After HD DVD, Hacker Similarly Unlocks Blu-Ray Protection

The hacker who cracked HD DVD copy protection has struck again, this time on Blu-ray. The coder identified as Muslix64 has used the same plain text technique as in the case of the HD DVD attack. The coder would read a key embedded in the memory of a player running a HD DVD disc to succeed in decrypting the movie and then modify it as an MPEG 2 file.

Seeing it from a broader perspective Muslix64 has not unfolded AACS (Advanced Access Content System) in the true sense, as there is a separate key for each movie. In the second event, the coder decrypted 'Lord of War' and saved it as MPG 2 files.

At the Doom9 DVD conversion forum members were analyzing the copy protection technique applied to a Blu-ray format.

As per general practice both HD DVD and Blu-ray rely on HDCP (High-Bandwidth Digital Content Protection) for authentication of playback display and similar implementation of AACS to facilitate content encryption.

In just the same way as AACS protection supports HD DVD, Blu-ray seems to hold a distinct key assigned for each movie in the principal memory. If the hacker is able to read that key, he can open the disc lock and enable copying it.

The keys to unlock a bundle of movies have already been posted on the Net. These movies - Lord of War, The Devil's Rejects, The Fifth Element, Terminator 2, Good Fellas, Corpse Bridge and Ice Age II have all been turned vulnerable.

There was nothing unusual about cracking Blu-ray as it too uses the same AACS system as does HD DVD. However, the process of implementation in the two formats is slightly different.

Perhaps Sony thought that since AACS revolves around one key, it would be more secure. But Muslix64 removed AACS and found it was possible to play the earlier AACS-protected files using a freeware video player like VideoLan.

As mentioned earlier, Muslix64 employed plain text attack to crack both formats and the difference between the two cracks is based on a special technique. Muslix64 launched attacks of data streams rather than unlocking the BD/ HD player software.

Related article: After Twitter Scam, Phishers Targeting Digg

» SPAMfighter News - 1/29/2007