April 18, 2014

avatar

AACS Updated, Broken Again

[Other posts in this series]

We predicted in past posts that AACS, the encryption system intended to protect HD-DVD and Blu-ray movies, would suffer a gradual meltdown from its inability to respond quickly enough to attacks. Like most DRM, AACS depends on the secrecy of encryption keys built into hardware and software players. An attacker who discovers a player’s keys can defeat the protection on any disc that works with that player. AACS was designed with a defense against such attacks: after a player has been compromised, producers can alter new discs so that they no longer work with the compromised player’s keys. Whether this defense (which we call “key blacklisting”) will do much to stop copying depends how much time elapses before each leaked key is blacklisted.

Next week marks three months after the first compromised player key appeared on the Internet (and more than five months after cracks for individual discs began to appear). Discs slated for release on Tuesday will be the first to contain an update to AACS that blacklists the leaked keys.

What took so long? One limitation comes from the licensing agreement signed with player manufacturers, which requires that they receive ninety days’ notice before their keys are blacklisted, so that they have enough time to update their products.

Customers who obtained the new discs a few days early confirmed that the previously leaked keys no longer worked. It seemed as if AACS had recovered from the attacks just as its designers intended.

However, a new twist came yesterday, when SlySoft, an Antigua-based company that sells software to defeat various forms of copy protection, updated its AnyDVD product to allow it to copy the new AACS discs. Apparently, SlySoft had extracted a key from a different player and had kept the attack a secret. They waited until all the other compromised keys were blacklisted before switching to the new one.

The AACS Licensing Authority will be able to figure out which player SlySoft cracked by examining the program, and they will eventually blacklist this new key as well. However, all discs on store shelves will remain copyable for months, since disc producers must wait another ninety days before making the change.

To be successful in the long run, AACS needs to outpace such attacks. Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don’t even have to wait this long before they start to crack another player. Like Slysoft, they can extract keys from several players and keep some of them secret until all publicly known keys are blacklisted. Then they can release the other keys one at a time to buy additional time.

All of this is yet more bad news for AACS.

Comments

  1. Crosbie Fitch says:

    I suppose this means war?

  2. Michael Donnelly says:

    I can’t even come up with a new sweeping “this technical model cannot ever work” or “hampering legitimate use incents piracy” post of more than a few sentences.

    The guys making the decisions need to start listening to the guys in the trenches. Or hire some goddamn guys in the trenches.

  3. Martin A. Programmer says:

    The original premise was broken. Given x million $ we can tie a knot in this length of rope that nobody else will be able to un-tie.

    Typical mediocre manager mind syndrome.

  4. hapbt says:

    So when a key is blacklisted, how does this affect legitimate users?

  5. John says:

    I see that today, the free version of DVDFab Decrypter which includes HD support has just been updated. Is that what is known as a coincidence?

  6. ehren says:

    The reason they will fail is because they are selling plastic and keys, and pretending they are selling culture. But they don’t own the culture, except by a legal loophole, and the lesson is… the true owners of the culture, the people, will in the end will out.

  7. Drew says:

    hapbt: When a key is revoked, the affected player has to issue an update. Newly pressed discs will not play until the update is applied. Existing discs will continue to play. So you will not be affected unless, for some reason, your player cannot download the new key.

  8. Freebeard says:

    “The AACS Licensing Authority will be able to figure out which player SlySoft cracked by examining the program…”

    Wouldn’t this be a violation of the DMCA?

  9. Crosbie Fitch says:

    Matthew Skala: I was intimating that the diplomatic overtures of DMCA buttressed TPMs had now plainly failed, and that consequently the remaining course of action must involve violent force.

    I envisage something like the ‘Ministry of Information – Retrieval’ as depicted in Terry Gilliam’s movie Brazil. Thus future copyright infringers and pirates will be forcibly captured and interrogated until they’ve returned the IP they’ve stolen – or an equivalent amount of their own IP – with every attempt made to prevent these IP terrorists martyring themselves in the process.

  10. V says:

    But how many keys have to be leaked before someone can reverse engineer the encryption scheme and start making up valid keys?

    The problem is HD DVD’s can’t just contain a list of valid keys, it has to be a mathematical behavior, with keys blacklisted. Otherwise the first few disks wouldn’t work on the players make a year from now. Eventually, won’t it be possible to analyze the known keys and determine what the behavior is?

  11. Neo says:

    “So when a key is blacklisted, how does this affect legitimate users?”

    Well, they may get a disc that won’t play in their fancy, expensive HDDVD player as-is. If the player is flash-updateable they can mess around with the manufacturer and wait 6 to 8 weeks to play the disc they just bought and were itching to watch.

    Or they can just use AnyDVD to decode it and burn a copy that will work in any player.

  12. James says:

    Freebeard: Yes, it violates the DMCA, which is why SlySoft does not operate somewhere that extradites to the USA.

  13. Anonymous says:

    I think what Freebeard means is that if the aacsla circumvent the security on AnyDVD in order to find out where the keys came from, that they (the aacsla) are themselves infringing the DMCA.

    In any event, extradition treaties normally are subject to rules that the alleged activity has to also be an offence in the country from which extradition is sought. Tools like AnyDVD would not automatically be unlawful in some countries, as some have fair use provisos to anti-circumvention rules.

    Maybe someone can answer this. Suppose someone markets non-copyright content on an aacs protected disk. Is the DMCA infringed if the aacs is broken for the purposes of copying the non-copyright content?

  14. CheapBeard says:

    “The AACS Licensing Authority will be able to figure out which player SlySoft cracked by examining the program…”

    If AACS examines SlySoft’s program, doesn’t that put AACS in violation of the DMCA?

  15. bingbing says:

    James, I think freebeard meant that it’s a DMCA violation for the AACS Licensing Authority to reverse engineer SlySoft’s software.

  16. Freebeard says:

    bingbing and my more articulate cousin, CheapBeard, caught my meaning right!

    Would AACS LA be in violation of the DMCA for reversing SlySoft’s software to determine the cracked player?

  17. Rakesh says:
  18. Keys searches says:

    To determine which key was broken is not hard and does not require any reverse engineering of the Slysoft AnyDVD software. Each disk must allow a given key as part of its production. So lets say you can produce any disk you want (you are AACS-LA of course). So you produce a special disk for each key that only enables that one key. Then you attempt to use the SlySoft program to decrypt the disk. The disk that decrypts is the one with the key that has been exposed. For the people that took math classes they can see this would be a linear search through player key space O(n). If you want to find the broken key faster then just produce a disk with half of the keys. If the disk decrypts cut that in half and repeat. If the disk isn’t decrypted well then its in the half of th keys that you didn’t put on that first disk, cut unchecked keys in half and test again. How many disks will you need to check to find the broken key?? O(log(n)) much better :)

    Which leads to a better attack vector. Lets assume that a hardware player has been p0wned hard. So its key needs to be updated. Then manufacture will now send updates of a new private key which will be installed into the still p0wned hardware. What is stopping someone from just extracting the new key from the old hardware? While the current batch of next gen dvd players do a lot of work in software at some point that low cost hardware with a tiny amount of firmware will need to replace that to bring down cost. At that point we will have hardware which wont be very patchable but still require private key updates or killed as boat anchors. This all assumes that there is a way to get the private data (new keys) into the players that it self isn’t open to attack. Ya all of this AACS stuff is a bad idea(tm). They should have stuck with CSS. Something that is a speedbump wont empower content publishers to screw the sheep. At this point I get the think people will continue to break keys and publish them just to watch these huge companies dance like monkey boys.

  19. Shun says:

    The war was lost when the AACS-LA declared it. From a historical perspective see : Peloponnesian War. Also, War in Vietnam, Iraq, Afghanistan. For a spot of humor, look up French Military Victories. OK, enough fun. Why is AACS hopeless? Because it puts both the lock and the key in the hands of the user. Eventually, they will figure out how the lock and key fit together, then they will copy the key, or create a key generation machine.

    Also, has anyone explored how key revocation works? I am sure that there are multiple attack vectors to be explored here.

  20. Another Kevin says:

    @Keys searches

    I do think that eventually we *will* see consumer HD-DVD players turned (effectively) to bricks by key revocation. It isn’t until that starts happening that the typical DVD consumer will realise what’s going on and start to protest. Until then, the AACS-LA will be able to get away with all the shenanigans.

    I also suspect that, before all this is over, our legislators will make all media purchases (with the possible exception of print books) time-limited. No longer will you buy content, the law will require you to rent it. And some sort of “rights” will be invented to allow the content industry to reappropriate the public domain. And require independent artists to obtain an imprimatur from the industry. Our legislators are that corrupt.

  21. Hal says:

    The AACS system supports 2 billion sets of player keys. That should be enough that each hardware player could have a unique set of keys, assuming that they don’t sell more players total than 1 for every 3-4 people in the world. In that case it should be possible to individually revoke particular hardware players, without turning other ones into bricks. Only the players whose keys have been extracted and used to decrypt movies would be bricked.

  22. John says:

    I think that the lead time issue is just one of a number of potential administrative problems that can only get worse.

    Suppose someone compromises a hardware player. They can blacklist that particular player and no others. But three months later, a new key emerges from another instance of the same player. Extended to its logical conclusion, do they run the risk, or do they blacklist all players of that type.

    And what if a hack emerges that cannot be addressed with a firmware update. Some have said that the X-box hack is capable of being developed in such a way as fixing it would require hardware updates that would involve hardware physical component replacement, or even replacement of the complete unit.

    Another issue yet to rear its head is fees for replacement keys. What if a player manufacturer ceases trading, or withdraws from the HD player market. What happens about the routine periodic replacement of player keys which is part of the scheme – even if there isn’t any compromise or hacking.

    I think there is plenty of mileage in uncharted territory, for upsetting legitimate consumers.

  23. Another Kevin says:

    @Hal

    Yes, I know that the keyspace is largish. Any bets that it’s not being used; that all hardware players of the same make and model use the same key?

  24. sadsac says:

    I wonder if Mark Knox now wishes to revise any of his remarks in ‘this interview’. But since “nearly bulletproof” is not bulletproof, perhaps nothing needs to be revised. Still, we probably won’t see any more interviews extolling in the nearly impenetrable strength of AACS.

  25. John. says:

    As regards Mark Knox’s position at the time, and subsequent events, I think the one expression that describes it all is “learning curve”.

  26. anonymous05192007 says:

    BWAHAHA. I’m not shedding any tears for those Hollywood fat cats.

  27. graphex says:

    I just got a blu-ray version of the BBC Planet Earth series, and inside the box was a small insert which says

    “Important Notice This Blu-ray disc is manufactured to the highest quality available. It is possible this Blu-ray disc was manufactured after your Blu-ray disc player. To ensure the best possible viewing experience, your Blu-ray disc player may need a firmware or software update. Please consult your hardware manufacturer’s website for the latest firmware or software version and, if an upgrade is available, we suggest that you follow its installation instructions. Copyright 2007 Warner Bros. Entertainment, Inc. All rights reserved.”

    So, in the vein of “Digital Consumer Enablement” this message is certain to be understood as simply an enhancement to your DCE-enabled disc. I certainly want to upgrade my player to ensure the best possible viewing experience. Especially if that actually means “if you can’t play this disc, your player’s keys have probably been revoked, you have to upgrade”

    Luckily the note is printed on 30% post-consumer recycled content.

  28. perianwyr says:

    The AACS system supports 2 billion sets of player keys. That should be enough that each hardware player could have a unique set of keys, assuming that they don’t sell more players total than 1 for every 3-4 people in the world.

    And, no doubt, more than one player will be created from each possible hardware design. There is not much inherent in the AACS keys themselves that allows them to be cracked, it is the unavoidable flaws in the implementation that screw the system over. So, let’s say that there’s a crack for an entire line of Sony-made players, and people start spraypainting the decryption key on the sides of bridge abutments. Just because Sony can blacklist that one key which possibly could identify only one player device doesn’t mean that their adversaries can’t just exploit the same flaw over again to get a new key. This means that Sony must, indeed, brick the entire line of players (and the harder it is to tamper with the key, the harder the bricking is going to be, as mentioned above.)

    If each DVD was linked to a particular player on purchase, this system becomes vastly more robust (and this is already how such digital restrictions management works in other arenas.) But this creates other problems (rentals, people expecting to loan their property to others, and legal transfers of ownership of both players and discs.)

  29. Anonymous says:

    In response to what graphex says, the keys have to be renewed periodically anyway. My understanding is that they expire every 18 months and that the manufacturers are provided with new ones six months before they expire.

    That raises all sorts of issues. Some hardware is accompanied by notices saying that consumers may have to pay for those upgrades in the future. Also, as mentioned above: What happens if the manufacturer of the equipment no longer exists, or no longer holds aa aacs licence?

    Another issue is this. Do the studios have to pay an ongoing fee for the keys that are used in the disks? If they do, and a studio ceases trading, can the aacsla revoke the content encrypted under those terminated licences.

    In response to what perianwyr said, a far more robust drm system can be implemented if you start from scratch where the media and the equipment are all freshly designed, are playback-only, and not interoperable with anything else. You could achieve that sort of goal with something like laserdisks played in integrated player/display units with no external connections other than the power supply.

    I believe that the studios looked at that sort of approach (not with laserdisks) but that the market research people said that that sort of product would not be sellable, and I imagine that the same thing would apply to products incorporating technology which locks the media to the first player it is played in.

    Ultimately, the only thing that it looks like aacs can achieve (apart from snake oil profit), is to prevent the development of a copying utility which never needs updating. But that achievement is rather futile if the hackers can update it to keep pace with the revocation system.

  30. Per Jonsson says:

    graphex Says:

    I wonder why they put in a notice about updating the player if you as a normal consumer never should be affected about this aacs stuff.

    Not as consumerfreindly as they say?

  31. ear says:

    The revocation list is on each disk If I understand well.
    But then it’s up to the player to make use of it or not. What will prevent someone to make a player that won’t take the revocation list into account when trying to play the disk ?

  32. John says:

    If a player is revoked, it has to be updated or it won’t play any disks at all. If you over-ride the revocation, then it will still be able to play pre-revocation disks, but not post revocation disks, as the later disks are encrypted in such a way as it is incapable of so doing.

  33. hmmm says:

    If someone published some uncopyrighted content on a HD-DVD, called it, let’s say, “Bluedoom sample disk #1″ and included the information “I have used the processing key B0 99 D1 4C AD A1 21 42 17 8E 4F 06 61 26 13 75 to encode this public domain content in order to make it interoperable with your HD-DVD player”, then a diligent unlicensed software player manufacturer who enabled his software to decode this sample disc might find that his software was suddenly able to also decode properly licensed copyrighted AACSLA content.

    Wouldn’t it be very hard to successfully try and convict the software player manufacturer or the Bluedoom sample disc publisher under the DMCA?

  34. Anonymous says:

    In response to what hmmm says, I don’t think that the content owner is provided with copies of the processing keys used on his disk. In fact, I’m not at all sure he is provided with any keys – that is done through licensed replicators.

    And it is a breach of the license terms to disclose the keys anyway. Only those who need to use them themselves are provided with them.

    As regards the other point the issue is this. If non-copyright content is placed on an aacs protected disk and sold, then you have a situation where a digital access control is guarding access to something that is not copyright. On the face of it, the DCMA does not prohibit the circumvention of that control in order to access the content. If the DCMA did operate in that way, then Lexmark and Chamberlain would have won and not lost those cases.

  35. Hal says:

    One interesting aspect of this arms race is that at this point, only a private and rather secretive company has broken the new encryption. The first time through, there was a public effort conducted via the Doom9 forums that exposed the fabled processing key which got posted everywhere. So far this time there is no publicly known processing key to publish. It will be interesting to see whether such a key comes into the public eye or whether the keys remain known only to the private group.

  36. Bill says:

    Good point, Hal. It will be especially interesting if the key uncovered by SlySoft is from a standalone set-top player. Does anyone know if the new key is from a windows based player, or a standalone set-top player?

    I’m guessing that finding the keys from standalone players is rather labor intensive, and requires learning all the embedded aspects (firmware, hardware, op-codes, etc.) for that player – and that the entire process must be repeated from scratch each time a different standalone player is reverse engineered. Very different than hacking from within the comfort of the Windows OS.

    This sort of work is reserved for well funded, economically incentivized groups such as SlySoft. It will probably just be easier for the Doom9 crowd to sift out the keys from each new release of AnyDVD. I’d also bet than the AACSLA and/or MPAA are trying to figure out some angle to paint a bullseye on SlySoft.

  37. John says:

    I believe that extracting standalone player keys is more difficult, and also that the system incorporates features which are said to make it awkward to utilise those keys in software utilities.

    We have seen what the position is with softwrae players. All players of a type and version hasve the same keys. If the keys are compromised, they are expired, and the players are made more secure (sic) and given new keys. That involves all instances of that particular player.

    But what is the situation with standalone players? Suppose someone does reverse engineer a standalone and gets the data out – and gets it working in a copying utility. What do they do then. They can expire the keys for just that unit and possibly don’t have to wait 90 days. But if someone can get the keys from that, they can get them from another.

    So they would have to revoke the keys from all those players (and presumably incur the 90 day notice). But now what do you do. How easy is it to re-write the firmware etc. and update it so as to make it more difficult to extract more keys. And what if you do that and they still break into it.

    It would be very interesting to have sight of the “sales literature” that was presented to the various studios when they were sold the idea, and to compare how the self-healing nature of aacs as described compares with real life.

  38. Anonymous says:

    There is another interesting twist involving CSS which is used on DVD’s. The EEC legislation prohibits circumventing an effective DRM system that controls access to a copyright work. A district court in Finland has just ruled that because CSS is so hopelessly broken, it is therefore not effective, and therefore circumventing it does not infringe the relevant law.

    See

    http://arstechnica.com/news.ars/post/20070525-finland-court-breaking-ineffective-copy-protection-is-permissible.html

  39. Donny Bahama says:

    What we need now is an organized means of complaining – vociferously – about that expensive player we purchased that will not play that new disc we just bought.

    By inconveniencing hardware manufacturers – hopefully even making their lives *miserable*, we compel them to push back on the media manufacturers and content producers. When they become our advocates (as opposed to “good little soldiers” on the war against piracy) – THEN we shall have won!

  40. Donny Bahama says:

    The above could be accomplished by publishing…

    1. A list of discs which will not play on
    2. A list of players
    3. Contact info for the executive officers of the manufacturers of the listed players
    4. The associated support numbers and e-ddresses

    A committed group of people then calls each company, complains, and asks for support with the hardware in question – whether they own it or not. Force the company to send out firmware updates by mail if possible and/or issue RMAs. Even if the updates/RMAs received are never used, there is a cost to the manufacturer. And when that cost becomes high enough, they will necessarily become an advocate for consumers.

  41. Anonymous says:

    > What we need now is an organized means of complaining – vociferously – about that expensive player we purchased that will not play that new disc we just bought.

    The problem with that is that no expensive hardware players have been disabled from playing any published discs, and the likelyhood of this happening even in the future is very low.

    If it did happen, you would have good reason to complain, which is why the system is set up to avoid this.

  42. larry says:

    “The problem with that is that no expensive hardware players have been disabled from playing any published discs, and the likelyhood of this happening even in the future is very low.”

    The likelihood of this happening is in fact very high. Manufacturers simply do not support their products anymore. Once any product is couple of years old support is nil. Firmware updates will probably offered for what is the warrantee period and then no longer. This is just a golden opportunity for them to sell more units when they are broken and can’t play certain disks anymore.

  43. gohandbag says:

    miss you so much love you so much Louis Vuitton