April 16, 2014

avatar

Software HD-DVD/Blu-ray Players Updated

The central authority that runs AACS (the anticopying/DRM system used on commercial HD-DVD and Blu-ray discs) announced [April 6, 2007 item] last week the reissue of some software players that can play the discs, “[i]n response to attacks against certain PC-based applications”. The affected applications include WinDVD and probably others.

Recall that analysts had previously extracted from software players a set of decryption keys sufficient to decrypt any disc sold thus far. The authority could have responded to these attacks by blacklisting the affected applications or their decryption keys, which would have limited the effect of the past attacks but would have rendered the affected applications unable to play discs, even for law-abiding customers – that’s too much collateral damage.

To reduce the harm to law-abiding customers, the authority apparently required the affected programs to issue free online updates, where the updates contain new software along with new decryptions keys. This way, customers who download the update will be able to keep playing discs, even though the the software’s old keys won’t work any more.

The attackers’ response is obvious: they’ll try to analyze the new software and extract the new keys. If the software updates changed only the decryption keys, the attackers could just repeat their previous analysis exactly, to get the new keys. To prevent this, the updates will have to restructure the software significantly, in the hope that the attackers will have to start their analysis from scratch.

The need to restructure the software explains why several months expired between the attacks and this response. New keys can be issued quickly, but restructuring software takes time. The studios reportedly postponed some planned disc releases to wait for the software reissue.

It seems inevitable that the attackers will succeed, within a month or so, in extracting keys from the new software. Even if the guts of the new software are totally unlike the old, this time the attackers will be better organized and will know more about how AACS works and how implementations tend to store and manage keys. In short, the attackers’ advantage will be greater than it was last time.

When the attackers manage to extract the new keys, a new round of the game will start. The player software will have to be restructured again so that a new version with new keys can replace the old. Then it will be the attackers’ turn, and the game will continue.

It’s a game that inherently favors the attackers. In my experience, software analysts always beat the obfuscators, if the analysts are willing to work hard, as they are here. Every round of the game, the software authors will have to come up with new and unexpected tricks for restructuring their software – tricks that will have to resist the attackers’ ever-growing suite of analysis tools. And each time the attackers succeed, they’ll be able to decrypt all existing discs.

We can model the economic effect of this game. The key parameter is the attackers’ reaction time, that is, how long it takes the attackers to extract keys from each newly issued version of the player software. If this time is short – say, a few weeks – then the AACS authority won’t benefit much from playing this game, and the authority would be nearly as well off if it simply gave up and let the extracted keys remain valid and the exploited software stay in the field.

My guess is that the attackers will extract keys from the new software within about three weeks of its availability.

Comments

  1. Another Kevin says:

    And my guess is that after the third or fourth round of this, the studios will decree that software players are not secure enough and disable play of HD-DVD and BluRay on PC’s altogether. Whereupon the attackers will start going after the keys in dedicated players. And I suspect that we will then have several rounds in which dedicated players are bricked because of key compromise. “Sorry, you can’t use Foobar model XYZ players any more because copyright criminals use them. Oh, you’re a customer who paid for your player and your media? Well, sorry anyway, you’re probably a criminal if you’re complaining about having to buy a new player. If you didn’t support piracy, you’d pay up happily, so just go away.”

    Unfortunately, I don’t see reason emerging in the process any time soon. In my darker moments, I suspect that the studios will demand a DRM imprimatur so that all non-DRM video is criminalized. And our censorship-loving lawmakers will see the opportunity for their own plans in such a scheme, and will go along with it provided that the key authority is centralized with the government. No more embarrassing video that catches the government with its pants down.

  2. MathFox says:

    Things would get very interesting when software players are permanently shut down or hardware players get bricked. I can see the class action suits coming and would not be surprised to see several bankruptcies in the process.
    It could be that the “DRM consortium” may be able to buy legislation in the US that protects them for liability from their vandalism; but it is unlikely that they’ll be able to obtain it in the EU, the biggest market in the world. I am sure that the AACS authorities won’t takes steps that expose their members and licensees to such severe risks.

    What is the current HD and BlueRay market (compared to the total DVD market)? The AACS keymanager can scare away 90% of the potential customers now… Sane customers are waiting for the end of the format war anyways.

  3. Dion of Swamp says:

    If I had extracted the player keys then I would have set up an oracle in stead of publishing the keys.

    With a little bit of trickery the oracle could act as though it had every single device key ever issued so it would be impossible for The Man to shut the key it actually uses down.

    It’s rather easy to do, simply delay decryption of keyblocks that have revokation trees that are different from what you are used to seeing, then manually whitelist the ones that are known to be good, that should effectively twart interrogation of the oracle by the enemy.

    A second defence the oracle should adopt is to only decrypt movies after they have been on the market for a month or two, this would do two things:
    1) The MPAA would see that the oracle is reasonable and that the high-profit period is as protected as ever, so there will be less reason to go after the oracle.
    2) It would tell the AACS overlords that if they manage to kill the key then the oracle will publish it and their profits from #1 would vanish.

    Someone should write a AACS key keepers manual describing these things, so we don’t have to go 42000 rounds before they get it.

  4. Steve C says:

    Then of course there is always the other platforms to contend with.

    Xbox 360 HD DVD add on (hacked)
    http://it.slashdot.org/article.pl?sid=07/04/12/164228

    DRM is logically flawed as a solution, and it even solves the wrong problem. It’s a social problem that they need to solve, and DRM just makes it worse.

    Logically, If you can read it to play it, then well, you can already read it. DRM merely serves the purpose of trying to prevent you from moving the data from one memory region to another while the data is still available. They can raise the bar but they can not prevent access to the data completely until everything (disk, processing, video, etc.) is all encapsulated in one chip with no external interfaces, but then how would you watch it? It would be cheaper for them to work on the “social” aspects of the REAL problem.

  5. Roastbeef says:

    Steve,
    That’s not a different platform. The attackers are using the XBOX HD-DVD drive because it’s: A) price-subsidized by MS, B) connects to the PC over USB. The USB connection allows them to easily snoop on the data coming and going to the drive.

  6. Mitch Golden says:

    Steve, Roastbeef -

    The situation is a bit worse than that for AACS. The attackers have already rendered this key revocation irrelevant.

    http://www.engadget.com/2007/04/10/aacs-hacked-to-expose-volume-id-windvd-patch-irrelevant/

    Check out this post on the doom9 forum. I have to say that the work the attackers are doing is quite a tour-de-force.

    http://forum.doom9.org/showthread.php?p=979835#post979835

  7. Michael Donnelly says:

    The question isn’t even about how long it will take for the software to be compromised, as all involved parties understand it will. For me, the real question is the strategic goal for AACS and their clients.

    It will not take many rounds for them to establish that technology cannot protect their secrets and therefore they need more protection via the law (see DMCA origins). The other possible outcome from demonstrating this weakness is further reliance on hardware (see TPM and AMD’s new direction with framebuffer restrictions). A combination of both would, of course, be the best.

    They are simply going through “the motions” here. Unfortunately, the motions are very expensive in terms of development cost and someone has to pay, which is typically the consumer in higher prices.

    The only unknown thing is what’s next.

  8. Joe says:

    Mitch Golden,

    All these article on Slashdot and Engadget are 100% wrong. The hack on the drive has no relation to the WinDVD patch.

    The drive hack by Geremia prevents DRIVE revocation while new disc will have the old WinDVD SOFTWARE revoked. Apples and oranges.

    BTW, I really doubt that the long time was for reworking the software. This can be done very easily with commercial protection solutions like Cloakware. Ed really has no idea of the enormous and slow logistic needed when such entities as MPAA, AACSLA, software makers, duplicators, etc. work together.

  9. Neo says:

    “DRM is logically flawed as a solution, and it even solves the wrong problem. It’s a social problem that they need to solve, and DRM just makes it worse.”

    Actually, there’s no social problem either; we’re all taught in kindergarten to share and share alike, and that’s as it should be.

    It’s a business model problem they need to solve. Their business model being the one with a problem.

    http://www.dklevine.com/general/intellectual/against.htm

  10. David Treadwell says:

    “analysts always beat the obfuscators, if the analysts are willing to work hard”

    That has certainly been the case in DRM-related areas. However, I believe that a counter-example in a related space is code making and code breaking. Until things like RSA came along, codes were consistently broken by the analysts: the German Enigma machines, etc. RSA and its ilk made encryption strong enough that the obfuscation was breakable only with impractical brute-force attacks–even when the attacker knows exactly what algorithm the obfuscator is using.

    Clearly encryption is an easier problem space than DRM, given that DRM has the added constraint that the protected content must be made available broadly. I wonder if someone will ever invent a DRM system that is as strong as RSA? Perhaps not, given the added constraint.

  11. SpaceLifeForm says:

    Three weeks? I believe it has already been cracked
    again in like 3 days.

  12. SpaceLifeForm says:
  13. Joe says:

    SpaceLifeForm,

    I you had read my comment you would have seen that these allegations first carried by Engadget then copied by Slashdot and then by the inquirer are bullshit.

  14. John says:

    I think that they actually originally said that “aacs” had been cracked again, but that some journalists have badly written about it and implied that the x-box hack actually defeats the upgrade to WinDVD. In a way it might – in the sense of providing an alternative hack – but it does not actually and directly affect winDVD.

    I think the issue that will emerge as important is the length of time it takes between a hack becoming evident, and the finalisation of plugging the hole. There has to be a lead time between disks being pressed, and the release date, and it is clear that they are concerned that players should be updated before disks with revocation information on them are sold in the shops. Decisions have to be made, and software may have to be modified. The first episode has taken over three months.

    But another hack has emerged. If the studios are postponing releasing new titles until the upgrade to WinDVD is in circulation, they may have stocks of pressed disks. Do they now wait until the X-box hack is addressed. What if they already destroyed stock in the pipeline because of the WinDVD hack, repressed it with new keys etc, and now have to destroy the new batch.

    Maybe the growth industries are going to be disk replicators, and plastic recyclers.

  15. Roastbeef says:

    I think it’s becoming clear that the AACS folks have done themselves a huge disservice by phasing in different features of the AACS scheme over time. Rather that hitting the hackers with a huge, complicated scheme with interlocks all at once, this dribble of increasing features has allowed the hackers to treat this as a series of one-variable problems.

    The thing about the XBOX hack is that it by allowing folks to disassemble and tweak the drive firmware, they have the permanent ability now to read protected areas of the disc. And because they have control over the firmware now, the drive revocation feature is deactivated on dead on that drive.

  16. John says:

    I wonder if the disclosure of the xbox hack a few days following the aacsla revocation announcement is co-incidence, or if it is part of the hacking strategy.

    Suppose the hackers have a collection of, as yet, unpublicised hacks, but that they are only published one at a time – each a few days after the previous one has been “fixed”. It would be analogous to the pattern emerging with zero-day Windows exploits which seem to turn up shortly after patch Tuesday each month.

  17. Roastbeef says:

    John,
    Certainly the hacks to the original XBOX came out that way on purpose. The mod chip makers came up with a number of different ways around the security and had a series of techniques that were unpublished for long time. It wasn’t until Andrew ‘bunnie” Huang gave a presentation at a Security conference that I heard of a number of them. (The A20 hack I thought was a simple but amazingly clever one… the x86 heritage has so many kludges that are essential parts of the architecture, that I think it’s damn near impossible to make a x86 secure against physical tampering)

  18. Mitch Golden says:

    Joe -

    I agree that there is a lot of confusion on what the new hack does. I actually understood what was being claimed because I had read the original discussion on doom9. I agree that the engaget article isn’t clear enough on the point, but I am not sure that what they said is “bullshit”.

    The point is that the *revocation* is irrelevant, since the new hack allows the player to ignore the revocation list.

  19. Joe says:

    Mitch, John,

    You really might want to understand the difference between IMPLICIT and EXPLICIT revocation. The Xbox360 drive doesn’t in any way remove the necessity to find new device keys (or processing keys …)

  20. John says:

    My understanding is that (a) “explicit” revocation is where something is told not to do something, but it is capable of doing it if it defies the revocation, and that (b) “implicit” revocation is where something is deprived of an essential ingredient for doing whatever it is, and therefore cannot defy the revocation.

    I think the significance of the x-box hack is that new disks which are pressed after the WinDVD upgrade can have their Volume keys revealed – without having to contend with whatever new tricks are in WinDVD. (Who knows, the upgraded software might handle pre-upgrade disks differently to post-upgrade ones).

    Having “new” disks and already knowing their volume key might give the hackers a head start in unravelling the changes.

    Also, if what the hackers assert is correct, the trivial gleaning of volume keys is now something that cannot be prevented by the revocation mechanism.

  21. Another Kevin says:

    Well, it looks as if Sony is taking the lead again – releasing DVDs that are unplayable on *their own equipment* without a (as yet nonexistent) firmware upgrade.

    http://sonystrikesagain.wordpress.com/2007/03/19/hello-world/

  22. Joe says:

    John,

    You are really confused and you might want to have a closer look at the AACS graphical explanations in the AACSLA docs. The Xbox hack gives the volume ID without authentication not the volume KEY mind you.

    You really are not understanding what you are talking about. The WHOLE point of the WinDVD patch is to change its set of keys and to render key retrieval (device keys, volume KEYS) non-trivial.

    Please tell me how the Xbox drive hack helps?

  23. Lawrence D'Oliveiro says:

    Which perhaps is why AMD/ATI is proposing to carry this ridiculous arms race to the next level.

  24. Lawrence D'Oliveiro says:

    Let me try that again: frame buffer lockout.

  25. John says:

    What I am trying to say is that if you have a disk and already know the Volume id, then you are potentially at an advantage when hacking into a software player than if you didn’t already know that key. That is the extent to which the x-box hack might be beneficial when hacking WinDVD but the same would apply to any other software player.

    The x-box hack is just one small tool whose worth in the context of hacking software players has yet to be seen.

    But some articles are suggesting that the x-box hack re-opens the same hole in WinDVD which the upgrade is designed to close, and those articles are just wrong or misleading.

    As regards revocation, the point is whether the aacsla decide to try to do anything about the x-box hack. If they do, then it means changing keys on disks again. They might decide that there is no point. But if history repeats itself, there will be a delay of a few months.

    And while this goes on, new releases are potentially delayed, and disks in the pipeline might be being called back and destroyed. And it could get to the stage where the financial consequences of all of that are not trivial.

  26. John says:

    Further to the above, I think that people are being confused by some of these press reports.

    Take a look at

    http://www.pcpro.co.uk/news/110130/bluray-accelerates-introduction-of-new-drm-technology.html

    That gives the impression that BD+ will shortly be added to Blu-Ray discs, and that original purchased disks, once played on a particular player, can thereafter only ever be played on that individual player.

    I wasn’t confused before, but I am now. Are Sony proposing to launch the system they developed for locking computer game disks to the first individual console they are used with?

  27. Anonymous says:

    That PCPro article was wrong and has now been changed.

  28. Michael Donnelly says:

    The Xbox 360 development does not do that much on its own, although it does pave the way for hacked firmware to play copied discs. I’m in agreement with the folks responsible for the work: hacked firmware to play copied discs is not all that exciting.

    Being able to dump, flash, and sign (arithmetic, not cryptographic) new firmware onto the player is *extremely* interesting, however, as it creates a rather interesting avenue of attack for recovering other keys on the wire from the drive.

    It just cannot work in the long run with current technology. DRM relies on encrypting content and then handing the attacker the keys wrapped in some software to control the rights. Software players are always going to be vulnerable, but even set-top boxes are not that secure given the advanced technological skills of the attackers. Desoldering the flash and dumping it is not trivial work – but it’s not impossible. There are thousands of highly motivated individuals across the globe who are capable of doing the work in an afternoon.

    If the content holders want it to work (and the suggestion they don’t is a good one), then the game must change fundamentally.

  29. Anonymous says:

    I am beginning to wonder if the content owners know what they want at all. The thing that is certain is that they are making more and more stupid decisions. The latest appears to be DRM that Sony are using on their DVD’s (not HD), which is resulting in them being unplayable on some current DVD players – including players that Sony are still manufacturing.

    For example, look at http://www.theinquirer.net/default.aspx?article=38938

  30. Tel says:

    Desoldering the flash and reading it external to the device is easy. However, there are plenty of chips that support flash and a CPU on the same device, and provide a locking mechanism to make reading the device by normal means impossible (e.g. the entire PIC range, most TI DSP units, etc). I’m not sure how much additional cost such a chip would impose, I would expect not much (in bulk production).

    It is still possible to mill down the chip in a vacuum chamber a few atoms at a time and zoom over it with an electron microscope but I don’t expect any hackers to be doing that in an afternoon.

    By the way, the behaviour of someone motivated enough to extract and decompile firmware, then find checksum weaknesses in said firmware just to decode a DVD that they will probably watch maybe two or three times demonstrates a gaping hole in classical economic theory. It strikes me as the modern equivalent of sneaking onto your neighbour’s property, stealing his favourite horse, cutting the head off this horse and leaving the head stuck on an upward pointing spear somewhere near a road and the boundary of the two properties (plus copious runes scratched onto nearby rocks, trees and whatever) — a destructive and largely symbolic act for the purpose of provocation and intimidation.

  31. Robert says:

    Tel,

    You mean the ‘Na, Na, Na-Na, Na’ form of battle :-)

    But then all this DRM does seem a little childish; the cracking side somewhat less so, that’s more like a video game … but real world! With a real world reward, not just a stupid little fanfare.

  32. John says:

    Are we now talking of people that hack for ideological reasons where those hacking don’t actually use the hacked software themselves and just publish it for others who want it free to have? I image that there is a substantial element of that. Also, there is a strong elemnt of hacking for the sake of oneupmanship on those who purvey disks as copy-proof.

    But also, there is an established hacking community specialising in x-boxes. These people want to play copied and home made games that the system doesn’t want them to use, and to use x-boxes as hardware for other purposes. Those people have been hacking the hardware and software for ages and are said to have a library of hacks and hardware wheezes, many of which have never been published or used.

    Who is to say that thoe people have not discovered and/or developed numerous hacks which, hitherto, had no practical application to their own purpose, but now have great uses in connection with breaking into drm on HD movies?

  33. John says:

    The AACSLA have also served a takedown notice on Google.

    See http://www.chillingeffects.org/notice.cgi?sID=03218

    The problem they have is that sites are springing up with AACS key strings in the url, which means that to issue the take down notice, the AACSLA have to publish the key in the notice.

  34. Guy says:

    The AACS needs to just ditch the whole encryption key thing completely and use some sort of biological hardware control or something. Some bacteria in the media perhaps… At any rate, it’s obvious that software keys currently used just don’t cut it. I’m not an expert on reverse engineering software, but I would think that using a larger key (think: 1Mb+) would help to slow down the crackers. Or use layered keys, where there is more than one key used. The other option, though rather expensive when it comes to it, is assigning each disc its own “ID number” or something, and in order to play, the player (set-top or PC software based) must gather code required to play the media from the web. Like I said, it would be expensive.
    The problem with implementing anything new or extreme like everyone purposes, is that the hardware already released isn’t capable of doing these things, even with a firmware update. These ideas should have been presented when the BD and HD DVD standards were being created- not post consumer release. It looks as though we will have to wait for the next “big thing” to come along to attempt to stop the pirating of movies. Until then, we’ll just sit back and see who wins between BD and HD DVD.

  35. Neo says:

    Guy has some very clever ideas, but I have a better one: how about they quit obsessing over how to exert dictatorial control over all use of digital media, and just set the content free? We’ll all be a lot better off in the long run — including the artists. Well, a few rich media moguls might have to tighten their belts, but that’s probably a good thing too. Diabetes, heart disease, and all that.

    http://www.dklevine.com/general/intellectual/against.htm

  36. Neo says:

    Another content-free post from Valintino. Stranger yet, the earlier ones seem to have vanished; though they don’t really add anything original and just praise the site, they seem harmless enough?

  37. John says:

    As at 12th May, reports are starting to appear on some forums that the first disks have started to emerge post-revocation.

    It remains to be seen how long it is before they are hacked. My prediction is that “AnyDVD HD” and “DVDfab GD decrypter” are updated to handle the new disks before there is widespread published success on the open hacking forums.

  38. John says:

    Spoke too soon. Matrix 2 and 3, both “post-revocation” and incorporating v3 of the MKB, and which are not officially released until next week, are already on the torrents in drm-free form.

    I suppose that all that is left to do is for an mp3 of the Laurel and Hardy theme music to play when you go to the AACSLA web site.

  39. Michael says:

    The situation is actually worse for the people trying to hide the keys than you might think. At the end of the day,how much do the programmers really care. They know that the program will be hacked,and they are going to weigh the difficulty in programming the new protections with how long it will take to crack. There will come a point of diminishing return,and this will determine how long it takes to crack new disks.

    Overall,its not even a question of what movies you can play on your pc,but what the lag time is between release of a new HD movie on disk,and its release (stripped of copy protection) on bittorrent.

    It seems that if they were smart they would have integrated the encryption into the encoding,or at least a layer of encryption. (As far as I know they have not done this) Imagine A is a decompression operator and B is a decryption operator. If B^(-1) and A^(-1) are the respective compression and encryption operators then you would encrypt/compress with B^(-1)A^(-1). Since the operators will not commute, the only way to decrypt should be to first decompress. (that is,use AB,because ABB^(-1)A^(-1) is the identity).This way,to strip off the copy protection you MUST recode. We are probably safe and free to pirate until the next iteration of copy protection in whatever the successor to blu-ray is however.