BackupHDDVD, a tool to decrypt AACS protected movies

[vsv]

Quote:

Originally Posted by tonyp12

HDDVD uses VC-1 a very similar compression to H264.
There is no magic way to re-compress the video
from 20Gb down to 8GB and still look 99% as the original.


Now that AVC versions of mpeg4 are out you probably could get 70% quility.

Encoding for HD-DVD must have short GOP 0.606s max. and a lot another restrictions. You just can not use all power of AVC codec.
VC1 just polished for HD-DVD.For online distributed content no need restriction as for HD-DVD authoring.
In this case as said Golgot13 you can encode 1080p to avc at 6-8Mbps long GOP's and this be equal in quality to 12-16Mbps of VC1 on HD-DVD.

[oddball]

I'm thinking it's the revocation process which needs to be 'fixed' anyhow. All this talk of hacking/cracking the keys for decrypting is rather moot in that scenario.

Get around the revocation and the other stuff will probably seem simple.

I myself would not like to risk getting the key to decrypt an HD-DVD only to find I cannot play certain titles further down the line because they were revocated and my software/hardware 'silently' blacklisted them when the disc was inserted.

That is the insidious nature of this AACS system. I think people posting keys will only make this happen faster. Best to let the software pull the key from say PowerDVD 6.5 and not show it to the user. Let the key be used internally by the decryption software (No breaking of AES involved if the unencrypted key can be pulled from memory space). I assume that each disc must have it's own key? Otherwise if they blacklist a key on a title wouldn't it blacklist on everyone's player? I obviously must be missing something

[hajj_3]

shall we take bets, its jan 2nd in 56mins, im betting that on jan the 2nd we will not got a new version of this program, nor will the guy post in here at all.

[oddball]

LOL. FBI get!

[0xdeadbeef]

Quote:

Originally Posted by oddball

I'm thinking it's the revocation process which needs to be 'fixed' anyhow. All this talk of hacking/cracking the keys for decrypting is rather moot in that scenario.

The revocation list of player keys is stored inside the HD-DVD drive. And it's the drive that decides to authenticate a player that was blacklisted. So I guess hacking the drive's firmware would be needed for this.

Quote:

Get around the revocation and the other stuff will probably seem simple.

As I wrote before: if the revocation mechanism could be bypassed in certain drives, these drives together with a vulnerable player (or the player key and a separate implementation of the authentication process) would be able to deliver the disc/title keys until the end of time. This would practically circumvent AACS without having broken AES128. Still you would need a special drive with patched firmware to read out the keys.

Quote:

I myself would not like to risk getting the key to decrypt an HD-DVD only to find I cannot play certain titles further down the line because they were revocated and my software/hardware 'silently' blacklisted them when the disc was inserted.

The revocation list is not about titles, but about players. So if PowerDVD is blacklisted, the player key is stored in the drive's non volatile memory and from this moment, the drive doesn't respond to this player key any more in the authentication process.

Quote:

That is the insidious nature of this AACS system. I think people posting keys will only make this happen faster. Best to let the software pull the key from say PowerDVD 6.5 and not show it to the user. Let the key be used internally by the decryption software (No breaking of AES involved if the unencrypted key can be pulled from memory space). I assume that each disc must have it's own key? Otherwise if they blacklist a key on a title wouldn't it blacklist on everyone's player? I obviously must be missing something

As I said: it doesn't matter if the player key is used directly, indirectly or whatever. It will not prevent it from being blacklisted. And again: not the title is blacklisted but the player key.

[video]

Quote:

Originally Posted by Golgot13

Today, there is not region code on HD DVD disc and on HD DVD drive
(all X360 HDDVD drive are same on the world).


Golgot13

okay but it is tagged as "Compatible with Xbox360™
Japanese", OK I know that's not a big deal, but I wouldn't like to end up with a drive paid for $200 and plays only japanese animes

[Sagittaire]

Quote:

Originally Posted by vsv

Encoding for HD-DVD must have short GOP 0.606s max. and a lot another restrictions. You just can not use all power of AVC codec.
VC1 just polished for HD-DVD.For online distributed content no need restriction as for HD-DVD authoring.
In this case as said Golgot13 you can encode 1080p to avc at 6-8Mbps long GOP's and this be equal in quality to 12-16Mbps of VC1 on HD-DVD.

The majors restriction is just short GOP and only for low framerate source (short gop at 0.6006 sec is not a major restriction for 50/60 Hz sources). You can use CABAC, inloop, AQ, CQM, 2 adaptative bframes, wpred, Max Pref at 4, Max Bref at 3. There are vbv restriction but it's not a problem for 6-8 Mbps encoding (max at 29.4 Mbps with very large buffer at 30 Mbits). Short gop produce perhaps something like 10% or 15% efficiency loss for H264 if you compare with unlimited gop but not more.

[dchard]

"I decide to track down the "Volume unique key" instead of title key.
I found it also! I'm preparing BackupHDDVD V1.00, that will support volume key and title keys."

This means, that the program will contain an empty variable - like with title keys - which is must be figured out somehow, but I think, we get a "Think about it" class answer for the question "How to get the volume uniqe key?" I know that he/she cannot provide us detailed informations about that in here, but many other ways should be.

Dchard

[edo1080]

Quote:

I know that he/she cannot provide us detailed informations about that in here, but many other ways should be.

Right! I hope that with the release of BackupDHDDVD 1.00 more tech hints will be revealed

[KoD]

To people that don't have the technical baggage to understand it by themselves: all the required tech hints were already provided by the person that made the first post and some of those that replied in this thread.

And also, it is not the AACS protection system that was "cracked", but a software player failed to protect the decryption keys because of lazy programmers and haste to "release the player faster". This will change in future player versions, and although any software player can be reverse engineered to grab the keys again, you will not get a "press butan, get rip" commercial application out of this because it will be illegal in many if not all parts of the world. So no "AACS hacked" nonsense, please.

[Hellreaper]

muslix64 will either...

...never post in here again.

...or tell you soon that there were some problems with the program and that you will have to wait until xx.xx.2007.


Face the truth, it took about two years until DVD keys were extracted.


If he/she had really done it, she/he had released the key extraction method. The program with the weakness would have been withdrawn or changed, no doubt, but it also would have been seriously verified that someone found a way to compromise the whole encryption/decryption process. (not AACS itself)

A real hacker/cracker is interested in releasing proof, not in releasing videos. You don't get scene credits for releasing videos.

[dchard]

Quote:

Originally Posted by KoD

you will not get a "press butan, get rip" commercial application out of this because it will be illegal in many if not all parts of the world

DVD decrypting/copying is also illegal in most parts of the world, and see how many one-click decrypter in the market. Yes: not only a P2P distributed tiny software of a hacker, but commercial products.

A little off: could someone provide me some sort of info about HD-DVD-ROM directory/file structure? I found it for Blu-Ray (BD is more well documented than HD-DVD many other ways also), but I can't find it for HD-DVD. Searched the original documentations on dvdforum.org, but found nothing.

Thanks.

Dchard

[edo1080]

Quote:

A real hacker/cracker is interested in releasing proof, not in releasing videos

I don't think he's an hacker or a cracker, he simply is someone who needed to backup his discs and found a way to do it. So I don't need he wants to show us how "skilled" he is. I think we have to thank him for this program, he could also have kept it for himself, without running any risk.

[Gradius]

Quote:

Originally Posted by Hellreaper

Face the truth, it took about two years until DVD keys were extracted.

In 1997/1998 a Toshiba DVD-ROM 2x (max) + a mpeg-2 video decoding card for PC was USD$ 1000~1200.

DeCSS appeared in october 1999, thanks to 3 (three) people, not just Jon ! That all (2 years) was because the COSTS of DVD hardware (DVD-ROM), not the complexity !

Today isn't different, of course, the "complexity" is way better now.

[noclip]

The key revocation system and BD+ are an all-out assault on fair use. To revoke or change a key, studios would have to have found out that disk was compromised, and by that time the movie would already be up on the torrents. The only use that the draconian copy protection on HD formats prevents is fair use backup and transcoding by legitimate consumers.

[hallway]

Quote:

Originally Posted by Hellreaper

muslix64 will either...

...never post in here again.

Do a Google search on 'muslix64' and literally every result is related to him/her and the HD-DVD crack... I know it's big news and all, but I've got a bad feeling about this one.

Quote:

If he/she had really done it, she/he had released the key extraction method. The program with the weakness would have been withdrawn or changed, no doubt, but it also would have been seriously verified that someone found a way to compromise the whole encryption/decryption process. (not AACS itself)

A real hacker/cracker is interested in releasing proof, not in releasing videos. You don't get scene credits for releasing videos.

The video at YouTube was certainly unnecessary and was quite well done. It sure wasn't webcam quality, in fact, it was pretty good quality and it was done by a 2nd person. As you say about a real hacker, they're more interesting in improving their program, fixing bugs, etc, etc and the time and effort spent making the video was wasteful.

[DanITman]

Quote:

Cyberlink Responds to Alleged AACS Crack

With the HD DVD AACS Crack/Hack that supposedly happened last week, I said that Cyberlink would most likely issue some additional information on the matter. I just got an e-mail from the people at Cyberlink with some great information. Above all, Cyberlink is sure PowerDVD's implementation of AACS fully protects HD DVD contents.

* First of all, PowerDVD complies to AACS compliance rules to ensure HD DVD contents are fully protected. Cyberlink is confident that PowerDVD fully protects HD DVD contents.
* Secondly, PowerDVD does not keep "Title Keys" in system memory. Cyberlink is not sure how the user got the Title Key and notes that the released tool nor the video on YouTube provides the information on obtaining the Titles Keys.
* Thirdly, there are no evidences that the user is using PowerDVD to hack/crack HD DVD video content. He or she was simply using PowerDVD to playback the video that was ripped with other software. PowerDVD supports evo video file format playback.

Overall, it doesn’t look like AACS or Cyberlink have found any faults in PowerDVD. So, at this point no updates will be issued for PowerDVD and the verdict is still out on whether or not additional playback software was used to obtain the Title Keys. No one has yet to prove that the keys can be obtained through a memory dump or any other methods.

Yet again, AACS wasn’t cracked/hacked and the one piece of the puzzle for obtaining the Title Keys doesn’t appear to add up.

Thanks goes out to Cyberlink for the information.

http://msmvps.com/blogs/chrisl/archi...02/463980.aspx

[JarrettH]

I guess we find out if this is omgbs today.

[dchard]

"PowerDVD does not keep "Title Keys" in system memory"

OK, but where it is? It must be in somewhere it is shortly accessible many times, because the decoding of the encrypted is in real time, and this is a huge amount of data.

So the big question: where it is?

Dchard

[Sy]

Maybe it's not PowerDVD's memory dump that Muslix is reading to obtain the key? He never said ir was cyberlink's software. Perhaps he is reading the mem dump of WinDVD. I dunno.. I just hope Muslix comes back to provide a little more direction.. It would be nice is others out there could verify that they had done a successful rip too!

~Sy