Feeds

Hacker cracks HD copy protection

Years to develop; days to break

SANS - Survey on application security programs

A lone hacker has unlocked the master key preventing the copying of high-definition DVDs in a development that is sure to get the entertainment industry's knickers wrapped tighter than a magnet's coil. What's more, the individual was able to defeat the technology with no cracking tools or reverse engineering, despite the millions of dollars and many years engineers put into developing the AACS (Advanced Access Content System) for locking down high-definition video.

A hacker going by the name arnezami on the Doom9 discussion boards, has been hard at work for at least the past eight days, when he first claimed to have discovered how to read the volume ID of the movie King Kong. Over the coming days, he documented his progress, with the Eureka moment occurring on Sunday, when he was able to confirm the validity of his method for identifying the processing key. Combining the two allowed him to unlock the copy protection.

After getting some much-needed sleep, arnezami was back to explain how he accomplished his feat. While his player loaded the Kong disc, he closely looked for changes being made to a certain part of his computer memory. Making a memdump with the WinHex file editor, he was about to find the key fairly easily.

Forum participants continue to debate the implications of arnezami's handiwork. What's known for sure is that his hack unlocks the encryption used to protect content on every Blu-ray and HD DVD disc released to date. Several participants have downplayed the significance of the discovery, reasoning that it could be undermined in the future if the keys are changed or revoked.

But arnezami and others argue it will not be possible for copyright holders to squeeze the toothpaste back into the tube. If a processing key is revoked, hackers can use a player compatible with the new one, insert a disc that's already been cracked, and sniff around in memory for the new processing key.

This week's hack is only the latest sign that the plan to prevent the copying of digital content is less straightforward than Hollywood hoped. Over the past two months, a hacker on the same discussion board who goes by the nick muslix64 disclosed other ways to circumvent copy protections in Blu-ray and HD DVD. Unlike arnezami's method, however, the earlier approach relies on obtaining the unique key for a particular title, making the hack more cumbersome. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.