I'm sure thats just a PR statement, however, in most currently available products that require these keys, they are stored in flash so they can be revoked or changed in the future. Firmware these days is much more spongy than its predecessors. Hacking a legitimate firmware update for popular devices to embed new keys will soon be an automated process for anyone willing to do it. What would it take for a Chinese knockoff builder to create a BluRay player that generates a new key every time it boots and stores it RAM? That'd be nearly impossible to blacklist, since anytime you rebooted the player, it would appear to be a brand new device.
The implications of this crack are much more far reaching than dvdcss, and potentially far more economically threatening to the model they spent so much time and money on.
As I understand it, the hardware manufacturers were peddling a fantasy to rightsholders that their hardware could protect their content from end to end. By getting rightsholders to buy into this fantasy, these hardware manufacturers got a whole lot more leverage, licensing revenue, new (i.e. forced) hardware sales, etc.
But I'm not sure it did a whole lot for the rightsholders other than try and assuage their fears of the digital dawn, a kind of snake oil, as it were. I don't think people who actually want to view content without paying for it even noticed. The people who did notice were consumers who were inconvenienced by the incompatibilities created by coordination problems being made unnecessarily difficult etc.
If anyone is the loser here, I would think it's a handful of big-brand hardware manufacturers and patent / license holders, trying to e.g. exclude cheap no-name Chinese manufacturers from competition.
Everybody involved - content, device, user - is looking to maximize their profit and minimize their costs.
Hardware guys: No content, no buyers, uh-oh, no device sales.
Content guys: No devices, no market, uh-oh, no media sales.
Customers: No fun, uh-oh, no device and no media sales.
It's one of them marketing min-max messes, in other words.
It's not clear to me why you'd need to manufacture hardware at all to exploit it, unless I'm missing something about what part of the system this is breaking. HDCP negotiates an encrypted connection between video sources and HDCP-enabled monitors/TVs, over standard physical links like DVI and HDMI. It's what normally keeps you from just hooking your Blu-Ray player up to a DVI or HDMI input port on a computer and recording the video stream. But with the HDCP key leaked, can't someone write a driver that makes the PC's input port authenticate itself as an HDCP-compliant "monitor"? Is there something in hardware that'd still have to be done to make that work?
So couldn't someone just capture (i.e. write to hard disk) the encrypted bits coming out of an HDCP protected port. Then later using the master key they could go back and decrypt the captured data so they would be left with an unencrypted video file. The process wouldn't have to be real time. So then the only piece of hardware that would need to have any kind of decent performance would be the hard drive. But lots of modern hard drives should be able to write fast enough to capture the encrypted video stream.
Maybe I am not understanding some detail of how this all works. But it seems like this allows for skilled pirates to get a perfect copy of high def videos.
In addition, you're going to want to encode the video using a lossy codec, or the storage requirements will be stupidly large (think ~36 MB/s at a minimum.) So that's another lossy step from HDMI.
So, if you crack HDCP to copy blu-ray, you get (with each arrow representing a lossy conversion)
Blu-ray -> CSC from y420 for HDMI -> CSC to y420 for encoding -> encode
Wheras if you crack AACS you get the video stream on the blu-ray directly, and the only hassle is the cat-and-mouse game with key revocations (AACS is better designed in that it seems a master key cannot be derived from the keys we have easy access to.)
Also, the way HDCP works, you can't just dump an encrypted stream between two any HDCP devices and decrypt it later; you have to control one of the devices to the point that you know its key.
This doesn't sound any easier than decrypting in real time and recording the decrypted stream — in either case I think you need an FPGA. Also, you may be forgetting the authentication protocol.
You are not getting the original bits as they came off the BluRay disk.
Currently an HDMI capture card costs $200: http://www.blackmagic-design.com/products/intensity/
I admit I know little to nothing about HDCP, but this sounds like BS to me. What about things like FPGAs?
And why can't it be done in software? Not enough raw processing power?
frame = 1920x1080x3 (Full-HD RGB)
videoBytesPrSecond = frame * 60 (assuming full progressive video)
audioBytesPrSecond = 3 * 96000*6 (24-bit, 96kHz, 6 channels)
totalBytesPrSecond = videoBytesPrSecond + audioBytesPrSecond
totalBitsPrSecond = 8 * totalBytesPrSecond ~= 3gbps
You do need a pretty cool computer to process and do crypto on that realtime. I say dedicated silicon/FPGA would be the way here.
Maybe in a couple of years when 2TB SSDs are cheaply available...
"A fundamental rule in technology says that whatever can be done will be done."
Andy Grove, former Chairman and CEO, Intel Corporation
Just like mp3s, decss, etc this will not decrease the amount of money I spend on entertainment, it will only increase my options in how I store and watch it.
There might even be a market for an open source one, like there are open source dvd players, and they would be able to decrypt these movies using this key.
Movies are encrypted using AACS or BD+ on the actual blu-ray disc. The player decrypts the disc and re-encrypts it for HDCP, which it will only do if it establishes a valid HDCP handshake with whatever device is plugged into its HDMI/DVI/DisplayPort port. For a software Blu-Ray player, the HDCP handshake is delegated to the graphics card, and the player software will refuse to run unless the operating system guarantees that the handshake has taken place.
For an open source Blu-Ray player, you need the AACS/BD+ keys (which do periodically turn up, and then get changed on the next batch of discs), not HDCP.
HDMI/HDCP ripping requires a $200 HDMI capture card, a $XXX FPGA, and a RAID array.
It's been "cracked" several times now, but not (so far as I know) permanently.
The financial considerations for a profit seeking pirate are trivial - perhaps an FPGA (though software seems feasible), HDMI capture card, RAID system, Bluray burner.
On the consumer end, why pay $50 for a theatrical day-and-date VOD when you can purchase a pirated Bluray of it a day or two later?
Market considerations aside, this crack will force the Studios to rethink VOD release windows.
Less than $100 with student ID! What a deal, folks. Step right up.
Or is this going to be an IP issue?
I go back to my cave now.
How about a virtual video card driver?