Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 28th December 2006, 14:31   #41  |  Link
=A=RGOS
Registered User
 
=A=RGOS's Avatar
 
Join Date: Dec 2005
Location: France
Posts: 14
The licence GPL may be add to this source code and a sourceforge project may be add for future contribution.
The C++ port is intersting but not GUI, the compatibility with linux may be possible for linux player and eventual libdeaacs.

sorry for my little english ...
__________________
Catalencoder, an other GPL MPEG2 to XviD converter based on ffdshow (http://www.sasteam66.org).
=A=RGOS is offline   Reply With Quote
Old 28th December 2006, 14:47   #42  |  Link
0xdeadbeef
Author of BDSup2Sub
 
Join Date: Jun 2003
Posts: 478
Some thoughts on this:

1) The player key was not yet compromised as far as I understand. Also the authentification mechanism was not found and recreated. Both should be possible by reverse engineering the software player, but it's not done yet and thus currently HD-DVD can't be called "hacked" yet IMHO.

2) As far as I understand, the player keys can be backlisted this way or the other. There is even a mechanism for this for normal DVDs - where all valid player keys are stored on each DVD. This mechanism was most probably improved for HD-DVD and BlueRay, so I guess as soon as the PowerDVD player key is compromised, it will be backlisted. Maybe even earlier, if a way is found to remote control PowerDVD to provide people with title/volume keys.

Anyway: very interesting topic, especially since this would allow many users to use their notebooks without HDCP to playback HD-DVDs on highres beamers and displays.
0xdeadbeef is offline   Reply With Quote
Old 28th December 2006, 14:49   #43  |  Link
DeepBeepMeep
Registered User
 
Join Date: Jun 2006
Posts: 133
Quote:
Originally Posted by Cyberace View Post
hmm, but if that player is a software player like PowerDVD, (like version 6.5 which is shown in the YouTube video)- then aren't studios are out of luck as people will always be able to install that exact same 'old' version of the software player on their own computer that is not connected to the internet (and can thus not get revoke updates) and thus use that to grab the keys from the RAM memory when it is playing/decoding the movie?
The studio may able to prevent existing titles to play with the compromised Dvd Player even if no upgrade is done through the internet. Indeed each device that participates in the AACS decoding is supposed to keep a revocation list. This revocation is updated whenever a new title is played.

So let's say you play a movie in the future that has blacklisted the software player. From this moment your HD DVD drive will refuse to communicate with the software player even to play old titles.

Now even if you prevent your Hd Drive from updating its revocation list with some form a reset, although old titles may still work, newer titles won't because they will no longer contain a valid device key which is required by the player.


Quote:
Originally Posted by Cyberace View Post
By the way, did any notice that YouTube video shows the title keys of some movies when he films the contence of his TKDB.cfg file? if those are the real keys, then people with the knowledge and software to scan/dump the active RAM memory should be able to search find one of those specific keys if he/she have one of those exact same movies, and then he/she can use that as a map to find the location where keys of others movies are 'stored' in the memory while the movie is being played/decoded by PowerDVD. As I assume PowerDVD always stores that key in memory the same way in the same version of the software?
It seems the code we can see is in the video are only hash values of titles names, the title keys are obviously hidden behind a black box.
DeepBeepMeep is offline   Reply With Quote
Old 28th December 2006, 15:05   #44  |  Link
colinhunt
Registered User
 
Join Date: Dec 2002
Posts: 1,022
I tried this, and it didn't work. The config file has keys for a few titles, but there's no way to tell if the titles are US or European discs. Tomb Raider (US) did not work, got 18GB of crap on my HDD.
colinhunt is offline   Reply With Quote
Old 28th December 2006, 15:16   #45  |  Link
ttringle
Registered User
 
Join Date: Nov 2003
Posts: 13
If this does work, then it's only probably going to end up killing HD-DVD, unless it does also work on Blu-Ray which I doubt because Blu-Ray has an extra level of Copy Protection that HD-DVD does not. If that is the case then the studios will NEVER switch over support to HD-DVD no matter how many people buy discs.

Still I hope that this is true and that it does work for HD-DVD, because whether or not they like it the reason that DVD is as popular as it is has to do with the fact that for the last 5 years we have been able to do what we want with our DVD's. Without the ability to decrypt to HD or on the fly you wouldn't be able to stream video to another room off your HTPC playing a DVD etc, or from your 1st Gen XBOX.

TimT
ttringle is offline   Reply With Quote
Old 28th December 2006, 15:18   #46  |  Link
Dr Cain
Registered User
 
Join Date: Dec 2006
Posts: 1
Quote:
Originally Posted by colinhunt View Post
I tried this, and it didn't work. The config file has keys for a few titles, but there's no way to tell if the titles are US or European discs. Tomb Raider (US) did not work, got 18GB of crap on my HDD.
You'll still need to extract the key manually from memory in order to decrypt it.

The source code comes with all keys nulled.

EDIT: typed the wrong thing X_x

Last edited by Dr Cain; 28th December 2006 at 23:33.
Dr Cain is offline   Reply With Quote
Old 28th December 2006, 15:21   #47  |  Link
colinhunt
Registered User
 
Join Date: Dec 2002
Posts: 1,022
Quote:
Originally Posted by Dr Cain View Post
You'll still need to extract the key manually from memory in order to decrypt it.

The source code doesn't come with all keys nulled.
You mean it comes with all keys nulled? Took another look at the keyfile, and sure enough, the actual keys are all nulls. D'oh.
colinhunt is offline   Reply With Quote
Old 28th December 2006, 15:24   #48  |  Link
DeepBeepMeep
Registered User
 
Join Date: Jun 2006
Posts: 133
Quote:
Originally Posted by colinhunt View Post
I tried this, and it didn't work. The config file has keys for a few titles, but there's no way to tell if the titles are US or European discs. Tomb Raider (US) did not work, got 18GB of crap on my HDD.

It doesn't look like what has been released contains any title key. It seems the title key has been delibarately replaced with "1-00000000000000000000000000000000". I think title keys are supposed to be "copyright information" and the lack of them in the code "may" protect the author since what has been provided so far is only a AACS decoder which still needs the right keys to work. No reverse engineering was necessary to write this code, all the information to write it is available publically.

The real exploit lies in extracting the title key from the memory of the software player. It is quite likely that if we had one title key it shoudn't be hard to get the others as long as the player is not considered as compromised. But unless the author of this program releases the key extractor or that somebody else writes ones knowing now that it is possible, beside greater hope we are almost at the same point as before.
DeepBeepMeep is offline   Reply With Quote
Old 28th December 2006, 15:32   #49  |  Link
zeroprobe
Registered User
 
Join Date: Jan 2002
Posts: 155
what it comes down to the "players" key in question is able to decrypt ALL of the hddvds out there today. Future ones can be barred out but for the 150+ out today the keys will work.
zeroprobe is offline   Reply With Quote
Old 28th December 2006, 15:34   #50  |  Link
Wilbert
Moderator
 
Join Date: Nov 2001
Location: Netherlands
Posts: 6,364
Quote:
The reason we have the DMCA is to be in accordance with the WTO and WIPO treaties.
Yeah right (assuming you are talking about US DMCA). You are turning things around. The reason that we have that stuff in the WTO and WIPO treaties in the first place is because US pushed for it.

Quote:
It doesn't look like what has been released contains any title key. It seems the title key has been delibarately replaced with "1-00000000000000000000000000000000".
In a \. post about this subject someone claimed that those keys are released into the wild, so you should be able to find them.

Last edited by Wilbert; 28th December 2006 at 15:36.
Wilbert is offline   Reply With Quote
Old 28th December 2006, 15:37   #51  |  Link
Susana
Registered User
 
Susana's Avatar
 
Join Date: Apr 2005
Location: Spain
Posts: 181
With keys or without keys,
Susana is offline   Reply With Quote
Old 28th December 2006, 15:38   #52  |  Link
Gradius
RPC-1 to people
 
Join Date: Sep 2003
Location: from Mars to Earth
Posts: 39
1st of all, congratulations to muslix64 for this (yeah, kinda same way as xing player was w/ DVDs).

But I totally aggree with 1st XStylus's post, this stuff was too soon to be released to public/masses, the best way was to wait more 2 years to release this, but yeah, what is done, is done.

Keep in mind to clean up all your cache around, even change your ISP, etc, etc, and good luck with your identity.

Hollywood and other EVIL guys think, in a digital world, something will be 100% unbreakable, in reality they're as stupid as they can be. They keep themselves busy to find new ways to protect your sh** while forget to provide us GOOD stuff to market (at fair price of course), so good that I'll BUY them, and not just to try to make a mere copy.

But fell sorry for them, after all, they're VERY poor doing just $1 trillion/year.

Btw, Blu-ray is the next target!

PS: About the upgrade stuff, just keep the good old ones working.
Gradius is offline   Reply With Quote
Old 28th December 2006, 15:49   #53  |  Link
BUZZARD1
Registered User
 
Join Date: Dec 2001
Location: nashville
Posts: 20
Good job man. Forget them people telling you that it was a bad idea to release it when you did ect. ect. Some people cant be pleased no matter what. I do hope you protect your identity cuase I would like you to stick around. Keep up the good work bro!
__________________
bing the dvd's out and lets go to town! im always striving to get around buying a dvd burner!

i love www.doom9.org
BUZZARD1 is offline   Reply With Quote
Old 28th December 2006, 15:50   #54  |  Link
cwm9
Registered User
 
Join Date: Mar 2006
Posts: 26
No change.

I don't think this is going to affect the studios one whit.

Consider who DRM is really aimed at:

In the end, no matter how good the encryption, you can always crack open a TV and wire up an analog to digital converter directly to whatever outputs are driving the pixels on the display. Do it with high enough quality ADCs, and the capture will be nearly perfect. Once you've done that, it's a simple matter of streaming the data to a very fast hard drive array and then re-compressing it. Too much work for the average joe, maybe, but not too much work for a dedicated counterfeiter that intends to make 100,000 units and make a $300K profit. Yes, but what happens when the counterfeiter's player keys are revoked, you say? If you're making $100K+ from each title you counterfeit you throw away the player with the revoked key and buy a new one.

Thus, this exploit really means very little to a determined counterfeiter.

So if the DRM wasn't meant to stop a determined counterfeiter, then who was it meant to stop? Probably the average joe. And if that's the case, this hack probably won't mean much. Why? Think about what the studios really want... They want piracy to go away, obviously. But if you can't have your wish, what's the next best thing? To reduce it, of course.

The goal of this DRM is to make it more difficult for the average joe to copy his friends movies. With DVDs, you can download DVDShrink which "just works" pretty much all the time. That was a disaster for the studios because once someone was shown how to copy a DVD one time, they had no problem doing it over and over.

But there will (probably) never be such a solution with HDDVD because of the way keys are distributed. Sure, you'll be able to download the most current Title Encryption Key database that contains every key known to date, and there will probably be newsgroups dedicated to keeping up with the latest 0-day exploit, but a very large percentage of people who now copy DVDs will not be able to keep up with these tit-for-tat exchanges between the crackers and the publishers. They'll get shown how to copy an HD DVD by someone, and they'll be able to copy any HD DVD that was released prior to that date, but they won't know where to go to update their software with the latest keys or exploits needed to copy title released AFTER that date.

If instead of having one icon that you click on you have to go searching for the latest exploit on Google, that's a win for the studios because ANY added complexity to the process of piracy necessarily excludes those people without the skills to overcome that added complexity gap.

How much of a dent in piracy would it take for the studios to be happy? 5%? 10%? I doubt very much the studio executives ever expected this to make piracy go away forever. I do think they are hoping to see a small decrease in piracy because of it.

Blu-Ray is just as vulnerable to the FET-Driver to ADC hack as HD DVD is, so it wins no points there. Will it make a difference that the "advanced joe" can't copy Blu-Ray? Maybe. Hard to say.

I don't think studios will be jumping ship over this because I imagine they fully expect Blu-Ray to fall to the exact same kind of exploits. Blu-Ray also has a standard encryption scheme, and it's keys will likely be exposed by a bad Blu-Ray implementation as well. What's the point in spending all that money to convert?

Blu-Ray has has the ROM Mark -- but it's a pseudo advantage. If a title is released on Blu-Ray and counterfeiters capture the output via any exploit, they might not be able to release their re-compressed version on Blu-Ray, but nothing prevents them from pressing the exact same re-compression on HD DVD.

So if the watermark can't prevent the distribution of movies, what can it do? It's really only effective for one application... games for the PS3, which only uses with Blu-Ray. Given the PS3s lackluster acceptance, one has to wonder if that means anything anyway, and even if it does, we all know there are hackers out there hard at work trying to find a hardware mod exploit to circumvent that DRM too.

Blu-Ray's one real advantage is BD+ which lets them change the encryption method from AACS to something else.... but what are they going to replace AACS with? As far as I know, there is nothing better than AACS that could be used to replace AACS. It will probably be at least a year before they do have a decent replacement that COULD be deployed via BD+, and I'm not sure what they can come up with that doesn't involve some sort of key that can be revealed by faulty software just like AACS and DVD has.

In summary, no matter what you do as a studio -- release on HD DVD or Blu-Ray -- some professional counterfeiter can hack open a TV, digitize the output, re-compress the movie, and release the title on HD DVD (or dvd, or super-dvd, or whatever.) Because the profit margin is so high, they could afford to trash their revoked player and buy a replacement for every movie if they had to. Every (smart) studio exec knows this; there's no reason for them to bail out just because of this. The "average joe" is probably screwed by either DRM even if this exploit turns out to work. The "advanced joe" will probably still find a way to copy movies. Overall, the best the execs can hope for is a small reduction in "average-joe" piracy which might or might not translate into a small boost in sales, which, over the next decade, might eventually amount to something more than a hill a beans after paying for the development of the DRM.

You know what I really think? I think some of the less knowledgeable suits at the studios wanted a pipe dream, and I think some engineers were more than willing to be paid to work on that pipe dream. If someone waves money in your face and asks you to do the impossible, what's a man to do but take the money and do his best?
cwm9 is offline   Reply With Quote
Old 28th December 2006, 15:55   #55  |  Link
BUZZARD1
Registered User
 
Join Date: Dec 2001
Location: nashville
Posts: 20
Good job man. Forget them people telling you that it was a bad idea to release it when you did ect. ect. Some people cant be pleased no matter what. I do hope you protect your identity cuase I would like you to stick around. Keep up the good work bro!
__________________
bing the dvd's out and lets go to town! im always striving to get around buying a dvd burner!

i love www.doom9.org
BUZZARD1 is offline   Reply With Quote
Old 28th December 2006, 16:24   #56  |  Link
Logik
Registered User
 
Join Date: Jan 2003
Posts: 1
very
Logik is offline   Reply With Quote
Old 28th December 2006, 17:06   #57  |  Link
0xdeadbeef
Author of BDSup2Sub
 
Join Date: Jun 2003
Posts: 478
Well, worst case scenario would be:

- Compromised software player ist blacklisted immediately, so it won't be possible to extract title/disc keys with it any more as soon as the revocation list entry is activated.

- HD-DVD/BlueRay-Support for XP is generally cancelled. Player software will only run on Vista with fully AACP compatible hw/sw chain.

- Vista's new content protection functionality could make it really hard to read out more title/disc/player keys.

- Since no fast attack on AES is known (as it is for CSS), it will be impossible to decrypt HD-DVDs without valid keys.

One could imagine a way though to circumvent AACP without breaking AES: if the firmware/hardware of the HD drive could be altered to NOT update/use the revocation list, even a blacklisted player could be used as "zombie"-application to read out disc/title keys. Indeed only a few altered drives would have to exist to create a database of keys. Hosting this database would be a legal problem though. Then again, if there are countries which assume hosting of torrent hashs legal, there should be some which consider hosting decryption keys to be ok.

Just my 2 cents though.
0xdeadbeef is offline   Reply With Quote
Old 28th December 2006, 17:14   #58  |  Link
TehMark
Registered User
 
Join Date: Sep 2006
Posts: 4
TYVM!! I love this community!
TehMark is offline   Reply With Quote
Old 28th December 2006, 17:16   #59  |  Link
drbuzz0
Registered User
 
Join Date: Jan 2006
Posts: 46
Some observations:

1. A lot of people have been saying AACS is the end of backing up your media. They claim this because of all the measures against it and how the devices are updatability and keys are individual per movie. I've heard this all before (many times). Any protection system is only as strong as it's weakest link, if a system uses a crazy-secure rolling-key 512bit encryption algorithm, that does not mean the system is necessarily secure if there is a backdoor method of telling it that you are authorized. Example would be Nagravision, a satellite encryption that was hacked to pieces by figuring out how to fake being authorized. The more complicated a protection system is, the greater the chances that there's a weakness in it somewhere.

2. Having keys which need to be obtained or distributed is not that big a problem. Remember that it only has to be figured out once, whether by sniffing, leaking or even brute force... only needs to be done ONCE and then it's out. The studios can keep changing the key, but there are limits. Again using the satellite comparison, a while back distributing "seed codes" was how the Videocipher was hacked. They never really managed to close that hole until they completely redid the hardware.

3. AACS can be updated, but there are limits. It can only be updated to a certain degree, legacy support has to be maintained and there is a need to keep ontop of things. It's much like software protection. It's damn near impossible to keep a piece of software truely secure. As soon as it gets out the cracks and keygens start popping up left and right. The more popular the software, the faster it happens.

4. The DMCA is something I do not worry about. It's not a law, because it's an *ILLEGAL LAW* That is, it is superseded by the US Constitution and International principals of expression.
Gahndi said something like (to paraphrase) "To break an unjust law is a crime against the government. To follow an unjust law is a crime against justice and the human spirit."

This law is not valid. It is unjust and illegal. It may not have been struckdown (yet). But recall Dred Scott.



My sincere hope is that AACS weaknesses are not confined to underground discussion and groups. I hope that it will eventually end up like CSS and other DVD protection methods. I think at this point there's no point in trying to protect DVD's and crack down on DeCSS/DVD43/DVDDecrypter. The protection has been hacked to pieces. The cats out of the bag. It's something they have to live with and they have decided that they won't make the same mistake with AACS. Looks like maybe they have though :-P
drbuzz0 is offline   Reply With Quote
Old 28th December 2006, 17:27   #60  |  Link
nonphixion
Registered User
 
Join Date: Feb 2005
Posts: 18
First, great job on this.

Second, i am receving an error when running the app.

C:\hd\backuphddvd
Error occurred during initialization of VM
Unable to load native library: The specified procedure could not be found

java.exe gives the err "The procedure entry point _JVM_GetClassConstantPool@8 could not be located in the dynamic link library jvm.dll

i copied jvm.dll to the dir specified in the earlier post, and i get the first error. Any ideas?
nonphixion is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 10:27.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.