Although there’s been much debate during the last few weeks whether a cracker using the name Muslix64 had successfully broken AACS copy protection on HD DVD discs would bear out, the feat appears to be legitimate: in a brief statement, AACS LA has confirmed that AACS title keys have been successfully ferretted out, distributed via the Internet, and used to decode protected high-definition movie content. AACS spokesperson Michael Ayers described the crack as having “sobering possibilities,” but described its impact as limited at the moment, in part due to the limited HD content available on the market and the current impracticality of sharing mammoth high-definition video files via the Internet.
The AACS describes the attack as “limited to the compromise of specific implementations” in “one or more players sold by AACS licensees” rather than a fundamental flaw in the AACS system itself. In other words, the AACS claims the compromise comes from specific vendors failing to implement the AACS system in a secure manner.
Various industry watchers and technical reviewers how have examined Muslix64’s attack, however, have consistently noted the AACS specifications do not seem to cover the vector by which Muslix64 compromised the AACS system—finding unencrypted copies of title keys in the memory used by software-based HD DVD players.
Although the AACS has been mum on how it will combat the threat, saying only it would use both “technical and legal measures to deal with attacks such as this one.” In theory the AACS could revoke keys to software players known to have been compromised, limiting the discovery of new title keys as new HD content is released by studios. However, there doesn’t appear to be a simple mechanism by which the AACS can prevent this sort of attack: as soon as this hole is plugged, programmers will start using the same memory profiling techniques to look for another—and, at some point during a software player’s operation, an unencrypted title key must exist, even if only very briefly.
