E
Eeyore
This should amuse Microsoft in view of it happening before Vista's official
release.
Apparently provoked by being unable to watch the HD DVD he'd bought because he
didn't have a 'compliant' monitor 'muslix64' decided to hack it.
On December 26, 2006 a person using the alias "muslix64" posted a utility named
BackupHDDVD and its source code for a working AACS decryptor on the doom9.org
forums. The program is not an exploit or hack per se. Rather it is a tool that
can be used to decrypt AACS protected content once one knows the encryption key.
As such, it is no surprise or indication of vulnerability that such a program is
possible and it can be seen as merely an implementation of the publicly
available standard AACS Guide. However, Muslix64 claims to have found title and
volume keys in main memory while playing HD DVD disks using a software player,
and that finding them is not difficult.[12] Details of how to do this were
revealed later (January 12, 2007) by other doom9.org forum members that also
found title and volume keys of several movies in main memory of a software
player called WinDVD.
On January 2, 2007 "muslix64" published a new version of his/her program, with
volume key support.[1]
Cyberlink, developers of PowerDVD maintain that their software was not used as
part of the exploit.[2]
The claimed attack (extraction of the encryption keys from a software player)
highlights the inherent weakness of software movie players for the PC platform.
The use of encryption doesn't offer any true protection in this scenario since
the software player must have the encryption key available somewhere in memory
and there's no way to protect against a determined hacker extracting the
encryption key (if everything else fails the user could run the program in a
virtual machine making it possible to freeze the program and inspect all memory
addresses without the program knowing). Avoiding such attacks would require
changes to the PC platform (see Trusted Computing) or that the content
distributors do not permit their content to be played on PCs at all (by not
providing the companies making software players with the needed encryption
keys). Alternatively, they could use the AACS system's revocation mechanism to
revoke a specific software player after it is known to have been compromised. In
that case, the compromised players could still be used to break old titles but
not newer releases as they would be released without encryption keys for the
compromised software players requiring hackers to break other players. The
latter alternative is not a desirable option, because it would result in
legitimate users of compromised players being forced to upgrade or replace their
player software in order to view new titles.
On January 13, 2007 "LordSloth" on Doom9 discovered how to grab the volume
license keys from WinDVD's memory. With that discovery, it became possible to
take backup of HD DVDs. Later that day, the first pirated HD DVD, Serenity, was
uploaded on a private torrent tracker.
http://en.wikipedia.org/wiki/HD_DVD#Muslix64.27s_exploit
http://en.wikipedia.org/wiki/BackupHDDVD
In the meantime Vista's first service pack is being prepared...
http://www.internetnews.com/ent-news/article.php/3655931
And the European Comission's being lobbied to declare Vista illegal..
http://www.pcmag.com/article2/0,1895,2087727,00.asp
What a fuss !
Graham
release.
Apparently provoked by being unable to watch the HD DVD he'd bought because he
didn't have a 'compliant' monitor 'muslix64' decided to hack it.
On December 26, 2006 a person using the alias "muslix64" posted a utility named
BackupHDDVD and its source code for a working AACS decryptor on the doom9.org
forums. The program is not an exploit or hack per se. Rather it is a tool that
can be used to decrypt AACS protected content once one knows the encryption key.
As such, it is no surprise or indication of vulnerability that such a program is
possible and it can be seen as merely an implementation of the publicly
available standard AACS Guide. However, Muslix64 claims to have found title and
volume keys in main memory while playing HD DVD disks using a software player,
and that finding them is not difficult.[12] Details of how to do this were
revealed later (January 12, 2007) by other doom9.org forum members that also
found title and volume keys of several movies in main memory of a software
player called WinDVD.
On January 2, 2007 "muslix64" published a new version of his/her program, with
volume key support.[1]
Cyberlink, developers of PowerDVD maintain that their software was not used as
part of the exploit.[2]
The claimed attack (extraction of the encryption keys from a software player)
highlights the inherent weakness of software movie players for the PC platform.
The use of encryption doesn't offer any true protection in this scenario since
the software player must have the encryption key available somewhere in memory
and there's no way to protect against a determined hacker extracting the
encryption key (if everything else fails the user could run the program in a
virtual machine making it possible to freeze the program and inspect all memory
addresses without the program knowing). Avoiding such attacks would require
changes to the PC platform (see Trusted Computing) or that the content
distributors do not permit their content to be played on PCs at all (by not
providing the companies making software players with the needed encryption
keys). Alternatively, they could use the AACS system's revocation mechanism to
revoke a specific software player after it is known to have been compromised. In
that case, the compromised players could still be used to break old titles but
not newer releases as they would be released without encryption keys for the
compromised software players requiring hackers to break other players. The
latter alternative is not a desirable option, because it would result in
legitimate users of compromised players being forced to upgrade or replace their
player software in order to view new titles.
On January 13, 2007 "LordSloth" on Doom9 discovered how to grab the volume
license keys from WinDVD's memory. With that discovery, it became possible to
take backup of HD DVDs. Later that day, the first pirated HD DVD, Serenity, was
uploaded on a private torrent tracker.
http://en.wikipedia.org/wiki/HD_DVD#Muslix64.27s_exploit
http://en.wikipedia.org/wiki/BackupHDDVD
In the meantime Vista's first service pack is being prepared...
http://www.internetnews.com/ent-news/article.php/3655931
And the European Comission's being lobbied to declare Vista illegal..
http://www.pcmag.com/article2/0,1895,2087727,00.asp
What a fuss !
Graham