Print 39 comment(s) - last by leexgx.. on Dec 1 at 9:44 PM

Researchers say pirates will likely use easier routes to crack the scheme, but that espionage risk is possible

Intel Corp. (INTC) has enjoyed a profitable ride off its High-bandwidth Digital Content Protection (HDCP) hardware, which sits inside nearly every TV/computer monitor with HDMI or DVI input.  The HDMI/DVI chips with HDCP functionality open a secure encrypted channel from a source (e.g. a Blu-ray player) to a computer monitor or TV.

I. Defeating HDCP Was Easy

Even as other content protection schemes were defeated, HDCP hung strong. But in 2010, the master key leaked for HDCP giving the world the first hope of cracking the scheme.  But Intel reassured its partners that they had nothing to worry about -- they laughed that unless would-be hardware hackers "made a computer chip" the scheme would be safe.
The only thing they forgot about was the growing amount of cheap reprogrammable chips known as field programmable gate arrays (FPGAs), which allow you to quickly make and test chip designs in software.
Using an ATLYS board manufactured by a company named Digilent, researchers at the Ruhr-Universität Bochum (RUB) -- a college in the town of Bochum, located roughly 2 hr. and 15 min. northwest of Frankfurt -- were able to carry out a-man-in-the-middle attack, with the FPGA posing as a legitimate interface chip and going undetected.
Prof. Dr.-Ing. Tim Güneysu, the principal investigator and senior author of the work summarizes [press release], "We developed an independent hardware solution instead, based on a cheap FPGA board.  We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver."
The ATLYS board cost only 200€ (~$267).  The board comes with a Xilinx, Inc. (XLNX) Spartan-6 series FPGA, DRAM, HDMI interfaces, and a serial RS232 port.  Most of the work on the project was carried out by final-year student Benno Lomb.

The little board that slew HDCP 1.x. [Image Source: RUB]

Dr.-Ing. Güneysu summarizes Intel's claims of invulnerability as foolish arrogance.  He states, "[O]ur intention was to fundamentally investigate the safety of the HDCP system and to financially assess the actual cost for the complete knockout.  The fact that we have achieved our goal in a degree thesis and with material costs of approximately 200 Euro definitely does not speak for the safety of the current HDCP system."

II. The Current Dangers -- Piracy, Not so Much, Espionage Maybe.

The work will be presented at the international security conference ReConFig 2011 in Cancun, Mexico, which is being held between Nov. 30 (Wed.) and Dec. 2 (Fri.).

It is unknown whether the team will publish their FPGA code, which could allow pirates and hardware hackers to buy FPGAs and defeat the protection.  However, they insist that their goal was not to promote piracy.  They say there's other far simpler ways of defeating HDCP available to pirates.

In October 2008 Intel released HDCP 2.0, which provides additional protection against this kind of attack.  The hardware is currently on HDCP 2.1.  But legacy systems abound and remain vulnerable to the HDCP 1.x capable attacks.  The researchers say this could pose a security threat to the military or government agencies.

Sources: Informationsdienst Wissenschaft, reghardware

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By ertomas on 11/28/2011 1:12:34 PM , Rating: 5
Probable hundreds or millions spent on R&D to develop HDCP and it got cracked with a 200 EUR budget...

When will they learn?

RE: Waste
By FITCamaro on 11/28/11, Rating: -1
RE: Waste
By DT_Reader on 11/28/2011 4:36:54 PM , Rating: 5
Yeah, stops the "average person" - the ones who paid for a legal copy - from making a legal, fair use backup. Meanwhile, the real pirates - the ones who make thousands of copies for retail sale - just copy the encrypted disk, which the end-user's blue-ray player decrypts just fine - annoying adverts, previews, and all.

RE: Waste
By Camikazi on 11/28/2011 8:20:56 PM , Rating: 2
The average person is not the ones you have to watch out for, the ones you watch out for are the ones who come up with these 200 EUR boards that can do this, they are the ones who are dangerous :P

The average person is NEVER dangerous, cause they are not smart enough to come up with these things, the ones who CAN come up with this stuff and make it easy to use are the ones you look out for.

RE: Waste
By Khato on 11/28/2011 4:33:02 PM , Rating: 4
Eh, I'd tend to say that a content protection scheme holding up for pretty much 12 years is quite impressive. Especially when the 'crack' for it requires a separate hardware device... not to mention a system that supported only the current HDCP specification without legacy support wouldn't be vulnerable.

RE: Waste
By Aloonatic on 11/28/2011 6:00:21 PM , Rating: 2
It depends how you want to look at it.

Seeing as this only really applies to BluRay, and I so few people have BluRay players in their homes still (compared to DVD players, the only people I know with a BluRay player have one with a PS and a 3 on it) then the crack has come before it really gets a foothold in the market place.

RE: Waste
By Fallen Kell on 12/1/2011 3:39:59 PM , Rating: 2
Someone needs to wake up and smell the tech. Anyone who has bought a mid-tier or high end laptop or computer has a bluray drive in it. Hundreds of thousands of bluray roms and burners have been sold by Samsung, LiteOn, Pioneer, Sony, and LG. Does every home have one yet? No, but you can sure bet that when the upgrade their computer they will have one. And then there are the 55 million plus PS3's out there.

RE: Waste
By leexgx on 12/1/2011 9:44:37 PM , Rating: 2
hmm only system i have every seen in the last years is Sony viao laptop (£900+ i guess) with BR in it (they are the only systems i see them in)

the avg customer will most likely not see BR as standard for 3-4 more years in systems, what is an shame really as they can store quite a lot

RE: Waste
By EricMartello on 11/29/2011 6:21:16 AM , Rating: 1
This isn't relevant for bluray discs - they can be copied and decrypted with a free program like imgburn. This HDCP crack is a win for people who want to record stuff from their cable box's HDMI out, or for people who have a TV with HDMI in but no HDCP support.

RE: Waste
By johnbuk on 12/1/2011 12:21:16 PM , Rating: 2
It would be useful for more than just recording from a cable box though. If a mass produced version of a board that could do this was released for an affordable price, I'd buy one just so I didn't have to deal with the HDCP errors that I sometimes get trying to show legit media on my HDTV that does support HDCP- cable PPV is the worst culprit, but I get the same errors occassionally with other cable content too.

God d*mn it
By FITCamaro on 11/28/2011 12:30:29 PM , Rating: 1
Now we're gonna get some new, even more complicated technology forced on us sooner.

RE: God d*mn it
By mackx on 11/28/2011 12:52:11 PM , Rating: 3
no we won't. even content owners know that people in a recession won't go out and buy new TVs etc just to watch some stupid movie on blu ray

they'll try and revoke keys (assuming that's possible) but i suspect that's it

RE: God d*mn it
By FITCamaro on 11/28/2011 2:15:11 PM , Rating: 1
I said sooner. Not immediately.

RE: God d*mn it
By Solandri on 11/28/2011 5:40:29 PM , Rating: 3
they'll try and revoke keys (assuming that's possible) but i suspect that's it

They can't revoke it. It was the master key which was leaked. It's the key which is used to make the revokable keys you give to manufacturers. Replacing the master key would mean making all those keys (i.e. all existing TVs, Blu-ray players, etc.) non-functional with new media.

Technology to behold
By bug77 on 11/28/2011 1:56:05 PM , Rating: 5
I think HDCP was a turning point all by itself. As far as I can remember, it was the first piece of PC technology that neither the users nor the manufacturers wanted or needed. But manufacturers were forced to implement it and users forced to pay for it anyway.
It doesn't matter it was eventually defeated, the gates are open now. As often as Hollywood wants, they can demand a new implementation.

Spartan 6?
By Shadowmaster625 on 11/28/2011 1:13:34 PM , Rating: 2
Do you really need that many gates? Or is this just the cheapest board available.

Good Job, Now Go To Jail.
By rbuszka on 11/28/2011 5:06:20 PM , Rating: 2
You might be able to build a device like this very cheaply, but that doesn't mean there won't be a knock at your door if you put it to use. I think at least one of the barrage of average-Joe-targeting anti-piracy laws makes it illegal to build a device for 'pirating' media. So if you so much as use a computer you built from off-the-shelf parts to rip a DVD to your hard drive, I think you could be charged with a crime, and this is even less of a gray area. I'm not saying who's right or wrong here (though I'm pretty sure it isn't the MPAA).

If PIPA (the Senate version of SOPA, essentially the same ghost-written web censorship bill) passes the Senate and gets sent to the House, Dailytech might get shut down just for posting a news story like this that suggests it might be possible to circumvent copy protection.

Why military Security threat?
By Magnus909 on 11/29/2011 2:43:29 PM , Rating: 2
The researchers say this could pose a security threat to the military or government agencies.

What in the world has hdcp got to do with military or government agencies?

So the board....
By SlickRoenick on 11/28/11, Rating: -1
RE: So the board....
By rebound11 on 11/28/2011 10:59:00 AM , Rating: 2
I have absolutely no clue where you got that idea... but apparently neither you or the author know anything about FPGAs.

RE: So the board....
By quiksilvr on 11/28/2011 11:27:33 AM , Rating: 4
Probably the green, blue and pink parts shown on the chips. Looks like the inputs/outputs you see on a sound card.

RE: So the board....
By Cypherdude1 on 11/28/2011 2:59:32 PM , Rating: 3
....was a soundcard?

Your post made me curious so I did a qwickie search and found it. It's made by Diligent called the "Atlys™ Spartan-6 FPGA Development Board":

It's not a conventional sound card because it doesn't plug into a PCI or PCIe slot. However, it does have:
One Vmod™ (high-speed VHDC) connector
One 12-pin Pmod™ connector
One RJ-45 connector for 10/100/1000 Ethernet PHY and RS-232 serial
Two HDMI video input ports & two HDMI output ports
Two on-board USB2 ports for programming & data transfer
AC-97 audio with line-in, line-out, mic, & headphone

It also has:
GPIO includes 8 LEDs , 6 buttons, & 8 slide switches
Ships with a 20W power supply and USB cable

I'm not an engineer but this is an interesting board. They must use this board to develop all kinds of interesting hardware applications:
The Atlys circuit board is a complete, ready-to-use digital circuit development platform based on a Xilinx Spartan 6 LX45 FPGA. The on-board collection of high-end peripherals, including Gbit Ethernet, HDMI Video, 128Mbyte DDR2 memory array, audio and USB ports make the Atlys board an ideal host for complete digital systems built around embedded processors like Xilinx’s MicroBlaze. Atlys is fully compatible with all Xilinx CAD tools, including ChipScope, EDK, and the free WebPack, so designs can be completed with no extra costs.

I guess if you would like to learn and design firmware you could buy this board as a hobby or, as someone mentioned below, as a student. I wonder which software you use to program it. Do you program it in assembly language? It costs $349.00 or $199.00 for students.

RE: So the board....
By MrTeal on 11/28/2011 3:25:52 PM , Rating: 2
You'd probably program it using Verilog or VHDL, though there are other ways to do it.

RE: So the board....
By ForceCredit on 11/28/2011 4:10:46 PM , Rating: 3
Like I mentioned earlier, the board does absolutely nothing in its base form. FPGA development boards come with a slew of chips attached to them so that you might use a board to prototype any number of different kinds of machines.

There is no processor and the board is not a computer of any kind. The Ethernet PHY doesn't enable networking, the RS-232 interface doesn't enable serial communication, the USB port doesn't let you use a USB device with it (or use itself as a USB device), and the AC97 codec doesn't generate audio.

Nothing at all happens until you design a state machine that interacts with those various chips in ways which make them do something. This is done purely by toggling signal pins high and low in patterns that cause the chip on the other end to respond in a predictable way. These state machines are written in HDLs (hardware descriptive languages) like Verilog and VHDL, not software programming languages. The syntax is similar in a lot of ways, but the fundamentals about what you're actually doing with the code are very different.

FPGAs are like an ASIC made out of Playdoh. They don't execute instructions when you program them. What you do instead is program them with a logical electrical model which is loaded into the device's cells. These cells contain inputs, outputs, and a LUT. The cells can be made to change their outputs depending on what the inputs are. When you stick a bunch of those together, you create a digital logic system--a state machine. You could create a CPU that executes instructions inside the FPGA itself, but the FPGA is not itself analogous to a computer.

On a side note, the FPGA itself is about a $50 chip when purchased in quantities of 1. The rest of the cost goes to whatever else is on the board and profit for Digilent. It's worth noting that you could make your own board without the stuff you don't need for about $20.

RE: So the board....
By Fritzr on 11/28/2011 10:54:41 PM , Rating: 2
Some of those "state machines" ARE micro-processors. At least one real computer has been released using an FPGA as a 'programmable' CPU allowing programs to be run on multiple chip architectures that can be soft-loaded.

Known as the C-1, the machine was designed as a hardware emulation of the C-64 and can load other state machines also.

The DTV uses an ASIC (factory programmed gate array) in a similar manner. It would be possible to substitute an FPGA for the ASIC in the DTV design.

A research machine made for the military used 1 FPGA to do image processing that required multiple custom chips. The design reprogrammed the FPGA between processing stages ... FPGA based computers are very versatile :)

In this case the FPGA was loaded with a state machine that emulates a licensed HDMI 1.x connection. The next step will be to design a state machine that emulates a licensed HDMI 2.x connection and publish the code. When that is done, HDMI will no longer be a secure connection :)

This article does not say a CPU is included in the emulation, but if one is required an FPGA can be a CPU.

RE: So the board....
By ForceCredit on 11/29/2011 10:19:54 AM , Rating: 2
I did mention that you could do that in the post you replied to. heh

It's even something most FPGA manufacturers will throw at you for free that you're welcome to load into projects and use (*Blaze from Xilinx, Nios from Altera, etc). I've created them (CPUs, entire computers) from scratch myself in my own projects using Xilinx FPGA products, actually. I'm definitely aware of it.

RE: So the board....
By JasonMick on 11/28/2011 12:20:02 PM , Rating: 2
I have absolutely no clue where you got that idea... but apparently neither you or the author know anything about FPGAs.
That a silly comment. I own a Spartan 3 Xilinx board from Digilent. Haven't used it years, but I programmed loads of designs back in my undergrad years, though mostly boring stuff like checkout machine software chips.

To be honest I remember the basics, but would need a refresher to do anything serious.

I had a buddy who did essentially a 3D maze game on a Spartan 3, complete with raytracing. Now THAT was sweet.

RE: So the board....
By JasonMick on 11/28/2011 12:21:14 PM , Rating: 2
s/That a/That's a/g

Darn, typos...

RE: So the board....
By ForceCredit on 11/28/2011 11:07:27 AM , Rating: 4
An FPGA is essentially a blank slate. That board is an FPGA evaluation board, meaning it has an FPGA on it and a bunch of commonly-used chips paired with it. That usually includes stuff like DACs, flash memory, switches, LEDs, RAM, Ethernet support chips, various transceivers, etc. The idea is to let a developer buy an inexpensive board and play with it to see if they can do what they want with the chip before designing and building custom boards.

In short, no, it's not a "sound card". Until you design a state machine in some supported HDL like Verilog or VHDL, the board is basically a brick that does absolutely nothing.

RE: So the board....
By AlvinCool on 11/28/2011 11:38:34 AM , Rating: 2
That's not a sound card. It's an Atlys Spartan-6 FPGA Development Board

RE: So the board....
By rpierce on 11/28/2011 12:56:10 PM , Rating: 4
I know what this is...
This is an espresso machine.
No, no wait. It's a snow cone maker.
Is it a water heater?

RE: So the board....
By Hieyeck on 11/28/2011 2:06:05 PM , Rating: 2


RE: So the board....
By FITCamaro on 11/28/2011 2:15:39 PM , Rating: 1
/Holds gun to wives head.

RE: So the board....
By ekv on 11/28/2011 8:35:51 PM , Rating: 2
Wife's (possessive) or Wives (plural) ?


RE: So the board....
By Master Kenobi on 11/29/2011 6:22:34 AM , Rating: 2
Plural of course, just as any bloke would hope for.

RE: So the board....
By MrBlastman on 11/29/2011 12:46:44 PM , Rating: 2
Two times the headache? Really?

RE: So the board....
By mostyle on 11/30/2011 1:21:42 AM , Rating: 2
Not really.. Just opt for the deluxe version..

They are twin mutes...

RE: So the board....
By bug77 on 11/30/2011 4:28:06 PM , Rating: 2
Two mothers in law FTL!

RE: So the board....
By angryplayer on 12/1/2011 12:00:49 AM , Rating: 2
Unless they're hot sisters...?

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton
Related Articles
AnyDVD HD Defeats HD DVD Copy Protection
February 19, 2007, 11:37 AM
First Real HDCP NVIDIA Cards
June 7, 2006, 3:32 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki