Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« Wal-Mart Stays Open During Bomb Scare | Main | Rudyard Kipling As a Security Author »

December 29, 2006

AACS Cracked?

This is a big deal. AACS (Advanced Access Content System), the copy protection is used in both Blu Ray and HD DVD, might have been cracked -- but it's still a rumor.

If it's true, what will be interesting is the system's in-the-field recovery system. Will it work?

Hypothetical fallout could be something like this: if PowerDVD is the source of the keys, an AACS initiative will be launched to revoke the player's keys to render it inoperable and in need of an update. There is some confusion regarding this process, however. It is not the case that you can protect a cracked player by hiding it offline (the idea being that the player will never "update" with new code that way). Instead, the player's existing keys will be revoked at the disc level, meaning that new pressings of discs won't play on the cracked player. In this way, hiding a player from updates will not result in having a cracked player that will work throughout the years. It could mean that all bets are off for discs that are currently playable on the cracked player, however (provided it is not updated). Again, this is all hypothetical at this time.

Copy protection is inherently futile. The best it can be is a neverending arms race, which is why Big Media is increasingly relying on legal and social barriers.

EDITED TO ADD (12/30): An update.

EDITED TO ADD (1/3): More info from the author of the tool.

EDITED TO ADD (1/12): Excellent multi-part analysis here.

EDITED TO ADD (1/16): Part five of the above series of essays. And keys for different movies are starting to appear.

Posted on December 29, 2006 at 6:02 AM25 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

C GomezDecember 29, 2006 7:32 AM

Let's hope it's cracked. I've never needed to back up a DVD or even a CD (although it is much more convenient to play the CD on today's smaller audio devices), but it's good to have the option.

gregDecember 29, 2006 8:12 AM

Its cracked in the sense that CSS was cracked. But if the yrevoke the keys, as planed, then new disks won't play unlike CSS.

The problem is that you can still get a class break, by collecting keys from different players and brands. Depending on how the keys where spread it could be as few as 5-10 different brands of players to get a full class break. Now heres the real problem. The CSS crack collected keys and sent then to a DB. So you only need to find a way to see the player/disk key in memory then distribute the crack and in come the keys. In fact they were warned of this weakness before AAC become a standard.

This is why Vista and trusted computing is a big deal. Without control of the hardware, there is no security under this threat model. ie the indended recipient of the encrypted data/key is the untrusted party. No need for Eve. Its all Bob.

hi2005December 29, 2006 8:20 AM

It's a never-end war. Similar story to Xbox...

Carlo GrazianiDecember 29, 2006 8:43 AM

I have two questions:

(1) Does AACS somehow prevent bit-for-bit copies of disks from playing? Or is it merely intended to prevent the copying of files from disks?

(2) Doesn't revoking keys mean that owners of players will suddenly find themselves unable to play new disks, without going to some inconvenience to update their players? If so, how is this a sensible business model?

ScarybugDecember 29, 2006 9:04 AM

This is another reason why I'm not getting a HD DVD or Blu-Ray Player anytime ever. Hell. I just started getting DVDs, why would I give up the ability to make backups (of a notoriously damagable disc) for Hi-Def that won't show up on my TV, and doesn't really impress me?

Nicholas WeaverDecember 29, 2006 9:04 AM

The natural response then is to extract the keys from a player that would not be revokable for political reasons...

EG, the one from the XBox 360 HD-DVD and/or the PS3's Blu-Ray.

Josh ODecember 29, 2006 9:08 AM

@Carlo

Assuming it's like Regular DVD's, then the key is written in a special area that Burners cannot write to, so you can't make a bit for bit copy, because you will be missing the key. Only pressing facilities can create a disc with a key.

Josh ODecember 29, 2006 9:11 AM

I wonder if they ever would really revoke a key. They could have done this on DVD's as well, but they never did. I guess because of the reasons mentioned by Nicholas Weaver. Also, wasn't the first CSS key also obtained from a software player. There really is no way to prevent a person from stepping through the code to figure out the key, is there. Maybe with TPM.

gregDecember 29, 2006 9:15 AM

@Carlo Graziani

Short answers... The long answers are too long

1. No

2. Yes

gregDecember 29, 2006 9:18 AM

@Josh O

Sorry missed that answer... Yea that worked real well with DVD's. (same thing IIRC)

Similar methods are often employled in other media too. But the folks selling the burners and media don't seem to go that far to prevent it from happneing......

private_jokerDecember 29, 2006 9:55 AM

I like the way the movie ends:
"Stay tuned for source code in January"
"Merry Christmas!"

Grin-MouseDecember 29, 2006 12:05 PM

@otherman

There is source-code available today, yes, but only for a limited version of the attack: you must yourself supply (i.e. find) the decryption key for each disk you are trying to decrypt, and I haven't (as of yesterday) heard of anyone other than the author who had found even one (and the author has not revealed how he found the one he used). What is supposed to be delivered in January is a new version that will use "volume keys" instead of "title keys" and consequently will be more scalable.

Gopi FlahertyDecember 29, 2006 12:18 PM

@Carlo:
(2) Doesn't revoking keys mean that owners of players will suddenly find themselves unable to play new disks, without going to some inconvenience to update their players? If so, how is this a sensible business model?

Whose business model is it?

How many people who buy HD-DVD or BluRay players know about this? Very few, I'm guessing, and until that changes, this won't impact purchases.

The movie studios are the driving force behind this. If you want to build a player, you don't have any choice but to implement this scheme. Who pays for the costs of updating, customer service, bricked players, etc? The manufacturer of the player, of course.

The people imposing the system don't pay the costs; the people with the market choice to accept or reject it don't even know about it.

On the subject of consumer information, I've noticed that DVDs have started including an icon and the URL http://www.copyprotected.com

While I doubt many people will go there and read the details, it's good that they're at least putting this on the box.

BlackAdderDecember 29, 2006 12:19 PM

http://msmvps.com/blogs/chrisl/archive/2006/12/...

I'm leaning towards this guys comment. It's a side channel attack on the player not the encryption algorithm.

Big media using social barriers is funny to me. The whole reason muslix69 claims to have started this process is because he was locked out of using his HD equipment because his video card wasn't marked compliant. They've lobbied to have an artificial legal barrier (DMCA) put up in contradiction to social norms. This encourages hacking and enables piracy.

In the end, we will either be so hobbled we cannot use multi-purpose computers anymore without a special license or big media will fall and be replaced with a smaller more maneuverable entity.

Alice McGregorDecember 29, 2006 1:06 PM

Seeing as how the key was likely pulled from an unprotected memory location while the player was doing its thing, it should be trivially easy to update the player and use its key again. Or, if future versions of players encrypt the location in memory which stores the key, well, it has to pass through the CPU's registers un-encoded to be used for anything, and can be sniffed from there.

AACS seems to me to be very similar to CSS, with slight modifications (they learned something!) to give greater control over access than CSS's class-based keys. The difference in attack, here, is also notable. CSS simply brute-forces the key from the DVD due to trivially weak encryption, while this supposed AACS decryption uses stolen keys.

I fully agree with muslix69 -- if I purchase expensive hardware, I expect it to be able to do anything I put my efforts into, including playing video I have purchased. I use Linux much of the time, and as such, there are very few "legitimate" players out there. The Vista Content Protection scheme (with it's Big Brother-like "manufacturers are encouraged to contribute to the Party by going farther than the word of this law") and such poorly-thought-out systems as CSS and AACS, are a joke. A sad, sad joke, that we all have to live with now.

CSS is broken so often, so quickly and easily, that I do not even notice it is happening. I pop in a DVD, run 'mplayer dvd://1' and it does everything for me. -This- is how I expect technology to work, and I am a criminal for it.

The reason none of these technologies have revoked keys yet? The same reason mentioned in the Cost Analysis of Windows Vista Content Protection -- consumer backlash.

Timm MurrayDecember 29, 2006 1:34 PM

Does anyone have any hard data on how many device keys are out there?

A brute-force attack against a single 128-bit device key is obviously infeasible given current computing resources. However, there are thousands of device keys, and you only need to find one of them. Brute-forcing any one device key might be feasible with a distributed network.

gregDecember 29, 2006 1:54 PM

@Timm Murray

Not enought to use a BF attack. And AACS was designed to easily recover from one key comprimise. It however does not work so well when a few keys are comprimised. The catch is that a play must have *lots* of valid keys to play content, so a few (ie say 2-5) comprimised players will work as a class break.

ie Encryption is not the weak link here. Even in CSS it was unusall to need to resort to BF the keys.

We are also ignoring other factors to. Like the analog hole. And watermarking

Grin-MouseDecember 29, 2006 3:19 PM

@Alice

Yes, "it should be trivially easy". However, for the moment, nobody has, and I'm just enough of a curmudgeon to want to see the verification explicitly. I suspect the lack of verification to date is partly due to the "holiday-of-choice" break, and partly due to Muslix64's promising a new, better version on Jan 2. Mais après ça, le déluge.

kaukomieliDecember 29, 2006 11:27 PM

hm, one question on this:

would it be possible to patch a softwareplayer so it does not accept key-revocation?
that way at least one would be able to play all movies released up to that date.

not that it would concern me, i do not even own a tv and never bought a dvd-player or vcr or whatever. watching tv is such a waste of time anyway.

gregDecember 30, 2006 11:18 AM

@kaukomieli

No, It does not revoke the keys from the player. But new DVD/blu-ray disk will use a key that the comprimised player dose not have. So new disks won't work *without* a patch.

Tommy McGuireJanuary 2, 2007 7:42 PM

Is this a big deal? Not really---if the crack really is just recovering keys from PowerDVD, a software player is an ideal candidate for revocation. Users are used to upgrading software, after all, even if they are not used to re-flashing (or trading in) their hardware DVD player.

This early in the life-cycle of the HD-DVD/Blu-ray technology, revoking a hardware player could very well be enough of a problem for consumer adoption that those who make such decisions would not want to do it. However, revoking a software player could actually help the technology---user's will not be too upset about having to upgrade, and "content providers" would be reassured that the protection technology works as planned.

By the way, if anyone is interested, Jeff Lotspiech (the "L" in "NNL") appears to have a tutorial on AACS---you have to request it by email and I have not done so. See his web site: http://www.lotspiech.com/

Connelly BarnesJanuary 4, 2007 7:31 PM

It seems clear that all reasonable outcomes involve (a) Copyright enforcement being maintained and (b) Nearly everyone pirating software and music. Thus one can argue quite convincingly that the current social dynamics serve simply to maximize hypocrisy -- everyone lies about piracy, breaks the law (and this is regarded as either a good thing or a necessary evil), and generally acts in a contradictory way. Those who do stop to question the ethics of the situation often assume that we partake in some sort of "Copyright war" and that to resolve the rampant nonsensical hypocrisy and sundering of civil liberties, point (a) should be abolished completely. (Those who stop to question the business efficacy of the situation naturally come to the opposite view). Of course using ethics and thought to try and resolve the situation is wonderful; to be praised; however, this particular suggested solution is entirely unrealistic as the average American wants his movies and his soda, and it's politically impossible to take away his movies by abolishing point (a), because he forms the majority of the population (and everyone knows that Americans fly into murderous rampages when you try to take away their movies or sodas). A more realistic solution is to acknowledge the hypocrisy carried out by nearly everyone (we're all guilty, all criminals), and consider Copyright infringement not so much as a criminal offense as the cost of doing "business" with society, i.e. fines should be nominal and people after being fined should not be discouraged from continued piracy, as it is the norm after all. The current solution that everyone seems to be "following" is to support either end of the "war," and the problem with following this solution is that the war is inherently unbalanced: the pro-Copyright side of the war will always win legally due to political and business dynamics; however, the winning side can ONLY gain new territory in the war by eroding basic technological liberties. This is a really bad situation to be in (i.e., legalistically losing a war by having the legal system be eroded by hypocrisy, where one can predict that it is impossible for there to be any outcome other than that the war will be lost legally, and by having every loss in this war manifest as a loss in the basic liberties available to those using technology). Thus I'd encourage people to see piracy as neither ethically reprehensible nor beneficial but simply as the expected group-theoretic outcome based on how our society works. As the "hypocrisy" is intrinsic in how our society is structured, it makes sense to not call it hypocrisy, to decriminalize it, and to regulate it instead.

Connelly BarnesJanuary 4, 2007 7:55 PM

Or, I could simply renounce my evil ways and delete my MP3 collection, or retract my head like a turtle and keep a low profile, thinking as most people do that the Man is made of Teflon (R) and hence nothing sticks to him. However, I think we all have MP3s in our closets, so I thought it might be better to have a discussion of the topic that ignores the war and focuses on the down-to-earth problem of everyone breaking the law (I think this is a problem, as I don't think people should disrespect the law, but if the law is being used as a pawn in a war of special interests, then people will naturally tend to disrepect the law).

Connelly BarnesJanuary 4, 2007 8:07 PM

Finally, I'd think it would be great if AACS were cracked, as in ten years this may let me watch movies on VideoLAN in peace and calm instead of fighting a depressing battle with some spyware and adware infested commercial gimmick of a program. (But wait, VideoLAN uses libdvdcss, so it's illegal, right? It's hard to get anything straight in the fray of the battle...) Also, it's nice to have those basic technological freedoms, just in case you need them. You never know when they might come in handy.

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier