There’s two really useful parts to this hack which involves sniffing the HDMI protocol’s HDCP security keys. The first is just getting at the signals without disrupting communications between two HDCP capable devices. To do so [Adam Laurie] started by building an HDMI breakout cable that also serves as a pass-through. The board seen above is known as an HDMI screw terminal board. The image shows one cable connecting to itself during the fabrication process. What he did was cut one end off of an HDMI cable, then used a continuity tester to figure out which screw terminal connects with which bare wire. After all the wires are accounted for the end with the plug goes to his TV, with a second cable connecting between the board’s socket and his DVD player.
The rest of his post is dedicated to sniffing the security keys. His weapon of choice on this adventure turns out to be a Bus Pirate but it runs a little slow to capture all of the data. He switches to a tool of his own design, which runs on a 60MHz PIC32 demo board. With it he’s able to get the keys which make decrypting the protected data possible.
We love to see derivative works that take a great hack and make it even better. This LCD Laptop resurrection project is an excellent example. [Alex] took the work seen on this other FPGA LCD driver and delivered a leap forward on the final hardware packaging.
The link at the top drops you into the second page of [Alex’s] project thread. But if you go back to the beginning you’ll see the protoboard and spaghetti wiring which started off the process. Obviously if he plans to use this for a length of time it needs to be fortified or he’ll be cracking it open and grabbing a soldering iron again before long. But rather than just tidying up he ended up spinning his own circuit boards that make the screen look like it was manufactured to be used in this way.
He was able to mount the add-on board inside the LCD bezel, cutting out a space for the HDMI connector, barrel jack, trimpot, and the head of the inductor which was just a bit too large to fit inside. The trimpot allows him to adjust the LCD brightness. As far as we can tell the HDMI connector is just an easy way for him to deliver the drive signals from the Papilio board (FPGA) to the screen.
It’s fairly easy to create VGA with an FPGA using a simple R/2R DAC. As [Mike] points out, this requires a lot of IO pins, and many development boards only support 8 bit VGA. Analog VGA is being replaced with DVI-D and HDMI on many devices nowadays, so it would be nice to port projects from VGA to DVI-D.
To address this, he’s come up with a simple DVI-D implementation in VHDL. The result converts RGB and sync data for VGA into DIV-D. Since DVI-D and HDMI both use the same signals for video, this can be connected to either input on a monitor or TV.
This implementation is shown displaying a test pattern on the Pipistrello development board, which features a Spartan 6 LX45 FPGA, but the project was written to be portable to other vendor’s FPGAs. With the right connector and a fast enough clock speed, this project should help move a project from 8 bit VGA to glorious 32 bit color.
[bunnie] is up to his old tricks again. He successfully implemented a man-in-the-middle attack on HDCP-secured connections to overlay video in any HDMI video stream. There’s a bonus, too:
his hack doesn’t use the HDCP master-key. It doesn’t violate the DMCA at all.
HDCP is the awful encryption scheme that goes into HDMI-compatable devices. Before HDCP, injecting video overlays or even chroma keying was a valid interpretation of fair use. [bunnie] thinks that HDMI devices should have the same restrictions analog devices have, so he decided to funnel his own video into his TV.
The build uses the NeTV, a handy and cheap FPGA board with an HDMI input and output. [bunnie] got the FPGA to snoop the HDMI bus and decide if a pixel needs to be changed or not. This isn’t much different from what researchers in Germany did a few months ago, but unlike the academic security researchers, [bunnie] gives you a shopping list of what to buy.
As an example of his work, [bunnie] implemented something like a ‘tweet ticker’ on HDCP-encrypted video. There’s very little the NeTV setup can’t do from chroma keying, filters, or simply dumping the HDMI stream to a hard disk. Check out the slides from [bunnie]’s talk to get better idea of what he did.
[PAPPP] found a video of the talk in question. Check that out after the break.
Continue reading “Overlaying video on encrypted HDMI connections”
Want that 70″ LCD television in your living room to be an Android device? This little guy can make it happen. With an HDMI port on one end, and a USB plug on the other for power, just plug in FXI Technologies’ Cotton Candy dongle to create a 1080p Android television.
The price isn’t set for the device, but it’s expected to be available at less than $200. Considering what’s inside that’s pretty reasonable. There’s a dual-core 1.2 GHz ARM processor, 1 gig of RAM, 64 gigs of storage, Bluetooth, WiFi, and a microSD card slot. Wow!
So is it hackable? Absolutely. Well, kind of? The company doesn’t intend to bring Cotton Candy to the retail market. Instead, they will sell the device to developers who may do what they wish. From there, said developers have the option to license the technology for their own products. This begs the question, will the development kit come in under $200? Hard to say.
Check out the video after the break to hear an interview with the company’s CEO. It certainly sounds fascinating, and like the Chumby NeTV, we can’t wait to see what comes of this. Continue reading “This dongle makes any screen an Android device”
Check out the new set-top box on the block, the NeTV from Chumby Industries. That link will take you to their video demonstration of the device, which is a humble-looking black box with no apparent user interface. You’ll see a few cool tricks that may impress you, like pairing the device with an Android phone through the use of a QR code. Once the two have mated you can do things like share images on the TV and load webpages from addresses entered into the smart phone. There are options for scrolling alerts when you receive an IM or SMS, and a few other bells and whistles. All of this from a device which connects with two HDMI ports to sit between your TV and whatever feeds it a video signal. Read all about the features here.
But its the hacking potential that really gets our juices flowing. The developer page gives us a look inside at the Spartan-6 FPGA that lives in the little case. We don’t often quote [Dave Jones] but we’re certain he’d call this thing ‘sex on a stick’. They’ve made the schematic and FPGA information available and are just begging for you to do your worst. The power for the device is provided by a USB connection but curiously is just above spec when drawing a max of 700 mA. We have a USB port on the back of our TV and would love to velcro this thing in place and power it from that. What would you plan to do with it?
[Valkyrie-MT] was frustrated by the inability to control TrueHD audio volume from his computer. That’s because digital audio passes through the cable to the receiver where the volume adjustments are done. This meant that his RF computer remote was no good because the receiver uses an IR remote. He set out to find a way to get around this and ended up working with the Consumer Electronics Control (CEC) protocol.
The CEC protocol is a 1-wire serial bus built into the HDMI standard. The solution he settled up required one solder connection on the motherboard as well as the internal USB translator module seen above. That translator box, called the RainShadow, is a PIC 18F87J50 controlled board that translates incoming commands from the USB connection and sends them out as CEC hex codes. A bit of code writing and [Valkyrie-MT] is in business. You can see in the video after the break that it’s not just controlling audio, he can now control the entire entertainment center including turning on the TV and setting it to the appropriate input.
Continue reading “Adventures in Consumer Electronics Control (CEC)”