How is a protected path possible (drm)?

[soom1245]

*I'm not asking for piracy, I'm only wondering theoretically*

How is a protected path possible on a user's own machine? A key to decrypt content has to be somewhere on user's machine so why can't it be accessed?

For example the first picture on page 2 shows blu-ray protected path:
http://www.anandtech.com/show/2622/2

In the diagram, the application decrypts from aacs and then encrypts to aes. The work is being done by cpu, so doesn't the key have to be stored somewhere on cpu cache or ram?

1. cpu method.
Can't some secondary program be running to dump every calculation cpu does? Is it not possible to look inside what cpu is doing?

2. ram method.
Or if approached through ram, use compressed air trick to dump ram contents like this:
http://www.zdnet.com/blog/security/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/900

 

[velis]

It's not that complicated, really. You need to see all those function blocks as black boxes. Each of those black boxes promises that it will take an encrypted input, process it and output something that is again encripted, following the encryption protocol, of course.
Using all this you don't really have an electrical signal that can be sampled externally to capture the content unencrypted.
Of course that leaves the PC software which is always prone to code injection, memory inspection or just plain cracking. I suppose the original idea here was that decoding process would never be done entirely on the CPU - that something would always be left for one of the HW boxes doing their respective parts. Since GPUs already had HW acceleration at the time this encryption scheme appeared, I guess they went with that.

But, in the end, when you look at events past, this encryption scheme was cracked in no time after release as well so I guess the entire scheme just proved that this was NOT possible.

I think it would be very hard to make such a scheme possible even if the IP for it would be owned by one single company and none of the workers would ever spit out the info. After all, the chips must communicate and where there is communication, one can always listen. Ultimately if all else fails, there are the pixels on the TV. You have to go unencrypted analog at some point...

 

[Modelworks]

I have quite a bit of experience with the pathways for protecting content. I have been a hardware hacker since the early 1990's. The one thing manufacturers have shown is that they are good at learning from past mistakes and they learn quickly. The PCP for HDMI is a good example of learning from past mistakes. The content is protected on the pc due to use of drivers that block outside interference . Content is protected so thoroughly that even the data in ram , and on the pci bus is encrypted, preventing a user from using a device and grabbing packets off of the physical pathways, only inside the video card chips is the data decoded.

This is also the reason there is no netflix for linux on the pc. Netflix uses a protected content path that requires drivers support the process and on linux the drivers currently used can expose the decoding allowing people to save the content without the protection in place. Bluray players and other media devices use linux internally but in those units the drivers and hardware were designed to keep the protected content rules in place. The only way you would get netflix on linux would be with a closed system and linux is opposed to that idea.


The thing that people who talk about the fact that HDCP was cracked fail to mention is that there is nothing stopping manufacturers from changing the hardware key to a new one. It would just mean sending out new firmware for all the players and they can do that every couple months if wanted and people would just update the players like they do for compatibility with certain movies, they haven't bothered to do this because the HDCP key isn't where piracy is occurring.

 

[paperwastage]

fascinating read about movie projectors (in a movie theater), plus some parts about how the encryption is done for those.

old school = 10s of pounds reels of film that need to be transported around, locks on them to prevent them from being opened before release date

new school = 1TB HDD transported via courier or downloaded from satellite, encrypted video... de-cryption key sent via satellite before each movie showing, decryption software/hardware locked down tightly

thread link on reddit

specific parts about projectors



Bluray + AACS encryption...

http://en.wikipedia.org/wiki/AACS_encryption_key_controversy

if you read up/follow the story of how muslix64 and other people were able to get pass the security, they said they "watched" the video software(licensed BluRay player on windows) in memory to find the keys...

 

[soccerballtux]

at the end of the day it has to be put into analog form so that we can watch it. At that point, it's mine, I don't care if they protected-path'd the whole thing, all someone has to do is sit a 1080p recorder in front of the monitor on a tripod and it's back in analog form.

 

[exdeath]

If it is intended to be accessed by any means, it can be hacked. Nothing is designed such that it's locked up and the key thrown away; a BluRay that you can't watch is pointless. The fact that you can put a disc in and watch the move means the content is accessible.

 

[exdeath]

at the end of the day it has to be put into analog form so that we can watch it. At that point, it's mine, I don't care if they protected-path'd the whole thing, all someone has to do is sit a 1080p recorder in front of the monitor on a tripod and it's back in analog form.

Even better, crack open the monitor and tap off the LVDS twisted pairs going from your monitor's display processor board to the LCD driver circuit and TFT panel and dump the native uncompressed 1080p frames. Who needs to bother with HDMI/HDCP when you can just dump the contents of the panel itself?

A professional boot legger might even design a data logger type device that plugs into the monitor boards in place of the raw TFT and just dumps the video instead of holding for display. At some point, in any display, there is going to be a raw connection to the 2 million pixels of the TFT matrix itself. You can't secure that.

DRM will always fail.

 

[exdeath]

only inside the video card chips is the data decoded.

Where a logic analyzer on the video card's RAM can dump the decrypted framebuffer content.

 

[Tuna-Fish]

The thing that people who talk about the fact that HDCP was cracked fail to mention is that there is nothing stopping manufacturers from changing the hardware key to a new one. It would just mean sending out new firmware for all the players and they can do that every couple months if wanted

This wouldn't actually help. HDCP is completely broken -- the crackers didn't just get the hardware key, they have a repeatable algorithmic method for recovering the HDCP master key. Should all the keys in the players be replaced today, they would be public again tomorrow.

The role of HDCP today is *not* copy protection. Many would argue it never was. It's used to enforce market segmentation -- to prevent second-market arbitrage from evening out differences in release dates and pricing between continents.

http://www.foxnews.com/scitech/2010/09/16/intel-confirms-hdtv-code-cracked/
www.cs.rice.edu/~scrosby/pubs/hdcppaper.ps

 

[soccerballtux]

Even better, crack open the monitor and tap off the LVDS twisted pairs going from your monitor's display processor board to the LCD driver circuit and TFT panel and dump the native uncompressed 1080p frames. Who needs to bother with HDMI/HDCP when you can just dump the contents of the panel itself?

A professional boot legger might even design a data logger type device that plugs into the monitor boards in place of the raw TFT and just dumps the video instead of holding for display. At some point, in any display, there is going to be a raw connection to the 2 million pixels of the TFT matrix itself. You can't secure that.

yes that's possible but getting hardware to be able to capture that high bandwidth of a signal in its raw analog form is not simple at all. Much simpler to just sit a camcorder in front of it, and at 1080p, that's plenty good enough for "free"