Log in

View Full Version : 37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure

LigH
12th February 2024, 15:19
DVD Video, Content Scrambling System: ❌
Blu-ray Video, AACS v1: ❌ (Free Speech Flag) — props to muslix64 (https://forum.doom9.org/member.php?u=116179) :cool:
Ultra HD Blu-ray, AACS v2: ❌ ... and already nearly obsolete by intel removing SGX from gen. 11+

media.ccc.de proudly presents a demonstration on the 37C3 (37th Chaos Communication Congress) that AACSv2 on Ultra HD Blu-ray has been broken too (https://www.youtube.com/watch?v=SEBuiecLZGg) (YouTube video)

The core attempt is breaking Intel SGX using side channel attacks and emulating the authentication in Python on a RasPI.

Minute 25: Wait ... did CyberLink accidentally ship their software debugging implementation with PowerDVD 20 Ultra?
hajj_3
12th February 2024, 17:33
this was posted in another thread a month ago.
LigH
12th February 2024, 17:37
But the video was released today...
hajj_3
12th February 2024, 17:43
But the video was released today...

https://forum.doom9.org/showthread.php?t=185232
LigH
12th February 2024, 17:49
... on YouTube. And while the CCC published it on their own server, I missed it in hospital. Sorry.
coricopat
14th February 2024, 00:00
I wonder whether anything that is actually practically usable for end-users comes out from this talk.

But I don't think the author actually released any code of how he did it.
LigH
14th February 2024, 14:53
It was mainly a proof of concept: The system is vulnerable.

And because that was not the only attack vector, intel discontinued the support of SGX in newer CPUs already.

BleepingComputer: New Intel chips won't play Blu-ray disks due to SGX deprecation (https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/)
coricopat
26th August 2024, 22:01
Seems someone has now published the final part of the SGX root keys:
https://twitter.com/_markel___/status/1828112469010596347
LigH
26th August 2024, 22:07
In other words: It was already dead; and the zombie now received the well-deserved headshot.
coricopat
26th August 2024, 22:28
Well, I've never really looked into SGX and how it's (been?) used by software players, but maybe someone knowledgeable can used it somehow for more libre :-)
LigH
26th August 2024, 22:47
SGX is the opposite of "libre", because intel decides what is allowed to run in there.
coricopat
26th August 2024, 22:58
Well if some software player still has servers up and running that distribute AACS keys, but only to code running in SGX, hacking that could help.