Has The Grinch Hacked HD DVD's Copy Protection?
By Shane C. Buettner December 31, 2006 — The Grinch came to steal HD DVD's Christmas a little late this year, as the Internet lit up late last week with the news that a hacker calling him/herself "muslix64" had cracked HD DVD's AACS copy protection with an apparently self-written Java-based utility called "BackupHDDVD." Stories over the 'Net calimed that muslix64 had successfully used the utility to move copies of Warner's Full Metal Jacket (one of the worst looking HD DVDs released so far) and Universal's Van Helsing to his/her hard drive. On top of that, muslix64 released the code to this utility, inviting others to take a crack (pun intended) at copying their own HD DVDs.

This announcement has, of course, been met with much gnashing of teeth everywhere, including the immediate supposition that Blu-ray might be cracked next since it too uses AACS. When saner heads reminded people that while Blu-ray uses AACS it also includes its own proprietary layer of security called BD+, the assumptions then started in that the studios supporting HD DVD would dump the format and exclusively support Blu-ray for its added security.

In reality, it's still not entirely clear just what BackupHDDVD accomplishes or how. According to reports, muslix64 used Microsoft's HD DVD external drive for the Xbox360 plugged into his/her PC via USB on conjunction with Cyberlink's PowerDVD software-based player program (the more cynical among us would insert jokes about Microsoft being involved in yet another security compromise, but we'll refrain in this corner). According to the reports on the web, it appears that the decryption keys for the HD DVD titles were ripped from the PowerDVD player's memory by BackupHDDVD and tehn used to drop the unencrypted HD DVD movie files onto the hacker's hard drive. It's unclear if these keys could be similarly exposed by other players or if this exposure is limited to just PowerDVD, or even PowerDVD combined with this particular piece of hardware.

On top of that, even if this is revealed as a true crack in the AACS system, AACS was actually designed to handle threats exactly like this one. All players (hardware and software based) and individual software titles have their own unique decryption keys. But once a hack is detected the keys can be changed in mid-production, limiting the exposure to current copies of titles in the marketplace.

A player boots up an HD DVD title and reads the decryption keys in a process Toshiba's Mark Knox once related to me as being akin to the players reading the "most wanted" posters at the Post Office. Paraphrasing loosely, once a title(s) is hacked the decryption keys are changed, and new discs include keys with identifiers for the player(s) involved in the hack. When new software is played on an offending player the check of the keys identifies the player and doesn't allow playback of new discs on compromised units.

So, the mysterious case of the BackupHDDVD utility is still unfolding, and we're certain to learn more in the days and weeks ahead about just how successful this hack reallly is and what it will mean to law abiding HD DVD citizens like you and me. But I would add that AACS is designed to not only make hacking difficult, but to react on the fly once breached. It seems we're about to find out just how good it is at accomplishing this.