
A peek into the curious world of HDMI copy protection - jackjet
http://adamsblog.aperturelabs.com/2013/02/hdcp-is-dead-long-live-hdcp-peek-into.html
======
Daiz
Why HDCP is still used despite being utterly broken is simply the fact that it
gives media corporations 'control'. You know those anti-circumvention laws for
DRM? Yeah. Even DVDs still ship with CSS for this reason - when RealNetworks
released RealDVD, their DVD ripping program (which wasn't even particularly
good or useful, as it produced Real Media files _with Real's own DRM included_
), they were sued by DVD Copy Control Association and lost.[1] So even if the
DRM itself is utterly broken, when combined with anti-circumvention laws it
allows the media industry to shut down any "rogue players" - in other words,
it gives them control. And the gatekeepers, oh, they just _love_ control.

[1]
[http://en.wikipedia.org/wiki/RealNetworks,_Inc._v._DVD_Copy_...](http://en.wikipedia.org/wiki/RealNetworks,_Inc._v._DVD_Copy_Control_Association,_Inc).

~~~
bediger4000
I think you're correct about 'control', but that begs a question:

Why is control that important? It's not control for the sake of generating
money, they'd probably make more money, in a bigger industry, if they didn't
exert such fine-grained control. Is it that much fun to dictate popular
culture, or is something else going on behind the scenes, other than hookers
and blow?

~~~
Daiz
>Why is control that important?

It's what they're used to - back before the internet existed, these middlemen
pretty much had total control over what media people were exposed to. They
were the gatekeepers of media. Then the internet came along, which has changed
the way people get exposed to media dramatically. The gatekeepers hate it,
because it takes away control from them, and they try their hardest to undo
the effects of the internet with DRM, laws, etc. Of course, middlemen are
still necessary even in the digital age, but a good middleman in this day and
age is not a gatekeeper, but rather an enabler (for music, think Soundcloud,
Bandcamp, Tunecore and so on for example).

------
noonespecial
DRM doesn't have to work technically. You can just make the whole thing ROT13
and then pass a law that its illegal to unscramble it.

The technical part isn't the part that matters.

~~~
agwa
That's not the main reason. If it were, then Hollywood would have stuck with
CSS for Bluray and HD-DVD instead of making AACS. They tried hard with AACS:
unlike CSS, it uses a real, peer-reviewed encryption algorithm (AES) and has a
very complex key management system. Hollywood was really hoping to get a
technical solution to DRM and not a purely legal one. (Of course it failed in
the end.)

The real reason why these broken DRM systems like HDCP and AACS are still
around is because there are millions of players/TVs/discs in the field and you
can't break all of them by introducing a new DRM system. I strongly suspect
that Hollywood will attempt a new DRM system at the earliest opportunity
(perhaps when there's a successor to HD?).

~~~
kristofferR
Yup. It already exists as HDCP v.2 (totally new system reenginered from
scratch).

It'll likely start to be used together with the HDMI v.2 protocol eventually,
most likely for UHD TVs as you said.

[http://blog.cryptographyengineering.com/2012/08/reposted-
cry...](http://blog.cryptographyengineering.com/2012/08/reposted-
cryptanalysis-of-hdcp-v2.html)

~~~
AnthonyMouse
I still can't understand why they even bother.

The problem with software-based DRM is that you can always, in the worst case,
run the whole thing in a virtual machine and capture the output the software
thinks is going to a display but is really going to a video encoder.

The problem with hardware-based DRM is that you have a hundred million devices
in service when a vulnerability is discovered. Then you can't even securely
issue a firmware update as a result of the exact same vulnerability you're
trying to patch, and if the vulnerability is in the hardware itself then
you're totally screwed.

Normal cryptography is Alice sending a message to Bob without Eve being able
to read it. We know how to do that pretty well at this point -- and even then,
look at the regularity we see security patches to e.g. OpenSSL. DRM is not
even that. DRM is Alice sending a message to Bob that self-destructs after Bob
looks at it, even if Bob doesn't want it to. It isn't clear that this is even
theoretically possible against a determined attacker, and in practice it
hasn't even held up to amateurs and hobbyists.

All they're doing is just pissing money away and inconveniencing their paying
customers. I'm pretty sure the only reason we still have new DRM systems at
all (as opposed to faux DRM whose sole purpose is to invoke the DMCA) is that
there are still companies who make money peddling it and the people paying
them haven't yet been able to see through the lies.

~~~
jfb
DRM is popular not because it makes the possible impossible (not even the
least technical people at the studios think this), but because it makes
copying _more expensive_. As such, it's one leg of the "anti-piracy" stool,
along with spurious lawsuits, punitive licensing deals, &c.

You (and I) might think the whole think is a donkey circus that just ends up
making things worse, but it's important to keep in mind that there is a reason
for it, and it's not false consciousness on the part of the content owners, or
magical pixie dust from DRM vendors.

~~~
koko775
> DRM is popular not because it makes the possible impossible (not even the
> least technical people at the studios think this), but because it makes
> copying more expensive

No, it exists because it's usually a contractual obligation for licensing the
content for distribution to at least make a token effort to protect content.
That's really the biggest reason.

Source: I work at an entertainment company

~~~
cynicalkane
The viewpoint from your corner of the world is wrong. The viewpoint from my
corner is right. Of course both can't possibly be part of the whole story at
the same time, that's ridiculous.

Source: I work in my corner.

~~~
koko775
I have an insider's view of the industry, as well as an understanding of the
interplay that happens between different target platforms, content providers,
and the engineers implementing the actual streaming platform.

I have no need to lie nor any investment in being verifiably correct. My
viewpoint is simply my own and carries its own validity according to however
much people wish to believe me.

------
bediger4000
In the article, Adam Laurie writes:

 _HDCP (the copyright protection mechanism in HDMI) is broken. I don't mean
just a little bit broken, I mean thoroughly, comprehensively, irredeemably and
very publicly broken. Broken in such a way that any possible recovery would
mean layering it with so much additional new infrastructure as to render it
entirely pointless. Broken. B-R-O-K-E-N. .... So why, then, is it still being
shoved down my throat?_

Easy. The licensing and "intellectual property" laws combine to allow some set
of corporate entities to create at least a price-fixing cartel around HD Tee
Vee. They probably got the idea from the success of the DVDCCA
(<http://www.dvdcca.org/>). If you don't/can't pay the licensing fees for
HDMI, you can't make products. HDMI probably keeps the riff-raff (rampant
competition) out.

~~~
jasomill
Clearly true, as stripping HDCP, while useful for interoperability with
noncompliant devices, is an obviously fussy and inefficient way to store or
distribute video supplied in a compressed format with cracked DRM (e.g., Blu-
ray, iTunes).

Well, that and inertia, HDMI being the digital evolution of the old "analog
hole".

------
lucian1900
Because it's DRM. The intent is merely to enable prosecution under the DMCA,
only a token effort at "security" is needed.

------
bnewbold
See also, "Warner Bros and Intel Sue Over HDCP Crack Piracy" from December:

[http://torrentfreak.com/warner-bros-and-intel-sue-over-
hdcp-...](http://torrentfreak.com/warner-bros-and-intel-sue-over-hdcp-crack-
piracy-121220/)

"Freedom USA, which also operates under the names AVADirect and AntaresPro,
makes several devices which allow consumers to convert HDCP-encrypted digital
signals to analog signals. This means that users could potentially record pay-
per-view broadcasts, including Hollywood movies."

"Aside from the 'piracy' element brought up in the complaint the devices sold
by Freedom USA also have legitimate uses, such as connecting a new set-top box
to an older TV or monitor."

~~~
jonny_eh
Or to record gameplay from a PS3.

------
thrownaway2424
This garbage is definitely costing them sales. I bought a blu-ray
player/receiver thingus and it wouldn't work with my Roku player because they
could not negotiate mutually-acceptable encryption most of the time, resulting
in solid green fields instead of movies. So instead of being happy and buying
blu-ray discs, I just returned it and continue to not buy any of those.

------
contingencies
Even more curious (but equally broken) are the myriad DRM protocols that
operate between consumer devices across the network. The main reason DRM is
used in these scenarios is that a lot of the leading content owners (mostly
Hollywood) make it a requirement before releasing their content digitally.
Having seen the reference source code for some of them, I can tell you that we
have nothing to fear, and that the claims each new system makes regarding
innovation are farcical.

Some of these protocols currently in use include Coral, OMA, OMA2, Windows
Media 9, Playready, Marlin, Widevine, etc.

Also, HDCP is spiritually the successor to Macrovision Analog Protection
System (APS) on videotapes. For more information on where this is headed at
present (dead as the whole DRM area is), see also DTCP+, HDCP's latest content
protection specification.

PS. Adam, if you read this, nice meeting you in Bangkok a few years back. I am
sort of based there now, just back in China for a spell.

------
dbcooper
Now there is also the Cinavia analogue audio watermarking system for
protecting content, which seems to be quite robust.

<http://en.wikipedia.org/wiki/Cinavia>

Slysoft intends to release a product that negates it, but I am unaware of any
success so far. There have been work-arounds for the PS3 though.

The doom9 forum thread _can_ be a good place to read about it.

<http://forum.doom9.org/showthread.php?t=155777>

~~~
daeken
Cinavia has been in my sights for a while. Every once in a while, I end up
rereading the main patent and doing research, and it looks like a formidable
challenger. I'd really like to take it on, if I ever had free time; it's been
a while since I've done DRM reversing, and it's ridiculously well designed,
thus fun.

------
shmerl
DRM pushed into the video interfaces is sheer idiocy.

------
mrb
Adam said that an HDCP-stripper can generate a key on-the-fly, thereby making
it impossible to revoke. Does such a device exist? It was my understanding
that all HDCP-stripper available were using static keys (which have to be
reprogrammed by the end-user with a new key in the event the key is revoked).

~~~
bbrian
I didn't infer it exists from the article. HD Fury is the only stripper I know
of, it's "Now supplied with mini USB connector for firmware updates." It's
also pricey. I found it when looking for a way to use my DVI Cinema Display
with my Apple TV (1g).

<http://www.hdfury.com/>

------
josephlord
Yes it's completely broken but its rarely the best point of attack anyway.
Dealing with uncompressed video input is hassle and needs significant hardware
compared to a way to capture the compressed data from a Blu-ray. Plus there is
a generational compression loss of quality.

------
csense
Obligatory XKCD reference: <http://xkcd.com/129/>

------
martinced
You've gat to love the comment on TFA saying something like: _"It doesn't
matter that it can be broken by experienced crackers, it's just to keep the
honest man honest"_.

That is so wrong: all it takes is that each one of the warez group builds one
like this and then they can rip anything "big media" produces and then put it
on torrent or underground movie-sharing networks.

 _(oh the memories taking my bycicle when I was 12 to meet people in parking
lots to trade 5 1/4" and 3 1/2" floppy disks ; )_

~~~
crististm
The snicker net will still work when the Internet police will come. It will be
lower bandwidth (or higher depending on the size of the exchanged HDDs :),
high latency but will work.

