Overlaying video on encrypted HDMI connections

[bunnie] is up to his old tricks again. He successfully implemented a man-in-the-middle attack on HDCP-secured connections to overlay video in any HDMI video stream. There’s a bonus, too: his hack doesn’t use the HDCP master-key. It doesn’t violate the DMCA at all.

HDCP is the awful encryption scheme that goes into HDMI-compatable devices. Before HDCP, injecting video overlays or even chroma keying was a valid interpretation of fair use. [bunnie] thinks that HDMI devices should have the same restrictions analog devices have, so he decided to funnel his own video into his TV.

The build uses the NeTV, a handy and cheap FPGA board with an HDMI input and output. [bunnie] got the FPGA to snoop the HDMI bus and decide if a pixel needs to be changed or not. This isn’t much different from what researchers in Germany did a few months ago, but unlike the academic security researchers, [bunnie] gives you a shopping list of what to buy.

As an example of his work, [bunnie] implemented something like a ‘tweet ticker’ on HDCP-encrypted video. There’s very little the NeTV setup can’t do from chroma keying, filters, or simply dumping the HDMI stream to a hard disk. Check out the slides from [bunnie]’s talk to get better idea of what he did.

[PAPPP] found a video of the talk in question. Check that out after the break.

Continue reading “Overlaying video on encrypted HDMI connections”

This dongle makes any screen an Android device

Want that 70″ LCD television in your living room to be an Android device? This little guy can make it happen. With an HDMI port on one end, and a USB plug on the other for power, just plug in FXI Technologies’ Cotton Candy dongle to create a 1080p Android television.

The price isn’t set for the device, but it’s expected to be available at less than $200. Considering what’s inside that’s pretty reasonable. There’s a dual-core 1.2 GHz ARM processor, 1 gig of RAM, 64 gigs of storage, Bluetooth, WiFi, and a microSD card slot. Wow!

So is it hackable? Absolutely. Well, kind of? The company doesn’t intend to bring Cotton Candy to the retail market. Instead, they will sell the device to developers who may do what they wish. From there, said developers have the option to license the technology for their own products. This begs the question, will the development kit come in under $200? Hard to say.

Check out the video after the break to hear an interview with the company’s CEO. It certainly sounds fascinating, and like the Chumby NeTV, we can’t wait to see what comes of this. Continue reading “This dongle makes any screen an Android device”

Chumby’s new NeTV makes almost ‘any TV’ into an Internet connected device

Check out the new set-top box on the block, the NeTV from Chumby Industries. That link will take you to their video demonstration of the device, which is a humble-looking black box with no apparent user interface. You’ll see a few cool tricks that may impress you, like pairing the device with an Android phone through the use of a QR code. Once the two have mated you can do things like share images on the TV and load webpages from addresses entered into the smart phone. There are options for scrolling alerts when you receive an IM or SMS, and a few other bells and whistles. All of this from a device which connects with two HDMI ports to sit between your TV and whatever feeds it a video signal. Read all about the features here.

But its the hacking potential that really gets our juices flowing. The developer page gives us a look inside at the Spartan-6 FPGA that lives in the little case. We don’t often quote [Dave Jones] but we’re certain he’d call this thing ‘sex on a stick’. They’ve made the schematic and FPGA information available and are just begging for you to do your worst. The power for the device is provided by a USB connection but curiously is just above spec when drawing a max of 700 mA. We have a USB port on the back of our TV and would love to velcro this thing in place and power it from that. What would you plan to do with it?

[via Reddit]

Adventures in Consumer Electronics Control (CEC)

[Valkyrie-MT] was frustrated by the inability to control TrueHD audio volume from his computer. That’s because digital audio passes through the cable to the receiver where the volume adjustments are done. This meant that his RF computer remote was no good because the receiver uses an IR remote. He set out to find a way to get around this and ended up working with the Consumer Electronics Control (CEC) protocol.

The CEC protocol is a 1-wire serial bus built into the HDMI standard. The solution he settled up required one solder connection on the motherboard as well as the internal USB translator module seen above. That translator box, called the RainShadow, is a PIC 18F87J50 controlled board that translates incoming commands from the USB connection and sends them out as CEC hex codes. A bit of code writing and [Valkyrie-MT] is in business. You can see in the video after the break that it’s not just controlling audio, he can now control the entire entertainment center including turning on the TV and setting it to the appropriate input.

Continue reading “Adventures in Consumer Electronics Control (CEC)”

TV hack bypasses HDCP

hdmi

Reader [GRitchie] wrote in with an interesting find in his new TV set: with just some minor soldering it was possible to tap into an unencrypted hi-def video stream.

HDCP (High-bandwidth Digital Content Protection), used by Blu-Ray players and cable or satellite receivers, normally ensures a DRM-protected link between the device and a compatible display. Any properly-licensed device that forwards HDCP content (such as an HDMI switch box) is expected to provide encrypted output; those that don’t may get blacklisted by the system and become expensive paperweights. It’s something of an annoyance for users who feel this oversteps fair use applications such as time-shifting.

[GRitchie] found that his new TV with “InstaPort” Fast HDMI Switching didn’t perform this re-encryption step between the set’s internal switcher and the next stage in decoding. Soldering just eight wires directly from the switching chip’s output to an HDMI cable provided an unencrypted output that could then be received by a PC for later replay.

What’s not clear at this point is whether the capability is peculiar to just this one make and model, or applies to anything with the new Fast HDMI Switching. If the latter, it will be interesting to see how this plays out…nearly all of the major HDTV manufacturers are evaluating InstaPort for new sets, which would make any attempt at HDCP blacklisting awkward, to say the least.

Microsoft sorta explains E74 errors

e74

Last month we speculated on the recent rise in Xbox 360 E74 errors. We assumed that this was because of an increase in the number of HDMI consoles and that the associated scalar chip was failing. Unfortunately since these weren’t red ring failures, they didn’t fall into the extended three year warranty period for Xbox 360s. That is until this week when Microsoft admitted that some E74 errors are the same types of failures that cause the RRoD and would repair E74 under the same three year warranty. Kotaku attempted to get a better explanation out of Microsoft, but only got a little more info. Microsoft did confirm that E74 is not a reclassing of RRoD, but that there is some overlap between the two.

[via xbox-scene]

Hackit: Xbox 360 hardware failures on the rise?

e74xbox

Joystiq has been tracking the new starlet of Xbox 360 failures: the E74 error. It appears as the lower right light on the console turning red and an on-screen message telling the user to contact support with the error E74. The number of reported E74 errors seems to have risen since August 2008 and people are wondering if the more recent increase in errors are related to the release of the New Xbox Experience (NXE) Dashboard update. Did Microsoft reclass Red Ring of Death (RROD) failures as E74 to avoid warranty replacements? Continue reading “Hackit: Xbox 360 hardware failures on the rise?”