How gizmo maker's hack outflanked copyright trolls
Chumby NeTV: A triumph for mankind
'Legal bullies on the technology playground'
The hack was helped along with a series of fortunate events. The first was a September 2010 post on Pastebin.com that contained the master key that ultimately derives the shared keys that encrypt video as it passes from a set-top box or DVD player to a monitor. More than 12 months later, no one knows who authored the key or whether it was found mathematically or just leaked by an insider. Ultimately, it didn't matter: The secret protecting the scheme was irreversibly revealed.
Another lucky happenstance was the HDCP's use of a stream cipher to encrypt content, making it possible to combine it seamlessly with other encrypted signals that use the same key. This allowed Huang to use the leaked master key to encrypt the NeTV feed and inject it into the stream without ever having to convert anything into plaintext. Had HDCP used a block cipher, this task would have been significantly more limited.
Huang's hack was also noteworthy for its ability to inject content into the feed without causing hiccups in the the video or audio, something that's not easy to do with a device that uses an 800 MHz processor. One of the ways he worked around the bottle neck was the use of chroma key compositing, the technique involving green screens videographers have used for years to seamlessly overlay one video feed into another.
Of course, the absence of any decryption by the NeTV is no guarantee Chumby won't be sued by a device maker or content provider who doesn't like the idea of an outsider joining the HDCP camp without an invitation. People modifying Sony's PlayStation or Microsoft's Xbox game consoles and Texas Instruments calculators know first hand how touchy device makers can be about these kinds of hacks.
The risk hasn't escaped the notice of Huang, who is scheduled to demo the NeTV hack at Sunday's Maker Faire at the New York Hall of Science.
“While I'm hoping that everyone will engage in mature, rational and fair discourse, the fact exists that there *are* legal bullies on the technology playground and they have a lot of tricks in their bag, and a lot of ammunition to hurl at people they don't like,” he wrote. “But, what will the world come to if all innovative thoughts end at lawyers, and not at users? I think it would be a sad day for consumers when small innovators spend more resources worrying about being sued than worrying about being creative.”
This story to be continued ... maybe. ®
This article was updated to correct the name of the HDCP scheme.
Sponsored: The Nuts and Bolts of Ransomware in 2016