Slashdot Mirror
Making and Breaking HDCP Handshakes
Cadre writes "Ed Felten describes the handshaking routine used by HDCP and how if any 40 devices conspire together, they can break the security of the system."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Also - anyone thinking the 40 'conspiring' devices makes it impractical to break HDCP/HDMI - think again. It just means 40 (or less) like minded hackers have to get together - not particularly hard to imagine these days.
There are shills on slashdot. Apparently, I'm one of them.
But I don't have room for the forty big-screen TVs.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
NVFM
I dub thee... Sir Phobos, Knight of Mars, Beater of Ass.
Four was an example for the article.
Try reading the rest of the article.
His attack methodology is correct, but it will take more than 40 devices to break the system. The chances are very low that all 40 devices being linearly independent, and therefore each one offering non-duplicate information about the system. If you read the comments, he actually inadvertantly ran into this problem with his small example of 4 keys.
However, in writing this, I realize that I do not know how many keys you would need to present a good probability of solving the system of equations. Anyone want to run a simulation?
security vs. ease of use. You can make something so secure that it is almost impossible to break. The trouble is that it becomes so cumbersome that no one wants to use it.
The example that comes quickly to mind is copy protection on software. At some point it drives away paying customers and doesn't deter the pirates.
Personally, I think I will continue to use the analog hole because there isn't that much stuff that really needs high definition to be enjoyed.
From TFA: Apparently Mr. Felten has a somewhat twisted idea of "eminently doable".
The HDCP CA will certainly only give out keys to people who sign very very scary agreements not to engage in exactly the sort of activities described. While a few of them might "accidentally" leak their keys, I find it exceedingly unlikely that 40 such companies will pay for a key vector, just to take the risk of getting sued out of existence.
Though I have to wonder about the actual security of these keys under the condition of physical access. That point might make Felten's proposed crack viable, if we just need to find a weaknedd in 40 devices out of the thousands that will eventually hit the market - ESPECIALLY if player software needs to have a valid key as well.
I also wonder why we need to "know" even one, much less 40, secret keys beforehand, however... It doesn't sound like you need to come up with the correct answer to get a single response. If you faked 40 devices, couldn't you still get the target device to respond at least once to each, thereby getting the necessary 40 unknowns? Sure, this would reduce to 40 instances of cracking a 56(?) bit key, but a modern PC can brute-force that in under a day.
As a poster said at TFA, why did they reveal this attack so soon? It would have been much better to wait another few months until HDCP displays and video cards were shipping in larger numbers. That being said, who's comes up with these lame cryptosystems anyway? First CSS, which was a joke, now this, and you know the Advanced CSS will have holes in it big enough to drive a truck through. The bad news is that some day they will start hiring people who know what they're doing with cryptosystems and then we're all screwed.
From the article:
"This sounds pretty cool. But it has a very large problem: if any four devices conspire, they can break the security of the system.
To see how, let's do an example. Suppose that Alice, Bob, Charlie, and Diane conspire, and that the conspiracy wants to figure out the secret vector of some innocent victim, Ed. Ed's addition rule is "[1]+[4]", and his secret vector is, of course, a secret."
HDCP has been broken, and has been proved to be weak in 2001 twice. See http://apache.dataloss.nl/~fred/www.nunce.org/hdcp /hdcp111901.htm
In real life the devices have a vector of 40 secret numbers, he's using a vector of 4 to illustrate withour bogging down the reader.
The key is that with N variables (the number of different numbers in the vector), you need N equations to solve the set of equations for all of those variables - it's simple linear algebra.
When you purchase a licence, you get a bunch of 10000 keys for $16000, so S.O.Mebody could use this within an organisation to analyse the generation matrix, and actually produce 40 new keys and release them to the wild. No comeback.
Simon
Physicists get Hadrons!
If the terrorists want to crack HDCP, I'm all for it as long as they release it to the general public... which they probably wouldnt being terrorists and all. They would reprogram their pre-hdcp complient HDTV's to get full high def channels. those bastards.
It wasnt rare to find a building with half of the neighbors connected to the same set-top-box when PPV arrived. ;))
Well lets say a company had 40 keys... but they all have the same addition formula. What now? Everything would come out the same.
I was checking the Sunday advertising fliers this morning, and see that many of the new TVs are advertising HDMI as well as PC connections. Can someone please explain my limitations?
1: Can I hook up my current VGA or DVI to one of these, and display the content I can currently display?
2: Is the only limitation/constraint the new HD/BlueRay DVDs with "double-plus-good super-duper copy-protection, put there to protect me AND the children"?
3: Related to both, assume I have MythTV running with an HD capture card. (I don't yet, but plan to, before they become illegal. What's the latest status?) Can I run my captured content out through one of these new displays?
The living have better things to do than to continue hating the dead.
There is one thing I hate worse than this DRM (Draconian Rights Management) crap: region encoding. DRM only effects me if I want to make a backup or play a disk I bought with Linux. Now if I buy a disk in Europe and want to play it in Canada it is not doable, officially. Unofficially I have to get a DVD player with a backdoor, or a PC DVD player with the Firmware hacked or rip the DVD - all this for a DVD I bought legitimately!?
And then there is something that scares me: how unaware of this many people I speak to are, even some people working in IT!
Jumpstart the tartan drive.
I had exactly the same thought. I think this attack may fail. Or rather not be as immediately successful as imagined. Ironically, the fatal flaw is contained in the same algebra mistake made in the orginal post.
In order to prevent this attack from being done easily, the central authority could deliberately hand out linearly dependent addition vectors to any company that applies. For example, suppose a company applies for 10,000 keys. The central authority gives them 10,000 keys and 10,000 addition vectors. But the addition vectors are all crammed into the first 14 or 15 bits of the 40 bit addition vector. (that is bits 16 to 40 are zero). This would assure that the addition vectors are linearly dependent and the code cannot be cracked.
In effect the 10,000 keys are hobbled to representing no more than 15 independent keys, not the requisite 40 to crack this.
Thinking even more globally, the central authority could reserve say the last 10 bits of the addition vector, so that all devices manufactured from 2008 to 2010 never used the last 10 bits. then all devices manufactured from 2010 to 2012 always used the 31st bit but none of the last 9. Then in 2013-2014, all devices always use the 32nd bit but none of the last 8. and so on.
thus they can prevent anyone from collecting all 40 so far into the future that they can assure that any crack that works this year will fail on all new devices.
Of course, the hackers only need to stay on the ball and update their hacks as they can. But it's going to take a very large consipiracy among multiple companies to collect large enough set of addition vectors to crack this.
Some drink at the fountain of knowledge. Others just gargle.
This is what the guy who originally said he could easily crack HDCP said. And the only reason he didn't release specifics (which could have allowed them to fix it before it went 'public') is because he'd have been in some boiling legal water thanks to the DMCA. As it is, the publisher of this story probably will be, but the system will still be cracked *very* quickly, and we'll all have AnyHDCP running in our trays so our computers are stupid-proof.
How are sites slashdotted when nobody reads TFAs?
I may be totally misunderstanding, but won't the 40 devices need to have their private numbers assigned from the central authority as well (and presumably have to pay $$$$$ for it)? Otherwise, when they send [1]+[2] to the device they are cracking, and get back [3]+[4], it will be meaningless unless the hacker's internal numbers' 3+4 addition equals 1+2 of the remote device.
Oh, I see, breaking the security of the systems. Right. Didn't see that the first time. Sorry.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
IANAIPL, but....
You're arguing your fair use rights against the copyright holders rights to regionally control distribution. I don't think this is quite as cut and dried.
On the other hand, region encoding doesn't seem to make as much sense in this day of global economies. Do they still even have staggered releases of movies?
Ok, so help me out here. Doesn't that reduce the effective keyspace by an order of 2^16? Seems to me that would make a brute-force attack much more practical. (It doesn't matter if you set the first 16, last 16, or any arbitrary (but consistent) combination of bits to zero, it will still reduce the keyspace for all devices by the same amount.)
Of course, I don't know much about the algorithm itself, but from the blog's example, it should be simple to test the validity of any arbitrary key with any device.
Increasing the keyspace as you have suggested would actually make the codes more secure as time went on - but given that there are always going to be those initial devices with 24 instead of 40 bits, those will always be the most attractive target. And it only takes one key, one time, to build a device which can output an unencrypted stream, breaking the whole system catastrophically.
Have I got that right?
[Note: I define pirate as someone who infringes copyright on a large scale for profit. That doesn't mean others aren't infringing.]
All this anti-piracy encryption is still missing the point. Long before CSS was cracked, pirates were bit copying DVDs.
AFAIKT, the new disc formats don't have any magic that prevents a pirate from making physcial (i.e. analog) copies of a purchased source disc. Players have to be able to read the bits off the disc. A recorder can write the same bits back on a disc. No decryption necessary for a perfect copy.
Maybe they'll bring back the "bad sector" copy protection schemes. Remember when you couldn't play a game w/o its install floppy that had deliberate bad sectors on it? And you couldn't copy it as the PC would helpfully correct the bad sectors. Yes, I've keyed in boot vectors in binary from the front panel, why do you ask?
You have it partly right and partly wrong.
First, HDCP does not require super security. It's not how the media is encoded it's just the transport from the player to the viewer that is being encoded. There's a whole nother more secure code for the media encryption. I think what they want to avoid is some gizmho you could put inline that would decode it. SO if they can create a situtation where there is no universal gizmho for every player/viewer combination or one that breaks every year when a new device is released it accomplishes a lot of their purposes.
One supposes that the point of attack has to be outside the media player (dvd) since otherwise there is no need to attack the transport layer and you already have everything you need to decode the video if you are in controll of the inner workings of the player.
So in trying to attack the transport layer there's no reduction of the complexity of the key by restricting the addition vector to a subset of the possible bits. In general it's always going to be about half the bits (half on half off).
By restricting the addition key space its sort of like restricting the space of challenge codes to a challenge response algorithm. The main effect of this is to prevent a challenge code from being seen previously and thus the response learned.
Of course it does, as you surmise, reduce the brute force number of challenge codes one might try to learn every possible attack for that series of player. But I suspect the set is still so large it matters not. And moreover, as I said, that still wont let you build a universal decoded gizmho, just one that works for that particular player for that model year.
Of course for some folks that's all the want. e.g. if it becomes known that there is a gizmho that can be attached to a 2007 sony model XXXXX that can then be spoofed with a certain addition vector then all the hackers will go out and buy that 2007 model which will then work indefintely. But one guesses that maybe the media will then come with something that recognizes that model number and refuses to play in high def. Not sure if they could get away with that as it would piss off some consumers.
Some drink at the fountain of knowledge. Others just gargle.
Wow so many folks sort of missed the point here...
Felton's description of the weaknesses of DHCP handshakes is of only one potential attack. Combined with other attacks and it's entirely possible that a group effort could crank out new secret vectors faster than the M.A.F.I.A.A. could revoke known compromised ones.
For example: If more was known (than I know) about the encryption algorithm used (AKA "the hdcpRngCipher") work could be started on creating dense & smart Time-Memory Trade-Off tables. This is a non-trivial task involving tens of thousands of CPU hours... a perfect thing for a validating distributed computing application (oh. this. has. so. been. done. before).
Also a HDMI repeater or splitter isn't very far from being a sniffer... I think all it lacks is a little I2C to USB help. This, the tables above, & a HDCP device will net you all the vectors you need to employ Felton's attack. Once one set has been compromised and the methodology worked out it's just a matter of turning the crank to get more and potentially very, very quickly.
The utility of these attacks goes well beyond being able to view 1080p on a non DHCP device... one could render revocation useless be attacking high-end components sold by M.A.F.I.A.A. members (i.e. Sony). This eventually must lead hardware devices running out of un-revoked vectors and becoming inoperable... an untenable situation for the M.A.F.I.A.A.
Now, if such a concerted attack is organized on the hi-def media... I feel that we will be right where we are now... a reasonably astute person can watch any DVD wherever they want and they can retain a backup of that media in a format of their choosing.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
First of all, let me admit that I'm not big into electronics. Best I can do is hook a cable onto my computer and pray that it gets the signal across. So please educate me.
How is he going to find out what the device "wants to hear"? Is he going to sniff into the communication between two "legit" devices? Or is he going to try to "talk" with one of them and brute force through try and error (because it's unlikely the device will send him the "right" answer to the question as well)?
How's he getting the information?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Someone will connect an oscilloscope to the wire(s) that connect(s) the devices and reverse engineer the communications signal. They will then construct a custom breadboard able to talk to any HDCP device while being able to impersonate a device with a programmable HDCP vector/rule. With a link (ethernet or serial) to any modern day PC they'll just brute force it.
It won't be difficult.
The government itself is not stealing your liberties. Their new programs are enabling criminals who will.
a whole nother ???
When you know the vectors of a machine, you only know what it can send you, but not what it expects from you. When the machine tells you to add [1] and [3], you have to know the index of this rule in its ruleset as well, so you know first of all what it wants to hear from you, and second which indexes it wants to get asked from you so it adds up to the same number.
Technically you could of course go ahead and implement the same vectors and keys, which would of course yield the same results. But you need the ruleset, too, or at the very least the same keys the machine has.
A true generic hack that works against any machine would require vectors and math rules, so you could tell the correct answer without knowing the asking machine's ruleset.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And of course, I can only hope this happens as the only way to prevent all erosion of our consumer rights is to let the big corps fight amongst themselves. The battle between HD-DVD and Blu-Ray is one example (I hope they both lose).
If this were really happening, what would you think?
This is an interesting device:
http://www.doremilabs.com/products/XDVI-20.htm
It converts a DVI signal into an SDI-HD signal.
Then with a card like this -- http://www.blackmagic-design.com/products/hd/
and a disk array that could handle about 1.5 gbits/sec you could record the high-def signal in an accessible form.
With the drives we're in the $1500 range for all the gear, so it's not cheap, but it is 'prosumer' level.
Ah, that explains the 40 suspicious looking toasters gathered in my basement whispering to each other.
Couldn't you get this without first gaining the secret vectors for 40 devices? Suppose you only knew the secret vector for just one device. Borrowing from the article's example, couldn't you do something like the following:
Alice is a device whose secret vector has been obtained through means not addressed here. Bob is a commercially purchased device with an unknown secret vector.
Known: Alice secret vector is (26,19,12,7)
Known: Alice addition rule is [1]+[2]
Known: Bob's addition rule is [2]+[4]
Unknown: Bob's secret vector (b1,b2,b3,b4)
Hacker impersonating Alice receives data from Bob and decrypts it into DATA.
Hacker now knows that b1+b2 = a2+a4 = 19+7 = 26
Hacker changes his addition rule [1]+[3] and tries again.
Hacker receives encrypted data from Bob. [1]+[3] is some Keysize number (2^56?). Hacker performs a brute force attack against the encrypted data until he finds key K that produces the same decrypted DATA as before. Hacker now knows that b1+b3 = K.
26-K = (b1+b2)-(b1+b3) = b2-b3.
Repeat a couple times and you have enough equations to solve for the individual vector values. This gives you Bob's secret vector.
Repeat against 38 more devices and you have the requisite number to break the whole algorithm.
Someone better at math than I am, please feel free to jump in and tear holes in the argument.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I see what you mean, that makes more sense.
So let's say, for the sake of argument, that the whole keyspace is tested; i.e., that for an arbitrary key that you create you have gathered the entire range of challenge responses from a particular device and stored each. Is an addition vector an NP problem that wouldn't give up the secrets of the key itself even if all the challenge responses were known?
It would seem that it must be to serve the intended purpose. It's much more damaging to be able to spoof a particular device to other devices than to spoof a response sequence with a single devices, yes? That way you could sell a device to any user that emulates a "2007 sony model XXXXX" to any other device to decrypt the stream in real-time, versus having to buy a "2007 sony model XXXXX" to work with the theoretical gizmo. But all of that would rest on the ability of the addition vector to be reverse-engineered, which I must confess I'm ignorant about.
It used to be called "a cartel" and it used to be illegal.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
But the addition vectors are all crammed into the first 14 or 15 bits of the 40 bit addition vector. (that is bits 16 to 40 are zero). This would assure that the addition vectors are linearly dependent and the code cannot be cracked.
Didnt the article say that the vectors always have 20 1's and 20 zeros? Doesnt that limit the permutability of the vector?
Also, if you were to hand vectors out 10,000 keys like that to one manufacturer, woudln't you only need 14 or 15 of those types of devices to conspire to break the system? You could essentially break any device of that manufacturer (or whoever made the internals) with a fewer number of devices.
The Doormat
If you're not outraged, then you're not paying attention.
The solution is easy according to an anonymous physicist. I showed him the problem and it took him 2 min to do this. He laughed when I told him this is a multi-billion dollar cipher system.
Apparently any 1st year maths student can do this. This is not the best method however and using a matrix to solve for lambda is the best way, so he says. By the way it took me about 2 hours brute forcing it by logical trial and error using pen and paper.
okay then 20 not 15. whatever. they just don't release the full basis to any vendor. then you cant universally reverse emgineer it.
and no. you are confusing devices with dimensionality. a 20 dimensional spaces spans much more then 10,000 devices.
Some drink at the fountain of knowledge. Others just gargle.
No this scheme won't work. Here's why.
...
the keys are never transmeitted only the addition rules. So here's a hypthetical exchange
device 1: my addition rule is 17+13
device 2: my addition rule is 24+5
device 1: okay I computed the secret= key[24]+key[5] (which I alone know)
device 2: okay I computed the secret = key[17]+key[13] (which I alone know)
at this point both secrets are the same but neither secret has appeared on any tapable wire.
now dev1 says:
dev1: youre challenge is to encrypt this number: rand = 1380912
dev2: my resonpsne is theat encrypting 1380912 with my secret key gives 478120181
dev1: hey that's right, I was able to check that using my secret
dev2: youre challenge is to encrypt this number: eand = 18171710
and so on.
now each device has poven to each other they share the same secret key but they have never transmitted it.
You cna't memorize the transaction pattern for two reasons. 1) the random challenge will vary even if the addition keys dont
and any time you connect a new device the addition keys will change.
Some drink at the fountain of knowledge. Others just gargle.
I think everyone is getting things too complicated! in ANY system that can be used by humans (ie viewed and/or heard) there comes a point whereby whatever data is used becomes 'human' readable, at that point all security becomes useless. I can read from just before the output device, why not just unplug the LCD screen and read the signals direct? All HDPC does is try to stop me from reading the signal PC to LCD electronics, as far as I can make out I can read the internal signal to the actual crystal matrix with no problem. Just as for any audio I can plug the speaker output into an input and read that. All any DRM does is make pirated copies MORE attractive.
Hardware design costs: $6 Million
User Interface software design: $1 Million
DRM Engineering: $1 Million
Having some wiseass kid from Sweden (Or wherever) render $1 million worth of DRM Engineering useless a month before your product ships: Priceless.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Yeah, I noticed that too. The conspirators need the office in Burbank to conspire with them!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Collusion, In cryptography when more than one end of a
"secure" protocol begins to act in a way with another
end(s) of the protocol which is disadvantageous to the
overall security of the protocol, this is known as
collusion.
Conspiracy is what UFO nuts and the alike prefer to use
when talking about supposed government behavior which
is meant to distort their reality. ie: taxes and elections.
Arash
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
The handshake algorithms allows a cool new business-strategy:
- get 40 secret vectors
- use these 40 vectors to recover the secret vector of a well-selling HD-DVD TV screen
- approach the vendor, and threaten to release the secret vector
- profit!: The vendor will have to pay, otherwise the TV screen will end up on the blacklist, and the owners won't be able to play HD-DVD's anymore.
Get your "S"pecialized "H"DTV "I"ntegrity "T"ransducer (aka Spatz-Tech amplifier) right here at http://www.spatz-tech.de/.
/.
That is h t t p : / / w w w . s p a t z - t e c h . d e
Get it while it last! Before you get screwed over royally by the "S"pecial "H"ollywood "I"nsecurity "T"roupers (sic).
The HDCP handshake needn't be strong. We all know that cryptography is of little use to DRM.
The point is, it's painted as a technological measure for protecting copyrighted content. That's enough to get you arrested under the DMCA if you willfully break it.
AC
If you already have one secret vector and the addition vector that goes with it, why would we need to figure out some other devices secrets? Couldn't a device be made that uses the information we already have, that outputs non-HDCP encoded data?
Ooh, a new definition of the "D" in DRM.
Draconian Restrictions Management has a nice ring to it.
a whole nother ???
Abso spanking lutely.
This isn't about the keys themselves... this is about the fact that if you can pull off the attack you can render the "blacklisting" or "key-revocation" system completely inert, meaning the protection is now permanently broken.
The whole idea behind the revocations was that when hackers inevitably get ahold of some keys they can just blacklist those keys and everything will be A-OK (no DeCSS). We now know that this system will never work.
Natural != (nontoxic || beneficial)
I once heard a Secret defined as: Something you tell only one person at a time.
Too many people have to know this secret to keep it secret. Especially since once you have one secret set of numbers (which could be traced back to the leaker), you should be able to generate an equivalent set not belonging to anyone.
Wikipedia says that Key Revocation is part of the standard, which means that it's possible to determine just who is on the other end somehow by the way the keys are added up. But can this be effectively used in the real world? If someone breaks the key list in, say, Sony televisions, can they truly, suddenly, disable tens of thousands of expensive television sets from receiving future content without massive consumer backlash? Can Sony afford to "repair" all the compromised sets?
Seems to me that, in the real world, any attempt to actually enforce this protection, which is eventually bound to leak out anyway, can only succeed by destroying your customer base in the process. Not that the idiots attempting this aren't foolish enough to actually try it.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Also - anyone thinking the 40 'conspiring' devices makes it impractical to break HDCP/HDMI - think again. It just means 40 (or less) like minded hackers have to get together - not particularly hard to imagine these days.
Furthermore, as Ed notes, once one key is found, we can generate keys on the fly (if I read that right. if not, we can still get quite a few keys before they can invalidate them all). At that point, an intelligent hacker can build a system to plug into anything with HDCP and determine the key within minutes (generate 40 new keys, sync 40 times, do the algebra, and now you know).
Why don't these people understand that if you give people the key and the mechanism for unlocking things (both contained in the firmware/hardware for these devices, at this point), you can't keep them secret for long?
I [may] disapprove of what you say, but I will defend to the death your right to say it.
And we can just imagine what happens then...
Vista:XPSP2::ME:98SE