Decryption software for AACS, the scheme used to encrypt content on both next-gen DVD systems (HD-DVD and Blu-ray), was released recently by an anonymous programmer called Muslix. His software, called BackupHDDVD, is now available online. As shipped, it can decrypt HD-DVDs (according to its author), but it could easily be adapted to decrypt Blu-ray discs.
Commentary has been all over the map, with some calling this a non-event and others seeing the death of AACS. Alex Halderman and I have been thinking about this question, and we believe the right view is that the software isn’t a big deal by itself, but it is the first step in the meltdown of AACS. We’ll explain why in a series of blog posts over the next several days.
Today I’ll explain how the existing technology works: how AACS encrypts the content on a disc, and what the BackupHDDVD software does.
In AACS, each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “title key” is generated and the video content on the disc is encrypted under the title key. The title key is encrypted in a special way that specifies exactly which devices’ decryption keys are able to extract the title key, and the result is then written into a header field on the disc.
When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to extract the title key from the disc’s header; then it uses the title key to unlock the content.
BackupHDDVD does only the second of the two decryption steps: you give it the title key and the encrypted content, and it uses the title key to decrypt the content. BackupHDDVD doesn’t do the first decryption step (extracting the title key from the disc’s header), so BackupHDDVD is useless unless you already have the disc’s title key. The BackupHDDVD download does not include title keys, so somebody who wanted to decrypt his own AACS-protected disc collection would have to get those discs’ title keys from elsewhere.
Typical users can’t extract title keys on their own, so BackupHDDVD won’t be useful to them as it currently stands – hence the claims that BackupHDDVD is a non-event.
But the story isn’t over. BackupHDDVD is the first step in a process that will eviscerate AACS. In the next post, we’ll talk about what will come next.
[Post updated (8 Jan 2007): Corrected the third-to-last paragraph, which originally said that BackupHDDVD came with a few sample title keys. The error was due to my misreading of the code distribution. Also added the second parenthetical in the first paragraph, as a clarification. Thanks to Jon Lech Johansen and Mark for pointing out these issues.]