• PC World
• »Security

The recent release of software that can be used to decode encrypted HD DVD and Blu-ray movies is the first step toward making the encryption standard used by these next-generation video players obsolete, Princeton University researchers said Monday.

Late last month, a hacker going by the name Muslix64 released software that could be used to decrypt movies that were encoded using the AACS (Advanced Access Content System) digital rights management specification. AACS is supported by Hollywood and video player manufacturers.

Introduced in April 2005, AACS is the copy protection system for HD DVD and Blu-ray movies. It is supported by companies such as Microsoft, Panasonic, Sony, Toshiba, Walt Disney and Warner Bros.

Arms Race

Muslix64's BackupHDDVD software did not crack AACS, but it will make it easier for some technically adept users to decrypt movies, said Alex Halderman, a Princeton computer science student who, along with noted researcher Ed Felten, is calling the software "the first step in the meltdown of AACS."

AACS devices use cryptographic techniques to read numeric codes, called 'keys,' from video discs. These keys are then used to unlock the digital content, making it readable on the player. Muslix64's software does not give users a way to discover these keys, but it does provide a way to descramble content once the key is uncovered.

"This is the framework through which the arms race is going to be fought," Halderman said. "They don't have the ammunition yet, but this is the gun."

All You Need Is The Key

AACS is supposed to work better than the CSS (content scrambling system) encryption system used to protect DVDs from unauthorized copying. CSS was cracked just a few years after its release by three hackers, including a 16-year-old Norwegian named Jon Johansen.

Unlike CSS, however, the AACS system gives movie companies a way of "revoking keys"--changing new movies so that these keys cannot be read on video players that have been cracked.

This system gives Hollywood a way of protecting new releases, but it only works if hackers publicize their work and disclose which player has been cracked. And even with key revocation, nothing can be done to prevent disks whose keys have already been published from being unlocked, Halderman said.

"What the future looks like to us is that some individuals will have cracks that they don't publish and which Hollywood is unable to revoke," he said. "Other people will have cracks that they do publish, and which will work for all old disks."

Trouble For Hollywood?

This scenario may not be so bad for the movie studios, so long as they are able to prevent widespread illegal distribution of their products and keep movies from being widely available while they are still being shown in theatres, said Mike McGuire, an analyst with Gartner Inc. "If they can preserve the existing [theatrical] release windows, then they're probably going to feel reasonably comfortable," he said.

Still, Halderman believes it's only a matter of time before the keys that can be used with BackupHDDVD become public and Hollywood will be faced with unauthorized copying of AACS-protected material. "There's just no doubt that title keys are going to become available at some point in the near future," he said.