Cheap-as-chips kit smashes Intel's HD video encryption
German boffins crack HDCP with $200 gear
German boffins have pulled off a successful attack on HDCP copy protection – using cheap hardware and a lot of clever coding.
Intel's HDCP (high-bandwidth digital content protection) allows the encrypted transfer of high definition video signals via DVI, HDMI, DisplayPort and other connectors and between TVs and Blue-ray discs or set-top boxes. The HDCP master key was leaked last year but there was no easy way to exploit this.
Rather than trying to design a customised chip (both expensive and complicated), computer scientists in the Secure Hardware Group at Germany's Ruhr University built a custom board using relatively inexpensive FPGA chips. A Xilinx Spartan-6 FPGA featuring an HDMI port and a serial RS232 communication port was created and sat between a Blu-ray player and a flat screen TV, intercepting and decrypting traffic, without being detected. The rig, which cost little over $200, was built by professor Tim Güneysu and PhD student Benno Lomb, as part of a research project in copy protection.
Although the exercise shows that HDCP is vulnerable to practical attacks the whole exercise is of little interest to pirates, who can more easily tap compressed high-definition content from receivers rather than faffing about with uncompressed HDCP streams whether or not they are strongly encrypted.
"Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout," Güneysu explained, H Security reports. "The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system." ®
"can't enforce peoples behaviour with technology"
Oh, I don't know about that. Because of HDCP (and also Bluray DRM), I cannot watch all my DVDs / Blurays using my laptop and TV. The latest version of the software I need to watch the newer Blurays doesn't work on 1 of my TVs (not authorised) and turns off the digital audio out on the other (and with no analogue out, that means no sound). An older one doesn't work with the newest Blurays, or some DVDs. The oldest version works with all the DVDs but only 1 of my Blurays.
I can say with some certainty that they have (en)forced me to not buy Blurays. They have also (en)forced me to look into software that rips Blurays so that I can watch them and have sound. You could also say that they have encouraged me to just download them and not pay a penny, but my broadband connection would not be up for that, so I don't have to worry about the morality of that.
Basically their technology is "enforcing" their downfall.
Fundamental flaw in the concept ...
It's all very well having ultra-high security between player and screen ... but similar to the observation of an assassin (I only need to be lucky once - you need to be lucky for the rest of your life), it only takes a single breach to rip the content, and then spray it round the world.
When is the world going to realise you can't enforce peoples behaviour with technology ?
I'm no freetard, btw.
But it IS of interest to end users.
As the article points out, HDCP, like any form of copy protection / DRM, does little to prevent "piracy", all it really does is right-royally piss off the average end user who just wants to make use of the content that has been paid for in the manner they wish.
Here's hoping this will lead to readily available cheap boxes that we can plug into our home kit.
The point is
1) HDCP is simply an irritant and extra cost for consumer as content is pirated either from the disc or the transmission (a lot more conveniently as the content is professionally compressed).
2) It doesn't even be secure anyway.
It's simply a royalty revenue stream for Intel. It's pointless, not needed, protects nothing even if it wasn't circumvented and can easily be circumvented.
It should be dropped on all BD players and HD receivers to reduce cost. Then after a while TV makers can drop it too and save money.
CurtPalme were selling the MUX-HD HDCP stripper for at least a couple years, it pairs nicely with the BlackMagic Intensity HDMI capture card. Works brilliantly on Sky HD (although it's easier to pull the audio in separately if you're after 5.1 audio.) This is great and all, but it's not really enabling anything new and practical.