If the rumours are true, and if this Pastebin post (be sure to mirror the key if that won’t get you in trouble with your authorities) is legitimate, then it looks like High-bandwidth Digital Content Protection has been cracked so hard its mother’s mother felt it. HDCP is a copy protection mechanism which protects the audio and video streams sent over DisplayPort, HDMI, and DVI.
HDCP is an invention from Intel, which secures the data path between playback device (source) and receiver (sink). Each source and sink device has its own private key, generated in such a way that each pair can decrypt the data sent from source to sink without revealing the actual keys in use. To achieve this, each key – source and sink – has to be generated from the same master key.
As early as 2001 people warned that it would only take about 50 source/sink keys to be able to generate the master key, and if the rumours are indeed true, then this has finally happened over the past few weeks. There’s also the possibility that the key has been leaked instead of generated, but the author of a 2001 paper warning about the possibility to generate the key doesn’t think this is the case.
The master key is a a 40~A—40 matrix of 56-bit numbers. While the web has been buzzing about this one for a few days now, it’s a little difficult to ascertain the validity of the claims made. Assuming the master key is indeed legitimate, it wouldn’t be of much use for average consumers at this point, as Ars Technica’s Peter Bright explains.
“This is unlikely to be of much interest to the typical consumer – most people don’t have digital capture devices anyway – but it does mean that someone suitably motivated could build an HDCP sink device that could decrypt incoming HDCP data and produce full fidelity digital streams, and that this device could never be blocked,” Bright argues, “Such a system would be of interest both to pirates and those with legitimate data archival needs.”
Still, if the master key is real, it could start to bring an end to the myriad of incompatibility issues people encounter when mixing and matching HDMI/DVI/etc. devices – such as a PS3 not being able to use a certain monitor, or a Blu-Ray disc not playing in your player.
There isn’t a whole lot the HDCP licensing company, Digital Content Protection, can do about this, save for starting over with a brand new master key. However, this is not a likely course of action since it would be incompatible with all devices still using the old master key. On top of that – such a possible new master key would be cracked in the same way eventually.
So, yet another epic fail on the DRM front, proving once again that DRM is a total and utter waste of money, and that the concept only serves to encumber legitimate consumers. I guess the content industry hasn’t been beaten hard enough just yet.
“To every action there is always an equal and opposite reaction…”
Maybe a smarter thing for film industry would be to distribute digital content at the price most consumers would be willing to pay, making pirating an unwanted hassle, rather than a necessity.
No, because that will destroy the fat profits big content gets for doing… Uh, something. And that would destroy the entire industry, nobody will make any form of art anymore, and billions and billions of people will be out of a job.
nt_jerkface says so.
Bullshit! That’s just something pirates say to justify themselves. The only price they are willing to pay is free. Even if things were “fairly” priced, they would still pirate anyway and make up another excuse.
Who gives a shit if the big wig studios are lining their fat wallets. What does that have to do with paying for content that you consume? You seem to enjoy the content either way, but its not just to compensate the ones making the content because you are to cheap pay for it?
Edited 2010-09-14 22:09 UTC
Not entirely true. I mean, obviously there are tons of hardcore freeriders who aren’t going to pay a cent anyway, but still in the age of VHS there were lots of people renting movies. And it still happens today. Just look at Spotify… 5$ month and you can listen to almost (ok, there are exceptions) everything whenever (and wherever, for 10$/month) you want.
In the VHS days, the (home) pirates were renting and copying, never to rent or buy again. As was said, there will always be people who feel they deserve whatever they want for free.
It’s not so much the price as the convenience factor that matters most.
There’s a lot of content out there that I would gladly fork over money for … if it didn’t require jumping through hoops to get it to play on my hardware/software, at the time(s) when I want it to.
There’s also a lot of content out there that is no longer available for purchase from any legit sources. I can’t send the big wigs any money, as they no longer make the product available. If I could, I would buy it.
I have no problem with spending money on content … but I won’t spend hours/days looking for it, nor will I spend hours/days getting my system(s) setup to play it, nor will I go through the hassle of all the forced DRM/ads/warnings/etc.
Make it easy and convenient to use/play/watch/listen, and I will send money just as easily. Make it hard and inconvenient, and I’ll go to a more convenient source.
Simple as that.
Ask yourself how many people are pirating newspapers or magazines? They are sold in vast quantities, but the hassle of making illegal copies far outweighs the action of buying the real thing.
And also, I personally don’t pirate (or download) music or films, I just don’t buy them if I don’t like the price. I haven’t bought a CD, MP3 file, or DVD for the last 2 years. If you make content cheap, accessible and unrestricted then people like me may change our habits and start buying music or films.
I know nobody gives a fcuk about my opinion and the film/music industry is not going to change any time soon. You know what, I can live without music or films, I’ll spend my money on other things.
Bullshit right back! It isn’t the price that makes what the studios are peddling worthless – it is specifically the absolute unavailability of what people actually want… I want to be able to buy a movie or a TV show in digital HD quality and be able to do whatever I want with it short of giving it away. I want to be able to copy it to any device I see fit for viewing it whenever I want and as often as I want. Put it on my iPad – check. Put it on my HTPC – check. Transcode it for my iPhone – check. I don’t want to buy some device form them to “allow” me to do this – I just want the fricken content…
The problem is the studios don’t sell the product I want at ANY price. Show me a legal way to do this that won’t require me to jump through stupid hoops… There isn’t one because they don’t want to sell movies and TV shows, they want to sell MEDIA. And when the media isn’t in the format you want – they want you to buy it again. And again. And again… Well screw that – I don’t want to buy media, I want to buy content. As soon as someone starts selling content Ill buy some.
I mean the music industry at least to some degree has gotten a clue (although I would rather flac – I can live with high bitrate MP3 or AAC as long as it isn’t DRM’d).
Bullshit yourself bud, I’m fully willing to pay up to $1 to rent and do from the redbox ass they are everywhere around here makng them convenient.
But I refuse to pay anything for a potentially shitty movie and will never pay anything for a censored anything. I want the complete unabridged version, “teh children” be damned.
Not true. Once Netflix streaming got a decent catalog, and Hulu is showing the episodes I missed, I stopped using torrent.
.. it’s copyright infringement not piracy. Pirates are still badly dressed people raiding ships at gunpoint. People infringing copywrite are “playing at piracy” at best. No need to romantisize copywrite infringement to get mroe kids interested in it (even RIAA realizes that they’ve just romantisized it).
But, my real point in responding; there will always be people only willing to pay “free” dollars for anything. They go out of there way to take things from stores without paying. They go out of there way to take digital data without paying. Nothing new here. The media companies could chose a more appropriate price point for there products and make honorable customers out of all but the minority who would only ever accept “free”.
Same thing happens with other products. If you price yourself too high for the market, you loose paying customers. Price your product reasonably for the market and you gain paying customers.
This is one of the rare cases where “what the market will bare” is biting the vendors back. Normally that price strategy means “gouge ’em for all we can get” but in this case, the market is clearly not willing to pay the asking price for a lump of plastic and all the effort RIAA goes into to crush fair use and sell you the same content in multiple formats.
I’m not justifying copyright infringement. I’m suggesting that the automatic response to questioning the content providers shouldn’t be “oh, just another criminal that won’t pay for our products at any price”.
Like Netflix, Hulu, Youtube Movies, Youtube Shows, Crunchyroll, and (when I’m feeling nostalgic) Jaroo?
I guess the total of $9 I pay per month for unlimited television and movies does not reprsent “a price the average consumer would be willing to pay.”
Edited 2010-09-15 00:11 UTC
Exactly so. There is tons of content out there that doesn’t require one to pay and the stuff that does is dirt cheap compared to say cable. NetFlix, Hulu are my primary viewing experience of content. I can watch most of the shows I want without ever having to resort to piracy. Anything else I watch on iTunes if available. Itunes even lets you rent shows now for a buck. Sometimes buying it is even cheaper. My iTunes library is huge.
Like Netflix, Hulu, Youtube Movies, Youtube Shows, Crunchyroll, and (when I’m feeling nostalgic) Jaroo?
Netflix and Hulu are available only in the US and the rest I have never even heard of. Maybe their marketing just sucks? :S
Anyhow, thought to add a tip here for any Northern European residents: Voddler is a rather new service but what little I have been playing with it it seems to work pretty well. Most movies seem to cost 3.70^a‘not and there’s even plenty free ones. If you’re interested in a Netflix/Hulu-like service you might wish to try it out.
The point is, though, that when there is a reasonable way to get it legally, people do. Maybe there needs to be a reasonable way to do this in Europe. Maybe the fix is not use DRM and make it painful for everyone, then crack it, but instead to create reasonable ways to get the content legally, and make them nicer and easier than the illegal ones.
I can download from torrent, then reformat with ffmpeg, then encrypt in just the right way with the right key, and copy it to the Tivo desktop server and watch it, or I can just stream from Netflix on my Wii. Which one do you think I will do, especially considering that I have the Netflix anyway for DVD’s of fun old movies that are not good enough to buy and watch many times, but I still want to see once?
WereCatf already pointed that out but some of these seem to be limited to US customers only.
To you as an US based customer it might not b obvious, but some of us are really fed up with these silly “protection” schemes that are justthere to control the market rather than the product or content (DVD region codes anyone).
You have likely nevr felt the utter frustration of a show airing a year or more later (if at all), not being able to be part of the shows global fan community (try to participate in an discussion when you are just watching “last year’s” season).
Or a show being cancelled just because the US audience didn’t like it or the netork being stupid enough to pitch it against a show with broader audience (happens to good SciFi all the time).
So to conclude, as other have said as well, we can discussing price if there is actual availability. Be it availability depending on where you are (see above) or which device you have (e.g. listen to music at home as well as in your car).
No, I have never felt that frustration. Thanks to Crunchyroll, there’s only an hour long delay in Japanese and US broadcasts.
So baiscially, Tv is regionalized and all of the media distribution mediums are as well.
That sucks, but that doesn’t, mean you have a right to the media. Nor does it justify any means you use to get the media.
I thought Newton’s law was: H = PR
H: Handwriting Recognition
P: Processor throughput
R: RAM
Did anybody really not see this coming? Any time a new type of copy protection comes around it is called “uncrackable”. Without fail, sooner or later it is always cracked (usually sooner).
Yes, apparently about a century after the Titanic sank, people still believe that it’s “impossible” to do something that is, well, obviously not just possible… but highly likely.
I think it’s all marketing lies from the guys who make their money off this broken garbage. Sadly, people believe it… otherwise it wouldn’t be put in so many products. And marketing people love this because they know just about everyone believes their bullshit.
Edited 2010-09-15 01:17 UTC
“If the rumours are true, and if this Pastebin post (be sure to mirror the key if that won’t get you in trouble with your authorities) is legitimate, then it looks like High-bandwidth Digital Content Protection has been cracked so hard its mother’s mother felt it.”
Haha, that was awesome. You really put things the way they are. Good news on the cracking… maybe some day these companies will stop and realize that they’re fighting a never-ending losing battle.
I don’t know why everyone is proclaiming this as a blow for DRM. The paper proving the possibility of cracking HDCP was published in 2001, meaning it took 9 years for a crack to emerge. 9 years in tech is like ancient Rome.
If I were an industry executive at Intel, I’d be popping open champaign bottles and patting myself on the back for having planned such a resilient DRM scheme. For some reason, everyone thinks that DRM is meant to control your media forever. Says who? These companies are profitable for a reason, and I’m sure that executives make a cost/benefit analysis and factor in the expected lifetime of DRM schemes. For all we know, 9 years has wildly surpassed all expectations.
This is to leave aside the fact that most people don’t exploit DRM cracks and that media industries (except for print) are still incredibly profitable.
To be fair, HDCP has never been a high priority. Why bother with it when AACS has been rendered useless? Who wants to capture in real-time and deal with audio sync when the streams can be ripped in their original form straight off the disc?
I suppose this will make high-def TV capture easier and of higher-quality, but with the analogue loophole HDCP has never been a hurdle there either. There’s not much quality missing from a high-def capture off component video. The hardware to do it costs next to nothing today.
While 9 years is a a long time as far as technology goes, at least hardware and to a lesser extent software… it’s not for media/storage formats. How long has the audio CD been around? Or the video DVD? As with any other format, they intend Blu-ray to last just about as long once it picks up. And IMO, it hasn’t even really picked up yet. And already, one of its primary DRM systems is totally f***ed. Hasn’t AACS been cracked as well, a while back? I thought I read something about that.
So yeah, I would consider this a major blow to the DRM guys; next thing you know, they’ll put some new type of DRM or other copy protection on their movies, which will lock out all current players, just because it’s so damn broken right now. Or else, every Blu-ray disc will easily be cracked until it’s replaced with something else… which is most likely going to be a hell of a long time.
DRM… as always, a major failure. Yet people still defend it?
Edited 2010-09-15 04:57 UTC
Yeah, not really. Among its other problems, I’m not too keen on buying a movie-playing device that has to constantly phone home to some faceless corporate entity in order to make sure I have permission to play the movie I just bought. And having to constantly update the firmware on the device is enough to make my parents not interested in messing with it either.
In short, I’ll stick with DVDs.
Edited 2010-09-15 05:21 UTC
Totally agree with you on that. Aside from the possibilities of BD-writable discs and the loads of storage they provide, I’m not too fond of Blu-ray myself. The video format is a punch in the face to its own customers, and even the rewritable discs cost a lot still. As I mentioned, the format is barely even off the ground… by the time it has gained some traction, it will be as easy to find a Blu-ray ripping program for most OSes as it is for DVD.
DVD–for both video and general data storage–works quite well right now as it is.
Edited 2010-09-15 05:58 UTC
You don’t know that. My point is that everyone on these and other tech-oriented forums looks at DRM from an engineering perspective, as if the effectiveness of DRM should be judged by whether it’s cracked or not. I’m pretty sure that after years of DRM schemes being cracked, the industry is aware that any DRM will be cracked; anything stated in public to the contrary is pure rhetoric, we shouldn’t be so naive as to believe that when a company states that their encryption is unbreakable that they actually mean that. Confidence is half the battle.
Companies work with numbers and metrics, not absolutes. For all we know, nine years is well beyond what they expected.
Moreover, who are “they”? Many actors are involved, all with different interests. Don’t you think that there are certain parties who would very well like to see new standards constantly created because it would be profitable for them? Maybe “they” intend for DRM to be vulnerable to keep up the need for new DRM regimes.
Duh, like I said, they’re lies. Marketing lies. Lies which some people believe will “protect” their crap. While in reality, in the end, it won’t do shit.
But if they fully expect them to be cracked within a relatively short amount of time, then why the living f*** waste money, over and over and over again, on DRM schemes that are known to be bogus?
After all, a user NEEDS the key to decrypt the data. The key is basically GIVEN to them, though in a purposely hard-to-find way. Once found, all bets are off… period. And this is destined to happen.
You can’t practically give a person a key and not expect them to use it to their own benefit, to be able to use the data that THEY JUST BOUGHT to make personal copies for their own devices.
Never mind piracy; if you make your movies enough of a pain in the ass to watch in all their glory, people *will* try to find better ways to get them. And that is where the so-called “pirates” come in.
Too bad the pirates provide a better, more trouble-free product than the DRM-loving producers of the content themselves.
Edited 2010-09-15 08:50 UTC
Too bad for pirates, who after all know a lot about the scale of piracy, that they are not protecting their pirated content from pirating it by other pirates.
Or, could it be that DRM-free distribution model simply brings them more revenue?
Are you sure about that? because what we’re hearing from them is nothing but whining about how much piracy is bleeidng them dry and how they whole industry might collapse.
Lol, exactly.
(Er…I’m interpreting your comment as sarcasm. The interwebs are bad for that.)
It would be better if it failed back in 2001, when there were no millions of devices in the field and whole operating systems and “media protection stacks” built around an idea of “safe digital interfaces”.
Or if it failed in 2020, when people would likely be using something else.
Breaking it in 2010 is a killer – you can’t withdraw from it, can’t fix it and there is a whole lot of content that used to depend on the perceived safety waiting for being ripped off.
It’s not really that surprising. In 2001 or 2020 no one would bother breaking it. In 2010 it makes a lot of sense.
Except that breaking HDCP isn’t that spectacular. The Goose with the golden eggs was AACS. AACS was introduced 2005 and in 2007 it was already cracked. Downloading Full HD movies has been perfectly feasible for a couple of years. Cracking HDCP was just adding the finishing touch.
It’s time the content industry starts looking at optimum curves for their pricing. BluRay is prettier, but it’s not 200% more pretty than DVD and I think the pricing should reflect that. On top of that, more pixels doesn’t mean more story. A crappy movie won’t become a blockbuster just because BluRay gives you the opportunity to count the hairs on the upper lip of the heroine.
Does this mean that we might somedat see video connection cables that don’t cost ^a‘not45+ again ? I mean, HDMI is even beating Apple in the area of overpriced copper wires, which is worth noting for something which, except for HDCP, is just, like DisplayPort, a cheap clone of DVI that’s physically incompatible with it.
Edited 2010-09-15 05:56 UTC
Where are you buying $45 HDMI cables? You should shop around. You can find $10 HDMI and DisplayPort cables from good retailers.
E0.75.
http://www.allekabels.nl/HDMI-Kabels/1779/1075955/HDMI-Kabel-**AKTI…
To me, the most puzzling part of that DRM scheme is the master certificate. Only way to produce compatible hardware is to generate certificates using the same master certificate. To do this over period of time, that master certificate must be still usable. How long is the validity of that master certificate and what happens once it eventually expires? It is not possible to create compatible hardware anymore…
So the whole consumer market is bound to that single certificate? Amazing scheme without any foresight over the timespan of lets say 20 years…
As I understand it; the master key isn’t actually a Certificate. It is a symmetric matrix of random numbers, which are then used with a random Key Selection Vector to generate a private certificate.
This is the problem; a private certificate hasn’t been leaked (or reverse engineered), the data required to generate your own valid private certificates has been.
The KSVs can be revoked to block a specific private certificate, but the master key can be used to generate as many new ones as required.
This means that a new (unofficial) device could generate a new random KSV and Private Key every time it connects, making blocking it impossible.
Edited 2010-09-15 08:59 UTC
Forgot to say in my previous reply;
As the Master Key is just a matrix of numbers, it does not expire.
Most people want the “original” compressed version of the content anyway, its more pure.
Capturing the decoded video from your cablebox / bluray player and then encoding it again is lossy. For making backups you want the AACS from the BluRay. Although if you wanted to store it in another format (like for your iPod, or good ‘ol DVD) you’d have to encode anyway.
Its a good thing I guess… knowing that the hole is there.
How long before we see a little box with HDMI input, some hardware video encoder, and a an eSATA / USB port?
It’s been a while since I read anything about this, but at some point in time there were people saying that HDCP would prevent a High Definition data stream from playing on Linux, because the Video drivers had to support HDCP.
At the time I said “who cares, I’m not getting bluray for a long time” but then I finally got a Bluray drive.
Now that I have makemkv bought and paid for, and lxbdplayer that is just a java front end for playing bluray through mplayer, it certainly LOOKS like it’s playing in HD on my screen!
Is it lying to me that it’s in 1920×1080?
Otherwise, my question is. Do I give a crap that HDCP was hacked? My first reaction of course is a Nelsonesque ‘HA HA’. But really. Unless of course HDCP IS implemented in the Linux nVidia drivers….
I think that was AACS, not HDCP. Certain high definition videos are encrypted with AACS to stop them from being played on “unauthorized” devices. HDCP is used by the OS/video drivers/movie players to prevent you from recording the output of your monitor the video with a TV tuner. So, Linux has always been able to display high definitions, you just can’t play encrypted movies unless you have the AACS key.
In other words, if you use an “authorized” OS, you have to worry about having an HDCP monitor, and AACS is irrelevant since it is handled by the OS.
If you have an “unauthorized” OS, then HDCP is irrelevant, and you have to worry about having the AACS keys to decrypt the movie.
Thanks for that. That’s basically what I had thought / knew.
The AACS Keys have been hacked for quite some time now and I have been able to (for the most part) play all of my legally purchased bluray movies on Linux.
There have been a few that I have had problems with.
The Firefly series (“Curse your sudden but inevitable betrayal!”) has problems with a corrupted video stream. There were one or two that it couldn’t fetch the aacs key for, I have forgotten which ones specifically now, but the others work fine, just without menus.
One less reason to dual boot!
Now I can start buying HDMI screens and, BluRay Players, and BluRay discs.
Now, how about cracking those pesky encrypted QAM streams!
Edited 2010-09-17 00:48 UTC