New AACS crack. This one is undefeatable.

by Rudd-O published 2007/05/02 17:17:35 GMT+0, last modified 2013-06-26T03:24:22+00:00

Remember the HD-DVD processing key that could be revoked? Well, now we can also get volume keys, for free!

Ars Technica has the scoop:

The latest attack vector bypasses the encryption performed by the Device Keys—the same keys that were revoked by the WinDVD update—and the so-called "Host Private Key," which as yet has not been found. This was accomplished by de-soldering the HD DVD drive's firmware chip, reading its contents, and then patching it. Once that was done, the firmware was soldered back onto the drive.

Despite the technical difficulty of performing this hack, it does offer some advantages in the race to beat AACS copy protection. "They cannot revoke this hack," said forum member arnezami, who has been at the center of much of the AACS cracking recently. "No matter how many Private Host Keys they revoke we will still be able to get Volume IDs using patched xbox 360 HD DVD drives."

This was only to be expected. A hardware-based attack, just like the ones we've seen for modchipping consoles. With such a wide network of stakeholders (media conglomerates, consumer electronics companies, sotware developers), the attack surface was just too wide to expect any kind of security not to be broken -- especially when you're "distributing the baby with the bathwater"... er, wrong analogy, I meant "they keys with the media".

I think the implications of the new crack are fairly clear. We're witnessing DeCSS 2.0: louder, bigger, faster, powered by social media. The simple fact that someone is distributing information on how to crack AACS, out in the open, is enough to convince anyone that the DMCA has outlived its usefulness and no longer scares anyone into submission. This time people aren't shutting up.

It bears repeating that this crack and other HD-DVD hacks are of no consequence for professional pirates -- they do not need to decrypt discs in order to copy them. I hope this time the security community gets this message out loud and clear, instead of shelling up and letting the outrageously absurd mainstream message of "home taping is killing music" run free.

And we'll get to watch HD-DVDs in Linux soon enough. Yeah! I can't wait! But, well, first I should get myself an actual HD-DVD player. Or perhaps torrent a few HD movies ;-).

Want to see this story reach Slashdot? Vote for it in the Firehose!

Ars Technica story URL: New AACS cracks cannot be revoked, says hacker. If you want to follow the aftermath of HD-DVD night around the world, in pictures and videos, here you go.