The Saga of decrypting an AACS protected movie

[crn]

Za one koji ne znaju AACS je zaštita HD-DVD i BlueRay diskova, nešto slično kao CSS za DVD diskove, a ovo je iskustvo jednog nezadovoljnog korisnika

Preneseno sa doom9 foruma :

Citiraj:

The Saga of decrypting an AACS protected movie, by Muslix64.

December 6:

I just bought a HD-DVD drive to plug on my PC, and a HD movie, cool! But when I realized the 2 software
players on windows don't allowed me to play the movie at all, because my video card is not HDCP compliant and because I
have a HD monitor plugged with DVI interface, I started to get mad... This is not what we can call "fair use"! So I
decide to decrypt that movie. I start reading the AACS specification I have found on the net. I estimate it will take
me about 4 weeks of full time job to decrypt that. I was wrong, it was in fact, easy...

BTW, when I disable my HD monitor, I can watch the movie,on my old VGA screen, but, what is the point of having
a HD monitor and not being able to watch a HD movie on it!

December 7 to December 12:

Nothing, I try many things, but I'm going nowhere. I change my technique

December 13:

Now I focus only on title key. I was very surprise to realize that the title key is there, in memory! Can it be
that easy? Around 7PM, I decrypt my first movie "pack". Around 11PM, I have now a totally decrypted movie! But there is
a problem. Frame skipping.

December 14:

After many tests, I found a field in the Nav pack, that fix the frame skipping problem.
Wow! Now I can watch a smooth playback of an HDDVD film that I have decrypted!
After only 8 days of work, I was able to decrypt an HD-DVD movie! What's the problem? There is a major
security problem somewhere.

December 15 and December 16:

I put together a small program called "BackupHDDVD", a java based command line utility to decrypt movies.

December 17:

I made a small video called "AACS is Unbreakable" where you can see the output of the program while decrypting.
You can also see a playback of a decrypted movie.


December 18:

Upload that video on YouTube
http://www.youtube.com/watch?v=_oZGYb92isE

December 20:

Upload the program and source code on RapidShare (V0.99)


December 21:

I want to go further in the decryption, so I decide to track down the "Volume unique key" instead of title key.
I found it also! I'm preparing BackupHDDVD V1.00, that will support volume key and title keys.

December 25:

Merry Christmas!

December 26:

I create a thread on the Doom9 forum about BackupHDDVD. People don't believe it...

Čekamo 2. siječnja kad bi trebala izaći nova verzija

[CatKiller]

Moderni Robin Hood, thumbs up!

[LorD ClockaN]

Jel to možda Jon DVD?

[Codiac]

svaka cast kao sto sam rekao nema toga sta ce covjek napraviti da drugi covjek neskrsi

[Facelessone]

Nice, sad se nemoram brinut o tome

[Fleks]

Muwahahaha. Jedna briga manje....

[nicko]

A tek je izaslo

[Ph03n1x]

loool.

kak je lik lud. tek je izasao a vec ga je skrsil :P

svaka cast : goood :

[slink]

Prejako

[piNheaD]

Ja bum grunul

[Hrconja]

mm ali meni se u onom filmiću na youtubeu čini da malo kasni slika tj da malo skippa kad commander priča oO
možda ima slabi komp ^^ ili nije uspio pohvatat baš svaki frejm?

[Facelessone]

Citiraj:

Autor Hrconja

mm ali meni se u onom filmiću na youtubeu čini da malo kasni slika tj da malo skippa kad commander priča oO
možda ima slabi komp ^^ ili nije uspio pohvatat baš svaki frejm?

tebi preskače nekej

[LordNitro]

Veliki respekt...

[Hrconja]

Citiraj:

Autor Facelessone

tebi preskače nekej

aaa to se meni učinilo jer njemu ruke nisu mirne dok je snimao : wtf :

[West]

jedva cekam novu verziju

[Mailman]

http://arstechnica.com/news.ars/post/20061228-8510.html

Dobar izbor filma FMJ

[crn]

Saga se nastavlja... preneseno sa Doom9 foruma:

Citiraj:

Autor muslix64

I spent the last few days reading a lot of articles on BackupHDDVD, reading a lot of people's post/comments on various websites.

This is the time to set the record straight about this new tool and what the impacts are.

First I need to clarify some points.

Revocation:

In the AACS system, there is 4 types of revocation:
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation

There is no such thing as "title key revocation" and "volume key revocation"

-------------

Now, here is a list of affirmations I have seen lately.


Affirmation 1: You did not break AACS, just the player

My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.
Not that bad...


Affirmation 2: The BackupHDDVD circumvention tool won't last long

My comment: As long as insecure players will exist, it will last...
And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.
And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!


Affirmation 3: The keys can easily be revoked.

My comment: What keys are you talking about?
As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...


So what is the AACS revocation system good at?
It is good for that scenario:
Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.


Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.

My comment: BackupHDDVD is a proof of concept.

Picture this:
Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.
Or they can send the keydb.cfg file on P2P networks (BitTorrent, E-Mule, etc..)
See the problem now?


Affirmation 5: You can extract keys from software player on personal computer but not on hardware player.

My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)



Conclusion:

The attack I describe in "Affirmation 4", is not here yet, but it's coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.

To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don't know about the manufacturing process of the disk. This solution may not be possible.

The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every "pressing" of a movie.

When they design AACS, they assume people will look for the device keys. I don't care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.

There is 3 important things in cryptography:

1-Private key protection
2-Private key protection
3-Private key protection


Did I break AACS? I don't know. What do you think?

I'm not going to work on this anymore, I'm taking a vacation!

...

Ok, here it is, BackupHDDVD V1.00!

What's new in this version?

- Volume key support
- Partial resume of an interrupted decryption session
- New file format and file name for key database file.

The key database file is now KEYDB.cfg

You can download it here:

///


File name: BackupHDDVDV100.zip
File size: 22,429 bytes
SHA1 hash: 0d938a376133dfaf78ec47e6d41201d553a6bb81


This may be my last post here.

I'm going to have a rest for a while.

Take care everyone and wish me good luck!