The Content Scrambling System (CSS) is used on DVDs to encrypt the data so that only licensed DVD players
can decode it. It is also used in variant forms to implement a challenge-response protocol between DVD
player software on a PC and a DVD drive (ATAPI or SCSI) attached to that PC, and to decrypt the title key
(the CSS key for a file) from the disk key and player key. In all there are four variant forms of CSS.
CSS is a very simple encryption scheme based on shifts, XORs and table lookups. Its keylength is 40 bits, although it
has been shown elsewhere that a brute force attack is only O(2^25) and a plaintext attack is only O(2^18) - i.e. CSS is
weak for its keylength.
This document describes the CSS algorithm in enough technical detail to implement it. I also describe the plaintext
attack, which is for academic benefit only since all the valid player keys are already known. Finally I describe the
disk authentication procedure, which is quite involved and difficult to extract from the Mount Fuji document.
For reference, a CSS implementation is provided in source code form; this is not in a format
that can be readily converted to a program as this might potentially violate the Digital Millenium Copyright Act; however
it should serve as useful reference material for those wishing to implement CSS on their own.