back to article Latest AACS crack 'beyond revocation'

Hackers have found a way of circumventing the AACS copy prevention technology used by next-generation DVD disks. Unlike earlier breaks, the latest crack can't be papered over simply by pushing key revocation updates. Advanced Access Content System (AACS) encryption forms the cornerstone of the content protection technology on …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Has the penny not dropped yet??

    When will it hit the heads of the greedy 'licensed content' owners, that it would be more profitable to dramatically reduce the price of the content and invest in a HUGE download facility so that the multitude of, generally law abiding, people can obtain the content when they want it.

    I for one, would pay the micro-charges to get my copy of LOST from a, dare i say it, reliable and legal source.

    The truth of the matter is that someone has to pay for this content and wether we buy a DVD in a box or download it from a torrent site, we will still pay for the bloody thing via a different mechanism, higher prices for other goods or reduced quality.

  2. Morely Dotes

    It's worse than they can possibly imagine

    While they may be able to stop Internet publication of the key (bloody unlikely, but not completely impossible), the cat's out of the bag. There is no law that permits a software copyright holder to prohibit the wearing of items of apparel:

    And I am sure there are others.

    Several of the shirts have already shipped. It's a Federal crime to tamper with the mails. Want to see if you're too big to be busted by the Feds, AACS LA? Come on! Intercept my mail and see what happens!

    But wait! There's more!

  3. James

    Unwinnable position

    The sad irony is that the copyright owners can never win if they want us to be able to play their content. Any cryptographic system can be reduced (roughly) to

    CipherText + Key + Algorithm == PlainText

    We buy the CipherText as the DVD, the algorithm is pretty public and not problematically so. The strength is all in the key and if we want to watch the DVD on a consumer device we must have the key *somewhere*. All we have to do is find it and the system is broken. Since the producers want us to keep buying and watching DVD's they'll have to keep giving us the keys to do so and the whole exercise is utterly futile.

    Funny to watch the likes of AACS LA squirm as they learn a painful lesson in information theory though :D

  4. Gareth

    Erm, apparel /is/ copyrighted

    "There is no law that permits a software copyright holder to prohibit the wearing of items of apparel"

    False. Copyright does indeed cover images which are printed on apparel - I couldn't print up a t-shirt saying "Coca Cola" or "Gucci" without requiring a license to use said copyrighted material.

    The Feds can also seize items from the mail in certain circumstances. It's just illegal for us peons to tamper with mail.

    Having said that, screw the AACS, MPAA, etc. If you can view it, you can copy it.

    And I'd not be willing to pay for P2P downloads either - at least unless I'm compensated for the use of my upstream bandwidth in the form of lower prices or outright payment.

  5. Anonymous Coward
    Anonymous Coward


    I see no way that the arbitrary hex string (or its decimal equivalent) can be copyrighted, at least not in the US. For copyright, there must be an element of originality, and the claiming of numbers and suchlike is expressly prohibited.

  6. John Ridley

    Soldering apparently not necessary

    Several people on another article on the subject say that the desoldering attack is old news, and a few days after it was published another attack was announced that was software only.

    Also it should be noted that it's not necessary for everyone who wants to crack AACS to have one of these hacked drives. All that's necessary is for someone, somewhere in the world, to have a drive, then use that drive to extract the key, then publish the key. Boom, everyone can decode the discs.

    If all this is true, they might as well give up, they've well and truly lost and all they're doing by revoking keys, etc, is irritating their legitimate customers by forcing equipment upgrades, and wasting their time and money. They won't be stopping a single person who wants to make backups of their discs.

  7. Anonymous Coward
    Anonymous Coward

    The good thing about all this DRM BS

    is that Microsoft have cheerfully slit their own throats by grossly encumbering Vista with DRM malware. They've finally crossed the line (jumped the shark, as it were) to the point where random consumers who don't know anything about technology can tell that Vista is a pile of shit which stinketh. Thus opening the door wide for Linux, BSD, Mac OS/X (somewhat), and anything else that hasn't drunk the kool-aid.

    Hi ho.

  8. foxyshadis

    Talking nonsense

    Gareth, that's trademark, not copyright! The key also has nothing to do with copyright, it was a trade secret; obviously not anymore though. If you stretch the law enough it could be considered a circumvention method, but rational judges would consider backuphddvd and its analogues the real circumventors.

    Diggers are just ignorant about different forms of IP, everything's copyright to them.

    And some people sound incredibly paranoid about the whole shirt thing. They're not going to send goons to shipping warehouses to open everyone's mail or steal boxes from mailboxes. Now, a judge could grant them an emergency injunction and force the postal service to stop al deliveries (if that's even possible), but how likely is that? Get a grip already, wear your nerd pride, and laugh as they repeat every mistake made with DVD.

    (I wonder how long until BD+ shows up and gets broken in turn.)

  9. Olof P

    They're not claiming it's copyrighted

    Just that it is a part of their protection technology, which it is illegal to publish due to the DMCA's anti-circumvention clause.

  10. Anonymous Coward
    Anonymous Coward

    The root of all Evil

    It is plain and simple Greed that drives copy-protection technology and perpetrators of it deserve to fail. Every product, if priced correctly will bring in a decent return for the vendor and if the product is good enough, will make the vendor very rich.

    There is a simple reason why a product does not sell - it is overpriced. Is it not better to remove all copy-protection, price it accordingly and let it generate a support industry so that everybody makes money, which in return, launches the industry to greater heights instead of artificially keeping the price of a crap product high to generate undeserved profits?

  11. Michael_K_Vegfruit

    Copyright, schmopyright

    Gareth is right, copyright applies to any medium. However, "Coca Cola" and "Gucci" aren't copyright, they're trademarks. Copyright exists to protects content, trademarks exists to prevent consumers being deceived. So, I could happily print T-shirts saying "Coca cola is horrible", and the trademark owner could do nothing about it - I'm not using the word to sell a product that pretends to be Coca Cola, and not even a 'moron in a hurry' ( would think I was.

    That's all beside the point here though, because neither copyright nor trademarks apply in this case. What does, are the 'anti-circumvention' provisions of the DMCA. These make it illegal, in the US at least, to develop, publicise or use tools for getting around DRM (or liberating your content).

    These nastygrams aren't being sent on the basis that people who publish this number are breaking anyone's copyright, or misusing a trademark to sell a counterfeit product, but because they are revealing how to get around a rights management system.

    That raises the question of whether the DMCA applies extra-territorially. IANAL, so I won't test that here (on a non-US site), but I'd be interested to know from someone who is.

  12. David Neil

    Copyright != Trademark

    **False. Copyright does indeed cover images which are printed on apparel - I couldn't print up a t-shirt saying "Coca Cola" or "Gucci" without requiring a license to use said copyrighted material.**

    Bzzz, Coca Cola and Gucci are trademarks, these are covered by seperate rules to copyright

  13. Francis Litterio

    HD-DVD movies are already available for download via BitTorrent

    John Ridley wrote: "[...] it's not necessary for everyone who wants to crack AACS to have one of these hacked drives. All that's necessary is for someone, somewhere in the world, to have a drive, then use that drive to extract the key, then publish the key. Boom, everyone can decode the discs."

    Indeed. Taking it one step further, only one person needs to decode the discs and upload the _unencrypted_ HD-DVD via BitTorrent. Such decrypted HD-DVDs already available via BitTorrent:

    Of course, not everyone has the time or disk space to download a 20 GB movie (HD-DVD movies are much bigger than plain old DVD movies), but 10 years ago downloading a 4.5 GB DVD would have been an equal hassle.

  14. Kwac

    Land of the free

    Just a reminder that DMCA, unlike AACS, RIAA & MPAA doesn't include the word "America" in its name.

    Just as valid as the others in its jurisdiction over the rest of the world though.

    God, I wish I was free.

  15. SImon Hobson Bronze badge

    DMCA applies only in the US

    The DMCA only applies in the US (and prob ably to people & places where they have jurisdiction). But, many other countries, including my own UK, have similar laws.

    What is happening though is that the mighty US of A as the (self appointed) sole arbiter of what is right and wrong and general head bully in the global playground is pressuring other countries to impose the same laws in support of it's big money corporations.

    There is however a much better way to kill off things like this stupid AACS stuff. If everyone goes out to their local big-name electrical retailer, looks at a nice HD TV, asks some educated questions, and demands a guarantee* then the manufacturers will turn around and tell the MPAA where to stick their encryption ! Remember, the movie studios NEED the consumer electronics manufacturers, not the other way around !

    * Simply ask the retailer for a written guarantee, backed by the manufacturer, that they will upgrade or repair any of their equipment that ceases to function properly due to failures or revocations in the decryption system. Such guarantee to be without time or monetery limit. No guarantee = no sale.

    That WILL make the manufacturers sweat if enough people do it. It means that if someone gets the key for a big brand TV, then the manufacturer would have the task and cost of upgrading every TV they ever sold with that key in it. Who is going to accept that sort of business risk ?

    Sad thing is, 99+% of the population will never even know that their new kit might stop working by design, and so they will never ask.

    The other approach is to go out and buy loads of disks, then return them when they don't play - if it "doesn't work" then under consumer law you are legally entitled to a full refund ! The cost of lassing all these opened disks back to the manufacturers will really p**s off the distribution channel who will then give the perpetrators some grief.

    What will the studios do if retailers refuse to stock their films ?

    So the biggest line of attack should be to capture and release the keys to as much consumer equipment as possible - leave the studios stuck between the rock and hard place. Do they ignore it, or do they create mayhem by breaking lots of consumer electronics equipment (and of course opening themselves up to a class action lawsuit !).

  16. Anonymous Coward
    Anonymous Coward


    ... is not a worldwide agreement.

    <quote>The Digital Millennium Copyright Act (DMCA) is a United States copyright law which implements two 1996 WIPO treaties. It criminalizes production and dissemination of technology, devices, or services that are used to circumvent measures that control access to copyrighted works (commonly known as DRM) and criminalizes the act of circumventing an access control, even when there is no infringement of copyright itself</quote>

    From wikipedia ofcourse.

    And as there is no such law on this side of my hemisphere, noone could stop me from publishing these keys on my site, no matter how pissed that would make the US/MP Ass. of A/RI Ass. of A/<insert acronym of other mafia organisations here>

  17. Anonymous Coward
    Anonymous Coward

    Deja vu...

    For these content protection systems to work some parts of the device drivers and device specifications need to be secret. That makes writing open source drivers tricky in a technical and possibly legal sense.

    I wonder why Microsoft is so fond of the idea then?

    The AACS system hasn't been broken as such.

    What has happened is remarkably similar to the original DVD hacks. One piece of hardware has been lax in its security allowing its firmware to be read and reflashed so it will give away the decryption key to anyone.

  18. Steve Davies

    Pigopolists still the same mistake as with DECSS

    Encrytion does not imbue copy protection - and it never has. It supplies privacy. Hence the wonders of Vista (driver checking 30 times a second etc) and the attempts to seal the complete end to end path by hardware and software means.

    Such complete control of configuration management in the world wide PC component, software and white goods product market places. Yeah that is going to happen without leaks and breakages. And from the same coders that have brought us IE, hazard Tuesday et al...

    The motion picture industry was founded by pirates - California wasn't just chosen for the weather and the good light, it was chosen because it was on the opposite side of the country from the copyright holders on the east coast - but that lesson seems forgotten in the rush for cash. same story with the music industry who saw radio as a huge threat to their sheet music cash machine. Knee jerk protectionism of an old (outdated by technology) business model.

    But of course they are playing a percentage game - as long as piracy doesn't get too big it is still 'loads of dosh'.

    Wait until a Chinese conglomerate buys a movie studio or two, that could get interesting.

  19. voshkin

    key on t-shirt

    key on t-shirts?

    PGP was "published" this way in the states if my memory serves me right...

  20. Anonymous Coward
    Anonymous Coward

    Great for consumer!

    I wonder how many pathetic failure like this one it will take for for big fat illegal cartels like the MPAA to realise that illegal copy protection DOES NOT WORK, never worked and never will. If the MPAA want to STEAL money (they only way to survive) they should sue the idiots who degign AACS in the 1st place.

    it as been said before, but never enough. PRICE is the key. reduce the price and people will buy instead of D/L. But i guess the digital mafia (MPAA/RIAA) is un-capable of making a honest living.

    There is only one solution to piracy:

    1. Lower price

    2. remove all illegal DRM (any DRM of any kind on a movie/music is, by it very nature, illegal in most country)

    Who in his right mind to take the trouble of D/L a 20GB movie from the net (that may or may not be what it claim to be) when you can get the original for 10$?

    the MPAA/RIAA (and hollywood in general) should be forbiden to temper with hardware/software. the company who design AACS should be shutdown for creating such a lousy virus.

    The MPAA/RIAA should also be shutdown for its numerous crimial activities (they have no legitimate reason to exist anyay)

  21. Anonymous Coward
    Anonymous Coward

    I applaud the effort

    And when $25-$100 blu-ray/hd-dvd burners arrive I will definitely appreciate all their hard work.. but right now all this does is make me look at my hard disk space and say "not enough.. not nearly enough".

    Will Best Buy, CompUSA, PC World and Dixons go out of business if they don't guarantee TVs that work no matter what the movie industry does? Very unlikely, and actually the issue with these TVs is not that they won't display a picture - that's a viewing HD movies on a Vista-based PC problem.

    No what they will do is reduce the resolution down to just below that of regular DVDs (if the electronics and software doesn't like what you're doing).

    Unfortunately this will mean that most consumers won't even notice if their TVs stop playing movies in HD because keys have become obsolete or new copy protection hardware has been implemented in the next, next generation of HD movie players.

    The bottom line to keep people buying this stuff is whether or not it appears to work without having to do anything complicated.

    Because we will know they aren't working properly won't help, and unfortunately because most consumers don't read blogs, tech websites or even newspapers they'll never get the message that they're being cheated.

  22. Deckard

    Not MS malware

    "The good thing about all this DRM BS is that Microsoft have cheerfully slit their own throats by grossly encumbering Vista with DRM malware.... Thus opening the door wide for Linux, BSD, Mac OS/X (somewhat), and anything else that hasn't drunk the kool-aid."

    Er....what? I think you'll find that Mac OS/X and Linux also have to use this 'DRM malware' as you put it. The copy protection has been insisted on by the studios, not Microsoft. I take it you fall into the 'consumers who don't know anything about technology' catagory you refer to.

    Hi Ho

  23. Anonymous Coward
    Anonymous Coward

    yes, MS malware

    Being able to decode CSS, AACS etc. isn't malware, it's just dealing with reality. The malware in Vista is all the layers of encryption between drivers, the secure path stuff preventing HD content from being transmitted anywhere other than a display device (with MS blessed drivers), the tilt bits, etc.

    Linux can decode stuff, it doesn't have all the associated performance-, freedom- and usability-destroying malware. I'm less familiar with OS/X but I can't imagine it has the whole "tilt bits" insanity.

    MS bought into DRM to try to get a lock on content, leading to an even stronger monopoly. That attempt is a two-edged sword. To whatever extent Hollywood doesn't buy into it PLUS whatever extent the contents become available anyway, Vista's DRM system serves only to show how much better every other OS is.

    Look at how Steve Jobs has made it into a wedge issue. Right now it's MP3s. I bet later it will be video content as well. Imagine a DRM container that doesn't really try to protect anything, its only purpose is to light up VIsta's DRM malware so that the contents are hard to view in HD on Vista.

    Hi ho.

This topic is closed for new posts.