It’s hacked, but will it be sacked?

New copy-protection scheme grapples with first attack

Muslix64 may become the “DVD Jon” of the hi-def era.

That would be Jon Johansen, the then-16-year-old Norwegian hacker who in 1998 was the first to publish DeCSS, a few lines of computer code that effectively circumvented the copy-protection on DVDs.

His exploits earned him two criminal prosecutions in Norway (he was acquitted both times) and a starring role on a U.S. witness stand in the first major court test of the Digital Millennium Copyright Act.

It also made Johansen a digerati folk-hero.

Now comes Muslix64, who on Jan. 2, became the first to publish instructions for circumventing AACS, the supposedly unbreakable copy-protection used on HD DVD and Blu-ray discs.

By Jan. 13, the first pirated HD DVD, Universal’s “Serenity,” was posted online.

At least on a surface level, this appeared to be devastating news to the studios, some of which saw the development of next-generation hi-def discs as a way to fix the copy-protection problems they’d long grappled with on standard-def DVD.

“We got screwed on DVD,” noted one studio official back in 2002 during the preliminary meetings that led to the development of the Blu-ray format.

Since Muslix64’s first posting, AACS decryption keys have been uncovered for nearly 100 pics using Muslix64’s cheat, with the results published on the Internet for all to use.

Besides “Serenity,” that’s led to a few other hi-def movies showing up on peer-to-peer networks, although how many people are actually downloading the massive computer files — which take up about 20 gigabytes — is unknown.

A mam or a sir?

Finding a way around AACS actually took the hackers less time than it took to crack CSS, leading many on the Doom9.net forum (and other places where hackers gather online) to liken Muslix64’s work to that of the legendary DVD Jon.

Muslix64 himself, in his only published interview, was more modest in his claims.

“I really respect the work of DVD Jon and his friends,” the hacker told Slyck.com. “They do more than me. They had to reverse a cipher! I didn’t have to reverse anything. So technically speaking, it was easier to bypass AACS than CSS.”

Whether his (or her) exploits will earn Muslix64 the same sort of legal attention it earned Johansen remains to be seen.

Michael Ayers, a spokesman for the AACS Licensing Authority, says the group does not yet know who Muslix64 is or where in the world this person is based. But he would not rule out taking legal action against the code cracker if he or she is successfuly tracked down.

“We have a variety of legal and technical steps we can take,” Ayers says. “One step could be an effort to find out legally who he is and to bring charges against him.”

Just how serious a breach Muslix64’s work represents remains a matter of debate within the industry.

“I guarantee you there are much better (pirated standard-def) versions of our movies available on the Internet,” says Universal homevid exec VP Ken Graffeo, noting that some of the illicit HD DVD movies have been “full of chops” and are difficult to play.

Besides, Graffeo adds, unlike the copy protection found on standard-def DVDs, AACS is designed as a fluid system that can be updated and patched.

Locks and keys

According to Ayers, the basic encryption algorithm used in AACS remains unbroken.

AACS is a multilayered system. Blu-ray and HD DVD players are issued a set of digital keys, and individual movie titles are issued their own discreet keys, too. When the disc is inserted, the player uses its device keys to decrypt the title key, then uses the title key to decrypt the movie for playback.

After the industry’s experience with DVDs, where cracking the encryption left all discs vulnerable to ripping, AACS was designed to recover from just the sort of attack mounted by Muslix64.

Once the type of player used in an attack is identified, its device keys can be “revoked,” and discs pressed afterwards can be set not to give up their title keys to those players.

How quickly the system can be made to respond, however, is one of the questions being posed by the Muslix64 attack.

In the nearly six weeks since Musilix64 posted his or her work-around, no official action has been taken by AACS, apart from confirming the breach.

Officials for InterVideo — the company that made the hacker’s DVD playback software — say they’ve taken “voluntary steps” to address the problem, but they haven’t explained what those steps are.

Simply revoking the device keys could end up disabling the players of consumers who have done nothing wrong.

“There are a lot of steps that have to happen,” Ayers says. “You have to confirm what happened, you have to identify the player involved, then you have to design a response that will work and test that response. All of that takes time.”

Paul Sweeting edits Variety’s new sister Web site, Content Agenda.

More Scene

  • Dwayne Johnson Idris Elba

    Dwayne Johnson: Idris Elba Nixed 'Black James Bond' Joke in 'Hobbs & Shaw'

    In the “Fast & Furious Presents Hobbs & Shaw,” the movie’s villain Brixton, played by Idris Elba, spreads his arms out wide and declares “I’m black Superman.” It turns out that might not have been the original line. Dwayne Johnson tells Variety that Elba was first asked to proclaim he’s “black James Bond,” but the [...]

  • Matteo BocelliAmerican Icon Awards Gala, Inside,

    Top Music Manager Calls Out American Icon Awards for Failing to Pay Talent

    The centuries-old adage no good deed goes unpunished is a common refrain for star music manager Scott Rodger of late. Rodger, who represents Paul McCartney and Andrea Bocelli at Maverick, says his client Matteo Bocelli, the son of the opera star, was stiffed out of promised expense reimbursement by the American Icon Awards. The event, [...]

  • Mary Bailey Steve D'Angelo, Jim Belushi

    Cannabis Industry Tackles Justice Reform With 'Last Prisoner Project'

    Jim Belushi is standing two feet away in the backyard of his spacious Brentwood home, honking a harp like he’s a Blues Brother back in sweet home Chicago accompanied by noted reggae band Rebelution’s Eric Rachmany and Kyle Ahern, who provide a 12-bar shuffle. There’s the sweet smell of skunk – and success — hanging [...]

  • Dwayne Wade holds up the legend

    Dwyane Wade, Megan Rapinoe Win Big at 2019 Nickelodeon Kids' Choice Sports Awards

    The 2019 Nickelodeon Kids’ Choice Sports Awards was filled with incredible athletes, inspiring moments and — of course — a massive amount of slime. “I love the kids. I love the slime. I loved the games. I love seeing celebrities and athletes like become kids again. And it’s like my favorite thing,” Michael Strahan told [...]

  • Dave Bautista and Kumail Nanjiani

    Dave Bautista Talks Representation in Hollywood and Defying Stereotypes with 'Stuber'

    Dave Bautista and Kumail Nanjiani make an unlikely duo in “Stuber,” an R-rated comedy about a police officer and his Uber driver. But the two connected over the rare chance to star in the film as actors of Asian descent (Baustia is half-Filipino and Nanjiani is Pakistani). “I’ve been stereotyped for a couple different reasons [...]

  • Skin

    How Jamie Bell Transformed Into a Neo-Nazi for 'Skin'

    Anyone who still associates British actor Jamie Bell with his breakout role as a young boy who dreams of becoming a ballet dancer will quickly forget all about “Billy Elliot” after seeing “Skin,” which screened at ArcLight Hollywood on Thursday night. “I was shocked,” the film’s writer-director, Guy Nattiv, told Variety of his leading man’s [...]

More From Our Brands

Access exclusive content