January 2nd, 2007
Christmas gift to Entertainment Cartel: DVD Copy protection cracked?
Entertainment execs who took a break over the holidays may (or may not) be coming back to some extremely bad news (particularly since a lot of high definition DVDs were probably given as gifts over the holidays). In case you didn't know, there are two competing formats for putting high definition (HD) content on a DVD. One is called HD-DVD. The other Blu-ray. 2006 was a big year for both formats as it was really the first real year that people started buying HD content as well as the technology that can play it back. As a side note, I'll be giving some coverage to the HD-DVD vs. Blu-ray battle from CES in Las Vegas next week. Anyway, the two formats are incompatible with each other which means that gear that's designed to play Blu-ray won't play HD-DVD and vice versa (there will be products that play both). One way, by the way, to get a really good deal on a Blu-ray Disc player is to buy a Sony Playstation 3. Here's why.
But there is at least one area where the two formats are technologically compatible and that's in the content protection technology (aka: the Digital Rights Management or DRM) they use: the Advanced Access Content System or AACS. To date, most attempts at protecting content have been foiled in one way or another by hackers. The two prevailing DRM systems for protecting downloadable music and video — Apple's FairPlay and Microsoft's PlaysForSure — have both been hacked. Dating all the way back to the 80's when software companies desperately tried to foil piracy of their wares, most attempts at copy protection were succesfully broken. Microsoft appears to be at it again with its Genuine Advantage program, but their are numerous sources of information on the Web on how to defeat it (none of which I've tried or verified, but some of the ones that I've read go into such detail, that I cannot imagine them not being legitimate). Security experts including Bruce Schneier repeatedly admonish those who attempt to protect content with such schemes, saying that such attempts are mostly in vain (see Scheier's The Futility of Copy Protection).
So, it should have come as no surprise to entertainment executives that hackers would not only be hammering away at the AACS content protection scheme found on HD-DVDs and Blu-ray discs, but that they'd also claim victory as a hacker that goes by the name of Muslix64 did in a YouTube post over the holidays that concludes with "Merry Christmas" and a promise to release the source code in January. The post generated a huge amount of buzz in the blogosphere as to whether the hack was legitimate or just a hoax. While the entertainment cartel tries to get to the bottom of the news and the potentially devastating ramifications, EDN Senior Technical Editor Brian Dipert dug deeper, writing:
it appears he/she didn't [crack AACS]; instead the hacker circumvented it, relying on the same sort of human error that crippled CSS over seven years ago. The FAQ that accompanied BackupHDDVD mentioned CyberLink's PowerDVD, and the YouTube video Muslix64 made (which is, I must say, quite entertaining) also shows the program running….Apparently, Muslix64 figured out how to find the unencrypted title keys in system RAM.
at least for the moment [Blu-ray is immune]. But probably not for long. Muslix64 indicates that he/she doesn't own a Blu-ray drive; an Xbox HD DVD drive like the one I wrote about earlier this month was used to read discs on the PC (coincidentally on Christmas Eve, prior to hearing about the hack, I obtained my own copy of Cyberlink PowerDVD Ultra). However, although my original post on this topic suggested that Blu-ray's beyond-AACS BD+ might protect it, several other anonymous and well-placed sources indicate that BD+ is not yet finalized and therefore not yet implemented; existing Blu-ray titles are protected only by AACS.
Dipert goes on to talk about how the problem could be corrected by revoking PowerDVD's client key, but points out how "all already-pressed media is vulnerable." In other words, whatever media has been purchased by customers amounts to cats out of the bag (whilst the remaining copies on the shelves might have to be recalled at a huge expense to the movie studios).
