HD-DVD copy protection in tatters

HD-DVD copy protection in tatters

Summary: Late last year I posted information about a new HD-DVD decryption utility that was released which was capable of decrypting a AACS (Advanced Access Content System) protected HD-DVD discs as long as title keys were available. Many were skeptical. Some pointed to the technical problems of extracting title keys. Some thought that the MPAA would crack down hard on this. Now, less than a month on and several fully-featured HD-DVD movies are available for download and title keys are available for about a third of all HD-DVDs currently for sale. It's time to declare the system in tatters.

SHARE:
TOPICS: Security
42

Late last year I posted information about a new HD-DVD decryption utility that was released which was capable of decrypting a AACS (Advanced Access Content System) protected HD-DVD discs as long as title keys were available.  Many were skeptical.  Some pointed to the technical problems of extracting title keys.  Some thought that the MPAA would crack down hard on this.  Now, less than a month on and several fully-featured HD-DVD movies are available for download and title keys are available for about a third of all HD-DVDs currently for sale. It's time to declare the system in tatters.

[poll id=68]

It's time to declare the system in tattersBack towards the end of December last year an anonymous programmer going under the name of "muslix64" released a program called BackupHDDVD which could decrypt AACS-protected HD-DVD discs.  The catch - you needed the title keys for the discs in order to do this.  This is the tough part because software players capable of reading HD-DVD discs go to great lengths to protect this information.  However, it seems that they don't go far enough.  It seems that "muslix64" was able to retrieve the title keys of discs using CyberLink's PowerDVD 6.5 HD-DVD.  Now Cyberlink are trying to distance themselves from this issue and have stated that PowerDVD is secure and hasn't played a part in this hack. 

Either way, a third of all currently available HD-DVD titles have had their title keys compromised and HD-DVD movies are appearing on torrents daily in .evo format ready for playback at full 1080p resolution using software players such as PowerDVD.  Some of the movies currently available include Serenity, Pitch Black, The Chronicles of Riddick, and Batman Begins.  All the extras on these discs remain intact, such as subtitles and special features.

The only throttle I see on people downloading these files is size - at between 20 and 25GB a go, they represent a massive download commitment for movies already available in DVD format.

Now all is not lost for the recording studios.  AACS allows them to take a number of steps.  If this hack does require outside assistance from a software player such as PowerDVD the player's ability to play HD-DVDs could be revoked forcing users to download a patched version.  However, questions hover over whether PowerDVD has anything to do with this hack.  The studios could also change the title keys on new disc, rendering the title keys in the wild obsolete.  However, neither of these steps can remove the current AACS-free titles off the web.  I suppose the movies studios could put their army of lawyers to work clearing up the mess, but if lawyers were that effective, there wouldn't be a need for AACS in the first place.

Like it or not, the truth is that AACS is now well and truly broken, and before it has really become mainstream.  Tweaks to AACS are likely to hinder the hackers, but I can't seriously see anything stopping them.

If you want an in-depth analysis of AACS I suggest you read the excellent series of articles by Ed Felten and J. Alex Halderman over on Freedom to Tinker (1, 2, 3, 4, 5, 6).

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

42 comments
Log in or register to join the discussion
  • Wow, what a shocker

    Gosh, a DRM system was cracked. I'm stunned. Let's see, so far that makes it....hmmm....all of them. Giving DRM an impressive 0% success rate.

    Yet suckers keep on paying for it.
    tic swayback
  • It has been said many times,

    the only thing DRM does is inconvenience the honest users.
    3D0G
    • The law of intended consequences

      [i]It has been said many times, the only thing DRM does is inconvenience the honest users.[/i]

      No, the subject isn't a typo.

      "The law of intended consequences" states that if results [b]R[/b] predictably follow from action [b]A[/b] and someone performs act [b]A[/b], then theat party intended [b]R[/].

      Application to the instant case is left as an exercise for the reader.
      Yagotta B. Kidding
    • people invariably use things as not intented and its hard to prove

      intention sometimes. Even if its stated in the manual.

      Take computer CD-ROM Trays... everyone heard the cup holder joke.
      Been_Done_Before
  • One has to wonder

    why the industry persists in its attempts to prevent the copying of media.

    Indiviual people will either copy or not, and those who will eventually find a way.

    So I have to wonder whether these technologies save the industry more money than they cost to develop and implement.
    nmh
    • What I wonder...

      Is what their CFO is doing? Why isn't he comparing "lawyer fees, DRM software fees, DRM maintenance fees etc"

      I bet they probably spend more on "anti-copy" measures than if they were to leave it alone and actually profit by NOT paying for things they just don't make sense.

      Maybe their CFO and Accountants should be fired for not recognizing it.
      ju1ce
      • Bean Counters are basing their expenses on DRM..

        On the simple equation Estimated number of pirated DVD sales * price of the DVD. That is a big number and can be used to justify a great expense. They consider that if they were to come up with a PERFECT DRM SYSTEM, that those buying pirated dvds would suddenly start purchasing legal copies so profits would jump. What they dont realize is that those people wont spend the money now and the cost of DRM will be added to the price of each movie and drive the cost up and less people will buy them, so profits will fall.

        And as far as the big pirates of DVD Movies, I believe someone at the movie studio sells them the content (illegally) and they reap a personal benefit.

        I dont go to the Movie theater as much because they have driven the price so high and the content hasnt been good enough to justify the cost.
        mrlinux
      • Thier thinking

        I'd bet they are thinking in trends. If piracy continues to grow the expense the spend today will stop them from potentially losing more in the future.

        For example

        If I know today that I lose $5 a year and DRM system reduces that loss to $3 a year but the system costs $10 a year I'm technically out $13 a year. Seems stupid to do it but if I know that $5 a year will turn into $7 next year and $11 the year after and keep growing each year then implement a DRM system now will hold that loss at $3 plus the $10 I have to spend on DRM which I pass on to customers.

        It's stupid thinking as every DRM system will be hacked and while short term you might get reprive from piracy the long term means you will have to spend more on new DRM schemes to keep ahead of the pirates. Each scheme increases thier costs and is passed on the consumer in high prices which means fewer people buy and more people pirate.
        voska
        • I remember when movies first came out on VHS

          The price was about $80(early 1980s) Well there was a lot more pirating of movies then(Blank tape $5) , but when the cost came down on the movies to $20 or less then the pirating slowed down.

          The DVD makers need to lower there prices to make pirating not very profitable and then will see pirating slow down. NO DRM SCHEME will STOP PIRATING.
          mrlinux
          • I remember payign $48

            For CD back in the days an cassetter tape costed $1.99. Piracy was more rampant back then that it is today too.
            voska
          • Exactly...

            It's an obvious show that people deem the prices too high.. Even 25 bucks a movie is too much. :P
            ju1ce
          • I agree

            Just judging by my spending habits I actually buy a movie that's on sale for under $20. I find that if the movie is under $20 I more likely to buy it on impulse. If it's over $20 I'll pick up then hum and haw over the price where 98% of the time choose not to buy the movie. The lower the price the more likely I am to buy it with out thinking it over.
            voska
  • Great..

    Now I will be able to watch legally purchased HD-DVD's on my Linux boxes. Legal or not.

    I'm in the U.S. and I use decss libs to watch my legally purchased DVD's. Thanks to media company corruption of our system I am considered a "criminal" for simply exercising my right to watch legally purchased media.
    Tim Patterson
    • True

      ... This could open up HD-DVD to Linux users.
      Adrian Kingsley-Hughes
      • Doesn't that depend on the ability to get keys for new discs?

        I'm not sure how the existing keys were extracted, but to be [b]truly[/b] cracked, the Media companies would need to be unable to close the existing loophole. The nice thing about DVDs on Linux is that you can buy any DVD you like and it will work. There's no need to hunt around on the shadier parts of the Web for anything to unlock it first.
        Zogg
  • ISP limit of 20 gig download per month

    Why would I waste my time and resources to download files in the 20-25 gig range even though I have a high speed Cable Internet connection. I would exceed my monthly allotment of 20 gigs download for 1 movie, not likely. Then I would have to pay extra for exceeding my limit.
    ihfwt
    • Good point!

      That's a very good point.
      Adrian Kingsley-Hughes
    • I'm glad I don't have such an ISP

      I easily can download 40 gig per week, and all my downloads are perfectly legal!
      Michael Kelly
      • Download limits

        Usually they only apply to cheaper accounts. For me I can get cheap internet access by going with a lite account. They limit with a X GB worth of downloads and X GB of uploads. exceed them then pay more or pay more every month and get unlimited.
        voska
      • Yeah, me too ...

        and all mine are legal too!
        Adrian Kingsley-Hughes