For those who have been living in bomb shelter, there is currently a format war to become the de facto HD Video disc between HD-DVD and Blu-Ray. Currently, the struggle for market share has become less decisive than the original VHS and Betamax format war.
So far there are no clear winners in the format war despite what each company claims. Sony claims that their blu-ray technology is winning the war by pointing to sales figures of their Playstation 3, the number of blu-ray discs sold by retailers, and their studio exclusives while Toshiba claims their HD-DVD format is winning out because they are selling HD-DVD players at low prices, bundling their HD-DVD releases with DVD versions, and having the support of major American porn studios. However, one major factor that isn’t taken into consideration is the format’s ability to deter piracy with DRM encryption.
Recently, several technology encryption experts or better known as hackers were able to test the formats security by successfully cracking the HD-DVD’s processing key to unlock all relevant data from the movie discs. Here is a song about the string of characters that can easily unlock an HD-DVD for mass consumption:
For those who are curious the song’s lyrics are actually ” 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0“ which happens to be the same string of code that is driving the Advanced Access Content System Licensing Administrator, LLC (AACS LA) apeshit. This is why AACS sent a legal threat to google to ceast and desist discussion of this security hole in HD-DVDs:
Re: Illegal Offering of Processing Key to Circumvent AACS Copyright Protection http://uscpwned.blogspot.com/2007/02/holy-grail-located-hd-dvd-and-blu-ray.html
Dear Google Inc.
We represent Advanced Access Content System Licensing Administrator, LLC (AACS LA), developer, proprietor and licensor of the Advanced Access Content System (AACS). AACS is an integrated set of technological protection measures that controls access to and prevents unauthorized copying of copyrighted motion pictures embodied on high definition DVDs.
It is our understanding that you are providing to the public the above-identified tools and services at the above referenced URL, and are thereby providing and offering to the public a technology, product, service, device, component, or part thereof that is primarily designed, produced, or marketed for the purpose of circumventing the technological protection measures afforded by AACS (hereafter, the “circumvention offering”). Doing so constitutes a violation of the anti-circumvention provisions of the Digital Millennium Copyright Act (the “DMCA“), 17 U.S.C. §§ 1201(a)(2) and 1201(b)(1). Providing or offering the circumvention offering identified above, and any other such offering that is primarily designed or produced to circumvent protection measures, or which has only limited commercial significant purpose other than to circumvent, or which are offered to the public with knowledge that it is for use in circumventing, violates the rights of AACS and any others harmed as well. See §§ 1201(a)(2), 1201(b)(1), and 1203.
In view of the foregoing apparent anti-circumvention violations, we demand that you immediately:
1) remove or cause to be removed the above-specified AACS circumvention offering and any other circumvention offering which is designed, produced or provided to circumvent AACS or to assist others in doing so, and/or any links directly thereto, from the URL identified above and from any other forum or website on which you have provided any circumvention offering; and
2) refrain from posting or causing to be provided any AACS circumvention offering or from assisting others in doing so, including by direct links thereto, on any website now or at any time in the future.
Please confirm to the undersigned in writing no later than noon a week from the above-indicated date that you have complied with these demands. You may reach the undersigned by telephone at [private] or by email at [private]@proskauer.com. AACS LA reserves all further rights and remedies with respect to this matter.
Very truly yours,
Counsel for AACS LA
So making excessive threats against bloggers over this poorly implemented encryption scheme isn’t going to stop people from talking about it. It should be noted that many bloggers and a few journalists merely discussed the piece of code that could decrypt HD-DVDs but not the steps to do it. Now what does this mean for HD-DVDs and Blu-rays?
Even so, the new method completely compromises HD-DVD in principle, as it relies on AACS alone to encrypt data, even if there are other parts of the puzzle that are yet to fit together. Blu-Ray has two more levels of protection: ROM-MARK (a per factory watermark, which might revoke mass production rights from a factory but not, it seems individuals) and BD+, another encryption system, which hasn’t actually been used yet on sold disks (but which soon will be), meaning that its own status seems less obviously compromised.
How might the companies respond? The processing key can now be changed for future disks. However, the flaws inherent in the system make it appear easy to discover the replacement: the method of attack itself will be hard to offset without causing knock-on effects. For example, revoking player keys (in advance of obfuscating the keys in memory in future revisions of the system) would render current players unable to view future movies. Revoking the volume and processing keys that have been hacked would mean that all movies to date would not run on new players.
Suddenly blu-ray looks more promising for studios who desire stronger protection of their IP in addition to the relatively greater sales. It is also safe to say that HD-DVD is going to become the new Betamax if they don’t find a way to resolve this situation other than making idle threats to random bloggers or search engines. The problem is already here just from seeing the sheer volume of ripped HD-DVDs available on bittorrent compared to a handful of Blu-ray titles.
There are other links that discuss this security hole in greater detail and I don’t planned on being threatened over it. Besides many of these pages are available on Digg and Google.