AACS 0wn3d? An Update*

In late 1999, hackers discovered an unprotected CSS key in the object code of the Xing DVD player. Shortly thereafter, a flood of CSS-circumventing DVD ripping programs emerged. Before I continue, I'll elaborate on key portions of the prior two sentences:

• "Back in late 1999": This was roughly four years after the DVD standard was approved, and approximately three years after the first DVD players went on sale.
• "Circumventing": The CSS algorithm wasn't cracked. Due to human coding error, an encryption key was left exposed, and the whole house of cards promptly came tumbling down.

Now fast-forward to the present. This past Thursday evening (eight months after Toshiba began selling its HD-A1 HD DVD player), I alerted you to the first reports of a possible crack of the AACS encryption algorithm at the core of HD DVD (and, for that matter, Blu-ray). Since then, I've uncovered a few more nuggets that I think you'll find interesting. And things may get even more interesting if the hacker known as Muslix64 follows through with the promise made at the Doom9 forum thread which linked to the decryption routine:

I already have a version that works with volume key instead of title keys. Even more powerfull! Version 1.0, with volume key support should be out on january 2

Question 1: Did Muslix64 crack AACS? Actually, it appears he/she didn't; instead the hacker circumvented it, relying on the same sort of human error that crippled CSS over seven years ago. The FAQ that accompanied BackupHDDVD mentioned CyberLink's PowerDVD, and the YouTube video Muslix64 made (which is, I must say, quite entertaining) also shows the program running. CyberLink hasn't responded to my requests for comment, but several anonymous and well-placed sources indicate that the program is the source of the leak. Apparently, Muslix64 figured out how to find the unencrypted title keys in system RAM.

Question 2: Is Blu-ray immune? Yes, at least for the moment. But probably not for long. Muslix64 indicates that he/she doesn't own a Blu-ray drive; an Xbox HD DVD drive like the one I wrote about earlier this month was used to read discs on the PC (coincidentally on Christmas Eve, prior to hearing about the hack, I obtained my own copy of Cyberlink PowerDVD Ultra). However, although my original post on this topic suggested that Blu-ray's beyond-AACS BD+ might protect it, several other anonymous and well-placed sources indicate that BD+ is not yet finalized and therefore not yet implemented; existing Blu-ray titles are protected only by AACS. PowerDVD also supports Blu-ray. So if someone else can figure out how Muslix64 found the title keys (or, alternatively, if Muslix64 gets his or her hands on a Blu-ray drive) it's not a stretch to imagine Blu-ray discs also being compromised. On that note, I owe the HD DVD Promoters group an apology; I probably should have instead titled my original post "AACS Encryption Cracked?".

Question 3: Is this circumvention recoverable by HD DVD's backers? Unclear. Revocability is at the core of AACS and similar modern DRM schemes, and AACS's cryptographic validation procedure incorporates a handshaking protocol between keys embedded in the media and those within the client (PC-based software, dedicated player, etc). The client key for PowerDVD could be added to the 'revoked' list for future HD DVD media, preventing playback until users upgraded to a newer, fixed version of the program. But I'm pretty sure that all already-pressed media is vulnerable. Also, please note that Muslix64 promises a 'volume key' version of BackupHDDVD in a few days. I believe that he/she means 'volume identifier', which is well described in this AACS document (PDF). The distinction between volume and title keys is small (they both span only a single disc) but may be significant.

Frankly, at the end of the day, whether or not AACS has been crippled means absolutely nothing to organized pirates. They have plenty of other avenues at their disposal to obtain high-quality A/V sources, including leaks from movie studio insiders and high-def video cameras in theaters. However, just as the original P2P version of Napster put the hurt on the music industry, the defeat of AACS will encourage computer-savvy individuals to obtain their movie fixes from copyright-infringing Internet sources. Yes, a high-def film is a massive download payload. See one of the many reasons why I'm closely following the fiber rollout, not to mention the plummeting prices and burgeoning capacities of HDDs? Ars Technica's recent observations (picked up by Slashdot) on piracy's increasing popularity at the expense of legal video acquisition are quite timely in this regard.

I'll close with a personal plug. In researching this piece, I reacquainted myself with a feature article I wrote back in early 2000 on digital rights management. It's quite comprehensive, if I do say so myself, and still scarily relevant. Give it a read and then tell me, and the other denizens of Brian's Brain, what you think.

And now I'll lighten up; check out Gizmodo's top 5 hacker videos. Enjoy!

*0wn3d

Digg This | Slashdot This