HD-DVD copy protection in tatters

Late last year I posted information about a new HD-DVD decryption utility that was released which was capable of decrypting a AACS (Advanced Access Content System) protected HD-DVD discs as long as title keys were available.  Many were skeptical.  Some pointed to the technical problems of extracting title keys.  Some thought that the MPAA would crack down hard on this.  Now, less than a month on and several fully-featured HD-DVD movies are available for download and title keys are available for about a third of all HD-DVDs currently for sale. It's time to declare the system in tatters.

[poll id=68]

It's time to declare the system in tattersBack towards the end of December last year an anonymous programmer going under the name of "muslix64" released a program called BackupHDDVD which could decrypt AACS-protected HD-DVD discs.  The catch - you needed the title keys for the discs in order to do this.  This is the tough part because software players capable of reading HD-DVD discs go to great lengths to protect this information.  However, it seems that they don't go far enough.  It seems that "muslix64" was able to retrieve the title keys of discs using CyberLink's PowerDVD 6.5 HD-DVD.  Now Cyberlink are trying to distance themselves from this issue and have stated that PowerDVD is secure and hasn't played a part in this hack. 

Either way, a third of all currently available HD-DVD titles have had their title keys compromised and HD-DVD movies are appearing on torrents daily in .evo format ready for playback at full 1080p resolution using software players such as PowerDVD.  Some of the movies currently available include Serenity, Pitch Black, The Chronicles of Riddick, and Batman Begins.  All the extras on these discs remain intact, such as subtitles and special features.

The only throttle I see on people downloading these files is size - at between 20 and 25GB a go, they represent a massive download commitment for movies already available in DVD format.

Now all is not lost for the recording studios.  AACS allows them to take a number of steps.  If this hack does require outside assistance from a software player such as PowerDVD the player's ability to play HD-DVDs could be revoked forcing users to download a patched version.  However, questions hover over whether PowerDVD has anything to do with this hack.  The studios could also change the title keys on new disc, rendering the title keys in the wild obsolete.  However, neither of these steps can remove the current AACS-free titles off the web.  I suppose the movies studios could put their army of lawyers to work clearing up the mess, but if lawyers were that effective, there wouldn't be a need for AACS in the first place.

Like it or not, the truth is that AACS is now well and truly broken, and before it has really become mainstream.  Tweaks to AACS are likely to hinder the hackers, but I can't seriously see anything stopping them.

If you want an in-depth analysis of AACS I suggest you read the excellent series of articles by Ed Felten and J. Alex Halderman over on Freedom to Tinker (1, 2, 3, 4, 5, 6).