|
Posted by Rev. 11D Meow! on 10/11/05 19:41
You are incorrect, sir.
http://www.tbtf.com/resource/CSS-Leitner.html
November 19, 1999
Felix von Leitner grew weary of inaccurate press accounts of the ripping
open of the DVD encryption secret, in late October of 1999. His summary in
translation of his German article on the subject is posted here by
permission.
This material is Copyright 1999 by Felix von Leitner <leitner at fefe dot
de>.
--------------------------------------------------------------------------------
1.. It is difficult (next to impossible) to copyright digital content.
So the film industry decided to implement a copy protection scheme (it does
not matter if it works or not) and legally protect that. Then, if anyone
copies a DVD, they can sue him on violating the copy protection rights.
2.. Like most clueless consortia, they did not ask an expert but defined
their own encryption. This should remind everyone of the spectacular
failures that previous consortia suffered with this strategy (notably the
GSM mobile telephony "encryption" and the pay TV standards). Actually there
is a conspiracy theory that the film industry deliberately made the standard
weak so they more people would break it and they could get more money out of
the combined lawsuits. An interesting side-note is that they actually did
ask an expert (at least one expert, the Intel security officer who designed
the DVD key exchange with the 409 player keys). That expert told them that
their cryptography was weak and they did not listen to him.
3.. The algorithm was proprietary and unpublished. But once software
players can decrypt the DVD you can read the decryption key and binary code
from your computer's RAM and look at it. It is vital to understand that no
amount of obfuscation or "encryption" can prevent this. If the computer can
decrypt the DVD, the decryption code must be visible to the processor and
then it is also visible to the attacker. To blame the DVD crack on Xing
shows an amazing amount of incompetence. Xing probably is the party with the
least "guilt" (if you can talk about guilt in the first place).
4.. Some warez cracker group disassembled the decryption code gleaned
from the Xing player and decompiled it back to C code. This C code was
anonymously published around the world. Among others, the mailing list of
the Linux DVD development effort was one of the recepients.
5.. A cryptographer got hold of this code and wrote a program that would
crack the code by trying all the keys within a single day. That program
would crack a key in at most 17 hours, that is after 8.5 hours average
running time it would have found the key. This is notable because it shows
just how bad the encryption is. The DES crack took eight days on 40
machines, this crack takes 8.5 hours on one machine. And DES is nowadays
regarded as too weak because of that.
6.. The next day the same cryptographer had found and implemented an
attack that would find a key within a fraction of a second if you know 6
bytes of decrypted output.
7.. It was later found that the attack can be enhanced to work with 5
known output bytes. These 5 bytes are known if you watch an encoder
successfully decrypt a DVD! The new attack takes 5 seconds.
8.. The DVD encryption works like this: each DVD is encrypted with a
randomly generated session key. This key is encrypted with 408 different
"player keys", each of the encrypted keys are stored in a sector on the DVD.
Each player vendor must have registered with the DVD consortium and received
a player key. It can then decrypt all the encrypted session keys with its
player key and check if it got the right one against a hash value that is
also stored on disk. The rationale is that, if a player key is compromised,
you can fabricate future DVDs without the session key with that player key,
i.e. you can retract keys.
9.. 5 seconds and 408 keys means that you can decrypt all player keys in
about 30 minutes. The next day someone published "a few hundred random
numbers" with the comment that the generation took 30 minutes. That means
that CSS has been completely broken. This was the event that caused the DVD
consortium to unleash their lawyers. If the DVD consortium would replace all
the player keys on future DVDs, then it would only take another 30 minutes
to break them all, and all the people who have bought DVD players from Sony,
Panasonic, whatever, would have to bring them in for replacement.
10.. The absolute killing stroke was delivered the next day when it was
found out that you can retrieve the session key just by using the hash value
that players use for verification in a mere 20 seconds! That is even if the
DVD consortium would change the DVD player keys every few months, CSS would
still be broken, and there would even be no manual intervention when someone
needs to invest the 30 minutes of CPU time to crack all the player keys.
Conclusion: CSS is amazingly weak. They did almost everything wrong. The
only thing they did right was the retraction scheme for DVD player keys. I
couldn't point at any other thing that they could have done worse than they
already did.
What I find very worrisome about this is that the consumer has to pay all
the money that was wasted on devising and implementing CSS. And now the film
industry is hunting the wrong people with their lawyers. The reverse
engineers posted the stuff anonymously, so the lawyers are going after the
Linux developers who had nothing to do with the whole issue besides that it
was posted on their mailing list.
It is interesting to note that the code came from different players. While
the player key came from the Xing player, the authentication code came from
another player, rumours say it was the Cinemaster player, and the CSS code
comes from an unknown player. At any time there were at least 5 teams
working on extracting the code from different players.
This was not just some kid stumbling upon on a weakly encrypted Xing key
as the media reported.
Felix
"Rick" <deNOBULLlorean@teegee.com.au> wrote in message
news:434bcf71@news1.veridas.net...
>
> "Impmon" <impmon@digi.mon> wrote in message
> news:3a2ik1hms9o5j72tue1bi82gvtmg5qcsln@4ax.com...
>> On Sun, 09 Oct 2005 11:28:18 GMT, Modemac <modemac@modemac.com> wrote:
>>
>>>If these folks are to be believed, then eventually they will do away
>>>with those stupid "regional" codes that prevent Japanese and European
>>>DVDs from being played on DVD players in the USA -- and vice versa.
>>
>> Well, it'd be hacked anyway. Current DVD players were easily hacked
>> and if you happened to own a player that can't be hacked for
>> multi-region you're likely to have a DVD burner where you could rip
>> the DVD, and burn a region-free DVD copy.
>
> The CSS protection of DVD was not hacked at all, it was accidentally
> released in its unencrypted form by XING. The story goes that one of the
> versions of the XING DVD Player was distributed, but one of the developers
> of the program unintentionally included up the CSS code in its original
> form and some 12-year-old kid just happened to stumble across this
> oversight and then he just told the world about it. The code was never
> reverse-engineered or hacked as you might say (and it never could have
> been), it was just someone's (ultimately huge) mistake that now makes it
> possible for us to rip every DVD in existence ... before that you still
> had to pay for all your DVDs.
>
>
Navigation:
[Reply to this message]
|