Irdeto

[xenex]

Has anyone heard about this? Apparently the Irdeto firm has acquired the advanced BD+ technology from Rovi (previously known as Macrovision) and has advanced the static security model into one of dynamic security.

I read an article by someone who claimed to have had breakfast with a person who claimed to be a VP of Irdeto. It's interesting. Instead of the normal short-lived cycle of typical DRM, Irdeto's 'Active Cloak' technology increases the DRM life-cycle using a holistic approach to DRM by streamlining the digital security model by using proactive measures in the digital domain.

They seem to have a fairly high buzz-word compliant statement.

As well, they claim that by using key staff to decimate the perceived failures of static protection, the active cloaking DRM has the formal advantage of giving service providers a network-managed method of determining the previous inadequacies of static protections and can offer a new method of dynamic DRM which has never even been seen or contemplated!

No, none of this makes any sense to me.

Oh, and I forgot to include the <SARCASM> tag.

[setarip_old]

@xenex

Hi!

Even if there's a modicum of truth to this, the question that comes to mind immediately is, if "Cinavia"/Verance watermarking is the end all and be all - and is contractually MANDATED with a price tag for what is essentially the Blu-ray "world", why would the studios (AACS LA members) be interested in this?

[derbeDeus]

Yeah, this has been there for a while.
Looks like now we have some sort of competition in the BD+ world (Rovi vs Irdeto), who can protect discs better.

[xenex]

I only brought up this "Irdeto" stuff after seeing a rant by Peer from Slysoft here:

http://forum.slysoft.com/showthread.php?t=51234

What's even funnier, though, is the last post in that thread here:

http://forum.slysoft.com/showpost.ph...4&postcount=19

That poster mentioned this video:

http://www.youtube.com/watch?v=0E1WB38EHhc

And described it - "Here's a summary of the plot: An Irdeto guy wearing an active cloak uses his blaster on bugs and attaches sophisticated weaponry to a rocket. I want such an active cloak, too! And I'd like to buy the blaster!" I thought he was joking! He wasn't!

Irdeto is a little cartoon man with a blaster. Nice. There is no THERE THERE. What is it, LOL? What does it do? Spout buzzwords?

-xenex

[derbeDeus]

Heh, very nice read.
Thanks for sharing

[xenex]

I think it will be interesting to see (as claimed in the above Slysoft thread) IF the Blu-Ray release of "Contagion" (due Jan 3) will not play on software players, due to heavy handed attempts at DRM via BD+

It's bad enough how they corrupt DVD's these days. A forced recall on a major Blu-Ray title due to faulty DRM would amuse me. But I think it is far more likely that they will maintain that the DRM is fine and just force updates on the software players. I guess we will see in a few weeks.

-xenex

[xenex]

I hate to double-post, probably not supposed to do that, but I've read more on this BD+ stuff and find some of it REALLY troubling. I found this post by Peer from Slysoft on the ArcSoft forum:

http://www.arcsoft.com/Forum/forum_p...-blu-ray#43721

Now maybe I'm slow, and everyone knew this but me, but I did NOT realize that Blu-Ray player software would allow native x86 code (via BD+) to run on a user's computer - OUTSIDE of the process space of the player itself - and allow it to snoop around and "examine" your system. I see this as a BIG MAJOR issue. What a security flaw that is, if just by playing a Blu-Ray, Hollywood gets to run code on your system that does who-knows-what!

Perhaps Peer from Slysoft might tell us more about this. I'm not a member of the forum over there, but I know he posts here from time to time.

This is a scary issue, I think.

-xenex

[rotty]

Quote:

Originally Posted by xenex

I hate to double-post, probably not supposed to do that, but I've read more on this BD+ stuff and find some of it REALLY troubling. I found this post by Peer from Slysoft on the ArcSoft forum:

http://www.arcsoft.com/Forum/forum_p...-blu-ray#43721

Now maybe I'm slow, and everyone knew this but me, but I did NOT realize that Blu-Ray player software would allow native x86 code (via BD+) to run on a user's computer - OUTSIDE of the process space of the player itself - and allow it to snoop around and "examine" your system. I see this as a BIG MAJOR issue. What a security flaw that is, if just by playing a Blu-Ray, Hollywood gets to run code on your system that does who-knows-what!

Perhaps Peer from Slysoft might tell us more about this. I'm not a member of the forum over there, but I know he posts here from time to time.

This is a scary issue, I think.

-xenex

Hi xenex

If this is true then we should ALL collectively take them to court and sue them. Any studio supporting this on their title(s) should be totally shunned instantly by the public.

Also of course, when people find out that they are being spied on then disk sales will suffer greatly.

[derbeDeus]

It is true and it is happening for quite a while (since Avatar last year, iirc).
Not the best source of info, but look for Native. Or look in BD+ pattents for native code.

Some players put the native code that comes from BD+ in a file on your HDD. Try playing Xmen: First class, Star Wars or any BD+ title that's newer with TMT5 and look in
My Documents\ArcSoft\TotalMedia Theatre 5\LocalStorage\BDJ\temp to find vendor_module_temp.dll. Upload it to www.virustotal.com and enjoy :P
Btw: the dll is packed and scrambled so no quick peek They don't really want you to know what they look for on your system.

It's also related to the slowdown in BD+ processing of discs (from Avatar and newer) with AnyDVD. The BDJ and BD+ were messing around with the system a lot more.

BD+ discs can do WHATEVER they want (considering the level of privilege the bd player was ran on). Since it is for the system just a dll of the bd player, it can access internet and download more stuff (tests for your system) at will.

It is indeed a large hole in PC's security that they got away with so far.

[diogen]

Quote:

Originally Posted by setarip_old

Even if there's a modicum of truth to this... why would the studios (AACS LA members) be interested in this?

BD+ and Verance are different types of DRM: the first is designed to prevent copying, the second - to prevent playback after the copying succeeded.
Sort of first vs. second line of defence...

BD+ is a cash cow. Decoders have to be able to handle it, i.e. they must have a license.
Just like CSS on DVDs. Or VC1 codec...

Diogen.

[setarip_old]

@diogen

As I (completely) said earlier, if "Cinavia"/Verance watermarking is the end all and be all - and is contractually MANDATED with a price tag for what is essentially the Blu-ray "world", why would the studios (AACS LA members) be interested in this?

By "end all and be all", I'm referring to the purported invulnerability of the "Cinavia"/Verance watermarking system. If this was, in fact, the case, if I was a studio, I believe I could have no greater joy (regarding defeating piracy) than allowing unwitting (and "witting") pirates to copy my disc, only to find that they've made an unplayable copy - and I could then see no reason to add "old" or "new" BD+ to the equation...

[rotty]

Quote:

Originally Posted by setarip_old

@diogen

As I (completely) said earlier, if "Cinavia"/Verance watermarking is the end all and be all - and is contractually MANDATED with a price tag for what is essentially the Blu-ray "world", why would the studios (AACS LA members) be interested in this?

By "end all and be all", I'm referring to the purported invulnerability of the "Cinavia"/Verance watermarking system. If this was, in fact, the case, if I was a studio, I believe I could have no greater joy (regarding defeating piracy) than allowing unwitting (and "witting") pirates to copy my disc, only to find that they've made an unplayable copy - and I could then see no reason to add "old" or "new" BD+ to the equation...

You seem to be assuming that these people are rational.

When has ANYTHING they have ever done been rational.

[Peer van Heuen]

Quote:

Originally Posted by xenex

Perhaps Peer from Slysoft might tell us more about this.

Sure, I'll try to keep it short and comprehensive.

There's no point in complaining about those native modules. It has been in the specs from day one.
To quote the Hitchhiker's Guide:

Quote:

[The plans for destruction of your Earth] have been on display at your local planning department in Alpha Centauri for fifty of your Earth years

C'mon, video consumer, you honestly didn't read the BD+ specs? Now you're playing surprised?

Yes, sometime around Avatar, these native modules came up. At the time they were harmless little things that did a well-defined and simple, controllable job.
We didn't make a big fuss about it, because we thought, most people wouldn't grasp the potential threat this implied anyway. We did mention it, though (and as expected: no one cared enough to even comment on it).

You shouldn't worry too much about this vendor module causing any damage - and at least for now, you can rest on the comfortable knowlege that it's not sending any of your personal information through the internet.

Other aspects are more troubling:
At some point the developers of BD+ became reckless. They started testing structures in memory, that aren't documented anywhere. Others are, partially, but are "subject to change in the future".
They simply assumed, that what they saw on their dev PCs will be the same everywhere else.
Well it isn't.
That's why on some systems, you will see discs starting with the "Star Wars" collection occasionally show pixelation - unless you use AnyDVD. I've seen it myself and it has been reported on the ArcSoft forum by others.

But, Ok, on most systems, you'll be lucky, so this might not make you worry.

Then this should:

They use Themida to protect their modules.
Now, this is not against Themida. That choice is ok for your everyday application.

Consider this small excerpt from Themida's release notes:

Code:

17-Dec-2004 Added support for Windows XP with PAE (Physical Address Extension) enabled 

30.Aug-2005 **** Vista beta 1 comes to existence ****
15-Nov-2005 Support for Windows Vista beta

08-Jun-2006 **** Vista beta 2 available ****
26-Jun-2006 Added support for Windows Vista Beta 2 
06-Oct-2006 Fixed compatibility wrapping some APIs under specific versions of Windows 2000/XP 

30-Jan-2007 **** Vista released ****
16-Feb-2007 Minor bugs fixed on Vista 
10-Jul-2008 Fixed relocations issue under Vista for specific DLLs 

07-Jan-2009 **** Windows 7 beta available ****
07-May-2009 Fixed compatibility issue with Windows 7 build 7077 

??-???-???? **** Windows 8 beta available ****
20-Oct-2011 Fixed compatibility issue in API-Wrapper under Windows 8

As you can see, with pretty much every new version of Windows, Themida needed updating to regain compatibility (that is because Themida does a lot of undocumented stuff as well).
Not a big problem for normal applications. If the manufacturer still exists, they'll release a fix and it's done.

But imagine you'd bought your disc in early 2007 (pretend, it would have had today's native dll protected with Themida from back then).
Given the list up there - how do you estimate your chances that this disc would still play if run under Windows 7? Windows 8? Windows 15? Do you think you'll get an update from the manufacturer?

Or even if it didn't have Themida - consider what I wrote above: incompatibilities with some systems already, causing pixelation today, because BD+ thinks "something's fishy", when it's not - because you're the unlucky guy who doesn't have the same system, the developer did.

Now, do you believe your Star Wars disc will become more compatible with future versions of Windows?

Think about it.

[Ghitulescu]

Quote:

Originally Posted by xenex

Now maybe I'm slow, and everyone knew this but me, but I did NOT realize that Blu-Ray player software would allow native x86 code (via BD+) to run on a user's computer - OUTSIDE of the process space of the player itself - and allow it to snoop around and "examine" your system. I see this as a BIG MAJOR issue. What a security flaw that is, if just by playing a Blu-Ray, Hollywood gets to run code on your system that does who-knows-what!

The Blu-ray discs were never intended to be played on computers. Please see this ability as a bonus feature. The PC is too insecure "today" to be allowed as a "trusted source".

Quote:

Originally Posted by setarip_old

As I (completely) said earlier, if "Cinavia"/Verance watermarking is the end all and be all - and is contractually MANDATED with a price tag for what is essentially the Blu-ray "world", why would the studios (AACS LA members) be interested in this?

By "end all and be all", I'm referring to the purported invulnerability of the "Cinavia"/Verance watermarking system. If this was, in fact, the case, if I was a studio, I believe I could have no greater joy (regarding defeating piracy) than allowing unwitting (and "witting") pirates to copy my disc, only to find that they've made an unplayable copy - and I could then see no reason to add "old" or "new" BD+ to the equation...

The answer is extremely simple: the chain is not completely closed: there are milions of playback devices that do not trigger cinavia: most if not all PCs (this will be solved in the future by embedding the DRMs deep into CPU/GPU, it's just a matter of time), most if not all multimediaplayers (boxes, containing or not a HDD, that are connected to a TV, this will be soon "resolved" as they use the same SoC as the STB and BDplayers), most if not all mobile devices. Not even all BD-players are cinavied (this will come this year, though).

Quote:

Originally Posted by rotty

You seem to be assuming that these people are rational.
When has ANYTHING they have ever done been rational.

What they do is always rational - you simply don't have all the data to understand their reasoning - they think usually 20 years in advance, whereas you find the consequences years after. When you'll have it, you'll be scared to death. No joke intended.

[Peer van Heuen]

Quote:

Originally Posted by Ghitulescu

The Blu-ray discs were never intended to be played on computers. Please see this ability as a bonus feature. The PC is too insecure "today" to be allowed as a "trusted source".

That statement is incorrect.
The specifications - available very long before even the first Blu-ray disc was available - not only included PCs right from the beginning, they even made sure, they had an alternative decryption scheme compared to "hardware" players.

So clearly, they were intended to be played on computers.
(I'll not start nitpicking here by mentioning, that a set-top Blu-ray player is a computer as well ).

[mike20021969]

Quote:

Originally Posted by Ghitulescu

The Blu-ray discs were never intended to be played on computers.

After reading post #15, I'm now interested to see where your statement originates from...?

[Ghitulescu]

The reason CDR, DVDR and BDR appeared is to hold data, not "copied" music/videos. I am not at liberty to give you any details, but you can get enough information from Hewlett-Packard vs. GEMA trial, if you have the credentials to access those documents .

Quote:

(I'll not start nitpicking here by mentioning, that a set-top Blu-ray player is a computer as well ).

Everything is a computer, if one extends enough the definition. Unlike a computer, a BD-player is a trusted source with a closed source and an one-chip video-solution (the so-called SoC) which makes sure no decoded HD video is reached by non-authorised persons. Gone are the days when the hackers short-cut two pins or removed a resistor to get access to the signal.

The PCs are only indulged, so that the new BD medium not be be unnecessary impeded to win the race. It won, now everything will be locked down, gradually, as no alternatives are available.

[derbeDeus]

Quote:

Originally Posted by Peer van Heuen

C'mon, video consumer, you honestly didn't read the BD+ specs? Now you're playing surprised?

Yes, sometime around Avatar, these native modules came up. At the time they were harmless little things that did a well-defined and simple, controllable job.
We didn't make a big fuss about it, because we thought, most people wouldn't grasp the potential threat this implied anyway. We did mention it, though (and as expected: no one cared enough to even comment on it).

Now you don't expect ppl to start reading patents for fun or out of fear for their computer security.

BD+ full specs were not public to begin with. They were reversed by those interested in it, including those on this forum and I believe wiki BD+ page is based on this work.

Quote:

Originally Posted by Peer van Heuen

Other aspects are more troubling:
At some point the developers of BD+ became reckless. They started testing structures in memory, that aren't documented anywhere. Others are, partially, but are "subject to change in the future".
They simply assumed, that what they saw on their dev PCs will be the same everywhere else.
Well it isn't.

You mean the use of TRAP_DiscoveryRAM & friends?

Quote:

Originally Posted by Peer van Heuen

As you can see, with pretty much every new version of Windows, Themida needed updating to regain compatibility (that is because Themida does a lot of undocumented stuff as well).
Not a big problem for normal applications. If the manufacturer still exists, they'll release a fix and it's done.

But imagine you'd bought your disc in early 2007 (pretend, it would have had today's native dll protected with Themida from back then).
Given the list up there - how do you estimate your chances that this disc would still play if run under Windows 7? Windows 8? Windows 15? Do you think you'll get an update from the manufacturer?

Or even if it didn't have Themida - consider what I wrote above: incompatibilities with some systems already, causing pixelation today, because BD+ thinks "something's fishy", when it's not - because you're the unlucky guy who doesn't have the same system, the developer did.

Now, do you believe your Star Wars disc will become more compatible with future versions of Windows?

Think about it.

I'm not sure if an update would be even possible easily. Since the disc is out there, only chance would be the Internet. So the BD+ code would need to update itself from Internet. Which means that the native code would be split in 2 parts: one future-proof less protected to download updates and one themida-packed, etc.

Quote:

Originally Posted by Ghitulescu

The PCs are only indulged, so that the new BD medium not be be unnecessary impeded to win the race. It won, now everything will be locked down, gradually, as no alternatives are available.

I know what you mean... but it's a bit exaggerated. They will be "indulged" for a very long time from now on
PC BD players were the first to get in the BD+ list of "specially" handled devices and AFAIK they are the only ones to have native code written for. They are the weakest link and I assume at some point BD+ processing on PCs will become really-really silly (very much time consuming and error-prone), oh wait... we're already there.

[Peer van Heuen]

Quote:

Originally Posted by derbeDeus

Now you don't expect ppl to start reading patents for fun or out of fear for their computer security.

BD+ full specs were not public to begin with. They were reversed by those interested in it, including those on this forum and I believe wiki BD+ page is based on this work.

Ok, clearly, you haven't read the Hitchhiker's Guide to the Galaxy, otherwise you wouldn't have missed the sarcasm. OF COURSE IT IS IMPOSSIBLE FOR THE CONSUMERS TO READ THE SPECS. (On the other hand, if you've ever been to Alpha Centauri, please share the pictures).
The average user can't even tell, which discs have BD+ on them at all.

Quote:

Originally Posted by derbeDeus

You mean the use of TRAP_DiscoveryRAM & friends?

No, absolutely not. I'm not talking about the old kindergarden BD+ happy-time "traps". They are old news. And harmless.
I was talking about the native DLLs, they are beyond this simple little API. They are messing around with TEBs and PEBs (look those up, if you like, but you will not find much on the official MS pages - focus on hacker sites).

Quote:

Originally Posted by derbeDeus

I'm not sure if an update would be even possible easily. Since the disc is out there, only chance would be the Internet. So the BD+ code would need to update itself from Internet. Which means that the native code would be split in 2 parts: one future-proof less protected to download updates and one themida-packed, etc.

With current discs, no update is possible, there's nothing to be "not sure" about. No need to speculate.

[Ghitulescu]

Quote:

Originally Posted by Ghitulescu

The PCs are only indulged, so that the new BD medium not be be unnecessary impeded to win the race. It won, now everything will be locked down, gradually, as no alternatives are available.

Quote:

Originally Posted by derbeDeus

I know what you mean... but it's a bit exaggerated. They will be "indulged" for a very long time from now on
PC BD players were the first to get in the BD+ list of "specially" handled devices and AFAIK they are the only ones to have native code written for. They are the weakest link and I assume at some point BD+ processing on PCs will become really-really silly (very much time consuming and error-prone), oh wait... we're already there.

I realised that maybe I wrote something very interpretable: I know that the PCs can be used for BD playback, and this is actually a marketing bonuspoint.

I wanted to say that the PC must be "secure" in order to be able to play the original BDs, an insecure PC will equally play BDs, just in SD video/audio instead of HD, provided other conditions are met. Despite being technically a BD-playback I cannot call it that way since this resembles no longer a BD but a sort of HD2DVD. The trusted platform derivatives, which are for years embedded in various forms into the CPU/GPU can however prevent the playback of a non-original HD video/audio stream via FW/HW/SW upgrades. That will also solve the Linux "thorn" ....

So by locking down I meant that the user is driven through a very narrow passage, beyond his/her control, if s/he wants to play a BD or a DVD on his/her PC, and this passage can be anytime closed if the content distributors have this intent.

None of these are now possible in htis extent, but only the future will tell whether this is a doomsday scenario or a conspiracy theory. My personal belief is that they will implement it anyway, even if they may not use it, it harms not to have that lever in order to be able to push it anytime.