A "hacker" on the Doom9 forums claims that he has found a new
method that enables decryption of commercial high-definition
Blu-ray and HD DVD video movies.
The new approach is claimed to be more efficient than the previous
one introduced by Doom9 members jokin and Muslix64 some weeks ago.
Muslix64 had developed a technique where he could find essential
elements required by the video decryption procedure, the Volume
Unique Key (Kvu), by extracting it from the playback software. This
method had to be repeated for each HD DVD or Blu-ray disc, since the Volume Identifier (stored onto Prerecorded media) used to create the Volume Unique Key is unique to each individual title.
Doom9 user arnezami used a software called USB sniffer to connect
to an HD DVD drive as a mass storage device. The software slowed
down the playback of an HD DVD disc and arnezami searched for
changes in critical locations in memory. Once those changes were
spotted, playback halted, and the changed memory contents were
tested for a sequence of bytes that can be validated as a Volume
Identifier.
To make things clearer, let's start with some basics of the AACS
encryption procedure. The pictures below are hopefully
enlightening:
Starting from the video title (pre-recorded media), it includes the
Media Code Block (MKB) decrypting tool, which is provided by AACS
LA to media and player manufacturers. Each player is given a set of
secret Device Keys (Kd) when manufactured. These Device Keys, are
provided by AACS LA, and are used by the player to process the MKB
to calculate the Media Key (Km). This key is then combined using
the AES algorithm to create the Volume Unique Key (Kvu). It was
this Volume Unique Key that Muslix64 captured in memory from the
playback software. The Volume Unique Key is then combined with an
encrypted Key stored on the disk to create the Title Key (Kt) which
is the final key required for the decryption the video and audio content on the disc itself.
The Title Key (Kt) was actualy used to orignaly encrypt a title.
In the above image, calculating the Media Key (red part) was the
hardest procedure. This was already achieved by Muslix64 using a
software player and debugging/snooping its memory . This only has to be
done once per MKB.
The yellow part was also easy, according to arnezami. Actually
the Volume Identifier was nearly predicted. In a bizarre twist, he
found out that the volume ID was actually guessable, at least for one
disc: It was a decimal-encoded permutation of the production date
of the disc (9/18/06). Arnezami said that alternatively, the Volume
Identifier could be got via simple USB sniffing.
However, such actions could force the AACS LA to begin circulating
revocation keys that disable once valid media keys from being able
to locate the proper VUK.
AACS documentation indicates: "If a set of device keys is
compromised in a way that threatens the integrity of the system, an
updated MKB can be provided by the AACS LA that will cause a
product with the compromised set of device keys to calculate a
different key than is also computed by the remaining compliant products.
In this way, the compromised device keys are 'revoked' by the new
MKB."
So the media key block contains information that a device uses to
decrypt future discs, written in such a way that their very use
revokes the ability for that device to read existing discs.
But such a move could make already legally purchased HD DVD video
content unusable - a major challenge for industry.