AACS Subversion Continues with Device Key Extraction

A new user of the same online forum where one user last December reported having retrieved the title key for a specific HD DVD movie, and another user demonstrated a method for extracting a title key that could be applied to an automatic process, reports that he has been able to fish for the AACS device key -- the unique cryptographic element licensed to each player hardware or software component by AACS LA -- using a memory dump during the execution of the Windows-based player WinDVD 8.

Other users of the same forum, including the user with handle arnezami who earlier had automated the process to locate title keys, confirmed the discovery of device keys in independent tests.

While the discovery is nowhere close to having "cracked AACS" as one site puts it -- a screenshot of whose headline appeared on NBC News' local TV affiliates this afternoon as proof that it must have happened -- it shows that individual efforts to pick all the locks that comprise the AACS protection scheme are succeeding faster than had been earlier predicted.

Specifications published in February 2006 by the AACS Licensing Authority explain the purpose of the device key: "Each recordable medium that contains encrypted content will contain an MKB [media key block] in the Read/Write area. This MKB will enable all compliant devices, each using their set of secret Device Keys, to calculate the same Media Key as described in the Introduction and Common Cryptographic Elements book of this specification. If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that will cause a device with the compromised set of Device Keys to be unable to calculate the correct Media Key. In this way, the compromised Device Keys are 'revoked' by the new MKB."

In other words, each high-definition disc contains a special segment whose contents include the tools that a player would need to adapt to its own software, in order to decrypt the contents. That's the media key block. Its own title key, coupled with the device's own key, produce a secret key (not unlike the way SSL encryption works for the Web) that can decrypt the disc's contents.

Every manufacturer of consoles, components, and software is licensed a set of device keys for use with its equipment; theoretically, a set of such keys exist for each manufacturer, though it remains a matter of considerable speculation how unique each device key is.

That matter becomes extremely important as AACS faces the first of potentially many such challenges which its creators contended it was designed to not only face but thwart. According to the AACS specifications, newly published content can contain certain revocation data that alters the licensed device keys for any devices whose protection has been subverted using the methods the members of the Doom9 forum are now attempting. If AACS were to "throw the switch" -- and it wouldn't require a ceremony to do so -- new HD DVD discs played using the subverted software could change its device key so that the software can no longer play the movies they played before.

The extent to which revocation impacts a high-def component's ability to play movies -- whether it's just a few, or all movies produced before a certain date, or any movie whatsoever -- has yet to be seen. A very technically replete explanation of the revocation technique written by arnezami shows that these fellows are well aware of the potential storm they may be triggering.

But their aim -- at least the stated ones -- has not been to pirate and distribute movies, but to find a way to create everyday software for users to be able to back up the legitimately owned content of any HD DVD or Blu-ray Disc (which also uses AACS) to recordable medium. Some software presently available -- for instance, a new version of AnyDVD -- claims to be capable of backing up high-def discs whose title keys have already been retrieved by others, although such software is presently dependent on third parties who manually find title keys, although they're frequently posted to the Web.

Still, their work is being treated as an "attack" by AACS LA, thus heightening the possibility that it may respond in kind. Just how much the authority believes it's being attacked may yet be measured by the extent of device key revocations, if indeed they are to come.