BackupHDDVD, a tool to decrypt AACS protected movies [Archive]

muslix64

27th December 2006, 20:05

The Saga of decrypting an AACS protected movie, by Muslix64.

December 6:

I just bought a HD-DVD drive to plug on my PC, and a HD movie, cool! But when I realized the 2 software
players on windows don't allowed me to play the movie at all, because my video card is not HDCP compliant and because I
have a HD monitor plugged with DVI interface, I started to get mad... This is not what we can call "fair use"! So I
decide to decrypt that movie. I start reading the AACS specification I have found on the net. I estimate it will take
me about 4 weeks of full time job to decrypt that. I was wrong, it was in fact, easy...

BTW, when I disable my HD monitor, I can watch the movie,on my old VGA screen, but, what is the point of having
a HD monitor and not being able to watch a HD movie on it!

December 7 to December 12:

Nothing, I try many things, but I'm going nowhere. I change my technique

December 13:

Now I focus only on title key. I was very surprise to realize that the title key is there, in memory! Can it be
that easy? Around 7PM, I decrypt my first movie "pack". Around 11PM, I have now a totally decrypted movie! But there is
a problem. Frame skipping.

December 14:

After many tests, I found a field in the Nav pack, that fix the frame skipping problem.
Wow! Now I can watch a smooth playback of an HDDVD film that I have decrypted!
After only 8 days of work, I was able to decrypt an HD-DVD movie! What's the problem? There is a major
security problem somewhere.

December 15 and December 16:

I put together a small program called "BackupHDDVD", a java based command line utility to decrypt movies.

December 17:

I made a small video called "AACS is Unbreakable" where you can see the output of the program while decrypting.
You can also see a playback of a decrypted movie.

December 18:

Upload that video on YouTube
http://www.youtube.com/watch?v=_oZGYb92isE

December 20:

Upload the program and source code on RapidShare (V0.99)
http://rapidshare.com/files/8318838/BackupHDDVD.zip.html

December 21:

I want to go further in the decryption, so I decide to track down the "Volume unique key" instead of title key.
I found it also! I'm preparing BackupHDDVD V1.00, that will support volume key and title keys.

December 25:

Merry Christmas!

December 26:

I create a thread on the Doom9 forum about BackupHDDVD. People don't believe it...

strider01

27th December 2006, 21:33

Hi Muslix64... could you please upload this to an alternative download source besides the infamous rapidshare? Unfortunately, I'm not having much luck with it... i just got an invalid download session after waiting 23 mins,,and now it wants me to wait 49 mins...grrrr

bourtzovlakas

27th December 2006, 22:46

Try this one...
http://zavlakas.googlepages.com/BackupHDDVD.zip

CruNcher

28th December 2006, 01:58

muslix64 nice work, but you know as good as me and everyone else (including Hollywood and the Content Industry) here that without a Secured PC Platform it will allways be possible to catch the stuff somewhere. The major error by them was to bring it to the PC in the first place, that way it would have been more likely unbreakable and i don't remember they ever said it's unreakable either.
They wouldn't implement something as the revocation possibility if it was (in certain enviroments), and in terms of encryption their right AES-128 isn't (officialy) broken yet. I just waited for someone to announce this, hehe seems this time it's PowerDVD, last time it was Xings Player :d wonder how fast this will go arround for sure it allready reached Microsoft and Toshiba by now :D

Ah and a late Merry Christmas too everyone and thx for your efforts keeping the Fairuse Balance, god bless ya :)

Adub

28th December 2006, 02:20

I like your journal. And good idea about the Xbox 360 drive.

appleguru

28th December 2006, 04:14

Now just make me a mac version and I'll be happy (actually, it's java.. so I guess I need UDF 2.5 drivers for os x...)

XStylus

28th December 2006, 05:20

Make sure you've taken appropriate measures to protect your identity, muslix64. You've done great work, and I'd hate to see you become another victim in the DRM battle.

IMO though, you should've sat on this fix a bit longer. HD-DVD is still in first gen with little market penetration, so it's not too late for them to tweak the HD-DVD spec. Or worse, the studios could jump ship and go Blu-Ray exclusively. Wait until one of the formats hit a penetration point to where there's no return, then drop the bomb.

But anyway, what's done is done, and I hope this fix stands the test of time. If so, I know what format I'm buying.

Time to tinker with Blu-Ray anyway though, just to make sure the studios don't have anywhere to run. I'd buy you a Blu-Ray drive for the effort if I had the money.

Deihmos

28th December 2006, 06:17

This is interesting. Was it wise to put this video on youyube? How long would it take for a law suit to be filed? I totally agree with XStylus..this could cause many studios to jump ship from HD DVD and sign up for blu ray as it has two layers of protection. Thanks a lot.

djdafreund

28th December 2006, 06:22

Hey thanks SO much muslix64!!!!!! My friend just bought an XBOX HD-DVD drive yesterday when i was over there, and watched some 'Full Metal Jacket' and some 'King Kong'. THe Fullmetal Jacket wasn't so much WOW as it IS an old movie (Albiet a really good one!)
But he had the original dvd to compare, and still see a nice difference in quality either way. The King Kong was much better of course, Kongs hairs blowing in different directions, so sharp in detail.
I was just telling him yesterday while messing around with things, "I betcha someone will crack it and make it possible to copy it pretty soon already." Boy, your fast though!!!!!!!!!

Thankx SOOOO much, as i might be getting one soon myself now after seeing the quality of them, and i get HD-DVD's through work and such. Can't wait for the Jan. 2nd version!!!

Thanks for the hint at the end of the video ;-)

Deihmos

28th December 2006, 06:24

supposedly the decryption keys come off the disk. well actually they are encrypted, but when played the keys are decrypted, the rest is kind of left a mystery by the author. Let's see what happens on January 2nd.

I think he gets the keys from powerDVD. I am sure they will get some heat because of this.

hajj_3

28th December 2006, 06:30

Yes, protect your identity and IP. use proxies, firewalls etc etc.

dont release loads of versions, wait until your next version you release is perfect. the less releases the less likely you will be caught, we dont want you being sued for $10m.

Keep up the great work, i wouldnt have shared the source code just yet as they can change the code in future players and discs to stop this. i would have just created the code and then in 6 months release the code when hd-dvd players are more standard and more titles are out.

I'd delete the link to the sourcecode, ask people to stop sharing it and just release the executable for the time being we want as many hd-dvd's ripped and put out by the scene as possible.

please can you show some screenshots off the directories as your video showed a movie file that was about 4gb, unless its really short like a "making of" then surely a movie would be 10gb+.

this guy has done some serious coding!!! even the documentation is nice:)!

I could see hd-dvd getting hacked to death like the 360 firmware, once the hack has been released into the wild load of others will disect and improve it, this could be the next smartripper:)! hope slysoft anydvd incorporates some of this:)

thanks alot, keep up the FANTASTIC WORK!!!

Devinator

28th December 2006, 06:47

Make sure you've taken appropriate measures to protect your identity, muslix64.

I agree. Not only would the people behind draconian copy protection BS sue you, they would disapeer you if they thought they could get away with it.

hajj_3

28th December 2006, 06:53

I agree. Not only would the people behind draconian copy protection BS sue you, they would disapeer you if they thought they could get away with it.

they could then make a movie about it, maybe something along the lines of "Leon The Professional".

CruNcher

28th December 2006, 07:07

I'd delete the link to the sourcecode, ask people to stop sharing it and just release the executable for the time being we want as many hd-dvd's ripped and put out by the scene as possible.

:eek: :eek: :eek:
that's maybe what you wan't, but definately not the author of this decrypter or anyone else here on doom9.

and about the "protect your id thing" why should he, he did nothing wrong and nothing the industry didn't except to happen.
And everyone involved in AACS knew this would happen, their is no way to protect against such stuff on the PC Platform as we have it today, see all the HD-DVD/Blue-Ray Player and PS3/XboX 360 those are Platforms that can be called Secure but the PC isn't yet but industry is working on it to make it more Secure the first steps are made TPM 1.2 and Vista more will follow in the Future.

hajj_3

28th December 2006, 07:16

:eek: :eek: :eek:
that's maybe what you wan't, but definately not the author of this decrypter or anyone else here on doom9.

and about the "protect your id thing" why should he, he did nothing wrong and nothing the industry didn't except to happen.

i think their lawyers would disagree!!! the industry has accepted it will be cracked, however its still illegal and they will indeed hunt him down.

i dont want this guy to end up in jail for 5yrs, he's done a great job:)

djdafreund

28th December 2006, 07:32

I love it. It IS 100% LEGAL (Read you lawbooks on this!!!) to make a COPY of media you OWN (Reason why he did this, as he said, the media is VERY touchy to scratches.) "An individual is allowed to make 1 copy, per for archive purposes, of the media he owns. You, however, are not allowed to sell the copy, per said, for profit. "

It is the same reason ALL the dvd copy (ALL LEGAL) software, as well as all CD backup software/Music CD backups, Audio rippers to devices ('Because you own the original' in there eye's).

It's irritating to still watch people "Eh-eh-it's against the law!!" when they clearly don't understand the law one bit and THINK by assuming what they hear or there own believe's. I've actually asked the written law with my lawyer and how it's translated by definition in the courts systems. And more or less said the same thing i researched on the internet myself. I would agree to not post the source, so they don't learn so quick their mistake's however, and keep it the execution file/docs only.

Moves to rein in the DMCA have been initiated in the U.S. Congress, where at least two bills have been introduced that grant exemptions for consumers who crack encryption for certain legitimate purposes--for example, to make a backup copy of a legally purchased DVD.

daddy_fizz

28th December 2006, 07:43

Yeah, because it turned out so good for Lightning UK when he didn't release the source code and they came after him for DVD Decrypter...

I would take the advice to play it safe and do what you can to protect yourself, and get that source code spread across the net as far as it will go...

~Fizz

XStylus

28th December 2006, 08:46

Moves to rein in the DMCA have been initiated in the U.S. Congress, where at least two bills have been introduced that grant exemptions for consumers who crack encryption for certain legitimate purposes--for example, to make a backup copy of a legally purchased DVD.

Sure, whatever, that's nice. But until those bills are passed though, breaking a copy protection measure--even for the purpose of asserting a perfectly legal right--is illegal and punishable by prosecution. Thus, heroes the likes of DVDJon and now muslix64 need to make sure their identities are protected. The two **AAs have been churning out lawsuits against good people for a couple years now. It's easy for them to get YouTube or some other site to cough up an IP addy on this guy.

I'm also doubtful those bills you speak of (assuming they are reintroduced when the new congress convenes) will be passed anytime soon. Past history has shown congress to be very friendly to the media industries. For example, it's the US that is holding back Russia's entry into the WTO, and AllOfMP3.com's existence is cited as a primary reason.

OverlordQ

28th December 2006, 08:54

I think he gets the keys from powerDVD. I am sure they will get some heat because of this.

the 'nice' thing about ACSS though is they can revote PowerDVD's current key which will not allow any future media to be decrypted w/o updating PowerDVD :)

XStylus

28th December 2006, 09:17

the 'nice' thing about ACSS though is they can revote PowerDVD's current key which will not allow any future media to be decrypted w/o updating PowerDVD :)

If I understood correctly, the Title Keys were yanked from active memory, which would render revocation of PowerDVD's key moot. The player's key decrypts the encrypted title key which is the key needed to decrypt the video (somebody correct me if I'm wrong here).

Hence, if all you need is a way to yank the Title Keys, What's to prevent the next version of PowerDVD (or any software player, for that matter) from falling to this same tactic? They could also try to deauthorize the old software players and find some way to scramble the title keys in memory on the next versions, but reverse engineering the software itself to find the scrambling method will reveal those keys once again.

However, even if they do decide to go to an extreme and yank software players off the market (at least, for any OS other than the ass-puckered WinVista64), I could easily see someone cracking open a perfectly good HD-DVD player, probing the memory, and just create a list of HD-DVD keys that gets posted to some online website. The only trick is that you'd need to keep REAL QUIET on what players you're modified to pull title keys from.

That obviously would make it difficult for just anybody to make their own keys, so I foresee key distribution as the next big craze. This would relegate disc backups to an as needed sort of thing. You can back up a disc you bought if you really want (if, for example, you want to watch a movie on your laptop but prefer to leave the disc at home), but you'll need to go online and hunt down a key first.

Nocturno

28th December 2006, 09:59

hajj_3

28th December 2006, 10:18

Actually in large parts of Europe it's not illegal to make a copy for home use, but it IS illegal to break copy protections, even on your own bought movies, therefore usage of this tool is illegal imho

EXACTLY. in the u.k the DMCA (digital millenium copyrights act) forbids circumventing copy protections. im pretty sure there is a law for the u.s too. if it dosent have a copy protection on a disc then you can indeed make 1 copy (aslong as you keep both of them and not transfer to a 3rd party).

cant remember what the U.S law is for this as im from the u.k.

i really hope a GUI of the 2nd jan of this tool is made, GUI's for the win:)!

blutach

28th December 2006, 11:50

Let's please focus on the technical and practical aspects of this exciting new program rather than debate legal issues in different jurisdictions.

Thanks folks and thanks to muslix64

Regards

fairyliquidizer

28th December 2006, 11:51

EXACTLY. in the u.k the DMCA (digital millenium copyrights act) forbids circumventing copy protections. im pretty sure there is a law for the u.s too. if it dosent have a copy protection on a disc then you can indeed make 1 copy (aslong as you keep both of them and not transfer to a 3rd party).

cant remember what the U.S law is for this as im from the u.k.

i really hope a GUI of the 2nd jan of this tool is made, GUI's for the win:)!

The US Law is the DCMA. Are we not governed by the Copyright, Designs and Patents Act 1988 in the UK? Is there a newer one that gives DCMA like restrictions. If so what is it?

Just found this looks like you may be wrong in name, right in principle: http://www.out-law.com/page-4168

dukey

28th December 2006, 12:09

should have posted the source from a internet cafe or library or something. Then don't have to worry about getting caught by IP/ISP :) But legal or not it doesn't make much difference because people will do it regardless.

bob0r

28th December 2006, 12:13

bcrabtree

28th December 2006, 12:25

For those who may get this error:
Error: no `server' JVM at `C:\Program Files\Java\jre1.5.0_10\bin\server\jvm.dll'.

do this:
copy
C:\Program Files\Java\jdk1.5.0_10\jre\bin\server
to
C:\Program Files\Java\jre1.5.0_10\bin\

Backup HD-DVD V0.999 Starting
Usage: BackupHDDVD SourceDrive Destination_directory
Example: BackupHDDVD f: e:\movie\somemovie

Download JDK from:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JDK 5.0 Update 10 is what i used (full offline version)

bob0r,

Am I correct to take your posting as confirmation that you've used this tool and that it works?

Can anyone else confirm that they've successfully saved an AACA-protected movie to hard disk and then been able to play it from there?

Bob C

Taktaal

28th December 2006, 12:45

The Java source code is only an implementation of the AACS decoder which in itself is only a wrapper around AES. It looks like the OP found a way to take the title key through out of a HD-DVD player through reverse engineering, but he can't tell us because if the movie studios know which player has a weakness they'll revoke its player key.

It's much better to wait with that until after there's more HDDVD/Bluray releases because then doing a key revocation would
a) Be much less useful because there's already more movies out
b) Create more resentment towards movie studios among the consumers if they can't play a newly bought movie because their player was cracked

chadamir

28th December 2006, 13:15

It's nice to see that every lawyer who ever registered an account on doom9 in the last 4 years is coming out of the woodwork to give advice to this guy.

Cyberace

28th December 2006, 13:59

It looks like the OP found a way to take the title key through out of a HD-DVD player through reverse engineering, but he can't tell us because if the movie studios know which player has a weakness they'll revoke its player keyhmm, but if that player is a software player like PowerDVD, (like version 6.5 which is shown in the YouTube video)- then aren't studios are out of luck as people will always be able to install that exact same 'old' version of the software player on their own computer that is not connected to the internet (and can thus not get revoke updates) and thus use that to grab the keys from the RAM memory when it is playing/decoding the movie?

By the way, did any notice that YouTube video shows the title keys of some movies when he films the contence of his TKDB.cfg file? if those are the real keys, then people with the knowledge and software to scan/dump the active RAM memory should be able to search find one of those specific keys if he/she have one of those exact same movies, and then he/she can use that as a map to find the location where keys of others movies are 'stored' in the memory while the movie is being played/decoded by PowerDVD. As I assume PowerDVD always stores that key in memory the same way in the same version of the software?

AlphaWolf

28th December 2006, 14:03

Sure, whatever, that's nice. But until those bills are passed though, breaking a copy protection measure--even for the purpose of asserting a perfectly legal right--is illegal and punishable by prosecution. Thus, heroes the likes of DVDJon and now muslix64 need to make sure their identities are protected. The two **AAs have been churning out lawsuits against good people for a couple years now. It's easy for them to get YouTube or some other site to cough up an IP addy on this guy.

I'm also doubtful those bills you speak of (assuming they are reintroduced when the new congress convenes) will be passed anytime soon. Past history has shown congress to be very friendly to the media industries. For example, it's the US that is holding back Russia's entry into the WTO, and AllOfMP3.com's existence is cited as a primary reason.

It could happen. Over the years there have been more and more exceptions being added to the DMCA.

FWIW the DMCA is not something that the US congress wanted per se, at least not in the lobbying sense. The reason we have the DMCA is to be in accordance with the WTO and WIPO treaties. In fact when that and the CTEA were challenged by Lessig and his crew, the supreme court cited these treaties as the reason for justifying these laws as being constitutional, because the constitution says that treaties are the law of the land.

The US happened to be the first country to adopt the policies of these treaties in the form of the DMCA and the CTEA. Because of this many people on the internet go around blaming the US for being the reason that their country adopted similar, often more restricting copyright laws (I know many aussies that do this especially.) This isn't the case actually. These countries are enacting these laws as part of these treaties as well. In fact if you look at the tenets of these treaties, they call for far more restrictive policies than what the DMCA calls for.

Whenever you see some trolling site like slashdot or something mention that some country is enacting a new "Super DMCA" it is actually that country falling more in-line with the treaty than the US is.

If you ask me, eventually the DMCA will eventually boil down to this: don't decrypt or talk about decrypting any content unless there is significant fair use for doing so. E.g. backing up a DVD would be allowed, but stealing cable by decrypting the signal without authorization wouldn't be. Which I think would be very fair.

IMO though, you should've sat on this fix a bit longer. HD-DVD is still in first gen with little market penetration, so it's not too late for them to tweak the HD-DVD spec. Or worse, the studios could jump ship and go Blu-Ray exclusively. Wait until one of the formats hit a penetration point to where there's no return, then drop the bomb.

But anyway, what's done is done, and I hope this fix stands the test of time. If so, I know what format I'm buying.

Time to tinker with Blu-Ray anyway though, just to make sure the studios don't have anywhere to run. I'd buy you a Blu-Ray drive for the effort if I had the money.

IIRC doesn't blu-ray also use AACS?

In either case I don't imagine it mattering much. No form of video media will ever have a renewable security system, period. With that said, once it has been decrypted, its all over. Whether it happens now or later, it makes no difference in the end. Maybe a little more effort on the part of the crackers and content providers, if that. The AACS standard is for the most part set in stone already, and as we sit, it's mostly broken.

Mostly as in, we still need to obtain some decrypt keys before we can fully decrypt the video.

hajj_3

28th December 2006, 14:12

also, i hope a non-java version of the 2nd jan version is released. lots of ppl dont want to install java runtimes, if sourcecode for that is released then im sure someone will port it into c++ with a GUI.

=A=RGOS

28th December 2006, 14:31

The licence GPL may be add to this source code and a sourceforge project may be add for future contribution.
The C++ port is intersting but not GUI, the compatibility with linux may be possible for linux player and eventual libdeaacs.

sorry for my little english ...

0xdeadbeef

28th December 2006, 14:47

Some thoughts on this:

1) The player key was not yet compromised as far as I understand. Also the authentification mechanism was not found and recreated. Both should be possible by reverse engineering the software player, but it's not done yet and thus currently HD-DVD can't be called "hacked" yet IMHO.

2) As far as I understand, the player keys can be backlisted this way or the other. There is even a mechanism for this for normal DVDs - where all valid player keys are stored on each DVD. This mechanism was most probably improved for HD-DVD and BlueRay, so I guess as soon as the PowerDVD player key is compromised, it will be backlisted. Maybe even earlier, if a way is found to remote control PowerDVD to provide people with title/volume keys.

Anyway: very interesting topic, especially since this would allow many users to use their notebooks without HDCP to playback HD-DVDs on highres beamers and displays.

DeepBeepMeep

28th December 2006, 14:49

hmm, but if that player is a software player like PowerDVD, (like version 6.5 which is shown in the YouTube video)- then aren't studios are out of luck as people will always be able to install that exact same 'old' version of the software player on their own computer that is not connected to the internet (and can thus not get revoke updates) and thus use that to grab the keys from the RAM memory when it is playing/decoding the movie?

The studio may able to prevent existing titles to play with the compromised Dvd Player even if no upgrade is done through the internet. Indeed each device that participates in the AACS decoding is supposed to keep a revocation list. This revocation is updated whenever a new title is played.

So let's say you play a movie in the future that has blacklisted the software player. From this moment your HD DVD drive will refuse to communicate with the software player even to play old titles.

Now even if you prevent your Hd Drive from updating its revocation list with some form a reset, although old titles may still work, newer titles won't because they will no longer contain a valid device key which is required by the player.

By the way, did any notice that YouTube video shows the title keys of some movies when he films the contence of his TKDB.cfg file? if those are the real keys, then people with the knowledge and software to scan/dump the active RAM memory should be able to search find one of those specific keys if he/she have one of those exact same movies, and then he/she can use that as a map to find the location where keys of others movies are 'stored' in the memory while the movie is being played/decoded by PowerDVD. As I assume PowerDVD always stores that key in memory the same way in the same version of the software?

It seems the code we can see is in the video are only hash values of titles names, the title keys are obviously hidden behind a black box.

colinhunt

28th December 2006, 15:05

ttringle

28th December 2006, 15:16

If this does work, then it's only probably going to end up killing HD-DVD, unless it does also work on Blu-Ray which I doubt because Blu-Ray has an extra level of Copy Protection that HD-DVD does not. If that is the case then the studios will NEVER switch over support to HD-DVD no matter how many people buy discs.

Still I hope that this is true and that it does work for HD-DVD, because whether or not they like it the reason that DVD is as popular as it is has to do with the fact that for the last 5 years we have been able to do what we want with our DVD's. Without the ability to decrypt to HD or on the fly you wouldn't be able to stream video to another room off your HTPC playing a DVD etc, or from your 1st Gen XBOX.

TimT

Dr Cain

28th December 2006, 15:18

I tried this, and it didn't work. The config file has keys for a few titles, but there's no way to tell if the titles are US or European discs. Tomb Raider (US) did not work, got 18GB of crap on my HDD.

You'll still need to extract the key manually from memory in order to decrypt it.

The source code comes with all keys nulled.

EDIT: typed the wrong thing X_x

colinhunt

28th December 2006, 15:21

You'll still need to extract the key manually from memory in order to decrypt it.

The source code doesn't come with all keys nulled.
You mean it comes with all keys nulled? Took another look at the keyfile, and sure enough, the actual keys are all nulls. D'oh.

DeepBeepMeep

28th December 2006, 15:24

I tried this, and it didn't work. The config file has keys for a few titles, but there's no way to tell if the titles are US or European discs. Tomb Raider (US) did not work, got 18GB of crap on my HDD.

It doesn't look like what has been released contains any title key. It seems the title key has been delibarately replaced with "1-00000000000000000000000000000000". I think title keys are supposed to be "copyright information" and the lack of them in the code "may" protect the author since what has been provided so far is only a AACS decoder which still needs the right keys to work. No reverse engineering was necessary to write this code, all the information to write it is available publically.

The real exploit lies in extracting the title key from the memory of the software player. It is quite likely that if we had one title key it shoudn't be hard to get the others as long as the player is not considered as compromised. But unless the author of this program releases the key extractor or that somebody else writes ones knowing now that it is possible, beside greater hope we are almost at the same point as before.

zeroprobe

28th December 2006, 15:32

what it comes down to the "players" key in question is able to decrypt ALL of the hddvds out there today. Future ones can be barred out but for the 150+ out today the keys will work.

Wilbert

28th December 2006, 15:34

The reason we have the DMCA is to be in accordance with the WTO and WIPO treaties.
Yeah right (assuming you are talking about US DMCA). You are turning things around. The reason that we have that stuff in the WTO and WIPO treaties in the first place is because US pushed for it.

It doesn't look like what has been released contains any title key. It seems the title key has been delibarately replaced with "1-00000000000000000000000000000000".
In a \. post about this subject someone claimed that those keys are released into the wild, so you should be able to find them.

Susana

28th December 2006, 15:37

With keys or without keys, :thanks:

Gradius

28th December 2006, 15:38

1st of all, congratulations to muslix64 for this (yeah, kinda same way as xing player was w/ DVDs).

But I totally aggree with 1st XStylus's post, this stuff was too soon to be released to public/masses, the best way was to wait more 2 years to release this, but yeah, what is done, is done.

Keep in mind to clean up all your cache around, even change your ISP, etc, etc, and good luck with your identity. :thanks:

Hollywood and other EVIL guys think, in a digital world, something will be 100% unbreakable, in reality they're as stupid as they can be. They keep themselves busy to find new ways to protect your sh** while forget to provide us GOOD stuff to market (at fair price of course), so good that I'll BUY them, and not just to try to make a mere copy.

But fell sorry for them, after all, they're VERY poor doing just $1 trillion/year. :rolleyes:

Btw, Blu-ray is the next target! ;) :p

PS: About the upgrade stuff, just keep the good old ones working. ;)

BUZZARD1

28th December 2006, 15:49

Good job man. Forget them people telling you that it was a bad idea to release it when you did ect. ect. Some people cant be pleased no matter what. I do hope you protect your identity cuase I would like you to stick around. Keep up the good work bro!

cwm9

28th December 2006, 15:50

I don't think this is going to affect the studios one whit.

Consider who DRM is really aimed at:

In the end, no matter how good the encryption, you can always crack open a TV and wire up an analog to digital converter directly to whatever outputs are driving the pixels on the display. Do it with high enough quality ADCs, and the capture will be nearly perfect. Once you've done that, it's a simple matter of streaming the data to a very fast hard drive array and then re-compressing it. Too much work for the average joe, maybe, but not too much work for a dedicated counterfeiter that intends to make 100,000 units and make a $300K profit. Yes, but what happens when the counterfeiter's player keys are revoked, you say? If you're making $100K+ from each title you counterfeit you throw away the player with the revoked key and buy a new one.

Thus, this exploit really means very little to a determined counterfeiter.

So if the DRM wasn't meant to stop a determined counterfeiter, then who was it meant to stop? Probably the average joe. And if that's the case, this hack probably won't mean much. Why? Think about what the studios really want... They want piracy to go away, obviously. But if you can't have your wish, what's the next best thing? To reduce it, of course.

The goal of this DRM is to make it more difficult for the average joe to copy his friends movies. With DVDs, you can download DVDShrink which "just works" pretty much all the time. That was a disaster for the studios because once someone was shown how to copy a DVD one time, they had no problem doing it over and over.

But there will (probably) never be such a solution with HDDVD because of the way keys are distributed. Sure, you'll be able to download the most current Title Encryption Key database that contains every key known to date, and there will probably be newsgroups dedicated to keeping up with the latest 0-day exploit, but a very large percentage of people who now copy DVDs will not be able to keep up with these tit-for-tat exchanges between the crackers and the publishers. They'll get shown how to copy an HD DVD by someone, and they'll be able to copy any HD DVD that was released prior to that date, but they won't know where to go to update their software with the latest keys or exploits needed to copy title released AFTER that date.

If instead of having one icon that you click on you have to go searching for the latest exploit on Google, that's a win for the studios because ANY added complexity to the process of piracy necessarily excludes those people without the skills to overcome that added complexity gap.

How much of a dent in piracy would it take for the studios to be happy? 5%? 10%? I doubt very much the studio executives ever expected this to make piracy go away forever. I do think they are hoping to see a small decrease in piracy because of it.

Blu-Ray is just as vulnerable to the FET-Driver to ADC hack as HD DVD is, so it wins no points there. Will it make a difference that the "advanced joe" can't copy Blu-Ray? Maybe. Hard to say.

I don't think studios will be jumping ship over this because I imagine they fully expect Blu-Ray to fall to the exact same kind of exploits. Blu-Ray also has a standard encryption scheme, and it's keys will likely be exposed by a bad Blu-Ray implementation as well. What's the point in spending all that money to convert?

Blu-Ray has has the ROM Mark -- but it's a pseudo advantage. If a title is released on Blu-Ray and counterfeiters capture the output via any exploit, they might not be able to release their re-compressed version on Blu-Ray, but nothing prevents them from pressing the exact same re-compression on HD DVD.

So if the watermark can't prevent the distribution of movies, what can it do? It's really only effective for one application... games for the PS3, which only uses with Blu-Ray. Given the PS3s lackluster acceptance, one has to wonder if that means anything anyway, and even if it does, we all know there are hackers out there hard at work trying to find a hardware mod exploit to circumvent that DRM too.

Blu-Ray's one real advantage is BD+ which lets them change the encryption method from AACS to something else.... but what are they going to replace AACS with? As far as I know, there is nothing better than AACS that could be used to replace AACS. It will probably be at least a year before they do have a decent replacement that COULD be deployed via BD+, and I'm not sure what they can come up with that doesn't involve some sort of key that can be revealed by faulty software just like AACS and DVD has.

In summary, no matter what you do as a studio -- release on HD DVD or Blu-Ray -- some professional counterfeiter can hack open a TV, digitize the output, re-compress the movie, and release the title on HD DVD (or dvd, or super-dvd, or whatever.) Because the profit margin is so high, they could afford to trash their revoked player and buy a replacement for every movie if they had to. Every (smart) studio exec knows this; there's no reason for them to bail out just because of this. The "average joe" is probably screwed by either DRM even if this exploit turns out to work. The "advanced joe" will probably still find a way to copy movies. Overall, the best the execs can hope for is a small reduction in "average-joe" piracy which might or might not translate into a small boost in sales, which, over the next decade, might eventually amount to something more than a hill a beans after paying for the development of the DRM.

You know what I really think? I think some of the less knowledgeable suits at the studios wanted a pipe dream, and I think some engineers were more than willing to be paid to work on that pipe dream. If someone waves money in your face and asks you to do the impossible, what's a man to do but take the money and do his best?

BUZZARD1

28th December 2006, 15:55

Logik

28th December 2006, 16:24

very :cool:

0xdeadbeef

28th December 2006, 17:06

Well, worst case scenario would be:

- Compromised software player ist blacklisted immediately, so it won't be possible to extract title/disc keys with it any more as soon as the revocation list entry is activated.

- HD-DVD/BlueRay-Support for XP is generally cancelled. Player software will only run on Vista with fully AACP compatible hw/sw chain.

- Vista's new content protection functionality could make it really hard to read out more title/disc/player keys.

- Since no fast attack on AES is known (as it is for CSS), it will be impossible to decrypt HD-DVDs without valid keys.

One could imagine a way though to circumvent AACP without breaking AES: if the firmware/hardware of the HD drive could be altered to NOT update/use the revocation list, even a blacklisted player could be used as "zombie"-application to read out disc/title keys. Indeed only a few altered drives would have to exist to create a database of keys. Hosting this database would be a legal problem though. Then again, if there are countries which assume hosting of torrent hashs legal, there should be some which consider hosting decryption keys to be ok.

Just my 2 cents though.

TehMark

28th December 2006, 17:14

TYVM!! I love this community!

drbuzz0

28th December 2006, 17:16

Some observations:

1. A lot of people have been saying AACS is the end of backing up your media. They claim this because of all the measures against it and how the devices are updatability and keys are individual per movie. I've heard this all before (many times). Any protection system is only as strong as it's weakest link, if a system uses a crazy-secure rolling-key 512bit encryption algorithm, that does not mean the system is necessarily secure if there is a backdoor method of telling it that you are authorized. Example would be Nagravision, a satellite encryption that was hacked to pieces by figuring out how to fake being authorized. The more complicated a protection system is, the greater the chances that there's a weakness in it somewhere.

2. Having keys which need to be obtained or distributed is not that big a problem. Remember that it only has to be figured out once, whether by sniffing, leaking or even brute force... only needs to be done ONCE and then it's out. The studios can keep changing the key, but there are limits. Again using the satellite comparison, a while back distributing "seed codes" was how the Videocipher was hacked. They never really managed to close that hole until they completely redid the hardware.

3. AACS can be updated, but there are limits. It can only be updated to a certain degree, legacy support has to be maintained and there is a need to keep ontop of things. It's much like software protection. It's damn near impossible to keep a piece of software truely secure. As soon as it gets out the cracks and keygens start popping up left and right. The more popular the software, the faster it happens.

4. The DMCA is something I do not worry about. It's not a law, because it's an *ILLEGAL LAW* That is, it is superseded by the US Constitution and International principals of expression.
Gahndi said something like (to paraphrase) "To break an unjust law is a crime against the government. To follow an unjust law is a crime against justice and the human spirit."

This law is not valid. It is unjust and illegal. It may not have been struckdown (yet). But recall Dred Scott.

My sincere hope is that AACS weaknesses are not confined to underground discussion and groups. I hope that it will eventually end up like CSS and other DVD protection methods. I think at this point there's no point in trying to protect DVD's and crack down on DeCSS/DVD43/DVDDecrypter. The protection has been hacked to pieces. The cats out of the bag. It's something they have to live with and they have decided that they won't make the same mistake with AACS. Looks like maybe they have though :-P

nonphixion

28th December 2006, 17:27

First, great job on this.

Second, i am receving an error when running the app.

C:\hd\backuphddvd
Error occurred during initialization of VM
Unable to load native library: The specified procedure could not be found

java.exe gives the err "The procedure entry point _JVM_GetClassConstantPool@8 could not be located in the dynamic link library jvm.dll

i copied jvm.dll to the dir specified in the earlier post, and i get the first error. Any ideas?

0xdeadbeef

28th December 2006, 17:47

My sincere hope is that AACS weaknesses are not confined to underground discussion and groups. I hope that it will eventually end up like CSS and other DVD protection methods. I think at this point there's no point in trying to protect DVD's and crack down on DeCSS/DVD43/DVDDecrypter. The protection has been hacked to pieces. The cats out of the bag. It's something they have to live with and they have decided that they won't make the same mistake with AACS. Looks like maybe they have though :-P
There are two fundamental differences between CSS and AACS.

Firstly, CSS used a positive list of player keys, which has proven to be an error, as nearly all of the 408 supported player keys were published shortly after the first player key was compromised. AACS uses a negative list - this mechanism could only become useless if hundreds of player keys were compromised, which could only happen in a few years as there only a few players on the market right now. While for hardware players, this is still problematic, this is a nearly perfect solution for software players as they can just blacklist any compromised player and force the users to update their software.

Secondly, the encryption algorithm of CSS was flawed in a number of ways. In contrast to this, AES (used by AACS) is a pretty secure algorithm. In the last few years, several apporaches were discussed how to break a key faster than using a brute force attack. Then again until know, it's unclear if any of the suggested attacks could even be theoretically faster than a brute force attack. Don't get me wrong: as with most (if not any) other encryption scheme, some mathematician could come up with an algorithm tomorrow to break AES in a few iterations. However, this could also take until 2030 or may even never occur.

Deihmos

28th December 2006, 17:51

Did anyone confirm this working? It does not look that way so is this a hoax or is it real?

Sirber

28th December 2006, 17:59

look at page 1, it's for real.

Malow

28th December 2006, 17:59

Did anyone confirm this working? It does not look that way so is this a hoax or is it real?

just wait a few hours, someone in 2,710 user acessing this forum now, should have an xbox hd-dvd drive and some disks... ;)

edo1080

28th December 2006, 18:04

Hi, I posted a topic moths ago about D-Theater backup, and now all is almost done. I'm programming an FPGA and hope to be able to backup on HDD drive all my D-Theater tapes in one or 2 weeks.

I've tested this program and seems working, I obviously have to find a way to find the keys in memory. Maybe a way like to UN-DRM the old WMV-HD discs? In that case also the key was recovered from memory and dumped on an file on HDisk dirve

DVDCake

28th December 2006, 18:20

Howdy all,

The xbox hddvd drive works great on the 360, bought one for my Pop. AMAZING news that the ball is rolling on backing up HDDVDs! I'll pick on up this week to connect to my PC to see what this thing is all about.

To continue the tech discussion, what's known about the file format for HDDVD? Those files we saw on the youtube video, any way to analyze them to find the main feature A/V components?

Maybe I’m jumping the gun here, I feel like a kid with my face pressed up against the window of toy store =]

I’ll post anything I find once I get the xbox drive.

~DC

Deihmos

28th December 2006, 18:25

look at page 1, it's for real.

The person from the first page isn't the author? I meant if anyone else confirmed it working. I read many forums and no one got it to work.

Nic

28th December 2006, 18:35

It's very hard for anyone to actually test the software decrypts a HD-DVD as no decryption keys are available with the software. Someone would need to reverse engineer a key (perhaps from software such as Power DVD 6.5).

However, his story and code appear very plausible and at present there is no reason to believe this is a hoax. If it is a hoax, it is a very good one.

-Nic

monkeycz

28th December 2006, 18:50

wonderful!

Malow

28th December 2006, 19:12

It's very hard for anyone to actually test the software decrypts a HD-DVD as no decryption keys are available with the software.
-Nic

and the keys in the file tkdb.cfg?

EDIT: oops, my mistake. there are no keys, just example of code to identify the hd-dvd i guess..

0xdeadbeef

28th December 2006, 19:19

In the version linked to in this thread, there are only hash values and blank keys. It's however said that there's a version out there with valid keys. Can't confirm though.

ChronoCross

28th December 2006, 19:57

The source code basically shows that you need to manaully enter the keys into a list. You can get them because the DVD software leaves the key resident in memory. So it's not actually breaking the protection it's simply using a legal key to decode the video. AACS will simply change the decryption key and this software won't work once the patch is introduced to the HDDVD player that has this leak.

Efficient program for ripping too bad it's a little over exagerrated in what it actually does.

Krawhitham

28th December 2006, 20:14

The source code basically shows that you need to manaully enter the keys into a list. You can get them because the DVD software leaves the key resident in memory. So it's not actually breaking the protection it's simply using a legal key to decode the video. AACS will simply change the decryption key and this software won't work once the patch is introduced to the HDDVD player that has this leak.

Then the cat & mouse game begins, they release new players that store the key differently and hackers figure out how to get the key from memory each time

SeeMoreDigital

28th December 2006, 20:31

Then the cat & mouse game begins, they release new players that store the key differently and hackers figure out how to get the key from memory each timeWell if the consortium behind the HD-DVD format were dumb enough to allow the manufacture of HD-DVD drives and the creation of software players for use in PC's... what did they expect was going to happen ;)

I bet they wish they had confined the release of HD-DVD to "stand-alone" players only!

Looks like it might be worth getting an external HD-DVD drive (for the Xbox 360) after-all.....

bagel

28th December 2006, 20:40

Dia de los Santos Inocentes ?

I hope not...

Solo

28th December 2006, 21:32

mmm looks promising ....

At least I won't have to replace my expensive 24" LCD screen + non-HDCP GFX to watch future HD-DVD movies.

I have a feeling there is going to be an increase in HD-DVD drive sales soon ;)

Adub

28th December 2006, 21:36

I wonder how DVD Jon will react to this? Do you think he will take it and run? As in, make it better?

So far there is no word on his site, the last post was on december 1st. I can't wait to hear what he says.

Edit: did anyone else notice the black bar in the youtube video when the camera scans over the tkdb.cfg file? It seems the author was being safe, as he doesn't release the keys themselves, so technically he is not doing anything wrong. It is the next step that may be considered illegal.

zeroprobe

28th December 2006, 21:37

Has anyone actually tried doing anything with powerdvd yet?? If I had the drive I would be playing already.

Cant be that hard find if the key is decrypted somewhere.

edo1080

28th December 2006, 21:40

zeroprobe

28th December 2006, 21:42

OverlordQ

28th December 2006, 21:53

28th December 2006, 21:54

So the question is where are the keys.... hmmm... I don't have cyberlink or a hd-dvd drive to search for them but here are a couple of thoughts.

when playing a hd-dvd does cyberlink write a file to its install directory with the sha1 code so that it can identify the disk easily? is that where the original TKDB.cfg came from? How about in the registry? Else it looks like you are gonna need a way to dump the memory and scour through that.

~Sy

swiego

28th December 2006, 22:16

Interesting! I will have to try this to see if the same vulnerability affects WinDVD HD (which comes with my Toshiba HD-DVD laptop).

On the one hand, it would be nice to reduce wear and tear on what I feel is a pretty flimsy notebook drive. On the other hand, I'd hate to see this affect the popularity of a format that I very much enjoy.

Gradius

28th December 2006, 23:15

Yeah, WinDVD is vulnerable too.

Gradius

blutach

28th December 2006, 23:23

@cwm9 - :goodpost:

Hollywood and other EVIL guys think, in a digital world, something will be 100% unbreakable, in reality they're as stupid as they can be. They keep themselves busy to find new ways to protect your sh** while forget to provide us GOOD stuff to market (at fair price of course), so good that I'll BUY them, and not just to try to make a mere copy.You are implying that you don't buy but rather illegally copy digital video. This is against rule 6.

The DMCA is something I do not worry about. It's not a law, because it's an *ILLEGAL LAW* That is, it is superseded by the US Constitution and International principals of expression.
Gahndi said something like (to paraphrase) "To break an unjust law is a crime against the government. To follow an unjust law is a crime against justice and the human spirit."

This law is not valid. It is unjust and illegal. It may not have been struckdown (yet). But recall Dred Scott.Whatever your feelings, the law is passed in the US and is valid. What you are saying amounts to incitement to forum members and guests to break this law. Rule 6 is very pertinent in this regard.

The program which the author is referring to as exposing the key in memory is probably PowerDVD 6.5. I'm trying to locate where in the memory the key is located, anyway if someone could post at least one key, I could be able to tell where PowerDVD will place the keysAnyone posting a key on this forum is in direct violation of rule 6. Please read that rule carefully as well as the announcement at the top of this forum.

I really think this discussion needs to have very careful regard to forum rules and the laws of the various lands. Future posts which do not have such regard will incur strikes.

Regards

Gradius

28th December 2006, 23:34

@cwm9 - :goodpost:

You are implying that you don't buy but rather illegally copy digital video. This is against rule 6.

Not here, THANKS GOD I'm not in US. :devil:

Btw, I'm not implying anything, I let that to other ppl around. :cool:

Gradius

Bathrone

29th December 2006, 00:08

Edited - my words came out the wrong way my apologies.

blutach

29th December 2006, 00:16

Let's stay on topic please bathrone. And might I remind you of rule 4.

Regards

swiego

29th December 2006, 00:22

hirez80

29th December 2006, 00:28

Gotta agree with Bathrone,
plus I read the rules, i do not think he was "NOT nice" and I do think you can respect someone even though you think he is hypocritical or ??

But I know on the other hand, that this site and many others have to have this dubbel standard sort of speak, as it would otherwise directly violate isps, hosting services etc.
So there is a fine line between endorsing someone to do something, and just showing and talking about it.

Even though you guys have tutorials etc. which basically show stuff which is not allowed, as long as you say that i guess its possible?
Anyway, their our "doing their job" so THAT we should respect, but yes, this is a hypocritical world.. too bad..

Nuf said, I like many others am very happy about the progress with the HD DVD backups. My questions is, are they able to block a piece of software from FUTURE dvds just because a few ppl hacked it?? thats like asking everyone to reinstall windows, or word etc. (ok you get the point). even standalone players, say that a Pioneer chip gets compromised, thats it? i cant watch more recent movies after they update the key?? sounds like they are diging their own grave.. ppl will be VERY pissed if this happens...

Bathrone

29th December 2006, 00:55

ChronoCross

29th December 2006, 00:57

Not here, THANKS GOD I'm not in US. :devil:

Btw, I'm not implying anything, I let that to other ppl around. :cool:

Gradius

remember anyone who has a trade agreement with the US (basically anyone who gets legal hollywood movies/TV) has to respect US copyright law. This includes DMCA.

ChronoCross

29th December 2006, 01:00

What I am particularly interested in is how this exploit might be patched. How can volitile memory be completly protected from dumping? Encrypt the decrypt key? But then that has to have another decryption key so the cycle starts again.

TCP. Basically the key would never pass through memory but rather it would be stored in the TCP Chip and all DRM'ed data would have to pass through this. The TCP Platform is supposed to be separate from a OS and would prevent anything the is designed to use TCP from leaking out.

TCP is the ultimate in evil DRM and with all these companies pushing it, any new hardware in the future might have it so there may be no way around it........which is why I joined the EFF and steadfastly oppose the TCP.

TCP is trusted computing platform.

dukey

29th December 2006, 01:05

Someone correct me if I am wrong. But normally you can't read the memory of a program unless it is an area of specifically shared memory. However unless you 'zero' the memory before you exit the program that data will still be left in RAM. In the same way as when you delete files off your hard disk, they are not 'really' deleted, the sectors on the drive are just marked as aviaiable to write over.

If the program zeros the memory it uses for the keys before it exits (like it should really ..) u could probably get around this by just killing the app and forcing it to close before it can do this.

0xdeadbeef

29th December 2006, 01:46

Someone correct me if I am wrong. But normally you can't read the memory of a program unless it is an area of specifically shared memory.

Firstly, a ring0 process can read and write any memory. This includes kernel debuggers of course.
Secondly, every normal process can read and write in another process' memory if it is able to load a dll into that process' memory. Which is usually pretty easy to do.

However unless you 'zero' the memory before you exit the program that data will still be left in RAM. In the same way as when you delete files off your hard disk, they are not 'really' deleted, the sectors on the drive are just marked as aviaiable to write over.

Using a memory dump is a somewhat dumb attempt to find the key. Usually you would use a debugger and set a breakpoint on certain API calls. At some point some call will return the key on the stack or in some registers.

If the program zeros the memory it uses for the keys before it exits (like it should really ..) u could probably get around this by just killing the app and forcing it to close before it can do this.
Anyway, dumping the memory doesn't make much sense. Indeed since the application allocates memory dynamically, the key might land in different locations depending on order of things done before. E.g. if a HD-DVD has more chapters or whatever, more memory is allocated on the heap for internal structures and the key lands at a higher address.

Best guess would be to examine which routines are called after you inserted a disk. The key exchange has to be one of the first operations, so disc insertion should be a good place to start.

zilexa

29th December 2006, 01:59

F A N T A S T I C ! ! !

hey muslix64,
now that you made the playback of HD-DVD almost as easy as a normal DVD movie, this could very well be THE reason for people to upgrade to a HD-DVD player!
(And since Bluray uses AACS as well this could mean the same thing for Bluray).

Since there has not been a bump for HD-DVD and Bluray like there was when DVD was released, it didn't seem very realistic these new HD players would break through.
But now with your work, this could lead to a breakthrough in the near future!
Congratulations man, and thanks!

hechacker1

29th December 2006, 02:53

so who is going to take this program to the next step?

Right now there is nothing illegal about the program because it doesn't provide any keys. It's just a nice proof of concept.

But for decryption to be useful I would think we need some automated way of extracting the key from the dvd. At that point we have a viable method of copying dvd's.

If we are forced to share keys through warez sites or download lists from offshore locations it makes the decryption unreliable and poorly supported (because we all know legitimate places like doom9 won't support the sharing of keys). +, there are so many variations of dvd's, probably each with it's own key.

I guess somebody is going to have to reverse engineer the playback and decryption of the key similar to the way commercial software players do it. Otherwise there will always be a cat and mouse game of updates to circumvent the protection.

Anyways, thank you so much for your program!

Gradius

29th December 2006, 03:00

remember anyone who has a trade agreement with the US (basically anyone who gets legal hollywood movies/TV) has to respect US copyright law. This includes DMCA.

Not here in Mars. :p

The world can live w/o US, never the inverse. :cool:

harycover

29th December 2006, 03:23

Hi muslix64

I know nothing about decrypting but I congratulate you and fully support you : you bought it, you should be able to watch it !

That said, HDmovies are now quite common on newsgroups, allready ripped and ready to watch with a pc, I think that's mainly HD streams ripped

Movies industry should resign and adopt other strategy such as price drop to sell more, if they Imagine That I would pay 25 euros or such per movie giving that I've already paid to watch it at the movie theater then they will wait a (very) long time for my money to come their way.

Cheers all

OverlordQ

29th December 2006, 03:47

Well, the players aren't adhering to AACS spec if the decrypted title key can be snooped from RAM, although that does call into question the ability to have a PC-based player. The spec basically says that the decrypted title key should be discarded if the disc is ejected, power is lost, an AACS boot sequence initiates or the player stops. I would think a memory dump or a freeze of a process to inspect its memory contents would constitute stopping the player!

Anyway, getting the volume id is easy enough but I'm still searching for the right title key from a ram dump of windvd hd. For all I know, WinDVD has gotten it right and the decrypted key just ain't there.

Reading memory would not stop playback unless you freeze the program to get an exact snapshot of it's current ram contents, I'd think pausing the movie within the player to guarantee the important values will not change would be enough so that a sequential scan would reveal what you need to know.

BUZZARD1

29th December 2006, 04:03

This has got me all excited again and it looks like im not the only one. A few more smart people and the problem is history.

Cheers to you all!
:stupid:

OverlordQ

29th December 2006, 04:18

Craigular.B

29th December 2006, 05:07

I don't think it's a problem that he released this crack so early.

If the industry suddenly changed the encryption scheme, they'd have to have a way to be able to update all the players currently on the market with the new encryption (I think?). I'm pretty sure there wouldn't be a way to make the two encryption methods compatible without compromising the new one's security, right? Then again, maybe they'd keep up the age-old tradition of leaving the early adopters without a pot to p*** in, and revamp the discs/players for a new generation.

Please, correct me if I'm wrong. I really don't know much about DRM. But (to me, at least) it seems like two different encryption methods would be too different to make them work.

-Craig

Gradius

29th December 2006, 05:58

BUZZARD1

29th December 2006, 09:56

You can make titles where connection with the Internet is mandatory to be able to playback the s*** on your TV, so the player can send the firmware version to some EVIL Studio Server, if the version is old, the ESS will send a new firmware version using a new crypto engine, simple like that. :readfaq:

It can be done directly from some movie disc too, while you wait for the player to start the playback, it can just put a huge "please wait, you stupid noob", or something, message on your TV, while doing the firmware upgrade, just like that.

Now TCP is so EVIL that people around need to know this thing well to NOT buying a single piece of TCP implement or compliant. :sly:
But is they did that then they would have to make sure every one who buys a HD-DVD player woudl have to have a internet connection, and it would have to say it on the box or walmart would get a trillion returns (this is when it is main stream of course). As far as them adding firmware updates on the disks, I would doubt it very much since there will be a crap load of models made in the next 5 - 10 years and it would be alot of space waested on the disk. Not to mention all the time and effort to make updates for all that firmware. But hey what do I know.

0xdeadbeef

29th December 2006, 10:41

I don't think it's a problem that he released this crack so early.

It's not a crack, not a hack, nor was a weakness of the encryption (AES 128) found. It's just a weakness of the player which delivers the keys esier than it should. This was somewhat expected by the industry and that's what the revocation list is for.

If the industry suddenly changed the encryption scheme, they'd have to have a way to be able to update all the players currently on the market with the new encryption (I think?). I'm pretty sure there wouldn't be a way to make the two encryption methods compatible without compromising the new one's security, right? Then again, maybe they'd keep up the age-old tradition of leaving the early adopters without a pot to p*** in, and revamp the discs/players for a new generation.

The encryption scheme doesn't need to be changed since it was not compromised. If we have really bad luck, PowerDVD will be blacklisted by entering a newly released HD-DVD in the drive in the next 1-3 months. If then nobody is able to read the keys from another player, we're were we started at.

Please, correct me if I'm wrong. I really don't know much about DRM. But (to me, at least) it seems like two different encryption methods would be too different to make them work.
-Craig
HD-DVD doesn't allow changing the encryption algorithm. BlueRay however does. But then again, it's unlikely that AES 128 gets hacked in the next years.

zeroprobe

29th December 2006, 11:43

and still no one has sucessfully done this.

cmon guys someone out there get a good memory dumper and post the results so we can have a look for yas.

Susana

29th December 2006, 11:56

and still no one has sucessfully done this.

cmon guys someone out there get a good memory dumper and post the results so we can have a look for yas.

Yeah, memoryman have had success:

http://www.memoryman.com/images/moviesm.jpg

;)

yodoso

29th December 2006, 12:43

LOL, this happens right after our guy leaves for vacation. Who cares if one change to the encryption can render this program useless, we have our first real progress in the world of HD. Now if these files are fully decrypted, and since the files are mpeg-2(are the first hddvd's still mpeg-2, or did they switch yet), we may only need to make a slight change if any to our favorite mpeg-2 decoder to actually make backup copies of our favorite movies. Thanks alot, Muslix64 you're not the only one with a monitor/vid card that doesn't support hdcp, your work is greatly appreciated.

This is gonna start a chain reaction of software development, just think of dess when it first came out. Actually forget that, before dess we'd started up a small program before launching our favorite dvd player(lol I think it was windvd back then too), and that program would actually frame grab from windvd. The software was buggy as hell, and the quality was terrible. LOL, I'd love to see an old doom9 guide using this method.

(btw, a couple of months ago, someone discovered that all you have to do is push the print screen in an old version of an hddvd program, and the frame was not encrypted. You could actually paste it into paint or any other program one wanted. Looks like the dvd, and the hddvd scene are progressing in the same way)

Next dess came out, and you guys know that program started the chain reaction of the dvd scene. I don't know the status of guy wrote the program, but hopefully the authorities gave him a break. But lets see someone rip a dvd of today with the software of yesterday. Thats right, it won't work. Like I said this program will start the domino effect

johner23

29th December 2006, 12:47

See above:

http://forum.videohelp.com/viewtopic.php?t=317738

http://forum.videohelp.com/viewtopic.php?t=317715

http://podcasts.engadget.com/2006/04/25/engadget-podcast-076-04-25-06/

http://www.engadget.com/2006/12/27/aacs-drm-cracked-by-backuphddvd-tool/

PS: now, people around the world can test and find / cause some weak point in that protection system. :)

Or, for those who has some proper knowledge, can create some similar tools that can be more succesful about that task.

And, of course, the industry will strike again very fast, I guess !! Be prepared !! LOL

Thanks.

xerces8

29th December 2006, 15:30

Hi Muslix64... could you please upload this to an alternative download source besides the infamous rapidshare?

I don't know how strict the moderators are , so I'll say just this: the MD4 hash of the file is 4860e9248663d52dc47bfc98d61ec6d7

(and I don't see any problems with this, since a few posts above a direct HTTP link to the file was posted; mods, please be consistent )

Regards,
xerces8

Wookie Groomer

29th December 2006, 15:40

ttringle

29th December 2006, 15:49

Next dess came out, and you guys know that program started the chain reaction of the dvd scene. I don't know the status of guy wrote the program, but hopefully the authorities gave him a break. But lets see someone rip a dvd of today with the software of yesterday. Thats right, it won't work. Like I said this program will start the domino effect

You don't know the status of the guy who wrote DeCSS?

He's probably one of the most well known hackers due to his cracking the dvd protection scheme and distributing the code around to the point it appeared on T-Shirts. Not sure how you could know about this website yet not know who DVD Jon is.

http://www.theregister.co.uk/2003/01/07/dvd_jon_is_free_official/

TimT

dchard

29th December 2006, 15:54

This has to be a hoax...

Should be, but noone can proved that yet.

Otherway: the guy should be right: the decrypted title-key where else could be, but in the RAM?

What all we need is a programmer with a HD-DVD drive and at least one encrpypted HD-DVD disk, to find out, that the Title-key is stored in the ram during playback.

Dchard

Atamido

29th December 2006, 16:23

This has to be a hoax since it appears not a single person in the entire world except the original poster is claiming this works or can confirm anything.
The reason people are excited is that his story is completely plausible. It has happened numerous other times that a program left the decryption key in open RAM to be used. And several people have looked at his program and determined that it is certainly a plausible set of code.

There are two reasons that people that have duplicated this wouldn't want to admit to it.
1. They don't want the legal trouble when their identities are discovered.
2. They hope to gain financially from this exploit (through the sale of pirate discs).

Honestly through, I suspect that there just aren't enough people out there with an HD-DVD drive to be able to work on this. Remember that some of the most able hackers don't have significant financial status.

Atamido

29th December 2006, 16:40

The program which the author is referring to as exposing the key in memory is probably PowerDVD 6.5. I'm trying to locate where in the memory the key is located, anyway if someone could post at least one key, I could be able to tell where PowerDVD will place the keys
Actually, you don't need to know where the key is, you can just test every byte sequence in PowerDVD's RAM. It would take a while, but not as long as you think. The secret is that you must know some byte sequence that occurs in the decrypted output to see if you have the correct key.

Lets say you know that somewhere in the first 1MB, this sequence is likely to occur: "0x2e513a5f2b9f3c5980". I assume you would pick some byte sequence from the HD-DVD specs or H.264/MPEG-2 specs.

1. Take 128bits at offset 0x0.
2. Take first 1MB of data from HD-DVD.
3. Feed both into decryption program.
4. Test output for test sequence.
5. If not found, start at step 1 and increment offset.

If a memory dump for PowerDVD is 50MB, and you want to test every 128-bit byte sequence, that means you will need to test a maximum of around 51 million offsets (the key is likely in the earlier section of RAM). This sounds like a lot, except for a few things:

1. The memory dump, 1MB of data, and output are all small enough to fit in RAM, so total speed will be limited by CPU+RAM.
2. Decryption of AES-128 is pretty fast (or else you couldn't decrypt the disc fast enough for real time playback).
3. The key is likely to be early in the RAM dump, before cached decrypted/unencoded output.

0xdeadbeef

29th December 2006, 18:13

Besides the fact that the key is unlikely to begin at unaligned addresses, I still would say that it's much more promising to set breakpoint on calls to DeviceIoControl. If the key challenge/response algorithm is similar to that of CSS, this functions should be called for the authentification process.
Indeed, I guess any call of DeviceIOControl which returns a 16 byte buffer is pretty likely to return a disc/title key.
So tracking the calls ot DeviceIOControl should also be a good start to retrieve the player key.

BTW: a quick look into the Win32 API shows that DeviceIOControl accepts 8 parameters.

BOOL DeviceIoControl(

HANDLE hDevice, // handle to device of interest
DWORD dwIoControlCode, // control code of operation to perform
LPVOID lpInBuffer, // pointer to buffer to supply input data
DWORD nInBufferSize, // size of input buffer
LPVOID lpOutBuffer, // pointer to buffer to receive output data
DWORD nOutBufferSize, // size of output buffer
LPDWORD lpBytesReturned, // pointer to variable to receive output byte count
LPOVERLAPPED lpOverlapped // pointer to overlapped structure for asynchronous operation
);

As the first parameter is the last to be pushed on the stack, the size of the output buffer is the 6th parameter or the 6th PUSH operation "above" the function call in the ASM listing.
Well, I have neither the ressources nor the time to do it myself - and admittedly I don't really want to get into trouble. But I would guess this appoach is pretty likely a good beginning.

Gradius

29th December 2006, 18:19

This has to be a hoax since it appears not a single person in the entire world except the original poster is claiming this works or can confirm anything. Let's see some proof. A fancy edited You Tube Video is worthless without at least one key to test for ourselves.

Keep in mind, really FEW people around have a HD-DVD on your PC or Mac, I would say not even 1%, including myself.

calinb

29th December 2006, 19:27

Now if these files are fully decrypted, and since the files are mpeg-2(are the first hddvd's still mpeg-2, or did they switch yet),Aren't most HD DVD titles shipping in VC-1? I don't know if they're good ol' WMV9/WMVA or if they're using the new WMV9 Advanced profile.

http://en.wikipedia.org/wiki/VC-1

dchard

29th December 2006, 19:36

Keep in mind, really FEW people around have a HD-DVD...

Thats the point: many people here are able to test the software, but they don't have the appropirate hardware to do it.

And ofcourse: the author also should give us some detailed information about how and where to find the Title-Key in RAm or whereever it is, or which debugger did he(?) use, etc.

Dchard

Zag

29th December 2006, 19:45

Thats the point: many people here are able to test the software, but they don't have the appropirate hardware to do it.

And ofcourse: the author also should give us some detailed information about how and where to find the Title-Key in RAm or whereever it is, or which debugger did he(?) use, etc.

Dchard

He is trying to stay on the legal side of things. If he gave instructions on how to obtain the title key he would be on the wrong side of the DMCA.

Atamido

29th December 2006, 20:03

Besides the fact that the key is unlikely to begin at unaligned addresses, I still would say that it's much more promising to set breakpoint on calls to DeviceIoControl.That is true. I was simply pointing out a method to do an exhaustive search of all allocated RAM, and that it could be done in a reasonable amount of time. He said he wanted to know the address, and I showed him how he could find it. Though, if one has reasonable experience with a debugger, and it isn't well hidden, that would be much faster to use that.

easy2Bcheesy

29th December 2006, 20:07

In summary, no matter what you do as a studio -- release on HD DVD or Blu-Ray -- some professional counterfeiter can hack open a TV, digitize the output, re-compress the movie, and release the title on HD DVD (or dvd, or super-dvd, or whatever.) Because the profit margin is so high, they could afford to trash their revoked player and buy a replacement for every movie if they had to. Every (smart) studio exec knows this; there's no reason for them to bail out just because of this. The "average joe" is probably screwed by either DRM even if this exploit turns out to work. The "advanced joe" will probably still find a way to copy movies. Overall, the best the execs can hope for is a small reduction in "average-joe" piracy which might or might not translate into a small boost in sales, which, over the next decade, might eventually amount to something more than a hill a beans after paying for the development of the DRM.

The more obvious solution would be to purchase an HDCP stripper, a Blackmagic Intensity and simply capture digitally into an enormous AVI file, then compress that. The only limitation would be the 4:2:2 colourspace, but at 1080p, believe me, you don't really notice.

0xdeadbeef

29th December 2006, 20:13

That is true. I was simply pointing out a method to do an exhaustive search of all allocated RAM, and that it could be done in a reasonable amount of time. He said he wanted to know the address, and I showed him how he could find it. Though, if one has reasonable experience with a debugger, and it isn't well hidden, that would be much faster to use that.

This would only be faster if you already had all the tools. Writing the tool to do this "brute force" approach would most probably cost much more time than debugging directly. Also unpredictable things like inverse byte order etc. could make the approach fail although the key is in there. Last but not least, it's not sure that the offset of the key inside the RAM dump will be the same for any disk. Tough this depends on the implementation, it could as well be that the key is at a different location each time depending on the HD-DVD structure or other things.
Last but not least, for the next step (extraction of the player key, recreation of the authentication algorithm) identifying the calls which return the disc/title keys is an important landmark.

calinb

29th December 2006, 20:17

He is trying to stay on the legal side of things. If he gave instructions on how to obtain the title key he would be on the wrong side of the DMCA.
I agree. This forum is certainly not a good place for getting anywhere near DMCA violations, so everyone must talk very generally.

Personally, I'm boycotting these anti-consumer technologies so I have no interest or means to test any of the methods, suggestions, or theories described in this forum that might be used to view or obtain decrypted keys from an HD DVD. That said, it seems to me that an HD DVD key changes each time a new DVD is inserted in the drive and it's pretty easy to focus on what's changed in a memory dump.

0xdeadbeef

29th December 2006, 20:47

That said, it seems to me that an HD DVD key changes each time a new DVD is inserted in the drive and it's pretty easy to focus on what's changed in a memory dump.
It has to be expected that a lot of things in the memory change when you exchange the disc. E.g. it would be sensible of a player to cache information about the disc structure etc.
Furthermore, though I don't know too much about the AACS decryptin process, it might be that the title key is only extracted when a new title is played. It's obvious that lots of things are cached in the memory for that and this will be completely different for another disc.

neviens

29th December 2006, 22:58

Some hints for reversers with HD-DVD players (I haven't).
Easiest way to find the key is look for for code and not data.
AES code is easy to find in executable or memory because
code is standartized.
Then attach the debugger, and put the breakpoint on key
expansion routine input. When decryption of title begins,
routine will be called, and program breaks in debugger.
Pointer to key will be on the stack or in register. Then Ctrl-C,
Ctrl-V or write down it.
Well I oversimplified the process, in real life there may be problems
with antidebugging, code obfuscation, etc, but it's possible to
overcome these too.
Next step is write patch for keys collecting code, or inject such
a code in working process.

Atamido

29th December 2006, 23:17

This would only be faster if you already had all the tools. Writing the tool to do this "brute force" approach would most probably cost much more time than debugging directly.
It all depends where your experience lays. The method I mentioned is pretty trivial, even for a programmer with limited experience. As I said, if you already are experienced debugger that would be much faster. If you've never used debugging software in your life, but you know how to program...

0xdeadbeef

29th December 2006, 23:47

It all depends where your experience lays. The method I mentioned is pretty trivial, even for a programmer with limited experience. As I said, if you already are experienced debugger that would be much faster. If you've never used debugging software in your life, but you know how to program...
My experience of programming versus ASM debugging is about 10000:1 in favor of programming. Still I would use the debugger approach for the named reasons. Also the suggestions posted by neviens is interesting. If one of the common AES tables could be located, this would be a good start as well. Still I think looking closely at the calls of DeviceIOControl would be the approach with the least effort.
The basic conditions for your suggestions assume to many things that first need to be worked out. The time alone to get the crypted and decrypted data and the memory dump would probably suffice to find the key with the debugger. Then you have to code the tool (which indeed should not be too much work). However if this approach fails (and it sure will) the first time you run it, there are too many factors which could be the reason for this: the input data or the expected output could be wrong, the tool could be buggy or it could be something you didn't consider like the byte order or storing the key as a string or whatever. It not even sure when exactly a title key will be visible in RAM and for how long.

hajj_3

30th December 2006, 00:19

the creator of this hasn't replied in about 3days, wonder if he's been arrested lol.

hope he replies soon and answers all these questions and hopefully creates a nice new shiny version that finds the key's automatically, even if the program takes 2hrs to find it that would be cool.

if cracking hd-dvd is this easy (well i say easy) why on earth was hd-dvd and blue-ray delayed for so long, why didnt they just hire stephen hawking and dvd-jon to create an unbreakable algorithm.

if a new version can auto find the key for the hd-dvd drive and the disc itself instantly or pretty quickly i will prob have to purchase a 360 hd-dvd drive. £130 aint too bad. £117 with 10% discount codes.

blutach

30th December 2006, 00:24

I don't know how strict the moderators are , so I'll say just this: the MD4 hash of the file is 4860e9248663d52dc47bfc98d61ec6d7

(and I don't see any problems with this, since a few posts above a direct HTTP link to the file was posted; mods, please be consistent )

Regards,
xerces8Posting an MD5 hash of a program is OK. Posting keys is not OK.

Nor is there need to somehow challenge the mod team to be consistent.

why didnt they just hire stephen hawking and dvd-jon to create an unbreakable algorithm.Does such a thing exist?

Regards

0xdeadbeef

30th December 2006, 00:39

And again (though it becomes boring): the crypting algorithm (AES128) is in no way broken and thus HD-DVD is not "cracked".
I would be happy if these statements were true, but at the moment, they aren't and there's no hint they will be soon.

hajj_3

30th December 2006, 00:39

Does such a thing exist?

Regards

Yes it does, the SSL256bit encryption hasnt been cracked, its approx 402 numbers long, its 2 prime numbers multiplied together. there is a $1m prize for anyone who can crack it.

zeroprobe

30th December 2006, 02:00

ahh well new years nearly here so we shall see sooner or later.

xerces8

30th December 2006, 02:34

Posting an MD5 hash of a program is OK. Posting keys is not OK.

Eh, the hash is not MD5 but MD4. A hash code used in a popular P2P network. Knowing it is as knowing an URL, only better, since it can not break due to a closing of a single server.

PS: For easy use, the size of the file must also be known, it is 17964 bytes

Alxemi

30th December 2006, 04:23

Well, i also hope this is not a hoax, but like other guy said, 12-28 is santos inocentes day, (fools day in spain) let´s hope it´s just a coincidence....

Anyway, if this is a hoax, the crack will come. We all now it, and the industry should know it.

plonk420

30th December 2006, 05:42

it would be badass if the key used was a standalone player's key ;)

dukey

30th December 2006, 05:51

Just some thoughts ..

I'm pretty sure brute forcing the memory is a viable solution. Probably could brute force 4gig of ram in under an hour on a fast machine. 1gig of ram in 15 mins .. etc

You could probably even speed up the process and see when the program allocates x amount of memory. Where x is the number of bytes a key will take up in memory. That might be a give away :p

zacox

30th December 2006, 07:04

It's easy for them to get YouTube or some other site to cough up an IP addy on this guy.

You honestly believe a person who has the skill necessary to write this software doesn't know how to cover his tracks?

After seeing what charges DVDJon faced (though he was eventually found not guilty), I'm fairly certain he used several layers of proxy servers and anonymizers to post here, on YouTube, and anywhere else. Hell, he probably routed his IP traffic around the world twice before hitting a destination. Good luck with that, MPAA.

It sort of underscores the beauty of collaboration and desire to be free of limitations and boundaries only made available through a worldwide network of minds. It's a game. Any 1000 software engineers can build an encryption scheme for DRM, and any million hackers can find a way to break it quicker than those 1000 engineers ever imagined. Sort of like a prison in that the guards work 8 hour shifts trying to keep drugs, gangs and weapons out, while the inmates have 24/7/365 to figure out how to get them in. Who do you think wins the war?

The only way this guy will ever be found out is if he gets drunk and starts bragging to his college buddies that he is the new DVDJon.

Unless of course, he is looking for the DMCA fight, in which case, more power to him.

JarrettH

30th December 2006, 08:27

you're on reuters...

http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyID=2006-12-29T104641Z_01_N28191949_RTRUKOC_0_US-DVDS-HACKER.xml

a "hacker" lol :p

daft009

30th December 2006, 08:45

wow! impressive stuff!

OverlordQ

30th December 2006, 10:22

Yes it does, the SSL256bit encryption hasnt been cracked, its approx 402 numbers long, its 2 prime numbers multiplied together. there is a $1m prize for anyone who can crack it.

No, that doesn't mean that it's unbreakable as you claim. The only unbreakable encryption is a properly setup one time pad.

XStylus

30th December 2006, 11:33

He is trying to stay on the legal side of things. If he gave instructions on how to obtain the title key he would be on the wrong side of the DMCA.

He's still not quite on the legal side of things simply because of his YouTube video. It's proof that he used his tool to violate the DMCA. I don't know if that's a civil infraction or a criminal infraction, but it's a risk to him nonetheless, thus why I suggested earlier that he take steps to protect his identity unless he's willing to do what 2600 lost the will to do back when they published DeCSS--that being taking it all the way to the Supremes. Although with the current corrupted political climate, I don't hold much hope there, to be honest.

Perhaps it's all just paranoia, but considering the extreme public importance of what muslix64 is doing against the unconscionable viciousness of the **AAs, it's justified.

cc979

30th December 2006, 11:50

He's still not quite on the legal side of things simply because of his YouTube video. It's proof that he used his tool to violate the DMCA. I don't know if that's a civil infraction or a criminal infraction, but it's a risk to him nonetheless, thus why I suggested earlier that he take steps to protect his identity unless he's willing to do what 2600 lost the will to do back when they published DeCSS--that being taking it all the way to the Supremes. Although with the current corrupted political climate, I don't hold much hope there, to be honest.

Perhaps it's all just paranoia, but considering the extreme public importance of what muslix64 is doing against the unconscionable viciousness of the **AAs, it's justified.

spooky stuff, law is not my field but posting the title-keys in the youtube film is asking for trouble

KillaByte

30th December 2006, 12:05

spooky stuff, law is not my field but posting the title-keys in the youtube film is asking for troubleHe didn't. What is seen in the film are only hashes - the title keys are well hidden behind a black bar ;)

neviens

30th December 2006, 13:38

My experience of programming versus ASM debugging is about 10000:1 in favor of programming.
...

It's easy to guess from your nickname too (;
Those with 1:10000 ratio usually select something like
0DEADBEEFh for nick (:

...
Still I think looking closely at the calls of DeviceIOControl would be the approach with the least effort.
...

You are complicating things. DeviceIoControl is for communication
with kernel mode drivers, and it's a bad practice to put computation
intensive code (ie. crypto functions) into driver.

Better pay attention to CLDShowX.dll library, it's the only file
with all necessary crypto functions (Rijndael aka AES, SHA1,
ECC) into.

Cyberace

30th December 2006, 13:43

since the files are mpeg-2 (are the first hddvd's still mpeg-2, or did they switch yet), we may only need to make a slight change if any to our favorite mpeg-2 decoder to actually make backup copies of our favorite moviesI read that all HD DVD movies released so far uses the 'newer' MPEG-4 AVC (H.264) codec, (it is Blu-Ray that still uses MPEG-2 for it's retail movies, but I guess they going to switch to H.264 soon enough as well). My favorite H.264 encoder is x264, and my favorite H.264 decoder is FFmpeg (FFmpeg's libavcodec/libavformat also contains a H.264 encoder based on x264), they are my favorites because the are open source (GPL/LGPL). Nero Digital by Nero/Ateme probebely has the best commercial H.264 encoder for home-usage, and CoreAVC by CoreCodec is probebly the best commercial H.264 decoder for home-usage, however those are closed source and cost money.

http://en.wikipedia.org/wiki/HD_DVD
http://en.wikipedia.org/wiki/Blu-Ray
http://en.wikipedia.org/wiki/H.264/MPEG-4_AVC

0xdeadbeef

30th December 2006, 14:02

It's easy to guess from your nickname too (;
Those with 1:10000 ratio usually select something like
0DEADBEEFh for nick (:

A good observation on this ;)
Then again, the C notation adds the "0x" pun, so this was a reason as well. On a second thought, I spent hundreds if not thousands of hours debugging on several processors, so the 1:10000 ratio was maybe a little exaggerated :)

You are complicating things. DeviceIoControl is for communication
with kernel mode drivers, and it's a bad practice to put computation
intensive code (ie. crypto functions) into driver.

When looking at the source code of DVD authentication functions, they use DeviceIOControl to send/retrieve keys from the DVD drive, which is not surprising as this is the only way to do it. Should be the same for HD-DVD and if you determine the handle by watching calls to CreateFile, you can break only on calls which are sent to the HD drive.
Then again this has nothing to do with the encryption and thus is neither compitation intensive nor bad practice.

Better pay attention to CLDShowX.dll library, it's the only file
with all necessary crypto functions (Rijndael aka AES, SHA1,
ECC) into.
That's a very interesting observation of course. If one could identify the function entries of the AES128 decryption in there and set a breakpoint to it, this would deliver the title key immediately. Then again, I neither have the hardware nor the software nor the wish to be the aim of some lawyers, so let's just see what other people make of this.

v_spec

30th December 2006, 14:21

The guy is famous! He's all over the news.

hartiberlin

30th December 2006, 14:48

The encryption scheme doesn't need to be changed since it was not compromised. If we have really bad luck, PowerDVD will be blacklisted by entering a newly released HD-DVD in the drive in the next 1-3 months. If then nobody is able to read the keys from another player, we're were we started at.
.

What a crap,
just keep the PowerDVD Version you have now
and uninstall a newer Version.
Or install Windows XP again and then install
the old PowerDVD Version again...

This way you always have access to the old
Version.

Also, if a movie is decrypted it can be recoded
into WMVHD or MPEG-4 H.264 or XVID-HD or DIVX-HD
or Nero-HD and stored onto a normal
DVD-R as a backup.

I guess this hack will boost HDDVD very much now in
the future !
I might myself buy now a XBOX HD-DVD rom drive
and rent some HD-DVD movies, if I can make backups.

Also if HD-movies would come out at the same
day as they are released in the movie theater and are
not sold much higher than a movie ticket, I also would
just buy them !

All this DRM crap is stupid.

It just doesn´t make sense...
I will not go to a movie theater to see a movie
and be annoyed by the big guy in front of me,
who has an Afro look hair and makes noise
with his popcorn bag...
I just want to have the movie at home myself...
I just collect movies and I don´t sell them...

If the movie studies would be smarter, they would just drop
the DRM and make the media available at prices, everone
can afford to buy and release it at the same day,
they are also released at the movie theaters
or make them available to download the same day for
the same fee what a movie ticket costs...

Then they would make much more money...

Now we have to rent the movies, copy them
and recode them to DVD-R, which is very time
and work consuming...

I would love to pay 5 to 10 Euros for a HD movie
to download online, if it would be much easier and
would be availabe on the first day, the new
movie is released into the movie theaters..

blutach

30th December 2006, 15:04

I guess this hack will boost HDDVD very much now in
the future !
I might myself buy now a XBOX HD-DVD rom drive
and rent some HD-DVD movies, if I can make backups.

Also if HD-movies would come out at the same
day as they are released in the movie theater and are
not sold much higher than a movie ticket, I also would
just buy them !

All this DRM crap is stupid.

It just doesn´t make sense...
I will not go to a movie theater to see a movie
and be annoyed by the big guy in front of me,
who has an Afro look hair and makes noise
with his popcorn bag...
I just want to have the movie at home myself...
I just collect movies and I don´t sell them...

Now we have to rent the movies, copy them
and recode them to DVD-R, which is very time
and work consuming...

I would love to pay 5 to 10 Euros for a HD movie
to download online, if it would be much easier and
would be availabe on the first day, the new
movie is released into the movie theaters..Such a blatant post about how you copy material you do not own is clearly against the spirit and intention of rule 6. I have warned users about this previously in this very sensitive thread.

Strike issued.

As well, I fail to see what a person's hair has to do with it. Please be more polite on this forum.

Regards

hartiberlin

30th December 2006, 15:16

Sorry,
no disrespect to someone´s hair style...
but if you go a movie theater, pay around 8 to 12 Euros
Entrance and get a seat, where somebody in front of you is
very tall and has a hair style, that affects your sighting of the
screen display and some people in your
neighboorhood crackle with their popcorn bags all
the time, so you don´t understand the audio at all...

then I would like to stay at home and better watch
the movie on my 32 inch TFT flatscreen and
can lay in my bed and have a drink with it
during watching it and pause, if I have to go to the
toilet or someone calls...

blutach

30th December 2006, 15:20

You are extremely close to a 3rd strike hartiberlin. Stay on topic.

Regards

hartiberlin

30th December 2006, 15:29

I have clearly stated,
that I would like to avoid copying discs
and just buy the movies online,
also with DRM , if it is userfriendly and the license
is valid at least for one year.

I really would like to have new HD movies in an easy
to download format and would like to pay for this
also.

But the current offers are no good
and are more expensive than a movie theater ticket.

And be realistic... how many times do you really
watch a movie twice ?
Very limited number of titles which are your favourite movies, but
many titles you would only collect and never watch twice..

Okay, sorry, for being offtopic again.

I guess we should wait for the new version on Jan. 2nd.
Then we can see, if he will deliver a workable solution...

hajj_3

30th December 2006, 15:36

think im gunna pencil in jan 2nd in my diary (maybe a should buy a diary first thinking about it!).

i have a suspicision that the author will prob never post in here again nor release a new version. its been about 4 days without a word from him!

trbarry

30th December 2006, 17:22

Each day that goes on without someone else actually providing a key or at least confirming spotting one makes me more skeptical this is real.

- Tom

0xdeadbeef

30th December 2006, 17:36

What a crap,
just keep the PowerDVD Version you have now
and uninstall a newer Version.
Or install Windows XP again and then install
the old PowerDVD Version again...

Let's see

[ ] You know how the revocation mechanism works
[ ] You understood any of my posts
[x] You don't have a bloody clue what you're talking about

1 out of 3 !

Zag

30th December 2006, 18:05

What a crap,
just keep the PowerDVD Version you have now
and uninstall a newer Version.
Or install Windows XP again and then install
the old PowerDVD Version again...

This way you always have access to the old
Version....

I am afraid you are not understanding...once this version of PowerDVD is blacklisted it won't work anymore with newer released titles. The newer released HD-DVDs will know that this version of powerDVD has been compromised and will refuse to work. You either update to a newer version of powerDVD or you are stuck with only be able to play the old (150 or so HD-DVD) titles that have come out up to now.

Atamido

30th December 2006, 18:26

However if this approach fails (and it sure will) the first time you run it, there are too many factors which could be the reason for this: Chill. Since no on is likely to be doing this, it's all academic anyway. I was providing a specific solution to a specific answer, not trying be the best.

calinb

30th December 2006, 18:55

Each day that goes on without someone else actually providing a key or at least confirming spotting one makes me more skeptical this is real.I agree. It's amusing that many news outlets are reporting that HD-DVD has been cracked or compromised, based on the YouTube video and the claims posted here. As we all know, it's far from compromised as long as the keys remain secure. The only upside to this attention is an elevation of public consciousness about the DRM issue. The U.S. National Public Radio spot that aired yesterday had a nice segment on consumer rights vs. DRM while reporting that HD-DVD had been compromised.

Gradius

30th December 2006, 19:19

So, has anyone with hardware (HD-DVD) and couple titles confirm this working? If you don't know, nobody said that yet. :logfile:

Soulhunter

30th December 2006, 21:32

Maybe its just a tricky campaign from the BluRay camp and muslix64 works for sony! ;D

A happy new year @ all ~ Bye

Zag

30th December 2006, 22:18

The problem is that he gave very little (nothing really) information regarding how to obtain the Title keys. All he said was"

"I won't explain it in detail. Read the AACS doc first. You will understand.
The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the
decrypted version of the title key? Think about it..."

A lot of people saw the hash and thought that those were the keys so now they can't understand why no one has confirmed this. There are relatively few people that have the hardware then on top of that even fewer people that have the knowledge that can pull the keys out of where ever they are regardless how obvious he says it is.

Pulp Catalyst

30th December 2006, 22:25

screw the proxies and firewalls, and what ever else, go to public places like cybercafes and upload there, hard to trace you if you keep moving places,

and whilst your at it, use drive crypt, which protects a partition with powerful encryption, using a very long pass phrase,

but if you upload files from public terminals, the risk of getting caught if near enough 0%, but don't forget to goto to different places, several would be good,

happy new year to every one, and lets hope blue ray gets hit soon, to keep our fair right's alive, as i don't see any company out there that protects our rights, just goverment agencies protecting corporates companies.

well done, and there was me thinking DVD jon may of had this, still if you succeed, you will be more famous then DVD jon, as cracking AACS is suppose to be like moving mount everest, hehehe

still being known is being caught, can't crack a multi billion dollar encryption aswell as lost from profits from the films them selves and exspect to not get caught, only way to get a way with it, and that is not to be know, but one doesn't get fame that way,

depends what your motives are really, do you want to be known and play that game, or not be known, and not get caught,

i hope it's the latter, not because of what you can and can't do, but if you do go to court, you will be on your own, been there myself, can be scary when your on your own,

look after your self, and be as stealth as you can,

live long and prosper.

DVDCake

30th December 2006, 23:11

I've got the 360 HDDVD drive in hand. In the youtube video it shows that he is using powerDVD 6.5 . I'm only finding 7.0 online. Should I try to find 6.5 or go with 7.0?

DC

glen8

31st December 2006, 00:05

forget that

lazyn00b

31st December 2006, 00:28

I've got the 360 HDDVD drive in hand. In the youtube video it shows that he is using powerDVD 6.5 . I'm only finding 7.0 online. Should I try to find 6.5 or go with 7.0?

DC

You will almost certainly need the PowerDVD 6.5 HD version - trust me, it's out there, just keep looking. The newer PowerDVD Ultra will play HD DVDs also, but it may not have the vulnerability.

Zutton

31st December 2006, 00:58

Something not to overlook is that even if AACS has really been cracked, there is not that much of an advantage in backing up HD-DVD movies due to the inconvenience factor of storing movies on a hard drive.

Let's say an external 300GB drive can be had for $75, and that the average HD-DVD is 30GB. So, 10 movies can be stored on the drive at a cost of $7.50 a movie. Are people going to go out and buy dozens of external drives, label which 10 HD-DVD back-ups are on each drive, and then plug in a drive whenever they want to watch a given flick? Maybe. But until blank HD-DVD media is readily available and cheap, I don't think that Joe Six Pack will be interesting in casual copying of HD-DVDs to a hard drive backup.

hajj_3

31st December 2006, 01:02

true zutton, but you could convert the discs into x264 codec, say about 15gb. or even a 720p x264 and fit it on 1 dvdr.

we wont be getting cheap hd writers or media for 18+ months so no point even thinking about that!

johner23

31st December 2006, 01:41

See above:

http://news.yahoo.com/s/nf/20061230/tc_nf/49022

http://club.cdfreaks.com/showthread.php?t=204039&highlight=BackupHDDVD

PS: does anybody will improve the program? Or create some GUI for it?

I hope more people put some updating work for BackupHDDVD in next versions, because (very soon) the industry will correct their security holes and make some updates in future high definition discs, just like they did before with WMA and WMV files ( DRM protection) or even new dvd discs releases.

Thanks.

gooki

31st December 2006, 01:53

PS: does anybody will improve the program? Or create some GUI for it?

No real need for a GUI at this stage (the command line structure is very simple), but for mass appeal, then yes one probably will be made.

I've got my HD-DVD drive on it's way, and 3 titles so just need to find out how to detect these missing "keys".

PS for people in countries that don't have the HD-DVD drive available for purchase, www.playasia.com have fair pricing on the device, and decent shipping rates.

Gradius

31st December 2006, 01:56

We'll know sooner or later, wait until day 2.

hartiberlin

31st December 2006, 02:26

..... You either update to a newer version of powerDVD or you are stuck with only be able to play the old (150 or so HD-DVD) titles that have come out up to now.

Yes, that is what I meant,
until today this version of PowerDVD will always be able to
play the current 150 titles.
I guess this is enough for a few tests...

johner23

31st December 2006, 02:37

See above:

--> http://en.wikipedia.org/wiki/BackupHDDVD

The decryption methodology is similar to DeCSS, exploiting and extracting the weak player keys.

http://www.betanews.com/article/Studios_Take_Claims_of_AACS_Crack_Seriously/1167427818[/

http://www.techtree.com/India/News/Took_Eight_Days_to_Crack_HD_DVD/551-78152-581.html

And if you look for more news, you'll find a great amount of sites that talks about the program and his creator. LOL.

PS: it will be necessary (for those people who has proper knowledge about the subject) to open and study the player ( physically, I mean) to understand the way the things work, how to get the valid keys, etc?

More: people who can get some player for that high definition discs could test and post their results / experiences here, to help the author ( or capable people willing to help him) in BackupHDDVD's development and improvement for next versions. ;)

Thanks for help.

devil (johner)

Deihmos

31st December 2006, 10:14

See above:

--> http://en.wikipedia.org/wiki/BackupHDDVD

http://www.betanews.com/article/Studios_Take_Claims_of_AACS_Crack_Seriously/1167427818[/

http://www.techtree.com/India/News/Took_Eight_Days_to_Crack_HD_DVD/551-78152-581.html

And if you look for more news, you'll find a great amount of sites that talks about the program and his creator. LOL.

PS: it will be necessary (for those people who has proper knowledge about the subject) to open and study the player ( physically, I mean) to understand the way the things work, how to get the valid keys, etc?

More: people who can get some player for that high definition discs could test and post their results / experiences here, to help the author ( or capable people willing to help him) in BackupHDDVD's development and improvement for next versions. ;)

Thanks for help.

devil (johner)

Am I the only one who thinks this was a hoax?

moonraker

31st December 2006, 11:35

I might have missed something here, and forgive me if it's a stupid question, but: how did the decryption keys get into the memory if the software didn't let you play the HD-DVD ?

dchard

31st December 2006, 12:00

For those who need pdvd 6.5 hddvd:

just use search: ::EDITED BY NIC - No Warez! (Rule 6!)::

Not forget: just use only for the end of the trial period, and then buy it if you like it. I hope I not violating any rules by posting this.

Dchard

crypto

31st December 2006, 12:52

Am I the only one who thinks this was a hoax?

No! But for some reason all those who know how AACS really works, don't comment on this.

Hotdog453

31st December 2006, 16:50

I'm using the tool right now on "Fugivitive", so I'll let you all know how it works here in a few. If I'm not too busy crying if it works.

trbarry

31st December 2006, 17:02

I'm using the tool right now on "Fugivitive", so I'll let you all know how it works here in a few. If I'm not too busy crying if it works.

Hotdog453 -

Did you actually acquire a non-zero key somehow?

- Tom

Hotdog453

31st December 2006, 17:05

Zag

31st December 2006, 17:17

I mean I'm trying the tool on the disk. Not trying to do anything more clever or deep or witty.

As for a non-zero key, I have no idea what you're referring to. It appears to be working, as in, the files are growing, and it hasn't given me an error of any sort.

You'll end up with a worthless copy on your hard drive because you are not decrypting it, you are just copying it to the hard drive in its encrypted form. You need the title key to decrypt it otherwise you are just wasting time and hard disk space. There is a file that came with the tool called TKBD.cfg. This is the file that contains the title keys, right now you will see this:

CE6339246F34087AB355681DEB656D23DCD5BD86=Full Metal Jacket | 1-00000000000000000000000000000000
486198E3855B57CD40F6DC0C60645BDE8E1E9AC5=Van Helsing |19-00000000000000000000000000000000
B5A8E784B83E793AB246D0C5F7C148A39D7F4856=Tomb Raider 1 | 6-00000000000000000000000000000000
4ACABE525F5CBF77DAA43EA2B83E04918D5FA6D4=Apollo 13 | 1-00000000000000000000000000000000
3D357B0653A66176583C5218FD0149EAF8832FB0=The Last Samurai | 1-00000000000000000000000000000000
610CF1EB362D40050123E92F063D51AC05676F37=The Fugitive | 1-00000000000000000000000000000000

See all those zeros on the right? Thats where the title key for your movie goes. The numbers on the left (hash) mean nothing without the title key. You are supposed to find this key and place it there. Don't bother asking how to find the title key because no one is talking. Look at the FAQ that came with the software, he mentions it but basically you are on your own.

Golgot13

31st December 2006, 18:03

Hi all,

Happy new year 2007.

I test the tool and it don't work (in my Computer ?).
I have 50 HDDVD from many countries (US, Japan and Europe).

I have 2 titles which can "decrypt" (there is a key line in TKBD.cfg). No way to have a *.evo not encrypted:

The process work and copy the file on hard disk I compare the files in the HD DVD disc and
the hard disk, there is lot of difference).
But I can play NOT it with PowerDVD 6.5 and when I demux its, the elementary file are encrypted
(VC1 viewer see bloc with different colour,... ).

I think it was a problem of my PowerDVD 6.5 because I can not see HD DVD disc on my PC with it
(I use it to test my HD DVD authoring not encrypted on HDD).
I use in my home a X360 HDDVD drive (maybe the tool work only with HDDVD from NEC or Toshiba).

Censored.....

And if the crack of AACS will be public (in tool like dvdecrypter)
all major (video studio mike Warner, StudioCanal,...) will do only
BluRay disc. Because there are two other protections:
Rom maker and BD+.

Today the HD DVD file from HD DVD encrypted disc can copy on HDD
directly without out decrypter software!!!! :mad:
This is not possible with BluRay encrypted (AACS + BD+) and DVD (CSS)...

Golgot13

cinemania

31st December 2006, 18:21

Hi all,

Today the HD DVD file from HD DVD encrypted disc can copy on HDD
directly without out decrypter software!!!! :mad:

Golgot13

Hööö?

Without Decrypter Software ?

Don´t think so man ... BackupHDDVD is already a Decrypter when you have the key ;)

Golgot13

31st December 2006, 18:38

Hööö?

Without Decrypter Software ?

YES !!!!!!

Don´t think so man ... BackupHDDVD is already a Decrypter when you have the key ;)

In my home, I have X360 HDDVD drive and I copy the file on my hdd DIRECTLY.
If you search in the web you can find encrypted *.evo file...

It is crazy but you can test it and you will see...

Golgot13

Gradius

31st December 2006, 18:49

I see, I see.

But you cannot playback FROM HD, right ?

Now I'm starting to think that video (on tube) might be... fake.

Happy 2007 !

Gradius

Golgot13

31st December 2006, 19:39

I am not sure because there is on the web some files
from encrypted HD DVD (*.aca and *.evo).

Censored...........

There is on the web since beginning of december decrypted source
files from HD DVD...

If you search, you can find valid demuxers (HDDVD demux don't work),
DeACA, and somes tools for HDi.
I wait a software to Dolby Digital Plus.

I think before two months we will see on the web recode of HD DVD
on DVDR (in H264 and DD+, sure).

I surprise to see good professional tools on the web...

Happy new year 2007 !!!
Bonne annee 2007 !!!
S novum godom 2007 !!!

Golgot13

Turtleggjp

31st December 2006, 20:30

I don't think this program is a hoax, but rather it is not the easy one-click solution to decrypting HD-DVDs that we have become used to with DVDs. It's sort of like being given a Ferrari, but without the keys. The car cannot be driven with the keys, unless of course it is hotwired (and in this case, "hotwiring" HD-DVDs with their AACS protection is not easy).

I tend to see this program on the same level as video game console emulators. Although their existance is somewhat controversial, and disliked by the console makers, they are not illegal as long as they were created using only publicly available information (as this program claims to be). The trick is, the emulators are pretty much usless without the game ROM images for them to work on, just like this program is pretty much worthless without the keys. Game ROMs can be considered to be warez, and thus will not be as easily acquired as the emulators. The same will be true with the keys needed to make this program work.

I think this program is an excellent example of a first generation ripper (if it does indeed work). I only hope that a similar program can be written for Blu-Ray discs as well, so that the paranoid movie studios will have nowhere to run.

Matt

Adub

31st December 2006, 20:37

@Golgot13
Of course it didn't work all the way man! Have you been reading the forum? You don't have the keys that enable you to unlock the encryption. What you just did was copy the disk to your harddrive, still in it's encrypted form. Until someone can find the keys, or rather, find how to find the keys, then we will not be able to decrypt HDDVDs.

BackupHDDVD v.99 only works when you have the title keys in your tkdb.cfg file already. The file that is contained in the download has the keys zeroed out, so that means no decryption, yet.

Golgot13

31st December 2006, 20:53

Censored..........

I have "Appolo13" and "Full Metal Jacket" (to test key).

Golgot13

tonyp12

31st December 2006, 23:15

Also, if a movie is decrypted it can be recoded
into WMVHD or MPEG-4 H.264 or XVID-HD or DIVX-HD
or Nero-HD and stored onto a normal
DVD-R as a backup.

A HDDVD is 30GB,
and I would guess the main title is 15-20GB.

You will loose some quality if you try to squeeze it down to a 8.5G Dual layer DVDR.
Maybe you could get a decent 720p version out of it.

bob0r

31st December 2006, 23:49

hajj_3

31st December 2006, 23:59

is the title key the same for every dvd of a certain film e.g apollo 13. so the key e.g sdfsdf234vdfgdsfg would be on every copy of apollo 13 sold?? if so that would be great for us, if someone found out the keys for every hd-dvd released it would help copying alot easier. then find the key of the hd-dvd itself.

im praying that this guy does come back, cos atm i think that he's a 1 poster and we wont hear of him again:(.

Zag

1st January 2007, 00:58

I would speculate that every copy of Apollo 13 that has been released up to THIS POINT has the same key. I am also willing to bet that future releases of Apollo 13 will have their key changed, it only makes sense.

Golgot13

1st January 2007, 01:17

A HDDVD is 30GB,
and I would guess the main title is 15-20GB.

You will loose some quality if you try to squeeze it down to a 8.5G Dual layer DVDR.
Maybe you could get a decent 720p version out of it.

With H264 codec, it's possible to encode HD video file 1920x1080
at 8Mbps (in France the ISP "Free" encode HD video at 6Mbps
in real time, and HD VoD file at 4.5Mbps in H264 from Ateme...)

Golgot13

blutach

1st January 2007, 03:58

Posting keys can be done so easily.

Like if you want to say: HELLO
Hi,

Everything is cool today.
London was very nice, and Lissa finally talked to me.
Oh man, its 2007 almost!

Spread the keys over 3 users, and nothing will hold ground in any court.

Or just give me the keys, ill post them anywhere, i live without laws :D

* awaits 2 jan ....You will please live within our forum rules irrespective of whether you obey the laws of your country.

Again, if any keys are posted, I will have no recourse but to issue strikes. All forum members need to be cognisant of rule 6 and the announcement at the top of this forum.

As well, bob0r, we are not interested in weather reports.

Regards

Adub

1st January 2007, 04:20

@hajj_3
Yeah, I believe that all the keys released so far are the same for that particular dvd.

The only problem is that "sdfsdf234vdfgdsfg" is not the key! Where the key would be located is where all of those 000000's are, right next to "sdfsdf234vdfgdsfg" in the tkdb.cfg file.

So, yes, if we knew the key, then it would probably be the same for all of the current Apollo 13 movies. Yet the fact is that we do not have nor know the key, so we are stuck at square 2. So to speak.

DVDCake

1st January 2007, 04:35

YES !!!!!!

In my home, I have X360 HDDVD drive and I copy the file on my hdd DIRECTLY.
If you search in the web you can find encrypted *.evo file...

It is crazy but you can test it and you will see...

Golgot13

What are you saying? You can copy HD DVD's to your XBOX hard drive?

Adub

1st January 2007, 04:52

No. He is using an external Xbox 360 HD DVD drive connected to his computer to copy the HD DVDs.

DVDCake

1st January 2007, 06:07

No. He is using an external Xbox 360 HD DVD drive connected to his computer to copy the HD DVDs.

Gotcha

I've got the same setup, waiting for more tools to find those keys.

BTW, did I mention how much I hate DHCP, no DHCP video card or compatable display and no workie. I guess thats why we are chatting in this thread to begin with. =]

~DC

Zag

1st January 2007, 06:15

Gotcha

I've got the same setup, waiting for more tools to find those keys.

BTW, did I mention how much I hate DHCP, no DHCP video card or compatable display and no workie. I guess thats why we are chatting in this thread to begin with. =]

~DC

I think you meant HDCP (High-Bandwidth Content Protection) and not DHCP (Dynamic Host Configuration Protocol). Gotta love all these acronyms. BTW, I agree with you...

DVDCake

1st January 2007, 06:19

I think you meant HDCP (High-Bandwidth Content Protection) and not DHCP (Dynamic Host Configuration Protocol). Gotta love all these acronyms. BTW, I agree with you...

DOH! Ya thats it =]

I got lucky though, ive got a nvidia 7600 card and a westinghouse 37" which is HDCP compliant.

zeroprobe

1st January 2007, 12:48

So anyone think there will be a follow up to this come tommorow??

Golgot13

1st January 2007, 13:23

HDCP is not a prrotection because there is lot of device which
can remove the HDCP protection...
This device is sell in grey market (without label, name,...),
and some professional use it to display video with old HD TV set.

Golgot13

hajj_3

1st January 2007, 13:49

edo1080

1st January 2007, 15:51

the only problems is how to find the kyes now, the tool is working( the youtube video shows it clrearly) ; I expect key lists will appear somewhere on the internet and will be shared. Anyway AACS will give a new set of keys for further releases of HD DVD movies and stand alone player by Toshiba will require a firmware update while software players like POWERDVD or WINDVD will require a new version update; I'm quiste sure that,even if now it could be possible to grab keys from memory with already released titles, with next gen software players this chance will ber forbidden. Anyway we will be able to backup at least all the titles released until now.

I hope tomorrw we will see some interesting news.

Fuse-One

1st January 2007, 17:19

I'll be getting a 360 HD drive soon. I am as excited as when decss was released back in the days.

video

1st January 2007, 17:42

PS for people in countries that don't have the HD-DVD drive available for purchase, www.playasia.com have fair pricing on the device, and decent shipping rates.

gooki. the site says that the drive "Compatible with Xbox360™
Japanese". I have an european version of xbox.360. will the drive work for me?
Thanks.

SBeaver

1st January 2007, 18:44

got a link for this device, im sure hdcp aint been cracked!

I know there was a small device, like a cable adapter, that hooked on to dvi or hdmi cables and just removed the HDCP and gave you a regular signal.
I think they were on sale for 30-40€ in germany, but everything got shut down eventually if I remember correctly.
This was a while ago and there wasnt much of a market back then.
Some similar device is probably what sits in all HDCP compatible displays so it's not very mystical at all that you could make a device like that with the right chip and components.
I don't know if they will ever be "allowed" for people with old displays that don't support HDCP, but I doubt they can be made illegal, just very very hard to get your hands on.

0xdeadbeef

1st January 2007, 19:30

There were devices called DVIMAGIC and DVIHDCP, which were distributed by Spatz Tech in Germany, but manufactured in Korea. They were much more expensive though, more like 350€.
The DVIMAGIC would convert DVI/HDCP to VGA, the DVIHDCP would convert DVI/HDCP to HDCP.
After Spatz Tec was threatened with legal actions, these device didappeared quickly, though they were said to be still produced by the Korean manufacturer for a while. There were also rumors that the chip/device id used or whatever was added to the HDCP revocation list. Dunno if this is true though.

tonyp12

1st January 2007, 20:38

With H264 codec, it's possible to encode HD video file 1920x1080
at 8Mbps

HDDVD uses VC-1 a very similar compression to H264.
There is no magic way to re-compress the video
from 20Gb down to 8GB and still look 99% as the original.

Now that AVC versions of mpeg4 are out you probably could get 70% quility.

DVDCake

1st January 2007, 21:24

gooki. the site says that the drive "Compatible with Xbox360™
Japanese". I have an european version of xbox.360. will the drive work for me?
Thanks.

The drive is just a toshiba USB drive, shouldn't matter where you get it from if you plan to connect it to a PC.

~DC

hajj_3

1st January 2007, 21:29

the drive might be region coded, think there are 3 regions for hd-dvd's, cant be sure tho!

DVDCake

1st January 2007, 21:30

the drive might be region coded, think there are 3 regions for hd-dvd's, cant be sure tho!

True but it shouldn't be long till someone creates a flash to remove region restrictions.

Golgot13

1st January 2007, 21:41

Today, there is not region code on HD DVD disc and on HD DVD drive
(all X360 HDDVD drive are same on the world).

Golgot13

DVDCake

1st January 2007, 21:43

I'm an old school encoding provider, mostly in the WM relm encoding live events via satellite and batch coversion of physical media stock. We are starting to work with VC-1 and the windows media 9 advanced codec. I have an application that runs kiosks and HD is the next step.

I've been working with some of the 1080p content on wmvhd.com to come up with a chart to show where the reduction of encoding rates will effect the viewing experience. This of course is subjective because content type and playback displays will produce different results.

So when we get some of these HDDVD's ripped and the media extraced I can produce some samples for reducing the bitrate.

~DC

gooki

1st January 2007, 21:59

gooki. the site says that the drive "Compatible with Xbox360™
Japanese". I have an european version of xbox.360. will the drive work for me?
Thanks.

Per above - should work fine as it's just a USB drive. The DVD region code may be different, but there is no HDDVD region code system at this point in time so for our purposes it shoudl work fine. I'll post up confirmation when my drive arrives (connected to australia/nz xbox360).

calinb

1st January 2007, 22:25

I'll be getting a 360 HD drive soon. I am as excited as when decss was released back in the days.There are several online reviews of the 360 HD drive under Windows. You might need new UDF filesystem drivers:

http://www.pcw.co.uk/personal-computer-world/features/2170703/xbox360-hd-dvd-pc

oddball

1st January 2007, 22:46

0xdeadbeef

1st January 2007, 23:23

Just jumping ahead to mention something if not already mentioned. Sharing of keys is a BAD idea because they will get blacklisted on future HD-DVD releases. Better to have a prog that decodes the keys for you (But does not tell you what those keys are) and then uses that key on the HD-DVD media to copy it. That way the media moguls won't have a list of compromised keys to blacklist players with on future HD-DVD releases. They would have to blacklist ALL keys which they could not really do without changing the way AACS drastically.

If disc/title keys were "shared", there would be no way of telling where they come from. Then again, looking at the video ony MyTube, it's quite obvious were the keys came from. So the player key will be blacklisted although it was never posted or maybe not even found and thus compromised.
So your suggestion somehow lacks any base and/or also shows a somewhat strange idea of the keys involved here. If it was possible to decode the disc/title keys without a specific player key, this would mean that AES128 was broken, which it isn't.

vsv

1st January 2007, 23:43

HDDVD uses VC-1 a very similar compression to H264.
There is no magic way to re-compress the video
from 20Gb down to 8GB and still look 99% as the original.

Now that AVC versions of mpeg4 are out you probably could get 70% quility.

Encoding for HD-DVD must have short GOP 0.606s max. and a lot another restrictions. You just can not use all power of AVC codec.
VC1 just polished for HD-DVD.For online distributed content no need restriction as for HD-DVD authoring.
In this case as said Golgot13 you can encode 1080p to avc at 6-8Mbps long GOP's and this be equal in quality to 12-16Mbps of VC1 on HD-DVD.

oddball

1st January 2007, 23:45

I'm thinking it's the revocation process which needs to be 'fixed' anyhow. All this talk of hacking/cracking the keys for decrypting is rather moot in that scenario.

Get around the revocation and the other stuff will probably seem simple.

I myself would not like to risk getting the key to decrypt an HD-DVD only to find I cannot play certain titles further down the line because they were revocated and my software/hardware 'silently' blacklisted them when the disc was inserted.

That is the insidious nature of this AACS system. I think people posting keys will only make this happen faster. Best to let the software pull the key from say PowerDVD 6.5 and not show it to the user. Let the key be used internally by the decryption software (No breaking of AES involved if the unencrypted key can be pulled from memory space). I assume that each disc must have it's own key? Otherwise if they blacklist a key on a title wouldn't it blacklist on everyone's player? I obviously must be missing something :)

hajj_3

2nd January 2007, 00:05

shall we take bets, its jan 2nd in 56mins, im betting that on jan the 2nd we will not got a new version of this program, nor will the guy post in here at all.

oddball

2nd January 2007, 00:08

LOL. FBI get!

0xdeadbeef

2nd January 2007, 00:09

I'm thinking it's the revocation process which needs to be 'fixed' anyhow. All this talk of hacking/cracking the keys for decrypting is rather moot in that scenario.

The revocation list of player keys is stored inside the HD-DVD drive. And it's the drive that decides to authenticate a player that was blacklisted. So I guess hacking the drive's firmware would be needed for this.

Get around the revocation and the other stuff will probably seem simple.

As I wrote before: if the revocation mechanism could be bypassed in certain drives, these drives together with a vulnerable player (or the player key and a separate implementation of the authentication process) would be able to deliver the disc/title keys until the end of time. This would practically circumvent AACS without having broken AES128. Still you would need a special drive with patched firmware to read out the keys.

I myself would not like to risk getting the key to decrypt an HD-DVD only to find I cannot play certain titles further down the line because they were revocated and my software/hardware 'silently' blacklisted them when the disc was inserted.

The revocation list is not about titles, but about players. So if PowerDVD is blacklisted, the player key is stored in the drive's non volatile memory and from this moment, the drive doesn't respond to this player key any more in the authentication process.

That is the insidious nature of this AACS system. I think people posting keys will only make this happen faster. Best to let the software pull the key from say PowerDVD 6.5 and not show it to the user. Let the key be used internally by the decryption software (No breaking of AES involved if the unencrypted key can be pulled from memory space). I assume that each disc must have it's own key? Otherwise if they blacklist a key on a title wouldn't it blacklist on everyone's player? I obviously must be missing something :)
As I said: it doesn't matter if the player key is used directly, indirectly or whatever. It will not prevent it from being blacklisted. And again: not the title is blacklisted but the player key.

video

2nd January 2007, 00:16

Today, there is not region code on HD DVD disc and on HD DVD drive
(all X360 HDDVD drive are same on the world).

Golgot13

okay but it is tagged as "Compatible with Xbox360™
Japanese", OK I know that's not a big deal, but I wouldn't like to end up with a drive paid for $200 and plays only japanese animes :D

Sagittaire

2nd January 2007, 01:12

Encoding for HD-DVD must have short GOP 0.606s max. and a lot another restrictions. You just can not use all power of AVC codec.
VC1 just polished for HD-DVD.For online distributed content no need restriction as for HD-DVD authoring.
In this case as said Golgot13 you can encode 1080p to avc at 6-8Mbps long GOP's and this be equal in quality to 12-16Mbps of VC1 on HD-DVD.

The majors restriction is just short GOP and only for low framerate source (short gop at 0.6006 sec is not a major restriction for 50/60 Hz sources). You can use CABAC, inloop, AQ, CQM, 2 adaptative bframes, wpred, Max Pref at 4, Max Bref at 3. There are vbv restriction but it's not a problem for 6-8 Mbps encoding (max at 29.4 Mbps with very large buffer at 30 Mbits). Short gop produce perhaps something like 10% or 15% efficiency loss for H264 if you compare with unlimited gop but not more.

dchard

2nd January 2007, 10:27

"I decide to track down the "Volume unique key" instead of title key.
I found it also! I'm preparing BackupHDDVD V1.00, that will support volume key and title keys."

This means, that the program will contain an empty variable - like with title keys - which is must be figured out somehow, but I think, we get a "Think about it" class answer for the question "How to get the volume uniqe key?" I know that he/she cannot provide us detailed informations about that in here, but many other ways should be.

Dchard

edo1080

2nd January 2007, 12:06

I know that he/she cannot provide us detailed informations about that in here, but many other ways should be.

Right! I hope that with the release of BackupDHDDVD 1.00 more tech hints will be revealed

KoD

2nd January 2007, 14:32

To people that don't have the technical baggage to understand it by themselves: all the required tech hints were already provided by the person that made the first post and some of those that replied in this thread.

And also, it is not the AACS protection system that was "cracked", but a software player failed to protect the decryption keys because of lazy programmers and haste to "release the player faster". This will change in future player versions, and although any software player can be reverse engineered to grab the keys again, you will not get a "press butan, get rip" commercial application out of this because it will be illegal in many if not all parts of the world. So no "AACS hacked" nonsense, please.

Hellreaper

2nd January 2007, 16:11

muslix64 will either...

...never post in here again.

...or tell you soon that there were some problems with the program and that you will have to wait until xx.xx.2007.

Face the truth, it took about two years until DVD keys were extracted.

If he/she had really done it, she/he had released the key extraction method. The program with the weakness would have been withdrawn or changed, no doubt, but it also would have been seriously verified that someone found a way to compromise the whole encryption/decryption process. (not AACS itself)

A real hacker/cracker is interested in releasing proof, not in releasing videos. You don't get scene credits for releasing videos.

dchard

2nd January 2007, 16:21

you will not get a "press butan, get rip" commercial application out of this because it will be illegal in many if not all parts of the world

DVD decrypting/copying is also illegal in most parts of the world, and see how many one-click decrypter in the market. Yes: not only a P2P distributed tiny software of a hacker, but commercial products.

A little off: could someone provide me some sort of info about HD-DVD-ROM directory/file structure? I found it for Blu-Ray (BD is more well documented than HD-DVD many other ways also), but I can't find it for HD-DVD. Searched the original documentations on dvdforum.org, but found nothing.

Thanks.

Dchard

edo1080

2nd January 2007, 17:42

A real hacker/cracker is interested in releasing proof, not in releasing videos

I don't think he's an hacker or a cracker, he simply is someone who needed to backup his discs and found a way to do it. So I don't need he wants to show us how "skilled" he is. I think we have to thank him for this program, he could also have kept it for himself, without running any risk.

Gradius

2nd January 2007, 18:02

Face the truth, it took about two years until DVD keys were extracted.

In 1997/1998 a Toshiba DVD-ROM 2x (max) + a mpeg-2 video decoding card for PC was USD$ 1000~1200.

DeCSS appeared in october 1999, thanks to 3 (three) people, not just Jon ! That all (2 years) was because the COSTS of DVD hardware (DVD-ROM), not the complexity !

Today isn't different, of course, the "complexity" is way better now. :search:

noclip

2nd January 2007, 18:28

The key revocation system and BD+ are an all-out assault on fair use. To revoke or change a key, studios would have to have found out that disk was compromised, and by that time the movie would already be up on the torrents. The only use that the draconian copy protection on HD formats prevents is fair use backup and transcoding by legitimate consumers.

hallway

2nd January 2007, 20:38

muslix64 will either...

...never post in here again. Do a Google search on 'muslix64' and literally every result is related to him/her and the HD-DVD crack... I know it's big news and all, but I've got a bad feeling about this one.
If he/she had really done it, she/he had released the key extraction method. The program with the weakness would have been withdrawn or changed, no doubt, but it also would have been seriously verified that someone found a way to compromise the whole encryption/decryption process. (not AACS itself)

A real hacker/cracker is interested in releasing proof, not in releasing videos. You don't get scene credits for releasing videos. The video at YouTube was certainly unnecessary and was quite well done. It sure wasn't webcam quality, in fact, it was pretty good quality and it was done by a 2nd person. As you say about a real hacker, they're more interesting in improving their program, fixing bugs, etc, etc and the time and effort spent making the video was wasteful.

DanITman

2nd January 2007, 20:52

Cyberlink Responds to Alleged AACS Crack

With the HD DVD AACS Crack/Hack that supposedly happened last week, I said that Cyberlink would most likely issue some additional information on the matter. I just got an e-mail from the people at Cyberlink with some great information. Above all, Cyberlink is sure PowerDVD's implementation of AACS fully protects HD DVD contents.

* First of all, PowerDVD complies to AACS compliance rules to ensure HD DVD contents are fully protected. Cyberlink is confident that PowerDVD fully protects HD DVD contents.
* Secondly, PowerDVD does not keep "Title Keys" in system memory. Cyberlink is not sure how the user got the Title Key and notes that the released tool nor the video on YouTube provides the information on obtaining the Titles Keys.
* Thirdly, there are no evidences that the user is using PowerDVD to hack/crack HD DVD video content. He or she was simply using PowerDVD to playback the video that was ripped with other software. PowerDVD supports evo video file format playback.

Overall, it doesn’t look like AACS or Cyberlink have found any faults in PowerDVD. So, at this point no updates will be issued for PowerDVD and the verdict is still out on whether or not additional playback software was used to obtain the Title Keys. No one has yet to prove that the keys can be obtained through a memory dump or any other methods.

Yet again, AACS wasn’t cracked/hacked and the one piece of the puzzle for obtaining the Title Keys doesn’t appear to add up.

Thanks goes out to Cyberlink for the information.

http://msmvps.com/blogs/chrisl/archive/2007/01/02/463980.aspx

JarrettH

2nd January 2007, 21:01

I guess we find out if this is omgbs today. :cool:

dchard

2nd January 2007, 21:15

"PowerDVD does not keep "Title Keys" in system memory"

OK, but where it is? It must be in somewhere it is shortly accessible many times, because the decoding of the encrypted is in real time, and this is a huge amount of data.

So the big question: where it is?

Dchard

2nd January 2007, 22:01

Maybe it's not PowerDVD's memory dump that Muslix is reading to obtain the key? He never said ir was cyberlink's software. Perhaps he is reading the mem dump of WinDVD. I dunno.. I just hope Muslix comes back to provide a little more direction.. It would be nice is others out there could verify that they had done a successful rip too!

~Sy

zeroprobe

2nd January 2007, 22:12

where did the 2nd of January come from anyway?

He not been active on here or youtube for a week, so he definately busy with something. If he was a hoax wouldnt he want to check how is joke is going. He got alot of peoples attention anyhow.

2nd January 2007, 22:15

Page 1 - Post 4
This is real, any good java programmer can confirm this program make sense, and all that is missing is the decryption keys.

Take a look at the FAQ file for details...

I already have a version that works with volume key instead of title keys. Even more powerfull!

Version 1.0, with volume key support should be out on january 2.

muslix64

2nd January 2007, 22:15

I spent the last few days reading a lot of articles on BackupHDDVD, reading a lot of people's post/comments on various websites.

This is the time to set the record straight about this new tool and what the impacts are.

First I need to clarify some points.

Revocation:

In the AACS system, there is 4 types of revocation:
Drive revocation
Host revocation
Device revocation (with MKB)
Content revocation

There is no such thing as "title key revocation" and "volume key revocation"

-------------

Now, here is a list of affirmations I have seen lately.

Affirmation 1: You did not break AACS, just the player

My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.
Not that bad...

Affirmation 2: The BackupHDDVD circumvention tool won't last long

My comment: As long as insecure players will exist, it will last...
And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.
And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!

Affirmation 3: The keys can easily be revoked.

My comment: What keys are you talking about?
As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...

So what is the AACS revocation system good at?
It is good for that scenario:
Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.

Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.

My comment: BackupHDDVD is a proof of concept.

Picture this:
Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.
Or they can send the keydb.cfg file on P2P networks (BitTorrent, E-Mule, etc..)
See the problem now?

Affirmation 5: You can extract keys from software player on personal computer but not on hardware player.

My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)

Conclusion:

The attack I describe in "Affirmation 4", is not here yet, but it's coming. So I give MPAA and AACSLA a head start. Start to think what you can do about that.

To totally block this attack, they need to put different keys on every disk! Now, they only have different keys for different movies. I don't know about the manufacturing process of the disk. This solution may not be possible.

The best they can do, is doing shorter manufacturing run of a particular movie, so it would be difficult to get your hand on every "pressing" of a movie.

When they design AACS, they assume people will look for the device keys. I don't care about device keys. I do care about volume key. Having the device keys mean that you have to re-implements all the complex crypto and do the full AACS process.
I leave all this dirty job to the player and recover only the volume key.

There is 3 important things in cryptography:

1-Private key protection
2-Private key protection
3-Private key protection

Did I break AACS? I don't know. What do you think?

I'm not going to work on this anymore, I'm taking a vacation!