July 24, 2016

avatar

AACS Decryption Code Released

[Posts in this series: 1, 2, 3, 4, 5, 6, 7.]

Decryption software for AACS, the scheme used to encrypt content on both next-gen DVD systems (HD-DVD and Blu-ray), was released recently by an anonymous programmer called Muslix. His software, called BackupHDDVD, is now available online. As shipped, it can decrypt HD-DVDs (according to its author), but it could easily be adapted to decrypt Blu-ray discs.

Commentary has been all over the map, with some calling this a non-event and others seeing the death of AACS. Alex Halderman and I have been thinking about this question, and we believe the right view is that the software isn’t a big deal by itself, but it is the first step in the meltdown of AACS. We’ll explain why in a series of blog posts over the next several days.

Today I’ll explain how the existing technology works: how AACS encrypts the content on a disc, and what the BackupHDDVD software does.

In AACS, each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “title key” is generated and the video content on the disc is encrypted under the title key. The title key is encrypted in a special way that specifies exactly which devices’ decryption keys are able to extract the title key, and the result is then written into a header field on the disc.

When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to extract the title key from the disc’s header; then it uses the title key to unlock the content.

BackupHDDVD does only the second of the two decryption steps: you give it the title key and the encrypted content, and it uses the title key to decrypt the content. BackupHDDVD doesn’t do the first decryption step (extracting the title key from the disc’s header), so BackupHDDVD is useless unless you already have the disc’s title key. The BackupHDDVD download does not include title keys, so somebody who wanted to decrypt his own AACS-protected disc collection would have to get those discs’ title keys from elsewhere.

Typical users can’t extract title keys on their own, so BackupHDDVD won’t be useful to them as it currently stands – hence the claims that BackupHDDVD is a non-event.

But the story isn’t over. BackupHDDVD is the first step in a process that will eviscerate AACS. In the next post, we’ll talk about what will come next.

[Post updated (8 Jan 2007): Corrected the third-to-last paragraph, which originally said that BackupHDDVD came with a few sample title keys. The error was due to my misreading of the code distribution. Also added the second parenthetical in the first paragraph, as a clarification. Thanks to Jon Lech Johansen and Mark for pointing out these issues.]

Comments

  1. As far as I can tell, the BackupHDDVD download does not include any keys. Those are hashes identifying various discs. The actual keys are stubbed with 0s.

  2. From what I understand no keys have been published with BackupHDDVD so no one has yet to show that it can even be used to perform the second decryption step you mention.

  3. Thanks, guys. I have updated the post to fix those problems.

  4. avatar Nicholas Weaver says:

    One other thing: It shows the big weakness in the whole scheme: Capturing player keys.

    This attack extracted the title key from running memory of a player, but if you capture key player keys, they can’t be effectively revoked.

    For example, capturing the player key from the Playstation 3 would be a disaster for Sony, as it could not be effectively revoked.

  5. The PS3 does firmware updates over the net, and my HD-DVD player (Toshiba HD-A2) does the same. The PS3 can also do an update from optical media.

    As such, I don’t think that revoking the PS3’s key would impossible, though it would be another black eye for Sony.

  6. Can someone clear the following up.

    Let’s assume that someone does acquire the unencrypted title key for a disc, and using that, plus software as published (or similar), they unencrypt the files from the HD-DVD.

    Will that movie now be treated by players as if it is a totally unprotected publication (as per, for example, a home movie), or does that title key still play some role in playback which could be interfered with by title key revocation?

  7. I was reading some of the discussion by Muslix where he announced his tool: http://forum.doom9.org/showthread.php?t=119871 . Looking through the thread, it appears that so far no one has managed to produce any keys sufficient to decrypt commercial HD-DVD content. In fact at this point it is still possible that Muslix’s original claim (which he presented via a video showing himself supposedly decrypting and running an image of an HD-DVD copied to his hard drive) is in fact purely a hoax and that all he has done is write a simple AES based decryptor, in the hopes that it would motivate people to figure out how to find those keys.

    Clearly it should be possible in principle to find the keys: you have the software program in one hand, you have the disk in the other, and together they are able to do it. All the necessary bits are available to you, you just have to figure it out. Of course the program is supposed to use obfuscation techniques to make it difficult.

    I heard a claim the other day from a developer that his program, which is widely used software with built-in DRM, has keys in it which have never been found even after years of effort by hackers, so cleverly are they obfuscated. Software HD-DVD players will present an interesting test case of how good obfuscation technology has gotten.

  8. Does anyone know how unique the DeviceID is? If we’re talking about a DeviceID that is only unique to “all playstation 3s” then revocation would essentially be impossible. If we’re talking about a DeviceID which is unique to “all playstation 3s manufactured on 11/12/2006” then it is a bit more plausible.

    The interesting thing to me is how they can encrypt a title key in a way where a set of possibly millions of DeviceIDs can decrypt it. Maybe this is more common than I thought and I’m exposing my lack of knowledge here, but an encryption algorithm which encrypts one message which can only be decrypted by a finite-but-large set of “semi-public” keys seems to be the real technology here. If that sort of technology is available for public use, please point me to some resources on how it can be used, as it would allow for more client-centric authentication.

  9. avatar Wes Felter says:

    Each individual PS3 should have a different key, so it would hardly be a disaster to revoke a few individual PS3s used by tinkerers. However, I suspect PS3s, 360s, and “hardware” players are not worth cracking compared to XP-based software players.

  10. Maybe Muslix is an alias for someone in the Blu-ray camp, and the idea is to give the movie labels the jitters whereby they abandon the HD-DVD format.

  11. avatar Grant Gould says:

    Each individual PS3 should have a different key

    I’m not sure that this is practical with the encryption scheme described. Each HD-DVD needs a copy of the title key encrypted with every device key that will ever be issued. If there were a different key for every device, there would need to be as many encrypted copies of the title key as there were devices ever to be built. This would probably be orders of magnitude more data than an HD-DVD holds.

    Rather, I expect that all devices of a particular kind have the same key.

    Also, the revocation scheme is meant as an incentive to manufacturers to make their devices’ keys un-discoverable. If revocation of a single player’s key were practical, there would be no such incentive.

  12. avatar Bryan Feir says:

    Of course, there’s the other issue as well, which I haven’t seen here yet, but which I remember from the DeCSS discussions:

    Once you have one device key, and the title key of one disc, getting the other device keys becomes a known plaintext attack since you know the title key the data decrypts to. The ability to revoke keys won’t matter much if the finding of one key causes the others to fall like dominoes.

    Granted, from what I’ve seen of AACS, the key handling is more complex and it shouldn’t collapse as quickly as CSS did on this front.

  13. “The interesting thing to me is how they can encrypt a title key in a way where a set of possibly millions of DeviceIDs can decrypt it.”

    You’re right, the scheme for doing that is the most interesting part of all this. AACS uses a broadcast encryption scheme to efficiently encrypt the title keys while some subset of the DeviceIDs are revoked. I don’t know specifically how AACS works, but here’s a starting point for learning about broadcast encryption:

    http://eprint.iacr.org/2005/018

    – John Bethencourt

  14. If a popular hardware player was cracked, it would be unreasonable to expect *every* user of that player to update the firmware before they are able to use newly released content. How many people have an ethernet hookup anywhere near their TV? Would someone who bought a $1000 player find it reasonable to string cable to it each time they get another disc which doesn’t play? Would that person even know the steps required to update their ‘broken’ player, or would they instead deduce that the manufacturer (and the disc format) is garbage?

    Even if a manufacturer decided to drop their current keys and distribute an update, it could be ripped from the disc or sniffed from the network, or just re-cracked as soon as it’s installed (after all, the update is being sent for a product which has already been successfully cracked).

    Given a hardware player which has been cracked, there are several practical dilemmas involved in revoking that player’s ability to view new discs. I believe that cracking an already-popular hardware player will be sufficient to compromise the encryption permanently.

  15. “Each HD-DVD needs a copy of the title key encrypted with every device key that will ever be issued.”

    You’re right, that wouldn’t be practical, so that’s not what they do. The point of a broadcast encryption scheme to get this effect more efficiently, even while allowing individual keys (DeviceID’s in this case) to be revoked.

    – John Bethencourt

  16. As someone has demonstrated with iTunes, the DMCA does not prohibit utilising the same TPMs in order to become compatible with a hardware device.

    Presumably, the DMCA similarly does not prohibit encoding a HD-DVD that contains a public domain movie. Given that no copyright infringement can occur, then no violation of the DMCA can occur by circumventing this work’s TPMs.

    Moreover, if revocations are broadcast by inclusion on subsequently published HD-DVDs, then such revocations can also be included by anyone. A revocation is not a TPM of the attached work.

  17. That is an interesting point. Circumventing a TPM that is not controlling access to a copyrighted work does not infringe the DCMA. (Was that not the arguments that arose with ink cartridges and garage door openers?)

    So when boxed copies of “HD-DVD decryptor” and “Blu-Ray decryptor” appear on the shelves in Walmart, they will be covered by the above rulings and the Betamax ruling because they have a significant non-infringing use. (Copying aacs protected discs of movies which are out of copyright.)

  18. avatar Wes Felter says:

    The AACS spec is public but it’s pretty dense. Here’s a shorter overview of the broadcast encryption scheme used in AACS: http://web.archive.org/web/20060604054302/http://www.lotspiech.com/AACS/

    People talking about DMCA loopholes make me laugh. The bottom line is that the *AA can buy new laws and we can’t; we can never win a legal argument against such an opponent.

  19. Part of the job of government is to create an environment which allows legitimate businesses to operate. Yes, they can buy laws – is that a bad thing? would it be better if we outlawed DRM and made all copying and exchanging legal? That would be the end of Hollywood and the music industry, and we can all sit home trading mentos videos.
    -jcp-

  20. avatar Captain CodeHook says:

    I really can’t see how the “cat” (i.e. the title key) can be kept in the bag for much longer. Any software player has to be able to read the key, and hence, it is possible to rip the key from RAM or by modifying a software player to reveal it.

    Maybe it will be easy, or maybe it will be esoteric. But the simple fact is, there’s already a large HD-content warez scene and if at all possible, someone will be ripping the content of HDDVD and BR discs too. They will be encoded to DVDR-sized matroska containers with mpeg4 x264 formatted content and AC3 or DTS sound, and they will be just as good as the original discs.

    The only question is -when- someone figures out how to get all the needed keys. I’m hoping it will be soon, if for no other reason than to see MPAA members get screwed, again, because they thought they could dictate what technology their customers should have access to.

    I’m currently not legally (or financially) able to get HD content, but I have it anyway. At least what has at some time been broadcast on TV somewhere in the world. I would love to pay, but hollywood leaves me no fair option. I say fine. Let them grumble, let them have their digital siege. I already have 50+ of my all-time favourite pieces of film art in HD and it has cost me harddisk space and bandwith, nothing more. Who is holding who under siege?

  21. In the most recent episode of ‘Security Now’, Steve Gibson was rambling on about ‘subset difference revocation’. He explained it as being able to allow the revocation of a large number of device IDs with minimal overhead. I’m guessing that the converse of a similar method is used to allow encryption of a title key in a way where a large number of device IDs can decrypt it, again with minimal overhead. I would expect the obfuscation of the decryption method for the title key to be reasonably clever, but if not.. they may just use renewability often so as to give any one capture method a limited lifespan. Muslix’s claim still smells fishy to me, if only because he failed to post any details of his key capture method.

    I’m wondering how much angst Ed must be going through in carefully wording the upcoming posts in this series, and what information will be left out because of the anti-free-speech law in the US.

  22. JCP: The statement that “Part of the job of government is to create an environment which allows legitimate businesses to operate. ” violates principles of how a free market system operates. The role of government should not be the protection of corporate interests, but in the creation of a level playing field for both corporations and consumers. For example, some of our major corporations such as Kodak and General Motors are dying a slow death because of technological change. These are legitimate businesses. Are you advocating that the government should pass laws that will squelch the use of technologies that are putting these companies out-of-business. In the free market, if you can’t sell your product to bad. We do not need corporate welfare.

    Furthermore, on the issue of “buying” laws. If you feel that it is OK for corporations to “buy” a law, then it would also be OK for a consumer group to buy legislation that revokes legislation favoring business. Do we really want a government that whores to the highes bidder?????????

  23. Isn’t it too late? You Americans already HAVE a government that whores to the highest bidder. :P

  24. First of all, i really don’t care about the hacking and cracking or the ability to copy or not, although i’d like to be able to transcode to ipod format (fi).

    AACS will be broken, or may already have been broken but not published.

    The problem with the DRM is what the regular Joe does not see or hear about: it is implemented in EVERY device made today, the regular analogue 1,50 USD cable is still able to transfer the high bandwith digital content, but we need a hdmi cable that costs 50 bucks, the tv or LCD still can show the images but the device is secretly set to lower the quality if ONE of the devices is not compliant (player, cable, tv, stereo).

    So we all have to buy the new stuff with the DRM tech we don’t want, which strips us from fair use. So the regular unsavvy Joe buys the expensive new devices not knowing that it is filled with stuff he does not need.

    Have you wondered why some devices that seem logical just are not being made? Like the tv show you could stream from the Warner website, you’d think there is a device that can stream it to your tv. Well it’s the DRM and the DMCA that prevents people to make them, make them and be sued out of excistance by mediacompanies that have more money then Bill.

    If it were up to them, we’d still have portable cd walkmans today..

    Vista OS was made not for the consumers, but for the media companies, do you think that an OS that checks integrety of drivers 30 times second makes it a better, faster and more reliable OS for consumers??

    Mediacompanies have declared us consumers their enemies, and letting us pay for their unwanted restrictions.

    Are you not bored with the multitude of crap you have to wade through playing a dvd?..

    I will buy this HD stuff though, eventually i will want the better quality SF movies, but the rest just stays dvd for now.

    AACS needs to fail, for consumers sake!

  25. Question: In theory, the relevant keys are obfuscated in software, & in Vista will be memory-heap protected.

    In this situation, a work around for the memory protection would be required, but obfuscation’s harder. I’m guessing either developer insider info would be needed or really, really good cryptanalysis? That or lazy obfuscation.

  26. will anybody get a real look at the world, uk are so far behind asia, if this get’s published it would be nice, so here it is, stop shiting how great you are because they are watching your every move. every now and then one of you get sellected to work for them, sorry bad gramma, keep up the good work because you will be picked by one of the big companys to protect them. ps i need a beer. lol

  27. avatar MSgt. Fragg says:

    Looks like the link has been slashdotted.

    http://rapidshare.com/files/8318838/BackupHDDVD.zip.html

    File not found.

  28. Math Quiz:

    0+0=

    3×3=

    Fun stuff hey?

    10+1=

    0x0=

    1×2=

    6+3=

    Don’t fail!

    3+4=

    2+2=

    Easy huh?

    1×3=

    2×3-1=

    Bit harder now, Don’t give up!

    2+2×2=

    0+1×3+1=

    -1 + -2 – -2 + 2 =

    2+2+3-2=

    1+3×2-2=

    Can’t be that hard can it?

    0+4×2-3=

    3×2=

    1+1+1=

    25×2+6=

    4×4+4+2+2-7-9=

    Calm down last one!

    0+0=

  29. No matter how thick the armor, it is always easy to add just a bit more exsplosive. Thay can stop the pretenders

  30. Does any one has the backup hdd dvd?
    I have it this is the link

    http://rapidshare.com/files/29024163/BackupHDDVD.zip

    -You have to populate your TKDB.cfg file with proper key for it to work… -juste type “BackupHDDVD f: e:moviesmymovie” Where “f:” is the source drive and “e:moviesmymovie” is the destination directory. Enjoy!

  31. avatar Lucy Rerun says:

    I don’t see anybody trying to invade a copy of “I Love Lucy.”
    Imagine if for the next 3 years only copies of “I Love Lucy”
    / “The Honeymooners” / 1950s_or_early-1960s were the viewing standard of the day.

    In between, how about reading books?

  32. avatar Superman fan says:

    I Love Lucy ? ? ? I’d rather watch reruns of the Superman TV series. They even had a small number of two parters. It’s “The American Way” to deal with Digital Rights.