Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Piracy Software Technology

'First Pirated Ultra HD Blu-Ray Disk' Appears Online (torrentfreak.com) 260

Has AACS 2.0 encryption used to protect UHD Blu-ray discs been cracked? While the details are scarce, a cracked copy of a UHD Blu-ray disc surfaced on the HD-focused BitTorrent tracker UltraHDclub. TorrentFreak reports: The torrent in question is a copy of the Smurfs 2 film and is tagged "The Smurfs 2 (2013) 2160p UHD Blu-ray HEVC Atmos 7.1-THRONE." This suggests that AACS 2.0 may have been "cracked" although there are no further technical details provided at this point. UltraHDclub is proud of the release, though, and boasts of having the "First Ultra HD Blu-ray Disc in the NET!" Those who want to get their hands on a copy of the file have to be patient though. Provided that they have access to the private tracker, it will take a while to download the entire 53.30 GB disk. TorrentFreak reached out to both the uploader of the torrent and an admin at the site hoping to find out more, but thus far we have yet to hear back. From the details provided, the copy appears to be the real deal although not everyone agrees.
This discussion has been archived. No new comments can be posted.

'First Pirated Ultra HD Blu-Ray Disk' Appears Online

Comments Filter:
  • by quenda ( 644621 ) on Thursday May 04, 2017 @04:03AM (#54353037)

    How quaint.

    • by rsmith-mac ( 639075 ) on Thursday May 04, 2017 @04:36AM (#54353109)

      That "quaint" method is still the only method to actually receive high-quality copies of movies and TV shows. Video streaming bitrates are a joke, comparatively speaking. Everyone tries to stuff into 10-20Mbps what takes 50+. The result is banding, blocky artifacts (especially in dark scenes), and blocking with rapid action. A properly mastered Blu-Ray or UHD disc on the other hand will have none of those problems, as the overall bitrate and the peak bitrate are high enough to properly capture a scene no matter how detailed it is.

      The DRM is a pain in the rear, but for the quality I'm quite happy with my "quaint" optical media.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        This article shows that torrents are another method you stupid idiot.

        • This article shows that torrents are another method you stupid idiot.

          That doesn't count when no big media uses it. Mailing reels to your home projector is also another method but no one does that either.

      • by quenda ( 644621 ) on Thursday May 04, 2017 @05:21AM (#54353193)

        Your movie has plot holes the size of the grand canyon, and you are worried about minuscule defects in the presentation?

        • Well, you gotta draw the line somewhere...

        • Today's bad movie is tomorrow's MST3K riff. But encoding artifacts are forever.=P

          Also, artifacts can be legitimately distracting no matter the movie, especially the bad ones.

      • This torrent appears to be the actual disc itself -- .m2ts files and BDMV\STREAM directory etc. It looks like the full 72.5 Mb/s source movie at the identical quality as the retail UHD disc, minus the DRM -- you could burn this puppy back to a UHD disc and play it on your player (assuming the player will play these UHD discs without DRM), or, more likely, use your favorite software player. Or, you could use Handbrake and compress it to the bitrate and container of your choice. But it looks like the real
    • by epyT-R ( 613989 )

      Only if you consider control over your purchase 'quaint'

  • by Kid CUDA ( 3941133 ) on Thursday May 04, 2017 @04:05AM (#54353041)
    So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme.

    And their first accomplishment is to release The Smurfs 2?
    • Re: (Score:2, Troll)

      So, these guys are some of the smartest hackers / rippers on the planet. They're the first to break a widely sought-after protection scheme. And their first accomplishment is to release The Smurfs 2?

      Who trolls the trollers?

    • What's so hard about it? Such a disk is basically "a locked box with key supplied along with it". Otherwise nobody would be able to play those disks. To torrent it is basically a matter of deploying a tap somewhere in playback chain. It's utterly impossible to prevent this without making the disk unplayable. Though cracking of the scheme is a distinct possibility too. It's basically an overcomplicated layer of obfuscation, and the more complex the scheme is the more likely it would contain some mishap that
      • Re: (Score:2, Informative)

        by Anonymous Coward

        The decryption key isn't included in the disk, it must be downloaded from Internet. Yes, you need Internet connectivity to play those disks.

        • Yep because by downloading the key over the internet, it means it will never be left unencrypted and exposed in system ram at any stage.

          *facepalm*

        • Sounds broken by design. Guess I'll be skipping that one - I have no need to buy physical media that they can turn the lights out on when they get tired of supporting the format 6 years from now.

      • HDMI offers end to end encryption (HDCP) of the playback chain, or attempts to. Theoretically a player could refuse to play certain discs if the chain isn't encrypted, but in practice it's a clunky mechanism that confuses and infuriates consumers with unpredictable failures and weird error messages. And there are ways to strip HDCP from HDMI. But if they manage to properly enforce encryption and convince every manufacturer to fully comply, then you'll be hard pressed to tap into the chain. You might be able
        • One could simply modify a HDCP TV to extract deobfuscated image. From what I can tell that spec treats playback devices as black boxes expecting device manufacturers to implement such details with mere contractual obligations compelling them so. And newer tvs have full featured OSes on them that could be attacked with exploits and controlled. Not to mention it's always possible to modify the hardware if you have physical access.. Also HDCP was repeatedly broken in different ways. It's possible to even make
          • by Mashiki ( 184564 )

            One could simply modify a HDCP TV to extract deobfuscated image.

            You don't even need to do that. There are already MiTM devices that will do it for you, you can even buy them on monoprice.

          • Re:The Smurfs 2? (Score:5, Insightful)

            by dwywit ( 1109409 ) on Thursday May 04, 2017 @06:38AM (#54353389)

            Here's something to think about:

            Digital Cinema Packages (DCPs) work like this - you own a cinema, you have 1+n screens, meaning 1+n projectors. To screen most releases (very few are released unencrypted), you have to have a DCI-compliant system. Simply put, this means a server with a serial number, and projectors each with a serial number. Each projector has a decryption board inside (no software decryption here, it's all proprietary hardware, look up "enigma board"), with a serial number. Each film is delivered encrypted (either on HDD or downloaded), and a decryption key is delivered via email. The decryption key authorises *that* server to show *that* film via *that* projector from *this* date to *that* date.

            The film (data stream) is encrypted until it hits the decryption board inside the projector. So serial numbers and decryption data have to match up all the way through the delivery system until it becomes glowing light. If you take an inspection cover off the projector, it won't do squat until a tech arrives with another key to re-authorise that machine to show films. Of course it's possible to drill and cut a hole in the metal to bypass the "cover open" switch, but that's also trivial to overcome - light-sensitive switch, perhaps, requiring a dark room to defeat. But I digress.

            What part of this makes home viewing of films unworkable? IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

            The system of selling discs to consumers that will only play if a BD player has an authorised matching key (that is common across brands, and is easily accessed in RAM) is not going to last much longer. The system of encryption in DCPs is orders of magnitude more difficult and complex to defeat, but I can see it coming if the copyright lobby gets its way.

            • by gwolf ( 26339 )

              IOW it won't be long before your BD player serial number is tied to your monitor/TV serial number, and you get a one-time key when you purchase a movie on disc or download that ties it forever to *that* BD player connected to *that* monitor. So you'll be back to "pointing a camera at the screen" levels of copying.

              ...Add to this a QR-like fragment appearing on a piece of the screen (probably away from action, so it's least noticeable by us slow humans) for a frame every hundred, instructing compliant digital cameras to consider that content as illegitimate and not allow clips to be over n seconds long...

              • I wouldn't use QR.

                We I in charge, I'd use a very simple and undetectable watermark: Pick 64 points in the film, by frame number. Either duplicate the next or the previous frame on top of it. That's a 64-bit unique identifier embedded, which - as we are talking about a streaming service - can be per-customer. Then just go on the Bay a week later, download, decode, identify customer, and kick them off. Optionally set the lawyers on them.

            • Re:The Smurfs 2? (Score:5, Interesting)

              by JaredOfEuropa ( 526365 ) on Thursday May 04, 2017 @08:10AM (#54353751) Journal
              That sounds like a decent scheme for cinemas, but for home viewing it's not going to work. Unless it is deemed acceptable that my entire bluray collection is bricked when I replace my TV, or that I have to go and obtain new keys for everything in my collection. Sounds like a lot of hassle... and here I'll repeat an age old bit of wisdom regarding cumbersome DRM: many people pirate stuff not because they don't want to pay, but because pirates offer a better product: Free of DRM and ads, often in a choice of formats and bitrates suitable for playback on a variety of devices (including offline playing), available for immediate download. With DRM you are not protecting your content effectively, but you are punishing your legitimate paying customers. Hell of a way to run a business.

              Though I agree that the idea of some form of tamper proof DRM scheme for home viewing still appears to be the industry's wet dream. They really ought to take a cue from the music industry who have embraced the idea of convenience first, and in a lot of cases have agreed to do away with DRM
            • It will not be a camera that they use, somebody will custom make a large capture device that fits neatly over a particular screen, blocks out all outside light and capture the movie in it's entirety. The Screen output will be good, the capture device will be good. As long as the content has to travel as light from an emitting source, somebody will find a way to capture it at high quality.
          • "From what I can tell that spec treats playback devices as black boxes expecting device manufacturers to implement such details with mere contractual obligations compelling them so."

            Not quite. There is a revocation mechanism in HDCP: If a manufacturer doesn't properly abide by the contractual requirements regarding anti-tamper measures or the prohibition on unencrypted digital output, the consortium behind HDCP can revoke their key - which means all those already-sold TVs suddenly become useless. It's the n

        • I never understood why you couldn't just capture the encrypted key and feed it that and let it do it's thing. Surely it's going to decrypt to the same thing. The whole thing seems like an exercise in futility anyway when you can intercept the bit stream at some point or failing that point another camera at the screen.
          • I never understood why you couldn't just capture the encrypted key and feed it that and let it do it's thing.

            And that's exactly how it was done with the very few generations of movies.
            Some BlueRay player (i think WinDVD ?) stored they decryption key in an insecure memory location, and hackers used to tap there to find which key is used to decrypt a specific BlueRay.

            Movie industry noticed and revoked the keys for that player (meaning newer disc produced after that where encrypted with a selection of keys for which the player had no corresponding keys).
            Cue-in cat and mouse game, until hackers managed to find the mas

    • In their defense they thought it was a blue movie
    • by Kagato ( 116051 )

      My guess is because it doesn't have the latest generation of analog copy protection embedded in the Audio tracks. Copy protection is layered beyond what protects the disc. And for most people with 4K AV setups you're using top tier manufacturers for you playback chain. When pirated material is detected playback will stop. Even Roku honors these schemes. The extra layers of copy protection is cost money. Some content providers skip it if they think something has limited appeal.

  • by Chrisq ( 894406 ) on Thursday May 04, 2017 @04:13AM (#54353061)
    Of course the alternative to AACS 2.0 being cracked is that someone accessed the video pre-encryption. This could have been an inside job at the studio/production companies, or they could have been hacked.
    • by Aereus ( 1042228 )

      That was my first thought, given the movie title in question. Had they actually (fully?) cracked AACS 2.0, surely they would have made their first release a more appealing movie?

    • No, because that would of been pre UHD Blu-ray.
      But I am confused with why getting a movie off of UHD Blu-ray would be so hard. A protection scheme can make copying the files off it is hard, but if you can play the disk you can rip the content.

      • The question here is quality - yes, you can point a camera at the screen, or strip HDCP, or any number of other schemes and then recompress it, but you will be introducing quality loss.

        In theory, this is the original stream from the disc, in the original HEVC encoding, without the encryption, and without additional loss. If that's the case, it points squarely at defeating the encryption.

        • Yes, but what I meant was that if you had your graphics card simply re-encode the video as it played it the loses would not only be minimal, but I believe the naming scheme would allow you to simply call that UHD Blu-ray. Their is no special designation for an elegant dvd rip vs a brute force disc>streaming video>re-encode rip.

  • Have all new movies streamed on a network to a secure consumer box that can be updated as needed.
    No more disk issues. No internet, no movie. Order the movie overnight for next day playback on slow networks.
    Recall the disks and release the disk released movies on streaming services only.
  • Slashdot is broken (Score:4, Insightful)

    by Anonymous Coward on Thursday May 04, 2017 @04:56AM (#54353145)

    Slashdot is broken in multiple ways.

    The mobile site doesn't display at all in Firefox. The page source shows that content was served, but it's broken enough to not display anything at all. There are features of the desktop interface, like the sliders to change comment thresholds, that simply aren't usable for mobile users.

    On the desktop interface, links to older stories or to show all the stories on a previous day do not work at all. Instead, the front page is served up with the most recent stories.

    All of these have been broken for several hours, and there are comments about it two stories ago. If there are issues with the server, the right thing is usually to notify users that there's a problem and it's being addressed. Nothing of the sort has been posted. I can't think of any good reason to test out changes on a production site.

    If you're reading this, whipslash, this is a really bad experience for your users. Of course, you've made space to cram in more ads on comment pages, so all is well, right? Perhaps you should focus on building real value to this site instead of cramming in more ads to increase revenue in the short term. If you piss off enough users, that revenue will dry up in the longer term.

    • by TheRaven64 ( 641858 ) on Thursday May 04, 2017 @05:27AM (#54353211) Journal
      Even on the desktop, it's a horrible experience now. There's a floating user box on the right that takes up a large chunk of width (hey, idiots: I made my browser window this wide because I want to see text this wide, not because I want a quarter to be a pointless empty side bar) and on the front page you can't actually get to that box (you know, the one with messages in it) unless you scroll right to be bottom, because some idiot made it move with the page, rather than scrolling sensibly.
      • by coofercat ( 719737 ) on Thursday May 04, 2017 @06:53AM (#54353427) Homepage Journal

        Turn off your ad-blocker, then you'll see the true horror that is the New Slashdot. Honestly, sans-ad-blocker, it's so terrible it qualifies as "one of those sites that you occasionally hit on google results but you never actually read because the next result in the list doesn't have all the crap on it so is preferable".

        If I hadn't been reading slashdot for years, I probably wouldn't start now :-(

        • by stealth_finger ( 1809752 ) on Thursday May 04, 2017 @08:32AM (#54353855)
          The worst part is if you try to scoll past the ads at the top too fast. They're like WTF and chase you down the page so you have to scroll past all slow and sneaky like so they think you looked at them.
        • by Nidi62 ( 1525137 ) on Thursday May 04, 2017 @08:44AM (#54353931)
          My favorite was the one banner ad that would actually move your cursor out of the comment box while you typed, making it impossible to type more than a character or 2 at a time. Oh, yeah, and that damn tikka masala that took up half the page, scrolled, and you couldn't make go away. And every now and then on my work laptop, when using a mouse, Slashdot won't scroll when using the scroll wheel. Any other website works, just slashdot. They have ads that literally break their website and they don't care.
        • by sims 2 ( 994794 )

          I have to run the site scriptless on mobile.
          Both because the banner ad takes up half the screen and because it crashes the browser otherwise.

          I also only use "Classic Discussion System (D1)" because the new one doesn't work on mobile and D1 also happens to work without javascript.

          On desktop uBlock Origin handles it well.

          Though I also have to run google scriptless as otherwise it hides the option to view cached pages on mobile.

        • by AmiMoJo ( 196126 )

          Speaking of ad-blocking, try the following uBlock rule (may also work in AdBlock Plus, not tested):

          slashdot.org###stackcommerce-adwrap

          That gets rid of the stuff below the summary. Can't seem to fix the page width though.

          Whipslash, please fix subscriptions, I'm happy to pay for this just not with crappy UI destroying and annoying ads.

      • If you think that's bad:
        - I need to zoom once because the default text size is too small.
        - I don't have a widescreen monitor

        Result: I have 780 pixels for the comments and 430 pixels of useless blank space on the right.

      • by swell ( 195815 )

        "I made my browser window this wide because I want to see text this wide"

        Absolutely, and to make it worse- if you try to make the text bigger, the column of text shrinks; now you have even more useless white space.

        I know two solutions. One is the add-on HacktheWeb. Works on Firefox, YMMV. A couple clicks does it: Select the column you want to 'I'solate, press the letter I, and it fills the window. Optionally, you can select individual items and 'R'emove them.

        The other solution is to avoid the site and use

      • Re: (Score:3, Informative)

        by skoskav ( 1551805 )

        The CSS can be overridden to get rid of the empty space. I use an extension called Stylish with these rules for Slashdot:

        div#comments.a2commentwrap {
        margin-left: 0;
        margin-right: 0;
        }

        #comments {
        padding-right: 0;
        }

  • From the past, we've seen plenty of linkages between 'software players' being hacked (i.e. encryption keys being grabbed from RAM) and encryption hacks. Perhaps it has to do with the recent release of the first software player being able to play UHD BD on PCs?
    • by swb ( 14022 )

      I would think the hardware players would be almost easier to attack these days than approved desktop players.

  • by Eloking ( 877834 ) on Thursday May 04, 2017 @08:49AM (#54353959)

    Ok, let's be clear on something. No matters how perfect your protection is, if it's on my screen, I can record it. I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

    Now, to my point, why the pirate even bother to pirate this encoding? I mean, why would I pirate the BlueRay image full of ads and pointless menu when I can download a perfectly fine and cleaned .AVI with all the Subtitles/Audio integrated?

    Or am I missing something?

    • if it's on my screen, I can record it.

      Yes, as in "record it with a camera".

      I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

      Not exactly.
      Nowadays, the output signal is *digital* (HDMI mostly with standalone players, and HDMI mostly with computers).
      There's an encryption standard HDCP which is supposed to protect this data during its transit to the screen.

      In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an ecrypted stream that only the screen can decrypt.
      You can only use a *cam* to record the actual screen as suggested above, not the str

      • In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an e[n]crypted stream that only the screen can decrypt.
        You can only use a *cam* to record the actual screen as suggested above, not the stream itself.

        Wouldn't it be possible to take apart a screen, remove the display unit, and connect the wiring that normally goes to the display to some kind of recording device? At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.

        The ultimate analog hole.

        • At that point the data is unencrypted, as it's set to drive all the individual pixels of your display. All the recorder has to do is collect the values of those pixels and store it again for later playback.

          (NOTE: that you'll not find trace that drive all the individual pixels, but only lines and columns of a matrix, and the display is scanned.
          Also, in *active matrix*, the display doesn't directly drive the pixels, but drives active component (transistors+capacitors) in the cell which are then in charge of keeping their corresponding pixel in its desired state between scans)

          On an OLED display : yes, basically it makes 3 different type of protein fluorescent in an electric field, one for each R, G, B. You get o

      • by Eloking ( 877834 )

        if it's on my screen, I can record it.

        Yes, as in "record it with a camera".

        I can output the signal and the audio on a HD recorder and there's no protection that will protect you from that.

        Not exactly.
        Nowadays, the output signal is *digital* (HDMI mostly with standalone players, and HDMI mostly with computers).
        There's an encryption standard HDCP which is supposed to protect this data during its transit to the screen.

        In theory, you should NOT be able to directly hook-up the output to a recorder, that recorder will only see an ecrypted stream that only the screen can decrypt.
        You can only use a *cam* to record the actual screen as suggested above, not the stream itself.

        In practice, HDCP is done poorly. Its current form is cracked and can be bypassed, so the only actual real-world is not stopping pirate, but only failing in weird ways for legitimate users.

        And in actual practice : nobody gives a damn about the latest cookie-cutter soulless movie. Chances are high that I'll be too busy doing some interesting outdoor sport (or some indoor one) rather than trying to see how I could pirate a copy of Smurfs 2 (what, they even made a *second* one ?)

        While I'm nnot so surprised to learn about this encryption method, I understant that an output of a TV would still be encrypted, but the case in my mind was my computer.

        There's dozen "On Screen" recorder software. So if I can read BlueRay on my computer, what kept me from recording the screen?

    • .AVI??? I haven't seen an .avi in YEARS
  • I really wonder why they mandated new drives for the UHD BD spec, when HVEC is much smaller than H264 anyway it could easily fit on dual layer BDs...

    Systems like PS4 Pro (or even PS4 since it can do 4k at 30/24Hz) could easily play them if it weren't for the drive requirement

    • when HVEC is much smaller than H264 anyway

      Yeah but not by that *much* (though it depends on the quality of both encoders - x264 is incredibly better visually than nearly everything else).
      At least, not given the quality/bitrate that the industry has decided to use for Ultra HD (where it makes sense or if it's mostly a placebo is an entirely different can of worm).

      Also HEVC is patent minefield (and thus hardware HEVC/H265 decoding isn't as widespread as AVC/H264), so perhaps they also want to keep a door open for content producers that can only affor

  • It is displayed on a screen? so just framegrab this. Your BD player is plugged via HDMI to your TV, all the DHCP stuff is handled there and it's ok, there in the TV the signal is converted to LVDS and there is a big flat ribbon that goes to the LCD matrix. Just here, insert a smal PCB that have a t-con in (and t-con out if you want to see what you will grab), on the PCB there is an FPGA and enough RAM to have 2 frames in memory (~16MB for 1080p), every clock time export the last frame to a PC via a pci-expr

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...