Sparring begins over high-def movie hacks

A cat-and-mouse game between the guardians of the copy-protection system on next-generation DVDs and those intent on hacking it has kicked off with the first revocation of a descrambling key used in a popular software application.

Last week the Advanced Access Content System Licensing Administrator said it was expiring a key used in Corel's InterVideo WinDVD 8 application after the key was discovered and posted on the Internet.

Writing on the Doom 9 message board, a user with the name "Atari Vampire" said that he or she had managed to find the device key for the software. The device key is used in conjunction with individual keys on each movie title to decrypt the data on the disc.

In response Corel is updating WinDVD 8 with a new device key and warning users that they won't be able to watch HD DVD or Blu-ray Disc titles unless they upgrade.

"Our decision stems from recent reports that hackers have illegally obtained certain software licensing keys and have used them to duplicate copyrighted content without prior authorization," Corel said in a statement.

The discovery of the device key is the latest in a string of attacks on AACS, which is used on both HD DVD and Blu-ray Disc.

The first to be disclosed was a title key for Stanley Kubrick's 1987 film, "Full Metal Jacket." A user with the name "Muslix64" posting to the same discussion board said he or she began attacking the copy-protection system after it prevented the viewing of the movie on a high-definition monitor. As an anti-piracy measure the system only allows high-definition video output over a monitor connection that supports copy protection.

Then on Feb. 13 an additional key, called a processing key, was also published online.

AACSLA downplayed the impact of both attacks, saying of the first that it "does not represent an attack on the AACS system itself" and of the second that it "represents no adverse impact on the ability of the AACS ecosystem to address the attack."

Ironically technical documentation on AACSLA's own Web site appears to be lending a hand to people like Atari Vampire who are looking for weaknesses in the copy-protection system.

"I even printed out all 70 pages of the AACS Introduction and Common Cryptographic Elements document, painfully reading through this material," wrote Atari Vampire before explaining how an analysis of memory contents was conducted using data "per page 13 of the AACS Common Crypto doc."

The attacks to date have all involved exploiting weaknesses in PC software used to play the discs and in this respect they bear a close resemblance to the downfall of the CSS (content scrambling system) used on DVDs. The first attacks on that system were through badly written software rather than a brute-force attack on the encrypted data. The cracking of CSS has led to the widespread availability of software that can copy DVDs.