New AACS Fix Hacked in a Day

[Sidepocket]

The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs produced yet another skirmish last week, and as has been the case as of late, the hackers came out on top.

The hacker "BtCB" posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key. In true tongue-in-cheek hacker fashion, the hacker posted the 128-bit key as a method of decrypting a small haiku that they placed on the same page, noting that it just might accidentally (wink, wink) be the same key that will decrypt new high-definition discs as well.

The AACS protection method is quite convoluted, and it's worth taking a brief look back at how the cracks have slowly chipped away at its effectiveness:

All the items on the disc itself—the Master Key Block or MKB, the Volume ID, the encrypted title key, and the encrypted content—can be read directly off the disc. The MKB contains multiple encrypted copies of the media key, and when decrypted by unique Device Keys (each standalone player and software player has its own) provides the master Processing Key (Km—the yellow line above). An earlier hack removed the need to find the Private Host Key, so a simple AES-G encryption with the Processing Key and Volume ID is all that is needed to generate the Volume Unique Key (Kvu). The Kvu is then combined with the encrypted title key stored on the disc to create the Title Key (Kt) that can then be used to unprotect all the content on the disc. Some of the first AACS hacks simply read the Kvu directly from memory when running a software-based player such as WinDVD, but mandatory software updates keep closing this loophole.

The AACS LA is not happy about these Processing Keys being released. When previous keys were leaked, the organization vowed that it would remove the keys from the Internet with cease-and-desist orders. Predictably, this only encouraged people to post them more. The whole series of affairs evokes memories of when DVD decryption was all the rage, and the DeCSS code wound up being printed on t-shirts to express the futility of trying to sue anyone who used or even knew about it. The decryption code for AACS cannot fit easily on a t-shirt, but the 128-bit Processing Keys can, and it's clear that no matter how many times the AACS LA revokes old keys, the new ones are going to be found and released.

In the end, the extra money spent developing the intricate and complex AACS system gave hackers a diverting game to play while they went about their work, a game that looks likely to continue. AACS does stop casual copying, but it hasn't prevented unencrypted HD content from being distributed over the Internet. This doesn't mean the AACS LA is giving up, however. Blu-ray discs with a further layer of copy protection called BD+ are rumored to be nearing delivery, which will give hackers more work to do.

http://arstechnica.com/news.ars/post/20070...d-in-a-day.html

Keeps going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and going and...