DVD Piracy: It Can Be Done
by Andy Patrizio
1:20 p.m. 1.Nov.1999 PST
The worst fear of movie studios has been realized: DVD movie encryption has been broken.
A utility called DeCSS is currently floating around on the Net that will read a DVD movie disc and save the file on a hard disk, minus the encryption. All that's required is a DVD-ROM drive -- since CD-ROM drives can't read the 4.7GB DVD movie discs -- and a lot of disc space. The faster the CPU, the faster it will process the file. It takes around 10 minutes to process a .VOB file on a 500MHz Pentium III.
--------------------------------------------------------------------------------
Catch the buzz in Digital Hollywood
Read more about Gadgets and Gizmos
--------------------------------------------------------------------------------
The hack opens up illicit online trading of DVD movies, although minus DVD-ROM's interactive elements and outstanding audio/visual quality.
The utility, written by two European programmers requesting anonymity, uses DVD playback code found in software-based DVD playback utilities, like WinDVD, ATI DVD from ATI Technologies, and XingDVD. Every player has a DVD copy protection decoder for playback, just like the hardware decoder in DVD players from Toshiba, Sony, and other consumer electronics devices.
One programmer who examined DeCSS said the utility emulates that same playback code. But instead of displaying the video and audio to screen, it simply saves it back to the disk without encryption, since there is no encryption in playback. "The bottom line is, if you have a decoder, it has to execute somewhere. And that's always been the weak link, where you can get at the encrypted material," said David Moskowitz, president of Productivity Solutions, from King of Prussia, Pennsylvania.
Getting the decryption code, as it turns out, is relatively easy. Using an in-circuit emulator -- a device used to monitor hardware activity -- Moskowitz was able to watch exactly what the DVD hardware does in decrypting the movie on his PC. "With that information, it's no big deal to create the [cracking] application," he said.
One programmer who had a peripheral involvement in DeCSS development thinks piracy from this utility is a non-issue. "There have been DVD ripping tools available for months," said Derek Fawcus, a programmer in England. "Among the things you can find are explicit instructions and software for making VCD copies of DVDs. DeCSS is simply the latest in a line of methods of doing this."
Some of the DVD decoder assembler code was released on the Internet, and Fawcus rewrote it in C code. That code was later used in DeCSS.
Once decrypted, the DVD movie files, which have a .VOB extension, are too big to fit on a CD-ROM. Most .VOB video files are 1 GB in size, and a movie will be in three or four files. But there are many DVD conversion utilities floating around on DVD ripping sites, like DVDigest. It has conversion tools, like DVD2MPG and VOBSplit, which can be used to convert a DVD movie into VCD format, which can fit on a CD-ROM disc. There are even sites dedicated to converting DVDs to VCD format.
This means losing the interactivity of DVD-ROM and its tremendous sound and video quality, but it also means VCDs can be played on CD-ROM drives. It also makes it easier to trade the movie online. Movie piracy has been a growing problem on the Internet, with films traded in MPEG and AVI format via Web sites and private file transfer sites. Movies in MPEG format are around 600 MB in size.
DVD supporters are not thrilled by the development. "It was like pulling teeth to get the major studios to all commit to standard DVD in the first place," said Jeff McNeal, webmaster of The Big Picture, a home theater enthusiast site. "I consider this a disturbing development and only hope that it doesn't curtail studio commitment to DVD as we know it today."
Why the DVD Hack Was a Cinch page 2
2:15 p.m. 2.Nov.1999 PST
continued
Every player -- including consoles from Sony, Toshiba, and other consumer electronics vendors, as well as software vendors for PCs like WinDVD and ATI DVD -- has its own unique unlock key. Every DVD disc, in turn, has 400 of these 5-byte keys stamped onto the disc. That way, the unlock key from every licensee, be it WinDVD or a Pioneer DV-525 unit, will read the disc.
All licensees of DVD technology have to encrypt their decryption key so no one can reverse-engineer the playback software and extract the key.
Well, one licensee didn't encrypt their key. The developers of DeCSS, a Norwegian group called MoRE (Masters of Reverse Engineering) got a key by reverse-engineering the XingDVD player, from Xing Technologies, a subsidiary of RealNetworks.
"We found that one of the companies had not encrypted their CSS decryption code, which made it very easy for us," said Jon Johansen, a founder of MoRE, in Norway. "We didn't think it would be that easy, in fact."
RealNetworks did not return repeated calls requesting comment.
Because the unlock key is 5 bytes long, Johansen and his two partners, who wish to remain anonymous, were able to guess a whole slew of other keys. So even if all future DVD movies remove the Xing key, DeCSS has a plethora of other keys to choose from.
Johansen and his partners were able to guess more than 170 working keys by trial and error before finally just giving up to go do something else. "I wonder how much they paid for someone to actually develop that weak algorithm," said Johansen. "It's a very weak encryption algorithm."
Leaving such a weak link in the security chain surprised industry people. "I am really surprised that they made it that easy to break into," said Kevin Hause, senior analyst with International Data Corp. "One of the key concerns about DVD was security."
"I don't think it's the end of the world, but it'll be interesting to see what steps the industry takes now, whether they start delaying the releases of certain titles," said Bill Hunt, webmaster of The Digital Bits, a DVD news site.
"I would expect it could also delay the advent of recordable DVD, because it'll give people a medium to write these hacked video files."
Others aren't so talkative. The Motion Picture Association of America (MPAA) declined to comment. The DVD Forum, based in Japan, was unreachable due to a national holiday, but it did issue a carefully worded statement.
"The circulation through the Internet of the illegal and inappropriate software is against the stream of copyright protection. Toshiba, which has led the establishment of the DVD format and is the chair-company of the DVD Forum, feels it is a great pity," wrote Masaki Mikura, manager of the strategic partnership and licensing division at Toshiba Ltd.
"In the future, the laboratories will be more actively conducting strict surveillance and take counter measures against illegal, inappropriate software and hardware in the market. Moreover, we believe that, based on the recent legislation, legal measures and steps will be taken by copyright holders against such violation of intellectual properties," Mikura wrote.
|
