It’s hacked, but will it be sacked?

New copy-protection scheme grapples with first attack

Muslix64 may become the “DVD Jon” of the hi-def era.

That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs.

His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) and a starring role on a U.S. witness stand in the first major court test of the Digital Millennium Copyright Act.

It also made Johansen a digerati folk-hero.

Now comes Muslix64, who on Jan. 2, became the first to publish instructions for circumventing AACS, the supposedly unbreakable copy-protection used on HD DVD and Blu-ray discs.

By Jan. 13, the first pirated HD DVD, Universal’s “Serenity,” was posted online.

At least on a surface level, this appeared to be devastating news to the studios, some of which saw the development of next-generation hi-def discs as a way to fix the copy-protection problems they’d long grappled with on standard-def DVD.

“We got screwed on DVD,” noted one studio official back in 2002 during the preliminary meetings that led to the development of the Blu-ray format.

Since Muslix64’s first posting, AACS decryption keys have been uncovered for nearly 100 pics using Muslix64’s cheat, with the results published on the Internet for all to use.

Besides “Serenity,” that’s led to a few other hi-def movies showing up on peer-to-peer networks, although how many people are actually downloading the massive computer files — which take up about 20 gigabytes — is unknown.

A mam or a sir?

Finding a way around AACS actually took the hackers less time than it took to crack CSS, leading many on the Doom9.net forum (and other places where hackers gather online) to liken Muslix64’s work to that of the legendary DVD Jon.

Muslix64 himself, in his only published interview, was more modest in his claims.

“I really respect the work of DVD Jon and his friends,” the hacker told Slyck.com. “They do more than me. They had to reverse a cipher! I didn’t have to reverse anything. So technically speaking, it was easier to bypass AACS than CSS.”

Whether his (or her) exploits will earn Muslix64 the same sort of legal attention it earned Johansen remains to be seen.

Michael Ayers, a spokesman for the AACS Licensing Authority, says the group does not yet know who Muslix64 is or where in the world this person is based. But he would not rule out taking legal action against the code cracker if he or she is successfuly tracked down.

“We have a variety of legal and technical steps we can take,” Ayers says. “One step could be an effort to find out legally who he is and to bring charges against him.”

Just how serious a breach Muslix64’s work represents remains a matter of debate within the industry.

“I guarantee you there are much better (pirated standard-def) versions of our movies available on the Internet,” says Universal homevid exec VP Ken Graffeo, noting that some of the illicit HD DVD movies have been “full of chops” and are difficult to play.

Besides, Graffeo adds, unlike the copy protection found on standard-def DVDs, AACS is designed as a fluid system that can be updated and patched.

Locks and keys

According to Ayers, the basic encryption algorithm used in AACS remains unbroken.

AACS is a multilayered system. Blu-ray and HD DVD players are issued a set of digital keys, and individual movie titles are issued their own discreet keys, too. When the disc is inserted, the player uses its device keys to decrypt the title key, then uses the title key to decrypt the movie for playback.

After the industry’s experience with DVDs, where cracking the encryption left all discs vulnerable to ripping, AACS was designed to recover from just the sort of attack mounted by Muslix64.

Once the type of player used in an attack is identified, its device keys can be “revoked,” and discs pressed afterwards can be set not to give up their title keys to those players.

How quickly the system can be made to respond, however, is one of the questions being posed by the Muslix64 attack.

In the nearly six weeks since Musilix64 posted his or her work-around, no official action has been taken by AACS, apart from confirming the breach.

Officials for InterVideo — the company that made the hacker’s DVD playback software — say they’ve taken “voluntary steps” to address the problem, but they haven’t explained what those steps are.

Simply revoking the device keys could end up disabling the players of consumers who have done nothing wrong.

“There are a lot of steps that have to happen,” Ayers says. “You have to confirm what happened, you have to identify the player involved, then you have to design a response that will work and test that response. All of that takes time.”

Paul Sweeting edits Variety’s new sister Web site, Content Agenda.