But in this exploit it's not the player key that is compromised, rather their handling of the content's keys. So, say they patch the software players to handle the authentication process differently (keys no longer at the memory addresses where they used to be), at some point the patched player will have to use the content key to authenticate (the already compromised) content. Now, wouldn’t this already known key act as a pretty big signpost for someone looking to compromise the patched player just the same as the previous one?
Players don't "authenticate" content, they decrypt it. When AACS revokes a key, future discs will be encrypted in such as a way that *every key in existence but the revoked one, can decrypt the content*.
For example, let's say there are 4 billion keys. Key #123456789 has detected to be involved in piracy. Now, SpiderMan-3 is released, and it is AACS encrypted such that all 399,999,999 keys can decrypt it, except for Key #123456789. That means the player with that key can no longer pirate any movies.
In order to continue pirating, they will need another AACS. The only way to get AACS keys is from AACS, so they means purchasing something that contains the key. That means, to pirate a movie is atleast as expensive as buying atleast one playback key.
The purpose of AACS isn't to stop someone from playing back already pirated content, it's to stop a crack from being a global crack for eternity, for every disc published, for the entire lifetime of the standard. That was the problem with CSS on DVD, once it was cracked, you could decrypt every new DVD published using the crack, and there was nothing the publishers could do about it.
AACS/BR/HDDVD/Publishers don't want someone distributing an enduser player that has been hacked for the average joe to rip content. They figure, when they find such programs floating around the net, they'll revoke the keys, forcing a recrack.
Hardware players could establish a trusted environment, and if AACS caught some fly-by-night Chinese firm making players that allowed piracy, they'd stop giving them keys. The issue is software players, and that issue will be ameliorated somewhat by the fact that obfuscation can prevent a global crack.
For example, if WinDVD stored its keys at offset #123 in some DLL, or always "near" some pattern of bytes, one could probably make an extracter that can pull the key from any executable. However, software players could easily move to a model wherein the secure component must be downloaded from the website, and the component is individualized for each person, tying the key to a credit card identity, as well as requiring the secure components to be manually disassembled each time and traced by expert crackers.
This would shift piracy to individuals who run fake credit card identities and have expert x86 cracking skills, and they would have to redo the same work everytime their key was tracked down as the culprit (another feature designed into broadcast encryption)
Coupled with very tough criminal penalties (like with Satellite piracy), I think it is a significant step above DVD. Will it prevent HD rips? No, no system will be 100% crack proof. The goal is to raise significant barriers to the average joe, and making it an activity that requires alot of time and expertise, which limits the population of people that law enforcement has to go after.
So sure, they'll be Russian and Chinese groups ripping away and putting HD torrents up, and in the end, either software players will either require trusted hardware chips (probably on the GPU card), or they'll just do away with third party pure software PC playback altogether, as the publishers know that the vast vast majority of people eventually consumer discs won't be watching on PCs, but on dedicated TV CE devices, which specialized HW. Media Center PC *HD* edition anyone? Requirements: Trusted Computing Module.
).