Intel's HDCP DRM Scheme Defeated by a Single Sub-$300 FPGA
November 28, 2011 10:25 AM
comment(s) - last by
Researchers say pirates will likely use easier routes to crack the scheme, but that espionage risk is possible
Intel Corp. (
) has enjoyed a profitable ride off its
High-bandwidth Digital Content Protection (HDCP) hardware
, which sits inside nearly every TV/computer monitor with HDMI or DVI input. The HDMI/DVI chips with HDCP functionality open a secure encrypted channel from a source (e.g. a Blu-ray player) to a computer monitor or TV.
I. Defeating HDCP Was Easy
other content protection schemes were defeated
, HDCP hung strong. But in 2010, the
master key leaked for HDCP
giving the world the first hope of cracking the scheme. But Intel reassured its partners that they had nothing to worry about -- they laughed that unless would-be hardware hackers "made a computer chip" the scheme would be safe.
The only thing they forgot about was the growing amount of cheap reprogrammable chips known as field programmable gate arrays (FPGAs), which allow you to quickly make and test chip designs in software.
Using an ATLYS board manufactured by a company named Digilent, researchers at the
(RUB) -- a college in the town of Bochum, located roughly 2 hr. and 15 min. northwest of Frankfurt -- were able to carry out a-man-in-the-middle attack, with the FPGA posing as a legitimate interface chip and going undetected.
Prof. Dr.-Ing. Tim Güneysu, the principal investigator and senior author of the work
[press release], "We developed an independent hardware solution instead, based on a cheap FPGA board. We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver."
The ATLYS board cost only 200€ (~$267). The board comes with a Xilinx, Inc. (
) Spartan-6 series FPGA, DRAM, HDMI interfaces, and a serial RS232 port. Most of the work on the project was carried out by final-year student Benno Lomb.
The little board that slew HDCP 1.x. [Image Source: RUB]
Dr.-Ing. Güneysu summarizes Intel's claims of invulnerability as foolish arrogance. He states, "[O]ur intention was to fundamentally investigate the safety of the HDCP system and to financially assess the actual cost for the complete knockout. The fact that we have achieved our goal in a degree thesis and with material costs of approximately 200 Euro definitely does not speak for the safety of the current HDCP system."
II. The Current Dangers -- Piracy, Not so Much, Espionage Maybe.
The work will be presented at the international security conference
in Cancun, Mexico, which is being held between Nov. 30 (Wed.) and Dec. 2 (Fri.).
It is unknown whether the team will publish their FPGA code, which could allow pirates and hardware hackers to buy FPGAs and defeat the protection. However, they insist that their goal was not to promote piracy. They say there's other far simpler ways of defeating HDCP available to pirates.
In October 2008 Intel
HDCP 2.0, which provides additional protection against this kind of attack. The hardware is currently on HDCP 2.1. But legacy systems abound and remain vulnerable to the HDCP 1.x capable attacks. The researchers say this could pose a security threat to the military or government agencies.
This article is over a month old, voting and posting comments is disabled
RE: So the board....
11/28/2011 11:07:27 AM
An FPGA is essentially a blank slate. That board is an FPGA evaluation board, meaning it has an FPGA on it and a bunch of commonly-used chips paired with it. That usually includes stuff like DACs, flash memory, switches, LEDs, RAM, Ethernet support chips, various transceivers, etc. The idea is to let a developer buy an inexpensive board and play with it to see if they can do what they want with the chip before designing and building custom boards.
In short, no, it's not a "sound card". Until you design a state machine in some supported HDL like Verilog or VHDL, the board is basically a brick that does absolutely nothing.
"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA
High-Def. DRM Master Key Crack Confirmed by Intel
September 17, 2010, 11:48 AM
AnyDVD HD Defeats HD DVD Copy Protection
February 19, 2007, 11:37 AM
First Real HDCP NVIDIA Cards
June 7, 2006, 3:32 PM
Windows 10 to Get New Features in October Service Release 2 (SR2)
July 30, 2015, 5:50 PM
Nintendo CEO Satoru Iwata's Passing Gives the Internet the Feels
July 14, 2015, 4:48 PM
German Xbox Fan Busted for Roofie-ing Girlfriend to Get More Gaming Time
July 8, 2015, 11:45 PM
Reports: Windows 10 RTM Build Will be Delivered by Friday
July 6, 2015, 1:01 PM
Windows XP, Vista Users Can Get Free Windows 10 Upgrade Thanks to Loophole
June 23, 2015, 2:23 PM
Microsoft Plays the Field, Backs Valve's VR Push, Too
June 16, 2015, 5:51 PM
Most Popular Articles
Quick Note: Apple Watch to Get Brick and Mortar Boost From Best Buy
July 27, 2015, 3:00 PM
Exclusive: If Intel and Micron's "Xpoint" is 3D Phase Change Memory, Boy Did They Patent It
July 29, 2015, 10:52 PM
As iPad Sales Wane and Watch Flops, iPhone Saves Apple's Profit With Its Heroics
July 22, 2015, 6:13 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Microsoft July 29 Windows 10 Launch: Freebies, Rollout, and What's Next
July 21, 2015, 2:40 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information