AfterDawn: Tech news

AACS LA talks about cracked keys

Written by Andre Yoskowitz (Google+) @ 02 Jun 2007 19:24 User comments (16)

AACS LA talks about cracked keys Recently, the AACS LA, the group in charge of the AACS copy protection, acknowledged that hackers had been very effective in cracking the protection and have since been trying to restore the integrity of the technology. That being said, the new movie titles shipped with Media Key Block (MKB) v3 were cracked by Slysoft a week before the titles hit retail shelves.
Although an official statement has not been made about the latest round of keys being crakced, Richard E. Doherty, director of technology strategy at Microsoft, and who is also very involved with the AACS LA, took time to talk about the protection and how he still has complete faith in it.

“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,”
explained Doherty, “Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.

The original processing key was cracked in February, but the new MKB wasnt released until May, which left many wondering as to why it took so long. Doherty had this to say about the matter: “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”

That 90 day grace period is done in the interest of the consumer, who could find themselves with retail discs that are unplayable due to software updates.

“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”


Source:
Dailytech

Previous Next  

16 user comments

12.6.2007 21:38

Boo Hoo!

Go cry a river, learn that copy "protection" will always be worthless, and build a bridge that states:
We have given up on wasting millions of dollars creating copy protection that is broken days to a few weeks after its release, from now on we promise to spend the money on more important issues such as sick kids, adoption, the abolishing of diseases in 3rd world contries as well as "regular" contries and many other more important things.

23.6.2007 0:33

well they cant seem to find a way to make more money off dvd's sicne they are copied and so on so they say since they arent making a few extra millions dollars here and there......

33.6.2007 8:43

if they want to have effective copy protection, they need to use a key bigger than what they do. try 512 bit encryption, or even 1024 bit +.

43.6.2007 9:26

Quote:
if they want to have effective copy protection, they need to use a key bigger than what they do. try 512 bit encryption, or even 1024 bit +.
The keys are small, its true, but if they used 1024 bit keys it would take a while to bootup the DVD in the player or PC to watch it. Have you ever surfed one of the few 1024-bit websites out there? Even on a real fast connection it seems pretty slow due to the length of encryption.

I could see hackers coming out with a Folding like program so others could help crack the key at a pretty fast rate if the industry used stronger keys.

However I personally have to wonder that even if the industry used a real strong key that something similar to what first cracked AACS, a small bug in the way a program handled the decryption of the key, would occur anyway and cause the 1024-bit keys (or what ever length they used instead of the micro keys they use now) to be cracked just as fast or just a few days slower.

In the end, as I stated in my first post, I believe they should just abolish copy "protection" and put the money to better uses.

Peace

53.6.2007 14:42

All of this long article just to say that they have a new code up their sleve and they are soo sure that this one is unbreakable. All i have this to say. Lets see how long it takes for hackers to break the code :)

63.6.2007 14:47

One thing I would like to point out I noticed as well:

The Key is on a Disk that isn't released yet, it won't be out for a few days, so instead of being "We have another key that will be broken in a few hours or days" shouldn't they look more into how Slysoft got a hold of the disk probably ten to fourteen days before it hit retail shelves?

Just some food for thought.

Peace

73.6.2007 17:09

Job security for the people protecting the discs if it keeps getting broken.

83.6.2007 19:47

AACS won't be satisfied until every human being on earth is being tracked and monitored 24/7, every day of the year.

910.6.2007 4:05

More copy-protection bullsh1t...

1010.6.2007 9:06
HalfHuman
Inactive

not again! this is pathetic. these guys are just fighting a loosing battle and pretend not to understand that they do. it's a couple of very rich guys against 6 billion people. spend money on something useful to the mankind and not on those stupid protections which are doing harm mostly to paying customers, upsetting them and confusing them even more. enough time wasted already with this subject!

1113.6.2007 14:12

Want some ketchup with those french cries.

1220.7.2007 14:16

Eventually they will get tired of sinking money into a losing campaign. Aren't there some analysts or something who do research on the effectiveness of this technology?

1312.9.2007 8:58

When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies?

This message has been edited since its posting. Latest edit was made on 12 Sep 2007 @ 22:32

1412.9.2007 22:23

Originally posted by elwn7:
When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies?
This message has been edited since its posting. Latest edit was made on 12 Sep 2007 @ 22:32

1512.9.2007 22:44

Originally posted by elwn7:
When they going to start refunding your money on the sorry movies you buy from them. They want you to buy their product without the customer knowing if they like it. Each movie is like a mystery product untill you watch it. They steal your money everytime you buy a promoted movie that you do not like after watching it. Give us a refund if the movie stinks. BUY THE MOVIE TO KNOW IF YOU LIKE IT :) NO REFUND FOR CUSTOMER SATISFACTION What a sweet deal for them. How many times have you been ripped off buying movies?
Do not trust any add that has been inserted in my post

1613.9.2007 8:13

Originally posted by Pop_Smith:
One thing I would like to point out I noticed as well:

The Key is on a Disk that isn't released yet, it won't be out for a few days, so instead of being "We have another key that will be broken in a few hours or days" shouldn't they look more into how Slysoft got a hold of the disk probably ten to fourteen days before it hit retail shelves?
It was the screener.....lol

Anyway, I just love the wording in their statements. The word "attacked" is a favorite. No one is attacking them. Slysoft is a legitimate company providing a service to the consumer. Unless Slysoft is declared by some court that their practices are illegal, they are not attacking anyone. Cry me a river...

Comments have been disabled for this article.

News archive