The MPAA is arming itself with a team of lawyers. Now that Blu-Ray is cracked, those pesky customers will think they can do whatever they please, like make backup copies.  (Source: Photobucket)
Release of working key opens gate to new hardware, software ripping solutions

When Intel Corporation devised High-bandwidth Digital Content Protection (HDCP) it delighted the entertainment industry.  At a time when the industry was cooking up high definition television and Blu-ray movies, they now had the perfect scheme to lock customers in and prevent pesky activities they hated -- like piracy or creating backup copies (HDCP worked alongside AACS to lock Blu-Ray movies in common hardware/media pairings).

The scheme was working out pretty well, until this week when someone using the account IntelGlobalPR let slip the scheme's master key on Twitter, confirming that it wasn't quite as secure as was believed.  While that account appears to be in no way related to Intel, Intel is confirming that the information is accurate.

Intel spokesperson Tom Waldrop comments, "We have tested this published material that was on the Web.  It does produce product keys... the net of that means that it is a circumvention of the code."

This means that it should be trivial to create hardware boxes that directly rip HDCP protected Blu-ray or other content, without having to resort to directly intercepting the video stream like current hardware schemes.  It could also open the door to software ripping solutions.

The industry will likely now have to resort to pricey litigation to try to sue to prevent such products from reaching the market.  A similar scenario played out when the Content Scrambling System that protects DVDs was cracked.  Companies like RealNetworks and Kaleidescape released hardware rippers to the market, but were sued by organizations like the RIAA.  They eventually lost in court, as the current U.S. courts precedent is that customers never have the right to circumvent DRM to make backup copies.

We may never know who exactly posted the key to Blu-ray's DRM, but what matters is that it is now effectively dead, despite Intel's protests that it's still a good content protection tool.

The instruction for using the master key to generate source and sink HDCP keys, according to the confirmed post are:

This is a forty times forty element matrix of fifty-six bit hexadecimal numbers.
To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV," the instructions say. "Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key.
To generate a sink key, do the same, but with the transposed matrix.

The breaking of HDCP is not a surprise to secure expert Scott Crosby.  Way back in 2001 Scott Crosby published a report on weaknesses and flaws in HDCP 1.0 (today's implementations use HDCP 1.3).

Mr. Crosby comments, "I have no way of knowing if this is the actual master secret, but if it is, I am not surprised.  I am not the only one to predict that this could occur; the master secret can be calculated from the secret keys stored on as few as 40 TV's, computer monitors, video cards, or video players and millions of HDCP supporting video cards and TV's are in people's homes all over the world."

"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov

Latest Blog Posts
Amazon Fire HD 8
Nenfort Golit - Jun 19, 2017, 6:00 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki