HD-DVD copy protection cracked

Author: Brett Thomas
Published: 28th December 2006
Comments (22) Stumble
HD-DVD copy protection cracked

"On the first day of Christmas, my true love gave to me - a copy of an HD-DVD."

Awww, someone thought of a Christmas present just for me! Well, not really, but I like to take pride in the world's efforts to remind the MPAA and RIAA exactly how stupid copy protection truly is and why it doesn't work. Apparently, we can add a new protection scheme to that "utterly broken" list - someone has cracked the AACS encryption algorithms on HD-DVDs.

For those of you who haven't bothered to care about the latest anti-consumer measures, AACS stands for "Advanced Access Content System." The system is designed around two keys - a title key and a player key. The discs are designed with several player keys on them in a hash with the title keys, providing an encryption algorithm. If a player has the right player key and the disc has the right title key, the movie will play.

Of course, the untold beauty of this (as far as the movie companies are concerned) is that companies who don't pay up their technology licenses year after year can have their players excluded from future titles - thus shafting the consumer.

The new technology, called BackupHDDVD, was posted on the Doom9 forums by a cracker named muslix64. The small, unobtrusive program is a command-line program written in Java, and strips the AACS right off of the *.EVO files. It does so by use of a title key which you feed into it (composed from a serial number physically programmed into the disc among other things) - the program comes bundled with a few for the most popular movies, and more will be added later.

Like DeCSS, BackupHDDVD works by trying to exploit weak player keys. When it finds a match, it can take the title key you provide and decrypt the movie, thus allowing you to make a copy of it that will play in any HD DVD player. Though there aren't exactly HD DVD burners out right now, it would work for any type of MCE box.

The boys over at Engadget are giving the tool a go and posting their results, so we'll try to keep you updated with it. So far, it appears the encryption itself doesn't actually alter that many bytes in each file...curious. In the meantime, if you want to check out the YouTube! video, we've included it below.

Have you got a thought on the fall of AACS? Tell us in our forums.

Merry Christmas, MPAA!
Quote Manitowic999 28th December 2006, 15:25
The Engadget link is bad. Awesome by the way!

-- Fixed, thanks! - Da Dego
Quote dragontail 28th December 2006, 15:27
I was first :p http://forums.bit-tech.net/showthread.php?t=126529
So much for unhackable then.
Quote MiT 28th December 2006, 15:30
"I dont think so"

LOL

These days everything can be cracked.
Quote oasked 28th December 2006, 15:50
Quote from Engadget user comment:
Quote:
Bah @ Dec 27th 2006 8:13PM

The DRM is not broken by this. He implemented the decryption algorithm which, as far as I know, is publically available and not a secret. You still can't access the content without knowing the key. The key is (supposed to be) hidden in the hardware (or software). And if a key is compromised it can be revoked (future titles won't play on the device where you got the key from).

So, you can decrypt the DVD if you know the key. This was *always* the case. Everyone knows this. (Everyone with a clue anyway).
In short, this is nothing.

CSS (for DVDs) was different in two ways: 1. The device key couldn't be easily revoked 2. The encryption was weak so that the key could be generated automatically. That's how/why CSS was broken.

AACS suffers from neither of these weaknesses and AACS has not been broken.
Quote Almightyrastus 28th December 2006, 16:37
Quote:
Originally Posted by MiT
"I dont think so"

LOL

These days everything can be cracked.


Yeah only a matter of time with these things
Quote Tyinsar 28th December 2006, 18:05
Until the DRM is totally busted (or abandoned) Hollywood can count me out as a customer. They want their "rights" to come before ours (not that we have any according to them) - I want my "rights" and without that they can't have my money.
Quote Sparrowhawk 28th December 2006, 18:22
Quote:
Originally Posted by oasked
Quote from Engadget user comment:

But see, knowing how the system works, that is the first step. Now that there is attention towards how it works, we can expect many more budding minds to come and take a stab at the problem. It won't be long.
Quote Da Dego 28th December 2006, 18:53
Quote:
Originally Posted by oasked
Quote from Engadget user comment:
As far as I understand it, that's incredibly flawed thinking.

So what, we're faulting him because he still needs the input code to begin with? Every decrypted version requires an original encrypted version in order to start the process - you can't copy something where there's no original.

And if the MPAA disables certain players, the companies will be in an uproar - because it's not their faults, nor is it the consumers' who bought those players.

He implemented the decryption algorithm. Why is that a big deal? Because it means that simply by feeding the program one input string, which he has found the way to obtain directly from the discs themselves, he can decrypt them into files that are subsequently saved as unencrypted, and thus no longer deal with AACS at all.

Sounds pretty f'ing broken to me. :)
Quote Buzzons 28th December 2006, 19:34
Dego -- totally agree, and no doubt there will be an app released by him/others soon that can rip the needed keys etc from your HDDVDs and input them into a database online so others can use them... will be nice :)
Quote DXR_13KE 28th December 2006, 21:33
nice gift.... lets see if the MPAA will do anything......
Quote Breach 28th December 2006, 22:41
Yeah, that didn't take long did it...

I dont get it, your a peice of immoral sh*t if you download a movie for free, and when you actually buy the content they want to screw you over anyway by barley letting you even watch the movie or play a CD.

You're treated like a criminal whichever way you go, either you are a pirate, or you *might* pirate it seems. So screw em.

I think it is funny that they never seem to notice that every DRM scheme they can come up with is busted flat in a matter of days.
Quote Aankhen 28th December 2006, 22:58
As said earlier... it was only a matter of time. =)
Quote Bindibadgi 28th December 2006, 23:14
Quote:
Originally Posted by Da Dego
As far as I understand it, that's incredibly flawed thinking.

So what, we're faulting him because he still needs the input code to begin with? Every decrypted version requires an original encrypted version in order to start the process - you can't copy something where there's no original.

And if the MPAA disables certain players, the companies will be in an uproar - because it's not their faults, nor is it the consumers' who bought those players.

He implemented the decryption algorithm. Why is that a big deal? Because it means that simply by feeding the program one input string, which he has found the way to obtain directly from the discs themselves, he can decrypt them into files that are subsequently saved as unencrypted, and thus no longer deal with AACS at all.

Sounds pretty f'ing broken to me. :)

It's half cracked. You can get the files onto you harddisk but until they strip the DRM completely so as you can backup the files to a HDDVD (when the burners arrive) or DVD (?! Dual layer is still 8.5GB) and bung it in some Chinese player that'll play Region 0 stuff, it's not really cracked-per say.
Quote DXR_13KE 29th December 2006, 01:12
Quote:
Originally Posted by Bindibadgi
It's half cracked. You can get the files onto you harddisk but until they strip the DRM completely so as you can backup the files to a HDDVD (when the burners arrive) or DVD (?! Dual layer is still 8.5GB) and bung it in some Chinese player that'll play Region 0 stuff, it's not really cracked-per say.

at least they got it into the harddisk with a very small software...... the next logical step is to get rid of the DRM, if there is still some DRM left, or to convert it into a smaller or more usefull file type.
Quote speedfreek 29th December 2006, 04:05
If given time any copy protection will be cracked, now I wonder what this will do to the hd vs bluray fight. One is suddenly less secure.
Quote Firehed 29th December 2006, 04:39
Quote:
Originally Posted by Tyinsar
Until the DRM is totally busted (or abandoned) Hollywood can count me out as a customer. They want their "rights" to come before ours (not that we have any according to them) - I want my "rights" and without that they can't have my money.
Same. I want to be able to just pop in a movie and not give a crap about my screen supporting proper copy protection or all that BS. Or, rather, just load up my avi of the film, which is how I deal with my DVDs currently. Until then, their loss.

speedfreek - I think this is a general AACS "crack" which would apply to both formats, the "cracker" in question simply did it to an HD-DVD movie.
Quote Cthippo 29th December 2006, 04:59
I wish it had been BR first, Sony needs another spanking ;)
Quote Tulatin 29th December 2006, 05:16
Why AACS was not cracked? Hello Mr. Tool, i bet you sounded off like this over ArcoDeCSS too. And that got owned. Give it time.
Quote crayfish 29th December 2006, 10:17
Shouldn't the file playing be bigger than 4.02GB? :|
Quote Iago 29th December 2006, 11:08
Quote:
Originally Posted by Bindibadgi
It's half cracked. You can get the files onto you hard disk but until they strip the DRM completely so as you can backup the files to a HDDVD (when the burners arrive) or DVD (?! Dual layer is still 8.5GB) and bung it in some Chinese player that will play Region 0 stuff, it's not really cracked-per say.

I'd say that's the easy part... you already have the content, decrypted in physical media (albeit a HDD). The rest is just a matter of stripping the flag used to degrade content on non-HDCP items and dumping the content to blank media.

If you think about it, probably most HD players (whether BD or HDDVD) will play unflagged and decrypted HD content just fine, just like most of DVD players play home made DVDs perfectly fine.

What I find interesting about this story is that (if I got it right), they guy got the keys by reading the RAM. Either Vista is way more closed in this regard (and still, there will always be perfectly valid reasons and applications for reading your system's RAM), or AACS is, cracked or not, pretty much useless. The key has to be stored somewhere to decrypt the content, be it RAM, an IDE/SATA bus or somewhere...so in the end, it will just be a matter of catching and reading it. If I'm right, I predict that 100% of titles and or player keys will be available on the net minutes after (or even before) the release.
Quote MrBurritoMan 29th December 2006, 18:59
Quote:
Originally Posted by crayfish
Shouldn't the file playing be bigger than 4.02GB? :|

i would hate to say this but it looks like he was checking the size while the file was still building. watch it again....

all i have to say is...HOORAY!! i love people who create these programs because i digitize all my stuff and use the files to take my media on the road with me or share it from my servers in my house. i think the RIAA can...well you think of just about anything and its applicable.

on the off hand this video is completely made up (i don't think it is and am praying its not) then this guy is going to have some people pooping bricks at the RIAA. :p

cheers to you kind sir for your hard work who ever you are ;)
Quote crayfish 29th December 2006, 19:00
Quote:
Originally Posted by MrBurritoMan
i would hate to say this but it looks like he was checking the size while the file was still building. watch it again....

all i have to say is...HOORAY!! i love people who create these programs because i digitize all my stuff and use the files to take my media on the road with me or share it from my servers in my house. i think the RIAA can...well you think of just about anything and its applicable.

on the off hand this video is completely made up (i don't think it is and am praying its not) then this guy is going to have some people pooping bricks at the RIAA. :p

cheers to you kind sir for your hard work who ever you are ;)
You mean he's only ripped a portion of the film?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.







Mobile Phones

LG Arena ReviewHTC Magic Review

Compare over 250 mobile phones &
52,000 deals!



Broadband

Mobile Broadband

Compare over 100 broadband & mobile broadband deals online!