TV hack bypasses HDCP

hdmi

Reader [GRitchie] wrote in with an interesting find in his new TV set: with just some minor soldering it was possible to tap into an unencrypted hi-def video stream.

HDCP (High-bandwidth Digital Content Protection), used by Blu-Ray players and cable or satellite receivers, normally ensures a DRM-protected link between the device and a compatible display. Any properly-licensed device that forwards HDCP content (such as an HDMI switch box) is expected to provide encrypted output; those that don’t may get blacklisted by the system and become expensive paperweights. It’s something of an annoyance for users who feel this oversteps fair use applications such as time-shifting.

[GRitchie] found that his new TV with “InstaPort” Fast HDMI Switching didn’t perform this re-encryption step between the set’s internal switcher and the next stage in decoding. Soldering just eight wires directly from the switching chip’s output to an HDMI cable provided an unencrypted output that could then be received by a PC for later replay.

What’s not clear at this point is whether the capability is peculiar to just this one make and model, or applies to anything with the new Fast HDMI Switching. If the latter, it will be interesting to see how this plays out…nearly all of the major HDTV manufacturers are evaluating InstaPort for new sets, which would make any attempt at HDCP blacklisting awkward, to say the least.

Comments

  1. Hackius says:

    I hate to tell you but there’s a huge selection of devices that strip DHCP from the stream mainly targeted at gamers that want complex setups involving game consoles. DHCP gets in the way of that and it never stopped a single pirate. I don’t know why we still have it.

  2. Battletux says:

    @Hackius Urrmmmm, DHCP is not the same as HDCP……

  3. FunkyB says:

    I think Hackius meant HDCP, and their point still stands. It is a pointless intrusion and gets in the way of a great many legitimate uses.

    Regarding the hack, I love that there are people out there willing to take a soldering iron to their new tv :)

  4. cirictech says:

    niffty, kinda wounder how he figured out it wasn’t encrypted.

  5. jωt says:

    wow hdcp sucks ass, according to wikipedia up to date blacklists are distributed on new dvds

  6. samurai says:

    well if this gets popular enough (which i’m sure it wont), they’ll just consolidate ICs to do multiple functions. it’s a little harder to solder wires to the inside of a chip ;-)

    great find though. great post.

  7. qwerty017 says:

    I wonder if you could remove the screen it self and grab the signals that are sent to the controller board. I mean, the signal has to be readable so that the screen itself knows where to put the dots for the pictures… right? Or am I completely insane? BTW, nice hack.

  8. walt says:

    way to go GRitchie! HDCP sucks. i try not to buy anything with HDCP (all of us should do the same). and if we are left without other options, at least attempt a hack like this. and if it blows up, back to the store with it. let them pay for it. down with HDCP!

  9. agent smith says:

    qwerty – in theory they could make a system on a chip decoder that would convert HDCP signals to the LCD voltage signals, which are far from a standard video format. not impossible to reverse, but it’d get pretty hairy.

  10. Ugly American says:

    @qwerty017

    Yes, the signals can always be read unencrypted at the LCD connection point.

    Of course, pro pirates have inside connections and get the media before it ever hits retail so all the RIAA/MPAA actions really do is make piracy more profitable for organized crime the same way Prohibition in the US catapulted organized crime to the big leagues and the continuing ‘war’ on drugs sustains it.

  11. drew says:

    does this not break dcma or whatever you yanks call it?

  12. hurrrrr says:

    yes, HDCP circumvention does go against the DMCA. Many devices and manufactures of devices that circumvent this protection have been C&D’d

    As for the poster talking about buying things that dont have HDCP enabled… good luck, anything with a digital video connection you buy ANYWHERE in the USA will have HDCP built in. ICT requies HDCP handshake to enable high resolution playback/decoding, so unless you prefer low resolution content, and analog video signals, HDCP is here to stay.

    Im not sure what the studios/MPAA were thinking pushing this kind of technology, it has obviously not stopped piracy at the disc/media level, and never will! Only makes it a frustration for the consumer.

    whats even more insane is the -required- license fees to sony for mastering to blu-ray. i feel sorry for content providers who are paying this extremely pricey license cost for a format and encryption system that has already been broken!

  13. hurrrrr says:

    Ugly American – You make a valid point about pirates getting access to the content before HDCP is an issue/hurdle at all, but its not fair to group all pirates into the realm of ‘funding terrorism’.
    MANY groups and group members who distribute content illegally do it with ZERO recourse, and ZERO profit. Its not fair to say that piracy == organized crime in the way you framed how bootleggers made money in the prohibition era on illegal goods.

  14. Paul says:

    The whole purpose behind an HDCP TV is to take an encrypted stream and render it in an unencrypted form – HDCP is supposedly there to stop the pirates – but it just takes one pirate to take the back off a TV, hook some wires up to the LCD drivers and the bits are free, copies will be made and HDCP is pointless – you can bet it’s happening somewhere on the planet

  15. komradebob says:

    HDCP does indeed suck as I discovered when I plugged my new TV into the cable box with HDMI and it cuts off the component out which drives the DVR.

    Easy solution, just use the component outputs (the stb kindly provides 2 component outs + HDMI) to drive both. No loss to me. But annoying.

    Nice hack.

  16. Noobixide says:

    I have a bigger question, why does it look like in one of the pictures there is RJ11 and RJ45 connections on the TV? Or am I mistaking them for another component? I recently bought a new Samsung TV and didn’t notice any type of connection like this on it?

  17. Nitori says:

    HDCP does indeed suck ass as it simply gets in the way.
    It would not stop pirates as capturing the unencrypted bit stream of a blueray disc is the hardway of doing things as you would be dealing with terabytes of data that would need recompressing on the fly.
    Pirates would attack the encryption on the disc vs the HDCP so yes HDCP is useless BS.

  18. Doomstalk says:

    Noobixide: A lot of TVs these days come with inbuilt clients for NetFlix, YouTube, Flickr, etc. so that is very likely an Ethernet connection.

  19. S says:

    Pretty pointless. The people they are trying to keep the content from will get it anyway.

    As always, such protocols only punish the consumer and the industry itself.

  20. ejonesss says:

    @ samurai in today’s day in age with the economy the way it is (especially walmart demanding makers to cut costs) they will not consolidate their chips because it would cost too much (unless the copyright groups are willing to foot the bill for the chip design and manufacture).

  21. shibathedog says:

    So are you telling me if I own a TV with HDCP, and someone figures out how to circumvent it, then it gets blacklisted, My TV will no longer play Blu-Ray at full resolution?

    I’m guessing you can’t get your money back and you have to buy a new TV then? What bunch of BS!

  22. ejonesss says:

    @ qwerty017 i was thinking the same thing quite some time ago.

    my idea is to connect between the display driver and the lcd (in a watch it would be tapping into the rubber conductor strips that hold the lcd off the board)

    be aware that some small displays may have the driver chip right on the lcd it’s self

  23. Fry-kun says:

    So does anyone know what make/model this TV is?

  24. jack says:

    I found this paper, and it is a great read! For those who are more technically minded, this paper could be an excellent resource for exploring the weaknesses of HDCP. Unfortunately, I am not skilled enough.

    “Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called ‘A Cryptanalysis of the High-bandwidth Digital Content Protection System'” (Wikipedia)

    http://www.cypherpunks.ca/~iang/pubs/hdcp-drm01.pdf

  25. Fry-kun says:

    jack:
    Wikipedia page mentions this paper was published in ’01 and that 39 keys are necessary to crack the system. Question is, is someone out there actually busy doing that? And if so, how many keys they have so far?

  26. ljfkh says:

    Can these chips be purchased online to make a decrypting converter box?

  27. LukeS says:

    Will this allow someone to get the PCM audio data from a DVD-audio disc?

  28. Fry-kun says:

    ljfkh: it’s not the chips themselves, it’s the keys that matter. think firmware, not hardware.

    LukeS: no, DVD-audio is a different format, nothing to do with HDCP. In fact, it’s older, much closer to DVD encryption. There’s a utility/code out there to rip the audio, but for Windows only, afaik.
    DVD-audio just never became popular enough for anyone to care

  29. farthead says:

    HDCP is a non issue for most of us I crack HDCP for many customers because they have a $35,000 projector and they get pissed when the low grade Comcast cable box complains about “UNSECURE VIDEO PATH” on the screen. so we insert one of the HDCP fooler/stripper and all works fine. It’s a small box that has a hdmi on one side and DVI on the other. it satisfies whatever HDCP device wants and sends the unencrypted video out HDMI (which is DVI in a larger connector)

    They have been around for years and are relatively cheap ($350.00) you can upload a new ketset via USB if need be, but in the past 4 years I have yet to see a customers box “blacklisted”

  30. LukeS says:

    I believe this is the chip in the news TV’s, The datasheet is not available to the public for obvious reasons nor can you go to to digikey, etc to purchase the chips but since they are in a lot of products it probably is to big of a deal to find a TV with one.

    http://www.siliconimage.com/products/product.aspx?id=134

  31. LukeS says:

    @Fry-kun DVD-audio outputs full bit-rate quality encrypted audio over HDCP HDMI complaint players and devices. So if the InstaPort chip decodes this encrypted PCM data, you could relatively easily rip DVD-audio in full 96K, 192K quality instead of the limited down-sampled 48K data which is required on the none-encrypted digital out of standard DVD-A players.

  32. LukeS says:

    @Fry-kun:
    Second thing, “DVD-audio just never became popular enough for anyone to care” that is just simply wrong. DVD-audio discs are highly sought after format for audiophiles which some go to great length to rip the full bitrate PCM data off the disc. If this hack works for ripping PCM data from DVD-A discs, explained in my above comment, then this would be a huge leap in terms of making it easier for the tech savoy average-joe who can use a soldering iron to rip a DVD-a disc in full quality.

    DVD-A died because of the insane copy protection they put on the players, the only way to play music without down-sampling the bitrate to a lower bitrate was to use a special DVD-A player with separate analog audio outputs for each channel and a amp that supported this input. If they allowed DVD-A PCM data to be transmitted over a standard digital / toslink cable it would have been much more successful.

  33. Blizzarddemon says:

    It is true their are hdcp strippers out there, however, they are all godawful expensive. If this hack is true this could simplify the process to a cheap simple addon or mod.

  34. rasz says:

    this looks like a glitch in manufacturing. You dont need to strip HDCP for InstaPort to work. You just need to keep HDCP patchs open on all connectors so user switching Video source doesnt have to wait for new handshake.

  35. Hackius says:

    @Battletux: Fat fingers and no proofreading :P

  36. Hackius says:

    @farthead: 350? I bought one for 100 from ebay and it’s not been blacklisted.

  37. iyanic says:

    HDCP seems to be broken by Niels Ferguson

    He independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act…

    mkAY it’S KINDA Gay…

  38. Ben Ryves says:

    For Blu-ray and HD DVD there’s also the software option of AnyDVD HD. I don’t have any interest in ripping Blu-ray myself, so a £29 HDCP-compliant video card was more economically sensible than a €63 driver…

  39. archaic0 says:

    Is anyone working on cracking the keys for HDCP? Well I guess with the stipper boxes someone has spent a little time on such things, but like others have said, it’s not really worth the time to deal with in the pirate world because they don’t need to. They are getting the content before HDCP (or any other copy protection for that matter) gets involved, or they are ripping the content with a PC and anything protected with software can be broken with software.

    I don’t get the RIAA/MPAA because they seem to sit in a room and come up with ideas without paying any attention to the real world. WE all pretty much know where this content comes from, whey don’t THEY? It doesn’t take a genius or a huge study to find out what the real path of piracy is.

    I DO get their desire to “protect” “their” content, but if that’s what they really want to do, then why are they wasting time on things that don’t address their “problem”?

    Even without inside connections (which is certainly where a lot of pirates get their source material), any joe today can rip DVD or Blu-ray content with a minimum investment. It will always be possible to do so. Things like HDCP address a situation that just doesn’t happen.

    Even if we go to the ultimate extreme and pretend that MPAA/RIAA could get soo tech savvy as to figure out a way to thwart any and all attempts at breaking their “protection”… If the result is that only low quality analog signals can be copied, then that’s what will be pirated and while masses might not like it, they will not go buy things to fix it. They’ll continue to trade, sell, buy, pirated content just the same.

    Maybe if that perfect result was a reality, the MPAA/RIAA would feel better knowing that we couldn’t pirate high def content, but it wouldn’t raise their bottom line, so what’s the point? Do they really think that if only low quality content is available then everyone will magically be ok with paying their high prices?

    This is absolutely ripped apart because the statistics are pretty clear. The biggest pirate market (and I mean one that actually generates money) is overseas on the streets and alleys of Japan and the like. Where you can get DVDs of your favorite movies and theater movies even, for like a dollar (US). And that huge market deals in the worst quality you can imagine. None of those DVDs would pass the test with even the 13 year old P2P downloader over here.

    So two truths are proven right now as we speak. First, you cannot protect anything that you share. If you show it to people, they can take it. With varying degrees of quality, but they can still take it. Second, degrading the quality of the content does not stop pirates from trading in it or increase the retail sales to get the good stuff.

    So what’s the point guys? The only thing PROVEN to increase customer loyalty and retail sales is to focus on the quality of your product and price it reasonably. If you removed all the pointless DRM and copyright costs from the media process I bet we could get new current DVDs on the shelf at Wal-Mart and Best Buy for $10 or less, and THAT my friends, would increase sales.

  40. Gripen40k says:

    Acutally chip consolidation is a major push right now, because it’s cheaper for the TV makers to buy one chip that does the job of two or three chips and some sdram chips. Asian silicon companies are doing a really good job of this (cheaper for them to design chips).

    HDCP isn’t ‘easy’ to break by any means, but all input chips that take the TDMS signals of the HDMI cable decode them and spit out 8/10/12 bit RGB or something similar. One could technically take these and flywire them to a DVI transmitter and voila, you have those $300 ‘HDCP spoofer’ things. But it wouldn’t be easy, and it’s hard to get these things without paying for a whole TV or something. The main problem comes in the chip control (SPI/I2C/etc) since this info is in a datasheet that you won’t have.

  41. nave.notnilc says:

    @archaic0
    did your generic anti-DRM rant have anything to do with the hack here? We’ve all heard it before, don’t need to hear it again here.

  42. cgmark says:

    HDCP and HDMI is a major pain that hurts innovation. I wanted to make a box for injecting audio into the hdmi video stream, not even HDCP enabled streams, just video from a device that output 720p unprotected. Can’t even get access to the data sheets to build such a device because of the paranoia that someone might steal the data.

    I would like to kick the engineers that decided to put the audio in with the video stream, that has made home theater a major pain for many.

    I hope display port becomes the new standard, but no chance of that , the MPAA wouldn’t have it.

  43. Ugly American says:

    @hurrrrr

    You misunderstood my position. I know most people copy data for their own use or the use of friends with no thought to money. That’s the way it works when there’s no copy protection. Just like people made their own beer & wine and gave it to friends before Prohibition.

    It’s not copying per se that funds crime. It’s the artificial government restriction of suppliers that makes piracy profitable for organized crime. In fact, most profits for organized crime are created by artificial government restrictions. There’s no murdering caffeine mafia because caffeine is legal.

  44. Jesbus says:

    The RIAA and everyone involved in it should be violently murdered and fed their own severed genitals in the process. That is all.

  45. This is a brilliant hack – but anything that involves taking a soldering iron to my TV? I would not be able to bring myself to do that!

  46. ejonesss says:

    on ebay do a search for InstaPort and select search titles and descriptions.

    and you will see tvs that feature InstaPort.

    it is a feature that allows instant switching between inputs. (no more or very short “receiving data” while selecting inputs.

  47. @archaic0: Wise words…

  48. GLake says:

    Dunno if anybody is still reading this, but since the 1/01/10 W7 update I can nolonger play blurays.

    HDCP error no matter what software.

    Updated all drivers,
    Installed latest ATI Catylist software,
    Reversed gears and undid all that,
    No dice.

    Windows 7 Pro (it started with the 7100RC build though),
    L246WP display,
    ATI Radeon HD2900xt graphics card,
    GGC – H20L LGE Bluray optical drive

    I ran the Cyberlink BD advisor and it says that everything is compliant. It has worked until now, with no fiddling. Nothing online seems to be able to help me. Anyone know a solution other than AnyDVD. I don’t want to bypass the problem, I want to fix it.

    I hate talkin to Windows support but …
    “Now left cleeck on da start button. EEt ist de one in du lower left-haind cornur …”

  49. Hacker says:

    You don’t need datasheet or some kid stuff like that at all.

    Just use your brain for fuck sake!

  50. God says:

    I analyzed every bit of those photos, now I know how to do it, however, this means you’ll lost the TV only to be able to do that, since you cannot output at same time (TV [VLSI] and the device you want w/o fucking HDCP) unless you put a switcher there, but doing it so might re-inject new HDCP coming from that switcher!

    It’s impossible doing w/o soldering and all that stuff, so forget it if you don’t have the skills, now how much you guys would be willing to donate if I provide ALL the information in FULL ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s