Yet a deeper crack in the AACS

Hal Finney hal at finney.org
Sat May 5 14:25:11 EDT 2007 

> Article "AACS cracks cannot be revoked, says hacker"
>
> http://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html
>
> Excerpt: "The latest attack vector bypasses the encryption performed
> by the Device Keys -- the same keys that were revoked by the WinDVD
> update -- and the so-called 'Host Private Key,' which as yet has not
> been found. This was accomplished by de-soldering the HD DVD drive's
> firmware chip, reading its contents, and then patching it. Once that
> was done, the firmware was soldered back onto the drive."

This article was not too accurate, and further progress has been
made.  At this point it is possible to remotely patch the firmware
of a particular kind of HD-DVD drive so that it will provide certain
information without the usually required authentication.  This makes it
easy to retrieve the per-disk "Volume ID", which must be combined with
the widely-published Processing Key to generate the media keys that
can decrypt content.  If this Processing Key is invalidated on future
releases, this hack will not be useful until new keys are discovered.
It provides only part of the picture.

The hack was a real accomplishment because firmware updates had to
be authenticated with what was apparently something like an AES-based
CBC-MAC.  The hackers had to figure this out without much background
in cryptography and working only with dumps of the firmware that used a
somewhat obscure embedded CPU.  They had to figure out what CPU was being
used, find a disassembler for it, and examine assembly language dumps to
deduce that crypto was involved, recognize AES, and see how to create
their own checksums that would make their firmware updates succeed.
Just goes to show the motivation and hard work that hackers bring to
these efforts, largely for the love of the challenge.

It's possible that the ability to modify firmware will lead to more
successes for the hackers in the future, perhaps helping them to break
into future versions of software players to extract their embedded keys.
I peruse the doom9.org forums from time to time, where this work took
place right out in the open, before the public eye.  Definitely some
smart people involved there.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list