Blu Ray protection cracked.

[MKSheppard]

Link

Blu-Ray Copy Protection Breached

A West Indies company says it has defeated the BD+ DVD copy protection scheme, which was thought to be virtually impenetrable.

By Thomas Claburn
InformationWeek
March 24, 2008 05:05 PM

The second line of defense to prevent Blu-ray discs from being copied has been breached: SlySoft, a software company based in Antigua, West Indies, said last week that its AnyDVD HD 6.4.0.0 disc copying program can now "make backup security copies of Blu-ray discs protected with BD+."

The first line of defense for Blu-ray discs, the Advance Access Content System (AACS) copy protection scheme, was defeated in late 2006. Efforts to keep the 32-bit AACS processing key off the Internet failed spectacularly in 2007 when foes of copy protection schemes posted the sensitive number in a variety of forms on Digg and other Web sites.

The technology behind BD+ was developed by Cryptography Research and sold to Macrovision in November 2007. BD+ is supposed to serve as a secondary layer of protection to prevent Blu-ray disc content from being copied.

In the July 8, 2007 issue of Home Media Magazine, Richard Doherty, a media analyst for the Envisioneering Group, said BD+, unlike AACS, wouldn't likely be breached for 10 years.

SlySoft, in a March 19 press release, repeated Doherty's prediction and noted that it had succeeded in circumventing BD+ only eight months after his statement.

"We are rather proud to have brought back to earth the highly-praised and previously 'unbreakable' BD+," said Peer van Heuen, head of high-definition technologies at SlySoft, last week. "However, we must also admit that the Blu-ray titles released up to now have not fully exploited the possibilities of BD+. Future releases will undoubtedly have a modified and more polished BD+ protection, but we are well prepared for this and await the coming developments rather relaxed."

BD+ is designed to be responsive to attempts to circumvent it, so it is likely that Macrovision will be able to take steps to re-lock compromised Blu-ray titles. Indeed, Macrovision suggests such action is forthcoming.

"Macrovision does not comment on specific techniques or procedures that may directly impact the BD+ security technology," said Eric Rodli, executive VP and general manager of entertainment at Macrovision, in an e-mailed statement. "BD+ is a security response system designed to react to security attacks, not prevent them entirely. As part of this system, updated BD+ security code is continuously developed so that BD+ customers obtain ongoing value from the use of this technology."

[Durandal]

Shocking. They encrypted content so the consumer wouldn't be able to decrypt it, but then they gave the consumer a machine which could decrypt it, and the consumer decrypted it.

[Darth Wong]

I've been a fan of SlySoft for a while. Their CloneDVD and AnyDVD packages kept moving forward even after DVDShrink and DVD Decryptor got shut down.

PS. Yes, I'm perfectly aware that it's illegal to use AnyDVD in America, where it violates the DMCA. But I'm not an American, and it's not illegal for me to use it, particularly if I'm using it to make edited copies of DVDs that I legally own.. This is something I do all the time with porno, where a typical porno might only be 20% decent, and 80% shit, so I copy and paste chunks of a half-dozen different pornos to make a single disc. I also do it with conventional films on occasion, in order to make edited versions of films for my kids where certain disturbing scenes have been cut out.

[Zixinus]

Anyone who didn't see this coming please stand up! Please stand up!

...

Why did suddenly everyone dropped to the floor?

[/bad joke]

The battle between "publishers who don't want consumers to share their stuff "and "consumers who want to share their stuff and don't give a shit about the publisher" continues.

Seriously, am I the only one that sees a social issue here? One side completely ignores the law or shits on it from orbit while the other ruthlessly tries to prevent the first thing happening.

Any copy protection that works on an off-line basis will be cracked sooner or later. The best that can be hoped for is that it happens later.

[phongn]

Shocking. They encrypted content so the consumer wouldn't be able to decrypt it, but then they gave the consumer a machine which could decrypt it, and the consumer decrypted it.

Well, even that isn't necessarily bad design (virtually every computer has the ability to securely transmit and receive data - TLS/SSL) - but the fact remains that even good design can be undermined by poor implementation. Both HD-DVD and DVD's encryption schemes were initially broken that way, after all (via unprotected keys).

I suppose we'll have to see if BD+'s vaunted ability to be fixed in the field can correct for this flaw.

[Oskuro]

Well, no wonder the Blu-ray discs are so fucking expensive, if they are devoting so much effort into this.

It's a given that any protection system will be eventually defeated, my guess is they mostly want it as a deterrent for casual users who don't have the basic know-how required to do it (or to look up how to do it).

I'm not in favor of piracy (and thus of legit creators not getting payed for their work), but all this next-gen-format stuff feels a lot like getting rammed up your rear by the wrong end of a broom. A fancy named broom, of course.

[Praxis]

It's a given that any protection system will be eventually defeated, my guess is they mostly want it as a deterrent for casual users who don't have the basic know-how required to do it (or to look up how to do it).

While I agree with that assessment, I think it's remarkably stupid. You can block millions of people from being able to rip the content, but if ONE tech savvy person does it and uploads it to BitTorrent, those millions will just get it off of him.

[Durandal]

Well, even that isn't necessarily bad design (virtually every computer has the ability to securely transmit and receive data - TLS/SSL) - but the fact remains that even good design can be undermined by poor implementation. Both HD-DVD and DVD's encryption schemes were initially broken that way, after all (via unprotected keys).

I suppose we'll have to see if BD+'s vaunted ability to be fixed in the field can correct for this flaw.

DRM systems in general are all poorly designed because they use traditional encryption models in a situation where they don't apply. In the DRM model, the attacker and intended recipient of a message are the same person. The idea that you can keep a person from decrypting content you've given him the keys to decrypt is just foolish.

[Beowulf]

Shocking. They encrypted content so the consumer wouldn't be able to decrypt it, but then they gave the consumer a machine which could decrypt it, and the consumer decrypted it.

Well, even that isn't necessarily bad design (virtually every computer has the ability to securely transmit and receive data - TLS/SSL) - but the fact remains that even good design can be undermined by poor implementation. Both HD-DVD and DVD's encryption schemes were initially broken that way, after all (via unprotected keys).

I suppose we'll have to see if BD+'s vaunted ability to be fixed in the field can correct for this flaw.

Well, generally speaking, encryption is supposed to hide communication from Alice to Bob from Eve. The problem with DRM in general is that Eve is Bob. The consumer necessarily must have all the tools required to decrypt the media.

[Admiral Valdemar]

Well, generally speaking, encryption is supposed to hide communication from Alice to Bob from Eve. The problem with DRM in general is that Eve is Bob. The consumer necessarily must have all the tools required to decrypt the media.

This is where Sony has been going wrong all these years with their beloved DRM. Instead, they should deny any of those parties the capability to decrypt the data, that way NO ONE can try and steal the content.

Pretty nifty, eh? The studios will be lining up for this new change of strategy to keep their copyrights safe.

[Chris OFarrell]

Now you've done it Vlad, you just KNOW someone has heard this at Sony and has started to think that this really IS an awesome idea.

Frankly I'm expecting Sony will probably encode each Blue Ray disk with a one time cypher that it has to connect to the internet and decrypt on the fly or something, just wait for it...

[Admiral Valdemar]

Or package blank discs in printed cases and sell them. Stranger things have happened.

I'd love to know how many billions have been sunk into anti-piracy countermeasures by Sony, Microsoft and the big music and movie studios.

[Andrew_Fireborn]

Or package blank discs in printed cases and sell them. Stranger things have happened.

I'd love to know how many billions have been sunk into anti-piracy countermeasures by Sony, Microsoft and the big music and movie studios.

I'd imagine its where the real "Piracy hurts us THIIIIIIS much" number comes from. Though even so, I think it's still an exaggeration.

[Darth Wong]

Nothing is beyond the greed of the big media companies. Remember the asshole who said that people who skipped over commercials on their VCRs or DVRs were committing theft and should be charged?

[Drooling Iguana]

Cool. If they don't "fix" this and the decryption tool become freely available and integrated into applications like MPlayer and Xine I might actually start buying Blu-Ray movies.

[Singular Intellect]

Nothing is beyond the greed of the big media companies. Remember the asshole who said that people who skipped over commercials on their VCRs or DVRs were committing theft and should be charged?

*blinks* You've got to be shitting me?

[Praxis]

Nothing is beyond the greed of the big media companies. Remember the asshole who said that people who skipped over commercials on their VCRs or DVRs were committing theft and should be charged?

*blinks* You've got to be shitting me?

You think that's bad? There was a music exec that stated that everyone who puts music on an iPod is illegally duplicating the music since they copied it off a CD they owned.

[Durandal]

Now you've done it Vlad, you just KNOW someone has heard this at Sony and has started to think that this really IS an awesome idea.

Frankly I'm expecting Sony will probably encode each Blue Ray disk with a one time cypher that it has to connect to the internet and decrypt on the fly or something, just wait for it...

That's the obvious next step, and as I understand it, the Blu Ray standard provides for such a mechanism. It still carries the same problems though, since the key must reside in the decoder box's memory at some point. Not to mention that it's a gigantic breach of personal privacy and would render you unable to watch movies if your Internet connection went down, so I doubt consumers would respond too favorably to it.

[Shroom Man 777]

Thank you! Now pirated PS3 DVDs will be available for the hard-working and glorious proletariat of the Third World nations of the World! The revolution continues and the decadent bourgeois pigdogs have been defeated once more!

YES

[So, yes. As a dude from the Philippines where pirated stuff comes out of the wazoo, I happily support the cracking of any anti-piracy measure. Fuck you, Cutler Beckett. Heave ho and yo-ho-ho!]