No, AACS Was Not Cracked

All that happened was the method Cyberlink to decrypt AACS used was
semi-compromised.  Their implemention kept the key in memory, a key
which is needed to legally decrypt the content protection.  What is likely
going to happen is that specific key will be revoked, and Cyberlink
will have to issue an update in order to play newer titles.  CSS didn’t
have a good way to revoke the keys, AACS does.

Waiting to see what Cyberlink and AACS said happened, but I don’t see that AACS was cracked.

Read below for more…..

Update (1/1/07): Cyberlink
Responds to Alleged AACS Crack

Edit 2:  Roundup

From various other sources, here is a basic roundup of what most people believed has happened.   The software released will decrypt AACS when presented with the Title Key from the specific HD DVD title.  The tool doesn’t find the Title Key for you, however PowerDVD leaves the Title Key unencrypted in key.  DO a memory dump and you should (I guess, yet to really be proved) find the Title Key.  At this point the tool does exactly what is printed in the AACS documents.  Cyberlink will likely release an update to stop the key from being kept in memory unencrypted.  After that update has been published, I think their device key could be revoked.  This would mean newer releases would not play without an additional update.  Problem solved.

Anyway you look at it, AACS was not hacked or cracked.  AACS is still intact, what’s not intact is Cyberlink’s method for decrypting AACS.  I don’t see Cyberlink being allowed to leave this unpatched.

Update (1/1/07): Cyberlink
Responds to Alleged AACS Crack

Digg Edit: Hey guys,

I didn’t expect this to get
dugg, not like it’s really backed up by anything (I guess shows the
power of Digg to pick up random stories). I wouldn’t classify myself as
a great source of information on this, it’s just my thoughts.  Feel
free to digg it down or whatever, just quick thoughts of mine after I
watched the video.

I’m sure AACS and Cyberlink will be out with
more information in the next week or so.  Until then, there isn’t going
to be that much “real” news about it.

Happy New Year and watch the comments and Digg for more. 


Update (1/1/07): Cyberlink
Responds to Alleged AACS Crack

var dc_UnitID = 14;
var dc_PublisherID = 11967;
var dc_AdLinkColor = ‘6699cc’;
var dc_adprod=’ADL’;

22 thoughts on “No, AACS Was Not Cracked

  1. Will be interesting to see what happens when they start to revoke keys. What if I falsely claim that I cracked a box and can get the keys needed to copy a movie? What does it take for them to revoke keys? A rumor or hard evidence?

  2. No system that allows private keys to be stored in the clear in memory will be resistent to this attack, it was interesting that the guy only needed 3 days to get it done and release alpha code. TPM’s need to be used to generate the keys although at some point that key needs to be loaded in memory so I can’t see a watertight way around it.

  3. The claim was never that it was cracked. To have it cracked they would have had to break the actual encryption. It was claimed that it was hacked, which implies a way around the DRM, and not that the DRM had been defeated entirely. But in the end we do have a proof of concept that shows there are flaws in AACS. And yes the key will propably be revoked. That’s one of the “features” of AACS. But now that it has been done once, it can be done again from a different player. And it’s only a matter of time till the hardcore hardware hackers start hooking up logic analyzers to the set top HDDVD players to get those keys. What will end up happening is that as more and more players are hacked, hollywood will have to revoke more and more keys, which in turn will piss off more and more innocent consumers. Eventually the public outcry about disabled players will make them stop revoking keys, and if they don’t stop revoking keys people will just stop buying it.

  4. Wrong! What happened was that the TITLE KEY was found in memory. Not the player key.

    AACS’s Revocation method won’t do a damn thing. Those titles that have been released are compromised, now and forever. If you have the title key, then you can decrypt the data on the disc directly. You don’t need the player key except for a title you have not read before.

    They could release new versions of the titles with new title keys. But then somebody uses a normal player and peeks in memory again to see the title key and poof, it’s cracked. And the title key has to be in memory somewhere. It’s needed to decrypt the disc.

  5. “Wrong! What happened was that the TITLE KEY was found in memory. Not the player key.”

    I agree, as one can see in the released YouTube video where he even demos the method, it’s all about keys for the actual titles, not about the player. And at least from my understanding of this right now, releasing new title keys have to be hell for the economy involved in doing it versus the ease of re-doing it for a hacker simply by using this very same hacked player again.

  6. Hey guys,

    I didn’t expect this to get dugg, not like it’s really backed up by anything.

    I wouldn’t classify myself as a great source of information on this, it’s just my thoughts.

    Feel free to digg it down or whatever, just quick thoughts of mine after I watched the video.

    I’m sure AACS and Cyberlink will be out with more information in the next week or so. Until then, there isn’t going to be that much “real” news about it.

    Chris Lanier

  7. This is not the first HD-DVD or Blu-Ray backup.

    Some guys in Germany already automated a frame capture method months ago that works with any software player by pulling the screens out of the video RAM.

    Besides, pro pirates often get the data before it’s even pressed, often before it even hits the big screen. Anything you have made in China, India or Mexico will be copied.

    I can’t believe they’re so backward. To sell something it must show value to the people you sell it to or they will not pay for it. The hardware industry should have learned by now with DCC, SACD, DVD-A, HDMI and the other expensive train-wrecks the RIAA and MPAA have caused.

  8. It doesnt matter if a player doesnt store the Title key in memory, as it was stated, and as the XBOX was hacked by an MIT student, you can intercept the key between the disc and player. All you have to do is figure out which portion of the circuit the key is passing through, and viola.

  9. In french it’s “voila” not “viola”, because “viola” means “raped”… Anyway. I agree with the “Wrong!” comment.

  10. Correct me if i’m wrong but with distributed computing, would it not be possible for some clever coders to create an application which can attempt to discover all the working keys through brute force analysis. everyone could download a client and leave it running in the background much like seti or cancer research p2p clients. these keys could then be published as and when they are discovered.

    Is this sort of thing possible and if so why hasn’t anyone taken a stab at it yet?

  11. Forget about a distributed attack. This is encrypted with AES-128 – you would need bilions of years to crack it with current methods.

  12. Yeah but with computing power hallways on the rise and the introduction of programming techniques to take advantage of the massive computing power of modern graphics cards I think that this insurmountable problem will clear up faster than you might expect. Maybe I’m just an optimist or am I completely delusional. I sometimes get taken up in the hype so maybe my estimates of computing power could be overestimated.

  13. It really depends on your definition of cracked. No, the encryption itself wasn’t cracked. If you have the key you don’t need to crack anything. However, the security of the software was cracked, which goes to prove the old adage that secrets stored in software don’t stay secret very long.

    These title keys may get revoked, but that won’t stop other ones from getting discovered the same way. In the end, if you want to stop copying of the media you need to stop distributing it. Personally, I don’t see why the industry doesn’t just provide those of us who only want a backup to keep the kids from destroying the disks with a legitimate way to do that. Then they could devote the legal, political, and industry efforts toward going after the industrialized, government supported bootlegging in China and the rest of Asia and Russia. That’s where the big money is lost, but the industry doesn’t seem to dare to go there, and the U.S. Government and Industry seem too intent on cow-towing to the Chinese government to dare do much about it.

  14. This is nothing but a hoax. To download the sourcecode, the provider asks you to enter 5 lines of access keys, while the field just allows 4. Of course I could pay pay to get: nothing. Haha. Anyone downloaded the programm at all?

  15. I would also like to know what will happen if somebody releases a title key, but won’t tell which player he hacked… Would they revoke all keys?

  16. Totally agree with Otto’s post – this whole AACS thing does not seem to be about protection from pirates. It rather is intended to serve the content producers in a way so they can disable playback on older devices for example (to force people to buy newer hardware) and so on.

    As encryption scheme it is inherently flawed – simply because there is still a need to decrypt disc content with the key supplied on that same disk (very secure ;-)) albeit in magled form. For some people who equiate this to AES encryption cracking – there is really no need. All that has to be done to beat the AACS is to get that title key of the disk. For now it is done via flaws in player software butI can’t see why it could not be done algoritmically later. After all I know of no existing cypher that allows effective “encrypt with one key decode with many” style encryption and that is exactly how title key seems to be encrypted on a disk. And for a software players – as Otto said – the player will absolutely have to keep the decrypted key somewhere (memory or other structure) to decrypd the disk content so it will always be succeptible for attacks like this hack.

    IMHO the only tough way of protection is by using online services that require obtaining decryption keys online (like WM9+ DRM) but I can’t see that happening in standalone consumer boxes.

  17. Everyone is *assuming* that Cyberlink’s PowerDVD is the source of the key being found in memory, but there is no evidence of that!

    The assumption comes from the fact that in his YouTube video this cracker played the dumped video with PowerDVD – but for all we know, he could have used something totally different to get hold of the keys.

    If that source is not identifiable, then *any* HD-DVD release could have it’s key extracted in the same manner. This key could then be used with Muslix’s program to extract the unencrypted file and put it on the ‘net! So yes, OK, the encryption has not been broken exactly, but its been circumvented – and that’s all that might be needed!

  18. Hey guys…Seeing that software players do exist, extracting Title keys should not be out of the realm of possibilities. For this purpose, i have started a website that will eventually list title keys that have been compromised.

    Check out … Before you flame, there is obviously nothing of importance on it yet. I am hoping to also include compromised device keys(i probably wont publish these right away).

  19. Do I get this correct?

    All pressings from a particular master are identical to each other. So all discs of the same title from the same master have the same title key.

    But (subject to key revocation) any disc will play on any player. Which suggests a single algorithm to decrypt the title key. If you change the algorithm, then all discs made prior to the change will not work, and if you revoke the title key, all discs of that title made before the change will not work. (Those sorts of revocations do not sound like viable business models to me.)

    Which suggests that to totally crack aacs, you need the title key algorithm, plus programs like the one released recently – all the rest of the content protection system is then by-passed.

    That all seems a bit too easy to me.

  20. if you read his letter he mentions the volume key is not encrypted or proected that should give you an idea of how he did it plus how hard is it to reverse anything like that not very

Leave a Reply

Your email address will not be published. Required fields are marked *