DVD security group says it fixed flaws

Discussion in 'AnyDVD HD (Blu-ray issues)' started by tehloxely, Apr 10, 2007.

  1. tehloxely

    tehloxely Member

    http://news.yahoo.com/s/ap/20070409/ap_on_hi_te/dvd_security

     
  2. Octavean

    Octavean Well-Known Member

    It should be noted that aside from the technical aspects of AACS and software vulnerabilities due to poor or sloppy coding,…

    There is a very real legal leverage that can be used against companies like Corel Corp / InterVideo, Cyberlink, Nero or any other company that makes such software if they do not comply with the wishes of the powers that be within what they perceive to be a timely manner. They really can be called upon to implement a great many things that they themselves may not necessarily wish to implement at a level of cost and effort that they may not wish to expend.

    For example:

    Lets say that it has been decided that in order to curb the use of illegal copies it would be advantageous to disallow playback of HD DVD / BD files from a computers hard drive thus only allowing playback of compliant respective HD DVD discs and BD discs (protected or unprotected). Then in all likelihood, like it or not, the companies that make such software will comply in a compulsory manner and they will probably do so in lock step.

    In much the same way that screen captures are disallowed with HD DVD and BD playback software for “security reasons” they can impose other restrictions like the above which would seem to be very effective for most officially unapproved of usage,…. to a point and for a time.

    It probably doesn’t matter what InterVideo, Cyberlink, Nero or any other such company wants for their software in HD DVD and BD modes. As long as its profitable (and they don’t get caught between a rock and a hard place by a bug that they themselves cannot fix without a complete recode) these companies probably will not step out of line.
     
  3. Charlie

    Charlie Well-Known Member

    AACS revokes released HD-DVD and Blu-ray keys

    I saw this another nice find.

    http://tech.monstersandcritics.com/...AACS_revokes_released_HD-DVD_and_Blu-ray_keys

    AACS revokes released HD-DVD and Blu-ray keys

    In December 2006, a member of the Doom9’s forum (named Muslix64) released code that would allow a person to copy HD-DVD and later Blu-ray movies. Many claimed Muslix64 did not truly break AACS at that time, because the ‘hack’ only went after the player. On the same forum, in February, a user named Arnezami posted the details and research, but more importantly, the processing key that allowed free copies to be made of any HD-DVD and Blu-ray disk. AACS DRM protection was broken completely.

    Shortly after Arnezami’s discovery and the news surrounding it, the AACS-LA, the ones responsible for the DRM used on HD-DVD and Blu-ray released a statement about the reports of the encryption being busted wide open.

    “Regarding the reported attacks on 2/13/2007, AACS has confirmed that an additional key (called a “processing key”) has been published on public websites without authorization. This is a variation of the previously reported attack (a compromise of a specific implementation) on one or more players sold by AACS licensees. Although a different key was extracted, this represents no adverse impact on the ability of the AACS ecosystem to address the attack. All technical and legal measures applicable to the previously reported attack will be applicable against this attack as well.” –AACS statement

    It would appear that now the action taken was to revoke the published keys, which invalidates the methods used to break the encryption. “In response to attacks against certain PC-based applications for playing HD DVD and Blu-ray movie discs, Advanced Access Content System Licensing Administrator, LLC (“AACS LA”) announces that it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software,” said the AACS LA over the weekend.

    The AACS advised consumers to check with the manufacturer of their player to get any of the needed updates compatible with the new keys issued on the newly released movies. Corel was one of the first to announce an update and release a mandatory patch to fix the cracked processing key.

    In a news post on the InterVideo website, a letter to the public announcing the update was posted including a strong warning for those who would choose to skip the update.

    “To our valued InterVideo WinDVD Customers, Today Corel is releasing an important new security update for InterVideo WinDVD. Our decision stems from recent reports that hackers have illegally obtained certain software licensing keys and have used them to duplicate copyrighted content without prior authorization. Corel takes this situation very seriously. We have been working closely with our partners and other industry organizations to ensure we take the steps necessary to prevent copyright infringement from happening in the future.”

    The warning that came after is what caused a ruckus on several websites and forums, “Please be aware that failure to apply the update will result in AACS-protected HD DVD and BD playback being disabled.” That led people to believe that, if they did not update that the ability to play HD-DVD movies or Blu-ray, would be lost to them. This is true only after the new disk with an updated Host Revocation List (HRL) is placed in the drive and played. If the HRL on the new disk is newer than the one on the player, the player will refuse. This is explained in the specs for the AACS in section 4.8. (AACS Introduction and Common Cryptographic Elements)

    What do the users like Arnezami, and the others on Doom9, the forum where the cracks first gained attention, think about the loss of they keys. Will this prevent the known methods of breaking the encryption form working?

    “They cannot revoke this hack. No matter how many Private Host Keys they revoke, we will still be able to get Volume IDs using patched Xbox 360 HD DVD drives. Of course some measures must be taken to make sure a patched drive will not be identified as such and revoked (in theory they could make new versions of WinDVD and PowerDVD ‘examine’ your patched drive and if confirmed to be hacked they could (in theory) "call back home" and tell the AACS LA who can revoke your drive). But by simply reflashing the drive (with the original firmware) after getting all your Volume IDs (or making this feature stealthy) this will not be an issue at all,” said Arnezami on Doom9.

    If the patches and revocation of the keys help stem the loss of the DRM protection, then the AACS will have won in the ongoing fight to prevent piracy. However, if the claims on Doom9 are true, then this is just a minor setback. In the meantime, WinDVD owners might want to patch the players just incase.
     
  4. Octavean

    Octavean Well-Known Member

    Right but the $64,000 question here is how does this truly effect AnyDVD HD and its effectiveness.
     
  5. matchstick

    matchstick New Member