Hollywood faces up to DRM flop
The system designed to protect next-generation DVDs from pirates has been cracked - and even the hackers are surprised at how easy it was, says Bobbie Johnson.
Thursday February 22, 2007
This weekend, studio executives from Hollywood will be all smiles as they congratulate each other on their successes at the annual Oscars ceremony. But behind the grins, champagne and glamorous gowns, they are contemplating the biggest blockbuster flop in history. This time it's not a movie, but studio technology that hasn't lived up to its billing. The systems intended to lock pirates out of the new generation of high-definition DVDs have been cracked.
Both of the next-generation DVD formats - Sony's Blu-ray and Toshiba's HD DVD - use a protection mechanism called the Advanced Access Content System (AACS), a hugely complex and expensive beast aimed at rendering unauthorised copies useless.
But what took countless dollars and years of work to create was undone in just a few weeks by a hacker who in effect unlocked every single Blu-ray and HD DVD disc now in circulation.
"The developers spent billions, the hackers spent pennies," said Cory Doctorow, an opponent of digital rights management (DRM) who blogs at BoingBoing.net. "For DRM to work it has to be airtight - there can't be a single mistake. It's like a balloon that pops with the first prick."
The hacker, "Arnezami", posted a blow-by-blow account of the process on the Doom9 website, a famous haunt for crackers and pirates. It wasn't even a particularly complex attack; the only weapons used were an Xbox 360, a computer and a copy of King Kong. And instead of deciphering the complex cryptography that protects every high-definition movie, the hackers circumvented the entire process by discovering one of the crucial keys that unlocks the encrypted information.
Watching the protection unravel was like watching a cat playing with a ball of string - and even those doing the work could hardly believe such luck.
"Wow, I think I did it," Arnezami wrote. "It's pretty incredible that a carefully thought-of encryption system is now reduced to, at worst, a guessing game. Somebody should feel very ashamed."
Over the years, the Hollywood machine has become as famous for its flops as its successes. Where films like Jaws once ruled the cinemas all summer, modern blockbusters are built for impact - lavish multimillion-dollar productions that spend a week on top of the box office charts before fading into history.
The same seems to be true of DRM systems, which are costing more and more to develop despite being broken with increasing speed. In the late 1990s it took a Norwegian teenager, Jon Lech Johansen, months to crack DVD's DeCSS protection. These days that must seem like a luxury.
"Blu-ray is incredibly well-designed," says Bruce Schneier, the chief technology officer of BT Counterpane and a respected security expert. "If they're smart, they'll have been expecting this, and if they're lucky they'll be able to fix it - not with the DVDs that are already out there, but with ones coming in the future."
At first some doubted Arnezami's claims, but it quickly became apparent that the processing key was able to unlock almost anything that came its way. Within days the system's creators, the AACS licensing authority, responded.
"AACS has confirmed that an additional key has been published on public websites without authorisation. This is a variation of the previously reported attack on one or more players sold by AACS licensees," said a statement. "Although a different key was extracted, this represents no adverse impact on the ability of the AACS ecosystem to address the attack. All technical and legal measures applicable to the previously reported attack will be applicable against this attack as well."
The language is measured, but reading between the lines reveals otherwise. Arnezami's revelation is treated dismissively, but is not refuted; in fact, it is only the "AACS ecosystem" that has survived.
In other words, producers will be able to change the keys on forthcoming products to try to prevent this crack from being successful in the future. The effects have already rippled through the industry. Fox, one of the major backers of Blu-ray, has delayed a raft of high definition movies it was preparing to release, presumably to recode them and tighten up procedures.
In the meantime, customers are left waiting empty-handed while Hollywood carries on spending money on a system that failed to do its job properly.
Even the assumption that AACS has a backup plan to beat this particular crack is debatable, because nobody can be sure what measures are being taken. The AACS licensing authority was invited to take part in this article, but refused.
Campaigners continue to argue about the rights and wrongs of digital rights mechanisms - but what good is any protection system if it fails?
Meanwhile, as the studios look to restrict their official products even further, the Swedish anti-copyright group The Pirate Bay - identified by the US-based International Intellectual Property Alliance as one of the most dangerous groups in the world - is distributing BitTorrent versions of Oscar-nominated movies with impunity at oscartorrents.org.
"The movie industry learned from the music industry's lesson - that you should never offer too perfect a product, so that you can sell your customers an improved version later," says John Buckman, whose online record label, Magnatune, does not use protection systems. "The appeal of BitTorrent files is not only that they're free - they are a better product than you can buy at any price." And free, too, of DRM.
In the end, say experts, vested interests are at play, and a whole industry of companies and experts is profiting from the false promise of a silver bullet for piracy.
"It is an impossible problem, like making water not wet," says Schneier. "These systems are supposed to be able to recover from breaks, but the cracks are going to get better. It's a never-ending arms race."
How the hackers did it
Both Arnezami and another hacker, Muslix64, who managed a similar attack, realised that it is easier to bypass the protection system than try to decode it. A high definition DVD includes a number of software 'keys' to decrypt the content; there's also one built into the player. One of the keys identifies the movie. By watching the information streaming from the DVD itself, Arnezami was able to pick up one of those codes - and realised that the "unique" identifiers were actually based on simple information such as the title of the movie. A couple of steps later, Arnezami was able to spot another more useful key, which helped circumvent the decryption process. Hackers are now building software that can exploit the hack and play any high-def disc in any computer - which in turn will open the door to free copying. Fixing the crack will be expensive and awkward for the movie studios: future pressings of DVDs will need to use different, unbroken keys, and it is likely they will have to randomise the codes on every future HD and Blu-ray DVD rather than use the same one for every copy of a movie.
· If you'd like to comment on any aspect of Technology Guardian, send your emails to firstname.lastname@example.org
Guardian Unlimited ; Guardian News and Media Limited 2007