HDCP Encryption/Decryption Code Released

rtj writes "We have released an open-source (BSD licensed) implementation of the HDCP encryption/decryption algorithms. The code includes the block cipher, stream cipher, and hashing algorithms necessary to perform an HDCP handshake and to encrypt or decrypt video. The code passes the test vectors provided in the HDCP specification and can encrypt video at a rate of about 180 640x480 frames/second on a 2.33GHz Intel Xeon CPU. This isn't quite fast enough to decrypt 1080p content in real-time on a single core, but decryption can be parallelized across multiple cores. There are also many opportunities for further optimisation, such as using SSE instructions. We are releasing the code in hopes that others will further optimize it and use it in their HDCP-related projects."

Obligatory

[Pojut]

Get it on a shirt, on Digg, and in sigs everywhere!

No hardware?

[gtvr]

So does this negate Intel's statement that you can only do this if you build a chip with the code in it?

Re:No hardware?

[Mathinker]

Intel's statement had to do with the security of the use case of HDCP: digital video encrypted with HDCP being transported over HDMI cables. In other words, the hardware Intel claims is required, is specialized hardware which interfaces with HDMI ports. This software implementation is not interesting for cracking encrypted video if it cannot communicate with the Blu-Ray or other media player in question in a way which tricks the media player into thinking that the computer running the software is a certified display device.

Re:No hardware?

[jamesh]

NEVER underestimate a determined hacker.

Especially one who's been told it can't be done.

Re:No hardware?

[norpy]

Errrrr the point of this software is to perform the handshake which authenticates it as a legitimate source or sink device. The master key also allows you to simply generate a NEW device key if the one you are using happens to get blacklisted by a firmware update.

The reason this is useful is not for bluray, it is for first-run broadcast content.

Re:No hardware?

[icebraining]

But the sink keys they used could be banned, no? Having the master key means you can't ban them, because you can generate any possible key.

Re:No hardware?

[alexandre_ganso]

No, they can't do 1080p IN REAL TIME.

Re:No hardware?

[KiloByte]

In other words, the HDCP hardware decryptor is more powerful than the main CPU. Even with the specialized-vs-generic advantage, just think about the power wasted encrypting/decrypting it for no reason but letting the cartel control the market market and the complexity of the electronics you have to buy with your own money.

Every HDCP device should be slapped with a huge carbon and recycling tax -- with an extra punitive rate, since the waste is introduced intentionally.

Re:No hardware?

[blincoln]

In other words, the HDCP hardware decryptor is more powerful than the main CPU.

I'm pretty sure it's not, given that the $50 video card I bought last week to run a second monitor at work has an HDMI port on it. If the chip were that powerful, it would be too expensive to put on a card that cheap.

I'm sure this is just a case where specialized hardware is able to accomplish the task a lot more quickly than the first version of some software running on a general-purpose CPU.

Re:No hardware?

[Goaway]

In theory they could be banned, but in practice, due to sloppy distribution of keys, they can't ban them without breaking too many innocent devices, so they haven't.

Re:No hardware?

who says the output of your card is HDCP encrypted?
HDMI != HDCP

Re:No hardware?

[Andy+Dodd]

I think you greatly underestimate the advantage an ASIC has over a general purpose CPU (even the latest Intel CPUs with AES-NI) when it comes to crypto.

How about you RTFA:
"The HDCP cipher is designed to be efficient when implemented in hardware, but it is terribly inefficient in software, primarily because it makes extensive use of bit operations. Our implementation uses bit-slicing to achieve high speeds by exploiting bit-level parallelism. We have created a few high-level routines to make it as easy as possible to implement HDCP, as shown in the following example. "

Re:No hardware?

[Iphtashu+Fitz]

In other words, the HDCP hardware decryptor is more powerful than the main CPU.

Um. No. Not at all. CPU's are highly generalized computational engines. A CPU's instruction set contains every instruction needed to perform every operation by a computer, including I/O to peripheral busses, etc. A GPU is a highly specialized processor designed to complement a CPU and offload graphics-specific computations that requires a large number of high speed mathematical computations. It's only purpose is to take data from the CPU and render it quickly for a display. The functionality of a GPU can be implemented in a CPU, although with a huge degradation in performance. The functionality of a CPU can not be implemented in a GPU.

In summary:
1. A CPU is the brain of the computer and the GPU is only meant to complement it.
2. GPU's are specialized and cannot replace the function of a CPU.
3. CPU's can perform the functions of a GPU but at a much slower speed.

Every HDCP device should be slapped with a huge carbon and recycling tax -- with an extra punitive rate, since the waste is introduced intentionally.

What a crock. Thanks to technologies like CUDA you can write your own programs that leverage the GPU's in your existing video cards. It's likely only a matter of time before you start to see GPU-based implementations of this code, which means the nVidia or ATI card in your existing PC could easily decrypt HDCP content in real-time. So are you willing to pay excessive taxes for the video card in your PC? When implemented in existing DVI & HDMI chipsets, HDCP really doesn't require all that much more physical overhead, certainly not enough to justify an absurd carbon tax. Highly specialized hardware like that is significantly more efficient than even the GPU in your PC.

Re:No hardware?

[Amouth]

even in theory they couldn't be banned because they have the master key - meaning they can create any and all keys on the fly and at will - the only way to "ban" them would be to not use HDCP and use something else..

Re:No hardware?

[ledow]

Has no-one here ever used a SOFTWARE renderer in their games? Software on a general CPU is atrocious at accomplishing a task optimally. Hell, it sucked years before graphics required an extra card in your machine and it sucks even more now - how many "GHz" do you think your CPU would have to run at in order to match the performance of an average GPU by using software rendering? Probably a lot more than double what the best computer processor runs at now, or we'd be throwing GPU's away and buying quad-core's instead. Software implementations on a generic processor can't even come close to competing with a hardware device designed to do just that one task. Especially not on something that uses the x86 instruction set (go look at the speed of ARM chips compared to their heat / power / price).

Software implementations are basically emulations - take MAME or other emulators for example - you are software implementing a device that probably originally run at a handful of MHz and now requires a GHz PC to keep up with it, even if you remove quite a lot of the unnecessary interface logic. Now this is an entirely encryption affair here but even back in the days of VIA EPIA boards, VIA's on-chip encrypt/decrypt logic could outperform even the best Intel CPU.

It's a software implementation. Expect it to suck until it's optimised, and even then expect it to be way behind what a £10 FGPA could be programmed to do with the same base code.

Re:No hardware?

"No Linux for the desktop"

I DARE YOU HACKERS !

Re:No hardware?

[KiloByte]

This is the "specialized-vs-generic advantage" I mentioned. You do waste a lot less power, but you still do waste it for no gain whatsoever.

A parable: a crazy dictator ordered his workers to make a huge earth mound and then to level it, with nothing but shovels. Another dictator ordered his troops to make a mound of the same size and then level it, but this time he granted them heavy machinery. Which dictator uses his people better?

Re:No hardware?

[SharpFang]

This.
Simple bit operations are vastly faster when implemented in silicon.
Think of it. A simple "&" is 8 logic gates in silicon. In CPU it's a fetch value into register, reroute ALU to the bit-and operation, route source to source registers, target to target registers, select word sizes, perform the operation, fill the flag register in...

Or take something else. Reverse order of bits in a word. First is last, last is first. A very common operation, and if I recall correctly, essential in FFT.

i = (i & 0x55555555) << 1 | (i & 0xaaaaaaaa) >> 1;
  i = (i & 0x33333333) << 2 | (i & 0xcccccccc) >> 2;
  i = (i & 0x0f0f0f0f) << 4 | (i & 0xf0f0f0f0) >> 4;
  i = (i & 0x00ff00ff) << 8 | (i & 0xff00ff00) >> 8;
  i = (i & 0x0000ffff) << 16 | (i & 0xffff0000) >> 16;

How many CPU cycles would that be...?

Now in silicon, it takes 0 transistors. You just connect first input pin directly to last output pin, second to second-to-last and so on - "twist the ribbon 180 degrees". Zero cycles, zero transistors, speed - as long as the impulse takes to traverse a featureless path in silicon between the steps before and after this one.

Re:No hardware?

[somersault]

The one with shovels, because it's more entertaining?

Re:No hardware?

That's a clever argument: these chips do the job much more efficiently than CPUs, therefore they are free.

"I merely murdered the man; it's not as though I also raped his wife, shot his dog, poisoned his well, and burned the house down. You should let me go."

It's waste. If it served a useful purpose, perhaps it could be justified. Life is full of tradeoffs and we all value things differently. But in this case, the user payed for two chips (to encrypt and then decrypt) and electricity to run them, and got nothing for it. We're talking absolute zero here, without the faintest iota of mitigation.

And the user didn't get to shop in a free market where he could avoid this; a cartel made sure that he couldn't watch movies without this unmitigated waste. That is seriously fucked up and a legitimate basis for government action.

Re:No hardware?

[Panaflex]

Again, the point being that specialized, dedicated circuits can far outperform software on a predetermined algorithm. HDCP is a subset of the AES cypher, and is pretty heavy on the CPU. I've implemented AES on nVidia's CUDA and it would be difficult to get better then 50MB/sec. A 1080p30 stream should use a little less than 60 MB/sec - so it's going to be work, but considering HDCP is less complicated, it should be doable.

Re:No hardware?

[Alphathon]

HDMI port != HDMI cable. The active hardware has to output audio and be HDCP 1.1 compliant to be HDMI. An HDMI-DVI adapter is not active hardware, but a cable (or dongle; but as far as the tech goes they are the same anyway) so is not subject to the same standards. However, I am fairly certain that such adapters cannot be HDMI certified, therefore cannot display the HDMI logo (but can be labelled as HDMI, since saying that it converts DVI->HDMI or vice versa is not false advertising).

Now I think about it, I don't know if HDMI outputs are required to have audio, but certainly all inputs are required to accept at least stereo LPCM (which is why HDMI equipped monitors have audio-outs), so I may have got a little muddled up there.

Re:No hardware?

[shutdown+-p+now]

And the answer was:

"It rans fine on my desktop. WORKSFORME/PBCAK."

Re:That was quick

HDCP is dead.

Netcraft confirms it!

GPU Implementation

[Alias14]

I guess the next logical step would be a GPU implementation....

Re:GPU Implementation

but how are you going to get the HDMI output of your DVR into your GPU?

without doing the handshake right, there will be no stream to decode later on.

people will need to build an FPGA implementation of this, maybe parallel, to strip the HDCP.
by programming the FPGA with loads of possible sink key's they can switch as soon as one is blacklisted.

I don't know if there are any HDMI grabbers out there, but i don't think they're HDCP compliant.
i do know there is a component one that does 1080P, so maybe a HDMI->Component converter can be built.
(i know these exist already, but they might be blacklisted. i don't know if any device can have it's key updated, but this implementation will)

Re:GPU Implementation

[werfu]

I was going to say this myself. This is the kind of stuff that could be done in CUDA easily. If it can be highly parallelized than its meant for the the GPU!

Re:Congrats!

[Bert64]

It just means you can't do it in realtime on a 2.5ghz core2... Nothing to stop you dumping the encrypted data somewhere and decrypting it later.

Also consider a 2.5GHz Core2 isn't all that modern, and it doesn't even specify wether this cpu is dual or quad core. With 6, 8 and even 12 core processors available, plus the possibility to parallelize over multiple processors 60fps is quite achievable today.

There is also the possibility of using a GPU to do this.

Re:Congrats!

[norpy]

Not quite.

They said decryption of 1080p is 7x slower than 640x480, not that decryption is slower than encryption. This makes sense as 1080p is approximately 7x more pixels than 640x480!

Transforming the numbers (Re:Congrats!)

[Eivind+Eklund]

Those rates are for a single core. They say that decrypting 1080p is ~7x slower than 640x480, which correspond well to 1080p having 6.75x more pixels.

However, there's no reason for this to be restricted to run on a single core or a single machine. If somebody were to use this for distributing a real time stream (e.g, a sports broadcast) there's no particular reason to not just have each recipient of the stream do their share of the decryption.

Running the number, getting 60 frames of 1080p from the Core 2 requires 5.33 cores, which would correspond to three dual-core machines. This means you can't, with today's machines, just share it with your friend if you both have dual core Core2 machines - but with two friends it should work, assuming enough bandwidth available from each of the friends: 3Gbit/s for the full unencrypted stream, plus 1Gbit/s down for the stream to be decrypted, plus 1Gbit/s up for the part of the stream decrypted on that machine.

You'll also get real time decryption on a single Gulftown CPU: E.g, a Core i7-980X runs 3200MHz and has 6 cores.

Re:Transforming the numbers (Re:Congrats!)

[Cajun+Hell]

Just wait for someone to figure out how to run this code at a decent speed on some affordable FPGA dongle that can then be sold unprogrammed with a hdmi-in and hdmi-out for stripping the HDCP encryption.

Surely you're confused about the primary purpose of such a device. The primary purpose of such a device would be to add HDCP to your computer's video output so that terrorists can't spy on your online banking.

Now wait a minute, before you say that is utterly 100% totally and absurdly useless bullshit application, remember that millions of media players on the market are already doing exactly that. If Intel's lawyers were to say that encryption is not a believable use (why would you want to encrypt your computer display?) then they'll be admitting HDCP does not effectively protect content.

Re:Congrats!

[cbope]

60fps, why? That is 2x real-time, or a bit more than 2x if the source is 24fps. Once they are able to break 30fps decrypting in real-time, this is golden. It's only the first step, but it's an important milestone.

Re:That was quick

[Goaway]

Any bets on when we see this implemented in more full-featured software suites?

Never, as no software suites have any use at all for HDCP.

HDCP is used only for encrypting content as it travels across the cable to the display. Only devices connected to the display cable will ever see HDCP-protected content. Software players process the data before it is encrypted with HDCP.

The only thing this is good for is for wiretapping a display cable to capture uncompressed video, or for making a box that fools your paranoid computer into believing the display connection is protected.

Re:That was quick

[Canazza]

if it was just you, it isn't now
*bana wah wah. wah. wowadah wowa da wah wah*

Re:What would be the issues with a hardware versio

[mike260]

There are already bootleg hardware HDCP strippers on the market. It used to be possible to shut down these devices by revoking their keys, but that's now gone out the window with the master-key leak. Expect the next generation of devices to let you upload new keys to them, or maybe generate new keys themselves.

Software decryption is kinda interesting but you're right, hardware is where it's at.

Re:Congrats!

[Malc]

Blu-ray supports 720p at 59.94 fps. That's a greater amount of data than 1080p at 24 fps. 720p59.94 is also one of the Blu-ray 3D supported resolutions (i.e. doubling the differences with 1080p24 further).

BluRay Braille Reader!

[bill_mcgonigle]

Nice, a Braille reader for BluRay subtitles should now be technically possible. BluRays make decent eBooks with the right software.

(HDMI neglects to ship closed-captioning data so you *have* to capture/diff/ocr from HDMI rasters to extract the text).

dencryption consumes 1% of US power

When you watch a DVD or Bluray, the content is decrypted, then encrypted and decrypted again for HDCP.

A significant amount of energy is devoted to protecting the pre-internet business model.

This will only get worse over time, as media gets larger and media companies more aggressively cling to the old business model.

It took more than 100 years for the world to really adjust to the printing press. I assume at least the same time period for the Internet, before we can have our enlightenment period.

DRM is so costly, it should be forbidden.

[wvmarle]

DRM must be really really costly. And the bad thing is we're all paying for it - the honest customers even more than the "pirates" against which it is supposed to protect.

When I see how much computing resources it takes just to en/decrypt a stream - OK it's a general purpose processor, not something dedicated - I am thinking of the cost of those resources in all the devices we have. After all your BluRay player has to read the BR disk, decrypt the content, then encrypt it again to an HDCP stream, which is sent over to say a TV, which then decrypts it again to make it a watchable image.

Now if only we wouldn't need that encryption.

BluRay itself is (all but) cracked, that's one decryption step that can be done away with.

HDCP transfer is now done with; that's another two steps of en- and decryption that can go.

That is at least three pieces of beefy hardware. That's three chips that won't come for a few pennies each. That's three chips that will be wasting significant amounts of energy.

Plus of course the huge upfront cost to develop all that: to develop the algorithms, set up the secure key supply, designing the dedicated de/encrypt chips and writing all the software around it to make it work.

And all of us are paying for it. It makes BR players and disks and HDCP compliant hardware more expensive than necessary, it even increases our power bills unnecessary. I really wonder when this madness can come to an end.

Re:DRM is so costly, it should be forbidden.

[dpilot]

Years back I saw a chip-level presentation on the topic. It wasn't just a matter of decrypting the Blu-ray and reencrypting HDCP. Every content signal that came to a chip I/O was encrypted. The intent was that you wouldn't be able to buy hardware, open it up, hang probes on any chip, and capture "their" content.

Way more encryption hardware than you've suggested, but it's also specialized encryption/decryption engines, not GP processors.

Re:Congrats!

[cynyr]

a raid 5.1 of 10k rpm sas drives say, 12 spindles, should be enough. maybe 4 500GB SSDs would be as well.

So no i don't have A disk that can do it, but you can do it with a few disks.

Re:What would be the issues with a hardware versio

[LocalH]

I'd love to see a device that generates a new key every time it boots up. The ultimate unblockable device, no matter how many keys get revoked.

Re:Congrats!

[AusIV]

But ripping discs isn't really the target here. There are already tools available which can rip BluRay discs in software, without having to read a disc and play them over the wire in real time. More practically, this is targeted at streaming video sources such as video from your cable company, or perhaps for ripping from your cable company's DVR. Those streams are seldom (never?) higher than 1080i or 720p at standard frame rates, so 30fps in real time gets the job done.

I'm not saying 720p at 59.94 is worthless, but 30fps would support the majority of use cases.

Re:Congrats!

[Just+Some+Guy]

You've got a disk which can store decompressed 1080p in real time?You've got a disk which can store decompressed 1080p in real time?

It's my understanding that many new-fangled media devices have "pause" buttons that would enable you to break the task into manageable chunks.

I'm waiting...

[bjwest]

China. Where's my pass-through video card I can put in my MCPC to overlay text and graphics on my TV? I want to feed my TIVO into my MCPC so I can control my own PIP and overlays. I couldn't care less about pirating the stuff myself. If I want a local copy of something, it's already out in the wild - I'll get it that way. I just want to be able to control my media and view what I want how I want.

Re:That was quick

[bucky0]

I don't have a DVR, but a common complaint about CableCard is that a) many cable companies charge $5/mo for the card (which is as much as it costs to rent some of their DVRs), and B) CableCard is only supported using certain PVR software under windows (encrypted things have to be stored encrypted on disk). I could be wrong, but I think only MS's software supports it.

Though, honestly, with netflix and hulu, I don't see a reason to store gigs and gigs of video like I used to.

Re:So I have to ask

[cheekyjohnson]

"never pays for anything"

I pay for physical goods that aren't in infinite supply.

"and complaining when companies try and protect their revenue."

Sorry, but when it hurts legitimate customers in the process, it's not worth it. DRM, HDCP... it's all the same annoyance. Eventually (often extremely quickly) it will be bypassed by the pirates and it will only hurt the legitimate customers (some will either be angry and stop buying future media, and others may even turn to piracy because still want the media). In the end, their 'protection' only hurts themselves and actual customers, not pirates. So, yes, people are going to complain.

Re:What would be the issues with a hardware versio

[awshidahak]

Problem with this: Your other devices will eventually get restrictions on them that only allow a certain number of new devices to be connected to them before they fry. Every new key counts as a new device.