'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.

Physical distribution media?

[quenda]

How quaint.

Re:Physical distribution media?

[rsmith-mac]

That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.

The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.

Re:

[Anonymous Coward]

This article shows that torrents are another method you stupid idiot.

Re:

[thewolfkin]

This article shows that torrents are another method you stupid idiot.

That doesn't count when no big media uses it. Mailing reels to your home projector is also another method but no one does that either.

Re:

[Hognoxious]

It's Smurfs 2. What else could you possibly want?

Re:

[RubberDogBone]

It's Smurfs 2. What else could you possibly want?

What could I WANT?

Gargamel to finally eradicate all of those damn Smurfs! Is that a bit much to ask? Perhaps so.

Re:

[BitterOak]

(Score: +5, Insightful)

To each his own, but I don't tend to mod up posts which end with "you stupid idiot" in response to a perfectly reasonable post.

Re:Physical distribution media?

[quenda]

Your movie has plot holes the size of the grand canyon, and you are worried about minuscule defects in the presentation?

Re:

[DontBeAMoran]

Well, you gotta draw the line somewhere...

Re:

[rsmith-mac]

Today's bad movie is tomorrow's MST3K riff. But encoding artifacts are forever.=P

Also, artifacts can be legitimately distracting no matter the movie, especially the bad ones.

This is the disc -- NOT a compressed .mkv or .mp4

[PeeAitchPee]

This torrent appears to be the actual disc itself -- .m2ts files and BDMV\STREAM directory etc. It looks like the full 72.5 Mb/s source movie at the identical quality as the retail UHD disc, minus the DRM -- you could burn this puppy back to a UHD disc and play it on your player (assuming the player will play these UHD discs without DRM), or, more likely, use your favorite software player. Or, you could use Handbrake and compress it to the bitrate and container of your choice. But it looks like the real

Re:

[Anonymous Coward]

Well, if such high quality isn't needed then why bother with 4k at all?
UltraHD raison d'etre is that there's people that care about quality... and the quality of a streamed 4k is a far cry from the real deal. No need for cinema sized screens, just a 55" screen and reasonably good eyesight.

Re:

[gwolf]

If you "just" need a 55" screen, you have focused on a very very very very very narrow proportion of people. If you add to it the need to have a good sight, you have halved-or-worse the number. I would not expect more than 1% of the public qualifies.
So, yes, why bother?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

While I seriously doubt I could tell the difference between a 4K and 720P movie from my couch to where my current 50" TV is, I don't think 55" TVs are as rare as you think they are. Somewhere between 50 and 55" seems to be the median TV size when I enter Best Buy or Walmart these days.

it's hard to cheaply find good statistics on this sort of thing but it looks like the median size is somewhere from 40-55 inches, but definitely skewed towards the 40s. I for one bought a 52" positively ages ago, and it's still humming along. Literally, I think it's power supply noise.

Re:

[MachineShedFred]

'good eyesight' in this context also includes anyone wearing corrective lenses, as there is no reason not to if you have them, they are properly fitted, and not broken. It's not like we're talking about useless stereoscopic "3D" here where anyone that wears glasses is instantly annoyed.

I guess some people just like to argue though.

Re:

[bill_mcgonigle]

Why do you need such high quality? At that point it seems like it is all in the mind

All vision is ultimately in the mind and 4K is well within the bounds of human vision but more important than the resolution is the improvement in color gamut with this generation. Blu-Ray, for instance, cannot encode all the information captured by a RED camera or a scan of a good 70mm film.

Every time a new format comes out people always ask why the old one wasn't good enough. This will last until people can't tell the di

Met an audiophile? It'll last longer than that

[raymorris]

> This will last until people can't tell the difference between a format's video and their natural vision.

I predict it'll last much longer than that. Consider the audiophile scene. People spend hundreds, even thousands of dollars on simple cables for digital, when it can be easily proven that any non-cable will deliver bit-for-bit identical data. They insist on clearly reproducing frequencies four times as high as they can hear.

Re:

[AmiMoJo]

In both the case of audio and video, often the limitation is the listening/viewing environment. The extra colour and dynamic range with 4k, and even more so with 8k is really nice, but to get much out of it you need a dimly lit room and a TV capable of reproducing it.

Similarly with audio you need a dedicated room and to then sit in the sweet spot while listening. A nice compromise is a good set of headphones. I've got some really expensive ones, complete with high end amp, DAC and the rest, but actually mor

the "cinephile" equivalent of audiophiles.

[DrYak]

The extra colour and dynamic range with 4k, and even more so with 8k is really nice, but to get much out of it you need a dimly lit room and a TV capable of reproducing it.
Similarly with audio you need a dedicated room and to then sit in the sweet spot while listening.

Huh... nope. 8k and 10bits colour isn't the equivalent to 200$ monster digital cables and 192kHz sample rate.

- Ears have some physiological limits due to how physics work (your ears can hear very approx in the 20-20'000Hz range. your body can also feel vibrations in the 1-100Hz. There's no receptor in a human body capable of reacting to 90kHz).
- Physics of digital signals, and a whole bunch of signal processing science (e.g.: error correction) means that in the digital world, sometime a bit is just a bit, n

And only 4,000Hz for a 45 year old man

[raymorris]

- Ears have some physiological limits due to how physics work (your ears can hear very approx in the 20-20'000Hz range.

And that's optimistic, for a young person. At the age when people have money for this stuff, a 45 year old man can generally hear up to about 4,000 Hz or so. Maybe barely hear 8,000 if they are lucky. So this 45,000Hz stuff is just plain stupid.

Re:

[MachineShedFred]

That's mostly a consequence of applying old information to new technologies. In an analog world, the quality of the interconnect matters. With digital, it's just a matter of having an interconnect that gets a good enough margin on the signal-to-noise ratio, and you let the DAC do the rest.

The "audiophile scene" is made up of a distribution of people that includes about 3 to 5 percent that actually know what they are talking about and doing, usually from a background of being an audio or electrical enginee

Re:Physical distribution media?

[Bob the Super Hamste]

Hell 4k can't even encode all of the data in good 35mm film. I speak as someone, a dedicated amateur photographer, who owns a nice film scanner and took the time to master it as well as the camera and lenses I own so take that at what it is worth.

Using good quality 35mm film with good high quality lenses with multiple scans of a frame [petapixel.com] one can approach the claimed resolution of the scanner (10,000DPI) which after some cropping of the image stack produces an image of around 130 megapixels at 16 bits per channel of color depth of which there is about 80 mega pixels of data there. While I do upscale the images I always down scale them back as the scanner is diffraction limited [cambridgeincolour.com] below its output resolution so I use super resolution to work around that and get as much actual information there as I can.

In theory if I had a scanner that had better resolution (very difficult to find) and really took the time to setup a shot in a perfect environment (no movement, perfect focus) and had lenses that were perfectly sharp at wide open aperture of f/1.4 (I don't) I could get close to 400 megapixels but likely only out of B&W film but this is just theory. Going up to 120 or 70mm film and you are now looking at single frames that have 400-500 megapixels of actual data in normal circumstances.

Re:

[Bob the Super Hamste]

I still shoot film mostly because I like film and to replace what I have with digital of comparable quality would require spending well over $10,000 which pays for a lot of film and film processing. That is the problem with having an old entirely manual camera where I would have to replace not only the chassis but also all of the lenses, and most of the accessories. I am scanning in all of my old stuff, which is a lot, and I had forgotten that I have taken some really nice photos, as well as a good amount o

Re:

[stealth_finger]

Yeah, people wanting to run a cinema in their home is like totally unheard of.

Hmm, if only there were a display method that could scale up without losing quality, Maybe something to project a smaller image onto a larger surface. We could even call it a projector.

Re:

[zlives]

a designed theater for HD can render the image without additional scaling that may add pixelation. both the projectors available NOW and the screens can render a image well enough that the added benefit of larger screen makes a tremendous difference in the experience.

Personally i ended up with a 9k lumen 4k projector (says infinite contrast... whatever) because kids don't like sitting in the dark and eating and feeding them with lights on. side by side with my samsung led, the blue ray video (split by my re

Re:

[sexconker]

Even if you had a perfect black, even ignoring black body radiation, it wouldn't be an infinite contrast ratio. It would be undefined. Division by zero is undefined.

Re:

[epyT-R]

Only if you consider control over your purchase 'quaint'

Re:

[quenda]

engaged in a licensing battle with Lame Streaming, Inc. and they've pulled the licensing for all of their titles.

Ha! Almost as annoying as when my grandkids scratch the DVDs.
You know they can deauthorise they key for you BD player? Or your TV.
There *are* alternatives, you know. Its not just live streaming or coasters.

While you were doing all that I was watching my Blu-ray movie.

While you were watching unskippable adverts and studio propaganda, I was watching my movie. And if Netflix or my ISP goes down, I have a couple of terrabytes library in the home server.

Re:

[quenda]

What trailers?

The Smurfs 2?

[Kid CUDA]

So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme.

And their first accomplishment is to release The Smurfs 2?

Re:

[stealth_finger]

So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme. And their first accomplishment is to release The Smurfs 2?

Who trolls the trollers?

Re:

[loonycyborg]

What's so hard about it? Such a disk is basically "a locked box with key supplied along with it". Otherwise nobody would be able to play those disks. To torrent it is basically a matter of deploying a tap somewhere in playback chain. It's utterly impossible to prevent this without making the disk unplayable. Though cracking of the scheme is a distinct possibility too. It's basically an overcomplicated layer of obfuscation, and the more complex the scheme is the more likely it would contain some mishap that

Re:

[Anonymous Coward]

The decryption key isn't included in the disk, it must be downloaded from Internet. Yes, you need Internet connectivity to play those disks.

Re:

[cheater512]

Yep because by downloading the key over the internet, it means it will never be left unencrypted and exposed in system ram at any stage.

*facepalm*

Re:

[MachineShedFred]

Sounds broken by design. Guess I'll be skipping that one - I have no need to buy physical media that they can turn the lights out on when they get tired of supporting the format 6 years from now.

Re:

[JaredOfEuropa]

HDMI offers end to end encryption (HDCP) of the playback chain, or attempts to. Theoretically a player could refuse to play certain discs if the chain isn't encrypted, but in practice it's a clunky mechanism that confuses and infuriates consumers with unpredictable failures and weird error messages. And there are ways to strip HDCP from HDMI. But if they manage to properly enforce encryption and convince every manufacturer to fully comply, then you'll be hard pressed to tap into the chain. You might be able

Re:

[loonycyborg]

One could simply modify a HDCP TV to extract deobfuscated image. From what I can tell that spec treats playback devices as black boxes expecting device manufacturers to implement such details with mere contractual obligations compelling them so. And newer tvs have full featured OSes on them that could be attacked with exploits and controlled. Not to mention it's always possible to modify the hardware if you have physical access.. Also HDCP was repeatedly broken in different ways. It's possible to even make

Re:

[Mashiki]

One could simply modify a HDCP TV to extract deobfuscated image.

You don't even need to do that. There are already MiTM devices that will do it for you, you can even buy them on monoprice.

Re:The Smurfs 2?

[dwywit]

Here's something to think about:

Digital Cinema Packages (DCPs) work like this - you own a cinema, you have 1+n screens, meaning 1+n projectors. To screen most releases (very few are released unencrypted), you have to have a DCI-compliant system. Simply put, this means a server with a serial number, and projectors each with a serial number. Each projector has a decryption board inside (no software decryption here, it's all proprietary hardware, look up "enigma board"), with a serial number. Each film is delivered encrypted (either on HDD or downloaded), and a decryption key is delivered via email. The decryption key authorises *that* server to show *that* film via *that* projector from *this* date to *that* date.

The film (data stream) is encrypted until it hits the decryption board inside the projector. So serial numbers and decryption data have to match up all the way through the delivery system until it becomes glowing light. If you take an inspection cover off the projector, it won't do squat until a tech arrives with another key to re-authorise that machine to show films. Of course it's possible to drill and cut a hole in the metal to bypass the "cover open" switch, but that's also trivial to overcome - light-sensitive switch, perhaps, requiring a dark room to defeat. But I digress.

What part of this makes home viewing of films unworkable? IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

The system of selling discs to consumers that will only play if a BD player has an authorised matching key (that is common across brands, and is easily accessed in RAM) is not going to last much longer. The system of encryption in DCPs is orders of magnitude more difficult and complex to defeat, but I can see it coming if the copyright lobby gets its way.

Re:

[gwolf]

IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

...Add to this a QR-like fragment appearing on a piece of the screen (probably away from action, so it's least noticeable by us slow humans) for a frame every hundred, instructing compliant digital cameras to consider that content as illegitimate and not allow clips to be over n seconds long...

Re:

[SuricouRaven]

I wouldn't use QR.

We I in charge, I'd use a very simple and undetectable watermark: Pick 64 points in the film, by frame number. Either duplicate the next or the previous frame on top of it. That's a 64-bit unique identifier embedded, which - as we are talking about a streaming service - can be per-customer. Then just go on the Bay a week later, download, decode, identify customer, and kick them off. Optionally set the lawyers on them.

Re:The Smurfs 2?

[JaredOfEuropa]

That sounds like a decent scheme for cinemas, but for home viewing it's not going to work. Unless it is deemed acceptable that my entire bluray collection is bricked when I replace my TV, or that I have to go and obtain new keys for everything in my collection. Sounds like a lot of hassle... and here I'll repeat an age old bit of wisdom regarding cumbersome DRM: many people pirate stuff not because they don't want to pay, but because pirates offer a better product: Free of DRM and ads, often in a choice of formats and bitrates suitable for playback on a variety of devices (including offline playing), available for immediate download. With DRM you are not protecting your content effectively, but you are punishing your legitimate paying customers. Hell of a way to run a business.

Though I agree that the idea of some form of tamper proof DRM scheme for home viewing still appears to be the industry's wet dream. They really ought to take a cue from the music industry who have embraced the idea of convenience first, and in a lot of cases have agreed to do away with DRM

Re:

[Danathar]

It will not be a camera that they use, somebody will custom make a large capture device that fits neatly over a particular screen, blocks out all outside light and capture the movie in it's entirety. The Screen output will be good, the capture device will be good. As long as the content has to travel as light from an emitting source, somebody will find a way to capture it at high quality.

Re:

[MachineShedFred]

You know that DVD is encrypted too [wikipedia.org], right?

Re:

[SuricouRaven]

DVD's are 'encrypted.' CSS is basically a lesson in how not do do crypto. It's so throughly cracked, you can buy novelty tshirts with the (very short) decryption algorithm on.

Re:

[SuricouRaven]

"From what I can tell that spec treats playback devices as black boxes expecting device manufacturers to implement such details with mere contractual obligations compelling them so."

Not quite. There is a revocation mechanism in HDCP: If a manufacturer doesn't properly abide by the contractual requirements regarding anti-tamper measures or the prohibition on unencrypted digital output, the consortium behind HDCP can revoke their key - which means all those already-sold TVs suddenly become useless. It's the n

Re:

[stealth_finger]

I never understood why you couldn't just capture the encrypted key and feed it that and let it do it's thing. Surely it's going to decrypt to the same thing. The whole thing seems like an exercise in futility anyway when you can intercept the bit stream at some point or failing that point another camera at the screen.

AACS 1 and Bluray and DeAACS

[DrYak]

I never understood why you couldn't just capture the encrypted key and feed it that and let it do it's thing.

And that's exactly how it was done with the very few generations of movies.
Some BlueRay player (i think WinDVD ?) stored they decryption key in an insecure memory location, and hackers used to tap there to find which key is used to decrypt a specific BlueRay.

Movie industry noticed and revoked the keys for that player (meaning newer disc produced after that where encrypted with a selection of keys for which the player had no corresponding keys).
Cue-in cat and mouse game, until hackers managed to find the mas

Re:

[Big Hairy Ian]

In their defense they thought it was a blue movie

Re:

[Kagato]

My guess is because it doesn't have the latest generation of analog copy protection embedded in the Audio tracks. Copy protection is layered beyond what protects the disc. And for most people with 4K AV setups you're using top tier manufacturers for you playback chain. When pirated material is detected playback will stop. Even Roku honors these schemes. The extra layers of copy protection is cost money. Some content providers skip it if they think something has limited appeal.

Re:

[MachineShedFred]

The movie may have been from 2013, but the UHD BluRay format was released in 2016. The age of the content on the disc has very little to do with the format and encryption standards used by the disc.

Example: would a UHD BluRay release of Casablanca be encryption free, because the movie was released in 1942? Could they even do it, knowing that the content predates digital technology of any form? How does it already exist on DVD and BluRay?!!

Alternative to AACS 2.0 being cracked

[Chrisq]

Of course the alternative to AACS 2.0 being cracked is that someone accessed the video pre-encryption. This could have been an inside job at the studio/production companies, or they could have been hacked.

Re:

[Aereus]

That was my first thought, given the movie title in question. Had they actually (fully?) cracked AACS 2.0, surely they would have made their first release a more appealing movie?

Re:

[wisnoskij]

No, because that would of been pre UHD Blu-ray.
But I am confused with why getting a movie off of UHD Blu-ray would be so hard. A protection scheme can make copying the files off it is hard, but if you can play the disk you can rip the content.

Re:

[MachineShedFred]

The question here is quality - yes, you can point a camera at the screen, or strip HDCP, or any number of other schemes and then recompress it, but you will be introducing quality loss.

In theory, this is the original stream from the disc, in the original HEVC encoding, without the encryption, and without additional loss. If that's the case, it points squarely at defeating the encryption.

Re:

[wisnoskij]

Yes, but what I meant was that if you had your graphics card simply re-encode the video as it played it the loses would not only be minimal, but I believe the naming scheme would allow you to simply call that UHD Blu-ray. Their is no special designation for an elegant dvd rip vs a brute force disc>streaming video>re-encode rip.

To solve this

[AHuxley]

Have all new movies streamed on a network to a secure consumer box that can be updated as needed.
No more disk issues. No internet, no movie. Order the movie overnight for next day playback on slow networks.
Recall the disks and release the disk released movies on streaming services only.

Re:

[Z00L00K]

Ever heard of HDCP [wikipedia.org]?

Of course - that can also be cracked.

Slashdot is broken

[Anonymous Coward]

Slashdot is broken in multiple ways.

The mobile site doesn't display at all in Firefox. The page source shows that content was served, but it's broken enough to not display anything at all. There are features of the desktop interface, like the sliders to change comment thresholds, that simply aren't usable for mobile users.

On the desktop interface, links to older stories or to show all the stories on a previous day do not work at all. Instead, the front page is served up with the most recent stories.

All of these have been broken for several hours, and there are comments about it two stories ago. If there are issues with the server, the right thing is usually to notify users that there's a problem and it's being addressed. Nothing of the sort has been posted. I can't think of any good reason to test out changes on a production site.

If you're reading this, whipslash, this is a really bad experience for your users. Of course, you've made space to cram in more ads on comment pages, so all is well, right? Perhaps you should focus on building real value to this site instead of cramming in more ads to increase revenue in the short term. If you piss off enough users, that revenue will dry up in the longer term.

Re:Slashdot is broken

[TheRaven64]

Even on the desktop, it's a horrible experience now. There's a floating user box on the right that takes up a large chunk of width (hey, idiots: I made my browser window this wide because I want to see text this wide, not because I want a quarter to be a pointless empty side bar) and on the front page you can't actually get to that box (you know, the one with messages in it) unless you scroll right to be bottom, because some idiot made it move with the page, rather than scrolling sensibly.

Re:Slashdot is broken

[coofercat]

Turn off your ad-blocker, then you'll see the true horror that is the New Slashdot. Honestly, sans-ad-blocker, it's so terrible it qualifies as "one of those sites that you occasionally hit on google results but you never actually read because the next result in the list doesn't have all the crap on it so is preferable".

If I hadn't been reading slashdot for years, I probably wouldn't start now :-(

Re:Slashdot is broken

[stealth_finger]

The worst part is if you try to scoll past the ads at the top too fast. They're like WTF and chase you down the page so you have to scroll past all slow and sneaky like so they think you looked at them.

Re:Slashdot is broken

[Nidi62]

My favorite was the one banner ad that would actually move your cursor out of the comment box while you typed, making it impossible to type more than a character or 2 at a time. Oh, yeah, and that damn tikka masala that took up half the page, scrolled, and you couldn't make go away. And every now and then on my work laptop, when using a mouse, Slashdot won't scroll when using the scroll wheel. Any other website works, just slashdot. They have ads that literally break their website and they don't care.

Re:

[sims 2]

I have to run the site scriptless on mobile.
Both because the banner ad takes up half the screen and because it crashes the browser otherwise.

I also only use "Classic Discussion System (D1)" because the new one doesn't work on mobile and D1 also happens to work without javascript.

On desktop uBlock Origin handles it well.

Though I also have to run google scriptless as otherwise it hides the option to view cached pages on mobile.

Re:

[AmiMoJo]

Speaking of ad-blocking, try the following uBlock rule (may also work in AdBlock Plus, not tested):

slashdot.org###stackcommerce-adwrap

That gets rid of the stuff below the summary. Can't seem to fix the page width though.

Whipslash, please fix subscriptions, I'm happy to pay for this just not with crappy UI destroying and annoying ads.

Re:

[DontBeAMoran]

If you think that's bad:
- I need to zoom once because the default text size is too small.
- I don't have a widescreen monitor

Result: I have 780 pixels for the comments and 430 pixels of useless blank space on the right.

Re:

[swell]

"I made my browser window this wide because I want to see text this wide"

Absolutely, and to make it worse- if you try to make the text bigger, the column of text shrinks; now you have even more useless white space.

I know two solutions. One is the add-on HacktheWeb. Works on Firefox, YMMV. A couple clicks does it: Select the column you want to 'I'solate, press the letter I, and it fills the window. Optionally, you can select individual items and 'R'emove them.

The other solution is to avoid the site and use

Re:

[skoskav]

The CSS can be overridden to get rid of the empty space. I use an extension called Stylish with these rules for Slashdot:

div#comments.a2commentwrap {
margin-left: 0;
margin-right: 0;
}

#comments {
padding-right: 0;
}

Re:

[TheRaven64]

I can't tell if you're trolling, or if that actually does work for you. When I click on it, the radio button stays pressed for a few seconds then jumps back to the D2 option.

Re:

[DontBeAMoran]

Similar problem for me, I try to set my comments threshold at score:-1 and it just defaults back to score:0.

PowerDVD 17 hack?

[CanEHdian]

From the past, we've seen plenty of linkages between 'software players' being hacked (i.e. encryption keys being grabbed from RAM) and encryption hacks. Perhaps it has to do with the recent release of the first software player being able to play UHD BD on PCs?

Re:

[swb]

I would think the hardware players would be almost easier to attack these days than approved desktop players.

Why the pirate even bother about this?

[Eloking]

Ok, let's be clear on something. No matters how perfect your protection is, if it's on my screen, I can record it. I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

Now, to my point, why the pirate even bother to pirate this encoding? I mean, why would I pirate the BlueRay image full of ads and pointless menu when I can download a perfectly fine and cleaned .AVI with all the Subtitles/Audio integrated?

Or am I missing something?

Not exactly

[DrYak]

if it's on my screen, I can record it.

Yes, as in "record it with a camera".

I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

Not exactly.
Nowadays, the output signal is *digital* (HDMI mostly with standalone players, and HDMI mostly with computers).
There's an encryption standard HDCP which is supposed to protect this data during its transit to the screen.

In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an ecrypted stream that only the screen can decrypt.
You can only use a *cam* to record the actual screen as suggested above, not the str

Re:

[wvmarle]

In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an e[n]crypted stream that only the screen can decrypt.
You can only use a *cam* to record the actual screen as suggested above, not the stream itself.

Wouldn't it be possible to take apart a screen, remove the display unit, and connect the wiring that normally goes to the display to some kind of recording device? At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.

The ultimate analog hole.

Modern LCD

[DrYak]

At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.

(NOTE: that you'll not find trace that drive all the individual pixels, but only lines and columns of a matrix, and the display is scanned.
Also, in *active matrix*, the display doesn't directly drive the pixels, but drives active component (transistors+capacitors) in the cell which are then in charge of keeping their corresponding pixel in its desired state between scans)

On an OLED display : yes, basically it makes 3 different type of protein fluorescent in an electric field, one for each R, G, B. You get o

Re:

[Eloking]

if it's on my screen, I can record it.

Yes, as in "record it with a camera".

I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

Not exactly.
Nowadays, the output signal is *digital* (HDMI mostly with standalone players, and HDMI mostly with computers).
There's an encryption standard HDCP which is supposed to protect this data during its transit to the screen.

In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an ecrypted stream that only the screen can decrypt.
You can only use a *cam* to record the actual screen as suggested above, not the stream itself.

In practice, HDCP is done poorly. Its current form is cracked and can be bypassed, so the only actual real-world is not stopping pirate, but only failing in weird ways for legitimate users.

And in actual practice : nobody gives a damn about the latest cookie-cutter soulless movie. Chances are high that I'll be too busy doing some interesting outdoor sport (or some indoor one) rather than trying to see how I could pirate a copy of Smurfs 2 (what, they even made a *second* one ?)

While I'm nnot so surprised to learn about this encryption method, I understant that an output of a TV would still be encrypted, but the case in my mind was my computer.

There's dozen "On Screen" recorder software. So if I can read BlueRay on my computer, what kept me from recording the screen?

Re:

[Danathar]

.AVI??? I haven't seen an .avi in YEARS

50GB

[HalAtWork]

I really wonder why they mandated new drives for the UHD BD spec, when HVEC is much smaller than H264 anyway it could easily fit on dual layer BDs...

Systems like PS4 Pro (or even PS4 since it can do 4k at 30/24Hz) could easily play them if it weren't for the drive requirement

Fitting *53GB*

[DrYak]

when HVEC is much smaller than H264 anyway

Yeah but not by that *much* (though it depends on the quality of both encoders - x264 is incredibly better visually than nearly everything else).
At least, not given the quality/bitrate that the industry has decided to use for Ultra HD (where it makes sense or if it's mostly a placebo is an entirely different can of worm).

Also HEVC is patent minefield (and thus hardware HEVC/H265 decoding isn't as widespread as AVC/H264), so perhaps they also want to keep a door open for content producers that can only affor

no need to decrypt it

[Frederic54]

It is displayed on a screen? so just framegrab this. Your BD player is plugged via HDMI to your TV, all the DHCP stuff is handled there and it's ok, there in the TV the signal is converted to LVDS and there is a big flat ribbon that goes to the LCD matrix. Just here, insert a smal PCB that have a t-con in (and t-con out if you want to see what you will grab), on the PCB there is an FPGA and enough RAM to have 2 frames in memory (~16MB for 1080p), every clock time export the last frame to a PC via a pci-expr

Re:

[JustNiz]

Its bad to assume that most TVs in fact use LVDS internally.

Re:

[loufoque]

Surely you're joking?
It takes 15 hours on a typical connection.

Re:

[thegarbz]

That assumes you dedicate 100% of your bandwidth to that for 100% of the time. It also assumes everyone stays at work and the internet doesn't go to shit in the afternoon which is what typically happens. It's quite sad that through government squabbling Australia has spent billions on a national broadband network that moved it from the 30th fastest internet in the world to around the 60th.

Re:

[dwywit]

Lucky I'm still on ADSL2+, then.

6.6 Mbps and proud of it.

Not.

Re:

[DontBeAMoran]

Given that 60 is twice as many as 30, you must be twice as happy as before!

Re:

[thegarbz]

I left for a country that isn't run by incompetent children. I'm far happier. I now have a 500/50 connection completely unlimited and I am paying $20/month less for it.

Re:

[DontBeAMoran]

A 500/50 connection for cheaper? I know it's not Canada.

Re:

[stealth_finger]

I left for a country that isn't run by incompetent children.

LIAR! No such place exists. They might have better internet in some places but they're all run by incompetent children...and that's if you're lucky.

Re:

[fibonacci8]

How is South Korea treating you?

Re:

[wisnoskij]

Rural Canada checking is.
It would take me a month and a few days because we only get 50 GB a month, and that is because I pay to double the normal plan.

Re:

[Pikoro]

I think you mean, "That's smurfing hilarious."

Re:

[ravenshrike]

Clearly he meant "Of all the smurfs they could smurf to smurf, they smurfed Smurfs 2. That's smurf."

Re:Broken encryption model...

[ledow]

I'm afraid you don't understand encryption at all.

And this *isn't* encryption of data, so much as (attempted) encryption of transit.

Any encryption method, you can openly publish the decryption method and hardware. If you can't, it's no good.

What you *CAN'T* publish are the decryption keys. If you publish these, you are an idiot. CSS, AACS, etc. and pretty much all DRM schemes mis-use transport encryption by giving you the keys too, in some convoluted fashion. They are able to revoke keys, they are able to issue keys to manufacturers, but they are giving decryption keys to you. That's the problem, not the decryption device or decryption method.

Any encryption that cannot survive a known-plaintext attack is useless in the modern era. It's as simple as that. That's not how encryption has worked since the days of the Caesar cipher - even Enigma wasn't really that vulnerable to that because working out the key-settings for a known plaintext was computationally infeasible for the time. Don't believe every line in The Imitation Game ("Heil Hitler! Turns out that's the only German you need to know to break the code!").

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key. Which you can revoke. But which millions of people share.

The reason for this is that otherwise you have to give every viewer a unique decryption key and give them unique copies of their disc, and encrypt data on-the-fly to them (because you can't store 6 billion differently-encrypted copies of the movie). And that just means that one guy has one key, and if he doesn't care about that key being later revoked, he can decrypt his own personal copy and problem solved.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

But if you have an encryption scheme where you cannot publish the algorithm, or encrypted known plain-texts, you are very much back in the 60's (e.g. "Modern ciphers such as Advanced Encryption Standard are not currently known to be susceptible to known-plaintext attacks.")

Re:Broken encryption model...

[swillden]

So, no, what the problem is is not the encryption. It's the intended use. You give EVERY DEVICE MANUFACTURER a decryption key.

Yeah, I'm sure that what's happened here is that someone extracted a device key and used it to decrypt the movie. I'm shocked that this is the first time it's been done. Actually, I doubt that it is.

Which you can revoke. But which millions of people share.

Actually, no. AACS provides a unique set of decryption keys to every individual device. Not model, but individual piece of hardware. Through a complicated (and rather cool, actually) sequence of derivations, every device can derive the keys needed for each disk, but if a player's keys are found to be compromised they can be revoked, and that player will be unable to decrypt any disks made in the future.

AACS was a little bit more complicated, with all kinds of virtual machines checking state, and things like keys that were generically derivable if you have enough device keys (which means that nobody can trace who actually broke it or blacklist them).

Again, no. AACS includes a traitor tracing scheme. I don't know if it's actually in use (but if we start seeing lots of UHD torrents, you can bet they'll start using it), but it allows the identification of the specific device that decrypted a movie, from the decrypted video stream. The way this works is that they encrypt some portions of the video twice, with keys chosen so that any given device can only decrypt one of the two copies. Then they apply different digital watermarks to each of the duplicate blocks. With n duplicated blocks they examine the decrypted output and identify which of 2^n devices decrypted.

But those are security-by-obscurity and inherent flaws of using encryption as DRM instead of its intended use.

True, but AACS gets about as close as you can get, I think, to a secure DRM solution that doesn't include a real-time, two-way negotiation.

Where it breaks down is that because "revocation" only affects future movies, an attacker who extracts the keys from a device on May 4, 2017 can use those keys to decrypt every Blu-Ray Disk pressed before that date (actually, probably before that date plus a few months). In addition, Blu-Ray players are dirt cheap. At the low end, they cost about the same as a disk. Given a cheap way to extract the key from one, it would be perfectly feasible to buy a new player for each movie you want to decrypt. But you don't even have to do that. Buy one per month and you can decrypt all the movies that come out -- at least until the AACS LA realizes that one model of player can be cheaply broken and pushes the manufacturer to tighten security to make it harder. They can make you work hard to keep up with changes in their security-by-obscurity.

Except they can't win that way, either. The trick is to break a set of devices and get all of their keys. Then identify the traitor tracing blocks in a movie and decrypt them with multiple players' keys, so you end up with both copies of many of the blocks. Then, when you construct the output to publish, choose among the traitor tracing blocks so that your output is different from any of the individual devices that you've broken. Examination of the published stream may finger some device in the world, but it will definitely not finger any of the ones you broke. You may cause some random individual's player to stop working (on future movies), but your keys will stay good.

At the end of the day, DRM is always breakable, because you have to distribute the keys. But it can be made pretty hard, and AACS is an incredibly good scheme, given the context in which it has to operate.

Re:

[DontBeAMoran]

53.30GB?! How many 1.44MB floppies is that?

Re:

[bigdady92]

That's like Terraquads of GigaRAM for sure!

Re:

[DontBeAMoran]

1h45m = 105 minutes = 6300 seconds / 37903 = 0.16621375616706 second per floppy.

Re:

[green1]

As proven by this case, that doesn't work. They pirated Smurfs 2 of all things!