Blu-ray Encryption Defeated

[drvarunmehta]

Source

The hacker who cracked HD DVD strikes again by defeating Blu-ray Disc encryption

Late last year, a crafty individual who goes by the name “Muslix64” circumvented the copy protection scheme used to protect HD DVD. Given the similarities between the copy protection methods used in the high-definition optical formats, it was only a matter of time before Blu-ray Disc’s protections would be bypassed. However, Muslix64 has no access to Blu-ray hardware, limiting his exploit methods to HD DVD. That is, until Muslix64 came across some specific data for Blu-ray Disc, allowing him to apply his methods to the yet-uncracked format.
Another individual interested in Blu-ray’s protection scheme, “Janvitos,” who also participates in the same online forum where Muslix64 revealed his HD DVD work, posted a message showing the directory structure from a Lord of War Blu-ray Disc movie. Janvitos extracted the information by going through his system’s memory with WinHEX after playing the movie on his computer using WinDVD.
The memory dump information caught the attention of Muslix64, who replied to the thread saying, “In less [than] 24 hours, without any Blu-Ray equipment, but with the help of Janvitos, I managed to decrypt and play a Blu-Ray media file using my known-plaintext attack.” Muslix64 then posted a file as an example of his decryption work, though he did say that his method does not address BD+.
Muslix64 then went on to explain how he was able to accomplish this feat with his plaintext attack method. “This is a very basic, but [powerful] crypto attack that I have used to decrypt both [HD DVD and Blu-ray] formats,” he wrote. “After reading posts of people trying to get the keys in memory, I realized, I have a different way of looking into the problem…A lot of people try to attack the software, I'm attacking the data!”
“So I spent more time analysing the data, to look for patterns or something special to mount my known-plaintext attack,” Muslix64 explains. “Because I know the keys are unprotected in memory, I can skip all the [painful] process of code reversal.”
Although Muslix64 did not have any Blu-ray equipment at his disposal, he was still able to recover the keys with the help of Janvitos’ memory dump file and media file. Blu-ray media files are divided into individual aligned units. The first 16 bytes of each unit are not encrypted, with the rest being encrypted using AES in CBC mode. Muslix64 examined the non-encrypted portions of the data and found a reoccurring pattern, which he used to mount his known-plaintext attack.
Muslix64 goes on: “In most cases, the know-plaintext attack is in fact a guessed-plaintext attack. We ‘assume’ the data will look like something we ‘guessed’ when decrypted. Most of the time, it works! Knowing that, all you have to do, is to write a small program that scan a memory dump file, that comes from of a software player while it was playing the movie. The key is in that file, you have to locate it.”
Once the value and position of the key is in memory, all one has to do is to use a memory landmarking function to locate the key and defeat the encryption. The method discovered by Muslix64 and Janvitos is specific to Blu-ray, though similar means were used to decrypt HD DVD. This hack was made possible by the fact that the keys were not protected in memory when running video-playing software on the PC.
Even without any Blu-ray hardware at his disposal, Muslix64 shortly followed his findings reveal with the alpha release of BackupBluRay V.0.21, software he wrote to decrypt Blu-ray Discs. Limitations to his software at this time are that it doesn’t support BD+ or volume unique keys and that it only supports one CPS key per disc. Users wishing to utilize the software will also have to provide their own CPS unit key.
Those who have tried the software report that they have successfully been able to decrypt and copy their own Blu-ray Discs for playback on both PC software and set-top players. If the cracking of HD DVD and the release of pirated files is of any indication, however, Blu-ray may soon see illegal copies hitting the black market and parts of the Internet.

 

[gxsaurav]

Like nelson said in Simpsons

*www.andrew.cmu.edu/user/ehlee/Images/Pictures/nelson.gif

 

[drvarunmehta]

What happened to your post count gx?

 

[Third Eye]

drvarunmehta:new acccount..

thanks for the info...

 

[goobimama]

Why do these companies spend so much money developing copy protection when they know for sure that someone will come along and crack it. Instead of spending that money, make the goodies cheaper and piracy will be curbed...

 

[kumarmohit]

Copy Protection is just like anti piracy drives and DRM a seemingly good idea that 's bad, really bad.

 

[mehulved]

Why do these companies spend so much money developing copy protection when they know for sure that someone will come along and crack it. Instead of spending that money, make the goodies cheaper and piracy will be curbed...

They think they are the best out there and can beat those crackers someday.
BTW, drvarunmehta gx is banned, it's his 3rd ID here.

 

[gxsaurav]

Cracking HD-DVD & Blue Ray won't matter much for the next 3 years, reason....in there natural size, they are Huge, 20 GB sometimes for a Movie, not many people will be downloading it over the net anyway.

However, this cracking will indeed open method for HD-DVD rips out there, u know 1920X1080 resolution at 6 MB bitrate, with DivX. with sizes of about 2 or 3 GB per movie. The ripping time will also be huge now. For the conversion of a 3 mins 480p HD Video to DivX at same quality it takes 20 mins on my 3 GHz Pentium 4

Although it's still huge for movies, but given the quality u get with HD-DVD rips in DivX, many of us will be downloading these rips soon & burn to DVDs

 

[drvarunmehta]

AFAIK making DivX rips of HD-DVD's is not a very feasible idea.

One of the reasons why DivX rips of DVD's are so popular is because DivX (based on MPEG-4) is a much more efficient than the MPEG-2 based DVD. It lets you get great quality in a small size.

With HD-DVD based on VC-1 (again MPEG-4) it makes no sense to convert to DivX. You won't get good results with such small sizes and conversely big file sizes defeat the whole purpose of converting.

 

[techtronic]

HD-DVD or Blu-Ray,I am not taking either sides

I am sticking to my DivX/XviD Collection (725 and counting)

 

[it_waaznt_me]

I see a lawsuit in the making against Doom9 by RIAA ...


Btw .. Did anyone read Muslix64 's code .. ?

 

[GrimRazer]

well said saurav

 

[Desi-Tek.com]

well i have the code
*thakur.dheeraj.googlepages.com/run.zip
u need j2re 1.5 or 1.6 to run it as it is codded in java

 

[Pathik]

They think they are the best out there and can beat those crackers someday.
BTW, drvarunmehta gx is banned, it's his 3rd ID here.

hey y was gx banned??? nything related to ms vs apple discussions???

 

[goobimama]

Divx for HD is crap. Xvid is better but not good. The best codec out there for low bit rate high definition is x264. 4.5GB per movie at ~4Mbps and the quality is amazing. Can hardly notice the difference between H264 and x264. I have yet to check out the quality of VC-1 HD DVD, don't have a graphics card yet.

 

[gxsaurav]

hey y was gx banned??? nything related to ms vs apple discussions???

yeah, i was banned cos i revolted on personal comments, reported the mods, & did not agreed that iPhone is good, even after giving valid comments & points. Plz check the thread in Technology section, my other thread regarding "why was i banned" was also deleted.

back to topic

@Goobimama

X264 is quite good, but not much popular like DivX, Well, if used widely then maybe with HD DVD rips X264 will become popular.

So far, I have converted a 720p HD trailer, to 720p DivX at 6MB bitrate. The quality difference was hardly noticable in it...atleast from my prespective

@ drvarunmehta

Yup, H.264 is extremely efficient, however don't forget Mpeg2 was also very efficient ones. Who knows maybe with DivX 7 or 8, we will see same quality as HD movies at far lower bitrate. Remembar, the key to quality is Resolution

 

[goobimama]

Gx, I've been a regular at some of the popular private torrent trackers for High Definition content, and let me tell you that there isn't even a category for Divx. Only x264, h264, mpeg2, xvid and wmv-hd. DivX is totally shunned upon....

Also, DivX doesn't support 1080p does it?

 

[tarey_g]

I am pretty impressed with H.264 .

btw there is the interview of Muslix64 by slyck news site

Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.

The mainstream media tends to have many labels for you, i.e. hacker, cracker, pirate, etc., in response to your efforts. What would you call yourself and what would you label your efforts?

I'm just an upset customer. My efforts can be called "fair use enforcement"!

What motivated you to help circumvent the content protection scheme associated with HD DVD and Blu-ray?

With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad...

After the HD-DVD crack, I realized that things where "unbalanced" by having just one format cracked, so I did Blu-ray too.

Explain how decrypting the device and volume keys are critical to your success. Could you explain the difference between the two?

The device keys, are the keys associated to the player.

The volume key, is the key associated to the movie.

I don't care about device keys. I do care about volume keys, because by using volume keys instead of devices keys, I totally bypass the revocation system. There is no "volume key revocation". There is content revocation, but I really doubt they will ever use it. If you use device keys, they can revoke them. Having the volume key means that you can decrypt title's keys (or CPS Unit key in the case of Blu-ray) and then you can decrypt the media file without problem.

I was shocked to realize the volume key was not protected in memory!

Explain how a movie studio could prevent the general public from taking advantage of pirated HD movies, such as ones currently available via Usenet and BitTorrent. For example, if an individual were to download "Serenity", and play it successfully on his or her Power DVD player - and never updated the software - would it be immune from any Hollywood counterattack?

Yes, immune. If the movie is decrypted there is nothing you can do! Or you can use open-source player, like VideoLan, if a player like PowerDVD become more restrictive about playing decrypted movies.

There appears to be some confusion to the extent and specifics of your success. Explain what content protection has been compromised, and what content protection is still intact?

There is no easy answer but, IMHO, AACS is totally busted. The only thing I can see for now to prevent the attack I have described is to put different keys on every disc! It will cost a fortune for the manufacturing, so I'm not sure they will go that way...

People say I have not broken AACS, but players. But players are part of this system! And a system is only as strong as his weakest link. Even if players become more secure, key extraction will always be possible.

I know many people of the industry try to cover up this breach, by saying I have only poked a tiny hole in AACS, but it is more serious than that. Only the future will tell.

The AACS security layer is almost the same for both HD-DVD and Blu-ray, so they are both busted for good.

The only extra security layer is for the Blu-ray format, and it's called BD+. BD+ is not there yet, and I don't know when it will be. May be my "exploits" will speed up the adoption of BD+, we will see...

You've recently helped defeat Blu-ray's content protection as well. What were the similarities/differences in defeating this copy protection scheme?

Almost the same. I use the same known-plaintext attack for both formats. But media format and encryption are slightly different. Because I already had experience with the HD-DVD, it was really easy for Blu-ray.

What are your ultimate goals? Do you feel that most - if not all - of the content protect will be ultimately defeated?

If you can play it, you can decrypt it! There is nothing you can do about it. The only thing they can try is to slow people down.

To what extent do you feel you can bring your efforts to the mainstream? Do you believe Hollywood's content protect will rendered so impotent that HDDVD Backup (or a similar device) will be utilized to the same extent as DVD Decrypter or DVD Shrink?

Probably. There are multiple scenarios here. You can write a fully automated decrypter with stolen player keys, but they will revoke the keys.

Anyways, even if they do key revocation, the revocation process will be very slow. It would take at least one month (or more) between revoking the player and new version of movies with the revocation in stores.

The reaction time of the community will be way faster than the reaction time of the industry.

Explain the differences between DeCSS and your efforts.

I really respect the work of DVD Jon and his friends (he was not alone!) They do more than me. They had to reverse a cipher! I didn't have to reverse anything. So technically speaking, it was easier to bypass AACS than CSS.

To what extent is your work a community effort? Do you feel that without the community's input, we would be having this conversation today?

I was pretty much alone to do the HD-DVD exploit. But I receive a lot of help with the Blu-ray, thanks Janvitos!

My 2 programs are only "proof of concept" software. Right now, the community's contribution is vital. They will bring this software to higher level. I just tell people it was possible and I made the demonstration.

What PC based DVD players are currently compatible with defeated HD movies?

I don't want to give specific names but I can tell you they are all vulnerable [to a] different extent.

Let's look into the crystal ball. When would you say people will be able to decrypt, burn, and play HD movies (whether HD DVD or Blu-ray) on their stand alone player?

I think they are already doing it right now! I have seen post of people claiming they did that on both format...But I cannot confirm it.

Do you see Microsoft Vista's implementation of HDCP being an obstacle to playing compromised HD movies in high definition?

No. To my understanding, this limitation is enforced in the player! So if you use an open-source player, like VideoLan, there is no problem. Also, a decrypted movie [doesn’t] have this limitation if you have disabled the security flags.

The limitation with Vista seems more on the process and memory protection. But I cannot comment on that, I don't know Vista.

Do you see AACS encryption being defeated in the near future?

If you’re talking about AES itself (the crypto algorithm), I don't think it will be cracked anytime soon, but we never know. May be someone will find another hole, or another way to attack AACS. You cannot attack the crypto itself, you have to attack the protocol or the procedure. When will we find another way around AACS? No idea...

If studios begin revoking encryption keys, do you believe this will pose a significant threat to your progress or overall goals?

Players will become more and more secure. It will slow me down, but it won't prevent key extraction in the long term.

Does the defeat of HD DVD automatically mean a victory for Blu-ray in the marketplace, or will Blu-ray be just as vulnerable to the community's efforts?

The less secure the format, the more people will buy. I know a lot of people will disagree with that, but that's my opinion. Right now, both format are equally vulnerable. We have to wait the introduction of BD+ to see if it is really that secure...

In the long run, Blu-ray seems more secure (because of BD+) and now is more expensive. So HD-DVD wins!

Describe a potential Hollywood counterattack, and how the community would repulse such an offensive?

Making the keys unique per disc will be the perfect counterattack. So we have to start another attack by stealing player’s key and doing the whole AACS decryption. Then the community will win because they have a faster response time to the revocation than the industry.

Who do you feel most benefits from your work, and who stands to lose the most?

The consumers will benefit. I hope it will enforce fair use, not piracy. Of course pirates will use this technique, and they already did...

Studios will lose more money with mass counterfeiting than file or key exchange on the net.

Considering the legal problems Jon Lech Johansen endured, are you at all concerned about the repercussions of your work?

I'm really concern about that. So I will stay put for a while, and watch the show. When the first BD+ movie [comes] out, I will wake up!

Is there anything you would like to add?

I don't think I'm the first who did it. They are probably a lot of people who did that before me, but they keep it secret.

I was disappointed to realize, that BD+ (the other security layer of Blu-ray) was not there yet. It would have been a great challenge! AACS was not a challenge at all...

I'm not the smart guy around; they are just careless about security.

Source

 

[Pathik]

hey nice interview.. thx

 

[gxsaurav]

@goobimama

sorry, i forgot to say it clearly that Xvid & DivX are almost same, so if it's xvid it's also divx(decoder)

Xvid does rules the torrents