There’s two really useful parts to this hack which involves sniffing the HDMI protocol’s HDCP security keys. The first is just getting at the signals without disrupting communications between two HDCP capable devices. To do so [Adam Laurie] started by building an HDMI breakout cable that also serves as a pass-through. The board seen above is known as an HDMI screw terminal board. The image shows one cable connecting to itself during the fabrication process. What he did was cut one end off of an HDMI cable, then used a continuity tester to figure out which screw terminal connects with which bare wire. After all the wires are accounted for the end with the plug goes to his TV, with a second cable connecting between the board’s socket and his DVD player.
The rest of his post is dedicated to sniffing the security keys. His weapon of choice on this adventure turns out to be a Bus Pirate but it runs a little slow to capture all of the data. He switches to a tool of his own design, which runs on a 60MHz PIC32 demo board. With it he’s able to get the keys which make decrypting the protected data possible.
Subscribe for weekly videos
He actually switches back to using the Bus Pirate after upgrading the firmware. The issue wasn’t the speed of the Bus Pirate, it was that it didn’t detect the directional change of the I2C data
“I suspected, therefore, that the problem with the Bus Pirate was not speed at all, but mis-handling of a RESTART” << from the blog post.
Don't you guys even read these things before posting them?
Very interesting post, btw, and I'm only halfway through it.
According to the buspirate documentation, “The I2C sniffer is implemented in software and seems to work up to 100kHz”. It’s quite likely that the bus he’s sniffing is running at a higher speed.
The page does mention in the next paragraph that the restart issue went away with a firmware update of the buspirate.
Actually, it says he flashed the bus pirate with the latest firmware, “happy happy joy joy” and then shows output from the bus pirate.
Sorry, read too quickly.
Yes, the issue went away, and he seems to be using the bus pirate afterward.
Yet again proving that DRM is just inconvenient for legitimate users and will never stop illegitimate users
In that way, DRM laws are much like gun control laws, which make criminals feel safer while they do armed home invasions. No worries about a homeowner shooting back… :P
In the above analogy, just think: DRM provider = armed criminal, legitimate user = home owner.
Wait… Shouldn’t the DRM provider = the idiot taking away guns from law-abiding citizens and the illegitimate user = the armed criminal?
Great analogy though
Same diff. :)
I wasn’t going to say it first, but yeah, gun control reminds me a lot of DRM. It doesn’t work, punishes all and only the wrong people, and actually increases rates of both gun crime and illegal gun sales.
Given how popular Chicago is for the people promoting gun control, I can’t help but wonder if that’s their objective.
Life long Chicagoan, flaming liberal on 99.5% of things but, lover of all firearms with a massive collection that spans all shapes and sizes.
The vast majority of firearms used in Chicago are purchased right over the border in indiana and Mississippi, neither of which have many restrictions on any type of purchase, at all. Gary Indiana, has historically been the murder capital of the world, and has no restrictions on purchasing
I’m not sure why Chicago is held up as some paragon of example for gun rights advocates but they all tend to leave out the bit of *where* the guns come from that are used in Chicago.
> In that way, DRM laws are much like gun control laws
I see your analogy, but quite disagree. Gun control laws could prevent someone to be able to defend his family from armed thugs, but also his little child from playing with the gun and killing someone or himself by mistake.
Clearly a complex matter that cannot be resolved in a few lines in a technical blog.
Gun control laws don’t stop little children from playing with improperly stored firearms. That’s an issue with the gun owner, not the gun or the laws. Personal responsibility.
I’m sorry that’s a rather stupid argument, as a responsible gun owner and a father of a 9 year old boy i can tell you that not only does my son understand how dangerous a gun is and that it’s not a toy, but that all firearms are kept under lock and key. Any parent who would leave a loaded gun around for a kid to find obviously has bigger problems and could be doing many other things that could be endangering the life of said child. Bottom line it’s the parents responsibility to protect their child not the fedral governments. I have never seen a house containing both guns and children where the parents hadn’t taken the obvious safety measure of making sure the guns were locked up.
Outside of the US many countries have much stricter gun laws and, as a consequence, much fewer innocent adults and children killed from gun shot wounds.
And more from knive wounds and other, more creative ways of killing people. How long it took UK to ban knives after banning guns?
I’m amazed that the 1gbps tmds signals survive passing through that!
Consumer product data links have to be rather robust to survive cheap cables, barely followed specifications etc. As long as you don’t leave long unterminated loose wires dangling off the side there should be no problem.
Could the Bus Pirate theoretically support I2C clock stretching? If so, that might be an option…
Only the public keys are passed, so this does not really help crack the DRM.
Bunnies FPGA work shows exactly how the DRM is structured and with very minor changes can be used to decrypt the source video rather than encrypt the overlay video.
Actually, if you can sniff enough negotiations (41), you can crack the master key. This has, in fact, already been done successfully. See “Implementing a Key Recovery Attack on the High-Bandwidth Digital Content Protection Protocol” ( http://www.cs.stonybrook.edu/~rob/papers/hdcp2.pdf )
To answer the question of why things still have HDCP, You are given a one cent discount off of the HDMI licence cost per port if you implement it.