37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure

Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure: a deep dive into the security flaws and vulnerabilities of the latest movie industry encryption standard.

Key takeaways
  • AACSv2 uses Intel SGX technology to guard its secrets.
  • ACSv2 is a more complex and robust scheme than AACSv1.
  • The ACS Common Cryptographic Elements (CCE) are used for cryptographic operations.
  • The EPID (Elliptic Curve Integrated Circuit) is an asymmetric group-signature scheme used for remote attestation.
  • The PCL (Platform Certificate Layer) is used to encrypt the code and data sections on disk.
  • The CLT (Cyberlink Key Downloader) is an Enclave that downloads and stores the AACS keys.
  • The clkde (Cyberlink Key Downloader Enclave) is used to download the AACS keys.
  • The CLTASW (Cyberlink Title Authentication and Security) is used to authenticate and decrypt the title.
  • The ACM (Authenticated Cipher Mode) is used to encrypt and decrypt the title.
  • The CMAQ (Cryptographic Message Authentication Code) is used to authenticate the title.
  • The session key is used to decrypt the title.
  • The AACS keys are used to decrypt the title.
  • The EPID private key is used to sign the Enclave.
  • The Enclave uses the EPID private key to sign the report.
  • The report is used to verify the authenticity of the Enclave.
  • The Enclave uses the ACM to encrypt and decrypt the title.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is computed using the CMAQ.
  • The CMAQ is computed using the cryptographic keys.
  • The cryptographic keys are used to authenticate and decrypt the title.
  • The title is authenticated using the CMAQ.
  • The title is decrypted using the session key.
  • The session key is

More talks

Three New Attacks Against JSON Web Tokens

PGDay Lowlands 2024 LIVESTREAM

Privacy Detective: Sniffing Out Your Data Leaks for Android

malexmave: Wie man mit Mathematik ein API übernehmen kann (und wie gute Architektur das verhindert)

SAINTCON 2024 - Day 3 - Livestream

AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Unlimited Results: Breaking Firmware Encryption of ESP32-V3

Sequoia PGP: A not quite new implementation of OpenPGP