The HDCP Master Key

Pastebin has the HDCP master key that we talked about in a post last week. This is the encryption protocol used for HDMI content protection on media such as Blu-Ray and High Definition cable television.

The master key array is a 40×40 set of 56-bit hex used to generate the key sets. You get one brief paragraph at the top of the document explaining what to do with this information. If you ask us we’re more interested in how this set was determined. So for some background information read the key selection vector (KSV) Wikipedia page. That points us to an interesting discussion proposing that if 40 unique device-specific KSVs can be captured, they could be used to reverse-engineer the master key. And finally, a bit of insight from a Reddit user (make your own decision on the dependability of this information) commenting on the value of having the master key.

In his comment, [iHelix150] covers the revocation system that HDCP uses to ban devices that are being used to circumvent copy protection. He says that having the master key makes it possible to push your own revocation lists onto devices. Each time a list is written to your device (TV, Blu-ray, etc.) the version number field for the list is updated. If you push an update with nothing on the revocation list, and set the version number to a binary value of all 1’s it will prevent any more rewrites of the list. This means that any previously banned hardware will be allowed back into the chain or trust.

So far this probably means nothing for you. But it’s fun to watch the cat-and-mouse involved in the DRM struggle, isn’t it?

23 thoughts on “The HDCP Master Key

  1. forget hdmi , back to using rgb cables like i do hahahaha , drm , you are down , i have a hdmi to rgb convertor , i i connect it to my computer and use debut video recorder to capture movies

  2. “You can do HD over RGB just fine all the way to 1080P.”

    Yes, it’s technically possible, but we always knew that. That’s why HDCP is so stupid. Because it is designed to prevent devices from performing actions they would otherwise be able to do.

    If you have an HDCP enabled source (like, for instance, a Blu-Ray player), if the chain of trust is broken, it will follow the rules set out by the media it’s playing. So trying to use one of those devices on a Blu-Ray disk with HDCP set to downgrade quality on untrusted outputs will result in sub-HD recording.

    This post is about a newfound way to get around the HDCP restrictions, rather than the mere act of recording HD. That’s obviously possible.

  3. So if this is true, would that mean you could also do the opposite? Could a bluray disk be made with a revocation list that includes as many common devices as possible, so that it sort of bricks any connected hdmi device when played?

  4. @pete but the only thing that i know you can do with dracking hdcp is just recording hd or playing it in other devices , here you could use the rgb converter
    on any rgb compatible device

  5. “But it’s fun to watch the cat-and-mouse involved in the DRM struggle, isn’t it?”

    No, no it is not. The fact that I have to pay extra to buy intentionally-defective products pisses me off! It is painful to watch clueless corporate suits continue to jack up the prices of computers, software, and multimedia devices to pay for utterly useless DRM that does nothing but punish legitimate, paying customers. DRM has done more to promote piracy than The Pirate Bay could ever do.

  6. @Mr Hacker
    HDMI to RGB might still be 1080p, but if you want to re-capture that stream, it’s never going to be as high quality as the original, digital source. If you can make a bit-for-bit copy of the source, you’re better off.

  7. Isn’t it just a way to push new technology again?
    HDBaseT is ready to launch. “They” will simply say you cant watch this in HD on your 2 years old equipment. You need to buy new one.
    You need to have now 3d ready tv with new copy protection. Then Full 3d…

    All of us remember fight over SD.
    First Macrovision then CGMS. Now everyone has it,

  8. NM:

    Interesting idea. If the viral nature is true it should be doable. I dont know if it could be done off of a bluray burned disc though. Didnt commercially pressed DVDs have a spot that a regular burner couldnt burn on. I would suspect that revocation list would on the equivalent spot on a bluray.

    Now talk about a “Happy Days” type “virus” with that sort of list.

  9. @NM @Paul, there have been plenty of viruses on commercial products installed at the factory. Look at that one Digital Picture frame that had a virus so if you plugged it in by USB, boom-infected.

    All it takes is one person messing with the master copy, adding in a revocation list that includes everything except the key for the test equipment used, and then a bunch of companies are liable for breaking a bunch of tvs/players. The store(s) that sold the dvd, the distributor, the manufacturer, the studio, the property owner, etc. Lawsuit cluster fuck. And if a couple of Congress Dweebs get affected, there might be a chance they make that type of bullshit tech illegals!

  10. iHelix150 is wrong. The master key only lets you make new keys, it doesn’t let you sign the revocation list. You need the DSA private key for that, and good luck getting that (unless Intel leaks it).

    The revocation system is dead because you can make as many KSVs as you want, but you can’t “un-revoke” anything.

  11. iHelix150 doesn’t know what he’s talking about. HDCP revocation is not managed by the master key at all. The revoked key list is signed by Digital Content Protection LLC with a DSA key. We do not know DCP’s DSA private key, so we cannot fake a revocation list.

    The HDCP specification is public information. Refer to Section 5 – Renewability (page 55 HDCP r1.4) for information on System Renewability Messages (the revoked key list). DCP’s DSA key is in Table 5-4. Section 2 – Authentication is where the HDCP KSV’s and HDCP private keys are discussed (protocol layer for authentication and generation of the session key).

  12. The only problem i have with cracking and hackers is that sometimes the wrong people get hurt.

    There are a lot of money hungry corporate assholes out there trying to cash in on everything. And they use things like copy-protection to have a totalitarian regime of who uses what content.
    And those assholes need to be learned a lesson.

    But then again just look at the poor guys who made World Of Goo, they lost huge amounts due to piracy.

  13. Jump to the end of the post for the point.

    I have a Samsung LCD hooked to a PC via HDMI. There are times when there are signal issues- HDCP does not specify key handling apparently… Samsung Tech says to call Asus, Asus tech says to call Samsung. But there are times when if the TV is turned on after the PC is powered (or the mouse moved if the DVR woke it from a sleep state) it misses the key and therefore the “No Signal” box moves around the screen.

    While I am aware of many workarounds such as HDMI-DVI converters, HDMI-DVI cables, component vs HDMI, etc. I still like just using a simple HDMI-HDMI, it’s a 45-foot run and it’s nice to be able to get away with one cable.

    Sucks there is this one sour grape to ruin the batch. Could this be a legitimate use under the bill that Congress passed a few weeks ago… the one about making it legal to jailbreak iPhones? “Six Exemptions Regarding the Circumvention of Access-Control Technologies”

  14. The guys who made World of Goo made huge profits. For a small, independent, development house they made off like bandits compared to their peers in the industry.

    I wouldn’t loose sleep speculating over how much they “lost” due to piracy. As has been pointed out numerous times in piracy debates, you are likely mis-counting their losses.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.