Perfect physical copies of a disc using, for example, commercial equipment, are a very tough attack to deal with. In the most extreme case, how can consumer equipment distinguish between two copies stamped from the same master? The answer is “it can’t”. But you can still do something about this.

Modern DVD and BD replication equipment can write a unique number on each disc (called burst cutting area on DVD, PMSN on Blu-ray). The entire disc is still the same but each one is slightly personalized.

When you write the BD+ code, you can put some “poison pill” logic in as well. For example, it might be “run SHA1(readPMSN(), secretValue) and if it equals magic value 87B2A058…, stop playback and ask user to enter unlock code.” Then, once your spies in the field see 50,000 copies of a disc with PMSN 1234, you calculate and store the appropriate magic value from the next disc you release.

The nice thing about this is it only affects the 49,999 people who bought the pirated disc and one person who probably was complicit in copying it. Because you provide an override menu, it means users will have a chance to call up the studio and buy a license to it if they were caught unaware.

Flexible schemes like this are only possible if you can write custom protection code for each disc.

However, I have some difficulty in getting a concrete grasp on BD+ and its mechanisms. I understood that each disc basically has some VM applet that’s responsible for integrity checking and descrambling. The mesh design pattern is also very nice. But my fundamental question is this, doesn’t it all stand or fall on how good the media binding is? Isn’t this where your mesh reverts back to a chain? Because, I would assume that anyone who can *exactly clone* a disc, exactly clones all the physical characteristics, the VM code that checks those characteristics, and the code that does the descrambling. Or am I missing something here?

If the media binding is a possible single point of failure, then the whole BD+ vs AACS debate assumes that the media can’t be *exactly cloned* so the pirate has to do some reverse-engineering to disable protection, doesn’t it? Because either scheme is broken if you can exactly copy, I would think. Under this argument, is there any reason to suspect the pirates won’t invest money in this angle, more than breaking the software protection in the future, if the cost of attacking a BD+ disc becomes too prohibitive for them. Anything suggest they won’t eventually be able to exactly clone?

Apologies if I have missed something here, I’ve never actually tried to attack any of these kind of protection schemes (never even ripped a DVD movie, for example) so my understanding and point of view is of course theoretical. Just tell me I’m being an idiot, and at least I’ll have learned something!

The relationship between interest and compromises is not a linear one. The doom9 crowd had a lot of success getting AACS keys before high-def formats were very popular. But once player security improved, they’ve failed to crack MKBv4 and beyond. There may be a couple free agents out there who might focus on it in the future, but it’s clear this battle has already moved beyond the doom9 regulars.

The end game for most DRM for systems that are widely popular is intense competition between custom protection and for-profit hackers. If you look at DVD, arguably the most popular protected video format ever, it has become this kind of conflict.

Protection like RipGuard continues to force DVD rippers to update their software. Some updates take a little while to crack. And all this is done with a really puny VM intended for animating menus. I think with a purpose-built system, we’re in for a long and interesting exchange.