Slashdot Mirror
Making and Breaking HDCP Handshakes
Cadre writes "Ed Felten describes the handshaking routine used by HDCP and how if any 40 devices conspire together, they can break the security of the system."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Also - anyone thinking the 40 'conspiring' devices makes it impractical to break HDCP/HDMI - think again. It just means 40 (or less) like minded hackers have to get together - not particularly hard to imagine these days.
There are shills on slashdot. Apparently, I'm one of them.
But I don't have room for the forty big-screen TVs.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
His attack methodology is correct, but it will take more than 40 devices to break the system. The chances are very low that all 40 devices being linearly independent, and therefore each one offering non-duplicate information about the system. If you read the comments, he actually inadvertantly ran into this problem with his small example of 4 keys.
However, in writing this, I realize that I do not know how many keys you would need to present a good probability of solving the system of equations. Anyone want to run a simulation?
HDCP has been broken, and has been proved to be weak in 2001 twice. See http://apache.dataloss.nl/~fred/www.nunce.org/hdcp /hdcp111901.htm
In real life the devices have a vector of 40 secret numbers, he's using a vector of 4 to illustrate withour bogging down the reader.
The key is that with N variables (the number of different numbers in the vector), you need N equations to solve the set of equations for all of those variables - it's simple linear algebra.
When you purchase a licence, you get a bunch of 10000 keys for $16000, so S.O.Mebody could use this within an organisation to analyse the generation matrix, and actually produce 40 new keys and release them to the wild. No comeback.
Simon
Physicists get Hadrons!
Rather unlikely. The whole concept of DRM is bankrupt as a cryptographic concept because you are handing over the ciphertext, the plaintext and last but not least the key over to your adversary (usually called "consumer" or "hacker"). Sure you can try to make it hard for him to actually get them but you already handed them over and it just remains a question of time until they are recovered.
Meanwhile, a single break is a class break for at least all the content released up to the point of the break (even with "revokable" keys). Also, once a broke the system once, the content is freed forever and can be distributed at leisure (darknet hypothesis), which means even some small quality loss may be acceptable to the attacker since that loss would only occure once.
In short, DRM is a DReaM indeed.
1. There are HDMI to DVI cables. The only question mark is the type of DVI your card uses. There are 3 types, depending on which sets of signals the jack has: DVI-A, DVI-D and DVI-I. HDMI is all digital, but its backwards compatible with DVI-D (DVI-I is a combination of both A and D - analog and digital). So unless your card is DVI-A, you should be able to use a DVI-to-HDMI cable to hook up your display. You will need to make separate arrangements for audio, however, since DVI (unlike HDMI) has no provisions for it.
This does presume that the card is able to put out a mode/timing that's compatible with the set, of course.
2. What you're probably talking about is the requirement that non HDCP-hardened outputs from HD players are supposed to be down-resed to 480p (or whatever). I don't know for certain, but I'm willing to bet that this is not an absolute requirement, but that there's a bit that the disk can set to require this behavior. Not all studios or titles will make the decision to flip that bit on on their content, and I'd certainly expect them not to bother until/unless the technology to take DVI-B and rip it to MPEG4 becomes widespread. Unlike macrovision on analog outputs, which largely went unnoticed with DVDs, this bit does threaten to have a real impact on folks, so I would expect a site to pop up relatively shortly with a list of disks "not to buy" unless you have HDCP. The industry might even respond with a standardized icon on the box whose meaning is "HDCP required for full resolution."
The other obvious restriction is that the HD media is itself encrypted, so when HD-DVD-ROM drives come out, you won't be able to read the data off of them (except in the context of an HD-DVD movie player app), at least not until it's reverse engineered and cracked like DVDs were.
3. I may be wrong, but I am unaware of any HD video capture cards. There are HD tuner cards/boxes out there that will do HDTV, but they're decoding the RF from a TV station and getting MPEG2 streams. That's not the same thing as ripping 1080i from a DVI connector and turning THAT into MPEG2. Even if that were possible, the original source (HDTV, HD-DVD, DVD, whatever) was probably compressed in the first place, so you'll be recompressing it, which will degrade the picture some (more).
HDMI compliance is not required, you just need a DVI to HDMI is just a rework of the DVI cable to allow for easier consumer connections and include audio.
from http://www.ramelectronics.net/ "HDMI - Digital connection for Video and 8-channels of Digital Audio as well as device control features. Electronically better potential for supporting longer cable lengths than DVI for digital video.
Specification supports up to 12 bit Y-Pr-Pb video (rarely implemented on equipment) as opposed to 8 bit limit of DVI RGB."
I've used them before for other AV media conversion products and they make pretty good stuff.
also see the HDMI FAQ at http://www.hdmi.org/about/faq.asp
which states "Is HDMI backward-compatible with DVI (Digital Visual Interface)?
Yes, HDMI is fully backward-compatible with DVI using the CEA-861 profile for DTVs. HDMI DTVs will display video received from existing DVI-equipped products, and DVI-equipped TVs will display video from HDMI sources."
Wow so many folks sort of missed the point here...
Felton's description of the weaknesses of DHCP handshakes is of only one potential attack. Combined with other attacks and it's entirely possible that a group effort could crank out new secret vectors faster than the M.A.F.I.A.A. could revoke known compromised ones.
For example: If more was known (than I know) about the encryption algorithm used (AKA "the hdcpRngCipher") work could be started on creating dense & smart Time-Memory Trade-Off tables. This is a non-trivial task involving tens of thousands of CPU hours... a perfect thing for a validating distributed computing application (oh. this. has. so. been. done. before).
Also a HDMI repeater or splitter isn't very far from being a sniffer... I think all it lacks is a little I2C to USB help. This, the tables above, & a HDCP device will net you all the vectors you need to employ Felton's attack. Once one set has been compromised and the methodology worked out it's just a matter of turning the crank to get more and potentially very, very quickly.
The utility of these attacks goes well beyond being able to view 1080p on a non DHCP device... one could render revocation useless be attacking high-end components sold by M.A.F.I.A.A. members (i.e. Sony). This eventually must lead hardware devices running out of un-revoked vectors and becoming inoperable... an untenable situation for the M.A.F.I.A.A.
Now, if such a concerted attack is organized on the hi-def media... I feel that we will be right where we are now... a reasonably astute person can watch any DVD wherever they want and they can retain a backup of that media in a format of their choosing.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Did the moderators Read The Fine Article before giving the parent points?
Felten in talking about "a conspiracy of about forty devices" is not saying that (defectors at) forty device makers have to reveal secret keys. What he's saying is that you just need to the 40 devices themselves, or rather (as post above pointed out) enough to get 40 different key sets (and some math and programming ability). Then the crack is done by analysing the bit streams between the devices (between player and display, or whatevre).
The expense is the cost of all those tvs and players. Bribing the device makers is a *different* kind of attack which Felten rules out as impractical.
It used to be called "a cartel" and it used to be illegal.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Well, kicking down the front door of the central HDCP bureau and storming it with torches and pitchworks to get the master key is just another kind of brute force attack, no ?-)
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.