You will be redirected back to your article in seconds

It’s hacked, but will it be sacked?

New copy-protection scheme grapples with first attack

Muslix64 may become the “DVD Jon” of the hi-def era.

That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs.

His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) and a starring role on a U.S. witness stand in the first major court test of the Digital Millennium Copyright Act.

It also made Johansen a digerati folk-hero.

Now comes Muslix64, who on Jan. 2, became the first to publish instructions for circumventing AACS, the supposedly unbreakable copy-protection used on HD DVD and Blu-ray discs.

By Jan. 13, the first pirated HD DVD, Universal’s “Serenity,” was posted online.

At least on a surface level, this appeared to be devastating news to the studios, some of which saw the development of next-generation hi-def discs as a way to fix the copy-protection problems they’d long grappled with on standard-def DVD.

“We got screwed on DVD,” noted one studio official back in 2002 during the preliminary meetings that led to the development of the Blu-ray format.

Since Muslix64’s first posting, AACS decryption keys have been uncovered for nearly 100 pics using Muslix64’s cheat, with the results published on the Internet for all to use.

Besides “Serenity,” that’s led to a few other hi-def movies showing up on peer-to-peer networks, although how many people are actually downloading the massive computer files — which take up about 20 gigabytes — is unknown.

A mam or a sir?

Finding a way around AACS actually took the hackers less time than it took to crack CSS, leading many on the Doom9.net forum (and other places where hackers gather online) to liken Muslix64’s work to that of the legendary DVD Jon.

Muslix64 himself, in his only published interview, was more modest in his claims.

“I really respect the work of DVD Jon and his friends,” the hacker told Slyck.com. “They do more than me. They had to reverse a cipher! I didn’t have to reverse anything. So technically speaking, it was easier to bypass AACS than CSS.”

Whether his (or her) exploits will earn Muslix64 the same sort of legal attention it earned Johansen remains to be seen.

Michael Ayers, a spokesman for the AACS Licensing Authority, says the group does not yet know who Muslix64 is or where in the world this person is based. But he would not rule out taking legal action against the code cracker if he or she is successfuly tracked down.

“We have a variety of legal and technical steps we can take,” Ayers says. “One step could be an effort to find out legally who he is and to bring charges against him.”

Just how serious a breach Muslix64’s work represents remains a matter of debate within the industry.

“I guarantee you there are much better (pirated standard-def) versions of our movies available on the Internet,” says Universal homevid exec VP Ken Graffeo, noting that some of the illicit HD DVD movies have been “full of chops” and are difficult to play.

Besides, Graffeo adds, unlike the copy protection found on standard-def DVDs, AACS is designed as a fluid system that can be updated and patched.

Locks and keys

According to Ayers, the basic encryption algorithm used in AACS remains unbroken.

AACS is a multilayered system. Blu-ray and HD DVD players are issued a set of digital keys, and individual movie titles are issued their own discreet keys, too. When the disc is inserted, the player uses its device keys to decrypt the title key, then uses the title key to decrypt the movie for playback.

After the industry’s experience with DVDs, where cracking the encryption left all discs vulnerable to ripping, AACS was designed to recover from just the sort of attack mounted by Muslix64.

Once the type of player used in an attack is identified, its device keys can be “revoked,” and discs pressed afterwards can be set not to give up their title keys to those players.

How quickly the system can be made to respond, however, is one of the questions being posed by the Muslix64 attack.

In the nearly six weeks since Musilix64 posted his or her work-around, no official action has been taken by AACS, apart from confirming the breach.

Officials for InterVideo — the company that made the hacker’s DVD playback software — say they’ve taken “voluntary steps” to address the problem, but they haven’t explained what those steps are.

Simply revoking the device keys could end up disabling the players of consumers who have done nothing wrong.

“There are a lot of steps that have to happen,” Ayers says. “You have to confirm what happened, you have to identify the player involved, then you have to design a response that will work and test that response. All of that takes time.”

Paul Sweeting edits Variety’s new sister Web site, Content Agenda.

More Scene

  • Jeremy Piven69th Primetime Emmy Awards, Arrivals,

    Jeremy Piven Hosts Benefit for Domestic Violence Survivors, Caitlyn Jenner Honored

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

  • Jon M. Chu, Director, Constance Wu,

    Jon M. Chu on Directing 'Crazy Rich Asians' Sequel: 'We Still Have to Close My Deal on It'

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

  • Jeff Bridges'Bad Times at the El

    Jeff Bridges Approves of a 'Big Lebowski' Remake: 'If I Was in It'

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

  • 'Milk Bar' Founder Christina Tosi Previews

    Milk Bar Founder Christina Tosi on Opening in L.A. and Whether She'll Do a Cooking Show

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

  • Taraji P. HensonTaraji's Boutique of Hope

    Taraji P. Henson Opens Up About Seeking Mental Health Treatment

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

  • Channing Tatum on Taking Time Off,

    Channing Tatum Says He's Ready to Get Back to Work After Quiet Year

    Muslix64 may become the “DVD Jon” of the hi-def era. That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs. His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) […]

More From Our Brands

Access exclusive content