AACS may be broken, but not BluRay

Author: Brett Thomas
Published: 5th January 2007
Comments (28) Stumble
AACS may be broken, but not BluRay

"Not so fast..." - AACS may be beaten, but BluRay discs have another trick up their jewel cases.

By this point, you may understandably be sick of hearing about HD content and the DRM that is applied to it. We all knew it would be cracked, and so when muslix64 dropped our Christmas present on YouTube!, it was more of a sigh of relief than surprise. However, though the content on HD-DVDs may soon be streaming to a P2P site near you, don't expect BluRay to.

I received an email today from a PR firm representing CRI, who had read our recent coverage of the muslix64 hack that I thought you guys might wish to know. CRI, also known as Cryptography Research Inc., is responsible for a seperate protection layer called BD+. The BD+ system is in addition to the standard AACS, and functions in a completely different manner.

This particular encryption is only available on BluRay titles, but does not use the same "player key/title key" that AACS does. According to the company, it's more of a failsafe for piracy attacks, allowing studios to deactivate pirated copies without revoking player keys at all. So, for BluRay at least, one of the greatest threats to consumers (entire players being deactivated to prevent piracy) may not be such a threat after all.

I'll leave you with one salient quote from the email, but you can be rest assured that I'll be getting a hold of these chaps to find out more about the BD+ system.

"BD+ is a ground-breaking security technology which is designed to enable HD optical formats to recover from major piracy attacks without revoking players or affecting legitimate users. It is a safe-guard that is only available for studios releasing titles in the Blu-ray disc format. BD+ does not exist for the HD DVD format, and was not compromised in the Muslix64 hack.

"A report released by Independent Security Evaluators affirmed that CRI's Self-Protecting Digital Content, the principal architecture behind BD+, significantly enhances the anti-piracy measures in AACS by providing critical format security needs not addressed by AACS alone."

Could the security differences be enough to sway more studios towards BluRay? Would you guys be interested in learning more about BD+ and the other forms of DRM on HD? Let us know in our forums.
Quote DougEdey 5th January 2007, 14:31
Why is that cool? We don't want copy protected and stuff!
Quote BioSniper 5th January 2007, 14:35
I agree with Doug.
Everything can and will be cracked/hacked in time. The fact is thought that most users like to "get something for nothing". I know that's what lead to the uptake of PS1's and PS2's with a circle of my friends.
I'm personally still sided with HD-DVD on this "format war" because the players are far cheaper and its not made by Sony. And lets face it, as has been said many a time, the consumer votes with his/her wallet.
Quote willowthewhite 5th January 2007, 14:37
well that's the format war over
Quote Tim S 5th January 2007, 14:39
Quote:
Originally Posted by willowthewhite
well that's the format war over
I dunno, I think LG will end the format war if its new dual-format player is reasonably affordable. :)
Quote DougEdey 5th January 2007, 14:41
Well a Bluray Burner with integrated HD-DVD Reader is slated for $1200
Quote rupbert 5th January 2007, 14:46
With digital downloads likely to be huge in this and coming years, is a physical film format even worth discussing?
Quote mclean007 5th January 2007, 14:49
Fact is, all BD discs still need to be playable in all BD players without individual online authentication - I don't think the average consumer would take too kindly to a system which only allowed him to play his legally purchased HD content when it was connected to the internet, and it would completely screw the potential market for mobile players. As such, ALL the information needed to play any given BD must by definition be incorporated into either every piece of BD hardware or in the discs themselves. As such, since all the necessary information is available, all encryption on the Blu-Ray system, including BD+, will be broken in time.
Quote Phil Rhodes 5th January 2007, 14:51
Hi,

So hang on a sec. I can buy a player, someone else can use a similar player to create a crack, and the studio then stops -my- player working in order to prevent the crack being used on future titles?

Marvelous.

Phil
Quote overdosedelusion 5th January 2007, 14:52
Quote:
Originally Posted by rupbert
With digital downloads likely to be huge in this and coming years, is a physical film format even worth discussing?

For people without a connection yes, also for people with a slow connection. And I dunno about you, but I don't wanna download loads of movies and lose them all to a hard disk failure or something and not having backed those hundreds of GB's up :(

I would personally buy a hard copy over digital downloads.
Quote [USRF]Obiwan 5th January 2007, 14:53
Quote:

one of the greatest threats to consumers (entire players being deactivated to prevent piracy) may not be such a threat after all.
l


Sees doom scenarios of angry people throwing their players thru the windows of the manufacturers..

oooeeeeehh i only wish it would happen like this
Quote rupbert 5th January 2007, 15:14
Quote:
Originally Posted by overdosedelusion
For people without a connection yes, also for people with a slow connection. And I dunno about you, but I don't wanna download loads of movies and lose them all to a hard disk failure or something and not having backed those hundreds of GB's up :(

I would personally buy a hard copy over digital downloads.

There are roughly 60 million people living in the UK, and as of June 2006 over 11 million were using broadband, quite a jump from the 3 million in January 2003. Based on these growth figures, it's not unreasonable to assume this number could be over 30 million by 2010.

The UK broadband penetration rate overtook the US and Japan in Q1 2006, to become the second highest in the G7.

So yes while there is quite a few people with either no connection or have narrowband, it seems that there is at least a growing hunger for fast internet connections...

The method of storage and backup is an issue, however has this stopped people using iTunes for music and films?
Quote DXR_13KE 5th January 2007, 16:53
it will be hacked soon enough... its like this guy defied the hackers to hack BR.
Quote bubsterboo 5th January 2007, 17:14
I don't think anyone here will question the possibility of BluRay movies being hacked.

If you do, speak up because when it happens i want to laugh at you :).
Edit: Spelling
Quote EQC 5th January 2007, 18:30
Quote:
Originally Posted by from the article
allowing studios to deactivate pirated copies without revoking player keys at all.

I think that means that if a single BluRay disk gets mass-pirated, and studio's find out about it, that disk (and it's copies) will have a unique BD+ key. At that point, any new Blu-Ray player that comes out, as well as any Blu-Ray player connected to the internet, may be upgraded to not play back that particular BD+ keyed disk. Other, legit (or less mass-pirated) versions of the same movie will still work...and all players will still work on other movies.

Basically, it sounds like it's going to work much like Windows XP did with the FCKW-___ keyed copy of XP that got so mass pirated... Microsoft found out about it and made it so that XP key could not get security updates and service packs.

So, long story short, if you've got a back-yard operation that just involves sharing movies between a few friends, you won't have a problem. If you download "ripped" versions of the movie that are re-encoded and not intended to work on a Blu-Ray player (just plain HD video), you won't have a problem. If you dl Blu-Ray ISO's from popular Torrent sites that the movie studio's can easily track down, and keep your Blu-Ray player connected to the internet (or buy a new Blu-Ray player), you may have trouble playing some of your bootlegs.
Quote Cthippo 5th January 2007, 19:11
Which is all well and good, but how are they going to update the "blacklist" on the players? Unless they connect to the net or each new BR disk has an updated blacklist included on it which forces itself to update the firmware in your player (PSP updates anyone?) how are they going to do it?

THis is also dangerous territiry for player manufacturers since if people's pirated disks quit working they are going to be pissed at the player manufacturer and not the studio that sent out the "kill code" for that disk. The player manufacturer looses future sales and goodwill and the studio isn't hurt at all. Player manufacturers don't benefit at all from these anti-piracy measures and get blamed for the results, so why should they get too involved in making them work?
Quote EQC 5th January 2007, 20:18
Good point about that, Cthippo.

I agree the blacklist would be difficult to implement...I was only thinking about net connections...but if they provide updates on new BR movie disks, that would be horrible for the reasons you pointed out (and might actually just push people into higher-tech piracy....my idea: isn't it going to be possible to author my own BR disks with home movies, as I can with DVD's now? How difficult could it possibly be to rip a BluRay movie to a standard video file, then burn it like a home movie in a way that a BR player could still understand? Since they can't possibly force me to stick DRM on my home movies, how could they stop that?)

To answer your question about player manufacturers being forced to implement the blacklist...I think they'd be "stuck" because they have to be licensed (by the BluRay group or whatever) to be allowed to produce the player. Maybe they won't be able to get the license if they don't implement the blacklist.

End result: Studios produce tons of movies on BluRay (instead of HD-DVD) because its harder to pirate. Hardware manufacturers find it annoying to make BluRay players (what with the consumer complaints about disks not working), and produce tons of HD-DVD players instead. The consumer is left with very few "legitimate" choices for actually watching movies since the common players don't play the common movies. Consumers stick to DVD, movie studios assume "piracy" is causing their lost HD sales...pay off congress to pass more DRM-promoting laws...process spirals out of control as usual.
Quote Woodstock 5th January 2007, 20:25
sounds more like a challenge to me
Quote Constructacon 5th January 2007, 20:31
When it comes to it, who would ever buy a media player that needs to be online? As far as the general public is concerned, that will never wash.

"But my ****** player doesn't need an internet connection - why should this?"
(Insert: VCR, DVD player, CD player, Hi-fi, TV set top box, ghetto-blaster, any other media device)

For the majority of users this would be a major PITA. For those that didn't have internet, they'd have to get it. Forget dial-up there - paying for a phone call every time you wanted to watch a movie Then for those that do have broadband - not everyone has a LAN at home. This would mean additional hardware costs (and the headache for some techno-cluesless) just to be able to use your fancy new player. I see a stampeed away from manufacturerers that will require this connection.
Quote Aankhen 6th January 2007, 03:11
AACS was cracked… give BD+ some time and it will share that fate. :) As has been said so many times on so many forums, DRM's biggest weakness is its basic design. The consumer has to have the key in order to access the file. The only barrier to access is the key. Ergo, in order to crack the encryption, all one needs to do is grab that key.
Quote David_Fitzy 6th January 2007, 03:32
The whole premise of DRM is flawed. You receive a disc with encryped content but they also have to have a public key to watch it. Here's the lock and here's the key. Better DRMs just hide the keys better.

The next is a war of numbers and technical skills:
I'll guess that BD+ was built by 100+ Software Engineers. They generally work off the back of previous DRM systems making minor improvements and then claiming everything is impossible to break. They're motivated by their pay cheque and break times. (stereotypical cubicle work)

There are at a guess 100,000+ Serious and skilled Hackers on the planet, They love code and breath 1s & 0s with the added motivation of competition, being the first hacker team to crack the latest DRM (especially if the company has bragged about its unbreakability). They very quickly (within a day sometimes) have a copy of the content in lovely DRM free format.

BD+ may be all new/revolutionary but all it takes is time after all it's still only 1s and 0s

DRM will never ever ever be secure.
EDIT:
Quote:
Originally Posted by Aankhen
AACS was cracked… give BD+ some time and it will share that fate. As has been said so many times on so many forums, DRM's biggest weakness is its basic design. The consumer has to have the key in order to access the file. The only barrier to access is the key. Ergo, in order to crack the encryption, all one needs to do is grab that key.
I shouldnt've taken so long typing this post we've made the same point
Quote Havok154 6th January 2007, 08:47
Instead of boasting about this, they should be weary about promoting their DRM. The more people hear about DRM being on something, the less they want it and with the current situation with HD-DVD beating Blu-Ray, it isn't a good idea to give more people a reason to prefer your competition.
Quote Aankhen 6th January 2007, 23:27
Quote:
Originally Posted by David_Fitzy
EDIT:
I shouldnt've taken so long typing this post we've made the same point
No sweat. We've both merely repeated a point that's already been brought up a billion times in every DRM-related discussion. ;)
Quote David_Fitzy 7th January 2007, 20:22
Quote:
Originally Posted by Article
allowing studios to deactivate pirated copies
So does this mean each disc has it's own unique key? or are they keyed in batches? so if you've been a good boy/girl and bought your bluray movie could it be deactivated because someone else with the same keyed disc has copied it?

How will they tell which disc a DRM free video file has come from? will they use steganography unique to each disc/batch? Which will of course increase production cost.

Final question once a hacker has taken a bluray disc and made a drm free movie file (including additional content) and re-burnt it onto bluray-r (or just stored on his multi-terabyte fileserver) why will he care if his original disc is deactivated?

We've already seen trouble where artists want to distribute their own work for free drm free on iTunes etc. I doubt after that the record companys will be able to enforce all bluray discs to be drm encrypted. I bet they'd like to though, just think being able to make money from licencing the DRM on people's home videos etc.
Quote rupbert 7th January 2007, 20:30
Quote:
Originally Posted by David_Fitzy
So does this mean each disc has it's own unique key? or are they keyed in batches? so if you've been a good boy/girl and bought your bluray movie could it be deactivated because someone else with the same keyed disc has copied it?

The key is per title, not for each individual disc.

So yeah from how I understand it, your player could be deactivated even if you have a legitimate copy.
Quote friskies 7th January 2007, 23:30
Will this hi-tech, online-checking, keydatabase-updating DRM be implemented into the firmware of normal pc use blu-ray roms? I don`t think so...
Quote rupbert 7th January 2007, 23:45
Quote:
Originally Posted by friskies
Will this hi-tech, online-checking, keydatabase-updating DRM be implemented into the firmware of normal pc use blu-ray roms?

Technically it's possible, but if they do it will be nowhere near as impressively secure as the standalone device.

As much as I dislike the implementation of DRM, I can't help but be impressed with Blu-Ray. It actually creates it's own cryptographic keys on the fly, between the drive and the non-volatile memory on the board. This is why with the 1st generation players it takes over a minute for the disc to actually begin playing...

At the basic level of protection they will use HDCP for internal pc drives, however HDCP is easily the weakest link in the DRM chain.
Quote mclean007 8th January 2007, 09:04
Quote:
Originally Posted by rupbert
At the basic level of protection they will use HDCP for internal pc drives, however HDCP is easily the weakest link in the DRM chain.
It may be the weakest, but it is also the least desirable to crack - HDCP is applied to protect the decompressed video stream, so if you crack it to capture the raw video stream, you then need to recompress it to bring it down to a realistic filesize, incurring generation loss. As soon as the systems protecting the content in its compressed form are broken, thereby enabling perfect digital copies, there will be no reason to bother breaking HDCP, except to view HD content on older displays which are not HDCP compliant.
Quote rupbert 8th January 2007, 10:40
Quote:
Originally Posted by mclean007
It may be the weakest, but it is also the least desirable to crack - HDCP is applied to protect the decompressed video stream, so if you crack it to capture the raw video stream, you then need to recompress it to bring it down to a realistic filesize, incurring generation loss. As soon as the systems protecting the content in its compressed form are broken, thereby enabling perfect digital copies, there will be no reason to bother breaking HDCP, except to view HD content on older displays which are not HDCP compliant.

Good point.

As you say it will be a pain to crack HDCP both in the time it takes and the fairly large filesize created, but purely from a security point of view Intel are bottom of the hierarchy.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.