BackupHDDVD
Encyclopedia
BackupHDDVD is a small computer software
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....

 utility program available in command line and GUI
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...

 versions which aids in the decryption
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

 of commercial HD DVD
HD DVD
HD DVD is a discontinued high-density optical disc format for storing data and high-definition video.Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format...

 discs protected by the Advanced Access Content System
Advanced Access Content System
The Advanced Access Content System is a standard for content distribution and digital rights management, intended to restrict access to and copying of the "next generation" of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the...

. It is used to back up
Backup
In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. The verb form is back up in two words, whereas the noun is backup....

 discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...

 was posted online, but no licence information was given.

Written by an anonymous programmer using the handle
User (computing)
A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...

 Muslix64, BackupHDDVD is distributed with none of the cryptographic keys necessary for decryption. Users wanting to use the software to decrypt a protected disc's contents must obtain the appropriate keys separately, a task with which neither the original author nor his or her versions of BackupHDDVD assist.

BackupHDDVD represented the first known successful attack against AACS. The utility circumvents content protection by decrypting video files directly with AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...

, the underling cryptographic cipher used by AACS. Using this technique, BackupHDDVD is able to completely bypass the AACS chain of trust, rendering it immune to revocation. The cost of this immunity is that users are forced to rely on keys leaking from commercial player software to use BackupHDDVD with new discs.

History

According to the creator of BackupHDDVD, he or she first set out to circumvent AACS to bypass a restriction in software HD DVD players which reduced the quality of AACS restricted 1080p
1080p
1080p is the shorthand identification for a set of HDTV high-definition video modes that are characterized by 1080 horizontal lines of resolution and progressive scan, meaning the image is not interlaced as is the case with the 1080i display standard....

 high definition
High-definition video
High-definition video or HD video refers to any video system of higher resolution than standard-definition video, and most commonly involves display resolutions of 1,280×720 pixels or 1,920×1,080 pixels...

 video to that of standard definition DVD video or refused to play outright unless an HDCP compliant chain of video hardware was present. At the time only a few computer monitors and video card
Video card
A video card, Graphics Card, or Graphics adapter is an expansion card which generates output images to a display. Most video cards offer various functions such as accelerated rendering of 3D scenes and 2D graphics, MPEG-2/MPEG-4 decoding, TV output, or the ability to connect multiple monitors...

s supported HDCP. As a result, configurations that would have allowed high-definition HD DVD viewing in software players were exceptionally rare.

On December 18, 2006, a video which showed BackupHDDVD being used to decrypt and copy the film Full Metal Jacket
Full Metal Jacket
Full Metal Jacket is a 1987 war film produced and directed by Stanley Kubrick. It is an adaptation of the 1979 novel The Short-Timers by Gustav Hasford and stars Matthew Modine, Vincent D'Onofrio, R. Lee Ermey, Arliss Howard and Adam Baldwin. The film follows a platoon of U.S...

to a hard drive was uploaded to YouTube
YouTube
YouTube is a video-sharing website, created by three former PayPal employees in February 2005, on which users can upload, view and share videos....

. Two days after the video was uploaded, the initial version of the utility along with its source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...

 and documentation was uploaded to a file hosting service. A link to the file was then posted by the utility's creator on the forums of Doom9
Doom9
Doom9 is a website featuring information on digital audio and video manipulation, mostly video, and digital copyrights. It is also the forum username of the author of the page, an Austrian then college student at the time of the creation of the site...

, a website devoted to DVD backup. The utility's documentation, along with the forum post, contained little information as to how necessary keys could be obtained. The author elaborated in another forum post, claiming that keys could be obtained by exploiting the necessity for them to be held in memory
Ram
-Animals:*Ram, an uncastrated male sheep*Ram cichlid, a species of freshwater fish endemic to Colombia and Venezuela-Military:*Battering ram*Ramming, a military tactic in which one vehicle runs into another...

 to allow playback in player software.

On January 2, 2007, the author posted the 1.0 version of the BackupHDDVD utility, which included support for the decoding of discs using volume keys. For several weeks following the utility's release no success using the author's key extraction technique was reported. In mid-January 2007, a volume key was published by another member of the Doom9 forum along with an explanation of the technique used to obtain it. Other forum members quickly discovered keys for different titles. Keys for many discs are now readily available on the internet.

Further development of BackupHDDVD was being hosted on SourceForge
SourceForge
SourceForge Enterprise Edition is a collaborative revision control and software development management system. It provides a front-end to a range of software development lifecycle services and integrates with a number of free software / open source software applications .While originally itself...

 until the site received a DMCA takedown notice alleging a violation in late February. In compliance with the notice, the project was immediately removed. Several versions of BackupHDDVD have been released by individuals other than the original author, including some versions with GUIs and the ability to locate keys on the internet or scan for them in memory automatically. HDDecrypter, a port of BackupHDDVD to C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....

 with a native Windows GUI is also available. This version supports multiple CPU threads and runs faster than its Java counterparts. While development of BackupHDDVD has ceased, a commercial HD DVD decryption utility called Slysoft
SlySoft
SlySoft Inc. is a software company located in St. John's, Antigua and Barbuda. Its products consist of software to back up and convert digital media, including CDs, DVDs, HD DVDs, and Blu-ray Discs, as well as copy and back up optical media and render PC-based games playable without the...

 AnyDVD HD exists which relies on compromised AACS processing or media keys
AACS encryption key controversy
A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing demand letters to websites publishing a 128-bit number, represented in hexadecimal as 09 F9 11...

 to allow for the backup or unrestricted viewing of any AACS-protected discs without the need for title or volume keys.

Background


The AACS Licensing Authority (LA) assigns a series of 253 unique cryptographic keys to device manufacturers. When an AACS protected disc is manufactured, a series of up to 64 keys called title keys are generated and the video content on the disc is encrypted using these keys. The title keys are stored on the disc and themselves encrypted with another key called the volume unique key. The volume unique key for any disc can be calculated by all authorized devices using another key called a processing key, which is derived from a media key block stored on each disc. Authorized devices use one or more of the manufacturer's assigned device keys to decrypt the media key block, yielding a processing key and enabling further decryption of the volume and title keys, and finally the content.

If a device key is to be revoked, the media key blocks on all discs manufactured after the time of revocation are encrypted in a way which does not enable the revoked device to obtain a valid processing key. Users trying to view new content on a revoked player would be forced to upgrade their player software to a more secure version, thereby limiting the scope of the compromise each time an exploit is discovered. While a compromised device or processing key could be used to decrypt a large number of discs, BackupHDDVD does not use these keys because they can be revoked by AACS LA. Because the AACS revocation system works by preventing a given device or player from calculating a valid volume unique key, BackupHDDVD circumvents the system entirely by relying on volume or title keys leaked from authorized players. With these keys BackupHDDVD is not subject to device revocation and is able to decrypt the content directly, bypassing the key exchange and verification process.

Features and limitations

Users must have either found decryption keys themselves or obtained them elsewhere for most versions of BackupHDDVD to work. The utility reads a text file containing volume or title keys and attempts to find a set of corresponding keys for the inserted disc. Through a standard AES library, it then decrypts each video file on the disc using the appropriate keys and writes the results to a location specified by the user. Direct file decryption allows the utility's functionality to remain unaffected by device key revocation and its performance unencumbered with AACS overhead.

Originally intended to be a proof of concept
Proof of concept
A proof of concept or a proof of principle is a realization of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory that has the potential of being used...

, BackupHDDVD is severely limited in its ability to produce fully functional copies of commercial discs. Early versions were unable to properly decrypt discs which used the in-movie experience technology. New versions work around this limitation by excluding interactive content from decrypted copies. The utility cannot process HD DVD navigation functionality which enables menus, chapters, secondary audio tracks and subtitles, so these features are inaccessible in copies created by BackupHDDVD. Most versions provide no validation for keys and will still attempt to decrypt a disc's contents with an incorrect key, resulting in corrupt files.

Legality

Under United States anti-circumvention law created by the Digital Millennium Copyright Act
Digital Millennium Copyright Act
The Digital Millennium Copyright Act is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization . It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to...

, BackupHDDVD may qualify as a device primarily intended to "circumvent a technological measure that effectively controls access to a [protected] work." If identified as such, it would be illegal to use or distribute. Because DMCA laws do not affect interpreted fair use provisions in U.S. copyright law, the utility is exempt from anti-circumvention provisions if used for cryptography or interoperability research, or in the making of a backup copy for personal use.

Reaction

Reaction to the utility by Doom9 forum members, blog
Blog
A blog is a type of website or part of a website supposed to be updated with new content from time to time. Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in...

gers, and mainstream media has ranged from supportive to intensely hostile. By some, the circumvention of AACS was seen as a reaffirmation of fair use. Others felt that the utility was no more than a piracy tool and would bring about group punishment against consumers in the form of player revocation. One article compared proponents of BackupHDDVD to terrorists. When the release of the tool was first publicized, several articles claimed that AACS had been cracked. In fact no cryptographic weaknesses constituting a crack have yet been found in AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...

, the underlying cryptographic system of AACS. Keys are actually obtained through a side-channel attack.

Initially, it was thought that the compromise of HD DVD's security would entice some studios into adopting the competing Blu-Ray format, but Blu-Ray's AACS implementation has since been circumvented using a similar method. However, Blu-Ray offers an additional layer of protection called BD+
BD+
BD+ is a component of the Blu-ray Disc Digital Rights Management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept...

.

There was some speculation that the player used by the utility's author to obtain keys would be revoked
Certificate revocation list
In the operation of some cryptosystems, usually public key infrastructures , a certificate revocation list is a list of certificates that have been revoked, and therefore should not be relied upon.-Revocation States:There are two different states of revocation defined in RFC 3280:* Revoked: A...

. Cyberlink
CyberLink
CyberLink is a digital entertainment and multimedia products software corporation. CyberLink's 2008 revenue was $140 million with market capitalization of $420 million. Cyberlink's headquarters are based in Taipei, Taiwan with worldwide offices in Fremont, USA; Tokyo, Japan; and the Netherlands...

, which sells the PowerDVD player software, was quick to deny that its software could be used to obtain keys. Corel
Corel
Corel Corporation from the abbreviation is a computer software company headquartered in Ottawa, Ontario, that specializes in graphics processing, similar to Adobe Systems...

 was silent about the role its WinDVD
WinDVD
WinDVD is a commercial video player and music player software for Microsoft Windows. It enables the viewing of DVD-Video movies on the user's PC. DVD-Video backups stored on hard disk can also be played...

software had played in the leaking of volume and title keys. Both companies have since released updates for their player software.

The consortium behind the HD DVD format and the studios delivering films on the format did not release an official statement beyond that they were investigating the utility. On January 24, 2007 AACS LA issued a statement acknowledging that AACS security had been compromised while urging software vendors to limit the availability of keys in memory. Beginning with discs manufactured in late April, versions of PowerDVD and WinDVD responsible for leaking keys have been revoked and free updates are available to owners of affected versions.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK