Hackers discover HD DVD and Blu-ray "processing key" -- all HD titles now exposed
Those cooky kids over at the Doom9 forums hate themselves some DRM. Not more than two months after discovering a means to extract the HD DVD and Blu-ray Disc "volume keys" to decrypt AACS DRM on individual films, we're now getting word that DRM hacker arnezami has found the "processing key" used to decrypt the DRM on all HD DVD and Blu-ray Disc films. Let's break this down for what it is: instead of needing individual keys for each and every high-definition film -- of which there are many -- the processing key can be used to unlock, decrypt, and backup every HD DVD and Blu-ray Disc film released so far. As arnezami points out, "nothing was actually hacked, cracked or even reverse engineered." All he had to do was keep an eye on his memory, watch what changed, and voila... the processing key appeared. So kick back and watch the trickle of HD titles hitting the torrents quickly turn into a flood (at ~20GB a pop, that's not an exaggeration) when the BackupHDDVD and BackupBluray utilities (or AnyDVD HD) are updated to reflect the new [Thanks, Eric L]
Filed under: HDTV
Reader Comments (Page 1 of 2)
threEchelon @ Feb 13th 2007 7:49AM
Sweet...
Olivier @ Feb 13th 2007 8:04AM
Uh-oh! I think a bunch of execs in Hollywood just soiled their pants.
The cat is out of the bag now! Stop the presses!
If anything, this will make digital download movies more ubiquous.
Let's keep our fingers crossed that Fairplay and Windows DRM will get cracked real soon (for movies)
skm @ Feb 13th 2007 8:04AM
i bet they are happy about that!
ahah
Xavier Gill @ Feb 13th 2007 8:09AM
How long did it take to crack DVD's?
Jonathan Sundy @ Feb 13th 2007 8:21AM
This is awesome haha.... though it took me 2 weeks to download an hd-dvd so I don't really envision this as the end of the retail market for them. (It's nice to learn your computer is or isn't fast enough to decrypt them without dropping the $)
Lets be fair though, DVD John CRACKED dvds, he broke the algorithm used to decrypt them.
Here they have only revealed a flaw in the implementation, they have not cracked AACS. All they did was show how shitty some well paid programmers really are. Funny stuff.
Can this key be revoked or are they totally screwed?
Tim Fischer @ Feb 13th 2007 8:45AM
This development will devastate the movie industry. George Lucas says he doesn't want to make movies anymore..would rather make short films for tv. No one will want to sink millions of dollars making a full length movie if it's stolen.
Think about what the actions of a few will do to the masses. Say goodbye to new full length movies.
So long blu-ray...see you later HD DVD.
Brendor @ Feb 13th 2007 1:43PM
Well if you remember, Jon Johanson was aided in hacking CSS by the fact that US crypto export laws in the 90s prevented exporting encryption higher than 40 bit. CSS was developed with the international market in mind and thus could be brute forced in a much more reasonable amount of time than if it had used 128 bit encryption. I think that's was a flaw in the implementation too.
Landlocked @ Feb 13th 2007 8:28AM
2 weeks to download and $25 for a blank disc...no urgent piracy threat yet...
Kenban @ Feb 13th 2007 8:29AM
Both HD-DVD and Blu-Ray are designed to be able to revoke these keys. Expect new titles released more then 2 months from now to not use this key. The company whose key was found will be forced to issue an upgrade and they will change how the keys are used so that it cannot be found in memory. There is a reason that people were trying to go after individual title keys since there is no way to revoke them.
netposer @ Feb 13th 2007 8:39AM
It amazes me that whomever developed this technology did not see this coming. Why spend so much $$ on this only to know it would take no time to figure out the keys?
andyo @ Feb 13th 2007 8:53AM
"George Lucas says he doesn't want to make movies anymore.."
I say good riddance! Let the true artists make the mainstream movies from now on. You will see once people get accustomed to the higher standards, they will actually pay $10 to see a movie, and gladly buy the disc.
Ignacio @ Feb 13th 2007 8:51AM
"No one will want to sink millions of dollars making a full length movie if it's stolen."
Because millions of dollars guarantee a good movie.
Wait, no.
Kichigai Mentat @ Feb 13th 2007 1:23PM
You know, if a movie is good, I'll buy it. I own a large library of Akira Kurosawa flicks, all of Neon Genesis, a good number of Miyazaki films, a few reels of Steve McQueen, Smith's Jersey saga, the two-hour miniseries of Adama, as told by Moore (not Michael), the story of Mua'Dib and his sand-people, the... squishy misadventures of an Irken Invader by Vasquez, and as soon as I find a copy of it, Whedon's Serenity will join their ranks. But I'm not going to pay $20 for The Phantom Menace. I'll just watch it on cable (not pirating, but I'm still not paying). When a good movie comes out, I'll shell out to buy it. Like A Beautiful Mind, or the Lord of the Rings Extended Edition Trilogy, a perfect example of how to get people to buy DVDs.
Mojo_Yugen @ Feb 13th 2007 12:12PM
"George Lucas says he doesn't want to make movies anymore"
I thought that was the public saying that we don't want him to make anymore movies.
neale @ Feb 13th 2007 11:59AM
they wont be able to pay tom cruise £15,000,000 per movie. shame...
saboola @ Feb 13th 2007 5:32PM
Just like the VCR destroyed the movie industry originally, the audio tape destroyed the music industry, and the photocopier destroyed the print industry.....
netposer @ Feb 13th 2007 8:55AM
Tim Fischer do you work for one of the big studios?
Anyone who wants to can download DVD Decrypter or a multitude of other software to copy DVD's and guess what? Million dollar movies are still being made and actors and studio execs are making millions.
If they are smart they should sell non-DRM'd HD and Blu-Ray DVDS. Most people will still rent them and buy them from Wal-Mart and Target. Now you'll be able to backup/copy (read; use) your DVD's anyway you see fit.
Jason @ Feb 13th 2007 8:55AM
This will not be a disaster. Piracy has been show recently to have a statistically insignificant effect on media sales.
This could give HD-DVD the edge, making it the more attractive option for people. So this could end up giving HD-DVD the "next-gen format war" win, ironically.
This news has me considering going with HD-DVD. Before this, I had no interest at all in the next-gen formats at all.
You can't have encryption if you share the decryption with everyone. As soon as you place your content into the public domain, even for sale you lose almost all expectation of control.
Wonderboy @ Feb 13th 2007 9:14AM
Did you miss that this works for Blu-Ray as well as HD-DVD? Sounds to me like you were already a fanboy of HD-DVD and are now just masquerading as a new convert to the cause to try and convince others. You'll need a smarter arguement for most people though, hopefully.
Jonathan Sundy @ Feb 13th 2007 8:58AM
Ok, so I've been reading the thread and wanted to relay what has really happened here.
Basically what was discovered was what appears to be a universal disk key. I could be completely wrong on the details that follow but the concept should be straight. All of the disks that have been pressed so far used a shared seed (the first on a list apparently) to create the disk keys, resulting in the universal key being possible.
They cannot revoke this key.
But they can change the seed used in future disk creation to prevent this key from decrypting the disks.
The reason this is significant is that you no longer need to find specific keys for disks, you can just use this key... for now.
The key was found in the memory or one of the software hd-dvd players, just like the disk keys were, so really what will probably come to pass is that in about 2 months (or however long it takes to react) new disks will hit the market that this key doesn't work with, at the same time they will force out software updates for the software hd-dvd and blu-ray players that encrypt the keys and keep them out of main memory. At this point in time we'll be at ground zero... well ground 300 (or whatever) since all previously released disks will still be decrypt-able.
There is a great writeup in how he found it if you aren't into technical details.
Great work arnezami.
chrismansley @ Feb 13th 2007 8:59AM
Is it not "kooky" kids instead of "cooky"?
nikster @ Feb 13th 2007 9:02AM
BWAAAAHAHAHAHAHAHHAHAHA... [wipes tears from eyes]
this is soooooooo excellent.
about key revoking - that 'll be part two of this comedy, if they even bother. I imagine a red alarm going off, keys being revoked, people being radioed in, etc.. and when all the dust is settled and new keys are in use, arnezami will watch that same spot in memory again - that will be a whole lot easier this time around - and post it online.
the **AA should listen to Steve Jobs, DRM doesn't work.
netposer @ Feb 13th 2007 9:12AM
Do all HD-DVD and BluRay players have to be connected to the Internet? If not, there's no way they are going to change that Key. What a nightmare it would be if some of your discs worked and some did not. I would imagine retailers would sue the studios if this happened. Why? Because they would have to accept returns on these DVDs and that means you can buy any DVD, copy it, then take it back to the store and say it didn't play on your DVD player.
venk @ Feb 13th 2007 9:35AM
A network port is part of the HD DVD Spec but it is NOT REQUIRED by the Blu Ray Spec. In fact, the only players with network ports are the PS3 and, i think, the high end pioneer player.
Even Sony's own player lacks an RJ45 jack.
kucau.net @ Feb 13th 2007 9:40AM
this happiness wont last long if they protect the key in memory later .
phex @ Feb 13th 2007 9:58AM
I only have a question: how long it's gonna take to release Blue-Ray/HD-DVD Decrypter?
dave @ Feb 13th 2007 10:06AM
the worst part of it all is that the people who buy the movies have to pay a mark-up to pay the DRM coders, even though their expensive, pointless anti-consumer software gets crax0red before the hardware media itself even becomes popular.
...if a new Blu-Ray movie costs $60, let's say, then as much as $10 could probably be shaved off the price if they didn't invest so heavily in DRM systems that restrict consumer rights and fail to stop the real pirates. I say down with DRM.
tim @ Feb 13th 2007 4:20PM
A new Blu-ray movie costs between $20 and $30, with most falling around $24. The cost is negligible. DRM may be bad for a lot of reasons, but it's not really making a difference in the price of movies. They'd charge the same price (or more) without DRM. Large companies aren't in the habit of passing off savings to consumers unless they are forced to. It's not costing them anywhere near retail price to get those discs to market.
myk @ Feb 13th 2007 10:06AM
what it does show is just how pointless DRM is - pirates will always be able to figure out ways around it, consumers will always be disadvantaged (to some extent) by it. The ways companies should be fighting against piracy should be through ease of use/playing/purchase and added value in packaging (like steelbook cases), things that can't be downloaded. IMO it should be about rewarding honest customers more and fighting illegal downloaders less.
Tad @ Feb 13th 2007 10:20AM
phex @ Feb 13th 2007 9:58AM
I only have a question: how long it's gonna take to release Blue-Ray/HD-DVD Decrypter?
They'll be out a few weeks ago. Poke around at doom9.org
Denis @ Feb 13th 2007 7:47PM
Nobuyuki Idei said "No, because Blu-Ray has higher capacity. It won't fit on an HD-DVD"
Size does not matter that much. Once you strip out the movie previews, foreign language tracks, etc... you will be able to get it to fit.
Jeff @ Feb 13th 2007 10:35AM
"Here they have only revealed a flaw in the implementation, they have not cracked AACS."
Makes no difference.
DRM exists to do a particular thing, namely to prevent copying. *How* you stop it from doing that is semantic. The point is AACS is no longer doing its job. AACS itself, as a DRM scheme, was cracked. The code may not have been; the DRM scheme was.
The big failing of DRM in general is that there are so many ways to defeat it, and *none* of them can be rendered moot or impossible if you actually want the media to be playable on the consumer end. *All* of these methods are inherently possible and always will be. This is one possible way of breaking DRM. It probably won't be the only way AACS is cracked, but it's the first. The fact that it was done on the front end rather than the back end doesn't take away anything from the result.
And this key can never be revoked, as some others have suggested. Key revocation is a feature of these new players but it can never really be put into practice, lest a costly and nightmarish consumer backlash develop - something neither the HD-DVD nor BD camp needs right now. A new key can be used for future discs, but these discs will remain cracked forever - and I don't see how a new volume key is going to remain secret for longer than about five seconds either. It's going to be kind of pointless to even bother updating those keys now that people know how to discover them.
pete @ Feb 13th 2007 10:47AM
So can you now download a Blu-ray movie, extract the video, and author a HD-DVD (if you have the equipment and burnable of course)?
Or the other way round?
Nobuyuki Idei @ Feb 13th 2007 1:17PM
No, because Blu-Ray has higher capacity. It won't fit on an HD-DVD.
:-)
Peter @ Feb 13th 2007 10:55AM
Cheers and jeers.
Cheers to the Hacker for breaking the supposedly ultra tough, super secure, key revoking DRM from hell.
Jeers to the industry that built the most hideously consumer unfriendly DRM yet. Forcing all kinds of crap on digital displays HDCP in order to even see the movie. All this inconvenience and hardware incompatibility for what??? For nothing. Once again the pirates aren't slowed at all, it just inconveniences legit users to the extreme.
What next? A retinal scan with internet verification of everyone in the room before the movie will play? When will this madness stop? Eventually you will drive users to piracy just to get some compatibility and ease of use.
Squid @ Sep 1st 2008 2:32AM
------Eventually you will drive users to piracy just to get some compatibility and ease of use.-------
This is true already. I buy my movies, though I'd rather download one again to load on my laptop for when I'm away rather than bring the DVD's or rip them myself. Not quite the point you made, but close.
More to your point, I could buy music from iTunes, but I'll "pirate" (again, I buy my music) the songs so they actually work on my MP3 player, which is not an iPod and doesn't support any sort of DRM...
Also, something I don't think anyone else has said, DRM and key revocation can or will hurt the rental industry too. Imagine renting a Blu-Ray to play on your non-networked player, only to find the disc won't play.
ePants @ Feb 13th 2007 11:40AM
Jonathan Sundy @ Feb 13th 2007 8:58AM:
"At this point in time we'll be at ground zero... well ground 300 (or whatever) since all previously released disks will still be decrypt-able."
Though I agree with most of your arguments, I think the idiom you're looking for is "square one," not "ground zero." Ground zero would imply more of a final ending than merely a digression back to the drawing board. (And to extrapolate from your attempted play on words, we'd be at "square 301" given that we've not lost progess already made.) ;-]
myk @ Feb 13th 2007 10:06AM:
"what it does show is just how pointless DRM is - pirates will always be able to figure out ways around it, consumers will always be disadvantaged (to some extent) by it."
Pointles...to those who break it. Yet, quite useful to those who use it. As has been stated, piracy shows little statistical impact on sales (and therefore, on revenue), which I believe is mostly due to the fact that piracy is, at this point, a little too advanced/time consuming for the average consumer. The vast majority of those who purchase movies legally have no interest in doing anything other than just that- purchasing the movie.
Everyone has a right to go to whatever extreme they deem necessary to protect their property. I know that if I was a movie producer wanting to earn money from a film, I would take whatever measure's necessary to ensure maximum profit. I would acknowledge the pirate community as a necesary and unavoidable margin of loss, yes, but my focus would be on making sure that the average consumer didn't ever consider piracy as an easy alternative to paying full price.
They're never going to stop trying to protect their products. Suggesting that they should shows that you don't understand their side of the business. If all digital media types were unencrypted and unprotected- as easy to duplicate as a VHS tape- that would almost instantly lead to inverting the current ratio of pirates and average consumers, which would definitely impact the bottom line for everyone trying to profit from making and distributing movies.
If you want free movies, then crack them and be the 1337 pirate you love to be, but isn't it a little naive to go around saying, "Hey, I'm a pirate- stop fighting and just leave the bounty on the dock for me so I don't have to put any effort into taking it from you, OK?"
Just my $0.02 on the matter :-]
Mile @ Feb 13th 2007 12:07PM
I think the point is not that most people want to pirate movies, just that they now have many more devices that they wish to use the movies they buy on.
If you purchase a DVD and wish to watch it on your PC or the TV in the bedroom or that laptop or ipod or cell phone, why shouldn't you just be able to do that quickly and easily? Why do you have to watch a lower res version because while the TV or laptop could handle the high res, they don't meet the DRM HW specs so they are toned down.
Why should you have to manually record the movie to watch it on your iPOD or phone - which they are also attempting to prevent you from doing.
The sheer size of the high-def movies themselves is a limiting factor currently for most, but I've seen this with VHS, CDs, DVDs, and now HD DVDs and each time Hollywood fears they will lose money yet each time they realize a sales increase while the black market in other countries continues to stay in business.
Put all the DRM you want to on something - but let me play and watch my digital entertainment on whatever device I wish to with my legally purchased items.
Kentaro yamada @ Feb 14th 2007 6:55AM
Ok, speaking business-wise, downright protecting intellectual rights with an iron fist is not the only way of business-may even be a bad one.
Movie theaters lose money on movie tickets, but use it to get profit out of condiments. Fast food loses money on food but gets their profits from drinks.
Companies need to revisit their approach to marketing their products. If people are not paying cash for the movies, what can entice them to?
Napster was great in that people could instantly sample music that was recent. I was more exposed to different songs and artists, which made me buy complete albums at the end. Nowadays shopping at online media sources has become easier, but with the necessity to commit to a product with limited knowledge, which makes the experience heavy.
Smart business is contrary to having your way with the iron fist- I feel it is better to observe the current conditions and direct its flow to your interests rather than superimposing your fantasy on reality forcefully.
McDougal @ Feb 13th 2007 11:47AM
I noticed this at the bottom of the page:
All contents copyright © 2003-2007, Weblogs, Inc. All rights reserved
If you hate people zealously guarding their IP so, maybe you should consider putting this under a creative commons license?
Crux @ Feb 13th 2007 1:42PM
Word!
Trent @ Feb 13th 2007 11:58AM
I sincerely hope the MPAA / RIAA spent MILLIONS on this DRM crap. Serves them right for punishing consumers and not pirates.
tom_squick @ Feb 13th 2007 12:38PM
Down with DRM
Zach @ Feb 13th 2007 12:46PM
First of all, I don't care what Steve Jobs says about DRM. He is full of shit. Steve Jobs' smelly pirate ass thinks that he can have his cake and eat it too. He is two-faced to say that DRM does not work. Tell me Steve-O, why can I not rip a DVD into my iTunes or front row, but only rip a CD. You want to control my living room but you won't let me use my current paid in full collection of media! Its almost funny how the millions of Apple loving lemmings praise Steve for his outlash against DRM, yet he is the king of DRM.
Now as for the HD-DVD / Blu-Ray dilemma....
It will be cracked? There will be torrents of HD movies till the end of time. Bandwidth will only increase and compression will only get better. People will be able to trade ultra-cheap optical storage devices full of pre-loaded media libraries forever! For $69.00 you can get a 250GB drive. You can store a zillion DVDS or a bunch of HD-DVDs on that sucker and share it with whomever.
Who wants to invest $1000s into an HD media collection when you can load your HTPC with your friends movies in an unlocked format.
In time we will see that just as the mainstream adopted Napster, it will adopt these practices. There is no stopping it.
HEEHEHE HAH HA WHO WHO HAH HA HEHE HOHOHO HAHA!!!
Jonathan Sundy @ Feb 13th 2007 1:19PM
Compression of video isn't getting any better than H.264 for awhile. The computers out now can't handle it, so until quad core machines are the mainstream $500 default, I really don't see another jump in compression technology for hi res video.
Eric Glassman @ Feb 13th 2007 1:47PM
LOL, LMAO, LMMFAO, LAKLAOAKLLAKL. F U, darth vaders of the Gutenberg era.
Evan @ Feb 13th 2007 3:35PM
They should never have allowed software players, because software will always be cracked. It would have been much, much harder to crack if all the processing was done in hardware (either in the drives or on video cards).
mr.gadget @ Feb 13th 2007 3:47PM
It's really unbelievable that companies (content producers) would pay big money on research, licensing, programmers, lawyers, court costs to come up with DRM. They'd also rather lose money on missed opportunities to sell their stuff due to DRM problems (a compatible player is not yet ready, or can't release a movie yet until the cracked DRM is patched up).
Then they pass the cost on to the consumers. Legit consumers who actually buy their DRM'd media would shoulder the cost but don't get fair use rights (backup their own copy should the frail physical media get damaged, or watch the content on another device - as if the consumer bought the physical media rather than the content). Illegit users basically incur the same cost (blank media, burner, software, time and effort) but the money does not go to the content producers. In the end both legit and illegit consumers enjoyed the content, both practically incurred the same cost, and the content companies made the same small amount of money (from the very few legit consumers who bought their stuff).
Imagine if content producers didn't have to spend on DRM. They could sell their stuff cheaply. Let's say they sell a high def movie on a disc for $5. Ordinary consumers would rather buy it legit than illegally download it, buy blank media, buy a media burner, buy media burning software (assuming they already have an up-to-date PC and a fast internet connection), spend hours downloading and burning it, deal with the hassles of slow and/or unssuccessful downloads and unsuccessful burns producing coasters, and still end with the same cost, if not more.
$5 too cheap? We'll if 5 (or more) people buy this movie (because it's cheap), then the movie studios would have gotten the same $25 when they we're selling the DRM'd content that only a few consumers would buy. Economies of scale work in favor for these content producers that they can outdo the bootleg producers. Money goes to the content producers who can pay the artists their fair share and no DRM tangles affecting legit consumers.
I hope the companies would have learned by now that hackers and bootlegs will always exist. Making life difficult to legit consumers by imposing DRM on them is not the solution. In fact, it plays a major role in pushing legit consumers over to the "dark side".
rp @ Feb 13th 2007 4:17PM
@ePants
I don't think that most people who want to buy a movie do it because they have no interest in pirating the movie. Lots of average people can figure out how to copy a DVD movie by going to a place like Doom9 and following the guides there, or else just ask a friend who already knows how. I guarantee that most people who actually buy the movies do it because they want a real collection, like any other collection of items for sale. It's a status thing. If you have racks and racks of DVDs with the shiny covers and nice packaging, it's like check out my awesome collection of DVDs. Now, if you have racks and racks of DVD-Rs marked up with a Sharpee it is considerably less impressive from a capitalistic standpoint.
I definitely agree that people have a right to do whatever they think they have to do to protect their property. Otherwise, car alarms would be illegal. Although a lot of people do want to use the content they buy for their own purposes without having to break the DRM, a lot of other people want to have it for free. That's just a product of human nature. I doubt most people on here can honestly say that they do or would not protect their own property.
@ Zach
I don't really think Jobs is the king of DRM. Apple is implementing a business model that he suggests (and is not lying) is forced upon him by the other companies involved in the process. I don't think Jobs really cares THAT much about DRM, otherwise Apple software would be hard to pirate (and for those of you who don't know ie Windows die-hard, it's not). You can't rip a DVD into iTunes because Apple doesn't own the movie company that made your DVD (then again, if they did, they might implement DRM, but that's neither here nor there for now). So really, your arguments are terribly misguided due to your unabashed hatred for Steve Jobs and Apple.
Zach @ Feb 13th 2007 5:34PM
Actually, broseph, I really like Apple and Jobs. I am just not a blind follower. Why can't I rip a non-copy protected DVD into my iTunes? Why must I use H.264 with the Apple TV? Call it what you want. Call it DRM or call it proprietary features, in the end it is Jobs trying a little too hard to run his show as a closed circuit. Such restricted use does corroborate the non-DRM open source mentality that he is presentaly eminating. Overall, I think that many companies can learn a whole lot from Apple. Their streamlined look and functionality, their simplicity, and their friendship with really cool celebrities has opened many doors for them. (particularly iTunes Music Store).
But I also think that Apple should learn from other companies...particularly Sony. While it was once the King of portable music (ie the Walkman), it now is struggling for market share. I attribute this not to technology but rather to too much proprietary bullshit.