At one point, AACS seemed like an impenetrable wall. Lately though, its looking more like swiss cheese. Earlier this week, a person going by the name arnezami on the Doom9 forums discovered that volume keys could be extracted using what he calls a processing key. With this information, it would be possible to decrypt all HD DVD movies without needing to know the volume key first.
The author of the AACS bypass attempt code, whose screen handle is arnezami, described the process of locating the media key as a matter of creating a control program that slowed down the playback of an HD DVD disc, searching for changes in critical locations in memory. Once those changes are made, playback halts, and the changed memory contents are tested for a sequence of bytes that can be validated as a media key.
From there, arnezami needed a volume ID - a sequence which, when combined with the media key, could yield the VUK. In a bizarre twist, he learned the volume ID was actually guessable, at least for one disc: It was a decimal-encoded permutation of the production date of the disc (9/18/06).
While the AACS LA has acknowledged these hacks, they have yet to revoke any device keys. Even if they do, it probably won't set back people like arnezami very long. If you'd like to read more, head on over to BetaNews.
