Intel: High-bandwidth Digital Content Protection cracked

Intel says that HDCP has been cracked, but they also say that it’s unlikely this information will be used to unlock the copying of anything. Their reasoning for the second statement is that for someone to make this work they would need to produce a computer chip, not something that is worth the effort.

We question that logic. Not so much for Blu-Ray, which is the commonly associated media format that uses HDCP, but for HD digital cable programming. There are folks out there who would like to have the option of recording their HD television shows without renting a DVR from the cable company. CableCard tuners have been mostly absent from the market, making this type of recording difficult or impossible. Now that there’s a proven way to get the encryption key for HDCP how hard would it really be to create a man-in-the-middle device that uses that key to authenticate, decrypt, and funnel the audio and video to another encoder card? We know next-to-nothing about the protocol but why couldn’t any powerful processor, like an ARM, or even an FPGA (both rather inexpensive and readily available) be programmed for this task?

Leave a comment to let us know what you think about HDCP, and what the availability of the master-key really means.

[Thanks Dave]

Comments

  1. John W. says:

    Produce a chip, eh? A good FPGA definitely sounds like the perfect candidate for that. Only a matter of time before someone whips up the VHDL for that.

  2. davo1111 says:

    Tom Merrit from TnT was saying he reckons he could get a prototype produced in less than a week.

  3. hak8or says:

    You can get the code from

    http://pastebin.com/kqD56TmU

    I think richdevx made this exploit, but I am not sure.

    Also, I think fox will get some legal problems with showing that portion of the master key of HDCP as a picture with the news story.

    Also, fox news as the source? … :(

  4. CSB says:

    I’ve always thought it would be pretty easy to use an FPGA to spoof the display panel in a TV… of course you’d have to re-encode the video before you do anything with it.
    Why bother attacking a crypto-system, when you can let it do its thing, and benefit from that?

  5. jay says:

    there are off-the-shelf FPGA development boards with HDMI/DVI which would be all the hardware required.

    this WILL happen and it will not be that difficult. If I had spare money I would probably give it a go but I lack motivation to purchase this and none of the FPGA boards I have have DVI/HDMI interfaces broken out nicely.

  6. Johannesburgel says:

    You need to decrypt the data at 4 GBit/s or more, so good luck with an inexpensive ARM or FPGA. And since the data stream is uncompressed you also need to re-encode it.

    HDMI is the wrong interface to grab media data.

  7. Hitek146 says:

    From what I understood in my research awhile back, a standard HDMI splitter provides it’s own key and can produce a decrypted stream…

  8. Luke S says:

    No way a ARM is going to cut it, a mid level FPGA could probably handle the task.

    @Johannesburgel, I thought the data stream was not compressed, there is an option in HDCP 2.0 for compressed data stream. It may be that only the data stream will need to be decrypted.

    Guys, don’t forget about the easy HDCP decryption method posted before, have the chips in your TV do it for you… http://hackaday.com/2009/10/01/tv-hack-bypasses-hdcp/

  9. synth says:

    hi-def child porn

  10. xrazorwirex says:

    “but they also say that it’s unlikely this information will be used to unlock the copying of anything.”

    This news is a little late, HaD, as Intel has put out another statement verifying the authenticity of the hack and stating that they will use their supposed monopoly on this combination of 1’s and 0’s to sue the bejesus out of anyone who they find has utilized this key in any product or software.

    Seems like it’s a huge threat. I hope people aren’t scared of intel and go ahead and destroy HDCP once and for all; it’s done little to nothing to prevent copyright circumvention but it’s been a huge pain in the ass for tons of customers that just want to use the shit they paid for (I work in a TV shop; we get just about every complaint possible, so my perspectives a bit different).

  11. welgam says:

    @Johannesburgel, FPGAs can definitely act as HDMI transceivers. That’s the beauty of the massively parallel architecture. There are numerous development boards that can do this at 1080p with room to spare.

  12. MS3FGX says:

    GRitchie’s find was the first thing I thought about when I read this post too.

    Doesn’t seem like getting an unencrypted video feed has been terribly difficult anyway, even without the HDCP key being known. I mean, does anything actually even require HDCP? There are way too many components and TV’s out there without DVI/HDMI to make HDCP a requirement yet (or even in the near future).

    For example, Netflix requires that any streaming device has HDCP. If you connect a Netflix-capable device to a TV or other component via DVI/HDMI, it HAS to use HDCP. But if you just use component video, you still get an HD image (keep in mind, nothing on Netflix is above 720p yet) with no restrictions.

  13. Anon says:

    @synth

    gb2b

  14. Mememememe says:

    If copying is your goal, you don’t even need to decode the stream in real time. You can capture the encrypted stream and decrypt it later; no matter how slow it is, you’ll end up with an unencrypted stream you can then copy, or whatever you want to do with it.

  15. andrew says:

    Get any HDMI receiver that can take an external HDCP key ROM (i.e. practically any one of them). Use the master table to generate a sink key. Take 24-bit pixel bus output and feed to a halfway decent FPGA (Spartan 3e, etc.) which does MPEG4/h.264 encode. Make this available via USB2, PCI or PCIe. Not exactly difficult, but not something just anyone could do, either.

  16. Anonymitee says:

    I question the logic of whether it’s worth it or not.

  17. Anon says:

    Wouldn’t it be possible to use this key and develop something driver-level to intercept the video stream and dump it to disk? I’m not very familiar with HDCP other than the basics, but it seems to be that someone could “simulate” a hardware device in software and fake out HDCP with this key.

  18. kai says:

    I don’t get why everyone want to decrypt it in real time… I have a computer with an Intel CPU – what can prevent me from just saving the stream and taking as long as I want to decrypt it on my computer?

    and while talking about that, as was mentioned before, you could always grab the unencrypted data afterward so what’s the point of even messing with the encrypted stream?

  19. xorpunk says:

    HDCP chips are DSPs with instructions for accelerating stream ciphers, wait for some chinese manufacturer to put them out on asian markets like they always do..

    Intel says PR friendly stuff about everything..virtualization..NX..TXT..AES etc..

    Thats what happens when marketing pukes dictate public interest in companies, the engineers just design according to a budget, and even aspects of those designs usually get cut for cost efficiency..

  20. HARaaM says:

    Why would anyone care. There is nothing worth stealing. TV sucks. And movies are not far behind.

  21. Matt says:

    @kai: HDMI can transmit up to 10 gigabits/sec, which is about 4.5TB/hour of video. If you have an extra 10TB of storage lying around, feel free to save the data and decrypt it later.

  22. xorpunk says:

    @HARaaM:Also all disk level authentications are all cracked, even on a PS3. so why waste the time and money..

  23. kai says:

    @Matt, I don’t but nothing prevents me to do it 2Tb at a time (which I do have). Also, you can probably work some low level compression in real time using a computer. I was under the impression that the Atoms that go into Google TV are actually capable of encoding 1080 in real time but not sure, see here: http://www.engadget.com/2010/09/14/intel-ce4200-ups-its-set-top-game-with-3d-support-and-h-264-hd-e?icid=sphere_blogsmith_inpage_engadget

    Still, I agree it would be neat to do it in real-time by programming some FPGA.

  24. EdZ says:

    There already exist multiple generations of HDCP-stripping devices (e.g. http://www.hdfury.com/). All this means is the next generation will not be subject to key-revocation. Actual capture of HDMI signals is possible with consumer equipment (e.g. http://www.blackmagic-design.com/products/intensity/).

  25. ejonesss says:

    “they would need to produce a computer chip, not something that is worth the effort”

    not Necessarily with hardware like Arduino’s pic’s avr’s someone could build something that interfaces with a chip in the device to decrypt the content.

    also (tv specific) http://hackaday.com/2009/10/01/tv-hack-bypasses-hdcp/

    i say tv specific because it may not work with every tv

  26. paradox says:

    Why not just modify devices that use hdcp?

    Don’t know much about this but why not
    E.g. re-engineer the netflix device, or just use the same chips as them.
    You don’t have to do an independant hack, there is obviously devices out there that use hdcp hack them to do your bidding

  27. jAMES says:

    i wouldn’t mind having a couple of devices. one to strip the encryption, transmit the data to my tv, and one on the outside of my tv to fool the tv into thinking its hooked up to an encryption capable device. i’m really tired of having to fight with my older tv just to get it to display blueray video or video from my cable box. It seems that half the time what ever handshaking is done, doesn’t happen right and i end up with a black screen or no audio. i SO hate DRM

  28. nes says:

    I think you don’t need to build your own decrypter. Instead simply use a HDMI display interface chip which uses external key storage, say ADV7604 from Analog, and you already have a fully functional decrypter. Simply generate your keys off-line and pop them in an i2c eeprom for the HDMI chip to read as it wants.

    Of course, you still have the small matter of buffering 24 bits of video at ~130MHz, but that’s something that’s easy to do with an FPGA.

  29. biozz says:

    “But don’t expect illegal hardware to flood the market anytime soon” apparently they don’t know us very well :3

  30. Rachel says:

    What exactly is the point of decrypting HDCP? Movies can be read right off the disc, and most pirated television is recorded off of uncrippled satellite receivers and distributed through torrents.

    Does anyone even make HDMI recording hardware for computers? It always struck me as part of the “analog hole” anyway, since it’s a pain to record in real time and recompress. Like macrovision, it’s so much easier and better to steal straight from the source. The only thing it accomplishes is making honest users’ hardware not work properly.

    Why, oh why do they keep such a broken system around? Are media executives really this dumb? Intel comes in and says “We’ll sell you this ultra high security system which no one can get through. Um, just ignore the back door swinging wide open.”

  31. D_ says:

    Oh well, at the rate it’s going I’ll be priced out of TV viewing, and viewing recorded material on the TV. I hadn’t turn on my TV since the switch in Jan. 09, and didn’t get the one broadcast station I thought I’d get with the antenna system in use. Nice to read what’s going on in the digital TV world though.

  32. FaultyWarrior says:

    A good FPGA will make mince-meat of a task like this. What I want to see someone build a custom interface and make use of CUDA or OpenCL to do the decryption. A well-build 8-core desktop with 3 dual-die GPU’s will have no issue blasting though something like this.

  33. I know for sure a few people I know are working on FPGA implementations with inexpensive (<£100) FPGA hardware. That's well within the budget of a lot of people.

  34. Nitori says:

    I wonder if a couple of jail broken PS3s or a Cell Blade center could be used to do the decryption if you need something more general purpose then GPGPU?

  35. tntc says:

    Hasn’t HDCP been cryptographically broken since before it was released on a single device? I mean, this is neat and all, but it’d be nice if the industry just let me connect my goddamn TV without dealing with this bullshit, broken DRM. I can’t get my cable box and my TV hooked up to my receiver without extra cables because the receiver doesn’t decode HDCP bullshit. I have to use Toslink or Coax (digital audio, not CATV) cables from each device. Fucking stupid.

  36. therian says:

    want to fight back ? buy less download more

  37. cornelius785 says:

    @FaultyWarrior

    I’m still thinking the FPGA is ‘better’ route to go. I know FPGAs can handle LSFRs well. I would think the FPGA route would be simpler overall (DVI/HDMI interface, HDCP handshaking, HDCP decode, raw->mpeg conversion)

    On the capturing raw bits and storing them on a harddrive for CPU/GPU processing topic: my concern isn’t the ~10TB storage, but the ~.3 to 1 GB/sec peak transfer rates. 2TB hard drives are fairly cheap, but building a RAID system to handle ~1GB/sec data transfer is not going to be as simple as getting 10 TB of hard drive space. Additionally, you’ll need a method of getting capturing ~1GB/sec peak, which will probably use and FPGA, so why just to it all on the FPGA and get a ‘nice’ MPEG stream out?

  38. Boo says:

    There have been devices that strip HDCP out for years, they’re costly, $300+ but you can get them. In fact if you’ve seen an HD version of Errol Flynn as Robin Hood or Gone With the Wind in a cinema (in Vegas at least) you’ve seen it on a cinema projector with no HDCP capability playback from a Blu-Ray player by way of a small HDMI-DVI dongle with HDCP stripping ability. HDCP is just a handshake, the “decoding” process is simple, the content is not encrypted bit by bit. The simplest way to put it is that the displat device tells the playback device “I’m cool man” and playback begins, the handshake continues ad infinitum down the data line until playback ends, the dongles just spoof it and pass the rest of the signal on to the non hdcp device.

  39. Ugly American says:

    They’ve sold boxes that pretend to be approved devices using cloned keys and have DVI outputs since the very start. In an amazing coincidence, every cloned key I’ve seen is from a device produced in China.

    Netflix & Apple are booming while cable & satellite companies are losing premium content subscribers every month. The people who can afford $150/mo for cable TV expect to watch it on their own schedule while the unemployed have all the time in the world to circumvent any payment system.

    Copy Protection only hurts legitimate buyers.

  40. Whatnot says:

    Since all HDMI+HDCP devices have a key can’t you just insert that key into it via JTAG or some replacement flash chip or something and then have a box that decodes for you with existing hardware that way? And spews it out undecoded.
    That way you don’t need to develop the chip at all.
    I mean they design all devices before there is a key assigned I would expect, so they must be able to accept any key it recognizes as valid by some checksum system right?

  41. Natas says:

    http://pastebin.com/kqD56TmU

    Is this the full code?

  42. SquantMuts says:

    A simple decrypter would be easy to do with an FPGA. I am more of a xilinx person so I looked at their offerings. The cheapest FPGA that could work would be the spartan3A200, maybe it is possible with a 3A50, but some extra authentication logic would be required, the 200 device would allow more breathing room.

    Xilinx have a nice application note on how to do HDMI with the spartan3A serdes units.

  43. Alan says:

    Intel, FPGA; FPGA, Intel. I’m surprised you’ve not met before.

    @Intel, keep a change of pants ready when you read about what an FPGA is, you’re not going to like it.

  44. cgmark says:

    This really doesn’t benefit anyone. I would not put the time into making a device to decode based on this key. While it is a master key that does not mean it will stay the master key. Every device using HDMI HDCP has a file in the firmware labeled HDCP.xxx , that is the master key file and it CAN be updated via flashing, usually located with the other microcode files for the media processor. No you cannot just copy that file and read the key as the file itself is encrypted. It would be a headache for consumers but no reason why manufacturers cannot implement another key.

    All this will do is lead to more intrusive DRM, people seem to think that if they crack enough hardware the manufacturers will give up, sorry not going to happen, you only make them more determined. I see the next step as having to have your bluray connected to the net in order to even play the disc for some form of online activation.
    Thanks for leaking the HDCP key, you really helped out us consumers :(

  45. cgmark says:

    @therian

    That is the wrong logic. If you do not buy and download more then the message you send is “I want your content”. You are telling the content producer that their is a demand for what they have, that means their content has value. Now if they can only force you to pay for it, that is what DRM is all about. The only way to get providers to change their stance on DRM is to stop buying, renting, downloading their content. You have to ignore what they produce as if the content did not exist. As long as people go to the box office , rent content , talk on forums about shows, from providers that use DRM you are part of the problem. If you show interest they will see that as $$$$.

  46. therian says:

    @cgmark
    people will want to watch something anyways, so there is only 2 options continue feeding corporations or show them the finger, and as more people download as harder it is to catch average Joe (lawsuits are too expensive to apply to general population) which will encourage people to download more and circle continue. Corporations will have to change as example we can see disappearance of CD’s

  47. gripen40k says:

    I think a lot of people here are missing something:

    Nearly all external HDMI recievers that support HDCP output uncompressed digital pixel data anyways. You don’t need this key at all. And you’ll almost never find a box that supports HDCP but doesn’t already have a key.

    If people really wanted to build an encoder board that splices into the already present parallel pixel data they would have done this years ago.

    The ONLY people that benefit from this release are the Chinese/Taiwanese who can now make unlicensed HDMI/HDCP chips without having to pay expensive royalties. They can make their own keys without having to worry about each key being black-listed because they can make as many as they want.

  48. therian says:

    and we cannot just sit and wait since greedy companies wont, do you remember the time they tried to pass the law to ban mp3 players ? they play dirty so should we

  49. GrizzlyAdams says:

    Blackmagic makes the Intensity (both PCIe and USB 3.0 versions) that can capture a 1080p stream in realtime. That just leaves decrypting the stream. It might even be possible to hack the Intensity firmware to do HDCP decryption for you.

  50. devin says:

    I hate to break it to Intel but you dont need to fab your own chip. there are commercially available chips for hdmi receiving that support HDCP, all you have to do is provide a valid key (which of course can be created using the now available master key) and it spits out an unencrypted RGB video stream. http://www.analog.com/static/imported-files/data_sheets/AD9393.pdf
    $10.68 @ digikey (AD9393BBCZ-80-ND)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,423 other followers