HDMI copy protection broken

HDMI uses copy protection system called HDCP. The system is meant to stop HDCP-encrypted content from being played on devices that do not support HDCP or which have been modified to copy HDCP content. Manufacturers who want to make a device that supports HDCP must obtain a license from Intel subsidiary Digital Content Protection, pay an annual fee, and submit to various conditions. HDCP is a standard feature in televisions, cable boxes, satellite receivers and Blu-ray players in much of the modern world.

The HDCP master key that has leaked to Internet last week is legit HDCP copy protection code. The “key” was posted to the Internet on Tuesday, where it was quickly picked up.The HDCP master key in question is used to generate lower-level “device keys”. With the master key code it is possible to build devices that play copyright-protected content without having to pay for licenses.

The disclosure means, in effect, that the content flowing over the encrypted HDMI connection may be recorded and authenticated using an unlicensed device. The bitstream now can be recorded and decrypted, allowing an encrypted film to be copied – a huge blow to Hollywood which is a big fan of all kinds of DRM technologies.

Intel Threatens to Sue Anyone Who Uses HDCP Crack to produce hardware that defeats the HDCP technology. Intel still believes that this technology will remain effective.

no_hdcp

15 Comments

  1. Tomi says:

    http://www.freedom-to-tinker.com/blog/felten/understanding-hdcp-master-key-leak
    says:

    Now we can understand the implications of the master key leaking. Anyone who knows the master key can do keygen, so the leak allows everyone to do keygen. And this destroys both of the security properties that HDCP is supposed to provide. HDCP encryption is no longer effective because an eavesdropper who sees the initial handshake can use keygen to determine the parties’ private keys, thereby allowing the eavesdropper to determine the encryption key that protects the communication. HDCP no longer guarantees that participating devices are licensed, because a maker of unlicensed devices can use keygen to create mathematically correct public/private key pairs. In short, HDCP is now a dead letter, as far as security is concerned.

    Reply
  2. lg e50 says:

    lg e50…

    [...]HDMI copy protection broken « Tomi Engdahl’s ePanorama blog[...]…

    Reply
  3. Tomi says:

    $350 Hardware Cracks HDMI Copy Protection
    http://news.slashdot.org/story/11/11/25/1859240/350-hardware-cracks-hdmi-copy-protection

    German Researchers at the Ruhr University Bochum built an FPGA board-based man-in-the-middle attack against the HDCP copy protection used in HDMI connections. After the leak of an HDCP master key in 2010, Intel proclaimed that the copy protection was still secure, as it would be too expensive to build a system that could conduct a real-time decryption of the data stream. It has now been proven that a system can be built for around $350 (€200) to do the task.

    Reply
  4. Tomi Engdahl says:

    HDMI/DVI HDCP handshake problems & how to avoid them
    http://www.eetimes.com/design/communications-design/4013366/HDMI-DVI-HDCP-handshake-problems–how-to-avoid-them

    With the advent of affordable 1080p displays, 8-channel 192 kHz sound systems and high-definition A/V sources, consumers are switching to HDMI & DVI uncompressed digital A/V interfaces en masse.

    But there’s a hitch. HDMI & DVI have a companion high-definition content protection (HDCP) system that sometimes leaves authorized consumers in mute, watching a blank screen, blinking video, or snow while being held hostage by a bug known as the “HDCP handshake problem.”

    In this article, we’ll review the key issues surrounding this problem and introduce you to some rules and tools that’ll help you keep your HDMI and DVI design out of trouble.

    Reply
  5. Rush Limbaugh Show says:

    I’m excited to find this great site. I wanted to thank you for ones time due to this fantastic read!! I definitely savored every little bit of it and i also have you saved to fav to see new information on your website.

    Reply
  6. pest control sprayer says:

    I want to express my gratitude for your generosity supporting individuals that have the need for help on the matter. Your real commitment to getting the message up and down had been pretty valuable and has in every case enabled regular people just like me to realize their targets. Your amazing useful useful information means so much a person like me and further more to my fellow workers. Thank you; from each one of us.

    Reply
  7. posture now says:

    you are in reality a excellent webmaster. The site loading speed is amazing. It kind of feels that you are doing any unique trick. In addition, The contents are masterpiece. you have performed a excellent activity on this matter!

    Reply
  8. HDMI HDCP hacking « Tomi Engdahl’s ePanorama blog says:

    [...] HDCP hacking HDMI uses copy protection system called HDCP. And I have know for some years that HDMI copy protection broken. But based on recent information that has popped out it seems that it is even more broken that I [...]

    Reply
  9. Health Blog says:

    I believe this is a proper zealous article line.Thanks Again. Real Large.

    Reply
  10. download crack says:

    Thanks on your marvelous posting! I really enjoyed reading it,
    you might be a great author.I will be sure to bookmark your blog and
    may come back down the road. I want to encourage one
    to continue your great job, have a nice day!

    Reply
  11. Www.Mrsbuckets.Co.Uk says:

    Howdy. I discovered your website the utilization of ask. It is an incredibly tactically composed write-up. We’ll make sure you book mark this and get back to continue reading of one’s valuable information. Thanks for the posting. I will undoubtedly returning.

    Reply
  12. levigatrici per parquet says:

    Thanks for this excellent article. Also a thing is that nearly all digital cameras are available equipped with a new zoom lens that permits more or less of your scene to generally be included by ‘zooming’ in and out. All these changes in focusing length usually are reflected while in the viewfinder and on significant display screen right on the back of the specific camera.

    Reply
  13. Arnoldo says:

    Hello there, You have done a fantastic job. I’ll definitely digg it and personally recommend to my friends. I am confident they’ll be benefited from this site.

    Reply
  14. Jonas says:

    It’s awesome for me to have a web site, which is useful in support of my know-how. thanks admin

    Reply
  15. Tomi Engdahl says:

    HDMI Splitter is also a Decrypter
    http://hackaday.com/2015/03/12/hdmi-splitter-is-also-a-decrypter/

    It warms our hearts when the community gets together. [esar] needed to get a decrypted HDMI stream for his home theater system. A tip-off in the comments and a ton of good old-fashioned hacking resulted in a HDMI splitter converted into a full-featured HDMI decrypter. Here’s the story.

    HDMI Splitter Hack
    http://hacks.esar.org.uk/hdmi-splitter-hack/

    RoyTheReaper’s instructions work for splitters that are based on the chip sets from Explore Semiconductor, such as the EP9132 in the splitter I had on hand. These splitters contain two chips: the main HDMI splitter (EP9132), which is usually hidden under a heatsink, and a microcontroller (EPF011A) which communicates with the splitter via I2C.

    As it turns out, the splitter’s outputs are unencrypted by default regardless of whether the incoming signal is encrypted or not, and all that’s needed to disable encryption of the splitter’s output is to stop the microcontroller from talking to the main splitter chip. This can be achieved via any of a number of different methods

    What I needed was to find a way to keep the microcontroller doing all the other things it usually does, while still stopping it from enabling encryption of the outputs. As its only connection to the splitter chip was via the I2C bus, maybe I could intercept any attempts to enable encryption…

    The datasheet for the EP9132 is fairly easy to find

    To do this I decided to use an Atmel ATTINY9 microcontroller, which is a tiny SOT23 package device with 6 pins, an internal 8MHz clock, 1KB of program space and 32 bytes of RAM. I connected the ATTINY to the splitter’s I2C bus and wrote some code

    Unfortunately this didn’t quite work.

    Going back to the datasheet, I found another interesting looking register

    I updated the code in the ATTINY to target this new register, and… success! I got unencrypted output.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*