Some Brief Thoughts on the Recent Crack of the AACS DVD Encryption Mitch Golden Jan 2007 At the very end of 2006, someone with the handle "muslix64" posted to the web a partial crack of AACS encryption, which is used to protect the content of next generation DVDs (Blue ray or HD-DVD). Superficially, this seems to be of roughly the same import as "DVD Jon's" original crack of the CSS encryption on regular DVDs. However, due to its nature, the crack of AACS encryption is likely to have qualitatively different effects - social and technical - from the CSS crack. It appears likely that the situation for the studios is likely to be even worse than currently. Unlike the original CSS crack, you can't use the new one to build a non-approved program that just plays an arbitrary (blue-ray or HD-) DVD. AACS works somewhat differently from CSS: to get at the content of a AACS protected disk, there are more steps. There are encryption keys that the player needs to have in order to decrypt the so-called "title key" that is particular to the DVD and is used to ultimately decrypt the data. Getting to the title key is no simple matter, and built into the standard is a methodology for revoking the player's ability to get the title key if the player is found to be compromised. What muslix64 did is to poke around in the memory of a functioning player program and find out where it keeps the title key as it starts decrypting the video data. Included in his release were several title keys (presumably for all the HD-DVDs he had in his possession.) Once the title key for a DVD is released, the studio is flat out of luck - the cat can never be put back in the bag, and this DVD is permanently readable by anyone, because the revokable part of the decrypting process has been cirvumvented. Of course, one still can't play the DVD in a non-approved player, but one can use a computer to extract the data and make a non-protected high def DVD with it. Even if the authors of whatever program was snooped (and muslix64 didn't say which one it was) make it tougher to find where in memory the key is, this attack is going to be virtually impossible to defend against in the long run. It will pretty much always possible to repeat this sort of attack against other player programs, and over time there will be a library of these title keys available. This will enable the pirates to produce counterfeit DVDs that are playable in an unrestricted way. How is this worse for the studios than the old CSS crack? It's precisely because you now *will* be able to make a pirated DVD without too much difficulty, but *can't* make player that plays the unpirated DVDs (unless of course there's a further crack). No one will file-trade these in their raw, full def form - in HD they're way too big. Even today the regular DVD movies are compressed when they're traded. (And, amusingly, all the crazy hardware-level protections Microsoft is building into Vista to secure a video stream when one plays a protected movie through a non-secure display just amounts to some downsampling - which is anyway what the file-traders pretty much want.) There will, in contrast, be a market for pirate *disks*. I have read that (at least in the case of music) pirate disks are anyway of far greater consequence to the studios than the file traders. And this will be very distressing to the studios. There are lots of people who have HD displays that don't have HDCP inputs (I think that even now most of the HD displays being sold still aren't compatible). Soon, all those people, plus people with Linux or other OSes, Macs too maybe, all those people with old computers, all those who want to watch on their video iPod, etc, will find themselves in this odd position: there will be two kinds of disks available - one legal that doesn't work in their hardware, and one illegal that does. Today, the street vendors make their living selling low-quality pirated disks to people who want to see the movie after it's in the theaters but before it's out on DVD. Today, once the DVD is out, there's no reason to buy the inferior, illegal disk. In the future, however, because of the partial nature of this crack, the illegal disks will be precisely equivalent in terms of content, but superior in terms of playability. As now, they'll hit the market at the same time (or possibly before!) the legitimate disk. But because of their superiority to the legitimate product, they'll stay on the market for much longer. Unlike now, lots of ordinary people will be buying movies from pirates, and they will in the end come to regard it normal. This can only be a terrible situation for the studios. There's an additional interesting likely development: there will be two parallel "Scenes" (AKA darknets). One group of people will extract or otherwise obtain digital content and distribute it, just as they do today. (For the foreseeable future there's little reason for them to bother doing it from the next-generation DVD's, since current DVDs are likely to exist for quite some time.) The new, parallel darknet will be one where the currency is the title keys. (Again, assuming that there's no further crack of AACS.) Running a darknet of keys is way, way easier than running a darknet of video content, since keys are really tiny. The "Key Scene" doesn't require any bandwidth or disk space. I am not aware of the title key length, but it is safe to assume it is of the order of 1024 bits, or 128 bytes. The keys for 10,000 disks would fit on a single old-style 5 1/2" floppy disk. A database of such a small size could be hidden steganographically inside pretty much any other content, or even distributed via dialup. Exactly how these "Key Sceners" are getting the title keys may never be known to the studios. Once the key is extracted, no fingerprint of which player has been compromised in general will exist, and the Sceners are likely to remain quite mum about what they're doing. In such a situation, the studios may not know which players to revoke, and given the high cost to them of revoking the keys (as it distresses potentially large numbers of legitimate users) it's likely that they will be unable to stay ahead of (or even close behind) the pirates.