Monday, January 08, 2007

AACS Cracked?

It seems that AACS has been reported to be "cracked". Someone by the name of muslix64 claims to have created a program that:
is a tool to decrypt a AACS protected movie that you own, so you can play it back later using an HDDVD player software.
He also says right up front that it's not complete as-is:
This software don't provide any cryptographic keys, so you have to add your own keys.
There used to be a video on YouTube that showed it being used, I imagine. I haven't seen the video. The link to the YouTube now shows:
This video has been removed at the request of copyright owner Warner Bros. Entertainment Inc. because its content was used without permission
If it's not clear, I haven't looked at this too hard. While it's interesting on some levels, I'm not interested in digging into the tech details just yet.

What I find interesting is some of the reactions.

Freedom to Tinker:
Typical users can’t extract title keys on their own, so BackupHDDVD won’t be useful to them as it currently stands — hence the claims that BackupHDDVD is a non-event.

Slashdot (comments):
the very clever fellow just implemented that publicly available decryption routine, and also discovered an (as of yet unreleased) method for obtaining decryption keys.
and
Yes, and the Engadget article that is TFA is mistaken... He didn't supply any keys, just disc IDs (to map to human readable names of the discs). The place where the keys would have been were all stubbed out with all nulls.

If this is a crack for the DRM, then GPG is a crack for PGP.
For the record, there was some confusion about whether the program shipped with any decryption keys or not. The Freedom to Tinker guys say no, I'll take their word for it.

Now, the Freedom to Tinker guys certainly know the score, and I hope I'm not making it look otherwise by quoting them out of context. But the general feeling from some portion of the people reading about this is that it isn't a proper crack; it doesn't come with keys. They can't use it.

They're missing the point, and what the guy is up to.

The people who complain that they can't use it without keys are also likely going to need a GUI app that rips HD DVDs to MPEG files with a single big green button. As near as I can tell without trying it myself, this program looks something like a GUI with a button. Just add keys.

So, where do you get keys? You get them from existing players, either hardware, firmware, or software. Who knows how to do that? Well, I could probably figure it out, if I had enough time. Please note that I'm not offering to find keys for you, I'm just saying that there are lots of us who do reverse engineering, who could probably figure it out.

So, the programmer attempts to keep the most controversial piece of his code modular and updatable. Other people can supply the keys. Maybe he even hopes that he can escape some trouble by not having it be fully functional out of the box. I wish him luck with that, though it's not without precedent. There are a number of MP3 rippers that don't directly include the patented MP3 codec, and they require you to go find a copy of the LAME libraries which do. The CD ripper programs say they don't include the codec, and the LAME project says you may need a license for your ripper. I tend to think that the MP3 patent holders have just decided to be nice about it.

A few points to make:

Is it in any way surprising that AACS is cracked/decodable/implemented in a program that doesn't play the MPAA's way? Not, not at all. It's inevitable. That's the basic problem with DRM. They give you a file that you're not supposed to be able to decode or decrypt. And then they hand you a decoder. Sure, they are hoping you won't look inside. But people are curious, and they like to be able to store their files on their own terms.

Is this a "crack" in the proper sense of the word? Well, when I was a kid, "cracking" meant removing copy protection from floppy disks. So in that sense, yes, this is a proper crack. It's working around the little trick that is supposed to keep you from doing things the easy way. Now, if you're talking about something like cracking the security of a program (finding a vulnerability) or "cracking" a crypto algorithm (better term is "break"), then no, this is not that kind of crack.

But that's not how you break DRM. You break DRM exactly like this guy did, by replicating the algorithm and/or keys. Sure, if there is ALSO a software vulnerability or bad crypto, that's interesting too. That happened with CSS, for example (crypto weakness.) but you don't need that to get around DRM. You just need to replicate the function of the player.

Frankly, when I simultaneous learned about this AACS crack and that there are a couple of existing Windows HD DVD players, it was obvious what happened. If you want to keep a secret, do not stick it in a Windows program. Reverse engineers LOVE to take apart Windows programs. If you're going to try and simultaneously keep a secret, and distribute it to every household in the world, then at least stick it in a secret ROM chip so that the likes of a Bunnie Huang are needed to get it out.

So why is this different than PGP? because you don't encrypt something with PGP, and then give a copy of the decryption key to everyone in the world, and ask them not to look. It wouldn't matter if every HD DVD came encrypted to your personal key either, since you have no incentive at all to keep the movie encrypted. What do you care if you give out the plaintext version of a movie?

So, what happens now? Well, the AACS designers aren't all that stupid, they were aware this would happen. So there is a key revocation feature out there. This is where my ignorance kicks in. I don't know exactly how this feature works, but I'm going to make some educated guesses.

There must be some set of keys in a Windows HD DVD player or physical device. I'm sure the AACS people issue a set to every vendor or manufacturer. The goal of the evil hax0r here is to swipe those keys, and probably give them to their buddies or post them on the Internet. So the AACS people figure out which keys have been leaked, and they revoke them. I'm guessing that on the next Disney DVD is a revocation list which the players will obey.

Now, does that mean if the evil hax0rs stole the keys from a Panasonic HD DVD player, that the AACS people have to disable that player? Is it all Panasonic devices, or just that model, or just North American versions of that model, or what? The exact details probably aren't important. I think what it means is that yes, some legitimate Panasonic owner buys a legitimate DVD, and next thing they know, their player is bricked.

Can they seriously be planning to do that? I can't see any plan where they can simultaneous cause the bad guys any significant trouble, and avoid screwing innocent customers.

And that's why DRM sucks.

1 comment:

Rael said...

A year after posting, your entry was a cool reminder of what people felt at the start of 07. And your $.02 seemed to have been felt by millions (formerly) under AACS' sway!
2007 is really the year of AACS' undoing. From late 2006 to 2007, we were full of DVD Jon, Muslix64, the Dig crack code, etc., aside from the file-sharing lady arrested mid year I think. With all that, I wonder how AACS will end up?
Maybe these actions are partly the reason why the AACS people have yet to announce a final standard as of year end.
Here's my toast to 07's innovators, not the least among them Oppo's DVDs, for the region-free DV-970HD hovering near $150. But it was the Oppo DV-981HD that CNet.com and ConsumerSearch.com were in agreement with.
Re: the disc wars, do we walk CNet's way? dvd players reviews