TV Hack Bypasses HDCP

hdmi

Reader [GRitchie] wrote in with an interesting find in his new TV set: with just some minor soldering it was possible to tap into an unencrypted hi-def video stream.

HDCP (High-bandwidth Digital Content Protection), used by Blu-Ray players and cable or satellite receivers, normally ensures a DRM-protected link between the device and a compatible display. Any properly-licensed device that forwards HDCP content (such as an HDMI switch box) is expected to provide encrypted output; those that don’t may get blacklisted by the system and become expensive paperweights. It’s something of an annoyance for users who feel this oversteps fair use applications such as time-shifting.

[GRitchie] found that his new TV with “InstaPort” Fast HDMI Switching didn’t perform this re-encryption step between the set’s internal switcher and the next stage in decoding. Soldering just eight wires directly from the switching chip’s output to an HDMI cable provided an unencrypted output that could then be received by a PC for later replay.

What’s not clear at this point is whether the capability is peculiar to just this one make and model, or applies to anything with the new Fast HDMI Switching. If the latter, it will be interesting to see how this plays out…nearly all of the major HDTV manufacturers are evaluating InstaPort for new sets, which would make any attempt at HDCP blacklisting awkward, to say the least.

63 thoughts on “TV Hack Bypasses HDCP

  1. I hate to tell you but there’s a huge selection of devices that strip DHCP from the stream mainly targeted at gamers that want complex setups involving game consoles. DHCP gets in the way of that and it never stopped a single pirate. I don’t know why we still have it.

  2. I think Hackius meant HDCP, and their point still stands. It is a pointless intrusion and gets in the way of a great many legitimate uses.

    Regarding the hack, I love that there are people out there willing to take a soldering iron to their new tv :)

  3. well if this gets popular enough (which i’m sure it wont), they’ll just consolidate ICs to do multiple functions. it’s a little harder to solder wires to the inside of a chip ;-)

    great find though. great post.

  4. I wonder if you could remove the screen it self and grab the signals that are sent to the controller board. I mean, the signal has to be readable so that the screen itself knows where to put the dots for the pictures… right? Or am I completely insane? BTW, nice hack.

  5. way to go GRitchie! HDCP sucks. i try not to buy anything with HDCP (all of us should do the same). and if we are left without other options, at least attempt a hack like this. and if it blows up, back to the store with it. let them pay for it. down with HDCP!

  6. qwerty – in theory they could make a system on a chip decoder that would convert HDCP signals to the LCD voltage signals, which are far from a standard video format. not impossible to reverse, but it’d get pretty hairy.

  7. @qwerty017

    Yes, the signals can always be read unencrypted at the LCD connection point.

    Of course, pro pirates have inside connections and get the media before it ever hits retail so all the RIAA/MPAA actions really do is make piracy more profitable for organized crime the same way Prohibition in the US catapulted organized crime to the big leagues and the continuing ‘war’ on drugs sustains it.

  8. yes, HDCP circumvention does go against the DMCA. Many devices and manufactures of devices that circumvent this protection have been C&D’d

    As for the poster talking about buying things that dont have HDCP enabled… good luck, anything with a digital video connection you buy ANYWHERE in the USA will have HDCP built in. ICT requies HDCP handshake to enable high resolution playback/decoding, so unless you prefer low resolution content, and analog video signals, HDCP is here to stay.

    Im not sure what the studios/MPAA were thinking pushing this kind of technology, it has obviously not stopped piracy at the disc/media level, and never will! Only makes it a frustration for the consumer.

    whats even more insane is the -required- license fees to sony for mastering to blu-ray. i feel sorry for content providers who are paying this extremely pricey license cost for a format and encryption system that has already been broken!

  9. Ugly American – You make a valid point about pirates getting access to the content before HDCP is an issue/hurdle at all, but its not fair to group all pirates into the realm of ‘funding terrorism’.
    MANY groups and group members who distribute content illegally do it with ZERO recourse, and ZERO profit. Its not fair to say that piracy == organized crime in the way you framed how bootleggers made money in the prohibition era on illegal goods.

  10. The whole purpose behind an HDCP TV is to take an encrypted stream and render it in an unencrypted form – HDCP is supposedly there to stop the pirates – but it just takes one pirate to take the back off a TV, hook some wires up to the LCD drivers and the bits are free, copies will be made and HDCP is pointless – you can bet it’s happening somewhere on the planet

  11. HDCP does indeed suck as I discovered when I plugged my new TV into the cable box with HDMI and it cuts off the component out which drives the DVR.

    Easy solution, just use the component outputs (the stb kindly provides 2 component outs + HDMI) to drive both. No loss to me. But annoying.

    Nice hack.

  12. I have a bigger question, why does it look like in one of the pictures there is RJ11 and RJ45 connections on the TV? Or am I mistaking them for another component? I recently bought a new Samsung TV and didn’t notice any type of connection like this on it?

  13. HDCP does indeed suck ass as it simply gets in the way.
    It would not stop pirates as capturing the unencrypted bit stream of a blueray disc is the hardway of doing things as you would be dealing with terabytes of data that would need recompressing on the fly.
    Pirates would attack the encryption on the disc vs the HDCP so yes HDCP is useless BS.

  14. @ samurai in today’s day in age with the economy the way it is (especially walmart demanding makers to cut costs) they will not consolidate their chips because it would cost too much (unless the copyright groups are willing to foot the bill for the chip design and manufacture).

  15. So are you telling me if I own a TV with HDCP, and someone figures out how to circumvent it, then it gets blacklisted, My TV will no longer play Blu-Ray at full resolution?

    I’m guessing you can’t get your money back and you have to buy a new TV then? What bunch of BS!

  16. @ qwerty017 i was thinking the same thing quite some time ago.

    my idea is to connect between the display driver and the lcd (in a watch it would be tapping into the rubber conductor strips that hold the lcd off the board)

    be aware that some small displays may have the driver chip right on the lcd it’s self

  17. I found this paper, and it is a great read! For those who are more technically minded, this paper could be an excellent resource for exploring the weaknesses of HDCP. Unfortunately, I am not skilled enough.

    “Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called ‘A Cryptanalysis of the High-bandwidth Digital Content Protection System'” (Wikipedia)

    http://www.cypherpunks.ca/~iang/pubs/hdcp-drm01.pdf

  18. jack:
    Wikipedia page mentions this paper was published in ’01 and that 39 keys are necessary to crack the system. Question is, is someone out there actually busy doing that? And if so, how many keys they have so far?

  19. ljfkh: it’s not the chips themselves, it’s the keys that matter. think firmware, not hardware.

    LukeS: no, DVD-audio is a different format, nothing to do with HDCP. In fact, it’s older, much closer to DVD encryption. There’s a utility/code out there to rip the audio, but for Windows only, afaik.
    DVD-audio just never became popular enough for anyone to care

  20. HDCP is a non issue for most of us I crack HDCP for many customers because they have a $35,000 projector and they get pissed when the low grade Comcast cable box complains about “UNSECURE VIDEO PATH” on the screen. so we insert one of the HDCP fooler/stripper and all works fine. It’s a small box that has a hdmi on one side and DVI on the other. it satisfies whatever HDCP device wants and sends the unencrypted video out HDMI (which is DVI in a larger connector)

    They have been around for years and are relatively cheap ($350.00) you can upload a new ketset via USB if need be, but in the past 4 years I have yet to see a customers box “blacklisted”

  21. @Fry-kun DVD-audio outputs full bit-rate quality encrypted audio over HDCP HDMI complaint players and devices. So if the InstaPort chip decodes this encrypted PCM data, you could relatively easily rip DVD-audio in full 96K, 192K quality instead of the limited down-sampled 48K data which is required on the none-encrypted digital out of standard DVD-A players.

  22. @Fry-kun:
    Second thing, “DVD-audio just never became popular enough for anyone to care” that is just simply wrong. DVD-audio discs are highly sought after format for audiophiles which some go to great length to rip the full bitrate PCM data off the disc. If this hack works for ripping PCM data from DVD-A discs, explained in my above comment, then this would be a huge leap in terms of making it easier for the tech savoy average-joe who can use a soldering iron to rip a DVD-a disc in full quality.

    DVD-A died because of the insane copy protection they put on the players, the only way to play music without down-sampling the bitrate to a lower bitrate was to use a special DVD-A player with separate analog audio outputs for each channel and a amp that supported this input. If they allowed DVD-A PCM data to be transmitted over a standard digital / toslink cable it would have been much more successful.

  23. It is true their are hdcp strippers out there, however, they are all godawful expensive. If this hack is true this could simplify the process to a cheap simple addon or mod.

  24. this looks like a glitch in manufacturing. You dont need to strip HDCP for InstaPort to work. You just need to keep HDCP patchs open on all connectors so user switching Video source doesnt have to wait for new handshake.

  25. HDCP seems to be broken by Niels Ferguson

    He independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act…

    mkAY it’S KINDA Gay…

  26. For Blu-ray and HD DVD there’s also the software option of AnyDVD HD. I don’t have any interest in ripping Blu-ray myself, so a £29 HDCP-compliant video card was more economically sensible than a €63 driver…

  27. Is anyone working on cracking the keys for HDCP? Well I guess with the stipper boxes someone has spent a little time on such things, but like others have said, it’s not really worth the time to deal with in the pirate world because they don’t need to. They are getting the content before HDCP (or any other copy protection for that matter) gets involved, or they are ripping the content with a PC and anything protected with software can be broken with software.

    I don’t get the RIAA/MPAA because they seem to sit in a room and come up with ideas without paying any attention to the real world. WE all pretty much know where this content comes from, whey don’t THEY? It doesn’t take a genius or a huge study to find out what the real path of piracy is.

    I DO get their desire to “protect” “their” content, but if that’s what they really want to do, then why are they wasting time on things that don’t address their “problem”?

    Even without inside connections (which is certainly where a lot of pirates get their source material), any joe today can rip DVD or Blu-ray content with a minimum investment. It will always be possible to do so. Things like HDCP address a situation that just doesn’t happen.

    Even if we go to the ultimate extreme and pretend that MPAA/RIAA could get soo tech savvy as to figure out a way to thwart any and all attempts at breaking their “protection”… If the result is that only low quality analog signals can be copied, then that’s what will be pirated and while masses might not like it, they will not go buy things to fix it. They’ll continue to trade, sell, buy, pirated content just the same.

    Maybe if that perfect result was a reality, the MPAA/RIAA would feel better knowing that we couldn’t pirate high def content, but it wouldn’t raise their bottom line, so what’s the point? Do they really think that if only low quality content is available then everyone will magically be ok with paying their high prices?

    This is absolutely ripped apart because the statistics are pretty clear. The biggest pirate market (and I mean one that actually generates money) is overseas on the streets and alleys of Japan and the like. Where you can get DVDs of your favorite movies and theater movies even, for like a dollar (US). And that huge market deals in the worst quality you can imagine. None of those DVDs would pass the test with even the 13 year old P2P downloader over here.

    So two truths are proven right now as we speak. First, you cannot protect anything that you share. If you show it to people, they can take it. With varying degrees of quality, but they can still take it. Second, degrading the quality of the content does not stop pirates from trading in it or increase the retail sales to get the good stuff.

    So what’s the point guys? The only thing PROVEN to increase customer loyalty and retail sales is to focus on the quality of your product and price it reasonably. If you removed all the pointless DRM and copyright costs from the media process I bet we could get new current DVDs on the shelf at Wal-Mart and Best Buy for $10 or less, and THAT my friends, would increase sales.

  28. Acutally chip consolidation is a major push right now, because it’s cheaper for the TV makers to buy one chip that does the job of two or three chips and some sdram chips. Asian silicon companies are doing a really good job of this (cheaper for them to design chips).

    HDCP isn’t ‘easy’ to break by any means, but all input chips that take the TDMS signals of the HDMI cable decode them and spit out 8/10/12 bit RGB or something similar. One could technically take these and flywire them to a DVI transmitter and voila, you have those $300 ‘HDCP spoofer’ things. But it wouldn’t be easy, and it’s hard to get these things without paying for a whole TV or something. The main problem comes in the chip control (SPI/I2C/etc) since this info is in a datasheet that you won’t have.

  29. HDCP and HDMI is a major pain that hurts innovation. I wanted to make a box for injecting audio into the hdmi video stream, not even HDCP enabled streams, just video from a device that output 720p unprotected. Can’t even get access to the data sheets to build such a device because of the paranoia that someone might steal the data.

    I would like to kick the engineers that decided to put the audio in with the video stream, that has made home theater a major pain for many.

    I hope display port becomes the new standard, but no chance of that , the MPAA wouldn’t have it.

  30. @hurrrrr

    You misunderstood my position. I know most people copy data for their own use or the use of friends with no thought to money. That’s the way it works when there’s no copy protection. Just like people made their own beer & wine and gave it to friends before Prohibition.

    It’s not copying per se that funds crime. It’s the artificial government restriction of suppliers that makes piracy profitable for organized crime. In fact, most profits for organized crime are created by artificial government restrictions. There’s no murdering caffeine mafia because caffeine is legal.

  31. on ebay do a search for InstaPort and select search titles and descriptions.

    and you will see tvs that feature InstaPort.

    it is a feature that allows instant switching between inputs. (no more or very short “receiving data” while selecting inputs.

  32. Dunno if anybody is still reading this, but since the 1/01/10 W7 update I can nolonger play blurays.

    HDCP error no matter what software.

    Updated all drivers,
    Installed latest ATI Catylist software,
    Reversed gears and undid all that,
    No dice.

    Windows 7 Pro (it started with the 7100RC build though),
    L246WP display,
    ATI Radeon HD2900xt graphics card,
    GGC – H20L LGE Bluray optical drive

    I ran the Cyberlink BD advisor and it says that everything is compliant. It has worked until now, with no fiddling. Nothing online seems to be able to help me. Anyone know a solution other than AnyDVD. I don’t want to bypass the problem, I want to fix it.

    I hate talkin to Windows support but …
    “Now left cleeck on da start button. EEt ist de one in du lower left-haind cornur …”

  33. I analyzed every bit of those photos, now I know how to do it, however, this means you’ll lost the TV only to be able to do that, since you cannot output at same time (TV [VLSI] and the device you want w/o fucking HDCP) unless you put a switcher there, but doing it so might re-inject new HDCP coming from that switcher!

    It’s impossible doing w/o soldering and all that stuff, so forget it if you don’t have the skills, now how much you guys would be willing to donate if I provide ALL the information in FULL ?

Leave a Reply to Ugly AmericanCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.