HDCP falls to FPGA-based man-in-the-middle attack

fpga-hdcp-maninthemiddle-attack

It’s been a little while since we talked about HDCP around here, but recent developments in the area of digital content protection are proving very interesting.

You might remember that the Master Key for HDCP encryption was leaked last year, just a short while after Intel said that the protection had been cracked. While Intel admitted that HDCP had been broken, they shrugged off any suggestions that the information could be used to intercept HDCP data streams since they claimed a purpose-built processor would be required to do so. Citing that the process of creating such a component would be extremely cost-prohibitive, Intel hoped to quash interest in the subject, but things didn’t work out quite how they planned.

It seems that researchers in Germany have devised a way to build such a processor on an extremely reasonable budget. To achieve HDCP decryption on the fly, the researchers used a standard off the shelf Digilent Atlys Spartan-6 FPGA development board, which comes complete with HDMI input/output ports for easy access to the video stream in question. While not as cheap as this HDCP workaround we covered a few years ago, their solution should prove to be far more flexible than hard wiring an HDMI cable to your television’s mainboard.

The team claims that while their man-in-the-middle attack is effective and undetectable, it will be of little practical use to pirates. While we are aware that HDMI data streams generate a ton of data, this sort of talking in absolutes makes us laugh, as it often seems to backfire in the long run.

[via Tom's Hardware]

The HDCP master key

Pastebin has the HDCP master key that we talked about in a post last week. This is the encryption protocol used for HDMI content protection on media such as Blu-Ray and High Definition cable television.

The master key array is a 40×40 set of 56-bit hex used to generate the key sets. You get one brief paragraph at the top of the document explaining what to do with this information. If you ask us we’re more interested in how this set was determined. So for some background information read the key selection vector (KSV) Wikipedia page. That points us to an interesting discussion proposing that if 40 unique device-specific KSVs can be captured, they could be used to reverse-engineer the master key. And finally, a bit of insight from a Reddit user (make your own decision on the dependability of this information) commenting on the value of having the master key.

In his comment, [iHelix150] covers the revocation system that HDCP uses to ban devices that are being used to circumvent copy protection. He says that having the master key makes it possible to push your own revocation lists onto devices. Each time a list is written to your device (TV, Blu-ray, etc.) the version number field for the list is updated. If you push an update with nothing on the revocation list, and set the version number to a binary value of all 1’s it will prevent any more rewrites of the list. This means that any previously banned hardware will be allowed back into the chain or trust.

So far this probably means nothing for you. But it’s fun to watch the cat-and-mouse involved in the DRM struggle, isn’t it?

Intel: High-bandwidth Digital Content Protection cracked

Intel says that HDCP has been cracked, but they also say that it’s unlikely this information will be used to unlock the copying of anything. Their reasoning for the second statement is that for someone to make this work they would need to produce a computer chip, not something that is worth the effort.

We question that logic. Not so much for Blu-Ray, which is the commonly associated media format that uses HDCP, but for HD digital cable programming. There are folks out there who would like to have the option of recording their HD television shows without renting a DVR from the cable company. CableCard tuners have been mostly absent from the market, making this type of recording difficult or impossible. Now that there’s a proven way to get the encryption key for HDCP how hard would it really be to create a man-in-the-middle device that uses that key to authenticate, decrypt, and funnel the audio and video to another encoder card? We know next-to-nothing about the protocol but why couldn’t any powerful processor, like an ARM, or even an FPGA (both rather inexpensive and readily available) be programmed for this task?

Leave a comment to let us know what you think about HDCP, and what the availability of the master-key really means.

[Thanks Dave]

Follow

Get every new post delivered to your Inbox.

Join 94,522 other followers