An alleged copy of an Ultra HD Blu-Ray disc has appeared online, leading to speculation that AACS 2.0 has been cracked:
While there is no shortage of pirated films on the Internet, Ultra-high-definition content is often hard to find. Not only are the file sizes enormous, but the protection is better than that deployed to regular content. UHD Blu-Ray Discs, for example, are protected with AACS 2.0 encryption which was long believed to unbreakable.
A few hours ago, however, this claim was put in doubt. Out of nowhere, a cracked copy of a UHD Blu-Ray Disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!"
[...] If the encryption has indeed been broken it will be bad news for AACS, the decryption licensing outfit that controls it. The company, founded by a group of movie studios and technology partners including Warner Bros, Disney, Microsoft and Intel, has put a lot of effort into making the technology secure.
"Atmos" refers to Dolby Atmos (see PDF list).
[Update: It is fitting to note that one of our most prolific story submitters happened to garner submission number 20,000! Congrats and many thanks to Takyon, and to all the rest of the SoylentNews community who have made this achievement possible. --martyb]
(Score: 0) by Anonymous Coward on Thursday May 04 2017, @03:47PM (19 children)
how can something be securely encrypted when anyone can just buy a random machine, a random disk, and they can still view the contents of the disk?
my guess is that there are keys that are distributed to the manufacturers of the machines, and they are present in the machines somewhere. Is this wrong?
because if it's not, it's just a matter of enough patience, right?
(Score: 3, Interesting) by Immerman on Thursday May 04 2017, @04:02PM (4 children)
That's how it was done with DVDs at least, though it's not impossible they added some dial-home shenanigans as well. What makes it tricky is that the keys are generally stored in hardware inaccessible to normal software, with device manufacturers being required to jump through a bunch of hoops to make it as close to impossible to access them as they can, since it's essentially impossible to crack modern encryption unless there's a major flaw in the implementation.
As I recall, with DVDs that patience had to last until some manufacturer got careless and made it substantially easier for someone to extract the keys from their hardware, at which point the house of cards collapsed. I think I recall hearing that the blue-ray spec added regular key updates to prevent a similar collapse - if a key get leaked, that only effects old releases that used that key - new releases just move on to a new key and your player has to dial home to get that key before you can watch them.
(Score: 2) by DannyB on Thursday May 04 2017, @04:26PM (2 children)
So that means your (everyone's) investment in a blue-ray disk is at risk of the key it uses is compromised. The older your disk gets, the more at risk it is of no longer working.
I was going to watch a blue-ray disk at a friend's one time and his player had to phone home first, which delayed everything considerably.
It seems like they want to give everyone as many reasons as possible to avoid blue-ray.
Santa/Satan maintains a database and does double verification of it.
(Score: 2, Informative) by Anonymous Coward on Thursday May 04 2017, @04:38PM (1 child)
So that means your (everyone's) investment in a blue-ray disk is at risk of the key it uses is compromised. The older your disk gets, the more at risk it is of no longer working.
That is incorrect.
They do not revoke per disc-keys.
They revoke per-player model keys, and new keys are made available to 'legit' players that phone home.
Its actually more complicated than that, lots more indirection involved.
But for the purposes of all non-pirates that is effectively how it works.
(Score: 5, Insightful) by edIII on Thursday May 04 2017, @05:08PM
That shit is why I never bought BluRay to begin with. I'm happy enough with the products the pirates put out, which are far far far superior.
For instance, my pirated content does not:
1) phone home
2) force me to watch other content
3) make me worry if I have the right encryption software
4) force me to watch that fucking FBI warning again. I've already wasted maybe 2 hours of my life just seeing that damn thing.
5) stop my family from watching the movie that night because we need to download an upgrade, burn it to disk, upgrade the firmware in the device, reboot the device, etc.
It's still easy enough to compensate them. Rent the damn thing from Redbox for 1 minute and return it. Compensation on the way ......
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by kaszz on Friday May 05 2017, @01:00AM
As I recall, with DVDs that patience had to last until some manufacturer got careless and made it substantially easier for someone to extract the keys from their hardware
Actually what happened is that a software based player didn't do their program coding properly so they could be debugged. And the result is known ;)
Besides if anyone really wants the key. It's right in the chip! But at current feature sizes at 45 nm and lower it gets tricky.
(Score: 2) by takyon on Thursday May 04 2017, @04:04PM (13 children)
There are existing Blu-ray "rips". But to my knowledge they all use the analog hole and end up with massively inflated file sizes and degraded video and audio quality.
Patience, yes, due to brute force decryption... and maybe quantum computing.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by MrNemesis on Thursday May 04 2017, @04:27PM
There's certainly plain-jane blu-ray rips; AnyDVD-HD (formerly slysoft, now redfox) will do that for you straight from the disc and a regular BD-ROM drive and will dump the streams out to disk, no analogue hole needed.
Although the groundwork was initially done through vulns in the encryption, because of the BD players mandate on "it must be online and receive firmware updates" (thus patching out software vulns as well as known-broken player keys) I believe most of the work on key retrieval work is now done by hardhacks on the players themselves.
The days of the content cartels allowing the means for playback of their precious IP on general-purpose operating systems are numbered. Everything will be streaming-online only, tied to an account linked to your credit card, only behind a wall of DRM running on a software stack you will not be permitted to control or even look at.
"To paraphrase Nietzsche, I have looked into the abyss and been sick in it."
(Score: 1, Informative) by Anonymous Coward on Thursday May 04 2017, @04:31PM (11 children)
There are existing Blu-ray "rips". But to my knowledge they all use the analog hole and end up with massively inflated file sizes and degraded video and audio quality.
(1) No, all blu-ray rips are bit-for-bit copies because AACS 1.x was cracked many years ago
(2) Screen captures (aka "caps") aren't really the "analog hole" its decode-to-raw to send over HDMI, capture the HDMI bitstream (because HDMI is cracked), re-encode. All steps are digital.
(3) Caps are how netflix, amazon, hulu, etc videos are pirated (except during the times when their DRM is cracked and not yet updated which has happened a couple of time already) are roughly the same size as the original bitstream and not a significant degradation in quality. h264 is not lossless, but the higher quality the source material, the less loss there is in a single generation of re-encoding. For 99% of people the difference between the original bitstream and the cap is indistinguishable.
(Score: 2) by bob_super on Thursday May 04 2017, @04:38PM (6 children)
(2) Why bother cracking HDMI or AACS2, when you can buy a 4K TV for cheap, open it, and tap the screen driver's output?
(Score: 0) by Anonymous Coward on Thursday May 04 2017, @04:41PM (3 children)
Because most pirates aren't that hardcore.
Easier to buy a $100 box from china that does all the work for you.
(Score: 2) by bob_super on Thursday May 04 2017, @04:58PM (2 children)
True, but finding a TV with a broken screen to gut is a lot easier than cracking a modern encryption algorithm, if you want credit for being the first to upload a perfect digital copy of a movie.
(Score: 0) by Anonymous Coward on Thursday May 04 2017, @05:59PM
Yeah... that's not really how it works.
(Score: 2) by kaszz on Friday May 05 2017, @01:04AM
The problem is that you then need to re-encode that data which causes data loss. Top that of with very high speed data issues.
(Score: 2) by epitaxial on Thursday May 04 2017, @05:44PM (1 child)
Ok you have access to this output. Its proprietary and meant to drive LCD panels. What do you feed it into?
(Score: 2) by bob_super on Thursday May 04 2017, @05:58PM
It's typically documented because only 3 companies make LCD panels, and digital so you can plug it into your FPGA eval board of course...
Definitely not for beginners, but simpler and more permanent than cracking keys.
(Score: 1, Funny) by Anonymous Coward on Thursday May 04 2017, @04:43PM (1 child)
Here is an online reencode of a phone cam video of another phone playing back a phone cam video of a security system monitor. Quality isn't something people actually care about.
https://www.liveleak.com/view?i=b87_1489092484 [liveleak.com]
(Score: 3, Touché) by bob_super on Thursday May 04 2017, @05:01PM
Given how many recent Hollywood productions obviously cut budgets by not bothering with a scenario, I'd say picture and audio quality are pretty much the only things left in major movies...
(Score: 2) by takyon on Thursday May 04 2017, @04:59PM (1 child)
I meant to say UHD/4J Blu-ray.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by takyon on Thursday May 04 2017, @05:00PM
4(fuc)K
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]