The New HD-DVD/Blu-Ray Hack

Found on Wired on Tuesday, 13 February 2007
Browse Computer

AACS, a DRM scheme used to encrypt data on HD-DVD and Blu-Ray disks, would appear to be cracked wide open by that short string of hexadecimal codes, as previously, only disk-specific Volume Keys were compromised. The new hack is the work of Arnezami, a hacker posting at the doom9 forums, fast becoming the front line in the war on DRM.

The new crack follows that from earlier this year, when a hacker by the name of muslix64 broke the AACS system as it applied to each movie. While the earlier hack led to 100 HD-DVD titles and a small number of Blu-Ray movies being decrypted one-by-one, the so-called "processing keys" covers everything so far made.

It's not yet clear what it means for the consumer's ability to copy movies, or, for that matter, that of mass-market piracy operations. The short form is that the user still needs a disk's volume ID to deploy the processing key and break the AACS encryption — but getting the ID is surprisingly easy.

How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies.

Never underestimate the power of users who want to copy the content they paid for. Defective by Design indeed.