February 13th, 2007
AACS - BUSTED!
[Updated: Feb 13, 2007 @ 4.15 pm] I've just found out that SlySoft have a beta version of AnyDVD HD in the pipeline. This application is able to rip HD-DVDs (but not Blu-ray discs). Details here and here.
AACS took years to develop and millions of dollars to bring it to the consumer market and yet it's been completely broken within weeks of high definition Blu-ray and HD-DVD players falling into the hands of hackers.
At least the hackers have been fair and busted both formats at the same timeA hacker on the Doom9 forum called Arnezami has released details of a crack that allows the processing key, media key and the volume ID to be extracted. The critical factor here is the discovery of the processing key. This single key allows for the easy decryption (as easy as decrypting a DVD) of every single Blu-ray and HD-DVD disc released so far.
Loading ...
The crack was beautifully simple - just a matter of keeping an eye on the information stored in RAM and watching out for changes. It doesn't get much simpler than that. This crack builds on work carried out by another hacker called Muslix64.
Secure DRM such as AACS relies on no vendor making a mistake. Every product from every vendor needs to be 100% perfect. Any mistakes creates cracks that the hackers can exploit. It seems that the studios became overconfident with regards to AACS and made some very basic mistakes, such as this with regards to the volume ID:
Its incredible how not random this Volume ID is. I just figured out what these "unique" 6 bytes are:
09 18 20 06 08 41
Here is part of the entry in our volume key list:
King Kong |V|09/18/06|
Yep its a date (09/18/2006) and time (08:41) of the production. Although its done very weird since the hex is interpreted as decimals. But most importantly the Volume ID is not just guessable its even predictable! Incredible.
What does this mean?
This means that (especially for future software player updates) there would be no need for anyone to do a memdump/debug or anything. Only once per Media Key Block Version does the Media Key have to be extracted by one person in the world. If this is released everyone can decrypt any disc!!
That's really sloppy. The kind of sloppy that leads to a crack.
My guess is that by the end of the month we'll see this a GUI wrapper around this hack and then anyone with a HD-DVD or Blu-ray drive and software player will be able to decrypt HD discs.
That's it. Game over for AACS. At least the hackers have been fair and busted both formats at the same time.
How will the studios respond? Will they release the lawyers or just continue using AACS and pretend that the crack doesn't exist? Will this crack help speed up HD adoption?
Adrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations
Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)
Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.
Subscribe to Hardware 2.0 via Email alerts or RSS.
| 02/14/07
