HDCP falls to FPGA-based man-in-the-middle attack

fpga-hdcp-maninthemiddle-attack

It’s been a little while since we talked about HDCP around here, but recent developments in the area of digital content protection are proving very interesting.

You might remember that the Master Key for HDCP encryption was leaked last year, just a short while after Intel said that the protection had been cracked. While Intel admitted that HDCP had been broken, they shrugged off any suggestions that the information could be used to intercept HDCP data streams since they claimed a purpose-built processor would be required to do so. Citing that the process of creating such a component would be extremely cost-prohibitive, Intel hoped to quash interest in the subject, but things didn’t work out quite how they planned.

It seems that researchers in Germany have devised a way to build such a processor on an extremely reasonable budget. To achieve HDCP decryption on the fly, the researchers used a standard off the shelf Digilent Atlys Spartan-6 FPGA development board, which comes complete with HDMI input/output ports for easy access to the video stream in question. While not as cheap as this HDCP workaround we covered a few years ago, their solution should prove to be far more flexible than hard wiring an HDMI cable to your television’s mainboard.

The team claims that while their man-in-the-middle attack is effective and undetectable, it will be of little practical use to pirates. While we are aware that HDMI data streams generate a ton of data, this sort of talking in absolutes makes us laugh, as it often seems to backfire in the long run.

[via Tom's Hardware]

Comments

  1. APE says:

    It won’t be useful for pirates because BD-ROMs can easily be decrypted.

    But for me? Infinitely useful. I have an older Dell 2405FPW which has much life left in it but no HDMI. It does have DVI-D and a HDMI->DVI adapter works great with my XBox 360.

    Despite the above, no HDCP support. If this can decrypt everything in real time I’ll definitely be putting my future in EE to good use.

  2. T N T C says:

    I wonder if this would violate the DMCA if I used it so I didn’t need 4 extra cables to hook up my surround sound system. Guys, I don’t want to record your stuff! I HAVE a DVR.

    I just want to be able to use HDMI all over with my receiver instead of the extra TOSLINK/Digital COAX cable!

    • David says:

      This particular board only has 3 full-speed HDMI ports, and are hard-wired for particular directions. I think you can get another 2 in/2 out with an add-on, but check Digilent’s site first.

    • R says:

      I’m no expert, but as I understand it, any circumvention of DRM, even to exercise your rights under fair use, is illegal under the DMCA.
      I really doubt you’re going to get sued over it though.

    • KillerBug says:

      Just by discussing this, we are all violating the DMCA. The DMCA goes so far as to make it illegal to search for security holes with the intention of patching them when found.

      If they release the code, I will probably buy one of these boards…the whole HDCP/cablecard BS is a big part of the reason I turned off my TV subscription. If I could use my PC as a DVR without the massive quality loss designed into the DVR from the TV company, without a $350 ATI cablecard adapter, and without the $15 monthly fee to rent a cablecard, the subscription would almost be worth the money.

    • Pun says:

      Be careful. Even *thinking* about breaking copy protection is a violation of the DMCA. In fact, the DMCA outlaws thinking of any kind (as well as most vital biological processes).

  3. hospadar says:

    The thing with the internet is, it only takes one crafty pirate with such a device and a high-performance disk array to rip something available only on an hdcp line for everyone on the internet to get it.

    I’ve heard talk of using this to record stuff like pay-per views off of cable boxes that require HDCP. Things where the only access to the content comes through a locked-down box from a service provider.

  4. David says:

    I would assume that once you have the video stream decrypted, it’s trivial to use HDMI as a connection to a camera, or a PC with recording software, in addition to the monitor. Especially since the board used has 2 HDMI in, 2 HDMI out, but one of those is an unbuffered, HDMI Mini port, iirc. Plus, depending on how expensive the decryption is, you might be able to do some extra video processing before outputting the signal.

  5. Gravis says:

    ugh. the $350 number is STUPID. all you need is a decent sized FPGA chip with HDMI IOs. and why oh why do they say this will be “of no great practical use for pirates”??? even if pirates go with a stock board that’s $350, it’s not a ton of money.

  6. Hirudinea says:

    Why do these companies even bother, DRM is like red to a bull!

  7. pablo says:

    To paraphrase John Gilmore, ‘The internet interprets any and all impediments to free information exchange as damage and routes around them. Also, kittens’

    • Hirudinea says:

      ‘The internet interprets any and all impediments to free information exchange as damage and routes around them. Also, kittens’

      “Kittens!?” Well that explains Lolcats.

  8. bryon says:

    I like how they call these guys “researchers”…

  9. roboman2444 says:

    really shows how the drm sucks and how powerful fpga chips are.

  10. error404 says:

    @bryon: They do (and publish) a shitload of research. See for yourself: http://www.emsec.rub.de/research/publications/

    This is relevant to my interests. I’d like to design an audio breakout box for HDMI, which isn’t possible when HDCP is required.

  11. t&p says:

    “will be of little practical use to pirates” is code speech for ARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR MATEY!

  12. Sheldon says:

    Finally, a way of doing an Ambilight clone *without* a PC driving the image.
    No need to store any of the information, just track the edge pixels on the HDMI feed, pull the colour and route it to an RGB LED. Simples.

    (okay, okay, I know, it’s still not that simple as that’s a lot of data to parse & track)

    • ScottInNH says:

      @Sheldon –

      Only reason you’d need the FPGA setup is “if none of your equipment had a composite-out” (which may be your situation, fine, but that’s far from saying this is finally a way to make a PC-free Ambilight clone).

      There’s tons of composite video processing chips which could drive a PC-free Ambilight clone. You don’t need to actually watch the composite feed.. just watch the HDMI feed and route the composite feed to the ambilight. I’ve never seen a video device that shuts down the composite out port when HDMI out is also in use.

      • drgncabe says:

        Actually, I have. I have the “new” Cisco HD Explorer (forget the model number, used to be Scientific Atlanta) that disables video through composite when HDMI is connected.

        I found this out because my last receiver (that didn’t have problems) died. My connection is like this

        Cable Box -> HDMI -> Acer 23″ LCD in office
        Cable Box -> Component -> 32″ CRT in bedroom

        When the ACER has power, composite just sites ‘grey’ without anything on it. You can hear audio but that’s it. When the ACER is unplugged, the component outputs fine. I’ve also tried composite/svideo with the same results. :(

        This is in Orlando, FL w/BrightHouse

      • that1guy says:

        You wouldn’t be able to use such a composite image grabber with multiple sources without some additional switching. So your ambilight would only be useful with one source at a time. I want something that can intercept the HDMI out from my receiver (which has inputs for all my sources) and pass it to the TV while simultaneously getting the color information for the ambilight.

    • Marc says:

      This was my exact thought when I saw this post. Good to see others are interested in the same thing…

  13. Iw2 says:

    It is interesting, that it took this long for the first FPGA based stripper to be available to most of us.

    I know that it does not make sense for piracy (you would also need a HDMI capture card for your computer, or any other means of recoding HDMI video streams). However, there are so many useful things that could be built with this. Just think of 3D splitters (to route 3D movies to 2 separate projectors), Ambilight clones (as Sheldon noted), separating sound and video signals, video overlays, and so on…

    • rasz says:

      it took so long because it wasnt needed, you can just buy HDMI receiver chips preprogrammed with HDCP key that will output unencrypted video

      • Steve C says:

        Not without a $5M+ indemnity policy and an NDA agreement with HDCP LLC you can’t. Check the license agreement for HDCP and you will see this.
        Now, you CAN find things from China like the HDFury, but they are violating the HDCP license agreement.

  14. Tachikoma says:

    If you are opting for an FPGA solution you might as well add some real time video compression functionality to the system and dump it straight to wherever.

  15. rasz says:

    HDCP stripper cables cost $40 nowadays
    just google “Inteligentny kabel iHDMI plus CEC”
    they are available as hdmi-hdmi and hdmi-dvi. HDCP comes on one end … and vanishes in the middle :)

  16. N0LKK says:

    [SHRUG] Interesting information in the article, and comments, to be aware of. I hadn’t turn on my TV after the morning of the big switch, and the lone station I expected to receive wasn’t to be received. Probably 10 years since I had the good stereo receiver on, the portable does fine for now. Hopefully I remember what tech what’s worth remembering, when I get a life again, and connect to the mainstream entertainment world.

  17. kaluce says:

    I’m really just not seeing the point. though, I would like to point out that if they bought the PCI-E FPGA board, after stripping the video signal, you could probably whip up an encoder and signal splitter (audio and video), which will then let you mux them on a computer using the built in FPGA.

    you can do all that, OR you could just rip a bluray directly. I mean, they have an article on how to do it on gizmodo. GIZMODO people. though I do see the purpose for video games, I dont know if the 360 supports anything higher than HDMI spec 1.2, because I know it doesn’t support the CEC extensions. but they have a box out that can record the output now that works on the PS3 and 360 and transcodes it automatically.

  18. videoguy says:

    This would be great for those of us in production who need to get the HDMI out of a BlueRay player and into a format like HD-SDI so it can be switched. I have worked with several film festivals that this would have been great for. Yes I know that it is possible to playback a file from a laptop but this is the real world and we get all sorts of file formats and mediums.

  19. oscargoldman says:

    Well, the HDCP source code is now out there:

    http://www.cs.sunysb.edu/~rob/hdcp.html

    Somebody who knows how to implement it on this board can get cracking!

  20. ejonesss says:

    anyone know where i can get the board?

  21. ejonesss says:
  22. ejonesss says:

    bump

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,881 other followers