

MacBooks Enter a Golden Age of Anti-piracy Cruft: HDCP For All - vladimir
http://www.techcrunch.com/2008/11/18/macbooks-enter-a-golden-age-of-anti-piracy-cruft-hdcp-for-all/

======
asciilifeform
Open any LCD monitor. The ribbon cable which connects the VGA/DVI/HDMI decoder
board to the LCD panel itself (a separate product, of which there are only a
few manufacturers) carries an entirely unencrypted and fairly well-documented
signal. With an <$100 FPGA, any HDMI monitor can be turned into a decryptor.

~~~
potatolicious
You're right that it's unencrypted, but I don't think it's well-documented.
Every single panel manufacturer seems to have their own spec for carrying data
to the LCD panel proper, and this is all proprietary and not-published. Short
of someone reverse-engineering the data it's not quite SO easy to get your
data.

~~~
asciilifeform
All you need is an oscilloscope. (My 1979 HP 300Mhz scope would do fine, had I
more free time.)

------
maximilian
I would be sooo pissed if the movie i downloaded wouldn't play on my regular
TV or projector I setup or something. I don't understand why they would
require encryption for an analog out? Even a digital out. The movie-cracker
people do everything in software anyway, so it seems like there's really no
point in encrypting the transmission link.

~~~
tptacek
Movie crackers won't necessarily be doing everything in software for long;
several major software media components --- like iTunes, Windows Media Player
and Windows protected media pathways --- remain effectively unbroken. DRM is
steadily improving, to the point where the "analog gap" is becoming more
important.

~~~
pshc
Don't they remain unbroken only because there are currently paths of lesser
resistance? And iTunes is already routinely hijacked to strip DRM from the
iTunes Store.

~~~
tptacek
iTunes is _not_ "routinely hijacked". The current incarnation of iTunes DRM
hasn't had a published break since iTunes 6, several years ago.

The conventional wisdom maintains that all DRM schemes can be broken, and
that's true, if you ignore cost. It is far from proven that all DRM schemes
can be broken with costs proportional to the rewards.

~~~
Zev
The current iTunes DRM for music has been broken. Google Requiem.

~~~
tptacek
Ah, I didn't see 1.8.1. Thanks. And you're right, Brahms broke iTunes 7.

------
lutorm
Does anyone else think that this is incredibly creepy? If this goes on
unchecked, it's just a matter of time until you're not allowed to code unless
you have a license from the RIAA...

~~~
Tichy
Well you are not allowed to code for the iPhone unless you have a license from
Apple.

I wonder when they will do the same to their desktop computers. It is not as
if companies haven't tried that scheme (see Microsoft "certified software" and
stuff like that).

~~~
Zev
You can code without paying for the dev certificate. The SDK is a free
download.

You just can't put apps on the app store or your phone without having a cert.
There's a slight difference.

~~~
Tichy
Well I guess even in the future we will still be allowed to play air guitar,
as long as we don't whistle along with the tune.

------
cmars232
Great. Now we have to get modchips for our laptops too?

------
stanley
You can find more MacBook hacking stories here -
<http://www.applemacbook.com/mods>

------
axod
The irony is if you're geeky enough to connect your computer up to a big
display to watch movies etc, you're certainly geeky enough to circumvent a
little popup warning.

~~~
nailer
HDCP is implemented in the video card. The output is encrypted and the HDCP
certified device decrypts.

However, ultimately the OS either enforces it or doesn't. And the OS has been
pretty weak so far.

Addenda: I'm not talking about iTunes, I'm talking about the OS, which iTunes
uses to display video.

~~~
m_eiman
No need to hack iTunes, just download the movie in a DRM-free format. I've
heard that there are places on the Net that has things like that, something
with pirates and a bay?

But sure, if the Blu-Ray replacement happens to have a working protection
system they might finally pull it off. Too bad for them that the last part of
the delivery chain will always be unprotected, unless they find a way to put
HDCP in Eye 1.0 wetware.

~~~
jbert
> Too bad for them that the last part of the delivery chain will always be
> unprotected, unless they find a way to put HDCP in Eye 1.0 wetware

That won't help you record it if there is sufficient pressure on the small
number of manafacturers of recording devices:

I would imagine it would be possible to create something like a EURion for
video and audio.

<http://en.wikipedia.org/wiki/EURion_constellation>

~~~
jcl
I think it would actually be a lot harder to apply something like EURion to
video or audio, because of user expectations. Video and audio recorders are
not expected to duplicate an existing artifact but to make a record, something
you usually only get one chance to make. A EURion measure would be prone to
abuse, breaking the user expectation that the given event had been correctly
recorded.

The obvious example: What if a guy robbed a bank wearing a EURion t-shirt?
None of the security cameras would record him, unless you had some exception
for security cameras. And once you have an exception for security cameras, do
you have an exception for, say, home security cameras? If so, anyone will be
able to get a circumventing camera; if not, a lot of people will be upset.

~~~
jbert
I don't know how varied the possible DRM policies are, but it would seem
possible to implement a 'generation counter' for DRM'd media which would
restrict the number of copies.

e.g. the output of a video camera could be tagged with "allow 3 copies only".
Each DRM-aware copy produced would decrement the # of allowed copies. The
copied file would have an allowed-count of 0.

If a EURion-like image triggered this mode on the camera then that would
probably be sufficient for manufacturers to avoid liability, but still serve
to effectively close the "analog hole" (not really analog, but hey).

Yes, it all does seem unlikely. But so does tagging of printer output with
yellow dots and EURion, and DRM in general.

<http://en.wikipedia.org/wiki/Printer_steganography>

~~~
marvin
It wouldn't work. This has all the problems of DRM in addition to all the
problems of pattern recognition. Not a chance.

~~~
jbert
The problems of DRM are the ones facing us right now. Sure, individual
implementations are buggy. If there's pressure, that'll improve over time.

The basic technical approach of the current DRM systems is sound, which is why
they're a problem. High quality implementations would restrict people.

In terms of pattern recognition, you're not exactly doing facial recognitiion.
The hard part would be putting a signal in there which was:

\- distributed through the whole picture (so you can't just mask off the logo
in the corner)

\- sufficiently unobvious to humans threshold so that quality doesn't go down
too far. Dunno about this one, apart from the fact that we have a _lot_ of
bandwidth here to hide a signal

\- could survive basic disruption attempts by 'hackers' (colour filters etc)

It is a fairly tall order, but so is convincing the entire PC parts industry
to put crypto in all their components against the interests of their
customers.

------
trezor
HDCP only matters to people who support DRM with their money.

Disclaimer: Not me.

~~~
timtrueman
My thoughts exactly. I only purchase media that is DRM-free. Amazon's MP3
store for instance. If they want to make more money they can start by offering
more content as DRM-free because otherwise I'm not buying…

~~~
Tichy
Is Amazon DRM free? Doesn't it encode the name of the buyer in the MP3? (I
honestly don't know, it just seems likely they do that).

~~~
wvenable
Encoding the name of the buyer in the MP3 is not DRM. It doesn't restrict your
usage of the media in any way. If they do that, I fully support it.

~~~
Tichy
It restricts your ability to sell the MP3. I can sell a CD, which to me
factors into the price (assuming I could sell the CD for half of the new price
eventually).

~~~
noamsml
Color me unimpressed. Encoding a buyer's name is fair game. You still have
full control of the info you got.

~~~
Tichy
I didn't say that it is not fair, but I think it definitely is DRM. So maybe
it is an example of fair use of DRM.

I still prefer my MP3s name-free, but that only means that I would pay more
for name-free than for named MP3s.

~~~
mattmaroon
DRM stands for digital rights management. Encoding your name doesn't manage
your rights in any way.

~~~
Tichy
Maybe it doesn't enforce them, but suppose the police scans my computer and
finds lots of MP3s signed to Matt Maroon, would it really not matter?
(Honestly I don't know - but if it doesn't matter, why encode the name to
begin with?).

~~~
mattmaroon
Honestly my argument was more semantics. It's not DRM. It's something else,
and certainly less odious. All they're doing is creating a way to track
illegal activity.

I wonder what the laws are on selling the track and then deleting it though.
Is that as legal as selling a cd, or do you get sign some sort of legal
agreement when you purchase the track? I've never purchased a single track
online so I don't know much about that.

