Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 19th July 2007, 14:29   #1  |  Link
hulloha
Registered User
 
Join Date: Jun 2007
Posts: 2
Just a couple of thoughts regaurding aacs

I was just wondering if it might be possible to attack aacs by coding drivers that appear to be aacs compliant monitors/video cards but actually just dump content onto the hard disk, similar to the way daemon tools uses drivers to create a virtual cd/dvd drive. It seems that with this approach they would not be able to revoke hardware like nvidia cards or samsung monitors without alienating customers who have spent lots of money on said devices.
hulloha is offline   Reply With Quote
Old 19th July 2007, 15:01   #2  |  Link
awhitehead
Registered User
 
Join Date: Jan 2007
Location: Tel-Aviv, Israel
Posts: 185
One of the problems is the problem of the data size.

There are trojan HDMI vith HDCP to VGA/DVI adapters out there, that pretend to be fully HDCP compliant, impersonating something else, but then output full resolution video over unencrypted path. What you propose is similar - This is the essentially the same as doing video recording in HD. So you need system that can keep up with data rate of HD video (on par with 1 TB/hr), and then you need to compress it all without losing too much quality.

There is an additional problem: If you deal with OSes such as Windows, drivers are signed. A few years ago there was lots of excitment when folks found NSA signature on Windows 2000. Well, it was there, so that NSA could sign their own drivers/software without getting MS involved, and some enterprising folks figured out how to replace NSA signature with their own, and start signing various bits and pieces they cared about. Maybe something similar is possible here.

But all of it looks like alot more hassle then figuring out AACS keys, and getting unencrypted undecompressed content.

Hope this helps.
awhitehead is offline   Reply With Quote
Old 19th July 2007, 15:50   #3  |  Link
hulloha
Registered User
 
Join Date: Jun 2007
Posts: 2
I also wondered if it might be possible to bruteforce aacs keys with a distributed computing network ala folding@home
hulloha is offline   Reply With Quote
Old 19th July 2007, 17:35   #4  |  Link
Peer van Heuen
SlySoft Team Member
 
Join Date: May 2007
Posts: 173
Quote:
Originally Posted by hulloha View Post
I also wondered if it might be possible to bruteforce aacs keys with a distributed computing network ala folding@home
Ok, lets say the average PC can test 1,000,000 keys per second and you have a network of 1,000,000 PCs... ahh well, let's not be stingy - you have a network of 1 billion PCs that each can check 1 billion keys per second.

It will still take apx. 10 trillion (!) years to walk through all possible keys.

So, if you really, really want to see that movie, you might want to go for it (make sure to check out a nice and cozy solar system that will still be there in that amount of time...)
__________________
SlySoft Inc.
Peer van Heuen is offline   Reply With Quote
Old 19th July 2007, 18:18   #5  |  Link
snipper_cr
Registered User
 
Join Date: Feb 2007
Posts: 23
Quote:
Originally Posted by Peer van Heuen View Post
Ok, lets say the average PC can test 1,000,000 keys per second and you have a network of 1,000,000 PCs... ahh well, let's not be stingy - you have a network of 1 billion PCs that each can check 1 billion keys per second.

It will still take apx. 10 trillion (!) years to walk through all possible keys.

So, if you really, really want to see that movie, you might want to go for it (make sure to check out a nice and cozy solar system that will still be there in that amount of time...)

Thats amazing... someone posted information on that a few weeks ago and its reallyt mind blowing. They said if you could make a computer the size of a grain of salt and cover the entire surface of the earth, it still would take years and years to crack the key brute force.

For my own understanding, would brute forcing be going like

aa:aa:aa:aa:aa:aa:aa:aa:aa then aa:aa:aa:aa:aa:aa:aa:aa:ab then
aa:aa:aa:aa:aa:aa:aa:aa:ac etc?

Also, how does drivers signing work? I remember a while ago there was talks about forcing revoked device lists (not sure the technical name) to show up as zero (once devices started to become revoked). They said that was not possible because the lists are digitally signed by the la. Is the "signature" like another key? What does the software use to verify this signature against? Can it also be applied here?
snipper_cr is offline   Reply With Quote
Old 19th July 2007, 23:54   #6  |  Link
The Thing
Registered User
 
Join Date: Jan 2007
Posts: 8
Quote:
Thats amazing... someone posted information on that a few weeks ago and its really mind blowing.
That 'someone' was me - here's the link - http://www.codinghorror.com/blog/archives/000631.html
__________________
- Man Is The Warmest Place To Hide -
The Thing is offline   Reply With Quote
Old 20th July 2007, 07:40   #7  |  Link
HyperHacker
Resident DRM Hater
 
HyperHacker's Avatar
 
Join Date: Oct 2006
Location: International waters
Posts: 242
Yep, brute-forcing means trying every key. The math is simple as long as you're not confused by big numbers: Keys are 16 bytes. One byte is 8 bits so a key is 16 * 8 = 128 bits. This means the number of possible keys is 2^128 = 3.4028236692093846346337460743177e+38 (look up scientific notation if you don't understand this number). If your computer could process 1 billion keys per second (which would be pretty impressive with today's technology), it'd still take 340282366920938463463374607431.77 seconds (which is 10790283070806014188970.52915499 years) to go through them all! Your network would have to consist of 1,000,000,000,000,000,000,000 computers to get through them in even 10 years! (I might have one or two zeros too few/many there, but that hardly makes a difference.)

As for signatures, look up RSA and private/public-key encryption. Normally, you give out the public key (used to encrypt) and keep the private key (used to decrypt) to yourself. Thus anyone can encrypt a message, and only you - not even them - will be able to decrypt it.
Signing works the opposite way - the public and private keys switch roles. That means you give out the private key and keep the public key a secret, so anyone will be able to decrypt the message but only you can encrypt it. To sign a file, you generate a hash of it using a nice strong algorithm like SHA1, encrypt this hash with your public key, and include it with the file. Anyone will be able to use the private key to decrypt the hash and confirm that it matches the file (= the file hasn't been modified). If you make any changes, the hash won't match anymore, and without the public key you can't encrypt a new one, so anyone can see the file has been modified.
(Bit confusing eh? )

Of course, you can hack the software to ignore the signature and carry on doing what it does even if the file is modified, or replace the "private" key within it with your own so that you can use your own "public" key to sign it. But unless there's a security hole that allows for arbitrary code execution (or at least controlled patching of memory), you won't be able to get other peoples' devices to accept this new file without hacking them too.

There's plenty of info about all this on Wikipedia if you're interested.
__________________
Because Moogles pwn.
HyperHacker is offline   Reply With Quote
Old 20th July 2007, 18:34   #8  |  Link
3r1c
Registered User
 
Join Date: Feb 2007
Posts: 383
So instead of dumping to the HD, cant we make drivers that pretend to be aacs complaint, but just decrypt the data and show it on non complaint card. This way the data would not need to be stored anywhere or recompressed.
3r1c is offline   Reply With Quote
Old 20th July 2007, 19:01   #9  |  Link
SvT
Never Grow Up !
 
SvT's Avatar
 
Join Date: Mar 2004
Location: EU
Posts: 131
Quote:
Originally Posted by 3r1c View Post
So instead of dumping to the HD, cant we make drivers that pretend to be aacs complaint, but just decrypt the data and show it on non complaint card. This way the data would not need to be stored anywhere or recompressed.
There is something like that going on overhere.

http://forum.doom9.org/showthread.ph...07#post1025307



Thanks for HyperHacker for clearing up ! (see next post).

Last edited by SvT; 20th July 2007 at 20:47.
SvT is offline   Reply With Quote
Old 20th July 2007, 20:43   #10  |  Link
HyperHacker
Resident DRM Hater
 
HyperHacker's Avatar
 
Join Date: Oct 2006
Location: International waters
Posts: 242
Those are open-source Linux drivers for compliant cards, to allow them to be used at all in Linux. I'm pretty sure they don't do anything involving HDCP. Digital signatures make "pretending to be compliant" difficult.

(BTW, AACS is just the encryption used on BD and HD-DVD; the encryption between CPU and monitor is HDCP.)
__________________
Because Moogles pwn.
HyperHacker is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 02:33.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2017, vBulletin Solutions Inc.