Media Wonk

Hacking up trouble - January 18, 2007

Any lingering doubts about the validity of claims that the AACS copy-protection system used on HD DVD and Blu-ray Discs had been compromised were erased earlier this week when the first movie clearly ripped from an HD DVD turned up on BitTorrent.
The title, Universal’s Serenity, was quickly followed by a handful of others, including The Chronicles of Riddick, Batman Begins and Superman Returns.
The movies were apparently ripped using the BackupHDDVD program created by a hacker calling himself Muslix64.
Earlier this month, Muslix made version1.0 of the software available for downloading from various web sites.
None of the studios whose titles have been ripped have commented publicly. The AACS Licensing Authority, which oversees the encryption system, said it is investigating “an apparent breach” in the system to determine what steps, if any, will be taken in response.
BackupHDDVD appears to work by uncovering the decryption keys assigned to a particular title and using them to create a copy of the movie file on a computer’s hard drive.
In its most basic implementation, AACS assigns each playback device or software player a set of “device keys,” which can be unique to a particular player but don’t have to be.
Each title is then assigned a unique “title key,” which is encrypted and stored on the disc.
When a disc is inserted into a player the player uses its device keys to decrypt the title keys, which it then uses to decrypt the movie.
The title keys can be stored in such a way that they will only hand over their secret to “authorized” device keys.
If a device is found to be compromised, AACS-LA can “revoke” that particular set of device keys, so that all future titles would regard those devices as “unauthorized” and refuse to hand over their title keys.
That way, damage would be limited to those titles that were released before the device keys are revoked.
Muslix64 apparently discovered a way to retrieve a particular movie’s title keys from the memory of a computer used for playback. That allowed him to write a program that decrypts and copies the movie using those keys.
Since then, other hackers have used the method to uncover the title keys for about three dozen movies and have posted those keys on the Internet, at sites such as www.aacskeys.com.
So far, suspicion has fallen primarily on the WinDVD and PowerDVD software players from InterVideo as the most likely culprits for leaving the title keys exposed in memory.
A spokeswoman for Corel, which acquired InterVideo last month, said investigators had not yet determined if those players were in fact at fault but that the company had taken steps to change some codes in its software in an attempt to limit potential damage.
“Our main concern is that the content remain protected so we’re taking proactive steps to try address any problem that may have occurred,” the spokeswoman, Gail Scibelli said. “We’re cooperating with the folks who are investigating this.”
It’s unclear at this point whether Muslix has also found a way to uncover the device keys, which would be a more serious breach of the system.
If the device keys are uncovered they could be used to decrypt any movie without needing the title codes.
Some cryptography experts have speculated that a hacker who uncovers a set of device keys might keep that information secret, so as not to invite revocation.
Even so, the posting of particular title keys on the Web is an ominous sign for the studios.
In a long series of posts analyzing the purported hack, noted Princeton University computer scientist Edward Felten noted that, over time, hackers could compile a substantial online database of title keys, which would gradually erode the effectiveness of AACS while making it harder to implement targeted countermeasures.
“Decryption tools will evolve,” Felten wrote on January 10. “Somebody will make an online database of title keys, and will modify BackupHDDVD so it automatically consults that database and gets the title keys it needs. This new decryption program will be able to decrypt any disc whose title key appears in the database. This decryption software and database don’t exist yet, but they seem inevitable.”

LEAVE A COMMENT