3GSM is where the fun is | Main | Podcast 4

February 13, 2007

AACS not cracked (again)

Please note, this blog has been archived and now lives at www.discretecosine.com

Another day, another round of misleading headlines (gotta love digg) about the destruction of AACS. I spent some time this morning reading to the specs, so I now have a pretty good idea of what's going on.

The reason for this latest round of headlines is that a new hacker over at doom9, arnezami, has been digging deeper into the different keys used by AACS. Up until this point, if you wanted to make a decrypted copy of an HD-DVD or BluRay disc, you used PowerDVD or WinDVD on your Windows computer, did a memory dump, looked through the dump for the title key, and went about your merry way. Folks have even written tools to make this memory dump / hunt process automatic.

In the long term, this isn't a particularly sustainable solution. The AACS folks will just revoke the device keys for PowerDVD and WinDVD, forcing users to download updated versions. The updated versions will take more care to hide the title key, and despair will spread throughout the pirate community.

With this bleak future in mind, arnezami went investigating alternatives. What he found is the Processing Key, which is essentially an AES'd combination of the device key and the appropriate elements of the Media Key Block. Don't worry if I've lost you, this bit isn't all that important. The processing key doesn't inherently reveal which device key it is spawned from.

The processing key is a major chunk of the decryption process. It is a universal decryption key for all titles, with a big caveat that I will mention later. In order to make use of the processing key, you also need the Volume ID. This is essentially a 128bit string that is unique for each HD-DVD or BluRay title. According to the AACS specs, it should be random, though it appears that many replicators haven't been following this quite to the letter - the Volume ID for Serenity for instance is "SERENITY ". Clever.

Unfortunately, recovering volume ids isn't proving to be significantly easier than recovering title keys at the moment. The volume ID is stored on a special part of the disc which can't be read directly via software. In order to recover it, you have to nicely ask the drive to read it and pass it along. For now, that means using a USB sniffer to watch the bus traffic as your software player retrieves the volume ID. The AACS spec actually has this circumstance accounted for as well, with a specification for bus encryption of the volume ID transfer, but nobody has implemented this process yet.

So, what's this mean? Is AACS destroyed? Afraid not. If someone can come up with a clever, self contained mechanism for retrieving Volume IDs, it may make widespread HD-DVD/BluRay ripping easier, as there won't be any need to hunt for an already decrypted title key. Barring that however, you'll still need to find or be told the volume id before the processing key is of any use to you. At that point, why not just find or be told the title key and skip a few steps?

Truth be told, the only circumstance in which having the processing key is useful is if the AACS folks really don't know which player generated the key, and thusly don't know which player to deactivate. However, since the AACS folks do know all of the device keys that they've assigned, it should be pretty easy for them to calculate all the various processing keys and come up with the renegade player. And even if that weren't the case, I don't think they'd have qualms about just revoking all of the device keys for the software players on the market, forcing an update with better security.

Realistically, AACS will only be truly dead if someone comes up with a master list of all of the device keys (leaked from the AACS folks). The encryption itself isn't under threat - AES with 128bit keys isn't going to be brute forced any time soon. However, if talented hackers can keep making trouble by figuring out ways to rip these discs, it may eventually become cost prohibitive to keep deactivating device keys. When folks start sniffing hardware keys from expensive home theater units, it'll get even more interesting. Maybe it's time to just give up on this DRM thing?

Posted by at February 13, 2007 12:28 PM | News