September 23, 2018

Inside the DVD Procedural Specifications

As I noted yesterday, part of the license that DVD makers have to sign is <a href="As I noted yesterday, part of the license that DVD makers have to sign is available on the DVD Copy Control Association (DVD-CCA) website. It’s 48 pages of dense technolegalese, consisting mostly of a list of things that DVD players aren’t allowed to do. On reading it, three things jumped out at me.

First, DVD region coding, the mechanism designed to stop DVDs bought in one part of the world from being played in another part, is the subject of much more regulatory effort than I expected. For example, there are special robustness requirements for region coding. (In the weird Orwellian language of DRM vendors, “robustness” is a code word denoting the use of deliberately complex, nonmodular designs so as to resist diagnosis, analysis, and repair.)

Second, it seems to be impossible to build a software DVD player that complies with the requirements. According to section 6.2.4.2 (page A-20),

Specificially, [software] implementations shall include all of the [required anti-reverse-engineering characteristics] which shall be implemented in a way that it is reasonably certain they: cannot be defeated or circumvented using widely accessible tools such as but not limited to debuggers, decompilers, and similar Software development products; and can only with difficulty be defeated or circumvented using professional computer engineering equipment such as … logic analyzers …

To comply with this, one would somehow have to write a piece of software whose data and algorithms absolutely cannot be determined by a person using a debugger or decompiler. We can be “reasonably certain” that any program written today can be understood using these tools. (It seems reasonable to read “cannot” as requiring absolute impenetrability, given that the next clause says “only with difficulty”.)

Third, the document bans DVD players from taking a movie that is encoded on a DVD at one level of resolution and outputting that movie on an analog output at a higher level of resolution. (Section 6.2.1.1 (2), page A-11) This ban holds even if the DVD publisher wants to allow a higher-resolution output. I couldn’t figure out what the purpose of this restriction might be. Maybe the document’s authors just got carried away after writing pages and pages of text limiting the functionality of DVD players.

Comments

  1. Fred von Lohmann says:

    That last requirement is part of Hollywood’s long term effort to make analog interfaces artificially unattractive, thus forcing consumers over to DRM-encumbered digital interfaces subject to the DMCA. This is already causing considerable consternation in the marketplace, as consumers with HD-capable TVs with only analog inputs are finding themselves fenced out of the benefits of the latest “upconverting” DVD players from Denon, V Inc., and Samsung. All of these players can output digital video over HDCP encrypted DVI or HDMI interfaces at resolutions up to 1080i, but are limited to 480p on component analog interfaces.

  2. I’m by no means a DVD copy prevention expert, but I believe that region code enforcement is performed by the drive firmware, not by software running on the host system. It seems to be pretty robust, unless you reverse engineer the firmware blob. Knowledge to do this is less widespread, and people are a bit anxious to use inofficial drive firmware because doing so might actually destroy the drive (the devices are usually not designed to be field-upgradable).

    By the way, some countries have very strict region code enforcement disguised as protection of minors: only officially rated movie DVDs may be mail-ordered, unless the seller has performed robust age checking. If you order a DVD in the US from Germany, no age check is performed, and the DVD is expected to be blocked at the customs. I’m not sure how effective this is, but I believe that such laws are the future of copy prevention Especially the first sale doctrine will be weakened considerably because in the near future, you only buy a license key, and not a medium with a movie on it. The DVD contents itself is just a local mirror so you don’t have to download the whole movie over your Internet connection.

  3. There are two kinds of DVD drives:

    RPC1 – region code is enforced by the host software
    RPC2 – region code is enforced by the drive firmware

    Drives that are built after 1st of January, 2000 use RPC2.

    The way most RPC2 drives work is that if there’s a region code mismatch, the host software won’t be allowed to read the title key. However, since it’s possible to crack the title key, you’ll be able to decrypt the content anyway. From libdvdcss documentation:

    “title is the fallback when all other methods have failed. It does not rely on a key exchange with the DVD drive, but rather uses a crypto attack to guess the title key. On rare cases this may fail because there is not enough encrypted data on the disc to perform a statistical attack, but in the other hand it is the only way to decrypt a DVD stored on a hard disc, or a DVD with the wrong region on an RPC2 drive.”

    Regarding the CSS license agreement: During the Norwegian DeCSS trial(s) my lawyer tried with little success to get some meaningful answers out of John Hoy about specific parts of the license agreement. IIRC, my lawyer replied in frustration “No, I give up” when asked by the judge if he had any further questions 🙂

  4. Regarding drives that implement region-coding in firmware: The firmware seems to allow you to change the region code up to 5 times in the lifetime of the drive.

    I’ve often wondered what would happen if someone made a habit of buying new computers, changing the region code 5 times, leaving it set to Africa, and returned the computer. Is there a workaround that the vendor can use when they re-image the disk of a returned computer? Or would it leave the next purchaser screwed?

    If the latter, and enough people did it, would it cause the industry to change? And if so, would that change be to remove region enforcement, or would it be to eliminate the returnability of computers?