the HDCP faq thread

[Matthias99]

Originally posted by: Janooo
The dongle HDCP chip will be updated the same way as any HDCP TV.
Unless HDCP chips are serialized there is no way they can be blacklisted. Even then the question is how they would know what to blacklist.

I believe what they blacklist are the public encryption keys used as part of the key exchange in the authentication part of the protocol (AKE). Each device has to have a key like this, and it's unique per model of device. If your key is blacklisted, you will be unable to authenticate with the player in the first place.

It shouldn't be possible to 'steal' another device's encryption keys without inside knowledge of the protocol, since they are never transmitted in the clear (from what I can gather).

 

[Janooo]

Originally posted by: Matthias99

Originally posted by: Janooo
The dongle HDCP chip will be updated the same way as any HDCP TV.
Unless HDCP chips are serialized there is no way they can be blacklisted. Even then the question is how they would know what to blacklist.

I believe what they blacklist are the public encryption keys used as part of the key exchange in the authentication part of the protocol (AKE). Each device has to have a key like this, and it's unique per model of device. If your key is blacklisted, you will be unable to authenticate with the player in the first place.

It shouldn't be possible to 'steal' another device's encryption keys without inside knowledge of the protocol, since they are never transmitted in the clear (from what I can gather).

So the question is how many chips are out there that have the same key?
What would be a reason to blacklist a key? How would they know how big is damage? By damage I mean a ratio between a number of chips in a key and how many chips were misused.

 

[erwos]

Originally posted by: Janooo
So the question is how many chips are out there that have the same key?
What would be a reason to blacklist a key? How would they know how big is damage? By damage I mean a ratio between a number of chips in a key and how many chips were misused.

Matthias just told you: keys are per device "model". So, all "Acme 356043 TVs" would have the same key, presumably.

The chips would be blacklisted if the manufacturer didn't implement appropriate measures to safeguard the system, and someone actually found a way to abuse it. This is an actual requirement to license HDCP - you must take real precautions to keep the keys safe.

When you blacklist a key, EVERY device with that key stops working, probably on the assumption that if you can misuse one instance of the device, all of them can potentially be misused. If that happens, well, I guess you'd need to return the device to the manufacturer for repair (eg, a new key with a more-secure HDCP system) or replacement.

-Erwos

 

[Janooo]

Originally posted by: erwos

Originally posted by: Janooo
So the question is how many chips are out there that have the same key?
What would be a reason to blacklist a key? How would they know how big is damage? By damage I mean a ratio between a number of chips in a key and how many chips were misused.

Matthias just told you: keys are per device "model". So, all "Acme 356043 TVs" would have the same key, presumably.

The chips would be blacklisted if the manufacturer didn't implement appropriate measures to safeguard the system, and someone actually found a way to abuse it. This is an actual requirement to license HDCP - you must take real precautions to keep the keys safe.

When you blacklist a key, EVERY device with that key stops working, probably on the assumption that if you can misuse one instance of the device, all of them can potentially be misused. If that happens, well, I guess you'd need to return the device to the manufacturer for repair (eg, a new key with a more-secure HDCP system) or replacement.

-Erwos

Maybe you are right but I am not sure if it makes that much sence. I don't believe that all 100 000 tv's of a specific model will have the same key. It will vary and the question is how big is a batch of one key. I doubt it's going to be that big.

A shipment of HDCP chips can get lost very easily. I have no doubt about that. Do you think they will use armor trucks?

 

[Munky]

What other components in a PC will get affected by the HDCP requirements? Does this also mean the user will need a compliant optical drive or video card to view HDCP content?

 

[xtknight]

Originally posted by: munky
What other components in a PC will get affected by the HDCP requirements? Does this also mean the user will need a compliant optical drive or video card to view HDCP content?

Optical drives shouldn't need it (they can read the data as always), and video cards are most likely obsolete unless it can be done through the BIOS. Stuff like that's not controlled by Windows drivers.

 

[Matthias99]

Originally posted by: Janooo
Maybe you are right but I am not sure if it makes that much sence. I don't believe that all 100 000 tv's of a specific model will have the same key. It will vary and the question is how big is a batch of one key. I doubt it's going to be that big.

I'm not sure, and it could definitely vary.

A shipment of HDCP chips can get lost very easily. I have no doubt about that. Do you think they will use armor trucks?

I think they have been and will continue to be extremely careful with them.

Just 'getting the HDCP chips' also doesn't do all the work; you'd have to make something that could talk to the chip and use it to try to decrypt a transfer stream. That would be very, very difficult without knowledge of how the protocol works at a low level.

 

[xtknight]

Originally posted by: Matthias99
Just 'getting the HDCP chips' also doesn't do all the work; you'd have to make something that could talk to the chip and use it to try to decrypt a transfer stream. That would be very, very difficult without knowledge of how the protocol works at a low level.

I think he means just hook the chip up to something else instead of to the LVDS/TMDS-in of an LCD driver for example. Yeah, it would be difficult to save the stream in real-time but they probably have pro devices out there to do it.

 

[elkinm]

Is HDCP just a pre-encoded transmit encryption, just like Macrovision of today. I mean the movies are at the proper resolution so can the movies be accessed or played with software or hardware. I mean will HD work with Win XP or if HDCP was cracked in Vista, or would then the movie not be playable at all.

I don't know about the system, but having a display that can display a resolution but not if the system does not want it to is ridiculous if not stupid. The entire idea of this on the PC just seems ridiculous. Instead of sending a direct 1080i output to a display, (talk to it and then add some bottlenecks and don't work). I don't understand the part in parenthesis or why you would need it. Either way it seems to be a pure software crap in between with absolutely no purpose. Something that I think will be the first thing hacked out of Vista.

What is supposed to happen if I view the movie as a window instead of full screen and also have some text, does that mean my entire desktop will be at 1/4 of the resolution.

Another stupid go from MS and Intel to rule the world.

EDIT,
Also is this a forced hardware thing or purely a movie thing like macrovision and region codes. I mean if I burn my own 1080i without HDCP encryption will it play fine or will it make everything throw up.

 

[erwos]

Did you even bother to read the thread? It's not pure software - there are hardware keys involved. You can't just swap those out. And it's not like Macrovision - this is a communications protocol, not a weird watermark.

It is only optional - if you've burned a home movie to Blu-Ray or HD-DVD in 1080i, you presumably will not need to deal with HDCP, unless you specifically encrypted it to do so. Indeed, the publishers could also disable those same protections.

Finally, what this tries to do is plug the increasingly common "hijack the signal" loophole that crackers are using, since DRM schemes are becoming increasingly more sophisticated cryptologically. I laugh at everyone who thinks this is just going to magically disappear by the actions of some "hacker". It's nothing like the trivial-to-break CSS protection found on DVDs, and all the comparisons being made to it are showing quite a bit of ignorance.

-Erwos

 

[Janooo]

Originally posted by: erwos
Did you even bother to read the thread? It's not pure software - there are hardware keys involved. You can't just swap those out. And it's not like Macrovision - this is a communications protocol, not a weird watermark.

It is only optional - if you've burned a home movie to Blu-Ray or HD-DVD in 1080i, you presumably will not need to deal with HDCP, unless you specifically encrypted it to do so. Indeed, the publishers could also disable those same protections.

Finally, what this tries to do is plug the increasingly common "hijack the signal" loophole that crackers are using, since DRM schemes are becoming increasingly more sophisticated cryptologically. I laugh at everyone who thinks this is just going to magically disappear by the actions of some "hacker". It's nothing like the trivial-to-break CSS protection found on DVDs, and all the comparisons being made to it are showing quite a bit of ignorance.

-Erwos

From technical point of view HDCP is a joke.
It was broken even before it went to production.

From wikipedia about HDCP:

Cryptanalysis

Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System" [1]. This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.

The authors conclude:

"HDCP's linear key exchange is a fundamental weaknesses [sic]. We can:

* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely."

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he chose not to publish his research due to legal concerns arising from the Digital Millennium Copyright Act [2].

 

[elkinm]

When I said macrovision (as well as region code) I meant that it is an on/off switch on the player itself and not on the media.

1. The question is that if the data itself is encrypted from the disk then it needs to stay encrypted until it gets to the display. In this case, as far as I can see. no additional support is needed other then carrying the full signal through to the TV or PC display so the display does the decrypting. Now the only real reason I see for the OS to support it is if it can decrypt it and output it elsewhere.

2. Now if the data uses a rather basic encryption and only encrypts the data stream if it is enabled then it needs to be supported at all ends. This would require the so called OS and other hardware support. But the key here is to simply hack the HDCP enabler not the hack the actual stream which is realistically not feasible.

Even with today's hacks, any hacks would be some HDCP converter with some preprogrammed keys from authorized TVs to simply decode the signal and send it on.
As far a blacklisting. Does that mean that these hacked keys will be obsolete only with next generation media or will the players (or media be updated somehow requiring an internet connection?

And finally, will it be possible to extract the videos to the hard drive. Then it may be possible to then burn the DVD without HDCP. This would require for the media to be readable, or not encrypted with HDCP or some software HDCP emulator to rip the DVD.

EDIT,
Is there a general hack today for DRM protected contact without a license. I don't know of any and can't think of how it could possibly work as there is no limit to possible licenses and truly hacking it is to time consuming. But for HDCP to work you need some fixed set of keys or real-time internet access on your TV so it has to be hackable.

 

[stelleg151]

Off topic: because the thread titles are underlined, I thought the Q was a G. Needless to say I laughed.

On topic: HDCP has been/will be broken. The question is how easy will it be for the average person to use the "crack" to rip HDDVD/Bluray. Although many of us at Anandtech do, not that many people bother to rip DVD's. Even though legally(and cryptologically) speaking we shouldnt be able to, we can very easily with simple decrypter programs. I see the same future for HDCP.

Kind of on topic: Hollywood is totally missing the problem with HDCP. Is the problem that people are getting to watch movies that they didnt buy in fully digital quality? No, not at all. The problem is that we internet folk share whatever we feel like sharing, and among those things pop up movies and games that have been ripped and cracked. If you have ever watched a ripped movie from online, or from a vendor in malaysia(I live in singapore ATM), you are not watching high quality content. You are usually watching crappy video recordings in the theatre or mediocre compressed DVD rips. My point is this: protecting HD content wont help the problems that the media world is having. People are willing to watch lower quality versions of content if they can get it for free, and the stuff shared online is always compressed to far below DVD quality anyways.

Question: Will content from cablecard TV tuners be HDCP protected?

 

[elkinm]

Originally posted by: stelleg151
Off topic: because the thread titles are underlined, I thought the Q was a G. Needless to say I laughed.

On topic: HDCP has been/will be broken. The question is how easy will it be for the average person to use the "crack" to rip HDDVD/Bluray. Although many of us at Anandtech do, not that many people bother to rip DVD's. Even though legally(and cryptologically) speaking we shouldnt be able to, we can very easily with simple decrypter programs. I see the same future for HDCP.

Kind of on topic: Hollywood is totally missing the problem with HDCP. Is the problem that people are getting to watch movies that they didnt buy in fully digital quality? No, not at all. The problem is that we internet folk share whatever we feel like sharing, and among those things pop up movies and games that have been ripped and cracked. If you have ever watched a ripped movie from online, or from a vendor in malaysia(I live in singapore ATM), you are not watching high quality content. You are usually watching crappy video recordings in the theatre or mediocre compressed DVD rips. My point is this: protecting HD content wont help the problems that the media world is having. People are willing to watch lower quality versions of content if they can get it for free, and the stuff shared online is always compressed to far below DVD quality anyways.

Question: Will content from cablecard TV tuners be HDCP protected?

Good point, shares will still be available online regardless. But this protection will definitely hurt the consumer if they need to spend thousands for all the compatible hardware they need.
Personally, still don't have a stand-alone DVD player. All my TVs are either TV/VCRs, have no composite inputs or are of the few TVs that cannot play macrovisioned content. I can always hack the DVD but I just don't need it. Any dvds I want I play on my PC, and when I recommend a DVD drive it is always hackable if not already region and macrovision free.

Also I am not sure about cablecard TV tuners. Some places say it will support HDCP making home theaters to expensive, but once again I don't think how it would work unless it ruins all digital content. Also, is Vista supposed to degrade ALL digital content like from firewire and non encrypted HD sources or only true HDCP content?

 

[Eug]

Any chance of HDCP support with the GMA 950 in the Mac mini?

Considering I see zero mention of it anywhere, my guess is no.

 

[Matthias99]

Originally posted by: elkinm
The problem is that we internet folk share whatever we feel like sharing, and among those things pop up movies and games that have been ripped and cracked.

...and you're surprised that they're going to stronger DRM and hardware encryption?

Question: Will content from cablecard TV tuners be HDCP protected?

Also I am not sure about cablecard TV tuners. Some places say it will support HDCP making home theaters to expensive, but once again I don't think how it would work unless it ruins all digital content.

I would be very surprised if what you get out of a cablecard-equipped HD tuner is not encrypted. Not many details yet, though.

Also, is Vista supposed to degrade ALL digital content like from firewire and non encrypted HD sources or only true HDCP content?

Why on Earth would they degrade non-encrypted content? WinXP plays it just fine; why would Vista not?

 

[Velk]

Originally posted by: Janooo

Originally posted by: erwos
Did you even bother to read the thread? It's not pure software - there are hardware keys involved. You can't just swap those out. And it's not like Macrovision - this is a communications protocol, not a weird watermark.

It is only optional - if you've burned a home movie to Blu-Ray or HD-DVD in 1080i, you presumably will not need to deal with HDCP, unless you specifically encrypted it to do so. Indeed, the publishers could also disable those same protections.

Finally, what this tries to do is plug the increasingly common "hijack the signal" loophole that crackers are using, since DRM schemes are becoming increasingly more sophisticated cryptologically. I laugh at everyone who thinks this is just going to magically disappear by the actions of some "hacker". It's nothing like the trivial-to-break CSS protection found on DVDs, and all the comparisons being made to it are showing quite a bit of ignorance.

-Erwos

From technical point of view HDCP is a joke.
It was broken even before it went to production.

From wikipedia about HDCP:

Cryptanalysis

Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System" [1]. This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.

The authors conclude:

"HDCP's linear key exchange is a fundamental weaknesses [sic]. We can:

* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely."

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he chose not to publish his research due to legal concerns arising from the Digital Millennium Copyright Act [2].

No matter however clever the scheme, it faces a crippling weakness in that the person that is viewing the unencrypted content and the person that you want to prevent from unencrypting the content is the same person. It's a fundamental conflict that can't be worked around, and makes the strengths of most encryption schemes irrelevant.