February 8, 2023

Slysoft Commercializes Next-Gen DVD Circumvention

We’ve been following, off and on, the steady meltdown of AACS, the encryption scheme used in HD-DVD and Blu-ray, the next-generation DVD systems. By this point, Hollywood has released four generations of AACS-encoded discs, each encrypted with different secret keys; and the popular circumvention tools can still decrypt them all. The industry is stuck on a treadmill: they change keys every ninety days, and attackers promptly reverse-engineer the new keys and carry on decrypting discs.

One thing that has changed is the nature of the attackers. In the early days, the most effective reverse engineers were individuals, communicating by email and pseudonymous form posts. Their efforts resulted in rough but workable circumvention tools. In recent months, though, circumvention has gone commercial, with Slysoft, an Antigua-based maker of DVD-reader software, taking the lead and offering more polished tools for reading and ripping AACS discs.

You might wonder how a company that makes software for playing DVDs got into the circumvention business. The answer has to do with AACS’s pickiness about which equipment it will work with. My lab, for example, has an HD-DVD drive and some discs, which we have used for research purposes. But as far as I know, none of the computer monitors we own are AACS-approved, so we have no way to watch our lawfully purchased HD-DVDs on our lawfully purchased equipment. Many customers face similar problems.

If you’re selling HD-DVD player software, you can tell those customers that your product is incompatible with their equipment. Or you can solve their problem and make their legitimately purchased discs play on their legitimately purchased equipment. Of course, this will make you persona non grata in Hollywood, so you had better hire a few reverse engineers and get to work on some unauthorized decryption software – which seems to be what Slysoft did.

Now Slysoft faces the same reverse engineering challenges that Hollywood did. If Slysoft’s products contain the secrets to AACS decryption, then independent analysts can extract those secrets and clone Slysoft’s AACS decryption capability. Will those who live by reverse engineering die by reverse engineering?

AACS Updated, Broken Again

[Other posts in this series]

We predicted in past posts that AACS, the encryption system intended to protect HD-DVD and Blu-ray movies, would suffer a gradual meltdown from its inability to respond quickly enough to attacks. Like most DRM, AACS depends on the secrecy of encryption keys built into hardware and software players. An attacker who discovers a player’s keys can defeat the protection on any disc that works with that player. AACS was designed with a defense against such attacks: after a player has been compromised, producers can alter new discs so that they no longer work with the compromised player’s keys. Whether this defense (which we call “key blacklisting”) will do much to stop copying depends how much time elapses before each leaked key is blacklisted.

Next week marks three months after the first compromised player key appeared on the Internet (and more than five months after cracks for individual discs began to appear). Discs slated for release on Tuesday will be the first to contain an update to AACS that blacklists the leaked keys.

What took so long? One limitation comes from the licensing agreement signed with player manufacturers, which requires that they receive ninety days’ notice before their keys are blacklisted, so that they have enough time to update their products.

Customers who obtained the new discs a few days early confirmed that the previously leaked keys no longer worked. It seemed as if AACS had recovered from the attacks just as its designers intended.

However, a new twist came yesterday, when SlySoft, an Antigua-based company that sells software to defeat various forms of copy protection, updated its AnyDVD product to allow it to copy the new AACS discs. Apparently, SlySoft had extracted a key from a different player and had kept the attack a secret. They waited until all the other compromised keys were blacklisted before switching to the new one.

The AACS Licensing Authority will be able to figure out which player SlySoft cracked by examining the program, and they will eventually blacklist this new key as well. However, all discs on store shelves will remain copyable for months, since disc producers must wait another ninety days before making the change.

To be successful in the long run, AACS needs to outpace such attacks. Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don’t even have to wait this long before they start to crack another player. Like Slysoft, they can extract keys from several players and keep some of them secret until all publicly known keys are blacklisted. Then they can release the other keys one at a time to buy additional time.

All of this is yet more bad news for AACS.

You Can Own an Integer Too — Get Yours Here

Remember last week’s kerfuffle over whether the movie industry could own random 128-bit numbers? (If not, here’s some background: 1, 2, 3)

Now, thanks to our newly developed VirtualLandGrab technology, you can own a 128-bit integer of your very own.

Here’s how we do it. First, we generate a fresh pseudorandom integer, just for you. Then we use your integer to encrypt a copyrighted haiku, thereby transforming your integer into a circumvention device capable of decrypting the haiku without your permission. We then give you all of our rights to decrypt the haiku using your integer. The DMCA does the rest.

The haiku is copyright 2007 by Edward W. Felten:

We own integers,
Says AACS LA.
You can own one too.

Here is your very own 128-bit integer, which we hereby deed to you:

[can’t display integer]

If you’d like another integer, just hit Shift-Reload, and we’ll make a fresh one for you. Make as many as you want! Did we mention that a shiny new integer would make a perfect Mother’s Day gift?

If you like our service, you can upgrade for a low annual fee to VirtualLandGrab Gold – and claim thousands of integers with a single click!

Why the 09ers Are So Upset

The user revolt at Digg and elsewhere, over attempts to take down the now-famous “09 F9 …” number, is now all over the press. (Background: 1, 2) Many non-techies, including some reporters, wonder why users care so much about this. What is it about “09F9…” that makes people willing to defend it by making T-shirts, writing songs, or subjecting their dotcom startup to lawsuit risk?

The answer has several parts. The first answer is that it’s a reaction against censorship. Net users hate censorship and often respond by replicating the threatened content. When Web companies take down user-submitted content at the behest of big media companies, that looks like censorship. But censorship by itself is not the whole story.

The second part of the answer, and the one most often missed by non-techies, is the fact that the content in question is an integer – an ordinary number, in other words. The number is often written in geeky alphanumeric format, but it can be written equivalently in a more user-friendly form like 790,815,794,162,126,871,771,506,399,625. Giving a private party ownership of a number seems deeply wrong to people versed in mathematics and computer science. Letting a private group pick out many millions of numbers (like the AACS secret keys), and then simply declare ownership of them, seems even worse.

While it’s obvious why the creator of a movie or a song might deserve some special claim over the use of their creation, it’s hard to see why anyone should be able to pick a number at random and unilaterally declare ownership of it. There is nothing creative about this number – indeed, it was chosen by a method designed to ensure that the resulting number was in no way special. It’s just a number they picked out of a hat. And now they own it?

As if that’s not weird enough, there are actually millions of other numbers (other keys used in AACS) that AACS LA claims to own, and we don’t know what they are. When I wrote the thirty-digit number that appears above, I carefully avoided writing the real 09F9 number, so as to avoid the possibility of mind-bending lawsuits over integer ownership. But there is still a nonzero probability that AACS LA thinks it owns the number I wrote.

When the great mathematician Leopold Kronecker wrote his famous dictum, “God created the integers; all else is the work of man”, he meant that the basic structure of mathematics is part of the design of the universe. What God created, AACS LA now wants to take away.

The third part of the answer is that the link between the 09F9 number and the potential harm of copyright infringement is pretty tenuous. AACS LA tells everyone who will listen that the discovery and distribution of the 09F9 number is no real threat to the viability of AACS or the HD-DVD/Blu-ray formats. A person getting the 09F9 number could, if he or she is technically skillful, invest a lot of work to get access to movies. But there are easier, less tech-intensive ways to get the same movies. Publishing the number has approximately zero impact on copyright infringement.

Which brings us to the civil disobedience angle. It’s no secret that many in the tech community despise the DMCA’s anticircumvention provisions. If you’re going to defy a law to show your disagreement with it, you’ll look for a situation where (1) the application of the law is especially inappropriate, (2) your violation does no actual harm, and (3) many others are doing the same thing so the breadth of opposition to the law is evident. That’s what we see here.

It will be interesting to see what AACS LA does next. My guess is that they’ll cut their losses, refrain from sending demand letters and filing lawsuits, and let the 09F9 meme run its course.

Digg Users Revolt Over AACS Key

I wrote yesterday about efforts by AACS LA, the entity that controls the AACS copy protection system used in HD-DVD and Blu-ray discs, to stop people from republishing a sixteen-byte cryptographic key that can unlock most existing discs. Much of the action took place at Digg, a site that aggregates Web page recommendations from many people. (At Digg, you can recommend pages on the Web that you find interesting, and Digg will show you the most-recommended pages in various categories.

Digg had received a demand letter from AACS LA, asking Digg to take down links to sites containing the key. After consulting with lawyers, Digg complied, and Digg’s administrators started canceling entries on the site.

Then Digg’s users revolted. As word got around about what Digg was doing, users launched a deluge of submissions to Digg, all mentioning or linking to the key. Digg’s administrators tried to keep up, but submissions showed up faster than the administrators could cancel them. For a while yesterday, the entire front page of Digg – the “hottest” pages according to Digg’s algorithms – consisted of links to the AACS key.

Last night, Digg capitulated to its users. Digg promised to stop removing links to the key, and Digg founder Kevin Rose even posted the key to the site himself. Rose wrote on Digg’s official blog,

In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

This is a remarkable event. Critics of Web 2.0 technologies like Digg often say that users are being exploited, that the “communities” on these sites are shams and the company running the site is really in control. Here, the Digg company found that it doesn’t entirely control the Digg site – if users want something on the site badly enough, they can put it there. If Digg wasn’t going to shut down entirely (or become clogged with postings of the key), it had no choice but to acquiesce and allow links to the key. But Digg went beyond acquiescence, siding with its users against AACS LA, by posting the key itself and practically inviting a lawsuit from AACS LA.

Digg’s motive here probably has more to do with profit and market share than with truth, justice, and the American way. It’s not a coincidence that Digg’s newly discovered values coincide with the desires of its users. Still, the important fact is that users could bend Digg to their will. It turns out that the “government” of Digg’s community gets its power from the consent of the governed. Users of other Web 2.0 sites will surely take note.