AACS DRM cracked by BackupHDDVD tool?
By Ryan Block 
posted December 27th 2006 6:25PM
posted December 27th 2006 6:25PM
Can it be? Is Hollywood's new DRM posterchild AACS (Advanced Access Content System, see more here) actually quite breakable? According to a post on our favoritest of forums (Doom9) by DRM hacker du jour muslix64, his new BackupHDDVD tool decrypts and dismantles AACS on a Windows PC. Just feed the small utility a crypto key (it comes bundled with keys for a few popular HD DVD titles, with the promise of more on the way), and it'll dump the video right off the disc onto your hard drive, supposedly playable in any HD DVD compatible player. If true, this would instantly become the DeCSS of high def optical (where you at, Jon?), as AACS is the copy protection scheme used not only by HD DVD, but by Blu-ray as well. Code and source posted in read link, let us know what you find!
Note: We're working on testing this ourselves, we'll report back with our findings asap.
[Thanks, Max and Adam]
Update: Well, it definitely does something. Click on for some pics and our experiences using the app.
So we have our Xbox 360 HD DVD plugged into our system with the Toshiba HD DVD / UFS 2.5 file system drivers going on, and are able to read the directory contents (drive G:).
We pulled the TRAILER.EVO file down and named it encrypted_TRAILER.EVO. We then ran BackupHDDVD on the disc (Full Metal Jacket).
We quit after we hit TRAILER.EVO, since that's what we wanted to compare against.
We then ran a binary compare against the two. You'd think an unencrypted movie file would have more than just a few hex offsets changed by the unencryption process, but we haven't yet been able to test playing back the files, namely because WinDVD and PowerDVD both totally blow as demos. More shortly.
Note: We're working on testing this ourselves, we'll report back with our findings asap.
[Thanks, Max and Adam]
Update: Well, it definitely does something. Click on for some pics and our experiences using the app.
So we have our Xbox 360 HD DVD plugged into our system with the Toshiba HD DVD / UFS 2.5 file system drivers going on, and are able to read the directory contents (drive G:).
We pulled the TRAILER.EVO file down and named it encrypted_TRAILER.EVO. We then ran BackupHDDVD on the disc (Full Metal Jacket).
I really appreciate your help.
http://www.laptopbatteryclub.com/
Ralph Lauren (Ralph Lauren) Brand Identity: 1. Polo logo: This is Lauren (Ralph Lauren) the most famous symbol, selected from the Ralph Lauren Polo brand aristocratic LOGO, you can associate the origins of clothing he designed. 2.POLO shirt: by Lauren (Ralph Lauren) created by polo shirts, long and short in front of Yibai is playing polo for the charge when the forward movement and design. 3. Cotton long-sleeved shirt: This is almost polo ralph lauren Safe for men and women of classic style to go with a formal suit, narrow skirt, very American style. 4. American flag logo: cowboy wear the best expression of American spirit, so polo ralph lauren outlet online to represent the United States flag. ¡ô POLO (Ralph Lauren) Outlet Website: http://www.ralphlaurenonsale.com/
Awesome sountrack that is.. YaY Fair Use!
@ DudeinAmerica
The soundtrack is the song from Matrix Reloaded. The scene where Neo fights the lil asian dude in the teahouse. From memory I think the song is actually called Teahouse but no idea who did it.
:)
IBM Laptop Batteries http://www.ukbatterystore.co.uk/ibm-laptop-batteries-c-8.html
Lenovo Laptop Batteries http://www.ukbatterystore.co.uk/lenovo-laptop-batteries-c-9.html
Sony Laptop Batteries http://www.ukbatterystore.co.uk/sony-laptop-batteries-c-10.html
cute
How the hell do you get the crypto is it something leak by an internal source is someone cracking these? Kind of shady until that is reveled
Not Cracked like DVD's, he's just decrypting it!
AACS is encryption, Its done with a well known scheme that the author's code simply follows. The issue is that the disc decryption keys for each disc must be know. These keys are themselves encrypted on the HD-DVD and must be decrypted by the playing application before use. Each HD DVD Playing applications have their own keys to decrypt the disc encryption keys off of the disc. The issue is that someone has found a way to steal the decrypted disc encryption keys out of some player which is probably not terrably good at hiding them once it decrypts them. I believe AACS even has multiple player keys so they can disable whatever app is out there that is easy to steal keys from.
http://en.wikipedia.org/wiki/AACS
"The specifications for the product have been publicly released (as of April 2005)."
That's good,I never looked a post like it,thanks for shareing this
http://www.batteries-shop.net
I like this post,thanks for share
http://www.topbatteries.co.uk
I swear engadget... If you go around posting these stories we will never be able to have a long lived crack. Save the underground, stop posting these stories!
by the time engadget hears about ANYTHING, it's far too late to "save the underground"
http://www.mmbatteries.com/
laptop batteries
http://www.cmbatteries.com/
laptop batteries
http://www.embatteries.com/
laptop batteries
wouldn't it be funny if HDDVDs were for some reason more easily pirate-able than Blu-Ray - which led to a more widespread adoption of HDDVD?
of course the MPAA would never admit it if that were the case.
hopefully within weeks high def discs will be as easily copyable as DVDs, and yet again the DRM can be proven to be a pain in the ass for legit consumers while doing nothing to stop piracy. wee!
Assuming that this is legit, major props to muslix64 for figuring this out, and giving the rest of us a route around that draconian DRM.
Wonder if this has been tried out on a blu-ray then again i dont have a blu-ray drive for my pc just my ps3.
Linux on PS3 - Then run DD or similar and you have yourself an ISO of a Blueray movie.
Dunno how to play it, but I guess you can youtube that too ;)
This is rather pointless, isnt it?
As I recall, the studios can just change the encryption, or the key or something, so the cracking gets rendered useless.
(they did this after deCSS
didnt jon state that these kind of systems is really only made to limit hardware players from certain actions?
SIK!!!!
Blu-Ray also uses AACS, however, it has BD+ Copy protection and watermarking as well! So they will need to do a lot more to crack blu-ray completely (which is why 90% of hollywood supports blu-ray). This is horrible news for HD-DVD, especially with CES so close. The show was already going to be 99% blu-ray, now add the humility of everyone bashing HD-DVD for being cracked first.
Now, where will these pretty files end up showing up for "private" use? haha, Viva La Blu-Ray!
Wow, I've never heard someone cheer on a "superior" DRM before!
wow, can we say fanboy? and where do you get your statics from anyways? 90% of studios support blu-ray? Last time I looked, the title count was pretty much split, with a lot of the big movies going on both formats.
Makes me wonder if this guy is part of the Blu-ray contingent. Interesting coincidence when you consider that CES is a couple weeks away.
even with modern connections and bittorrenting, 35GB is A LOT to be pirating, especially when HDDVDs actually only cost $20, so you can just keep on Viva-ing Hi Def in general, Mr. What The.
Does this work with a 360 HDDVD drive? I'd love to be able to backup my HDDVDs since some of them are hard to find (Enter The Dragon, anyone?)
and sorry for the double-post, but the crypto keys are probably just gotten by a few hours or days of brute-force attacks on the keyed part of the disc; the same will happen with Blu-Ray. rest assured - if there is protection, it will be cracked - we want to protect our property.
No, sorry, there is no way you can "brute-force" the keys used in AACS in a few hours.
There are using 128 bits AES all over the place, and so far nobody is able to "brute-force" this in a few hours. Maybe the NSA can do it in a few weeks.
From a crypto stand point, AACS is sound. The specs are publically available, so you can go read them, and I'm sure a lot of cryptographer went to read them and as far as i know, nobody could find a fundamental issue that would break AACS apart.
The issues with AACS are all the key infrastructure: how to keep the device key secret, how to revoke keys etc...
Yeah the song is called Teahouse and it's by Juno Reactor and Gocoo.
When is the man ever gonna learn that no matter what sort of copyright protection scemes he dreams up, the people will find a way to circumvent them?
Very nice... What The, Why would you champion bluray over hddvd now?
Think of what DVD has become since CSS was broken. We can now transcode DVD's to divx to store on a media center PC networked with any devices in the house in any format, we can put DVD's on our ipods/PMP's / PDAs and can make backup copies.
Since the actual Title encryption key was ripped from memory this isn't about revoking a player's key I think. Even a revoked player should be able to decode the volume/title keys. All it takes is one player software and some unprotected memory (Thanks Windows XP, it may be a LOT harder in Vista)
"Think of what DVD has become since CSS was broken. We can now transcode DVD's to divx to store on a media center PC networked with any devices in the house in any format, we can put DVD's on our ipods/PMP's / PDAs and can make backup copies."
You left out, "And we can pirate to our heart's content."
There are legit "fair use" reasons for cracking DRM, but let's not pretend that 99% of the use for cracking DRM is pirating.
Now with all those different keys for all those movies, you'd think someone, somewhere would figure out the master key once enough of the movie keys are collected? Should be an interesting battle, as the studios will obviously keep changing the key, but still need to keep original movies with the original key compatible. It was only a matter of time before this happened anyways.
PS3 games have apparently been "cracked" ( according to CN at least - http://www.console-news.org/v3.php?id=131 ), but they haven't been able to play the backups back AFAIK... matter of time, everything is just a matter of time (and work... also china helps).
- Tony R.
So true- China is the country where modchips are still legal and people can do what they want with their stuff. People are buying PSPs because they want to do everything on one device and it allows them to do homebrew ($50 is NOT a sane price to charge for a PORTABLE game- and they wonder why people keep pirating their games). Believe me- it's a little sacrifice in size for a lot more peace of mind once you realize that you still have your MP3 player, your video player, and your portable game console in one place. For example, when I bring my MP3 player with me it's so small that I keep worrying that I've lost it since I can't feel it in my pocket (and no, I am not buying an iPod- I've had the same problem with a borrowed nano and shuffle and the the size that the regular iPod is I expect it to do a lot more than it does now) so I have a cellphone that does it all- other people have PSPs and some have DSes. Of course, it also has its downsides too- Sony pointed to abysmal Chinese PS2 sales and said that it wouldn't officially release the PS3 on the mainland (gee, maybe because the region lock meant that they had to import PS2s to play the good games). Thus, prices in China are above what people in the US pay (up to the point of $1000 for a 60GB model, but more often $700-800 --for comparison I'd pay $350 for the Wii here in China so I asked someone to get it while they're on a business trip to Japan).
The DRM is not broken by this. He implemented the decryption algorithm which, as far as I know, is publically available and not a secret. You still can't access the content without knowing the key. The key is (supposed to be) hidden in the hardware (or software). And if a key is compromised it can be revoked (future titles won't play on the device where you got the key from).
So, you can decrypt the DVD if you know the key. This was *always* the case. Everyone knows this. (Everyone with a clue anyway).
In short, this is nothing.
CSS (for DVDs) was different in two ways: 1. The device key couldn't be easily revoked 2. The encryption was weak so that the key could be generated automatically. That's how/why CSS was broken.
AACS suffers from neither of these weaknesses and AACS has not been broken.
How wrong you are. No one says this is the be all-end all. This is a proper beginning. This is WAY more than nothing...get your head out of the sand and smell the roses. They knew this was coming. With DRM, the consumer purchases absolutely nothing. It turns us all into "renters" thoough they have charged us "owner" prices...and they have the audacity to want to be free to rape us over and over again forever, with absolutely no oversight or anyone to say "enough already boys--you're not playing fair(use)". Since Congress is too busy sucking up to content owners, HOORAY for the internet and those brave enough to look out for the interest of the consumer!
@Bah
A case of sour grapes? (You work for the MPAA – don’t cha’) They said the same thing about CSS + DVD’s, and look what happened there. LIVE with it.
I love it! These big corporations are spending BIG $$ for all this DRM. Then some guy cracks it.
How long has this been the trend now?
There's nothing they can do about it.
Sure they can change the encryption, but with HD-DVD players already out there is only so much the encryption can be changed. They couldn't come up with a brand new scheme. Can't screw over all the early adopters.
Is anyone suprised?
Also to those singing praises to Blu-Ray for still being intact...it will happen and when it does the net result will be the same.
Blu-Ray uses AACS and BD+, but none of the titles have actually implemented the BD+ which is a java based system. No one has tried it but this should currently work on Blu-ray as well.
...Well... How do HDDVD players get the key? It always struck me as odd that it was so damn hard to decrypt a DVD when it played perfectly well on PowerDVD, WinDVD and all the other DVD playing software. Can't we just hook whatever they use for decryption/key-obtaining and be done with it?
HD-DVD players get the Device Key by buying them from AACS-LA. They are hiddent in the hardware or the software.
Each player has a different Device Key.
Keys can be revoked, meaning that they wont be able to decrypt new titles produced after revokation. This means that as soon as a key is published, it will be revoked.
Software players normally have Device Keys that expire and are renewed after a set time. This is presumably done because they cant hide thing in software as well as they do in hardware.
So software players and hackers are going to play cat and mouse for a while, the software company trying to hide the key better every time, and the hackers trying to find them out.
It is certainly going to be possible for a determined hacker to get the decrypted compressed video stream, but its not going to be as easy as CSS.
IE: dont expect standalone AACS ripper anytime soon. More likely you will see "Add-ons" for PC software players, and it will be difficult to make them work very reliably. Think of the PC software as a mine field, rather than a safe...
What's funny is that since this does look like it works, sales of the 360 HD-DVD and either HD-DVD rentals or buys will increase and money will be made.
They'll drag their feet a little on countering this.
Now, once the movie is ripped, does it still require all the HDCP compliant hardware for the high-def goodness?
it doesn't after transcoding.
HD DVD never required HDCP goodness, just for a DVI/HDMI connection. It works in full resolution over VGA but there is a unused flag in the spec to require digital for full resolution (analog would be down then upsampled)
The biggest part is that most people's home computers now use DVI for a nice LCD flat panel. You can't play HD DVD over it because 99% chance both your monitor and your video card don't support HDCP.
If you can decode HD DVD's that you buy to play on your home computer without buying hundreds of dollars of new hardware I can see those x360 drives flying off shelves for people without a 360.
If true...expect HD-DVD to take a big sales lead very soon! :)
there are no keys in the stock cfg file "engadget" read the FAQ nest time , you have to get the keys on your own.
So BluRay is going to stand tall right along with the ability to run Linux on the PS3? Yeah, I think not. I see a PS3 Linux distro in about a year to a year and a half that will boot the system, run in memory and then let you insert a movie and rip it to the hard drive, only to be shared across your LAN and eventually put onto the file sharing network of your choice.
Quite frankly, I feel it's a bunch of BS that I should have to pay full price for the HD version of movies I already have. Hell, a $5 trade in cert for each movie would go a long way toward me buying the HD version of the ones I already own and even then, they better be less than $20 retail at the time of the $5 gratuity on behalf of the movies industries and publishers.
"We then ran a binary compare against the two. You'd think an unencrypted movie file would have more than just a few hex offsets changed by the unencryption process..."
Um, that's because you used COMP to compare the files. Read your screenshot: "10 mismatches - ending compare"
This is now up on Bittorrent and it comes with keys for six titles.
Good catch mike, comp does abort after 10 differences. :)
try the free xvi32 hex editor's compare feature