Hacker News new | past | comments | ask | show | jobs | submit login
Confirmed: Intel says HDCP 'master key' crack is real (engadget.com)
148 points by there on Sept 17, 2010 | hide | past | web | favorite | 54 comments

> "For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip," Waldrop told Fox News, and that chip would have to live on a dedicated piece of hardware -- something Intel doesn't think is likely to happen in any substantial way.

I'm sure thats just a PR statement, however, in most currently available products that require these keys, they are stored in flash so they can be revoked or changed in the future. Firmware these days is much more spongy than its predecessors. Hacking a legitimate firmware update for popular devices to embed new keys will soon be an automated process for anyone willing to do it. What would it take for a Chinese knockoff builder to create a BluRay player that generates a new key every time it boots and stores it RAM? That'd be nearly impossible to blacklist, since anytime you rebooted the player, it would appear to be a brand new device.

The implications of this crack are much more far reaching than dvdcss, and potentially far more economically threatening to the model they spent so much time and money on.

Is it economically threatening? Really? I have my doubts about that.

As I understand it, the hardware manufacturers were peddling a fantasy to rightsholders that their hardware could protect their content from end to end. By getting rightsholders to buy into this fantasy, these hardware manufacturers got a whole lot more leverage, licensing revenue, new (i.e. forced) hardware sales, etc.

But I'm not sure it did a whole lot for the rightsholders other than try and assuage their fears of the digital dawn, a kind of snake oil, as it were. I don't think people who actually want to view content without paying for it even noticed. The people who did notice were consumers who were inconvenienced by the incompatibilities created by coordination problems being made unnecessarily difficult etc.

If anyone is the loser here, I would think it's a handful of big-brand hardware manufacturers and patent / license holders, trying to e.g. exclude cheap no-name Chinese manufacturers from competition.

I think it's simpler than that. The labels would only support a standard with DRM, but secure DRM is impossible, and making copying inconvenient won't keep the content off torrents. It must have sucked to be on that standards body.

It's a compromise between what the rights-holders want for security (eg: usually more), and what the hardware vendors can reasonably implement and profit from (eg: usually less), and the degree of hassles and adverts that the end users will tolerate (some), and the trade-offs between the ease of use of any cracks with the fear of and the threat of and the costs of legal entanglements, and the cost of entry for folks outside the consortium (usually licenses and patents).

Everybody involved - content, device, user - is looking to maximize their profit and minimize their costs.

Hardware guys: No content, no buyers, uh-oh, no device sales.

Content guys: No devices, no market, uh-oh, no media sales.

Customers: No fun, uh-oh, no device and no media sales.

It's one of them marketing min-max messes, in other words.

I don't think you'd even need a new Blu-Ray player if you had a genuine one. HDCP is aimed mainly at protecting the video stream between the disk and and display on the monitor, to keep people from grabbing the video off a DVI or HDMI cable.

It's not clear to me why you'd need to manufacture hardware at all to exploit it, unless I'm missing something about what part of the system this is breaking. HDCP negotiates an encrypted connection between video sources and HDCP-enabled monitors/TVs, over standard physical links like DVI and HDMI. It's what normally keeps you from just hooking your Blu-Ray player up to a DVI or HDMI input port on a computer and recording the video stream. But with the HDCP key leaked, can't someone write a driver that makes the PC's input port authenticate itself as an HDCP-compliant "monitor"? Is there something in hardware that'd still have to be done to make that work?

There isn't a lot of products capable of capturing 1080p from DVI/HDMI, even without HDCP.

But in this case aren't we talking about people trying to get a perfect bit for bit copy of a high definition video.

So couldn't someone just capture (i.e. write to hard disk) the encrypted bits coming out of an HDCP protected port. Then later using the master key they could go back and decrypt the captured data so they would be left with an unencrypted video file. The process wouldn't have to be real time. So then the only piece of hardware that would need to have any kind of decent performance would be the hard drive. But lots of modern hard drives should be able to write fast enough to capture the encrypted video stream.

Maybe I am not understanding some detail of how this all works. But it seems like this allows for skilled pirates to get a perfect copy of high def videos.

HDMI actually doesn't support the colorspace that all digital video is distributed in, so unless you know exactly how your blu-ray player is doing the colorspace conversion it's going to be slightly lossy just from that.

In addition, you're going to want to encode the video using a lossy codec, or the storage requirements will be stupidly large (think ~36 MB/s at a minimum.) So that's another lossy step from HDMI.

So, if you crack HDCP to copy blu-ray, you get (with each arrow representing a lossy conversion)

Blu-ray -> CSC from y420 for HDMI -> CSC to y420 for encoding -> encode

Wheras if you crack AACS you get the video stream on the blu-ray directly, and the only hassle is the cat-and-mouse game with key revocations (AACS is better designed in that it seems a master key cannot be derived from the keys we have easy access to.)

Also, the way HDCP works, you can't just dump an encrypted stream between two any HDCP devices and decrypt it later; you have to control one of the devices to the point that you know its key.

So couldn't someone just capture (i.e. write to hard disk) the encrypted bits coming out of an HDCP protected port. Then later using the master key they could go back and decrypt the captured data

This doesn't sound any easier than decrypting in real time and recording the decrypted stream — in either case I think you need an FPGA. Also, you may be forgetting the authentication protocol.

To be picky, my understanding is even if this worked it isn't a 'perfect' copy of the source -- you would be getting a raw uncompressed HD video stream, which is great, but would need to be recompressed to be manageable.

You are not getting the original bits as they came off the BluRay disk.

Hmm, that's a good point. That makes it somewhat amusing, though, because that means that the main reason it's hard to exploit this HDCP break (at least currently) is the same reason HDCP is actually somewhat unnecessary to begin with: because recording a raw DVI/HDMI stream with commonly available equipment is hard.

Of course, one could speculate that if HDCP never existed, cheap HDMI capture cards would have been developed years ago. (Like how criminals probably would be sniffing credit card numbers off the Internet if SSL never existed, but since SSL exists they use other methods instead.)

Currently an HDMI capture card costs $200: http://www.blackmagic-design.com/products/intensity/

It would also be very difficult to sell in the markets where people actually buy Blu Ray disks.

Would it? I know this is a different scale of breach, but AFAIK region-free DVD players are everywhere.

Online? Ebay? Craigslist? No, you couldn't but them at Fry's, but when have you ever been able to buy similar grey-market electronics legitimately in B&M stores?

Without having to get into a drawn-out series of hypotheticals let's just stipulate that pushing DRM cracks that far underground is a win condition for a content industry that just a few years ago was as open to piracy as redbook CDs.

This would be a very fun undergrad capstone project, and a project that would get someone an amazing job even if they only did a partial implementation.

"For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip,"

I admit I know little to nothing about HDCP, but this sounds like BS to me. What about things like FPGAs?

And why can't it be done in software? Not enough raw processing power?

HDMI typically sends uncompressed streams of audio and video. Basic math would be:

    frame = 1920x1080x3 (Full-HD RGB)
    videoBytesPrSecond =  frame * 60 (assuming full progressive video)
    audioBytesPrSecond = 3 * 96000*6 (24-bit, 96kHz, 6 channels)
    totalBytesPrSecond = videoBytesPrSecond + audioBytesPrSecond
    totalBitsPrSecond = 8 * totalBytesPrSecond ~= 3gbps
And that's just the payload, no transmission headers, no protocols, no signal-synchronization.

You do need a pretty cool computer to process and do crypto on that realtime. I say dedicated silicon/FPGA would be the way here.

But as long as ripping concerned - does it really need to be realtime?

Maybe not, but that is still 384MB\s sustained write speed to your disk which is 22GB\minute so you'd need a 2TB disk for the average movie.

Maybe in a couple of years when 2TB SSDs are cheaply available...

Or pipe a fifo to x264...

Because high-quality real time 1080p encoding is so easy.

> "For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip," Waldrop told Fox News, and that chip would have to live on a dedicated piece of hardware -- something Intel doesn't think is likely to happen in any substantial way.

"A fundamental rule in technology says that whatever can be done will be done."

Andy Grove, former Chairman and CEO, Intel Corporation

I hope this means I can watch a movie I have purchased without 10 minutes of unskippable commercials in front of the feature.

Just like mp3s, decss, etc this will not decrease the amount of money I spend on entertainment, it will only increase my options in how I store and watch it.

Nope, for that you'll need to remove AACS, not HDCP. AnyDVD HD can do that for almost any disc http://www.slysoft.com/en/anydvdhd.html , and the free BackupBluray can do many older discs. http://wesleytech.com/backupbluray-guide/

The description of the algorithm is eccentric. I'm guessing it's written by a lawyer. It's not the way cryptographers or hardware people talk.

The careful use of English sentences and spelled-out words sounds like it might be aimed at making it harder to suppress it as non-speech. The law's still sort of gray-area around there, but in general courts are more willing to allow "devices" to be banned, and are more protective of "descriptions of devices". Machine code, or pages of hexadecimal numbers, seem like they could be construed as closer to a device, while an English explanation of a mathematical expression is at least a bit closer to a description.

It sounds more like hacker speak. They tend to communicate the most important information not in code or math, but in (as unambiguous as can be made possible) english. It's the sense of "I'm not giving you a crack, I'm just describing it, you can build your own if you really want it".

Since when needs decryption to be done in silicon? That's P.R. A captured data stream can be decrypted "offline" in as many time as is needed. Storing the stream for offline decryption however does need an immense storage capacity. But we all know, storage capacity is steadily increasing.

Can a HDCP stream be captured by a non-HDCP device? I thought that HDCP needed a handshake of something?


Right, but you can capture the traffic between the devices that did a handshake and decrypt it.

That blurb by the end about having to implement it in hardware seems silly to me - surely there are software blueray players, right?

There might even be a market for an open source one, like there are open source dvd players, and they would be able to decrypt these movies using this key.

they would be able to decrypt these movies using this key.

Actually, no.

Movies are encrypted using AACS or BD+ on the actual blu-ray disc. The player decrypts the disc and re-encrypts it for HDCP, which it will only do if it establishes a valid HDCP handshake with whatever device is plugged into its HDMI/DVI/DisplayPort port. For a software Blu-Ray player, the HDCP handshake is delegated to the graphics card, and the player software will refuse to run unless the operating system guarantees that the handshake has taken place.

For an open source Blu-Ray player, you need the AACS/BD+ keys (which do periodically turn up, and then get changed on the next batch of discs), not HDCP.

Actually, BD+ and AACS have been circumvented time and again by various people and tools. But regardless, breaking HDCP means we can access the digital uncompressed/unencrypted signal and manipulate it at will, as opposed to relying on the analog hole.

Thanks to your comment, I am now wiser and have seen my errors.

/me Bows

Even if you can't decode it real-time without a chip, will this at least facilitate ripping?

Ripping a Blu-ray disc requires a $50 BD-ROM drive and a $100 copy of AnyDVD HD.

HDMI/HDCP ripping requires a $200 HDMI capture card, a $XXX FPGA, and a RAID array.

The security of HDCP seems immaterial. Hasn't Blu-Ray been cracked?

No. Blu-Ray's BD+ scheme (which was co-designed by an HN contributor) is renewable, which means that when you break it, Rovi can push out a new version on the next round of disks that can't be ripped by the same code.

It's been "cracked" several times now, but not (so far as I know) permanently.

HDCP is important for VOD. With release windows changing and Studio's pushing for various types of pre-DVD street date VOD releases, and providers pushing for the same, an HDCP crack could enable profit-seeking pirates to obtain pre-DVD, pre-Bluray, in some cases pre-theatrical releases and redistribute them.

The financial considerations for a profit seeking pirate are trivial - perhaps an FPGA (though software seems feasible), HDMI capture card, RAID system, Bluray burner.

On the consumer end, why pay $50 for a theatrical day-and-date VOD when you can purchase a pirated Bluray of it a day or two later?

Market considerations aside, this crack will force the Studios to rethink VOD release windows.

"For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip," Waldrop told Fox News, and that chip would have to live on a dedicated piece of hardware -- something Intel doesn't think is likely to happen in any substantial way.

http://www.digilentinc.com/Products/Detail.cfm?Prod=NEXYS2 Less than $100 with student ID! What a deal, folks. Step right up.

The article's spin is that designing hardware is for the super-rich, but the subtext is that anyone who tries to sell this as a hardware product is going to get sued.

Aren't there provisions in the DCMA that would enable certain people to obtain such technology to use for legitimate DCMA enabled reasons?

Or is this going to be an IP issue?

There are exemptions to the DMCA, but in general the entire law works in exactly the opposite direction, and exists basically to prevent products like this from being brought to market.

Thankfully the DMCA only applies to one country and not all the other ones..

For now. ACTA appears to be aimed at cramming DMCA-style IP law reform down the throats of the rest of the world.

That makes me sad.

I go back to my cave now.

DMCA is only relevant for about 5% of the world's population. Don't be so sad, things are better than they seem.

Those negotiating ACTA are looking to change that...

How about a driver for a computer with an hdmi port?

How about a virtual video card driver?

Hey, it's Digilent! I know their president and founder--he teaches EE classes at my college and I took one from him. Aside from being a successful founder he's also a very entertaining lecturer.

They do some great work. The Nexys2 is one of the few genuinely open FPGA boards out there.

Hey, go cougs!

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact