New Processing Key found!! (MKB v3 is now open)

[FoxDisc]

Quote:

Originally Posted by bourke

hardware players will probably see hypervisor-style hardening soon if players keep being compromised at this rate!

I'm sure people are working on the hardware players, but so far there's not much sign they've been seriously compromised. I suspect the software players will stay in the forefront for quite awhile before the LA begins to worry too much about the hardware players.

[FTX]

Quote:

Originally Posted by arnezami

There is still quite a bit for them to throw at us: sequence keys, using multiple processing keys, bd+, forced firmware patches. You name it.

It will be interesting what they have to say. What could they say? New version: instantly opened. How do wrap that in a few PR sentences?

arnezami

It is clear that the HD-DVD camp has virtually no protection since it only has AACS and that is solved quickly by you guys and by the Slysoft crew.

What will be interesting to follow, is how good (or how long) BD+ will be able to resist circumvention. I guess we will find out once the "BD+ enabled" disks will arrive.

and congrats on the great work done allready

Cheers

F

[FoxDisc]

Quote:

Originally Posted by FTX

It is clear that the HD-DVD camp has virtually no protection since it only has AACS and that is solved quickly by you guys and by the Slysoft crew.

The AACS system still has features that have not been implemented, and those features could pose a problem in the future. I wouldn't agree that AACS has no teeth left. Right now the entire movie gets decrypted with a single VUK. If Sequence Key Blocks are implemented, decryption will require multiple keys in addition to the VUK used now, and each of those keys will be used for only a moment on small areas of the data. It could be significantly more difficult to solve SBK protection.

It will be interesting to see the LA's next move.

There were lots of people here who could barely contain their eagerness to get hold of new discs with new MKBs. If I was the LA, I might do nothing for a while - at least it would frustrate their "enemy" and they wouldn't get another of those headlines saying AACS was cracked in 30 seconds.

[greath]

Quote:

Originally Posted by FoxDisc

If I was the LA, I might do nothing for a while - at least it would frustrate their "enemy" and they wouldn't get another of those headlines saying AACS was cracked in 30 seconds.

It was mentioned on AVS that the AACS Licence says that MKBs can only be changed once every 90 days. It takes time for the replicators to switch from one MKB to another, and if they had to do this more often they would be a bit frustrated! So 90 days from the 23rd April ( was that the last date ) will be the earliest release of the next MKB.

[KenD00]

Quote:

Originally Posted by FoxDisc

If Sequence Key Blocks are implemented, decryption will require multiple keys in addition to the VUK used now, and each of those keys will be used for only a moment on small areas of the data.

I've read this many times now and i think this is not true. The aacs spec (at least the HD-DVD one) talks about a minimum length of a sequence key section, but no maximum length. So it is possible that the whole movie is a sequence key section, however this is unlikely because that would blow the space requirement by factor 8 (for HD-DVD, not sure about BD, this looks more complicated there). But thats not so important anyway, because you exactly know when a sequence key section is played back (you need to decode the corresponding map file) so you know when to look for the keys .

[awhitehead]

Quote:

Originally Posted by greath

So 90 days from the 23rd April ( was that the last date ) will be the earliest release of the next MKB.

For starters, this is not 100% correct. Earliest currently known timestamp on an MKB v3 disc (Matrix 2) is April 5th. Latest known timestamp on an MKB v1 (Matrix 1 and Children of Men EU) is March 27th. So it took ~7 weeks for the first MKB v3 discs to make it to comsumers.

So technically, as early as beginning of July we could see new version of MKB.

However....

The earliest MKB v3 was broken would be around May 17th (give or take a few days, but May 22th release date for Matrix was broken, and some people got Matrix boxset early), when AnyDVD HD was updated. So this is the earliest that AACS LA knew that MKB v3 is compromised, and that assumes no time for verifying the claim, technical analysis of the attack, etc.

In addition I am not sure if the agreement states "90 days from the last rollover", or "90 days since we notify you". This could have an effect on the street date of the new MKB too.

There still haven't been any response from AACS LA on the subject.

Last AACS update involved partitioning of the device tree for the software players, which (and FoxDisc will correct me if I misunderstood) currently allowes AACS LA to tell exactly which software player leaked the processing key (Even if we don't know which one it was), since it was the only unrevoked one in the newly partitioned tree. This partitioning was effective in telling which player leaked, but ineffective in preventing the compromise. There is also the possibility that SlySoft is using a different processing key, from a different player, resulting in two compromises (SlySoft is further along in reverse-engineering the updates, since they have the unrevoked private key of a player as well, and can talk to the drive, while we have to do the VID firmware hack).

While you can use SKBs to present different decoded signal to different classes of players (and, say, prevent HTPC users from playing back video, or from playing back a radically different version of the video), it's not where the crack in AACS armor is.

Software players have holes, and when the OS is not fully controlled and trusted, and as long as the kernel debugger can be used to alter the OS, software players will be the point of attack.

At the same time SKBs require engineering time to implement, and master correctly.

If there was a hypothetical black box service, where people could provide to an entity a copy of mkbrom.aacs and VID, and out would pop the VUK, then yes, SKBs would be essential. But the processing keys disclosed here are widely known. Why spend time dealing with something that is not the core problem?

It is possible that at this point AACS LA will push for dropping support of XP as the OS, and forcing people to use Vista, since Vista likely has better support for prevention of things like this. Microsoft is unlikely to oppose this, since that means more OS license sales for them.

At the same time, long term pressure by might be to push for wider adoption of trusted computing modules in hardware and software (and remember that Microsoft is a member of AACS LA and has interest in both BD and HD-DVD, and does dictate to the motherboard manufacturers what to build onto boards).

This doesn't have to be a conventional TCM module either. Cyberlink currently supports only a handfull of higher end cards, to which it offloads the processing. At the same time, remember the older copy protection schemes for expensive software, such as AutoCad? Parallel port dongles?

We might see video decoding chip with keys that is either on the video card (your video card already does HDCP, why not do AACS as well? Force bus encryption from the drive to the video card for new cards as well, while you are at it) or on a USB (or some other) dongle (again, encrypted signal in, unencrypted signal out.)

Various forms of TCM are likely about a year away, if not longer (hopefully longer). Of course, with TCM the problem would change from obtaining the VUK and decoding the data, into convincing the TCP chip that you are an authorised piece of software.

Just some ramblings. Take them with a boatload of sea salt.

So just to summarise:

Problem with AACS is the protection of the players.

It's impossible to protect the current generation of software players, since they run on user-controllable and subvertible OS

SKBs are not (yet) an answer

MKBs will likely roll by middle of August.

[Galileo2000]

Quote:

Originally Posted by awhitehead

For starters, this is not 100% correct. Earliest currently known timestamp on an MKB v3 disc (Matrix 2) is April 5th. Latest known timestamp on an MKB v1 (Matrix 1 and Children of Men EU) is March 27th.

So technically, as early as beginning of July we could see new version of MKB.

However....

The earliest MKB v3 was broken would be around May 17th (give or take a few days, but May 22th release date for Matrix was broken, and some people got Matrix boxset early), when AnyDVD HD was updated. So this is the earliest that AACS LA knew that MKB v3 is compromised, and that assumes no time for verifying the claim, technical analysis of the attack, etc.

There still haven't been any response from AACS LA on the subject.

Last AACS update involved partitioning of the device tree for the software players, which (and FoxDisc will correct me if I misunderstood) currently allowes AACS LA to tell exactly which software player leaked the processing key (Even if we don't know which one it was), since it was the only unrevoked one in the newly partitioned tree. This partitioning was effective in telling which player leaked, but ineffective in preventing the compromise. There is also the possibility that SlySoft is using a different processing key, from a different player, resulting in two compromises (SlySoft is further along in reverse-engineering the updates, since they have the unrevoked private key of a player as well, and can talk to the drive, while we have to do the VID firmware hack).

While you can use SKBs to present different decoded signal to different classes of players (and, say, prevent HTPC users from playing back video, or from playing back a radically different version of the video), it's not where the crack in AACS armor is.

Software players have holes, and when the OS is not fully controlled and trusted, and as long as the kernel debugger can be used to alter the OS, software players will be the point of attack.

At the same time SKBs require engineering time to implement, and master correctly.

If there was a hypothetical black box service, where people could provide to an entity a copy of mkbrom.aacs and VID, and out would pop the VUK, then yes, SKBs would be essential. But the processing keys disclosed here are widely known. Why spend time dealing with something that is not the core problem?

It is possible that at this point AACS LA will push for dropping support of XP as the OS, and forcing people to use Vista, since Vista likely has better support for prevention of things like this. Microsoft is unlikely to oppose this, since that means more OS license sales for them.

At the same time, long term pressure by might be to push for wider adoption of trusted computing modules in hardware and software (and remember that Microsoft is a member of AACS LA and has interest in both BD and HD-DVD, and does dictate to the motherboard manufacturers what to build onto boards).

This doesn't have to be a conventional TCM module either. Cyberlink currently supports only a handfull of higher end cards, to which it offloads the processing. At the same time, remember the older copy protection schemes for expensive software, such as AutoCad? Parallel port dongles?

We might see video decoding chip with keys that is either on the video card (your video card already does HDCP, why not do AACS as well? Force bus encryption from the drive to the video card for new cards as well, while you are at it) or on a USB (or some other) dongle (again, encrypted signal in, unencrypted signal out.)

Various forms of TCM are likely about a year away, if not longer (hopefully longer). Of course, with TCM the problem would change from obtaining the VUK and decoding the data, into convincing the TCP chip that you are an authorised piece of software.

Just some ramblings. Take them with a boatload of sea salt.

So just to summarise:

Problem with AACS is the protection of the players.

It's impossible to protect the current generation of software players, since they run on user-controllable and subvertible OS

SKBs are not (yet) an answer

MKBs will likely roll by beginning of August.

Dongles had proved it's total ineffectiveness long time ago. Adobe used one for AE, it does not use it anymore for any of its software offerings. Quoting one of the vice presidents of Adobe from a year 1999, "Software protection with the dongles is fine, except dongles are expensive and do not really work in terms of protecting the software".

And consumers have another choice: boycott all this stuff. And most of them entertain this choice right now. And once any "unbreakable", "trusted" form of the "protection" (it protects ME from watching my Purchased stuff on the platform of my choice) is implemented, I'll entertain this choice as well in terms of purchasing their new releases which I will not be able to watch unless I throw close to $10K replacing my perfectly working computers and TVs.

Of course it is a technical challenge for them as well as for us.

So it is entertaining for now

But very poor economical choices for the studios.

[FoxDisc]

Quote:

Originally Posted by KenD00

I've read this many times now and i think this is not true. The aacs spec (at least the HD-DVD one) talks about a minimum length of a sequence key section, but no maximum length.

I don't recall any maximum length for the SK segments either. Was it my comment that they'd "be used for only a moment on small areas of the data" that you thought was wrong? I suppose they could use it for long sections, subject to the space limits you mentioned, but the alleged purpose of SKs is to watermark the movie for traitor tracing in a way that allows you to identify which specific device in an S-D set did the decryption. Watermarking implies (to me) a fairly short stretch of data - just enough to identify it.

However, I don't think they really are interested in watermarking. They've used the "poor man" method of traitor tracing - they used a tiny S-D set of only one device, so unless they assigned the same device number to different software, they know where the public Processing Key came from (and the hidden PK Slysoft used if it's not the same).

I think the reason they might start using SKs is to break the current software and database schema here and to make it harder to find the multiple VVUKs needed for decryption. If their purpose is to hide those keys, I'd expect them to make short brief usage. Since SK segments eat up disc space 8 times faster than regular data and give an attacker more opportunities to see what's happening, I don't see much reason for longer than minimum segments.

Quote:

you exactly know when a sequence key section is played back

I agree that SK segments are clearly marked, but then, so are regular DK data portions.

[FoxDisc]

Quote:

Originally Posted by awhitehead

Just some ramblings.

I pretty much agree with all these ramblings. SKBs aren't the answer for the AACS LA. The most they do is add a small additional layer of complexity. Perhaps the LA will find it worthwhile, perhaps not. There will be pressure for trusted computing, but that pressure has been there for a long time. Microsoft would love to see Vista as the sole platform for HD playback, but the software companies will fight that (market too small right now), and probably have contracts that let them sell on other platforms.

[awhitehead]

Quote:

Originally Posted by Galileo2000

Dongles had proved it's total ineffectiveness long time ago. Adobe used one for AE, it does not use it anymore for any of its software offerings.

You are right about boycotting.

Regarding dongles.... It all depends on the marketing. Going back to Cyberlink PowerDVD 7.x - it only works with a handfull of ATI and Nvidea video cards. Consumers still buy and use it. So here I think it could also depend on the marketing.

"Buy this 100 USD USB dongle, that has built in VC1 and H.264 compression/decompression chip, and you don't need a 3.2 Ghz Pentium to watch your videos in beautiful smooth 72 frames per second, and your home videos compress 10 times faster for those memories of your baby, and you can do something else on your PC while a video plays in the corner."

I mean, people buy this , so what stops them from revving it to have keys in the hardware? It's a matter of engineering and marketing.

[FoxDisc]

I read an analysis by one of the AACS system designers about how to build systems that comply with the AACS license requirements. It was intended for software/hardware guys and he seemed to be saying that the license required more than just trying to prevent cracks, which is what older DVD/CSS licenses required. He seemed to be saying that the AACS license was worded more strictly and required success.

I wonder if the open platform players could end up getting cut off because they could not succeed.

Quote:

He seemed to be saying that the AACS license was worded more strictly and required success.

Well, in the classified sector government agencies also required success, and still the suppliers' schemes were broken.

As for the Vista DRM capabilities, it has been demonstrated a few months ago that PVP and assorted kernel-mode technologies can be subverted by the user simply because the Windows devs implemented the backdoors themselves (ironically, often in order to grant Windows Media Player and other MS tools direct access to the OS).

[Galileo2000]

Quote:

Originally Posted by honai

As for the Vista DRM capabilities, it has been demonstrated a few months ago that PVP and assorted kernel-mode technologies can be subverted by the user simply because the Windows devs implemented the backdoors themselves (ironically, often in order to grant Windows Media Player and other MS tools direct access to the OS).

That's what I wanted to hear

Can you provide a link?

[FoxDisc]

Quote:

Originally Posted by honai

Well, in the classified sector government agencies also required success, and still the suppliers' schemes were broken.

The point I was trying to make was that this might be one of the few ways they could actually close off the entire "open platform" i.e. software player market despite contracts that have probably been signed between the software companies and the LA. The LA says "You are in breach since you didn't succeed so you get no more Device Keys."

[meditate2]

Quote:

Originally Posted by Galileo2000

Dongles had proved it's total ineffectiveness long time ago. ....."Software protection with the dongles is fine, except dongles are expensive and do not really work in terms of protecting the software".

I doubt it, the ONLY "normal" protection i know which is not broken for over a year now, is a dongle protection. And it is used for THE programs in the audio area(new Cubase for example , #1 audio sequencer), so many groups tried but bitten their teeth out of this. Syncrosofts previous protection was cracked by "H2O", formerly THE cracking group in the audio area, but they said that it was such a huge work that it took easily over 1000 hours and that they dont want to do something like this again....

http://www.syncrosoft.com/Jan._25_20...ths-78-86.html

Fortunatly this protection wouldnt work that easily with movies....

Anyway keep up the good work, guys...

[diogen]

Quote:

Originally Posted by Galileo2000

That's what I wanted to hear
Can you provide a link?

I think this is the one.

Quote:

Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP)...

http://it.slashdot.org/article.pl?sid=07/01/29/1811201

Quote:

Originally Posted by FoxDisc

Microsoft would love to see Vista as the sole platform for HD playback, but the software companies will fight that...

The are just two: Cyberlink and Intervideo. And according to Chris, nobody will get new licenses for XP players, nor will XP be updated to prevent key sniffing.

Quote:

they will never enable HD DVD playback in any other method then what's there now (eg. PowerDVD/WinDVD) in Windows XP...
Windows XP is done in terms of new features. That's it, nothing new will become.

http://www.avsforum.com/avs-vb/showt...&#post10649617

Diogen.

[FoxDisc]

Quote:

Originally Posted by diogen

Quote:

The are just two: Cyberlink and Intervideo. And according to Chris, nobody will get new licenses for XP players, nor will XP be updated to prevent key sniffing.

Those were interesting links - thanks. I'm not quite sure of the point you are making though. It seems likely that Cyberlink and Intervideo are the only two because they're the only ones with enough cash to pay license fees and other costs and still expect to make a profit. To recover those costs, they need to keep selling to the XP market. Microsoft will certainly not improve XP, so if the key leakage continues, as seems likely, the question becomes what the LA will do.

Do they have the right to terminate Cyberlink and Intervideo? Would they want to? The studios want to sell discs and at least for now, large file sizes, slow transfer speeds and high blank media costs limit the actual financial impact of any hidef copying. Customers will scream pretty loudly if their software suddenly turns off as the LA cuts off Cyberlink and Intervideo.

It looks to me like the LA will keep on struggling by playing the cat and mouse game. There seems to be few other options for them.

[Galileo2000]

Quote:

Originally Posted by diogen

I think this is the one.
http://it.slashdot.org/article.pl?sid=07/01/29/1811201
Diogen.

Thanks Diogen.

I think the entire PMP thing is an insult to the consumers, plain and simple.

Quote from the comments to the article:
"As a user of the Windows Home Operating Rights Environment, I must state for the record that all of my transactions with said system are completely clean, and take place using the most effective protection available. If you truly feel that some of your Media exchanges are tainted, I'd suggest it's probably because you didn't pay the requisite PMP fees."

Quote:

Do they have the right to terminate Cyberlink and Intervideo? Would they want to? The studios want to sell discs and at least for now, large file sizes, slow transfer speeds and high blank media costs limit the actual financial impact of any hidef copying. Customers will scream pretty loudly if their software suddenly turns off as the LA cuts off Cyberlink and Intervideo.

I tend to believe that the opposite is true, i.e. if it weren't for proliferation of HD media to the PC desktop market both formats would be dead by now. The AACS LA actually needs the Windows XP player sales for now.

Same thing happened to the DVD. Sales went up, not down, after CSS was beaten. Though that might be a correlation rather than causality.

[diogen]

Quote:

Originally Posted by FoxDisc

...Do they have the right to terminate Cyberlink and Intervideo? Would they want to?

That's the million dollar question...
I think MS and the rest of the gang have different views on this issue.

Quote:

Originally Posted by FoxDisc

...The studios want to sell discs and at least for now, large file sizes, slow transfer speeds and high blank media costs limit the actual financial impact of any hidef copying.

Let's hope their priorities are in this order.
The very fact that DVDDecryptor and RipIt4Me were "killed" today when only a lazy can't copy a regular DVD, means that they take it "personally".
Hence, I have a hard time to imagine they would let this game continue for long.

Quote:

Originally Posted by FoxDisc

...Customers will scream pretty loudly if their software suddenly turns off as the LA cuts off Cyberlink and Intervideo.

They certainly will. But will studious listen?

Diogen.