AACS DRM Cracked/HD-DVD Encryption has been hacked
The war between Blue-Ray and HD-DVD is still in the beginning which frustrates the consumers. One nail in the Blue-Ray coffin might have been added today by a guy who managed to hack the HD-DVD encryption. Being able to backup the expensive HD-DVD movies could win the format war. Most users will not be able to backup their HD-DVDs right away because the process sounds a little bit complicated and the author of the code did not reveal all the information how he managed to rip a HD-DVD movie but the source is available which means that many programmers will take a look and create advanced versions of it.
It took the author 20 days to encrypt the protection using his Xbox 360 HD-DVD drive and lots of free time. He started looking at solutions because he was unable to play a purchased HD-DVD movie using a HD-DVD drive and a HD monitor. I never fully understood why they created such restrictive formats in the first place. They only make their customers angry with restrictions like this, hackers will always find a way.
http://www.youtube.com/watch?v=_oZGYb92isE
The faq that comes with the program gives valuable information. I decided to publish it fully as well.
What is “Backup HDDVD” for?
It can do backup copies of HD DVD movies that YOU OWN! I donÂ’t want anyone to do
piracy here! This software is a good way to protect your investment, because I have
notice that this type of media seems very fragile, if itÂ’s scratched a little or
dirty, it wonÂ’t play. It seems less tolerent than DVD format. (Higher density!)
What “Backup HDDVD” is doing exactly?
This is a java based command line utility that decrypt video files (.evo) from a
HD DVD disk that you own, to your hard drive and you can play them back with a
HD DVD player software.
What are the system requirements to use “Backup HDDVD”
A Windows based system
A HDDVD disk drive
A HDDVD player software (like PowerDVD)
A HDDVD movie(s)
Java rutime 1.5
The possibility to access the content of the disk with a drive letter under windows.
(you may need UDF 2.5 file system driver for this)
A lot of free hard disk space to backup your movies!
Was your first HDDVD movie hard to decrypt?
It took me around a week to do. But I have wasted few days
trying to work on too complicated approach. In fact, it is very simple.
How do you do that?
The program itself has nothing special. It simply implement the AACS
decyption protocol. I have followed the freely available documents about AACS
Have a look at: www.aacsla.com
The trick, is to find what they call the “Title keys”. So I figure out how to
extract them.
How do you extract the “Title keys”?
I wonÂ’t explain it in detail. Read the AACS doc first. You will understand.
The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the
decrypted version of the title key? Think about itÂ…
What kind of crypto algorithms are involved?
Standards algorithms:
ECC-160
ES-128
Look in the AACS doc for more details.
What is the TKDB.cfg file?
This is the Title key Database file. It holds the decryption keys for the movies.
What is the format of this file?
Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
Next fields are pipe “|” delimited.
-Movie Title
-A variable number of Title key, pipe delimited
You have a key number followed by the key value like:
12-08A3DC61910280F2Â…
Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.
The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
Well, you are on your own.
What do you think of the technical aspects of AACS?
The design is not that bad, but itÂ’s too easy to have an insecure player
implementation somewhere. And just one bad implementation is all it needs
to get the keys! There will always be insecure implementations
of a player somewhere! And the “Revocation system” is totaly useless if you use
the Title key directly.
Is there any known problems with the decryption?
Yes. I call this problem the “Nav chain” bug. I realize that I have a lot of
frame skipping at playback after the decryption, so I hunted down the problem.
To avoid the frame skipping, I patch the video file.
This fix allows smooth playback of the movie, but there are some side effects.
What are the side effects of the “Nav chain” bug fix?
You cannot do fast forward, or backward using the round dial, but you can still
use the progress bar to navigate through the film. So itÂ’s not that badÂ…
For some reason, the sub-titles donÂ’t seems to work anymore.
It may be a side effect of the nav chain bug. But may be notÂ…
Why the “Nav chain” bug is called the “Nav chain” bug?
Well, it has something to do with the chaining of navigation pack.
Look at some doc about standard DVD VOB file, you will see.
If someone wants to help me with that bug, please do!
Are you going to support Blu-Ray?
I donÂ’t own a Blu-Ray drive!
Do you plan to do a user interface version?
No, other people will do. You have the source code, so enjoy it!
Do you plan to do a Linux version?
See the previous answer.
I donÂ’t use any windows specific API and this is a java application!
A port to Linux will be easy.
Can you send me some decryption keys? PLEASE!
No.
The war between Blue-Ray and HD-DVD is still in the beginning which frustrates the consumers. One nail in the Blue-Ray coffin might have been added today by a guy who managed to hack the HD-DVD encryption. Being able to backup the expensive HD-DVD movies could win the format war. Most users will not be able to backup their HD-DVDs right away because the process sounds a little bit complicated and the author of the code did not reveal all the information how he managed to rip a HD-DVD movie but the source is available which means that many programmers will take a look and create advanced versions of it.
It took the author 20 days to encrypt the protection using his Xbox 360 HD-DVD drive and lots of free time. He started looking at solutions because he was unable to play a purchased HD-DVD movie using a HD-DVD drive and a HD monitor. I never fully understood why they created such restrictive formats in the first place. They only make their customers angry with restrictions like this, hackers will always find a way.
http://www.youtube.com/watch?v=_oZGYb92isE
The faq that comes with the program gives valuable information. I decided to publish it fully as well.
What is “Backup HDDVD” for?
It can do backup copies of HD DVD movies that YOU OWN! I donÂ’t want anyone to do
piracy here! This software is a good way to protect your investment, because I have
notice that this type of media seems very fragile, if itÂ’s scratched a little or
dirty, it wonÂ’t play. It seems less tolerent than DVD format. (Higher density!)
What “Backup HDDVD” is doing exactly?
This is a java based command line utility that decrypt video files (.evo) from a
HD DVD disk that you own, to your hard drive and you can play them back with a
HD DVD player software.
What are the system requirements to use “Backup HDDVD”
A Windows based system
A HDDVD disk drive
A HDDVD player software (like PowerDVD)
A HDDVD movie(s)
Java rutime 1.5
The possibility to access the content of the disk with a drive letter under windows.
(you may need UDF 2.5 file system driver for this)
A lot of free hard disk space to backup your movies!
Was your first HDDVD movie hard to decrypt?
It took me around a week to do. But I have wasted few days
trying to work on too complicated approach. In fact, it is very simple.
How do you do that?
The program itself has nothing special. It simply implement the AACS
decyption protocol. I have followed the freely available documents about AACS
Have a look at: www.aacsla.com
The trick, is to find what they call the “Title keys”. So I figure out how to
extract them.
How do you extract the “Title keys”?
I wonÂ’t explain it in detail. Read the AACS doc first. You will understand.
The title keys are located on the disk in encrypted form, but for a
content to be played, it has to be decrypted! So where is the
decrypted version of the title key? Think about itÂ…
What kind of crypto algorithms are involved?
Standards algorithms:
ECC-160
ES-128
Look in the AACS doc for more details.
What is the TKDB.cfg file?
This is the Title key Database file. It holds the decryption keys for the movies.
What is the format of this file?
Field 1: SHA1 Hash of the VTKF000.AACS file on your HDDVD disk.
Next fields are pipe “|” delimited.
-Movie Title
-A variable number of Title key, pipe delimited
You have a key number followed by the key value like:
12-08A3DC61910280F2Â…
Key values are 128 bits long, so 16 bytes, or 32 hexadecimal characters long.
The TKDB.cfg file provided with your program is empty or incomplete, what can I do?
Well, you are on your own.
What do you think of the technical aspects of AACS?
The design is not that bad, but itÂ’s too easy to have an insecure player
implementation somewhere. And just one bad implementation is all it needs
to get the keys! There will always be insecure implementations
of a player somewhere! And the “Revocation system” is totaly useless if you use
the Title key directly.
Is there any known problems with the decryption?
Yes. I call this problem the “Nav chain” bug. I realize that I have a lot of
frame skipping at playback after the decryption, so I hunted down the problem.
To avoid the frame skipping, I patch the video file.
This fix allows smooth playback of the movie, but there are some side effects.
What are the side effects of the “Nav chain” bug fix?
You cannot do fast forward, or backward using the round dial, but you can still
use the progress bar to navigate through the film. So itÂ’s not that badÂ…
For some reason, the sub-titles donÂ’t seems to work anymore.
It may be a side effect of the nav chain bug. But may be notÂ…
Why the “Nav chain” bug is called the “Nav chain” bug?
Well, it has something to do with the chaining of navigation pack.
Look at some doc about standard DVD VOB file, you will see.
If someone wants to help me with that bug, please do!
Are you going to support Blu-Ray?
I donÂ’t own a Blu-Ray drive!
Do you plan to do a user interface version?
No, other people will do. You have the source code, so enjoy it!
Do you plan to do a Linux version?
See the previous answer.
I donÂ’t use any windows specific API and this is a java application!
A port to Linux will be easy.
Can you send me some decryption keys? PLEASE!
No.
