
Confirmed: Intel says HDCP 'master key' crack is real - there
http://www.engadget.com/2010/09/16/confirmed-intel-says-hdcp-master-key-crack-is-real/
======
uxp
> "For someone to use this information to unlock anything, they would have to
> implement it in silicon -- make a computer chip," Waldrop told Fox News, and
> that chip would have to live on a dedicated piece of hardware -- something
> Intel doesn't think is likely to happen in any substantial way.

I'm sure thats just a PR statement, however, in most currently available
products that require these keys, they are stored in flash so they can be
revoked or changed in the future. Firmware these days is much more spongy than
its predecessors. Hacking a legitimate firmware update for popular devices to
embed new keys will soon be an automated process for anyone willing to do it.
What would it take for a Chinese knockoff builder to create a BluRay player
that generates a new key every time it boots and stores it RAM? That'd be
nearly impossible to blacklist, since anytime you rebooted the player, it
would appear to be a brand new device.

The implications of this crack are much more far reaching than dvdcss, and
potentially far more economically threatening to the model they spent so much
time and money on.

~~~
barrkel
Is it economically threatening? Really? I have my doubts about that.

As I understand it, the hardware manufacturers were peddling a fantasy to
rightsholders that their hardware could protect their content from end to end.
By getting rightsholders to buy into this fantasy, these hardware
manufacturers got a whole lot more leverage, licensing revenue, new (i.e.
forced) hardware sales, etc.

But I'm not sure it did a whole lot for the rightsholders other than try and
assuage their fears of the digital dawn, a kind of snake oil, as it were. I
don't think people who actually want to view content without paying for it
even noticed. The people who did notice were consumers who were inconvenienced
by the incompatibilities created by coordination problems being made
unnecessarily difficult etc.

If anyone is the loser here, I would think it's a handful of big-brand
hardware manufacturers and patent / license holders, trying to e.g. exclude
cheap no-name Chinese manufacturers from competition.

~~~
tlb
I think it's simpler than that. The labels would only support a standard with
DRM, but secure DRM is impossible, and making copying inconvenient won't keep
the content off torrents. It must have sucked to be on that standards body.

------
tlrobinson
"For someone to use this information to unlock anything, they would have to
implement it in silicon -- make a computer chip,"

I admit I know little to nothing about HDCP, but this sounds like BS to me.
What about things like FPGAs?

And why can't it be done in software? Not enough raw processing power?

~~~
trezor
HDMI typically sends uncompressed streams of audio and video. Basic math would
be:

    
    
        frame = 1920x1080x3 (Full-HD RGB)
        videoBytesPrSecond =  frame * 60 (assuming full progressive video)
        audioBytesPrSecond = 3 * 96000*6 (24-bit, 96kHz, 6 channels)
        totalBytesPrSecond = videoBytesPrSecond + audioBytesPrSecond
        totalBitsPrSecond = 8 * totalBytesPrSecond ~= 3gbps
    

And that's just the payload, no transmission headers, no protocols, no signal-
synchronization.

You do need a pretty cool computer to process _and_ do crypto on that
realtime. I say dedicated silicon/FPGA would be the way here.

~~~
jimbobimbo
But as long as ripping concerned - does it really need to be realtime?

~~~
aquark
Maybe not, but that is still 384MB\s sustained write speed to your disk which
is 22GB\minute so you'd need a 2TB disk for the average movie.

Maybe in a couple of years when 2TB SSDs are cheaply available...

~~~
aeroevan
Or pipe a fifo to x264...

~~~
zokier
Because high-quality real time 1080p encoding is so easy.

------
Unosolo
> "For someone to use this information to unlock anything, they would have to
> implement it in silicon -- make a computer chip," Waldrop told Fox News, and
> that chip would have to live on a dedicated piece of hardware -- something
> Intel doesn't think is likely to happen in any substantial way.

"A fundamental rule in technology says that whatever can be done will be
done."

Andy Grove, former Chairman and CEO, Intel Corporation

------
kbatten
I hope this means I can watch a movie I have purchased without 10 minutes of
unskippable commercials in front of the feature.

Just like mp3s, decss, etc this will not decrease the amount of money I spend
on entertainment, it will only increase my options in how I store and watch
it.

~~~
sp332
Nope, for that you'll need to remove AACS, not HDCP. AnyDVD HD can do that for
almost any disc <http://www.slysoft.com/en/anydvdhd.html> , and the free
BackupBluray can do many older discs. <http://wesleytech.com/backupbluray-
guide/>

------
tlb
The description of the algorithm is eccentric. I'm guessing it's written by a
lawyer. It's not the way cryptographers or hardware people talk.

~~~
_delirium
The careful use of English sentences and spelled-out words sounds like it
might be aimed at making it harder to suppress it as non-speech. The law's
still sort of gray-area around there, but in general courts are more willing
to allow "devices" to be banned, and are more protective of "descriptions of
devices". Machine code, or pages of hexadecimal numbers, seem like they could
be construed as closer to a device, while an English explanation of a
mathematical expression is at least a bit closer to a description.

------
js4all
Since when needs decryption to be done in silicon? That's P.R. A captured data
stream can be decrypted "offline" in as many time as is needed. Storing the
stream for offline decryption however does need an immense storage capacity.
But we all know, storage capacity is steadily increasing.

~~~
gmlk
Can a HDCP stream be captured by a non-HDCP device? I thought that HDCP needed
a handshake of something?

[http://en.wikipedia.org/wiki/High-
bandwidth_Digital_Content_...](http://en.wikipedia.org/wiki/High-
bandwidth_Digital_Content_Protection)

~~~
js4all
Right, but you can capture the traffic between the devices that did a
handshake and decrypt it.

------
tomjen3
That blurb by the end about having to implement it in hardware seems silly to
me - surely there are software blueray players, right?

There might even be a market for an open source one, like there are open
source dvd players, and they would be able to decrypt these movies using this
key.

~~~
pmjordan
_they would be able to decrypt these movies using this key._

Actually, no.

Movies are encrypted using AACS or BD+ on the actual blu-ray disc. The player
decrypts the disc and re-encrypts it for HDCP, which it will only do if it
establishes a valid HDCP handshake with whatever device is plugged into its
HDMI/DVI/DisplayPort port. For a software Blu-Ray player, the HDCP handshake
is delegated to the graphics card, and the player software will refuse to run
unless the operating system guarantees that the handshake has taken place.

For an open source Blu-Ray player, you need the AACS/BD+ keys (which do
periodically turn up, and then get changed on the next batch of discs), _not_
HDCP.

~~~
mfukar
Actually, BD+ and AACS have been circumvented time and again by various people
and tools. But regardless, breaking HDCP means we can access the digital
uncompressed/unencrypted signal and manipulate it at will, as opposed to
relying on the analog hole.

------
orblivion
Even if you can't decode it real-time without a chip, will this at least
facilitate ripping?

~~~
wmf
Ripping a Blu-ray disc requires a $50 BD-ROM drive and a $100 copy of AnyDVD
HD.

HDMI/HDCP ripping requires a $200 HDMI capture card, a $XXX FPGA, and a RAID
array.

------
sliverstorm
The security of HDCP seems immaterial. Hasn't Blu-Ray been cracked?

~~~
tptacek
No. Blu-Ray's BD+ scheme (which was co-designed by an HN contributor) is
_renewable_ , which means that when you break it, Rovi can push out a new
version on the next round of disks that can't be ripped by the same code.

It's been "cracked" several times now, but not (so far as I know) permanently.

------
CamperBob
_"For someone to use this information to unlock anything, they would have to
implement it in silicon -- make a computer chip," Waldrop told Fox News, and
that chip would have to live on a dedicated piece of hardware -- something
Intel doesn't think is likely to happen in any substantial way._

<http://www.digilentinc.com/Products/Detail.cfm?Prod=NEXYS2> Less than $100
with student ID! What a deal, folks. Step right up.

~~~
philwelch
Hey, it's Digilent! I know their president and founder--he teaches EE classes
at my college and I took one from him. Aside from being a successful founder
he's also a very entertaining lecturer.

~~~
CamperBob
They do some great work. The Nexys2 is one of the few genuinely open FPGA
boards out there.

