High res HD DVD, see all the detail in all its goodness. http://redmondgadgets.com/Home/tabid/147/BlogId/9/Default.aspx en-US info@santry.com psantry@santry.com Tue, 14 Oct 2008 00:43:36 GMT Tue, 14 Oct 2008 00:43:36 GMT http://backend.userland.com/rss Blog RSS Generator Version 3.4.0.31660 <P>Over at <A href="http://forum.doom9.org/showthread.php?p=924730#post924730" target=_blank>Doom9 Forums</A>, Muslix64; the one who posted a video and information on comprimising the <A href="http://redmondgadgets.com/Home/tabid/147/EntryID/157/Default.aspx">AACS DRM for HDDVD using BackupHDDVD</A>; made a follow up post and provided more insight into his techniques. Some items he points out in his post:</P> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <P>Affirmation 1: You did not break AACS, just the player</P> <P>My comment: I did not break AACS, but I find a way to decrypt movies and I have bypassed all the revocation system.<BR>Not that bad... </P> <P>Affirmation 2: The BackupHDDVD circumvention tool won't last long </P> <P>My comment: As long as insecure players will exist, it will last...<BR>And insecure players will always exist, in fact you can extract keys from any player! Some players are just easier to extract the key from. Being lazy, I prefer to extract keys from an insecure player than a secure one.<BR>And the AACS spec says "Device keys must be protected!" but they did not said that about volume key, fatal mistake!</P> <P>So what is the AACS revocation system good at? It is good for that scenario:</P> <P>Someone post on the net, a tool that do the complete decryption automatically. Off course the program use stolen device keys from an Official player. They (AACS and friends) will eventually get their hands on this program, look at the device keys and revoke them. Making that player unable to play new titles. But the author of this program can pre-extract a bunch of devices keys from different players and release them, one at the time, when the previous one have been blacklisted. The AACS spec says "Device keys must be protected!" so I suppose they put more effort in protecting these keys then the volume key in memory.</P> <P>Affirmation 3: The keys can easily be revoked.</P> <P>My comment: What keys are you talking about? As I stated before, there is no such thing as "title key revocation" and "volume key revocation". If someone publishes only volume keys, there is no way to know from which player these keys where extracted from, making the revocation system useless. They can do content revocation, but to revoke what? All movies before 2007? They can do player revocation, so I will just change the player I'm using, big deal...</P> <P>Affirmation 4: BackupHDDVD is nothing, only one person out of a million have the technical skills to extract keys.</P> <P>My comment: BackupHDDVD is a proof of concept.</P> <P>Picture this:<BR>Few skilled persons can do massive volume key extraction, and send the keys to a central server on the internet. Then, they create an easy to use decryption program, with a nice GUI that do online key recovery. That way, my father and your father can backup movies.<BR>Or they can send the keydb.cfg file on P2P networks (BitTorrent, E-Mule, etc..)</P> <P>See the problem now?</P> <P>Affirmation 5: You can extract keys from software player on personal computer but not on hardware player. </P> <P>My comment: It's easier to extract keys from software player, but it also possible to extract keys from hardware player (the set-top box in your living room!)</P> <P> </P></BLOCKQUOTE> <P>He goes on to say that this is only a proof of concept and he plans on releasing a version for the masses.</P> http://redmondgadgets.com/Home/tabid/147/EntryID/178/Default.aspx info@santry.com http://redmondgadgets.com/Home/tabid/147/EntryID/178/Default.aspx#Comments http://redmondgadgets.com/Default.aspx?tabid=147&EntryID=178 Wed, 03 Jan 2007 06:00:00 GMT 0 http://redmondgadgets.com/DesktopModules/Blog/Trackback.aspx?id=178