Skip to content

Hiding secrets behind the law – DRM, AACS and the 16-byte key  

It surprises and annoys me when I hear of individuals or companies trying to use the law to hide secrets. Surprise at the sheer stupidity and annoyance that tax payers money is used in the process.

The latest secret under suppression is a short 16-byte key which locks away the content on HD-DVD discs that only licensed software and hardware can play it back and prevent you from making copies.

This type of protection used to be called copy-protection but these days it goes under the equally unpopular name of "Digital Rights Management (DRM)". It enforce the copyright holders rights whilst denying you yours and does it in such a way that in some countries re-asserting your legal rights means you end up breaking others.

The AACS Licencing Authority believe they can now protect by law what they failed to protect using technology. This is particularly amusing because their predecessor, the DVD-CCA, failed on both counts when the encryption on DVD was broken in 1999 by an enterprising trio. Apple gets it and is going down the DRM-free route and not treating their customers like criminals.

Basing an entire business model on keeping a sequence of characters secret defies belief and thinking you can wipe the secret off the face of the internet once it’s out is laughable especially when you consider the infinite number of ways you could represent it. The AACS are at it anyway with take down notices to the likes of Digg and others. Amusingly the take down notice itself includes the ‘magic key’.

Alternative 16-byte sequence where each byte is an offset on the previous one is "09 F0 18 F1 9B D7 6F 78 7D 69 15 6F 9E F3 32 38" which if run through the following program yields a certain magic key.

class Program {
    static void Main(string[] argv) {
        byte b = 0;
        string key = string.Empty;
        foreach(string a in argv) {
            b += byte.Parse(a, System.Globalization.NumberStyles.HexNumber);
            key += string.Format("{0:x2} ", b);
        }
        System.Console.WriteLine(key);
    }
}

[)amien

One response  

  1. I’m guessing your 10-minute ‘encryption’ there is just as effective as theirs ;)

    This whole area is ruled by fear and lawyers. Certain companies like this have exploited the fear of content providers about the internet to sell products that nobody really wants, but they’re on borrowed time. Now that EMI and Universal are dropping DRM it won’t be long before the other music companies do, and I’m sure it will filter through to other channels like video eventually – although there’s less of a historical precedent there of consumers expecting to be able to use / rearrange content on any device which means it’s not such a hard sell as music was (where electronic content was so blatantly less functional than physical content). As bandwidth continues to increase though I’m sure that expectation will arise eventually, and those that want to survive will have to give consumers their freedom, or risk having it taken via the backdoor like this.

    steveMay 2nd, 2007

Respond to this