Slashdot Mirror

← Back to Stories (view on slashdot.org)

$350 Hardware Cracks HDMI Copy Protection

Posted by Soulskill on from the unbreakable-is-only-motivation dept.

New submitter LBeee writes "German Researchers at the Ruhr University Bochum built an FPGA board-based man-in-the-middle attack against the HDCP copy protection used in HDMI connections. After the leak of an HDCP master key in 2010, Intel proclaimed that the copy protection was still secure, as it would be too expensive to build a system that could conduct a real-time decryption of the data stream. It has now been proven that a system can be built for around $350 (€200) to do the task. However, the solution is of no great practical use for pirates. It can easily be used to burn films from Blu-ray discs, but receivers which can deliver HDTV recordings are already available — and they provide the data in compressed form. In contrast, recording directly from an HDMI port results in a large amount of data."

2 of 161 comments (clear)

  1. Clarification by LikwidCirkel · · Score: 5, Informative

    Since some people seem confused as to why this is special and what it actually does.... I'll try to explain some things.

    Yes, HDCP happens right at the I/O chip, and you can extract unencrypted raw video bitstreams in a variety of ways. All involve actually opening up the receiver device and soldering on wires.

    Typical HDCP compliant devices use a ROM with a vendor key that's attached right to the I/O device. Industry standard devices such as the ADV7441 or AD9889 from Analog Devices fully support this, and interface to the rest of the system with a standard raw video bit stream. The contents of these vendor ROMs are typically unique to each vendor and their contents are not even disclosed to the vendor. They do not contain the master key, but are somehow related to it. This is cheap - the ROM's probably cost pennies, and the cost is more about registering as a certified HDCP compliant device. It's pretty much a plug-and-play solution for display device vendors - simply attach the vendor code ROM to the receiver chip, and the device just outputs unencrypted video to the rest of the system.

    There are various mod kits for adding SDI or unencrypted DVI/HDMI outputs to things like Blu-Ray players, but they all work just by connecting to the raw bitstream lines AFTER the decryption at the actual HDMI receiver chip.

    On an HDMI cable, the actual encryption that takes place is specific to keys on both sides, so can't generally be universally cracked. If a vendor key becomes compromised, future Blu-Ray players can blacklist it.

    What makes this solution useful, is that it's just about the only way to crack the encryption on-the-wire without having to open anything up or solder anything, and it can't be prevented by simply blacklisting vendor keys.

  2. Re:And with HDD prices these days... by Anthony+Mouse · · Score: 5, Informative

    You lose data because the differences between the lossy version after decompression and the lossless version are compounded by recompression. If you have a sufficiently high quality original, even if it technically is not lossless, the differences are minimal. To the point that you won't really be able to see the difference after recompressing it.

    By contrast, YouTube is particularly bad because most people start with a low quality video and then YouTube recompresses it at a low bitrate.