Hackers discover HD DVD and Blu-ray "processing key" -- all HD titles now exposed
By Thomas Ricker 
posted February 13th 2007 7:46AM
posted February 13th 2007 7:46AM
Those cooky kids over at the Doom9 forums hate themselves some DRM. Not more than two months after discovering a means to extract the HD DVD and Blu-ray Disc "volume keys" to decrypt AACS DRM on individual films, we're now getting word that DRM hacker arnezami has found the "processing key" used to decrypt the DRM on all HD DVD and Blu-ray Disc films. Let's break this down for what it is: instead of needing individual keys for each and every high-definition film -- of which there are many -- the processing key can be used to unlock, decrypt, and backup every HD DVD and Blu-ray Disc film released so far. As arnezami points out, "nothing was actually hacked, cracked or even reverse engineered." All he had to do was keep an eye on his memory, watch what changed, and voila... the processing key appeared. So kick back and watch the trickle of HD titles hitting the torrents quickly turn into a flood (at ~20GB a pop, that's not an exaggeration) when the BackupHDDVD and BackupBluray utilities (or AnyDVD HD) are updated to reflect the new [Thanks, Eric L]
LOL, LMAO, LMMFAO, LAKLAOAKLLAKL. F U, darth vaders of the Gutenberg era.
I think a few people misunderstand something: only one "real pirate" with some wacky software has to go through the trouble of decrypting a movie and starting a torrent. Then the average user just has to download the files(s) to get an unlocked, no-DRM copy which is in many ways easier to play than a legit, retail copy.
All my friends (even GIRLS!) who download pirated DVDs have almost NO technical knowledge and rarely have any trouble doing this. And they still buy legit DVDs to boot.
They should never have allowed software players, because software will always be cracked. It would have been much, much harder to crack if all the processing was done in hardware (either in the drives or on video cards).
You forgot to raise all those examples to the power of the ever increasing internet.
This just further proves that DRM is pointless. As long as content can be viewed/heard it can be copied.
Zach, Itunes does not support video conversion. If you buy a program like CloneDVD Mobile ($39) you can easily rip any DVD you wish to mp4 format which is then drag and drop into itunes and your ipod.
Keep up the great work DOOM9, fair rights use shall prevail!
as for:
"instead of needing individual keys for each and every high-definition film [...]the processing key can be used to unlock, decrypt, and backup every HD DVD and Blu-ray Disc film released so far"
this is not at all true - this rumour is spreading fast and this doesn't make it more true.
a) the processing key that has been found will no longer work, as soon as any(!) device gets revoked (otherwise revocation would be useless).
b) even with all current HD-DVDs, the processing key only is useful, if you have the Volume-ID of the specific disc. And that you still have to hack each and every time, just like the Volume Unique Key before. So actually nothing has changed.
It seems that AnyDVD HD from Slysoft is going a completely different approach - that piece of software seems to unlock all HD-DVDs generically. At least that's what it says on their forum.
Kentaro yamada @ Feb 14th 2007 6:55AM:
"Companies need to revisit their approach to marketing their products. If people are not paying cash for the movies, what can entice them to?"
That's just it- people /are/ paying cash for movies. The people who /aren't/ are still a small percentage. The people who /aren't/ buying them (in favor of pirating them) can only be entice to buy them by making pirating a less feasible option.
Check my hypothetical example again and compare it to yours. You pointed out two cases where a loss is outweighed by a gain. That's exactly my point; the losses and gains don't necessarily need to be from seperate products, but may simply be the same product 'sold' to different demographics. Lose money on pirates while make money off the more numerous average consumers, which I said from the start:
ePants @ Feb 13th 2007 11:40AM:
"I would acknowledge the pirate community as a necesary and unavoidable margin of loss, yes, but my focus would be on making sure that the average consumer didn't ever consider piracy as an easy alternative to paying full price."
Kentaro yamada @ Feb 14th 2007 6:55AM:
"Napster was great in that people could instantly sample music that was recent. I was more exposed to different songs and artists, which made me buy complete albums at the end."
That's where things get complicated, becuase the two demographics can easily (and often do) overlap, but in a completely unpredictable way. Simply because you personally end up buying the album after "sampling" it doesn't mean that's the way all other pirates operate. I think it's a safe assumption that this strategy leads to many more illegal "samplings" than legitimate album purchases, regardless.
Kentaro yamada @ Feb 14th 2007 6:55AM:
"I feel it is better to observe the current conditions and direct its flow to your interests rather than superimposing your fantasy on reality forcefully."
That's /exactly/ what they're doing. They realized the growing trend to pirate media, and have taken steps to "direct it's flow to [their] interests" by making pirating more difficult than it would otherwise be.
You arguments are sound, Kentaro, but you've failed to realized that your suggestions are exactly what is already going on.
Keep it up guys. this is a war.
The closed source business model is dying slowly, and the MAFIAA aren't going to fare well when it does and they know it. People need to make stuff for the right reasons. If you have any creative ideas you want to put into film, visit blender.org. "Elephant's Dream" is the HD animation they made with no closed source software whatsoever. It is very possible. Combine this with distributed processing, and I say it won't be long until Pixar has an open competitor they didn't see coming. Exciting times.
Good day.
Everyone should have guessed that DRM would be broken since these schemes always have been. But it's still just copying movies and songs - no big deal - nothing that we can't live without.
oh there goes the millions...and millions.. of money for security. it took just one person. PWNED
I've always wanted to bore myself to death in hidef with brain-numbing Hollywood content devoid of all originality.
19GB to go...
The problem with DRM is simple: It's a pain in the butt. One of the most convincing reasons to buy your media instead of pirating it is that piracy is illegal. However, if we add a few convincing reasons _not_ to buy the media (DRM that stops you from using it the way you'd like to, takes over your computer, etc), suddenly "piracy is illegal" is the main argument against "piracy is the only way to use the media the way I'd like to"; obviously, we're going to see more piracy when this happens. If I can't copy a CD to my MP3 player and hard drive, it's useless to me. If I can't play a DVD in my computer, I don't want it. If I pirate the discs in question, I can do these things.
The ??AA argues that DRM is intended to stop piracy. Maybe that's what it's _intended_ to do, but it does a poor job. HD-DVD and Blu-Ray are perfect examples: Pirates can exploit buggy software players to copy the disc, while legitimate users can't play the movie at all because their brand new $600 monitor isn't HDCP compliant. Now what happens if you buy one of these discs only to get it home and then discover nothing you have can play it? No store will let you return a movie, because that would make it too easy to copy and return them. (Shows what store managers think of DRM...) You've just spent $25 on a movie, and you have nothing; the only way you can actually watch the movie now is to download a copy!
DRM also prevents playing of these movies on Linux - there is yet no HD-DVD or Blu-ray player for Linux, and DVD players have to be obtained and installed manually, because these players must break the DRM in order to use the disc. All you Linux users wondering why your distro didn't include DVD support and why you still can't play these new formats? DRM. Either hack around it or switch back to Windows (or buy a Mac).
And come on, how does disabling the fast forward button during advertisements stop piracy? What a load.
w00t. just think... limewireHD :D
The thing is, a seed is not a key, its just the entropy used to generate keys. So if they used the same seed for all disk keys it means that a well crafted equation could come up with a disk key in far less time than the 2^128 keys you would have to check otherwise, consider that if you followed the same process they used to make disk keys from that seed, you would come up with real keys at a rate much faster than trying every possible combination of bits.
Second, the real decryption key HAS to be in memory anyway, there is no other way of doing decryption like that. You can't encrypt memory without a TPM or hardware component holding the private key, because somewhere you then have to store the decryption key for that too. You probably couldn't use the registers in a CPU either because they're not very big, most aren't big enough to store a 128bit key in one register.
You guys should read up on palladium, MS and hte others pushed it so hard because it was supposed to stop stuf like this, with partitioned kernel memory space and processes, in effect palladium would have hidden the dvd player process and the memory space it used with no real way to get to it.
They aren't going to keep screwing with hack solutions, stuff like this just makes them want to lock your PC more, something much more drastic has to be done to stop them from going forward with more TCPA development in the future, because thats the holy grail to them, not hiding keys for a few months and changing them.
What pisses me off is the huge processing power they want you to use just to watch a movie that most cpus can easily handle otherwise, the old terminator 2 hd disc they made with WMVHD, my old p4 1.3 couldn't play it right off, but after decryption it was fine with room to spare, talk about a waste of power and energy.
If you like Linux, you will like aacsauth too ;) Everything you need: private key, public key, and source
http://rapidshare.com/files/18598966/aacsauth.tar.gz.html
This is great news for me. I'm not a pirate, but I do rip movies I've bought. Also, considering the decreased resilliance and increased cost of the new discs, everyone would be well advised to maintain a backup, hate to throw ~$40 down the toilet.
Just remember: If a human invented it, a human can hack it. We and therefore all our technology are fallible.
Lose the key? www.hddvd.com
another bright side to this, the prices will drop :D
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Wow, that didn't take long. Too bad HD discs maybe next technology.
http://www.discountbluray.com
You all are a bunch of thief's. You people suck. Now what happands to the people like me that have HD-DVD, do I have to throw It out. Or Am Im going to have to buy new stuff so I will work I don't have that kind of money. There nothing worse than a F*&^ Thief.
when a movie company says it is losing money because of piracy,it means it is losing possible money. they are saying that the person who buys a pirated copy would have bought a legal one instead and therefore they have lost that sale.this has nothing to do with the profits they are making now.the big movie companys are not going to be driven out of business because they want us to watch movies do you think they are making them for our benefit,no it is to make money.they are simply ignoring the realities of the world you can not make something that someone else can not take apart.what must really be frustrating them is with all their lawers they are useless.ask anyone who will talk and they will tell you that the inner workings of the movie industry is extremely immoral .you only have to ask about the casting couches and the women and men on them.pirating is only illegal because the big companies are not benefitting from it or are they?
Their will always be people that do not have access to internet or just wont bother to wait and download or simply do not know or are not even aware and will go out and by their favorite HD DVD or Blue Ray. So they will always make their money, maybe not ass much as expected but still very lucrative in theaters and resuming on DVD's (HD or Blue Ray.
To Whom It May Concern:
As previously pointed to, most pirates know nothing...just average users who 'googled' enough to find working decrypters...aside from my knowledge of C, I am one of them. It is not a question of mass technical excellence that will bring DRM to its knees...but a mass exploitation. Fortunately, not enough consumers bother to or even conceive of 'googling' for a way to avoid having to buy a digital media format. And that's not even considering the lazy ones who do not wish to put forth the effort to do all that is required.
To those who think this will impact the market in the slightest:
The computing realm continues to be a booming market because of the relatively short time of development and testing turn-around, high degree of interoperability, and high adoption rate. It is for these reasons that the production studios will never cease to create formats for digital information exchange in this medium. Additionally, since they are reasonably intelligent fellows who wish to earn money to live, they will try to earn some money for their efforts...so the will sell it *gasps*. But some people will steal...*gasps again*. So they will do their best to protect it. However...
If it is digital, then it is information. If it is information, then it can and must be
interpreted. If it can be interpreted, then it can be understood. If it can be understood,
then it can be remembered.
No software protection is enough in absolute terms. The true pirates who hack these encryptions typically code at a lower level than the programmers who encrypted the source. Low-level programming trumps high-level simply because high-level is built upon the infrastructure of low-level. The only way digital media protection can have any sustaining chance is if the encryption is done at a lower level than typical "pirate raids." This implies Java or C# to C++ to C to assembly to hard-coded instruction set...unifying hardware architecture. Hopefully, people will realize that this will breach market competition before it happens.
To Steve:
You must have recently taken a course or read a book in information theory haven't you? All this talk about a seed key and whatnot....someone is excited to know and share that the have intelligence in the subject. Yes, very good...however, theory is often abominated in practice and finding such functions is much harder than simply doing the math backwards or finding an anti-derivative.
To those who would rather purchase discs for a status symbol:
Please waste your money...and while I retain those ugly 'sharpied' DVDs (note that it is spelled "Sharpie" and not "Sharpee") please know that I spent quite literally 1% of the monetary value of your legitimate DVD movie collection. And with that money saved, I was able to purchase a new big screen flat panel LCD tv @ 1080p.
To Kevin Ciaccio:
Well you are an idiot. If you don't burn DVDs then how did you stumble here? I think you're just jealous that you spent hordes of money on the same things we spent zilch on.
- Ginkgo Biloba