New AACS Protection Cracked Already
The cat and mouse game continued Thursday between the movie industry and those wanting open access to the content they purchase. Software vendor Slysoft released an update to its popular AnyDVD HD program that copies the latest HD DVD and Blu-ray titles - bypassing the newest AACS copy protection.
Like CSS is for DVD, AACS (view specs) keeps high-definition discs encrypted such that they cannot be copied. Two main keys are utilized by the standard: a device key used by hardware and software players, a volume key stored on each movie title that can be used to decrypt its contents.
A number of volume keys have been leaking since both HD DVD and Blu-ray discs went on sale, but the complexity of finding and integrating every single key into a software copy mechanism is daunting. Instead, hackers have focused on device keys, which are used to automatically access volume keys.
In February, the device key for licensed software player WinDVD was found, and in March the device key used by PowerDVD was extracted from the program. Because of the risk of leaking device keys, AACS LA -- the licensing authority behind the copy protection standard -- built in a revocation system, which it activated in April.
AACS LA provides both disc and player manufacturers with a common software decryption tool called a media key block (MKB). Using the device keys assigned to player manufacturers by AACS LA, players retrieve information from special locations on each disc that enables them to calculate the MKB.
Citing from AACS' own documentation: "If a set of device keys is compromised in a way that threatens the integrity of the system, an updated MKB can be provided by the AACS LA that will cause a product with the compromised set of device keys to calculate a different key than is computed by the remaining compliant products. In this way, the compromised device keys are 'revoked' by the new MKB."
Essentially, newer high-def movies will ship with a revocation key that disables the device key that has been compromised. AACS in April revoked the keys used by WinDVD and PowerDVD, requiring the players be updated or not be functional with the latest content.
Of course, those hackers who accessed the device keys in the first place can simply do so with the updated versions of the software - which it appears they have done. Decrypted content must exist in memory at some point in order for it to be played, which means that the tools for that decryption must be addressable, if only briefly.
The second and third discs in the newly released Matrix Trilogy on HD DVD are protected by the new AACS MKB - version 3. But less than 24 hours after their release, AnyDVD HD 188.8.131.52 Beta was made available with support for the discs.
AACS LA was notably unhappy with those publishing leaked device keys on Digg, but it has yet to take action against Slysoft. The company bills its software as a way to backup movies already purchased, and does not condone piracy.
A bill re-introduced in the US House of Representatives would make exceptions to the law so that individuals could subvert copy protection for personal purposes only, which would make it impossible for studios to prove copyright infringement violations against individuals unless they could prove their copying falls outside of fair use provisions.
With legislation such as the FAIR USE bill having a better chance of passage than ever before, content providers will certainly be searching for new legal precedent for charges against suspected violators. One such approach will be to claim that the device keys are property of AACS LA, and by integrating them into software such as AnyDVD HD, it could constitute a misappropriation of stolen property.