|
The Geek Wants Out
Datum registracije: Feb 2005
Lokacija: xxx
Postovi: 1,193
|
Saga se nastavlja... preneseno sa Doom9 foruma:
Citiraj:
|
Autor muslix64
I spent the last few days reading a lot of articles on BackupHDDVD, reading a lot of people's post/comments on various websites.
This is the time to set the record straight about this new tool and what the impacts are.
First I need to clarify some points.
Revocation:
In the AACS system, there is 4 types of revocation:
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation
There is no such thing as "title key revocation" and "volume key revocation"
-------------
Now, here is a list of affirmations I have seen lately.
Affirmation 1: You did not break AACS, just the player
My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.
Not that bad...
Affirmation 2: The BackupHDDVD circumvention tool won't last long
My comment: As long as insecure players will exist, it will last...
And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.
And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!
Affirmation 3: The keys can easily be revoked.
My comment: What keys are you talking about?
As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...
So what is the AACS revocation system good at?
It is good for that scenario:
Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.
Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.
My comment: BackupHDDVD is a proof of concept.
Picture this:
Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.
Or they can send the keydb.cfg file on P2P networks (BitTorrent, E-Mule, etc..)
See the problem now?
Affirmation 5: You can extract keys from software player on personal computer but not on hardware player.
My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)
Conclusion:
The attack I describe in "Affirmation 4", is not here yet, but it's coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.
To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don't know about the manufacturing process of the disk. This solution may not be possible.
The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every "pressing" of a movie.
When they design AACS, they assume people will look for the device keys. I don't care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.
There is 3 important things in cryptography:
1-Private key protection
2-Private key protection
3-Private key protection
Did I break AACS? I don't know. What do you think?
I'm not going to work on this anymore, I'm taking a vacation!
...
Ok, here it is, BackupHDDVD V1.00!
What's new in this version?
- Volume key support
- Partial resume of an interrupted decryption session
- New file format and file name for key database file.
The key database file is now KEYDB.cfg
You can download it here:
///
File name: BackupHDDVDV100.zip
File size: 22,429 bytes
SHA1 hash: 0d938a376133dfaf78ec47e6d41201d553a6bb81
This may be my last post here.
I'm going to have a rest for a while.
Take care everyone and wish me good luck!
|
__________________
The Geek Wants OUT
by Ernest Cline
At first glance
I probably appear to be a somewhat ordinary,
somewhat average looking fellow.
Calm, harmless, at ease.
But this is by design.
You see, it is through decades of research and rigorous training that I have crafted this façade of normalcy.
And now, through intense concentration,
I am able to function in a social setting.
I can speak at length with educated people about
pertinent matters of public importance,
such as literature,
or the current political climate in Europe.
I am capable of conversing with you
without ever revealing that just underneath the surface
of this manufactured veneer
there hides an altogether different person.
A monster, some might say.
My alter-ego.
He is the opposite of the image I project.
He is the antithesis of Cool.
He is the LAST person you want to get trapped in a conversation with.
He is The Geek.
The obsessive science fiction movie watching,
comic book collecting,
Monty Python dialogue memorizing,
Dungeons and Dragons playing GEEK
that I struggle daily to keep hidden from the world.
But The Geek Wants Out.
He want to talk to you.
He wants to give you his doctoral dissertation on why
The Adventures of Buckaroo Banzai Across the 8th Dimension
is the greatest fucking film of all time!
He wants to bitch slap you because
you’ve never seen Big Trouble in Little China.
What? Have you been living in a fucking cave?!
He wants to kick your ass in Star Wars Trivial Pursuit.
And he will.
Because he’s a fucking Geek.
And he wants his toys.
He wants the complete set
in mint condition,
still in the box.
He wants every item on the planet that is even remotely related to Ultraman.
Because Ultraman is Airwolf!
He could give a squirt of piss
about sports or politics or rhetoric.
Such things are of no consequence to him.
What matters is the release date of the next Lord of the Rings movie!
You see, The Geek can’t wait.
The Geek has no patience.
He wants what he wants when he wants it.
And all he wants is stupid shit!
He wants his own Tardis.
He wants his own light saber.
He wants to buy a DeLorean and he wants to drive it 88 miles per hour.
He wants movies.
He wants to see the Director’s Cut.
He wants the impossible to find Japanese bootleg with
6 minutes of never-before-seen footage.
He wants to watch Blade Runner. Again.
He wants to watch Brazil. Again.
He wants to watch A Clockwork Orange.
Again and Again!
But I deprive him of these things, as best I can,
until I can no longer ignore his voice
screaming in my head.
I am Jekyl. He is Hyde.
I am Bruce Banner. He is the Hulk.
Especially the Hulk from issues #272 to #378.
But no longer!
I am putting a stop to all this nerdy shit right now!
I’m an adult, for Christ’s sake!
And this body isn’t big enough for the both of us.
One of us has to go, and it’s gonna be him.
I banishing the Geek forever to the Phantom Zone,
just like in Superman II !
Because, in the end –
there can be only one.
|