When will they ever learn! (http://www.afterdawn.com/news/archive/14787.cfm)

Wasn't X-Protect responsible for the 'latest unhackable' DVD copy protection... that was hacked shortly after its release?!

So AACS wasn't strong enough... BD+ wasn't strong enough... I wonder who's coughing up the bill for X-Protect on every disc... oh that's right YOU the consumer will be!


AACS took six months to crack... BD+ took three months to crack...

$100 says SlySoft will have 'X-PROTECT bluTM' cracked within one month of its release =)

AACS took six months to crack... BD+ took three months to crack...
AACS hasn't been "cracked" and neither has BD+ afaik. Some obsolete versions of software players were partially reverse engineered revealing secret key material. No fundamental flaw has been discovered yet which would enable everyone to decrypt the contents of these discs without using constantly updated key material from those players (hardware/software) which in turn are constantly improving their protection.

$100 says SlySoft will have 'X-PROTECT bluTM' cracked within one month of its release =)
Nice one. Is a documentation of the new layer publicly available?

AACS hasn't been "cracked" and neither has BD+ afaik. Some obsolete versions of software players were partially reverse engineered revealing secret key material. No fundamental flaw has been discovered yet which would enable everyone to decrypt the contents of these discs without using constantly updated key material from those players (hardware/software) which in turn are constantly improving their protection.
Incorrect. The first methods of decrypting BD+ needed such keys, but they don't anymore:

Cracking BD+

On November 8, 2007, SlySoft announced that BD+ discs can be copied with AnyDVD ripper.[6] This was possible because first BD+ titles didn't check if AACS was present. The crack allowed a user to copy a BD to the harddrive and play it back from there using only a specific version of Cyberlink's PowerDVD (3319a), but not to transcode, otherwise manipulate the content or play it back from a burned BD-R or BD-RE. Updated versions of BD+ security code plugged this hole.

On January 9, 2008, engadgethd.com reported that Fox has stated that BD+ has yet to be compromised.[7] When asked how many hi-def 20th Century Fox titles had become available online, the rep reported that the titles were available as HD DVDs in Europe.

On March 3, 2008, SlySoft updated AnyDVD HD allowing the full decryption of BD+ [8], allowing for not only the viewing of the film itself but also playing and ripping disks with unlicensed software.

On March 19, 2008, a new version of AnyDVD HD was released (6.4.0.0) that supports the full removing of the BD+ copy protection for all titles released to date.[9][10] [11]

In May 2008 the Blu-Ray release of Jumper introduced a modified version of BD+ security code which prevented the Slysoft AnyDVD HD software from removing BD+. This modified version was again broken by Slysoft few days after Jumper hit the streets.

As for AACS, it technically still relies on keys, but in a better way:

http://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html

As for AACS, it technically still relies on keys, but in a better way:

http://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html

AACS remains uncracked, but no one really cares. As the linked article says, every disk and player combo has the keys to decrypt - it's just a matter of finding them and so far SlySoft can find them much faster than AACS can change them.

You need to understand that there is a difference between decoding a message with stolen keys and cracking/breaking the encryption system used to protect the content of those messages (in this case aacs/bd+). Breaking the encryption system would mean that you have found a way to decode every message in a reasonable amount of time with no additional information but the ciphertext and regardless of the key being used. This is clearly not the case here.
Slysoft and all the others are currently only stealing the keys from software and hardware players so if anything has been broken then those players.

Edit: FoxDisc is right and he was faster than me. :)

I'm pretty sure BD+ is cracked, though...

But I could be wrong :)

Cracked/non-cracked - IMHO, that is semantics. Given Slysoft's history in "enabling decryption" of BDs, I expect that they will easily enable decryption of this too.

Where encryption is concerned, "what man creates, man can destroy". Waste of people's time and companies' money to even try it.

Here's a novel idea - disband AACS-LA, fire the almost useless ARccOS and Ripguard teams (and their attendant legal hanger-on'ers and lobbyists) and pass the resultant savings of millions of dollars annually onto consumers, who would buy more DVDs and BDs. Allow them to make backups of their DVDs without treating them like criminals. Sales are falling and BD is not cutting into market share (7% at last week's review).

Regards

this company is trying to cut BD+'s lunch :) good on them, though it's a pretty cynical exercise and will certainly fail, or at least become irrelevant very quickly.

BD+ is exceedingly expensive, so almost nobody is using it, sort of like with macrovision on DVDs - the theoretical (and completely unprovable) financial gains due to slightly less piracy are far outweighed by the extra cost per-disc. i think these guys are trying to offer a cheaper alternative without doing much real work.

Cant wait to see how this plays out.

Cryptographically speaking "crack" and "break" have very specific meanings. "Circumvented" is probably a better term.

These threads would be more fun to read if people would stay farther away from personal attacks and closer to useful info.

There are fundamentally three ways to decode AACS encrypted discs.

The first is to find and use keys that are provided with each player/disc combo. That's how an authorized player does it. That's how SlySoft does it. That's how it was done with the free tools here. The only difference is that the authorized route sends the decoded data only to a display through a protected path, while the unauthorized routes allow it to be recorded. Interestingly, both AACS and SlySoft try to hide these keys, while only the free tools here provide access to them. The problem with this route is that the keys are linked to a specific player or group of players, so that groups of players can be revoked without revoking others (software players are regularly revoked, while hardware are not). The AACS system is designed to allow these keys to be changed and to be resistant to the leak of these keys. I don't consider finding these keys to be cracking the AACS system, and most cryptographers wouldn't either, but it's just semantics, as it's pretty effective at bypassing AACS.

The second route is to steal or leak the master keys that AACS LA uses to make the keys for players as described above. If these keys were leaked, I'd consider the AACS system to be defeated because every player, hard and soft, would have to be updated or replaced. That's so hard as to be almost financially impossible. The AACS system still wouldn't be "cracked" as they could simply start from scratch and put better locks on their master keys.

The third way is to a) figure out how to calculate one of the two types of keys above and b) do the calculations in a reasonable time. We know how to do part a) by trying every combo, it's part b) that's hard. This would be cracking the AACS system as they could not start over. New keys would be just as vulnerable as the current keys.

Yeah, in terms of cracking AES (which AACS uses for encryption), see you in 200 billion years.

Yeah, in terms of cracking AES (which AACS uses for encryption), see you in 200 billion years.
This is a simple-minded way of looking at the problem. Yes, if you used current computers to try every possible combination, the math says it would take longer than the life of the universe to try them all. However, quantum computers are likely to be available in only a few thousand years, and quantum methods for factorization are already known that will reduce the calculation time to mere thousands of years.:D

This is a simple-minded way of looking at the problem. Yes, if you used current computers to try every possible combination, the math says it would take longer than the life of the universe to try them all. However, quantum computers are likely to be available in only a few thousand years, and quantum methods for factorization are already known that will reduce the calculation time to mere thousands of years.:D

Actually, you can do much faster then that with quantum computing, as they can factorize things practically for free (iirc, they can do factorizations as a form of vector computation, since they only have to compute the correct value, and all of the incorrect value computations don't actually happen), If you had a quantum computer that could perform 256 bit operations, If I understand the theory correctly, you could crack aacs essentially instantaniously. However, if you were limited to, say a 32 bit quantum computer, it may well take thousands of years, because you would be forced to break the problem into chunks, losing a great deal of the benefits derived from quantum computing. My understanding of quantum computing is very tenuous, so I may have this completely wrong, but I'm certain it wouldn't take thousands of years, since shor's algorithm means that integers can be factorised in polynomial time on quantum computers.

I'm certain it wouldn't take thousands of years

Since we were predicting the future I felt free to make any prediction I desired.:sly:

Actually, you can do much faster then that with quantum computing, as they can factorize things practically for free (iirc, they can do factorizations as a form of vector computation, since they only have to compute the correct value, and all of the incorrect value computations don't actually happen),
If i remember correctly the quantum system is in all possible states at the same time and as soon as you apply the "read operator" the system falls into exactly one state which is your solution with a certain probability. At some point we simply stop thinking about it because it is beyond our imagination. Try to solve those big equations and don't give up :D

My understanding of quantum computing is very tenuous, so I may have this completely wrong, but I'm certain it wouldn't take thousands of years, since shor's algorithm means that integers can be factorised in polynomial time on quantum computers.
Is there are quantum algorithm which could solve aes? I have heard about that shor algorithm but i don't know where this could be used in aes.

afaik quantum computers already exist in some laboratories but with only very few qbits (<=4) and already many problems. But we would need at least 128...

Back to the topic: Is there any documentation about the new layer "X-PROTECT bluTM" publicly available?

May I please remind folks in this thread of rules 3 and 4? Personal attacks and going off topic are not our way here.

Thanks all.

Regards

bourke

I have warned you and others about rule 4. Apart from ignoring me and keeping on at Oopho2ei, you now are bringing religious overtones into your flaming.

Struck for rule 4 violation.

Regards

On the other hand, as I understand it the HDCP system has bona-fide weaknesses that would allow for breaking the encryption/copy protection of links between devices and extracting the bitstreams. Though I've not heard any update on that topic for a couple of years, I wouldn't be surprised if someone, somewhere had gone the extra mile and extracted the keys used for HDCP -- there are probably enough details out there to do the job.

Of course, the extreme bitrate would require a pretty hefty decoder to turn the content back into a compressed file that could be saved, and obviously, the overall structure of the disk isn't obtainable through this route.

As far as X-Protect is concerned, I have to agree with those earlier in the thread: it's a bandaid on a fundamentally weak system. More layers of "protection" aren't going to stop the decryption of disks.


. . .
There are fundamentally three ways to decode AACS encrypted discs.
. . .

BD producers :sighs: .... You can't wash and clean coal ;)

Is this new 'copy protection' the same as the one found on SD DVDs? Or does the Blu ray specifications allow a much more advanced way of preventing a clean rip via simple copy/paste commands?

There are fundamentally three ways to decode AACS encrypted discs.
as I understand it the HDCP system has bona-fide weaknesses that would allow for breaking the encryption/copy protection of links between devices and extracting the bitstreams.
Yes, attacking HDCP is believed to be much easier than attacking AACS encryption.

Technically, attacking AACS by attacking HDCP is like attacking AACS through screen grabbing. In both cases you are waiting until after authorized AACS decryption is complete, then going after the decrypted data.

short of full hardware encryption / decryption being required there really isn't much ability to make something completely copy-protected. because, in the end the signal has to be decoded for viewing by the general populous, and to do that you have to give them the keys for decoding it (in one way or another) The sooner these companies realize this, the sooner they will require everyone to have chips implemented into them to shock the user if they see "Unsecured" material.. Err I mean, They will realize that their attempts are futile...

I doubt they are really even loosing all that much money on piracy. Rather they are just trying to sell hardware/software to the consumer almost as often as they sell a movie.

I doubt they are really even loosing all that much money on piracy.What's to lose? Their market share is puny and not increasing. They need a totally different marketing strategy - just cos they have a better and new format doesn't mean the public will embrace it and rebuild libraries.

Regards

[color=blue]What's to lose?

Exactly.


Loses to so called 'piracy' wouldn't of been a sale in the first place hence no real loss.

the real loss is the BD format is loosing market share.
may i say "im so happy"?

the real loss is the BS format is loosing market share.
may i say "im so happy"?


LOL...like it not, I personally liked/supported both formats, but, it's here to stay for at least the foreseeable future....I'm actually from Haddonfiled...................NJ, that is. Wouldn't let them film there...'might give the town a bad name'....LOL...would of given them and endless stream of revenue from tourists alone.....but I guess they get enough of that from all the lawyers/bankers/doctors/MILFS/ who live there now :p Anyway, I digress and BluRay is easier to work with anyway so I'm happy.