

Doom9 contributors break BD+ - jwilliams
http://forum.doom9.org/showthread.php?t=140571

======
tdonia
a summary of what i understood all this to mean:

bd+ uses a virtual machine built into a player to load an encryption scheme on
a per disc basis. so the folks at doom9 were able to deduce the extents of the
vm (input/output/throughput, etc) and subsequently map out the input
(encrypted instructions + disc data = input). Then, by comparing the output of
the (functioning) vm with the input, they were able extract specific keys with
which a (single) disc was encrypted. to make this applicable across many discs
that presumably do not reinvent their entire encryption scheme with every new
release, they began looking for commonalities and built a conversion table
that, up to page 17, is now being standardized into a packaged utility that
can apply to any disc that can be decoded given their table.

it's an interesting example of collaborative code breaking. as one poster said
- this would make a great movie - though the audience might be a little
smaller than the next bond and blu-ray not distribution format of choice.

~~~
tptacek
The only modification I'd make to this is, where you wrote, "deduce the extent
of the VM", I'd write, "deduce enough of the extent of the VM to play a subset
of disks". There's no evidence that Doom9 has taken a lead over Slysoft, and
even less evidence that Doom9 has a "class break" of all of BD+.

It is notable though that this is an open source effort. I'm not sure who to
cheer for. =)

------
noonespecial
Two things stuck me reading this list.

1) Wow, there are some really talented people working on cracking Blue Ray
discs. I surely wish we could channel some of that talent toward something
more productive than making a copy of "Die Hard 4".

2) The futility of the effort of those trying to copy protect the media is
even more striking than I had imaged. They just have no chance at all of ever
winning.

~~~
delackner
Fascinating to see such a massive collaborative problem solving process, and
don't worry, I am sure a lot of those posters are in their late teens through
to early twenties, learning heaps doing this highly motivating (watch movies!)
and creative thinking task.

As for the futility of protecting content, it just reinforces the impression
that the media companies are run by dinosaurs. Blu-Ray's licensing scheme is
designed not to bring hd movies to the customer in the most effective and
marketable way, but by consensus between lawyers and middlemen.

~~~
tptacek
It's hard to see how BD+ is really hurting the average Blu-Ray consumer. Most
people don't copy their DVDs. Meanwhile, all BD+ needs to do to earn its keep
is win a week or two of lead time for the most important titles.

~~~
delackner
The per-title ($3000) and per-player (not sure) licensing fees add up, as do
the fees just to put a "blu-ray" label on the disc. As does the cost of
building a player that has to be powerful enough to decode not just the HD
content (what the consumer wants) but to treat the user like a criminal (what
the studios want). Chips are not free.

~~~
tptacek
Blu Ray players cost ~$200-250. Standard def DVD players cost more when they
hit the mainstream. There are strong arguments against BD+, but this isn't one
of them.

------
tptacek
This isn't really saying much. Slysoft "broke" BD+ a while ago. Then they
"broke" it again, and "again" after that. Each time they "break" it,
Macrovision revs up the protection code and "breaks" Slysoft.

Slysoft is far ahead of Doom9 in this effort, and they get paid to do it.
There are disks today that AnyDVD still can't play.

Both Slysoft and Doom9 are emulating the BD+ VM. It is obviously possible to
emulate any instruction set architecture. The question is, can they emulate
the VM and all its (undocumented) platform features _perfectly_ , so that no
protection code can discriminate between the emulator and the real thing? So
far, the answer is "no", and therefore, so far, BD+ remains "unbroken" in the
most meaningful sense.

------
wmf
Unfortunately, the people doing the real work say very little about how they
figured it all out.

~~~
rlm
Yes, having a full description of the process would have been interesting.

~~~
litewulf
1\. Look at problem

2\. Think really hard

3\. Write down solution

(Worked for Feynman!)

