On Februrary 11th, doom9 member arnezami posted a message claiming that he had discovered the processing key for the AACS content-protection system:
Here is the Processing Key which should work on all HD DVD discs (and maybe even Blu-Ray discs) released so far:
. Save it. Store it.
. Save it. Store it.He discovered it by watching a movie player’s memory space as it loaded the HD-DVD for decoding. In his own words:
This gave me an idea: what I wanted to do is “record” all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. In the end I did something a little more effiecient: I used the hd dvd vuk extractor (thanks ape!) and adapted it to slow down the software player (while scanning its memory continously) and at the very moment the Media Key (which I now knew: my bottom-up approach really paid off here) was detected it halted the player. I then made a memdump with WinHex. I now had the feeling I had something.
This exploded onto Digg today, with dozens of stories containing the key cropping up. Digg then deleted all of them in response to a DMCA notice. They also appear to have deleted user accounts of those who submitted stories, clearly taking the necessity of censorship in the face of the DMCA a step too enthusiastically.
Screen from gizmodo; i was at work when this hit
Appendix:
- The WinDVD device key has also been discovered to be
![magic-win.jpg]()
- Download Squad calls this the 21st century revolt. Clearly I’m in.
- You can, of course, interpolate a function over this data. Question–did you overdetermine it so that we can transmit it lossily?
- I’d donate $50 for someone to get this tattooed on them
- We can make it with images (or just memorize the damn thing)
- Pirate bay torrent
- HD-DVD T-shirt
Apparently Google is overdue to stop indexing web pages which contain this information, but given that it can be distributed in so many different ways, and that it’s just a number, the whole thing is a joke of sad proportions. Is whatever that is in decimal now an illegal number?
Digg Blog Update:
Digg founder Kevin Rose has reversed his decision about censoring the AACS controversy:
In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.
But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.
If we lose, then what the hell, at least we died trying.
You can go read his insipid post yourself. Personally, it would have had a bigger impact on me if they made a decision and stuck with it. Now, can we trust them in a month not to reverse it?
The aftermath:
All the big tech sites have an article about it. Here’s a random short selection:
- Hack Zine – HD DVD processing key found
- First AACS Blu-Ray/HD-DVD Key Revoked
- Respect! Digg’s HD-DVD key stance
- DIGG gets pwned by HD-DVD Key Fiasco
- Riot Confirms What We Knew All Along
- A number that inspired creativity
Get the T-Shirt:
There’s now a t-shirt you can order for that infamous number. Wear your nerdom proud for about 4 months and then people will just glare at you.
Update: Ars totally hits the nail on the head with their analysis of why the AACS hacks are inevitable:
The real problem with trying to create an “uncrackable” copy protection is that the media must come with the keys used to decrypt it somewhere on the device and the media itself. Hiding these keys in different places—security by obscurity—merely delays the inevitable.
Go read it in New AACS cracks cannot be revoked, says hacker.