back to article Cheap-as-chips kit smashes Intel's HD video encryption

German boffins have pulled off a successful attack on HDCP copy protection – using cheap hardware and a lot of clever coding. Intel's HDCP (high-bandwidth digital content protection) allows the encrypted transfer of high definition video signals via DVI, HDMI, DisplayPort and other connectors and between TVs and Blue-ray discs …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Lies, lies, lies

    It's all lies you know.

    The board in question costs $350, unless you get it for the academic price mentioned in the article.

    The rest appears to be plausible.

    More at (e.g.) http://www.h-online.com/security/news/item/Researchers-conduct-successful-MITM-attack-on-HDCP-copy-protection-1384543.html

  2. Robert Carnegie Silver badge
    Joke

    Add the cost of labour, however,

    and how much does this cost when you get it in Dixons?

    ...What?

    1. David Kelly 2

      cost is negative

      Students pay to be educated, so the student paid for the privilege of being educated, paid the professor's salary, so net labor costs should more than offset the hardware cost.

  3. Eponymous Cowherd
    Thumb Up

    But it IS of interest to end users.

    As the article points out, HDCP, like any form of copy protection / DRM, does little to prevent "piracy", all it really does is right-royally piss off the average end user who just wants to make use of the content that has been paid for in the manner they wish.

    Here's hoping this will lead to readily available cheap boxes that we can plug into our home kit.

  4. JimmyPage Silver badge
    FAIL

    Fundamental flaw in the concept ...

    It's all very well having ultra-high security between player and screen ... but similar to the observation of an assassin (I only need to be lucky once - you need to be lucky for the rest of your life), it only takes a single breach to rip the content, and then spray it round the world.

    When is the world going to realise you can't enforce peoples behaviour with technology ?

    I'm no freetard, btw.

    1. BristolBachelor Gold badge
      Megaphone

      "can't enforce peoples behaviour with technology"

      Oh, I don't know about that. Because of HDCP (and also Bluray DRM), I cannot watch all my DVDs / Blurays using my laptop and TV. The latest version of the software I need to watch the newer Blurays doesn't work on 1 of my TVs (not authorised) and turns off the digital audio out on the other (and with no analogue out, that means no sound). An older one doesn't work with the newest Blurays, or some DVDs. The oldest version works with all the DVDs but only 1 of my Blurays.

      I can say with some certainty that they have (en)forced me to not buy Blurays. They have also (en)forced me to look into software that rips Blurays so that I can watch them and have sound. You could also say that they have encouraged me to just download them and not pay a penny, but my broadband connection would not be up for that, so I don't have to worry about the morality of that.

      Basically their technology is "enforcing" their downfall.

    2. Anonymous Coward
      Anonymous Coward

      Serious answer...

      This is a serious answer, I'm not taking the piss at all...

      I think that we're in a catch 22 here - The content providers want to encrypt/otherwise protect their content because of the people taking it without paying. Lots of the people taking the content want to be able to use it how they want, so crack it.

      It requires a change in attitude from both sides to resolve this problem.

  5. Mage Silver badge
    Boffin

    The point is

    1) HDCP is simply an irritant and extra cost for consumer as content is pirated either from the disc or the transmission (a lot more conveniently as the content is professionally compressed).

    2) It doesn't even be secure anyway.

    It's simply a royalty revenue stream for Intel. It's pointless, not needed, protects nothing even if it wasn't circumvented and can easily be circumvented.

    It should be dropped on all BD players and HD receivers to reduce cost. Then after a while TV makers can drop it too and save money.

  6. JeffyPooh

    It only takes *one* guy or gal to figure this out...

    ...Then the Chinese start mass-producing little boxes for $150 each, and the constantly-updated *point-and-click* software is distributed around the Interweb. The net result is that *anyone* can crack it with the click of the mouse.

    *Anyone*.

    1. StooMonster
      Headmaster

      HDCP strippers

      There have been HDCP strippers around for years that take HDMI and convert HDCP laden content to analogue, DVI, or even HDMI with no HDCP.

      HD Fury is a popular brand.

      1. Levente Szileszky
        Devil

        RE: HDCP strippers

        Exactly and you don't even have to keep throwing money at them like other type of strippers when you try to plug-in or keep the connection alive...

        ...so you can watch strippers for the price of the PPV movie.

  7. John Smith 19 Gold badge
    FAIL

    Nice little earner for Intel.

    Think how many companies they licensed it to.

    Still not to worry. They will promise "Thinks will be better with HDCP II" and work another round of security-by-obscurity.

    Until the next PhD student cracks that of course.

    Note the crypto used by Sky Digital *seems* to remain invulnerable.

    But as it was licensed from a company set up by one of the developers of the RSA algorithm you'd expect that.

    1. Jess--

      the reason that the sky encryption "seems" invulnerable is that it has multiple layers combined with the fact that the serial number from the box is tied into the decryption makes it that bit harder.

      that's not to say that there aren't people working on it, the trouble is that other people are watching for any sign of a partial breach, around 3 / 4 years ago a german team managed to get 1% of channels to decrypt (any attempt to watch the other 99% killed the card permanently) so it was a minor breach in terms of the content it opened up, Sky's response was to issue new cards to all subscribers with an extra layer of security enabled.

      from memory the team at the time seemed to think that there were still 3 further layers of security on the cards that were not enabled

    2. Jaybus

      Re: Nice little earner for Intel

      Yes, well, Intel didn't invent the market. Hollywood and other content providers created the need for HDCP and created the market for HDCP devices. The only way the content providers could force this upon the TV manufacturers was to make it cheap and easy for them to implement. That is where Intel came in, supplying inexpensive HDCP hardware. All the good Professor and his assistants have done is reverse engineer Intel's hardware and implement it in a general purpose programmable FPGA, as opposed to a proprietary VLSI chip.

      The moral of the story is, if the original hardware can be made cheaply, then so can the reverse engineered version. Intel is essentially taking advantage of the paranoid content providers until such time that the content providers realize their mistake and begin embracing online streaming such as Netflix, etc. Can't really blame Intel for that.

  8. Will Derrrick
    Meh

    HD-MUX

    CurtPalme were selling the MUX-HD HDCP stripper for at least a couple years, it pairs nicely with the BlackMagic Intensity HDMI capture card. Works brilliantly on Sky HD (although it's easier to pull the audio in separately if you're after 5.1 audio.) This is great and all, but it's not really enabling anything new and practical.

  9. vic 4
    Thumb Down

    "able to achieve this in the context of a PhD thesis"

    WTF, have PhD's become as watered down as a-levels? While I'm not suggesting this achievement is anywhere near being worth a PhD, this comment seriously belittles the work anyone has ever put into gaining the right to/not to call them selves a dr unbelievable.

    Last time I directly heard a phrase like "was built by professor X and graduate student Y" it generally meant one person did the work and the other scribed their name. Still not as bad as being married, when my wife says "we completely renovated our house", she means I did the work and she watched, but then again someone has to otherwise who can say it actually happened.

    1. vic 4
      Unhappy

      right not to call them selves a dr

      Just thought I'd clarify, I gained this right by dropping out of my phd, after 8 years of being a student I needed to earn some money. Course if i'd been more intelligent/motivated I might have finished sooner.

  10. Anonymous Coward
    Anonymous Coward

    DRM only hinders the "legitimate user", namely, the stooge.

    $200 or $350, if the paper is to be published, there goes the blueprint.

    Anyway, it's not as if real hackers or pirates will not be able to fill the holes.

    I do not buy Blu-Ray discs anymore because they don't work that well with my semi-archaic gummybear-rigged setup (don't ask). If I bought it I want to be able to rip it easily, so I can enjoy it. Nowadays it's much easier to get hold of the non-drm perfect copy.

    And it won't matter if "they" plug all the torrent channels or newsgroups or whatnot. This thing is like water, it'll find a hole and leak.

  11. mark l 2 Silver badge

    Every time $ky issue a new card it means their old one was compromised in some way so its not as secure as they would like to make out, they don't spend millions issuing new cards just for fun, but do come down hard on anyone found hacking their system, especially for commercial purpose

  12. Anonymous Coward
    Anonymous Coward

    Wow... with this, I could finally use MythTV to record my shows and return the cable co provided set top box + DVR. My cable co sets *all* non-OTA channels to Copy-Once...

  13. Aaron 10

    €200?

    Even if it's €200, the copy protection is still good. Without the leak of the key, there's no way a €200 FPGA could discover it on its own... at least within a reasonable amount of time. Intel isn't worried and neither should we be. This "flaw" isn't a big deal at all, just the basis of a thesis of a very smart PhD.

    1. Levente Szileszky
      Stop

      RE: €200?

      You really don't understand the story - there's no need to break anything because you can BUILD an HDCP stripper ever since HDCP was introduced to the market; it's a built-in feature, disabling enforcement and it's almost impossible to trace back individual licensees and then revoke their license.

      It's a completely stupid, pointless and utterly broken system, just like everything our super-stupid, uber-ignorant, royally clueless fat parasites in Hollywood endorse.

      It's a decent revenue stream for Intel and an every day annoyance for all the rest, that's all.

  14. Wunderbarb

    Nothing really new

    In 2010, researchers have already published a full hack of HDCP encryption at http://www.cs.sunysb.edu/~rob/hdcp.html

  15. Henry Wertz 1 Gold badge

    @Serious answer.. to me, what it requires is two big changes.

    1) Recognize that rights restrictions are a waste of money. They *WILL* be cracked, and money spent developing them is flushed right down the toilet. People who download a given movie (for example) can play it on their fondelslab, phone, computer, hook up the TV and show it, burn it to a DVD, and so on. Purchase the same movie? RIghts restrictions trying to keep a physical copy on a physical disk. Electronic copies that try to restrict what they can play the movie on, may need a network connection for license management, need to use a (usually shitty and clunky) proprietary player to play the video instead of whatever they feel like.

    2) Perhaps watermarking? I would think for downloads they could be watermarked with the user's name (perhaps a visible watermark in addition to the invisible one -- if a movie said "This movie is licensed to Seymour Butts" at the end of the video, Seymour would think twice about sticking that up on bittorrent.) For DVDs and BluRays this obviously wouldn't work, but perhaps they could at least track back a bittorrent to the store or city it came from, this'd still track Seymour down much faster than "Well, he's somewhere on earth".

    There's no adjusting users. Sorry, the movie companies may want people to be obedient consumers, but I for one am not a consumer, I'm either a customer or not a customer. And that depends entirely on if I can use the product in question on devices of my choice or if they consider "Windows + proprietary player" to be good enough. Besides personally not using Windows, there's been a real disaster with these rights-restriction products, where purchased items work in Windows version X, but either don't work right or maybe not at all in Windows version X+1 (if the purchaser even has the right to use the same item with Windows X+1, as opposed to that being considered terms for having to repurchase.)

This topic is closed for new posts.

Other stories you might like