‘Future AACS version can contain watermark with device serial’

Posted 24 May 2018 15:53 CEST by Jan Willem Aldershoff

Yesterday we reported about the recently discovered AACS 2 revision that was found on the 4K Ultra HD Blu-ray movies Fury and Patriot and that prevents ripping with all known tools. Today, the developer of MakeMKV has posted additional information about AACS 2.1, as it’s been unofficially referred to.

(Unlocking the 4k Ultra HD Blu-ray protection,  credits: DVDFab)

According to the MakeMKV developer, AACS 2.1 is actually the official name. In a post with information about currently known AACS versions, he has posted a list of currently known AACS version with the remark that, “all names are ‘official’, that’s how they are referred in documentation / software.”

The entire list with currently known AACS versions:

  • AACS 1.0
  • AACS 1.0/Class II
  • AACS 2.0/Category C
  • AACS 2.1/Category C
  • AACS 2.x/Category B
  • AACS 2.x/Category A

The AACS revision found on the movies Fury and Patriot is AACS version 2.1 and category C, according to the list.

Each of the AACS versions (1.0 / 2.0 / 2.1) has an independent set of keys which makes it possible to revoke devices per AACS version. Revoking a device is similar to blacklisting a device (e.g. all models of a brand), if it’s no longer considered secure by the AACS. A reason could be that a hacked firmware is available, or that specific keys have been leaked.

The AACS 2.x Category A and B are not used yet. However, AACS 2.x Category B  is the successor to AACS 2.1 Category C which has now been discovered on the movies Fury and Patriot. It’s possible that once AACS 2.1 no longer meets the objectives of the developers of AACS, the AACS-LA, that they will pick the next in line. In that case it they will introduce AACS 2.x Category B.

When that AACS version is introduced, a new type of security measure becomes available to the AACS developers, according to the MakeMKV developer.

He explains, “In AACS 2.x the ‘decryption’ process (by a player) is rather different from AACS 1.0 — compliant device not only decrypts the content but also actively meddles with it.”

“Forensic mark is always inserted into video stream at the decryption layer.  This mark contains player model and serial number along with environmental details. This information is preserved in video stream and survives screen / HDMI capture,” he added.

It’s unknown whether the forensic mark will also contain personally identifiable information. A document obtained in the Sony hack and published by Wikileaks reveals that Netflix objected to such, as the document states, “NF [Netflix] do not want any watermarking that could identify a user. Marking at a device type level is too much for them.”

Discuss this in our Ultra HD Blu-ray Forum.


Related content


Comment on this news item