That didn't take so long ... HD & Blu-ray DVD now completely cracked

[Yousuf Khan]

HD DVD and Blu-ray Now Completely Hacked, Cracked, Sacked - Gizmodo
http://gizmodo.com/gadgets/home-ent...w-completely-hacked-cracked-sacked-236213.php

 

[The Lone Gunman]

: HD DVD and Blu-ray Now Completely Hacked, Cracked, Sacked -
: Gizmodo
:
http://gizmodo.com/gadgets/home-ent...w-completely-hacked-cracked-sacked-236213.php

That's just f**kin great! I've always loved the Doom forums (been following
them since around the year 2000) and am a TOTAL anti-DRM believer. No, I'm
not a pirate, just your average Joe who believes backup copies of your
**purchased** movies (whether DVD, HD DVD, or whatever) is your "god-given
right." To hell with both the MPAA, RIAA, and for that matter the U.S.
government and their bullshit DMCA (digital millennium copyright act).

 

[The Lone Gunman]

: HD DVD and Blu-ray Now Completely Hacked, Cracked, Sacked -
: Gizmodo
:
http://gizmodo.com/gadgets/home-ent...w-completely-hacked-cracked-sacked-236213.php

This is completely OT, but here's the history in the making:
--------------

Wooow. I think I did it.

Processing Key found!!!

More info later.

To be sure I need to confirm my finding. I need the following (from anybody
with a HD DVD disc):

1) - Movie Title (not King Kong please )

2) - The Verify Media Key Record in the MKBROM.AACS file. It starts with 81
00 00 14 followed by the 16 byte Record. In my case this it at Offset
00000120h. Here is mine:

Code:
81 00 00 14 87 B8 A2 B7 C1 0B 9F AD F8 C4 36 1E 23 86 59 E5 7F 00 00 xx3) -
The first C-Value in the MKBROM.AACS file (also called Media Key Data). It
starts with 05 00 20 14 (the 20 14 could be different but is probably the
same) followed by the first 16 byte C-Value. In my case this it at Offset
00004376h. Here is mine:

Code:
05 00 20 14 6D 02 CA C6 7B 1A 7E 95 C2 16 EF D4 C9 28 09 CF D3 CE 9A DCIf
you react quickly I can check if the Processing Key is really valid (for
multiple discs).

Yeah I'm happy...
----------------------------------

1.) The Departed
2.)
Quote:
FF 29 11 E9 96 16 5D 97 29 2D BB A0 3C A9 0D E0

3.)
Quote:
68 07 C3 23 7E 18 6F 7F BC 78 E2 DC 26 C5 84 0B

Hope that helps.

EDIT: Here's another disc just for kicks.

1.) Spy Game
2.)
Quote:
7C AD 1D 65 D5 9E C1 67 A7 96 E5 C2 13 23 08 22

3.)
Quote:
59 28 94 3F 5C 09 19 2C 8D 54 0A 77 45 BE 3E 6D

Last edited by Eeknay : 11th February 2007 at 14:06.

----------------------------------

Quote:
Originally Posted by Eeknay
1.) The Departed
2.)
3.)

Hope that helps.

EDIT: Here's another disc just for kicks.

1.) Spy Game
2.)
3.)

YES YES YES!! It works!

I'm going to take some rest now (I need it ). But will tell all later.

Here is the Processing Key which should work on all HD DVD discs (and maybe
even Blu-Ray discs) released so far:


Code:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0Save it. Store it.

Regards,

arnezami

PS. As explained before in order to get a VUK you now only need a Volume ID
(which should be fairly easy to get or even to guess...).
-------------------------------

Indeed a real breakthrough!!

Congrats everybody for the thrill of witnessing how DRM was defeated.
February 11, 2007 is a day to be remembered.
I predict that movies will one day be liberated without DRM and we are all
going to loose all the fun and excitement.
Fairuse wins!!


PS. As in LOR, this is the KEY(RING) to conquer all!!
Now, we have to find the processing key for blueray to help out HD-DVD
market position. Movie studios may just stop releasing new movies on
HD-DVDs. There should be a level playing field for the competing formats.


Fin

 

[Gnu_Raiz]

: HD DVD and Blu-ray Now Completely Hacked, Cracked, Sacked -
: Gizmodo

PS. As explained before in order to get a VUK you now only need a Volume ID
(which should be fairly easy to get or even to guess...).
-------------------------------

Indeed a real breakthrough!!

Congrats everybody for the thrill of witnessing how DRM was defeated.
February 11, 2007 is a day to be remembered.
I predict that movies will one day be liberated without DRM and we are all
going to loose all the fun and excitement.
Fairuse wins!!

PS. As in LOR, this is the KEY(RING) to conquer all!!
Now, we have to find the processing key for blueray to help out HD-DVD
market position. Movie studios may just stop releasing new movies on
HD-DVDs. There should be a level playing field for the competing formats.

Fin

wink.gif
1KViewDownload

I am waiting for the response from the studio's, do they want to start
revoking keys regardless of the consequences? Or will they push more
TPM on motherboards try to implement more DRM?

The next few months should be very interesting, I could see the EU
really making a difference as they are starting to come around about
music DRM, if only they would focus their ire against the right people
the music companies. This could have the side effect of pushing more
studios to an online model, I could see in the future of online
release first followed by retail copies.

Gnu_Raiz

 

[Yousuf Khan]

I am waiting for the response from the studio's, do they want to start
revoking keys regardless of the consequences? Or will they push more
TPM on motherboards try to implement more DRM?

The next few months should be very interesting, I could see the EU
really making a difference as they are starting to come around about
music DRM, if only they would focus their ire against the right people
the music companies. This could have the side effect of pushing more
studios to an online model, I could see in the future of online
release first followed by retail copies.

Gnu_Raiz

I wonder if revoking the keys is going to work at all anymore? It looks
like with this technique, all anyone has to do is wait for the
processing key to appear in memory, and they have it again (albeit,
easier said than done). No matter how many keys they revoke and reissue,
they will always lose it.

Yousuf Khan

 

[gaffo]

: HD DVD and Blu-ray Now Completely Hacked, Cracked, Sacked -
: Gizmodo
:
http://gizmodo.com/gadgets/home-entertainment/hd-dvd-and-bluray-now-co
mpletely-hacked-cracked-sacked-236213.php

That's just f**kin great! I've always loved the Doom forums (been
following them since around the year 2000) and am a TOTAL anti-DRM
believer. No, I'm not a pirate, just your average Joe who believes
backup copies of your purchased movies (whether DVD, HD DVD, or
whatever) is your "god-given right." To hell with both the MPAA,
RIAA, and for that matter the U.S. government and their bullshit
DMCA (digital millennium copyright act).

YA!!!!!!!

now I can buy HD!!

no comment on the piracy topic................

I do rent however...........

--

 

[Evgenij Barsukov]

I wonder if revoking the keys is going to work at all anymore? It looks
like with this technique, all anyone has to do is wait for the
processing key to appear in memory, and they have it again (albeit,
easier said than done). No matter how many keys they revoke and reissue,
they will always lose it.

Yousuf Khan

Of cause this shows a fundamental limit of security that can be implemented
in a PC. PC does not have a secure memory, period. That itself says that
NO protection scheme in the PC can be secure even theoretically.

To have a secure protection scheme in a device, it requires a memory space
that is not accessible by any processes outside the CPU micro-code, e.g. secure
memory. That means micro-code itself would have to do all the decrypting,
authentication etc. Obviously this memory space has to be factory programmed, or at least
a seal code has to be factory programmed which allows access to programming
the secure memory.
None of these exists in a PC architecture, so as long as something is
PC-playable, it is not going to be secure (until this architecture is changed).
To change this architecture is not going to be easy of cause, it would conceptually
obsolete most of existing software.

Most important, every software installation would require to have a
hardware component with its own secure memory that has to be securely(*)
attached to the processing unit to program secure
memory with the new description code specific for this new software.
"Securely attached" means excluding external monitoring of communication
lines to steal the software decryption key, which is fundamentally possible only with QM
cryptography. Good enough approximation (which does not need a hardware
component) might be public-key cryptography with the software
decryption key being encrypted with the public key of the "internal"
recipient (e.g. micro-code in CPU) while secret key is factory programmed
in the secure memory of CPU and allows the micro-code to decrypt the software
key.
Unfortunately this "internal" secret key would become
a holly grail of the whole system which is now more difficult to compromise
because it is in secure memory, but considering its uniqueness to entire
architecture of the world PCs, it could still be eventually compromised by
hardware attack or social engineering attack. It is just not right to
center security of the whole system around one key. Which brings
us back to QM-cryptography and hardware modules coming with each software.

Anyway, I think copy-right concept that was initially intended for protecting book
publishers from competitors copying their products have been incorrectly extended on
private activities people themselves involve with. This resulted in
creating an artificial monopoly on content distribution (which should actually
be competitive and as wide open as possible) instead of solving
actual problem of compensating content creators. So, if the means on
maintaining this unproductive state-sponsored monopoly are being
cracked, why should I care. But the problem of securing the content
in a PC still remains interesting topic in itself.

Regards,
Evgenij

 

[Robert Redelmeier]

Of cause this shows a fundamental limit of security that can
be implemented in a PC. PC does not have a secure memory,
period. That itself says that NO protection scheme in the
PC can be secure even theoretically.

Perhaps you should define what you mean by security before making
such absolute statements. Security implies a threat, and there are
many different types of threat. So security is a vector, not a scalar.

As for x86 IBM PC compatible architecture, I agree RAM is not
secure against threats from the PCI or other busses. Page tables
and other CPU-side protection doesn't operate, and a hostile device
(or more likely friendly device with hostile programming) can easily
snoop whatever it wants. Think a trojan or worm that accesses an
ethercard's busmastering. A decent OS would prevent this.

To have a secure protection scheme in a device, it requires a memory space
that is not accessible by any processes outside the CPU micro-code, e.g. secure
memory. That means micro-code itself would have to do all the decrypting,
authentication etc. Obviously this memory space has to be factory programmed, or at least
a seal code has to be factory programmed which allows access to programming
the secure memory.
None of these exists in a PC architecture, so as long as something is
PC-playable, it is not going to be secure (until this architecture is changed).

I believe that devices such as SmartCards and other dongles are
within "PC architecture" and conceptually reasonably secure.

Of course various debuggers can bypass this security, especially
if it is poorly implemented (one-time check). But then the
question becomes the value of the prize, and whether such
a valuable asset (worth running royalties) should be on any
customer system rather than a controlled compute server.

More paranoia doesn't make up for misplaced paranoia.

-- Robert

 

[Yousuf Khan]

Of cause this shows a fundamental limit of security that can be implemented
in a PC. PC does not have a secure memory, period. That itself says that
NO protection scheme in the PC can be secure even theoretically.

There was some talk in the original Microsoft Trusted Computing
Platform/Palladium specs for a secure memory scheme. It seemed
unbelievably complex, and performance-sapping. I guess this stuff never
made it into the DRM that we did eventually end up with.

Yousuf Khan