February 15, 2007
AACS Copy Protection: Years to Make, Weeks to Brake
An article on Boing-Boing detailed the plight of the Blu-Ray and HD DVD copy-protection crowd: after spending years creating an unbreakable code, a mere few weeks later, it is already OBE:
Arnezami, a hacker on the Doom9 forum, has published a crack for extracting the “processing key” from a high-def DVD player. This key can be used to gain access to every single Blu-Ray and HD-DVD disc.
Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the “volume keys” for each disc, a cumbersome process. This break builds on Muslix64’s work but extends it — now you can break all AACS-locked discs.
AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.
Poor studio houses. Yeah, it sucks that all those evil law breakers have stolen your profits. And no, it just doesn’t look like your latest annoying copy-protection scheme is gonna work. Not only do we have to deal with the asinine sticky tape on the outside of the package, to get HD quality, we’re also forced to use a shoddy input standard (HDMI) which degrades its signal after 30 feet (component video/digital audio doesn’t have this problem) - worse, we put up with this so that your lagging business model can be saved by AACS Copy Protection (BTW - we won’t be buying ANY HD products until you pick a single format, Mkay?). After inflicting this approach on us, and after millions spent in developing this technology, arnezami describes how easy this was to crack in saying:
Hope you enjoyed the ride. I’m thinking about a concept of proof proggy which does all the steps (from Processing Key to C-value to Media Key to Volume ID to VUK). It would require a Volume ID as input (which might be retrieved/guessed in another program or extension whatever). But the most important part is done: we have a Processing Key.
I’m also thinking about doing a full explanation of the AACS protection system (or at least the subset-difference technique). But only if there is any demand for it .
Regards,
arnezami
PS. For the keen observer: I’m not telling which player I used (well you can guess but you might guess wrong) to retrieve the Processing Key because I don’t want to give the AACS LA any extra legal ammunition against any player company. Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the “show” in my own memory. No debugger was used, no binaries changed.
The dynamics of the old market just don’t work that well any more. Blaming the hackers and immoral customers isn’t going to make it better, nor are the copy protection schemes. Steve Jobs, in describing the dynamics behind iTunes’ copy protection explains the problem perfectly - Universal, Sony BMG, Warner and EMI are demanding it, even though it’s nonsensical. And while its clear that copywright holders need to get paid for their work, as Boing Boing States:
There is no future in which bits will get harder to copy. Instead of spending billions on technologies that attack paying customers, the studios should be confronting that reality and figuring out how to make a living in a world where copying will get easier and easier. They’re like blacksmiths meeting to figure out how to protect the horseshoe racket by sabotaging railroads.
Now I’m generally an honest dude. I own over 900 DVDs and paid for them all (other than those given to me by directors to review - any more of those, send’em my way!). However, I do draw the line on the ridiculous region code crap. When a movie like Natural City gets released overseas years before coming to the US, I’ll be damned if I’m gonna wait to pay top dollar here. And if I can get an import of an anime like Serial Experiments Lain on Ebay for 10 bucks for all 13 episodes or buy them 4 episodes at a time for 20 bucks, guess where I’m goin? While I don’t have an innovative answer for how the future market could work, I’m guessin the studio houses and distributors rarely get their head out of the sand to even think about it.
Note to the Studio Houses and Distributors: The market is global. Other countries sell products too. There are even movies produced overseas that some of us want to see here in the US the same day those in Europe and Asia watch them.” If you don’t give us a way to do that legally, we’ll find other options. If you want to slow the downloading issue, one obvious answer is to go for global releases. When Ghost in the Shell: Solid State Society is released in Japan, it should be released in the US as well. And perhaps there might be a backlash when you screw the US citizens by charging higher prices here than other countries pay - just a thought.
Note to Illegal Downloaders: Just a note to those of you engaging in illegal downloads - not all copyright holders are equal. You wanna stick it to Sony by downloading and then posting their entire catalog online? Fine - go ahead. Chances are they won’t be going bankrupt any time soon. But what about the Indie movie makers and underground music labels? You really think these guys are loaded? They ARE the little guys - there is no mega-corp backing them up. Most are living hand-to-mouth, and are working for the love of their craft. They aren’t planning to use your money to purchase a second Maserati; they’ll be using it to buy dinner and pay the rent. They WILL be going out of business if you illegally download the products of their labor. And then where will we be? I’ll tell you where - you’ll be stuck with bloated studio house monstrosities like I, Robot and The Island, while movies like Fragile Machine and One Point O start to disappear. Your choice…