Awesome sountrack that is.. YaY Fair Use!

cute

How the hell do you get the crypto is it something leak by an internal source is someone cracking these? Kind of shady until that is reveled

I swear engadget... If you go around posting these stories we will never be able to have a long lived crack. Save the underground, stop posting these stories!

wouldn't it be funny if HDDVDs were for some reason more easily pirate-able than Blu-Ray - which led to a more widespread adoption of HDDVD?

of course the MPAA would never admit it if that were the case.

hopefully within weeks high def discs will be as easily copyable as DVDs, and yet again the DRM can be proven to be a pain in the ass for legit consumers while doing nothing to stop piracy. wee!

Assuming that this is legit, major props to muslix64 for figuring this out, and giving the rest of us a route around that draconian DRM.

Wonder if this has been tried out on a blu-ray then again i dont have a blu-ray drive for my pc just my ps3.

This is rather pointless, isnt it?
As I recall, the studios can just change the encryption, or the key or something, so the cracking gets rendered useless.
(they did this after deCSS

didnt jon state that these kind of systems is really only made to limit hardware players from certain actions?

SIK!!!!

Blu-Ray also uses AACS, however, it has BD+ Copy protection and watermarking as well! So they will need to do a lot more to crack blu-ray completely (which is why 90% of hollywood supports blu-ray). This is horrible news for HD-DVD, especially with CES so close. The show was already going to be 99% blu-ray, now add the humility of everyone bashing HD-DVD for being cracked first.

Now, where will these pretty files end up showing up for "private" use? haha, Viva La Blu-Ray!

Makes me wonder if this guy is part of the Blu-ray contingent. Interesting coincidence when you consider that CES is a couple weeks away.

even with modern connections and bittorrenting, 35GB is A LOT to be pirating, especially when HDDVDs actually only cost $20, so you can just keep on Viva-ing Hi Def in general, Mr. What The.

Does this work with a 360 HDDVD drive? I'd love to be able to backup my HDDVDs since some of them are hard to find (Enter The Dragon, anyone?)

and sorry for the double-post, but the crypto keys are probably just gotten by a few hours or days of brute-force attacks on the keyed part of the disc; the same will happen with Blu-Ray. rest assured - if there is protection, it will be cracked - we want to protect our property.

Very nice... What The, Why would you champion bluray over hddvd now?

Think of what DVD has become since CSS was broken. We can now transcode DVD's to divx to store on a media center PC networked with any devices in the house in any format, we can put DVD's on our ipods/PMP's / PDAs and can make backup copies.

Since the actual Title encryption key was ripped from memory this isn't about revoking a player's key I think. Even a revoked player should be able to decode the volume/title keys. All it takes is one player software and some unprotected memory (Thanks Windows XP, it may be a LOT harder in Vista)

Now with all those different keys for all those movies, you'd think someone, somewhere would figure out the master key once enough of the movie keys are collected? Should be an interesting battle, as the studios will obviously keep changing the key, but still need to keep original movies with the original key compatible. It was only a matter of time before this happened anyways.

PS3 games have apparently been "cracked" ( according to CN at least - http://www.console-news.org/v3.php?id=131 ), but they haven't been able to play the backups back AFAIK... matter of time, everything is just a matter of time (and work... also china helps).

- Tony R.

The DRM is not broken by this. He implemented the decryption algorithm which, as far as I know, is publically available and not a secret. You still can't access the content without knowing the key. The key is (supposed to be) hidden in the hardware (or software). And if a key is compromised it can be revoked (future titles won't play on the device where you got the key from).

So, you can decrypt the DVD if you know the key. This was *always* the case. Everyone knows this. (Everyone with a clue anyway).
In short, this is nothing.

CSS (for DVDs) was different in two ways: 1. The device key couldn't be easily revoked 2. The encryption was weak so that the key could be generated automatically. That's how/why CSS was broken.

AACS suffers from neither of these weaknesses and AACS has not been broken.

I love it! These big corporations are spending BIG $$ for all this DRM. Then some guy cracks it.
How long has this been the trend now?
There's nothing they can do about it.
Sure they can change the encryption, but with HD-DVD players already out there is only so much the encryption can be changed. They couldn't come up with a brand new scheme. Can't screw over all the early adopters.

Is anyone suprised?

Also to those singing praises to Blu-Ray for still being intact...it will happen and when it does the net result will be the same.

...Well... How do HDDVD players get the key? It always struck me as odd that it was so damn hard to decrypt a DVD when it played perfectly well on PowerDVD, WinDVD and all the other DVD playing software. Can't we just hook whatever they use for decryption/key-obtaining and be done with it?

What's funny is that since this does look like it works, sales of the 360 HD-DVD and either HD-DVD rentals or buys will increase and money will be made.

They'll drag their feet a little on countering this.

Now, once the movie is ripped, does it still require all the HDCP compliant hardware for the high-def goodness?

HD DVD never required HDCP goodness, just for a DVI/HDMI connection. It works in full resolution over VGA but there is a unused flag in the spec to require digital for full resolution (analog would be down then upsampled)

The biggest part is that most people's home computers now use DVI for a nice LCD flat panel. You can't play HD DVD over it because 99% chance both your monitor and your video card don't support HDCP.

If you can decode HD DVD's that you buy to play on your home computer without buying hundreds of dollars of new hardware I can see those x360 drives flying off shelves for people without a 360.

If true...expect HD-DVD to take a big sales lead very soon! :)

there are no keys in the stock cfg file "engadget" read the FAQ nest time , you have to get the keys on your own.

So BluRay is going to stand tall right along with the ability to run Linux on the PS3? Yeah, I think not. I see a PS3 Linux distro in about a year to a year and a half that will boot the system, run in memory and then let you insert a movie and rip it to the hard drive, only to be shared across your LAN and eventually put onto the file sharing network of your choice.

Quite frankly, I feel it's a bunch of BS that I should have to pay full price for the HD version of movies I already have. Hell, a $5 trade in cert for each movie would go a long way toward me buying the HD version of the ones I already own and even then, they better be less than $20 retail at the time of the $5 gratuity on behalf of the movies industries and publishers.

"We then ran a binary compare against the two. You'd think an unencrypted movie file would have more than just a few hex offsets changed by the unencryption process..."

Um, that's because you used COMP to compare the files. Read your screenshot: "10 mismatches - ending compare"

This is now up on Bittorrent and it comes with keys for six titles.

Good catch mike, comp does abort after 10 differences. :)

try the free xvi32 hex editor's compare feature

Although the keys can be revoked, I wonder how realistic it would be - the moment big media revokes a key and people have hardware/software they've bought that can't play their content due to suddenly being crippled because of a hack from a 3rd party, BIG lawsuits will start and HD-DVD will get a huge black-eye.

This means bonus points for Blu-Ray (studios will like it because of the extra content protection), and consumers will be ready to lynch HD-DVD companies for destroying their hardware (lots and lots of BAD PR).

I've bought-into neither format yet, so I'm going to sit back and enjoy the fireworks...

This opens the door for programs that automate the DRM stripping and then compress it into a respectable size.

Even a terabyte drive can only hold 50 20GB movies.
That is horrible.

Vongo has DVD resolution movies at about 1GB for 2hr films.
Compress the HD movies to 2.5 GB and I'm there.

There is a long way to go before this is relevant.

I applaud muslix64's resourcefulness... When there is a will there is a way! Keep it up!
Even with a method to crack the DRM on HD-DVD, I think pirating HD video is going to be very difficult for the majority of the world...
I wouldn't dream of Torrent-ing a 35Gb file down my DSL 1.5 mbit connection... I attempted to Torrent 16gb worth of old Lost in Space Episodes and I gave up after a week... My Internet connection would be completely clogged up for a full month to download a file of that size. It would cost the same amount (DSL cost) and a month to pirate a HD video. I would rather spend $25 and just buy the video so I could watch it now... Not in a month...
Logistically, pirating HD video is going to be a challenge...

Who cares about bandwidth or time needed to download? Do people really do that with DVDs?

I always thought the main application of ripping was that you could stroll into Blockbuster / Netflix, rent a crapload of movies, rip and burn them, and they're then yours for an amount MUCH lower than buying it? Sure, you COULD download, but how many people are really doing that?

Let's have a drink to history repeating itself! :)

Try playing the decrypted files in VLC! VLC has pretty much any codec you can think of.

-JimXugle

I hate to burst anyone's bubble but nothing has been cracked. This program is simply stripping the DRM from a AACS title by using the decryption key. Any movie player has to use said key to decrypt a movie to play it.

"Vongo has DVD resolution movies at about 1GB for 2hr films.
Compress the HD movies to 2.5 GB and I'm there."

are you stupid? the video resolution alone is 5x higher in HD, not to mention that Vongo's videos are not 5.1 and a big selling point of HDDVDs is the extra content (case in point - Fast and Furious: Tokyo Drift, Enter The Dragon)

Lyme - the point is that this guy has found a way to get the keys (whether program, brute force, or internal sources) so yes, it is 'cracked' and the application released is a way to apply the crack.

Sorry Matt B., but you're wrong. AACS is not cracked, if he was able to pull the keys, the vulnerability lies in the player software, and all they have to do is revoke the key and oops, no more decoding for you.

AACS is public knowledge, so it's true that AACS is not cracked. The movies that the keys are available for are "cracked". That is the important part anyway... :) Since more keys can be easily gotten, the battle is really won. The logistics of what is cracked or not doesn't matter!

The sick part is, that it only takes one VERY EAGER black market individual to now dupe the content and make copies available out there, while we the consumer, who aren't necessarily as eager have to go through hell to just burn a back up copy for the car, or capture a scene for some educational purposes, or any fair use.

Copy protection doesn't work on the eager criminals, and only succeeds on disheartening the paying customers.

Evan Evans

"Sorry Matt B., but you're wrong. AACS is not cracked, if he was able to pull the keys, the vulnerability lies in the player software, and all they have to do is revoke the key and oops, no more decoding for you."

how do you know it lies in the software? does the key never pass through RAM in any form? is it never passed through a SATA or IDE bus? could the firmware of the drive be modified to show keys? did he just brute force with a certain algorithm to make it faster?
also, revoking won't do anything if
A) there's no 'net connection (easily done)
B) you have the copy with the unrevoked key (so the first run copies will always have a crackable key)
C) the key is truly found through RAM, a bus, or an attack of some sort.

it will be hacked - and if this isn't "the" hack, rest assured it will come soon.

Even if the encryption were complete, HD piracy won't catch on because nobody needs it. Why download a 20 GB file to watch it on a computer screen that can't support those kinds of resolutions? Most of us who don't have the money for $2k plasma screens don't have any use for HD at all. The most I can see this used for is an initial rip that is then compressed at a lower quality before P2P release.

I don't really se the problem in torrenting 35 GB...look at some of the better torrentsites, people are easily torrenting over a TB each month, and with more and more 100/100 mbit connections coming, not only in sweden it's not really that much. Theoreticall it will only take about 1 hour over my connection to seed it to someone (while it in reality only uploads in about 50 mbit but anyway)....Now i really have high hopes for my HTPC since alot of the hd digital broadcaster in sweden are fucking up alot of the things about hd experiences....

Anyone whos saying AACS is not cracked is seriously out of his mind. We will be seeing PLAYABLE movies from the HD-DVD Discs and they will be pirated ALL OVER THE WORLD. 150+ Discs, in fact. So, if you can download a HD-DVD movie, play it on your PC for free, then ITS CRACKED. Anyone saying otherwise is a fool. The end result speaks for itself.

I don't get these people talking about 'pirating' a 35GB movie will be hard.

No Sh!t.. You're either going to pay the electric & broadband companies or the Video Rental Store.

Netflix
Blockbuster
Insert Your local Video Store that carries Hi-Def Movies here

Dude, COMP stops after the first ten mismatches. Notice that you're getting consecutive numbers before the program automatically quits.

From the Documentation:
"After 10 unequal comparisons, comp stops comparing the files and displays the following message:

10 Mismatches - ending compare"

If he's ripped it to hard drive and can play it back from the HDD without having the HD DVD present, then it is cracked.

I wish that things like HD films could easily be backed up to hard drive, I hate having a huge collection of disks and having to get up and get it, I'd much rather stream them around the house like I do with my WMV collection.

AACS wasn't create for protect IP but for controlling the market. Revoking a models means a lot of sue and refunds, even in US can allow in some degreed this kind of acts, there are many countries that cannot allow such actions. Not only limiting the players' builder also putting a "timebomb" for each disk.. someday THEY will decided to "every players sold in 2006-2007 now are obsolete and they will be unable to play any new disk, so we ask for buy another player".


And even if they crack some key... they can crack the rest of the keys.

Of course SPDC is way more evil that AACS.

There is no way they are going to revoke player keys. Imagine what would happen if they revoked the player key for the new $999 Toshiba HD-XA2 HD-DVD player, because the key got splattered all over Internet. All your existing HD-DVDs will still play, but ones manufactured recently will not. So basically Netflix's HD-DVD inventory will at some point will be 50/50 playable/unplayable on your $999 player. That's absolutely crazy, and there's no way that's going to happen.

What assurance is Toshiba giving that their key will NEVER be revoked, causing the device to become worthless.

I don't know where this 35GB figure comes from since HD-DVD can only hold 15GB per layer. Keep in mind that that does not include parity data or FS information, same reason you can only get 4.3GB on a 4.7GB DVD. It will likely be less if the original is MPEG2 and it is converted into H.264 or VC-1. Personally 15GB isn't much of a stretch as I already commonly d/l full single or dual layer DVDs that hold up to 8GB of data.

He probably got the keys from software as that is the easiest place to get them. This is something that is imposable to prevent until the software only runs on a trusted computing platform. Brute force will not work on 128Kb keys without a lot of supercomputer time. This might be accomplished with a distributed computing network, but even then I could only see it pushing out a handful of keys per year at best. AKAIK they can only disable entire key blocks from working with new discs, not individual keys so whatever software he used to get the key is going to get put on the banned list for new titles and. This is because even if they upgrade the software hide the key, if he can get enough secret vectors then a simple program (already written) can give him or anyone the ability to decode any new movie that comes out. By publishing keys like this he has (or eventually will) give away what manufacture he got the keys from.

I hate to tell you this, but if your $999 player's manufacture has it's key set compromised then it is not going to be playing any of the new stuff. If AACS LA does not black list them, then new discs will be able to be decoded, not acceptable. Companies that make hardware can get around the problem of discovered keys by making the key module replaceable so they will be able to just do a chip swap if their keys get black listed. Getting a key from a physical player will probably be damn hard, involving something along the lines of an electron microscope, those secretive sets of chemicals used to remove the epoxy off chips, and maybe then hooking right up to the memory portion of the chip with the unencrypted key in it.

I'm not even sure that is possible. The far more likely method for movies to make it out will be Chinese gangs getting their hands on enough keys for a conspiracy attack then keeping them to themselves and only releasing the movies, not the keys.

@aleph

I see many problems with that, but main one is that most people don't connect their players to the net, and 99% of the population has no clue about how to do a firmware update (and there's a real risk of breaking your gadget when upgrading firmware).

If that's the road the content providers take, and given that all HD titles/players are going to have their keys published in a matter of minutes after launch(meaning, most, if not all HDDVD players are going to get their keys revoked at some point of their lives), I can see legit consumers becoming very upset very soon with this technology.

You can only f*ck consumers so much until they simply decide they have better things to spend their money on.

Hi Guys, There is this mirror with the software:
http://www.backuphddvd.net/

BackupHDDVD, es una herramienta para desencriptar peliculas AACS protegidas. MUSLIX64 logro hacerlo, BackupHDDVD es un software para desencriptar sus peliculas AACS protegidas, de esta forma puede reproducirlas luego usando cualquier reproductor de HDDVD. Esta es la primera version, asi que no es muy estable. Este software no provee las claves criptograficas, asi que usted tiene que agregar las claves.

BackupHDDVD, a tool to decrypt AACS protected movies. MUSLIX64 have done it, BackupHDDVD is a software to decrypt a AACS protected movies that you have, so you can play them back later using any HDDVD player program. This is the first version, is not very stable yet. This software does not provide any cryptographic keys, so you have to add the keys.

Hi Guys, There is this mirror with the software:
http://www.backuphddvd.net/

BackupHDDVD, es una herramienta para desencriptar peliculas AACS protegidas. MUSLIX64 logro hacerlo, BackupHDDVD es un software para desencriptar sus peliculas AACS protegidas, de esta forma puede reproducirlas luego usando cualquier reproductor de HDDVD. Esta es la primera version, asi que no es muy estable. Este software no provee las claves criptograficas, asi que usted tiene que agregar las claves.

BackupHDDVD, a tool to decrypt AACS protected movies. MUSLIX64 have done it, BackupHDDVD is a software to decrypt a AACS protected movies that you have, so you can play them back later using any HDDVD player program. This is the first version, is not very stable yet. This software does not provide any cryptographic keys, so you have to add the keys.

wow this is probably one of the best discussions that I've ever read on engadget and I learned a shit load of stuff that I didn't know before. Thanks all : )

If they reject my players key so I can't watch any new movies I'm gonna freakin sue their ass!

Vista? that is the biggest and ugliest P-O-S M$ has released to date, office 2007 is a close second ... I am pretty sure it WON'T be any harder.

Yeah the MPAA needs to take a hard look at themselves .. Hollywood got its start as criminal studios trying to move out of reach of the law. So they could avoid paying licensing fees to companies who owned the tech they where using. Those companies were base in NY. Now they are engaged in price fixing and other unsavory behaviors.

As if that wasn't enough, they expect everyone to not only behave like good little boys and girls, but also to buy their less than quality (utter crap) movies more than once!!

Go and buy the movie!!!!! Or go to the theater!

Hi Guys, There is this mirror for BackupHDDVD, they have the GUI version and the video updated
http://www.backuphddvd.net/

This is very sad indeed; when people say i own this movie or that movie when it is actualy stolen. how do you think thay will be able to make a big budget movie like the 500mill spider man or P.O.C3 when only a few people buy it and the rest steal it over the internet. All of which is possible now and will enevitably become easier in the future. In regards to hddvd; i'd be pissed if i were blu ray cos we will see the market stear back to hddvd and i do say back! blu ray is superior (you need only look at the fact that hddvd's drm is fulty. looks like VHS won ma!). The biggest selling point to the general market is that it's drm is flawed. Im just a bad as everyone else. i mean if you can fit without working out why bother?
but you must wonder if it was a great marketing plan see hddvd dosent give a shit if people steal the content of the disc as long as the drm held up long enough for them to get some serious backers thay could then compeat with blu ray and then win over the general marketby screwing over there backers. hence big $ for Hddvd and bluray turns into beta. ~Adam~