Tweet
....and reports are it cannot be bypassed;
Register story....
Ars Technikca Link.....
Register story....
The latest crack, once again formulated by the denizens of the Doom9 forums, is said to be immune to key revocation. The hardware hack involves tampering with the HD DVD add-on drive of an Xbox 360 to capture the "Volume Unique Keys", Ars Technica reports.
The key can be extracted after de-soldering the HD DVD drive's firmware chip, reading its contents, and then reconnecting it. The approach bypasses the encryption performed by the Device Keys, so revoking these keys as applied by the WinDVD update. Although the latest approach involves voided warranties and potential solder burns, Ars Technica adds that the ruse takes hackers one step closer to using software to achieve the same ends.
The attack caps a miserable week for the Advanced Access Content System Licensing Administrator (AACS LA), the custodian of the AACS encryption. The organisation has been busy sending out legal nastygrams to websites that published a 32-digit hexadecimal number that represented one of the keys for cracking AACS involved in last month's attack. Predictably the move chiefly served to publicise the infamous number.
Now AACS LA has got an even more serious chink in the armour of AACS to contend with.
The key can be extracted after de-soldering the HD DVD drive's firmware chip, reading its contents, and then reconnecting it. The approach bypasses the encryption performed by the Device Keys, so revoking these keys as applied by the WinDVD update. Although the latest approach involves voided warranties and potential solder burns, Ars Technica adds that the ruse takes hackers one step closer to using software to achieve the same ends.
The attack caps a miserable week for the Advanced Access Content System Licensing Administrator (AACS LA), the custodian of the AACS encryption. The organisation has been busy sending out legal nastygrams to websites that published a 32-digit hexadecimal number that represented one of the keys for cracking AACS involved in last month's attack. Predictably the move chiefly served to publicise the infamous number.
Now AACS LA has got an even more serious chink in the armour of AACS to contend with.
New AACS cracks cannot be revoked, says hacker
Only a few days after Corel issued a WinDVD update to close the hole opened by AACS hackers, the folks at the Doom9 forums sent word that they have found yet another way around the copy protection for high definition discs. This time, the method involved the Xbox 360's HD DVD add-on drive to capture the "Volume Unique Keys" as they were being read by the drive itself. Rather than just point out the crack, we're going to take a closer look at how this crack was accomplished, because one of the hackers involved in the crack says that it's more or less unstoppable.
The latest attack vector bypasses the encryption performed by the Device Keys—the same keys that were revoked by the WinDVD update—and the so-called "Host Private Key," which as yet has not been found. This was accomplished by de-soldering the HD DVD drive's firmware chip, reading its contents, and then patching it. Once that was done, the firmware was soldered back onto the drive.
Despite the technical difficulty of performing this hack, it does offer some advantages in the race to beat AACS copy protection. "They cannot revoke this hack," said forum member arnezami, who has been at the center of much of the AACS cracking recently. "No matter how many Private Host Keys they revoke we will still be able to get Volume IDs using patched xbox 360 HD DVD drives."
In addition to being irrevocable, the hack has the potential to make future decryption even easier. "This hack/technique enables us to figure out how the Volume ID is stored on the disc," arnezami explained. "It's very possible we would figure out [...] how the KCD is stored on the disc. Knowing that and being able to teach a PC drive how to read a KCD will open the door for what I called third-generation decryption."
While this type of decryption (reading keys directly off a PC drive by sidestepping part of the encryption process) is still not a reality, it may not be too far off. The main issue is the cost of purchasing standalone high-def players by the hackers, but as prices for these come down, this problem will slowly go away.
Although AACS has proven much more difficult to fully crack than the copy protection on regular DVDs, it is unlikely to remain only partially cracked for very long. The real problem with trying to create an "uncrackable" copy protection is that the media must come with the keys used to decrypt it somewhere on the device and the media itself. Hiding these keys in different places—security by obscurity—merely delays the inevitable. Of course, for the content providers, any delay is still better than no delay at all, so expect the battles between copy protection and hackers to continue.
Only a few days after Corel issued a WinDVD update to close the hole opened by AACS hackers, the folks at the Doom9 forums sent word that they have found yet another way around the copy protection for high definition discs. This time, the method involved the Xbox 360's HD DVD add-on drive to capture the "Volume Unique Keys" as they were being read by the drive itself. Rather than just point out the crack, we're going to take a closer look at how this crack was accomplished, because one of the hackers involved in the crack says that it's more or less unstoppable.
The latest attack vector bypasses the encryption performed by the Device Keys—the same keys that were revoked by the WinDVD update—and the so-called "Host Private Key," which as yet has not been found. This was accomplished by de-soldering the HD DVD drive's firmware chip, reading its contents, and then patching it. Once that was done, the firmware was soldered back onto the drive.
Despite the technical difficulty of performing this hack, it does offer some advantages in the race to beat AACS copy protection. "They cannot revoke this hack," said forum member arnezami, who has been at the center of much of the AACS cracking recently. "No matter how many Private Host Keys they revoke we will still be able to get Volume IDs using patched xbox 360 HD DVD drives."
In addition to being irrevocable, the hack has the potential to make future decryption even easier. "This hack/technique enables us to figure out how the Volume ID is stored on the disc," arnezami explained. "It's very possible we would figure out [...] how the KCD is stored on the disc. Knowing that and being able to teach a PC drive how to read a KCD will open the door for what I called third-generation decryption."
While this type of decryption (reading keys directly off a PC drive by sidestepping part of the encryption process) is still not a reality, it may not be too far off. The main issue is the cost of purchasing standalone high-def players by the hackers, but as prices for these come down, this problem will slowly go away.
Although AACS has proven much more difficult to fully crack than the copy protection on regular DVDs, it is unlikely to remain only partially cracked for very long. The real problem with trying to create an "uncrackable" copy protection is that the media must come with the keys used to decrypt it somewhere on the device and the media itself. Hiding these keys in different places—security by obscurity—merely delays the inevitable. Of course, for the content providers, any delay is still better than no delay at all, so expect the battles between copy protection and hackers to continue.
Comment