We reported yesterday that the Advanced Access Content System (AACS) copy protection scheme found on HD DVD was broken by a hacker named “muslix64″ over at Doom9. As expected, many media and technology companies decided to investigate whether this truly was a case of AACS being cracked and if it was, whether it would be as damaging as DeCSS was to DVDs. After some investigative work, many are stating that AACS wasn’t really hacked or compromised. If anything was compromised, it was the Cyberlink PowerDVD application that “muslix64″ used.

According to Chris Lanier’s posting, the key (and problem) to “muslix64’s” backup software is that it needs the HD DVD’s title key in order to decrypt the movie. The title keys themselves are encrypted and are unique per movie. His software application didn’t actually have a way to get the title keys. Instead, muslix64 got the title keys by using PowerDVD to play back the HD DVDs and them performing a memory dump of the application software. PowerDVD leaves the title key unecrypted while in memory so as a result, muslix64 was able to get the title keys necessary to decrypt the movie.

So why is this not as severe as DeCSS was? Well first off - obtaining the title key isn’t a trivial task for the everday joe schmoe user. Secondly - even if a title key is compromised, it’s just one key unique to that movie. If a title key is found to be compromised, AACS has the ability to revoke these compromised keys. How does your HD DVD player get this list of compromised keys? Via future HD DVD releases! According to InternetNews.com, revocation information can be placed on future releases of HD DVD titles. Once the title is placed into a player for the first time, the player’s memory is updated with the new revocation information. The compromised HD DVD title will then no longer be playable.

Check out Chris Lanier’s blog entry and the InternetNews posting for additional info.

[Check it out]

Technorati Tags: , ,