To start a story and Digital Right Management being circumvented it is best, perhaps, to start with a quotation by Muslix64 — blessing be upon that name — who did the cracking. The hacker said:
‘Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad.’
That is it in one. You have paid for a movie. You want to have it on assorted machines.
A suit in the film industry — yes, yes, an Armani suit and a Turnbull and Asser tie and Benjie shoes with a haircut by a modern Rodin but still a suit for all that — says that is unfair because it will not pay for dinner at Spago’s which is probably no longer an important noshery but the idea is there.
AACS Licensing Authority now publicly allows that such hack has been done. But, they say, crossing their fingers, touching wood and invoking the name of the tooth fairy, it is but an attack which is ‘limited to the compromise of specific implementations’ and ‘indicate[s] an attack on one or more players sold by AACS licensees.’
Does that mean they are saying there will be no more of them? I think not.
The statement is quite, quite sure it is not a wholesale attack on AACS, nor does it represent a serious threat to AACS. ‘Instead,’ the statement reads, ‘it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised.’
See, you do exactly what daddy tells you and the bogey-man will go away.
Ars Technica, a most solid site although I giggle every time I look at its URL which shows I am a childishly dirty-minded Brit, finds this approach somewhat naive.
Originally, the first break was a software HD DVD player running on the Windows platform PowerDVD/WinDVD).
Muslix64 — who started it all — noted several recurring strings and eventually discovered that the software player had been keeping the all important volume keys in memory. And these keys to the castle were unencrypted. Which the AACS LA suggests is a design flaw. Much the same sort of defense mounted by the car industry against Ralph Nader. (Before your time, ducky.)
The official word is: ‘AACS LA employs both technical and legal measures to deal with attacks such as this one, and AACS LA is using all appropriate remedies at its disposal to address the attack.’ In its Web statement, the group said it would explore ‘technical and legal measures to deal with the attack.’
Good, nay, splendid.
There is little doubt in anyone’s mind that the AACS LA will stop this particular hack. If it could not the film industry would be mightily miffed. Annoyed. Possibly even enraged. So this hole in the defenses will be plugged possibly by some plucky chap from the AACS sticking his finger in the dyke.
Then will come the next hole. And, after that, the next.
If a anti-copyright machine can be invented by any person born of woman, then it can be cracked. And will be cracked because hackers are united against a common enemy, DRM (Digital Rights Management.)
They are willing (nay delighted even, perhaps insistent) to share their findings, one with the other, to make hacking easier, more efficient.
AACS spokesflack Michael Ayers may have been eating those mushrooms again. He said:
‘The large size of the files and the high cost of writable hi-def discs make large-scale copying of high-definition DVDs impractical, but the attacks on the new format echo the early days of illegal trafficking in music files.’
Hold hard my good fellow. Is there some suggestion here that the illegal trafficking in music files has stopped? If he believes that he has been smoking those big, fat funny cigarettes.
Perhaps we should leave the last word to muslix64 — an excellent name which, if I were fathering anymore children, I would give to my next-born. He stated in an interview with Slyck.com that his exploit indeed is an attack on AACS.
‘People say I have not broken AACS, but players. But players are part of this system. And a system is only as strong as his weakest link. Even if players become more secure, key extraction will always be possible. I’m just an upset customer. My efforts can be called “fair use enforcement”’