On Februrary 11th, doom9 member arnezami posted a message claiming that he had discovered the processing key for the AACS content-protection system:
Here is the Processing Key which should work on all HD DVD discs (and maybe even Blu-Ray discs) released so far: . Save it. Store it.
He discovered it by watching a movie player’s memory space as it loaded the HD-DVD for decoding. In his own words:
This gave me an idea: what I wanted to do is “record” all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. In the end I did something a little more effiecient: I used the hd dvd vuk extractor (thanks ape!) and adapted it to slow down the software player (while scanning its memory continously) and at the very moment the Media Key (which I now knew: my bottom-up approach really paid off here) was detected it halted the player. I then made a memdump with WinHex. I now had the feeling I had something.
This exploded onto Digg today, with dozens of stories containing the key cropping up. Digg then deleted all of them in response to a DMCA notice. They also appear to have deleted user accounts of those who submitted stories, clearly taking the necessity of censorship in the face of the DMCA a step too enthusiastically.
Screen from gizmodo; i was at work when this hit
- The WinDVD device key has also been discovered to be
- Download Squad calls this the 21st century revolt. Clearly I’m in.
- You can, of course, interpolate a function over this data. Question–did you overdetermine it so that we can transmit it lossily?
- I’d donate $50 for someone to get this tattooed on them
- We can make it with images (or just memorize the damn thing)
- Pirate bay torrent
- HD-DVD T-shirt
Apparently Google is overdue to stop indexing web pages which contain this information, but given that it can be distributed in so many different ways, and that it’s just a number, the whole thing is a joke of sad proportions. Is whatever that is in decimal now an illegal number?
Digg Blog Update:
Digg founder Kevin Rose has reversed his decision about censoring the AACS controversy:
But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.
If we lose, then what the hell, at least we died trying.
You can go read his insipid post yourself. Personally, it would have had a bigger impact on me if they made a decision and stuck with it. Now, can we trust them in a month not to reverse it?
All the big tech sites have an article about it. Here’s a random short selection:
- Hack Zine – HD DVD processing key found
- First AACS Blu-Ray/HD-DVD Key Revoked
- Respect! Digg’s HD-DVD key stance
- DIGG gets pwned by HD-DVD Key Fiasco
- Riot Confirms What We Knew All Along
- A number that inspired creativity
Get the T-Shirt:
There’s now a t-shirt you can order for that infamous number. Wear your nerdom proud for about 4 months and then people will just glare at you.
Update: Ars totally hits the nail on the head with their analysis of why the AACS hacks are inevitable:
The real problem with trying to create an “uncrackable” copy protection is that the media must come with the keys used to decrypt it somewhere on the device and the media itself. Hiding these keys in different places—security by obscurity—merely delays the inevitable.
Go read it in New AACS cracks cannot be revoked, says hacker.
Be careful when building in automation of any kind into your blogs or websites–it will eventually bite you in the foot! For example, today I got an email from someone concerned that her prize keywords were being violated on a page of mine. It was bizarre, and unrelated to the content of the page, but since I used WP From / Where to automatically gather keywords from search engine visitors, someone visited once on that keyword, and it stuck. Obviously I added a filter to WP From / Where to exclude this word in the future, but I also tried to reduce the overall “spamminess” of the current design.
First, the number of “related posts” at the bottom has been reduced to taking 5 from Google Blog Search, excluding MSN, whose results were spurious at best, entirely. This gives the page a better, sleeker form factor.
Second, the number of links in the sidebar to Google queries on search terms used to get to the site has been reduced on some sites from 30 to 15 or 10. I have no idea why the number was so large–I think it was just to fill out the sidebar, because the content was longer with MSN related posts included. This is much better.
Third, the meta keywords tags that my emailer was so concerned about are now generated from the post tags, so that they are intrinsic to the content, and not the keywords used to get to that post.
This is all just a stopgap measure. My next design for the blog network is radically different, and should minimize or at least localize all external material to a well-defined area of the site. There won’t be any mixing of my content and other content, so impressions of spamminess should be reduced. Rather, the idea is to enrich my content and link it together in such a way that the site adds value within itself, without the need for bringing in more value from the outside.
On my way to work I pass by Lehman Brothers, and every day its electronic sign that spans the entire front of their building seems to have one problem or another. First it was just random corruption of a few LCD displays:
Then, on September 28th and today, the 29th, we noticed that their date had stopped working and was stuck on 27:
Weird, no? I wonder when it will get fixed…