.HOME
[How HD DVD Keys Work]
June 24th, 2007How HD DVD Keys Work
AACS contains several parts that have different roles. Some of those have been permanently broken while others have been temporarily “opened”. Calling AACS dead or not dead has no meaning.
The functions of AACS could be divided this way:
Copy protection Modification/Decryption protection Renewability and revocation
Copy Protection
If you can copy a disc and play it (eg burn it on a recordable) then you could say the copy-protection system is broken. AACS tries to prevent bit-by-bit copying by the use of the Volume ID and a secret way its stored on the disc (also using special keys to let the drive give this VID). When it comes to HD DVDs there is now a possibility to create a firmware (for the xbox drive) that would simulate a prerecorded disc (while using a recordable disc). This allows anyone with a burner to copy and play any HD DVD movie. In essence the AACS copy-protection system will be permanently broken when/if this patch comes out. This is the most basic attack: copy and playback only.
Decryption protection
If you can decrypt a disc you can also copy it (of course). But being able to decrypt a disc is a more severe attack on AACS. Because it also allows you to modify the content (like removing commercials/changing menus/re-authoring etc) and perform playback in (for example) Linux or an open source player.
In order to decrypt a disc you need the keys the content is encrypted with. These we usually refer to as Volume Unique Keys (although technically VUKs give Title Keys which are used to decrypt the content but this amounts to the same thing). What is important is that VUKs cannot be revoked. In other words: once we have a VUK for a disc then the AACS decryption-protection is broken for that disc. AACS cannot undo this.
So how can we get VUKs?
There are several ways to get VUKs for discs. But none of them are permanent solutions for retrieving all VUKs for all discs (released in the future).
Get the VUKs out of “old” versions of a Software Player Get a Volume ID (unique per movie) and a Processing Key (unique per MKB version) and calculate the VUK.
The first method will expire quickly: we can now use WinDVD to retrieve VUKs out of its memory. But when new discs come out they won’t work with this old version of WinDVD so you would have to install a new version. Therefore making this method obsolete for new discs.
The second method requires not one piece of information (like taking a single VUK out of the memory of WinDVD) but two pieces of information. We have several techniques now for a drive to reveal the Volume ID of a disc. So this part of the method is permanent. However the Processing Key will change every time they change to a new MKB version. And since we also need this second piece of information to calculate a VUK for a disc we always need to get the new Processing Key out of some player (whether its a Software Player or a standalone). The Processing Key (or better a Device Key) is very powerful though: if found it makes it possible to decrypt all discs released so far (assuming we can also retrieve the Volume IDs of those discs).
Renewability and revocation
With renewability I mean the ability for AACS to use new keys for new discs. This is still intact and will probably never be broken. This creates (for us) the necessity of finding a new Processing/Device Key each time they change to a new MKB version (which they will do in April/May) on new discs.
Revocation is basically for “getting back” at those who try to open AACS (that would be us ). Revocation only has real meaning if something unique is revoked. So if I where to use a standalone and reveal the keys then they can simply revoke my standalone meaning it won’t play new discs. There is also the matter of tracing (sequence keys) but thats just for making it possible for them to identify the standalone/player used when somebody releases its keys or content itself (read: pirates) decrypted with this player. We have been speculating how to permanently disable this tracing system and if we’re lucky this could be done using a reasonable amount of volunteers.
Retrieved from arnezami from Doom9
 |
Loading ...
