Media Wonk

Holiday hackers - December 28, 2006

Like Scrooge showing up at a holiday party, reports surfaced over the Christmas break that AACS—the supposedly unbreakable encryption used on HD DVD and Blu-ray discs—had in fact been broken, by a hacker calling himself Muslix64.
According to the thread Muslix started on the Doom9 Forum, he or she (OK, probably he) was able to write a Java-based command-line utility for Windows called BackupHDDVD that allowed him to move unencrypted files containing Full Metal Jacket, Van Helsing, Tomb Raider and a handful of other movies to his hard drive.
He even posted a video on YouTube, tauntingly titled “AACS is Unbreakable,” purportedly showing the utility in action.
He then released the source code for others to try, complete with FAQ.
The postings set off an orgy of gloating and wild speculation over how the studios might respond to the purported crack on hacker forums, including a prediction that HD DVD studios would now defect to Blu-ray, since the latter format includes the extra BD+ layer of copy protection.
Yet like Dickens’ story of redemption, all may not be bleak for the studios as they contemplate this latest turd to land in their holiday punch bowl.
For one thing, AACS wasn’t really cracked, at least as that term is commonly understood.
According to the Doom9 postings, Muslix64 was able to retrieve the decryption keys from memory while running Cyberlink's PowerDVD player on his PC and then feed them into his own decryption procedure.
He got the last part from publicly available documentation on the AACS Licensing Authority Web site.
The keys themselves, however, apparently remained encrypted throughout the procedure, so the critical algorithm was not revealed.
More to the point, the episode could provide the studios with an opportunity to test the whole AACS revocation-and-update scheme in the real world at a time when the number of discs and players at issue is still tiny and the titles are all previously exhausted catalog releases. 
Unlike the CSS, which relied on a single set of  encryption keys that, once uncovered were compromised forever, AACS uses unique keys for all players and software titles. 
If a player is tricked into coughing up its keys, as apparently happened with BackupHDDVD, those keys can be "revoked," by the AACS Licensing Authority, so that no future discs would play on the compromised players.
That could be a tad inconvenient, though (not to mention actionable), for those with the same type of player but who have done nothing illegal.
So AACS also relies on unique software keys that would allow revocation to occur at the disc level. The keys used on the first pressings of the affected titles could be revoked and new ones issued for any subsequent pressings.
The newly pressed discs could not then be played on the compromised players.
In the meantime, new keys could be issued for the PowerDVD player and delivered as an "update" on future discs.
That way, the damage is contained to a specific pressing of a title on a specific player, and life goes on as normal for everyone else.
Getting all that to work as designed, however, and in a timely fashion, could prove daunting.
Additional forensic work will have to be done to determine exactly where in the system the compromise occurred, and whether the revocation and update procedure would actually fix it.
Then Cyberlink would have to be convinced to pull all existing copies of PowerDVD from the shelves (or from download sources) and release a new version with the updated keys.
Updated keys would also have to be delivered to innocent owners of the compromised player, either directly or by adding the update to any and all future releases the players might encounter.
Finally the studios would have to decide whether to leave the compromised titles in the marketplace, or attempt to recall them from retail shelves.
The good news is that AACS was designed specifically to address the scenario apparently presented by BackupHDDVD.
The bad news is it has a lot of moving parts and a lot of potential for noses to get out of joint.
If the system can't be made to work smoothly and efficaciously, then the studios will quickly be right back in the same boat they're in with DVDs--with a compromised encryption scheme that cannot respond to hacks.
If you're the studios, you might as well find out now, while the stakes are still low.

LEAVE A COMMENT