doubt end in lawsuits.

What's interesting here is that while this hack might give HD-DVD a temporary advantage amongst enthusiasts who want to backup discs (and given the higher data density of HD-DVD and Blu-ray discs, this isn't such a bad idea), in the long run it won't give either format an advantage because both HD-DVD and Blu-ray use the now cracked AACS DRM mechanism.

There are still a few bugs in the decryption process (namely fast-forward and rewind issues and also sub-titles don't work either) but I'm pretty sure that we'll see future implementations which fix these issues.  Also, BackupHDDVD currently only supports Windows, but given that it is based on Java, I think that Linux and Mac versions will be along shortly.

See the process in action in the video available on YouTube.

Does this make you more likely to adopt the HD-DVD standard?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • Typical

    The RIAA and MPAA will never learn. All they do is make it more expensive for the consumer. Everyone must pay a fee for a license to ENCRYPT a file for so called protection. I am aware of only one system that was never beaten. That was the Native American Indian code used during WWII. Give it up and start making decent movies again.
    jollyrgr3@...
    • Even that code would be cracked

      Even that WWII code would be broken if the keys were given out. That's the problem with DRM. First you lock up the content. Then you sell the content and in order for the buyer to view said content they need a way to unencrypt it so you have to give them the keys. So then all it takes one clever person to find the keys then post that to the internet for anyone to find. Next you get host of different software being developed to use those keys and those get posted everywhere too.

      Encryption only works when you don't want the another person viewing the content and even then that's not fool proof.
      voska
    • Only one...?

      >"I am aware of only one system that was never beaten."

      There are thousands of systems which have never been "beaten". Secure communications is no problem.

      The problem with DRM is that it isn't real cryptography, it's just a game of hide and seek with the encryption keys.

      To "beat" a DRM system you don't have to break the encryption system, you just have to find where they hid the keys in your PC, and that's exactly what this guy has done.
      jinko
      • agreed

        Yup. Agree 100%.

        In order to play a movie, it needs to decrypt it, right?

        And in order to decrypt it, it needs a key, right?

        Therefore, any software that needs to decrypt the movies needs to store the keys somewhere.

        It's not a matter of beating the encryption - it's only a matter of finding where the keys are hid. As long as it's in software, all they have to do is scour the harddrive for them, or reverse engineer the software to find where it's looking for the keys. It's not really a matter of if as it is a matter of when.

        I'm surprised it took this long.

        So, yeah, I totally agree.
        CobraA1
  • No surprise

    Gee what a shocker, once again, a DRM system is cracked. Is there any content protecting DRM system that has ever been successful? The obvious point which is so often ignored is that any system where you have to give the keys to the person you're trying to lock out is doomed to failure. The only people DRM is good for are those people who are selling DRM to the copyright holders. They make nice money, the copyright holders get failures and the content purchasers get inconvenienced.
    tic swayback
    • There is actually one surprise.

      That is that it took as long as it did for the DRM scheme to be cracked.
      Letophoro
      • Not really that surprising

        Given how little content is available in this format, especially how little desirable content, it's no surprise that there was no rush to crack it. Guess it was just something someone did in their spare time for fun.
        tic swayback
  • What is even more interesting is ...

    ... that based on looking at some source code and without verification you are reporting this hack works! Have you seen any actual HD DVDs broken and stored on a hard drive? If not, don't believe everything you read on the Internet!
    ShadeTree
    • What's hard to believe

      Sounds like a pretty simple hack as it was the hardware that did the goof up. All the software does is take advantage of that flaw. Why is it so hard to believe given that every other DRM scheme out there has failed why should this one be any different?
      voska
      • This one is slightly different...

        This DRM system is slightly different because they can revoke the rights of specific players to view new disks (the player will still play older disks, just not new ones).

        There's two problems with this:

        a) They can't tell which players are compromised by looking at the keys which get published.

        b) Revoking people's players because a pirate hacked one of them is going to make customers very very angry. I can't believe they'd really do it.

        There's a third possibility which is to encrypt every single disk with a different key. I don't know if this is practical for them to do - the price of disk duplication would go through the roof.

        If they do manage to do this then published keys would be useless. OTOH you don't need them, you only need *one* copy to be decrypted and it's all over. P2P networks today typically only have one or two copies of a DVD on them - that's all that's needed.
        jinko
    • I've verified that it works

      Yep, it works.
      Adrian Kingsley-Hughes
  • Every attempt at DRM will fail ...

    Its that simple. Its just like fighting spam. In the absence of a police state people will find ways to break every DRM innovation and publish it, and once the crack is in the wild, the technology is useless. All of the efforts at DRM are like fighting the wind and tilting at windmills. Its all money down a rathole just like trying to fight spam and phishing, you close one hole and they just open another one. But its entertaining to watch it go by.
    George Mitchell
    • Fighting Spam

      Hey, wasn't it in 2004 that Bill Gates told us Spam would no longer exist in 2 years? Guess he better start hurrying on that one. One wonders if he gave similar promises to those to whom he sold DRM.
      tic swayback
  • Don't really care about copying to hard drive

    Actually, I don't care at all about Blu-Ray or HD-DVD.

    However, the true benefit would be open source players for these things.

    If it works.
    mobrien_12@...
    • Unfortunately it's not that simple

      Microsoft and the media content providers are taking steps with Vista which mean even if you don't use the technology you will still be affected, especially when hardware designed to accomodate the new DRM is released :

      http://www.theregister.co.uk/2006/12/28/vista_drm_analysis/

      guess I'll stick with XP and my old hardware!
      BobF_z
      • Vista is irrelevant.

        I was talking about open source players. Vista, I would not touch.

        Of course, Blu-Ray I won't touch either... I have a problem with a player that has a self destruct sequence built into its specs.
        mobrien_12@...
    • I do want movies on my harddrive

      Here's why. Disk space is getting cheap. Soon having several TBs of disk space will be reasonable in price. Even right now you can get a TB fairly easily, getting 10 TBs is a little more expensive.

      So here the way I see it. I'd like to put my entire movie collection on a server in a database. I have mini-PC at every TV connected via Cat6E. So at anytime from any TV I can click the remotes and bring up a movie.

      Ever watch TV and see a good movie but they've hacked it to bit, filled it with a 1 hour of comercials, and bleeped out any words the TV Channels feels in inappropriate. Then you think "I have that movie on DVD". So do you go digging through a pile od DVD to pop in the movie? I find I don't but if at the click of the remote I could pop up that movie, well there something I'd like.

      Right now I can put my non-HD DVDs on 2.4 TBs of hard drive space. I don't have that space yet but I have toyed with MYTH TV and put 2 Movies into it. The concepts works but just needs to go a little further.
      voska
      • Ah, I see.

        You want to make a HDD-based movie "Jukebox" of movies that you bought. Kind of like ripping your CD's to your hard drive.

        Something that the MPAA would like to stop with their DRM.
        mobrien_12@...
        • Exactly!

          I'm not so sure the MPAA would want to stop it. They sure don't want some Internet user browsing my Movie Juke Box and downloading the content. That I can understand.

          What see the MPAA and friends doing is thinking they should charge me again for movies in a Juke Box and using DRM to make it easier for me to pay them again vs doing it myself.
          voska
  • Great news!

    The only good DRM, is a dead / cracked DRM! Great work!
    P. Douglas