One key to rule them all
February 15, 2007 2:06 PM   Subscribe

One key to rule them all - As if the previous crack wasn't enough, now it's been discovered that there's a single key that can crack all HD-DVD and Blu-ray DVDs.
posted by Steven C. Den Beste (66 comments total) 1 user marked this as a favorite
 
Found here, and I shamelessly stole his title. (It's OK; Aziz is a friend.)
posted by Steven C. Den Beste at 2:11 PM on February 15, 2007


Note however, that this key can be revoked by AACS (the people who issue the keys in the first place). But its only a bandaid really, as long as software players continue to exist, it will be possible to crack them and get the keys. They can make it extremely difficult, but any dedicated cracker will find it, even if they have to watch the CPU registers every cycle.
posted by SirOmega at 2:15 PM on February 15, 2007


This is still theoretically subject to key revocation, isn't it?
posted by mr_roboto at 2:17 PM on February 15, 2007


Awesome.
posted by loquacious at 2:17 PM on February 15, 2007


This is where I get to say, "This is my surprised face."
posted by Faint of Butt at 2:19 PM on February 15, 2007 [2 favorites]


It's good that weakness in security is revealed and discovered, but in the end, we're talking about 20-40Gb files just for a movie, and I'd need a $1000+ burner and a $600+ player just to view the thing.

I know, I know, someone could have said the same thing about decrypting DVDs in 2000, saying that 4Gb of files was just too much and DVD players cost an extreme amount of money and we can all laugh at that now, but for the moment, hacked blu-ray or HD-DVDs are pretty much worthless and I'd rather buy them.
posted by mathowie at 2:21 PM on February 15, 2007 [1 favorite]


Mathowie, by the time you've completed downloading a single 40gb torrent, prices should have dropped to the point where it's economical ;). See you in 2010 with my new movie collection, suckers.
posted by klangklangston at 2:24 PM on February 15, 2007 [1 favorite]


Bandwidth & storage are both cheap (theoretically). Like you said, the file size will be a moot issue in a couple of years. But the real impact here isn't practical, it's abstract: the idea that this security was broken in a matter of weeks is a fairly powerful deterrent to companies looking to implement cumbersome, costly, annoying DRM.
posted by synaesthetichaze at 2:27 PM on February 15, 2007


Unfortunately, the most pernicious fallout of this is probably going to be that MPAA is going to start pushing again for end-to-end hardware-enforced DRM, mandated by law.
posted by Steven C. Den Beste at 2:33 PM on February 15, 2007 [1 favorite]


It's worth pointing out that DRM isn't designed to keep your 'leet super-hacker from burning himself a copy of Charlie and the Chocolate Factory.

It's to keep your mom from doing it.

And with the DMCA, the DRM doesn't even have to be good. Cracking it is probably illegal no matter how trivial it is.
posted by bshort at 2:33 PM on February 15, 2007


I love the faces videophiles make when I tell them that I don't think HD content is particularly thrilling, and I have no plans to own an HD device this decade.

For the most part, entertainment is about symbols. These symbols can be transmitted clearly in decidedly lo-fi ways. The people obsesing over image quality aren't seeing the forest for the trees.
posted by mullingitover at 2:34 PM on February 15, 2007 [4 favorites]


The file size is already becoming a moot point. Once you've ripped the HD-DVD or Blu-ray, it can be re-encoded at a lower bitrate. I've seen H.264-encoded HD video and that looks absolutely fantastic, and is not that huge (<1.5GB per 1 hour of 720p). 4GB would be plenty of space for a 2 hour movie at good rates. Hook a decent PC up to your HDTV via DVI and you're golden.
posted by zsazsa at 2:35 PM on February 15, 2007


mathowie : "I'd need a $1000+ burner and a $600+ player just to view the thing."

...or the ability to mount the file as a virtual drive on your PC. No burner, no blank media, and no player necessary, besides two pieces of software: one to mount the image, and the other some sort of HD-DVD compatible media player. As long as you're willing to watch on your monitor instead of TV, burning media becomes mainly an archival action, not a part of the viewing process.

(Note: I don't know if those exist yet, but since there are DVD mounting programs (freeware, even), and DVD playback software (also freeware), I doubt that the BlueHD-DVD software is too long in waiting)
posted by Bugbread at 2:36 PM on February 15, 2007


This is almost as bad as that revolutionary Phillips copyproof cd technology which could be bypassed by a drawing a line on the disc with a marker pen.
posted by fire&wings at 2:37 PM on February 15, 2007


Bandwidth and storage is a moot point for myself and millions of other people. I mean I have a 30Mbps connection and 4TB of storage space. I'm ready for the flood of high-def torrents to begin.
posted by aerotive at 2:37 PM on February 15, 2007


mullingitover, can you then explain why people go to the movie theater? Personally, i do it because there's a big difference in the completeness of the image. And because the film was made to be seen that way.
posted by gorgor_balabala at 2:38 PM on February 15, 2007


as long as software players continue to exist, it will be possible to crack them and get the keys.

Fixed.

Hardware may be harder and require a bit more specialized knowledge and tools, but it's still just as doable as software.
posted by phearlez at 2:39 PM on February 15, 2007


as long as software players continue to exist, it will be possible to crack them and get the keys.

Fixed.

Hardware may be harder and require a bit more specialized knowledge and tools, but it's still just as doable as software.
posted by phearlez at 2:39 PM on February 15, 2007


"It's to keep your mom from doing it."

It doesn't matter, once the movie is decrypted for one person, its decrypted for everyone.

If the media companies would just realize that the public will have easy access to movies/music anyway and provide a cheap, legal alternative to P2P, they could make buckets of money.
posted by Exad at 2:43 PM on February 15, 2007


What's especially problematic is that HD quality video can be viewed in avi format, compressed with DivX and the like, so:
- Even if your mom can't crack it, someone can
- Even if your mom can't rip the video from the now un-copy-protected file and make an avi file out of it, someone can
- That person can torrent it
- Most of the target audience of HD video can figure out how to download a torrent pretty easily
- Once you've torrented an avi or otherwise plain-vanilla video file (as opposed to an image file or some other crazy stuff), all you have to do is double-click it to watch it.

So, sure, casual cracking is ruled out, but once cracking is made easy for the middle-core folks, with a cracking tool, then it's trivial for the cracked file to get into the hands of casual viewers.

The problem, even now, isn't that there are a massive number of people cracking DVDs. It's that there is a small to medium number of people cracking DVDs, and a massive number of people downloading those cracked products.
posted by Bugbread at 2:52 PM on February 15, 2007


The real conflict here is conceptual. The media producers have become used to thinking of their products as capital assets, and their business models are built around the idea that they make an upfront investment to create those capital assets and then milk them for revenues essentially forever.

As usual the porn industry is leading the way to the future. Porn producers know that their product is a wasting asset, whose value to customers wanes. Five year old product is worthless, and the only way to keep the customers coming back is to crank out new product constantly. The value of a porn producer to customers is based on the first derivative, and customers will pay for a constant rate of new product release.

For non-porn media makers, that means a very radical shift in world-view, as well as a major overhaul of their entire business model. That's what they're trying to resist, but not even the MPAA can stop the incoming digital tide.
posted by Steven C. Den Beste at 2:56 PM on February 15, 2007 [2 favorites]


Once you've ripped the HD-DVD or Blu-ray, it can be re-encoded at a lower bitrate

Meh, why download 20Gb of HD-DVD when you can just grab the standard DVD at 4Gb, especially if you're just going to chomp it down to a 600Mb xvid. Then you have to wonder why you aren't just hunting for xvids instead of even touching the original movie.

Trading HD content is for leet home theater nerds that want the full def content. It's not something anyone should be re-encoding, because it's just a waste.
posted by mathowie at 3:01 PM on February 15, 2007


DRM doesn't keep your mom from copying DVDs -- anyone can go to Wal-Mart and buy cheap and easy-to-use DVD-ripping software. At best DRM keeps your mom from becoming the first person to copy a particular format.
posted by aaronetc at 3:05 PM on February 15, 2007


As the previous metafilter post says, muslix64 got fed up when his new television refused to play HDDVDs, because of DRM problems. The way this DRM crap got deployed, this is going to be a very common problem for people who've bought HDMI televisions and care about getting the best-quality output from them. It's not just useful for making illegal copies, yo. Some day, I imagine I might want to be able to play an HD-DVD on my computer, which will not be running Windows. Getting DVD's to play on Linux was after all one of the motivations for the people that cracked CSS.

But anyway, that old DVD crypto scheme has been thoroughly broken for a long time now, and I don't exactly see it having any measurable effect on the number of discs they're selling.
posted by sfenders at 3:07 PM on February 15, 2007


I just watched the last 4 episodes of Heroes last night. Each one was a 349MB .avi file. I watched them on a 1024x768 data projector connected to a 2001-model laptop (just young enough to have a DVD drive and be capable of displaying video), hooked up to an amplifier and a couple of concert hall speakers that date from the late 80's. It was great.

I expect watching it on a HD TV and HD-DVD player with Bose surround speakers would have improved the experience a little, but not so much as a couple of more comfortable chairs would have.
posted by aeschenkarnos at 3:09 PM on February 15, 2007 [3 favorites]


mathowie : "Meh, why download 20Gb of HD-DVD when you can just grab the standard DVD at 4Gb, especially if you're just going to chomp it down to a 600Mb xvid. Then you have to wonder why you aren't just hunting for xvids instead of even touching the original movie."

I'm no videophile, so I can't really put much weight behind this, but:
"Lost" (piece of shit that it has turned out to be) is a 45 minute long TV show (minus commercials). The rips of it on the net are generally recorded from HDTV. When I watch them on my PC, they are indeed pretty good quality, and the size is (I think) 720 x 1280, which is HDTV size (I may have that size wrong, but it's definitely not 640 x 480, which is DVD / standard TV quality). Those files are around 400 Meg. So an HDTV rip at 1 GB doesn't seem outlandish, and it would be in much better quality than a 640 x 480 DVD rip.

That is, even if you chomp down an HDTV, you'll still probably get better-than-DVD quality, at less-than-or-equal-to DVD size. And if you're going to download the same 4 GB anyway, who wouldn't prefer a 1280 x 720 rip instead of a 640 x 480 DVD image? You don't have to be a videophile to want a better picture for the same amount of download time and effort.

(I don't have an HDTV, so I don't know how much the quality difference is, but on a computer screen, it's pretty clear...or perhaps that's because I have an LCD screen, so displaying things out of their native resolution makes them look more like crap than they should).
posted by Bugbread at 3:20 PM on February 15, 2007


This is great, I've got a 1900x1200 monitor and after downloading Pat Metheny's The Way Up concert in 1080p I am totally addicted. Who cares if it's 315megs for 4 minutes of video, time I have a aplenty. Bring on the HD torrents.
posted by Null Pointer and the Exceptions at 3:21 PM on February 15, 2007


I've been trying to avoid hopping on the HD bandwagon, or more specifically I've been waiting to jump directly from my standard def TV to a 1080p projector. I'm holding out in the belief that it won't be too much longer before someone makes the switch from the standard projector lamps to high output LEDs. (The expense of replacing those pricey lamps has been the primary force against my snapping one up once they got below a thousand dollars).

At this rate, by the time HD-DVD and Blueray burning becomes economically feasable, I'll just be in a position to care. For the moment, it's a neat intellectual exercise that they broke it, but nothing that is going to change my life anytime soon.
posted by quin at 3:49 PM on February 15, 2007


Who cares if it's 315megs for 4 minutes of video, time I have a aplenty. Bring on the HD torrents.

Bingo. I don't need to watch it right now this minute. I'm happy to leave it downloading in the background for a week or two. And that 25 GB rip of Batman Begins looks very, very nice on my 37" 1080p monitor -- noticeably better than that 800 MB DivX version. Sounds better, too.
posted by solid-one-love at 3:58 PM on February 15, 2007


Monster's Inc is only 4.5 GB in 1080p H264 (ripped from BBCHD, not a HD disc). I've heard it's ridiculously awesomer than a DVD rip that's the same size.
posted by smackfu at 4:01 PM on February 15, 2007


Recently I was over at a friend's home, and noticed he'd gotten the HD-drive for his xbox 360. I immediately asked to see something HD, and was instantly aware that what we were seeing on screen was NOT 1080i, or even 720p. So, he starts looking thru the setup options on the xbox, and sure enough, it was set to 480; he goes to change to 1080i, screen flashes blank, then back to the usual "do you want to keep this change" dialog. He's all ready to go back to the movie, but I point out the status text still says 480. After a couple of tries, we notice that some text we thought was just useless flavor, actually was an error message about his cable not being set for HD support. I ask him, "did you flip the switch on your cable?"

"What switch?"

"Yeah I noticed when i got my 360, there's a switch for HD on the output cable."

Sure enough, flip the switch, and now the setting change actually would take place, and even the xbox dashboard was obviously improved. Back to the HD movie, and the difference was truly astounding. Meanwhile, my buddy is kicking himself for playing all the way thru several games in only 480, on his big HD LCD.
posted by nomisxid at 4:14 PM on February 15, 2007


DRM doesn't keep your mom from copying DVDs -- anyone can go to Wal-Mart and buy cheap and easy-to-use DVD-ripping software.

Is that true? DVD Ripping software is a violation of the DMCA, I'm having trouble imagining that it's really sold at walmart...
posted by delmoi at 4:38 PM on February 15, 2007


Meh, why download 20Gb of HD-DVD when you can just grab the standard DVD at 4Gb, especially if you're just going to chomp it down to a 600Mb xvid.

Because you're not going to chomp it down to a 600 MB xvid. What you'd do is re-encode it to the size of a DVD (or DVD-9).

So your choices are, a DVD with a 720x480 DVD-resolution movie (MPEG-2), or a DVD with a 1920x1080 HD-resolution movie (XViD / h264). You need someone to explain to you why that might be advantageous?
posted by Civil_Disobedient at 4:40 PM on February 15, 2007


I know a friend who is downloading ~15GB .ts (transport streams) or .mkv (matroska video format) files of current 1080i and 1080p movies from newsgroups. He says each has only taken a few hours to download. He's playing them back with VLC on a Mac Mini Intel Core Duo to a Samsung 61" 1080p DLP rear projection system.

Granted, most of these are caps from HD cable channels, but he's seen some which are labeled as HD-DVD rips.

They look and sound fantastic.

Or so he says.
posted by tomierna at 4:50 PM on February 15, 2007


delmoi : "DVD Ripping software is a violation of the DMCA, I'm having trouble imagining that it's really sold at walmart..."

I think it's only a violation of the DMCA if you rip a protected DVD. Ripping an unprotected DVD is perfectly legal, as far as I know. (For example, I sent my parents some video of my son, on DVD so they could watch it on their TV. There's no protection enabled, nor any region. If they decided to become computer savvy, they could use DVD ripping software to turn that DVD of mine into an mpg file or the like.)

To rip a protected DVD, you'd need ripping software (legal), and protection removal software like AnyDVD (legal or illegal, I have no idea).
posted by Bugbread at 4:57 PM on February 15, 2007


All this talk of 600MB divx files prompts me to ask: has something revolutionary happened to video file archiving recently? Because there are suddenly a whole lot of 600-700MB files with fantastic looking video in them, and I'm used to a somewhat crappy picture on anything less than a 4gig file.

My friend. My friend is used to this.
posted by dreamsign at 5:35 PM on February 15, 2007


delmoi: It was true the last time I went to Wal-Mart, which was a few years ago. I do know that my grandpa inexplicably developed a DVD renting-and-copying hobby in his last years, which involved Wal-Mart-bought software.

bugbread: You are wrong about those sizes. The typical hour-long program XviDs you'll find for download are generally 624x352 and about 350MB.
posted by aaronetc at 5:48 PM on February 15, 2007


The original MPEG 2 specification was a tradeoff between image quality and the amount of compute power that was needed to encode it, and even more so to decode it. At the time that MPEG 2 was specified, computers were a lot slower than they are now. DVDs use MPEG 2, and when player programs for computers first came out they used to specify that they needed a 400 MHz Pentium II -- which was a very fast computer at the time.

MPEG 4 is a different tradeoff. At the time that MPEG 2 was specified, they knew how to do it better but doing so wasn't practical. Now it is. It's computationally far more complex both for encoding and for decoding, but in exchange you get a vastly cleaner result from a much smaller file. "DIVX" is one of the companies that sells MPEG 4 codecs.

WMV doesn't use MPEG 4 but it's similar and makes the same tradeoff towards using more computing resources in order to get better compression and better image quality. And I think Apple has a comparable format.

It's not really a "revolution", so much as a tipping point.
posted by Steven C. Den Beste at 5:52 PM on February 15, 2007


Most MPEG-4 codecs can make the video look really good and the file size end up being really small.

Its quite possible to recode one of these HD movies to 4GB for 720p + 5.1 audio. Probably 6GB for 1080p instead.

6GB/movie is nothing. 1TB drives will be out shortly, and thats 150+ movies. Combine with the new generation of STBs like AppleTV, Netgear's new offering and the Xbox360 could really make home media servers and your media everywhere practical. (I could go on for a while about what no DRM would really mean to our lives - I had an epiphany at CES this year).
posted by SirOmega at 5:54 PM on February 15, 2007


Thing is, the crypto being broken is entirely irrelevant to what kind of stuff will be available for download, which is everything popular. If you can see it, you can copy it. If pointing a high-speed camera at the display and writing software to reconstruct the data from its output weren't so much more difficult than cracking AACS, you know somebody would start doing it.
posted by sfenders at 6:04 PM on February 15, 2007


mathowie, your post says no, but your favorite says yes...
posted by NortonDC at 6:06 PM on February 15, 2007


Some notes on "what's so great about encoded HD":

In general (the returns diminish at lower output resolutions) the data available in an HD source versus a DVD source also creates better quality MPEG-4 encoding due to greater overall information available for motion estimation and quantizing.

So, if your output resolution is 720x480 then an HD (1920x1080) source has mathematically less distortion in the end product than a DVD (720x480) source. The computational power required to take advantage of that information is significant but, as noted above, much more common now than when early MPEG standards emerged.
posted by abulafa at 6:17 PM on February 15, 2007


Replace "MPEG-4" above should with "any DCT-based, macroblock sampled, motion-estimating encoding scheme." That includes WMV, Apple's licensed Sorenson and newer MPEG-4 codecs, H.264 and so forth. It also technically includes frame-based encodings like Motion-JPEG if you remove the motion-estimation part.
posted by abulafa at 6:23 PM on February 15, 2007


the most pernicious fallout of this is probably going to be that MPAA is going to start pushing again for end-to-end hardware-enforced DRM

That's already happening. The broadcast bit bastards are trying to get the force of law. And Windows Vista is saddled with a huge amount of DRM nonsense, including expensive hardware additions; not quite law, but the next best thing.

What sucks so much about this stuff is that while the pirates are now able to easily steal the new movie format, legitimate use is still hampered by the ineffective DRM crap. Ripping a movie to a laptop to save battery life, taking high quality still images from a film, ... all forbidden. But rip a perfect copy and send it over BitTorrent? No problem!
posted by Nelson at 7:22 PM on February 15, 2007


It doesn't matter whether this makes downloading high definition DVDs feasible or not. What's important, and what the MPAA member companies won't get, is that this is inevitable. Saying "Information wants to be free" is just a meaningless mantra and I cringe whenever I hear it. What's important is that a lot of people don't like to be restricted nor are they willing to accept that they're only leasing data. What's even more important to realize is that regardless of how many resources you invest into locking down data more resources will be invested into unlocking it. You're making a bet that your group of PhDs is more cunning than a collective of people, some of whom are also PhDs, talented and determined hackers and just plain dedicated individuals. If you have the resources of the NSA that might be true, if you don't you've probably made a bad bet.
posted by substrate at 7:36 PM on February 15, 2007 [1 favorite]


With ACSS they set out to not make the same mistake they made with CSS, and so they are prepared for keys to be broken like this. The key that arnezami has presented us with will decode all current HD-DVD content, but not future content, which will be encoded with new keys.

On the one hand, the new technology is better than the old since it doesn't have a single point of failure quite like CSS, but, on the other hand, they are setting themselves up for recurring public relations problems. The new keys will continue to be cracked and released in the press like this for the lifetime of HD-DVD.
posted by event at 7:50 PM on February 15, 2007


event, because the technique that's been successfully applied here (and explicitly described by its originator) applies to any future keys they may use, they can change keys but they can't hide them. The technique is the single point of failure. And it's AACS.
posted by NortonDC at 10:50 PM on February 15, 2007


In case anyone's interested, arnezami's analysis.
posted by sluglicker at 11:24 PM on February 15, 2007


My bad. I looked through the comments here for the link to arnezami's post and didn't see. After I posted, I was thinking that it was odd; it not being here. Then it occured to me that it had to be on the first link of this post, and of course it was. Sorry. I usually end up doing things the hard way.
posted by sluglicker at 11:37 PM on February 15, 2007


I've downloaded some hd rips of the anime Ergo Proxy, at around to 700 mb per hour in h.264 format wrapped in a .mkv. I'd have to disagree about the quality of hd rips. There is a lot of excellent detail in the contours of animation, but the rip had a lot of color banding (more so than the lo-res dvd). Most scenes in the 720p rip looked better but in many others the plain old dvd looked better. And considering that Blu-ray and HD DVD use a lot of compression themselves I don't think "shrunk down" videos are going to be that great compared to the HD originals.
posted by bobo123 at 11:43 PM on February 15, 2007


Yes, exactly, NortonDC. To be sure, the single point of failure with any DRM is that DRM is fundamentally impossible.

My point above is that they made a strange tradeoff when they upgraded to ACSS. With CSS, once it was broken, that was it. With ACSS, we will see a period of working ACSS, followed by a hacked key and lots of talk in the media, followed by a period of broken ACSS, after which the keys will be changed and then we repeat.

The result, as far as I can tell, is the same as what happened with CSS (movies will certainly be no more protected) except with more bad publicity.
posted by event at 11:48 PM on February 15, 2007


substrate got it right. Information does not long to be free. It was a clever mantra that never actually compelled anyone to care about the Cause. But the thing is, information has no opinion here/

Raw data on the other hand has proved that the MPAA and the RIAA have no real say in what is and what is not viable in terms of our technology. Their lackeys have created a crippled system in Vista; that will eventually prove how screwed their concept is. Meanwhile, the rest of the world will continue downloading quality TV and DVD rips of the works they don't want us to see.

They keep trying to stop people from watching the media they produce, and with every step they force their customers into a place where it just becomes easier to take rather than buy.

In 20 years, this will be an Economics classroom's textbook example of how to not do business.
posted by quin at 11:57 PM on February 15, 2007


How did these two consortia, apparently locked in battle, come to collaborate on their choice of encryption system?
posted by beniamino at 3:11 AM on February 16, 2007


aaronetc : "You are wrong about those sizes. The typical hour-long program XviDs you'll find for download are generally 624x352 and about 350MB."

Okay, I'll take your word for it (not at my home computer, so I can't check). But I am positive that the HDTV Lost episodes come in at well under a gig, so an HDTV movie would presumably clock in at less than 2 gigs, correct?
posted by Bugbread at 7:32 AM on February 16, 2007


Can someone please explain how a key can be revoked? I understand the technical side (I think), I just don't understand the legality. The key is tied to the player correct? So hackers find the key, and then use it to break the DRM. The AACS then revokes the key, meaning all future HDDVD/BluRay is encrypted without the key, right? But doesn't that break the player? And if so, shouldn't it be illegal for the industry to basically deactive machines people have paid several hundred dollars for?

Perhaps consumers will be able to upgrade their keys somehow, but that seems like a pain in the ass for the end user, especially if keys are getting hacked regularly.

So am I completely wrong on how this works, or does the average consumer have no clue their precious drive could become an expensive paperweight whenver the AACS wants?
posted by Crash at 7:41 AM on February 16, 2007


Crash, when a key is revoked, it means new discs aren't manufactured with that key, not that discs using that key won't play anymore. People with pirated dvd's don't have the key anyways, so refusing to play real discs with that key wouldn't touch them.
posted by nomisxid at 8:22 AM on February 16, 2007


bobo123, 700MB per hour really isn't enough for 720p with h.264. 1.1GB to 1.5GB per hour, which is what I've seen most stuff posted as, will get you very good looking 720p video.
posted by zsazsa at 8:47 AM on February 16, 2007


But I am positive that the HDTV Lost episodes come in at well under a gig, so an HDTV movie would presumably clock in at less than 2 gigs, correct?

I only ever download the baseline 350MB/hour files, but from memory there are three more options for TV:

* roughly 700MB/hour for high-res XviDs, generally with AC3 audio
* roughly 1400MB/hour for h264
* roughly very big for transport streams

For movies, you're talking about 700MB for 90-120 minutes. This is all perfectly fine quality for me on my 27" regular TV. Some artifacting, but much better than regular cable quality. I fully grant, however, that audio/video nerds will probably feel differently.
posted by aaronetc at 8:50 AM on February 16, 2007


I've downloaded some hd rips of the anime Ergo Proxy

Anime, or any other animation, is particularly tough for the video compression algorithms. It tends to have sharp outlines and "perfect" gradients that both look bad with the normal compression tricks.
posted by smackfu at 8:54 AM on February 16, 2007


Ed Felton at Freedom to Tinker breaks down the latest AACS crack. Apparently this crack will probably be able to open all the discs currently in distribution, but will be vulnerable to key revocation.

Crash: as I understand it, "key revocation" works like this: all discs can be encoded with a blacklist of player keys. Once The Powers That Be trace back a crack to a specific player, they add its player key to that blacklist. The legality of this is probably covered by some kind of shinkwrap-license. Not that these assholes really seem that concerned with legal niceties.
posted by adamrice at 8:55 AM on February 16, 2007


Okay, now I'm thoroughly unclear on this whole key affair:
1) Players have keys
2) HD-DVDs come with a list of keys that they can accept.
3) If a player is compromised, its key is removed from the master list for making new HD-DVDs. So old ones will work on the player just fine, but a new HD-DVD will have that key blacklisted, and won't play.

Is that about right? If so:

1) There is, presumably, a big-huge list of keys on the discs, which they would slowly whittle down by revocation. Is it possible that they would just plain run out, as each key got revoked?
2) If you're using some sort of software cracking software, aren't you just removing the protection itself, so that your HD-DVD no longer cares what player it's playing on? (Or, more properly speaking, the player/software don't care that the DVD in their drive is ostensibly protected)?
posted by Bugbread at 10:57 AM on February 16, 2007


Ah, never mind. That Freedom To Tinker site has a clearer explanation than I've read so far, so it'll probably answer my questions.
posted by Bugbread at 11:17 AM on February 16, 2007


Based on what I just read from the "Freedom to Tinker" post (linked above) the Holy Grail for the crackers would be to get hold of a device key.

He says that future DVDs could then eliminate support for that device key, but if I understand it right, the device key is associated with a model of player, not an instance of that model. In other words, if the certifying authority revokes a particular device key, then it means that every owner of that model of player ceases to be able to play new discs when they're issued. (If I'm misunderstanding that, then everything else I write here is completely wrong.)

Yes, they have the technical ability to do that. The question is how consumers will respond to that. In essence, the certifying authority says, "One player of this model was used to crack HDDVDs, so we will refuse to let all owners of that model play HDDVDs released after a certain date."

In the extreme case that could involve hundreds of thousands of players, all of which would be rendered useless because their device key had been revoked.

I don't believe that would be sustainable. In fact, it sounds a hell of a lot like consumer fraud, and I think that attorneys general of various states would beat feet to the nearest court as soon as it happened.

But even worse damage would be to consumer confidence in the entire format. If the certifying authority revokes the device key for any model, and it becomes widely publicized (and it would be) then consumers considering purchasing new players would wonder how long it might be before that player might be rendered useless through device key revocation.

So it is technically possible for the certifying authority to revoke a key, but I don't think it's commercially possible, and it may not be legally possible without creating a tort.

Now I might be wrong, and it could be that each individual device has its own device key. But in that case, it means that there needs to be a data file on the HDDVD which contains gigabytes of data, consisting of a processing key encrypted by every device key ever issued and not revoked, plus all the device keys they ever expect to issue in future. That would be hundreds of millions of encrypted copies of the processing key. Which would be strange, not just for the sheer quantity of data involved (and the storage overhead on the HDDVD), but also because of the opportunity that would open up for a brute force decrypt attack.

But I don't believe it. There has to be a file like this, but I bet it has a few thousand entries, not hundreds of millions of them.
posted by Steven C. Den Beste at 4:06 PM on February 16, 2007


OK, I read the other posts on the Felton site, and it's not as simple as I thought. It's true that device keys can be shared, but they're not constant for a given model. And even though there will be a lot of device keys, it doesn't apparently require a gigabyte security file per HDDVD.
posted by Steven C. Den Beste at 4:39 PM on February 16, 2007


Well, the holy grail would be to get the keys off a hardware player, because it would lead to the problems you describe. So far they've only had success with software players, which obviously can just say "you have to update to play discs, sorry".
posted by smackfu at 10:41 AM on February 17, 2007


smackfu: Even with the hardware players, if I understood what I read, a revocation would cause a massive, massive headache for the hardware player's manufacturer, but it wouldn't be the equivalent of shutting down an entire model of player. Instead, it seems that a single model of player will still have a variety of hardware keys.

Still, we're still talking massive headaches for manufacturers, and lots of consumer rage. My guess is that they'll use the revocation ability on software, but not on hardware players. The PR nightmare would be nightmarish. Which means that the smart cracker, with skills, would avoid getting the device keys from the RAM of his WinDVD or PowerDVD and would instead wire up a physical rig to try to somehow grab the key from a physical hardware player. Much, much, much harder, I would assume, but you only have to do it once. Do it to the best-selling hardware player, and you've pretty much guaranteed that they aren't going to kill the key.
posted by Bugbread at 3:53 PM on February 17, 2007


« Older A rack? You mean titties? Like a really big rack?   |   Pandora Podcasts on music composition and... Newer »


This thread has been archived and is closed to new comments