Forgot your password?
typodupeerror
Movies Piracy Security Hardware Your Rights Online

HDCP Master Key Is Legitimate; Blu-ray Is Cracked 1066

Posted by timothy
from the maybe-now-I'll-want-a-player dept.
adeelarshad82 writes "Intel has confirmed that the leaked HDCP master key protecting millions of Blu-ray discs and devices that was posted to the Web this week is legitimate. The disclosure means, in effect, that all Blu-ray discs can now be unlocked and copied. HDCP (High Definition Content Protection), which was created by Intel and is administered by Digital Content Protection LLP, is the content encryption scheme that protects data, typically movies, as they pass across a DVI or an HDMI cable. According to an Intel official, the most likely scenario for a hacker would be to create a computer chip with the master key embedded it, that could be used to decode Blu-ray discs."
This discussion has been archived. No new comments can be posted.

HDCP Master Key Is Legitimate; Blu-ray Is Cracked

Comments Filter:
  • not protects (Score:5, Insightful)

    by Lord Ender (156273) on Thursday September 16, 2010 @10:03PM (#33606966) Homepage

    content encryption scheme that protects data

    It restricts data. It restricts my rights. It does not protect anything.

  • G'huh? (Score:5, Informative)

    by DeeKayWon (155842) on Thursday September 16, 2010 @10:03PM (#33606968)
    What does this specifically have to do with Blu-ray? The discs themselves use AACS for encryption. The link from the player to the display is what uses HDCP.
    • Re:G'huh? (Score:3, Insightful)

      by tentimestwenty (693290) on Thursday September 16, 2010 @10:05PM (#33606980)
      So you record the stream from the player to the display. No big difference.
      • Re:G'huh? (Score:5, Informative)

        by Jah-Wren Ryel (80510) on Thursday September 16, 2010 @10:12PM (#33607030)

        So you record the stream from the player to the display. No big difference.

        It implies a lossy decode and re-encode rather than a bit-for-bit copy.

        However, 99.9% of all bluray pirating seems to be lossy re-encodes anyway - mainly for the size reduction. When done well, those re-encodes are essentially indistinguishable from the originals (It helps that x264, the pirate's encoder of choice, just happens to be the most efficient h264 implementation that is generally available - so the pirated versions have a better picture-quality-to-size ratio than then legitimate releases which are used as source material for the pirated versions).

      • Re:G'huh? (Score:5, Insightful)

        by adolf (21054) <flodadolf@gmail.com> on Thursday September 16, 2010 @10:14PM (#33607048) Journal

        So you record the stream from the player to the display. No big difference.

        It's the difference between copying an unmodified MPEG (or VC1) stream at whatever rate your machine can muster, or recording the uncompressed output of such a stream at no faster than real-time.

        The former is lossless, smallish, and fast. The latter is lossless only if you can keep up with and store the intense datarate, or is lossy if you recompress it, and it always takes as long to record as the playing-length of the source.

        Big differences. Huge, giant, overwhelming differences, in fact.

  • challenge (Score:5, Insightful)

    by TheSHAD0W (258774) on Thursday September 16, 2010 @10:04PM (#33606978) Homepage

    http://www.engadget.com/2010/09/16/confirmed-intel-says-hdcp-master-key-crack-is-real/ [engadget.com]
    (original article /.'d)

    "For someone to use this information to unlock anything, they would have to implement it in silicon -- make a computer chip," Waldrop told Fox News, and that chip would have to live on a dedicated piece of hardware -- something Intel doesn't think is likely to happen in any substantial way.

    I think we've got a new challenge here! Props to the first person to post an easy hardware/software system for intercepting and decoding HDTV signals.

  • by Dr_Banzai (111657) on Thursday September 16, 2010 @10:05PM (#33606982) Homepage
    Where can I buy the t-shirt?
  • by symbolset (646467) on Thursday September 16, 2010 @10:05PM (#33606986) Journal

    Intel now approaching release on an even newer, even better DRM system developed with secret AI Heuristics obtained in their recent acquisition of McAfee. A spokesman, who asked not to be identified, said "Trust us! This time we'll defeat those nasty pirates for sure!" The Intel technology is rumored to be based on quantum cryptography, 2Gbit keys, and something which is referred to as a "negative entropy hash".

    In response we've asked Tim Jones of The Pirate Bay to comment. "Goodness. Whatever will we do? We'll never be able to decode that. Oh, wait. Those torrents come from unencrypted masters before they went to production. They're not cracked, they're leaked. Never mind. No worries."

    Sony, BMG and Viacom are said to be in negotiations to license the technology.

  • TFS is confusing (Score:5, Informative)

    by adolf (21054) <flodadolf@gmail.com> on Thursday September 16, 2010 @10:06PM (#33606990) Journal

    TFS talks about using the HDCP master key to decode Blu-Ray.

    But, really, HDCP has nothing to do with Blu-Ray in particular -- it's protection for a transmission format, not a storage format. The availability of this key means nothing with regards to Blu-Ray.

    So, I've been wondering for the past few days: What, exactly, can this HDCP master key do for folks? Does it automagically allow us to decode HDCP-protected content on a DVI or HDMI cable? Or does it allow us to merely sign our own HDCP devices given an appropriate amount of hackery?

    • Re:TFS is confusing (Score:5, Informative)

      by je ne sais quoi (987177) on Thursday September 16, 2010 @10:28PM (#33607138)

      What, exactly, can this HDCP master key do for folks?

      It will allow me to watch my legally purchased blu-ray discs using my legally purchased blu-ray drive on my old, non-HDCP compliant monitor. I am forced to break the law just because my monitor is too old: In the past, I couldn't use a program like powerDVD to watch my blu-ray discs at full resolution because it would notice my monitor wasn't compliant. That meant obtaining an AACS key for the blu-ray disc and using a program like dumphd, anydvd or dvdfab to make a copy of the data on the disc to my hard drive which didn't had HDCP. Now, I could conceivably still have to violate the DMCA, but by faking my monitor's HDCP compliance so powerDVD or another program can watch the video.*

      * I'd just like to point out that I'll still break the DRM because there is not a blu-ray reader for linux that works reliably.

    • Re:TFS is confusing (Score:5, Informative)

      by earthforce_1 (454968) <earthforce_1 @ y a h o o . c om> on Thursday September 16, 2010 @10:31PM (#33607160) Journal

      Any DRM system is only as good as the weakest link in the chain. BD+ doesn't have to be broken, only one link in the chain and the whole thing falls apart. You just need a little HDCP stripper box between the legal blue ray player, and whatever you are using to copy. And there is now no physical way to invalidate the keys in the HDCP stripper box. They box could identify itself with an infinite number of working keys generated each time it is powered up. As mentioned in an earlier thread, the unencrypted raw stream can then be recompressed/encoded into any desired format. (Including BD+ and AACS free Bluray) As mentioned earlier, any good HW engineering student armed with the specs and an FGPA could make one.

      The only way to stop this would be to start over with a new master key, which would brick every existing HDCP encumbered piece of hardware out there.

  • You mean this one? (Score:5, Informative)

    by sethstorm (512897) on Thursday September 16, 2010 @10:07PM (#33607004) Homepage

    Unless /. mangles it, it should be the exact same.

    HDCP MASTER KEY (MIRROR THIS TEXT!)

    This is a forty times forty element matrix of fifty-six bit
    hexadecimal numbers.

    To generate a source key, take a forty-bit number that (in
    binary) consists of twenty ones and twenty zeroes; this is
    the source KSV. Add together those twenty rows of the matrix
    that correspond to the ones in the KSV (with the lowest bit
    in the KSV corresponding to the first row), taking all elements
    modulo two to the power of fifty-six; this is the source
    private key.

    To generate a sink key, do the same, but with the transposed
    matrix.

    6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
    82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
    1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
    b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
    2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
    672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
    07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
    1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70

    3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
    4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
    cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
    80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
    10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
    f5459f177591d9 08748f861098ef 287d2c63bd809e e6a28a6f5d000c 7ae5964a663c1b
    0f15f7167f56c6 d6c05b2bbe8800 544a49be026410 d9f3f08602517f 74878dc02827f7
    d72ef3ea24b7c8 717c7afc0b55a5 0be2a582516d08 202ded173a5428 9b71e35e45943f

    9e7cd2c8789c99 1b590a91f1cffd 903dca7c36d298 52ad58ddcc1861 56dd3acba0d9c5
    c76254c1be9ed1 06ecb6ae8ff373 cfcc1afcbc80a4 30eba7ac19308c d6e20ae760c986
    c0d1e59db1075f 8933d5d8284b92 9280d9a3faa716 8386984f92bfd6 be56cd7c4bfa59
    16593d2aa598a6 d62534326a40ee 0c1f1919936667 acbaf0eefdd395 36dbfdbf9e1439
    0bd7c7e683d280 54759e16cfd9ea cac9029104bd51 436d1dca1371d3 ca2f808654cdb2
    7d6923e47f97b5 70e256b741910c 7dd466ed5fff2e 26bec4a28e8cc4 5754ea7219d4eb
    75270aa4d3cc8d e0ae1d1897b7f4 4fe5663e8cb342 05a80e4a1a950d 66b4eb6ed4c99e
    3d7e9d469c6165 81677af04a2e15 ada4be60bc348d dfdfbbad739248 98ad5986f3ca1f

    971d02ada31b46 2adab96f7b15da 9855f01b9b7b94 6cef0f65663fbf eb328e8a3c6c5d
    e29f0f0b1ef2bf e4a30b29047d31 52250e7ae3a4ac fe3efc3b8c2df1 8c997d15d6078b
    49da8b4611ff9f b1e061bc9be995 31fd68c4ad6dc6 fd8974f0c506dd 90421c1cd2b26c
    53eec84c91ed17 5159ba3711173b 25e318ddceea6a 98a14125755955 2bb97fd341cea2
    3f8404769a0a8e bce5c7a45fb5d4 9608307b43f785 2a98e5856afe75 b4dbead4815cac
    d1118af62c964a 3142667a5b0d14 6c6f90933acd3d 6b14a0052e2be4 1b1811fda0f554
    12300aa7f10405 1919ca0bff56ea d3e2f3aad5250c 4aeeea5101d2ec 377fc499c07057
    6cb1a90cdb7b11 3c839d47a4b814 25c5ac14b5ec28 4ef18646d5b9c2 95a98cc51ebd3b

    310e98028e24de 092ffc76b79f44 0740a1ca2d4737 b9f38966257c99 a75afc7454abe4
    a6dd815be8ccbf ec2cac2df0c675 41f7636aa4080f 30e87b712520fd d5dfdc6d3266ac
    ee28f5479f836f 0bf8ee2112173f 43ae802fa8d52d 4e0dffd36c1eac 3cbda974bb7585
    fb60a4700470e3 d9f6b6083ef13d 4a5840f02d0130 6c20ef5e35e2bf dad2f85c745b5b
    61c5ddc65d3fc9 7f6ec395d4ae22 2b8906fb3996e2 e4110f59eb92ac 1cb212b44128bb
    545afda80a4fd1 b1ffea547eab6b fac3d9166afce8 3fe35fe17586f2 9d082667026a4c
    17ffaf1cb50145 24f27b316acfff b6bb758ec4ad60 995e8726359ef7 c44952cb424035
    5ec53461dbd248 40a1586f04aee7 49ea3fa4474e52 c13e8f52c51562 30a1a70162cfb8

    ccbada27b91c33 33661064d05759 3388bb6315b036 0380a6b43851fb 0228dadb44ad3d
    b732565bc37841 993c0d383cfaae 0bea49476758ac accc69dbfcde8b f416ab0474f022
    2b7dbcc3002502 20dc4e67289e50 0068424fde9515 64806d59eb0c18 9cf08fb2abc362
    8d0ee78a6cace9 b678

  • Huh? (Score:4, Insightful)

    by DDLKermit007 (911046) on Thursday September 16, 2010 @10:07PM (#33607006)
    No hacker is going to give a crap about this. It's so much easier to just rip the data directly from the disk. Plus, anyone in their right minds is usually going to just get the DVD anyways if they are going rip it. Likely going to downsample it anyways since the full resolution file is obnoxiously large. All this realistically would allow for is for people to make an HDMI to Component conversion box which is one of those DMCA grey zones. The underlying technologies of DVD & Blue Ray encryptions were compromised ages ago.
    • Chinese Player (Score:5, Interesting)

      by aepervius (535155) on Thursday September 16, 2010 @11:33PM (#33607494)
      Chinese player will care, and will be able to CHURN out *CHEAP* Blue ray player and undercu5t the big boy which paid their license. Some country might restrict the import, but you know as well as me that they will fight a losing battle as people will find way to buy those in neighbor lands and import them illegally.

      So. Yeah. Putting the code in a chip is what is the immediate danger for the big player, not the oft cited "copyer" which bit torrent stuff.
  • Eh? (Score:5, Insightful)

    by wampus (1932) on Thursday September 16, 2010 @10:10PM (#33607020)

    Now we all need to buy new TVs and Blu-Ray players with HDCP2 support. You fuckers should have just caved and got a new 3D TV when they were trying to drive uptake the polite way.

    • No not so much (Score:5, Insightful)

      by Sycraft-fu (314770) on Thursday September 16, 2010 @11:07PM (#33607346)

      They've already had trouble selling HD technology. Were they to just invalidate everything and declare you had to buy new stuff this would not only lead to lawsuits, but just difficulty on the consumer market. If someone already has their TV and Blu-ray player they aren't going to rush out and buy a new one. The content producres will release for what people have, or they'll get no business, thus they'll keep making older formats.

      You might notice that DVDs aren't gone, nor for that matter are CDs. The media industry loved the DVD-Audio idea because they had better protection (CPPM) and of course CDs had none. Problem was they couldn't move DVD-A players. Very few people outside of audiophiles bought them. As such the content kept being produced for CD because it was that or have almost no sales.

      As I said, Blu-ray is proving to be somewhat of a hard sell as it is, since all it offers is a better picture (DVD offered a ton of better features). If they just said "Nope, you have to buy all new hardware," it would be a total non-starter. People wouldn't buy the HDCP2 players, since they'd have HDCP1 TVs and they'd want them to work. Thus electronics companies wouldn't be interested in selling HDCP2 players. Since people wouldn't have HDCP2 players, you couldn't make discs require HDCP2 or nobody could play them.

      Things can be forced on consumers only in certain circumstances. All the encryption on Blu-ray worked because nobody really noticed, it was just a part of the format. Likewise HDCP wasn't something most people encountered problems with only the early adopters got fucked. However you now have a massive installed base of HDCP TVs, and growing every day. Try to screw that over and it just won't work. Your shit won't sell and if it won't sell, companies will stop making it.

  • by anUnhandledException (1900222) <davis.gerald@NosPaM.gmail.com> on Thursday September 16, 2010 @10:53PM (#33607286)

    All digital content ultimately ends up as an HDMI stream protected by HDCP.

    With HDCP compromised that stream can eventually be captured. All that needs to happens is for a company to make a NON-HDCP compliant capture card which just happens to be easily flashable. Think they might end up selling a lot of those? Think some companies in asia would be willing to make that "mistake".

    This goes beyond Bluray. Want to get HD quality capture of your favorite HBO show, or maybe some first -release movie rentals (movies rented while still in theaters)?

    Everything ends up as an HDMI stream protected by HDMI

    The claim that it would be too much bandwidth or too large is just silly.

    1920 x 1080 x 24 bits per pixel x 24 fps = 145MB/sec. Fast but not beyond a RAID.
    120 minutes of 1080p 24fps uncompressed is roughly a terrabyte. Large but once again not beyond current disk systems.

    1) capture the stream
    2) dump it to disc
    3) re encode with a good multi pass encoder to any format, size, resolution, and bitrate you want.

    While not 1:1 it can be virtually indistinguishable from the original.

    Sure hacking the compressed copy makes duplication easier and faster but the media protection is always changing. This is the unversal hack. If it is video it can now be captured *nearly* perfectly.

    • by Impeesa (763920) on Thursday September 16, 2010 @11:34PM (#33607504)

      All digital content ultimately ends up as an HDMI stream protected by HDCP.

      With HDCP compromised that stream can eventually be captured. All that needs to happens is for a company to make a NON-HDCP compliant capture card which just happens to be easily flashable. Think they might end up selling a lot of those? Think some companies in asia would be willing to make that "mistake".

      Kind of funny, when you think about it. Used to be that the shady Chinese knockoffs were the less useful hardware, because they wouldn't go to the extra effort to make them work right. Now, it's easy to conceive a scenario in which the cheap stuff is the most functional, because they won't go to the extra effort to properly break them.

      • by Jiro (131519) on Friday September 17, 2010 @12:48AM (#33607858)

        Used to be that the shady Chinese knockoffs were the less useful hardware, because they wouldn't go to the extra effort to make them work right. Now, it's easy to conceive a scenario in which the cheap stuff is the most functional, because they won't go to the extra effort to properly break them.

        This has long since been true for DVDs just because of region coding. Cheap Chinese manufacturers think nothing of hiding a secret menu or option which lets you make your player region-free.

  • by saiha (665337) on Thursday September 16, 2010 @11:11PM (#33607362)

    Just like digital audio and DVDs, Blu-ray will no longer be a profitable media.

  • Interesting (Score:5, Insightful)

    by dcposch (1438157) on Thursday September 16, 2010 @11:17PM (#33607394)

    It seems to me that many media companies are in denial about a simple fact--you can't share a secret with a million people and expect them to keep it.

    Want to send your account password to your bank? One sender, one trusted recipient, and a world of potential eavesdroppers. That's a problem crypto can solve.

    But if the final destination of your precious content is every Joe's TV, iPod, and computer screen, any "encryption" you have between here and there is fundamentally futile. It only takes one of those Joes to start seeding it on BitTorrent, and the more annoying you try make the DRM, the more likely people will be to simply use that as their source instead of paying you.

    Besides, after all that work designing and implementing a complex DRM scheme, every single frame of that movie you just sold me is gonna be rendered to my computer's framebuffer. Which gets sent to the display driver. Which is... drumroll... whatever I felt like installing. In theory, I can make my own driver that writes an AVI. So even in theory, DRM is broken.

    It's the same kind of denial that leads companies to think streaming video is meaningfully different from just giving me a file to download. If you're sending the bits to my computer, you cannot possibly control what I subsequently do with them.

    IMO, the RIAA could make so much more money if they just accepted filesharing as fact and focused on monetizing it. They should look at the bright side--way more people are listening to way more music now than they did back in the day when songs came in plastic cartridges and brick-sized Walkmen roamed the earth. Organize some shows. Sell some merchandise. Sell me a DVD that has awesome-quality 24K soundfiles on it. Get your song on the next Rock Band.

    A couple of weeks ago, I went to Lollapalooza 2010. It was awesome, worth every penny of the $180 I paid. How did I decide to go? I found a bunch of the lesser-known artists on Youtube, and liked what I saw. They earned their cash. The record execs, trying to prop an obsolete business model with lawsuits, did not.

  • Side Effect (Score:4, Interesting)

    by tabdelgawad (590061) on Thursday September 16, 2010 @11:48PM (#33607570) Homepage

    Perhaps they can now stop worrying about plugging the analog hole.

  • Hear that sound? (Score:4, Insightful)

    by goodmanj (234846) on Friday September 17, 2010 @12:08AM (#33607670)

    Somewhere, right now, in a corporate office somewhere, the wrong heads are rolling.

  • by MassacrE (763) on Friday September 17, 2010 @12:40AM (#33607816)

    People seem to think that this was done for piracy, or done by extraordinarily clever hackers through a lot of time and pain.

    Thats all bunk. The whole reason people hack these master keys is to sell a butt-load of t-shirts.

  • by gnasher719 (869701) on Friday September 17, 2010 @02:47AM (#33608344)
    It seems these guys don't know what HDCP actually does.

    With the HDCP master key, one can build hardware that decrypts HDCP encrypted signals (that is the easy and well documented part) and is accepted by the HDCP encoder on the other side (that is the hard part). You still need rather sophisticated hardware. Not that easily built by your average software hacker.

    That in turn allows you to record the signal coming out of your video card or Bluray player. That's about 200 MB per second. I don't have any hardware lying around that can record the output of a DVI card for two hours and neither does your average slashdot poster.

    So this doesn't allow _you_ to backup your Blu ray discs. It will allow some rather sophisticated pirate organisation to pirate Blu ray discs, and they will produce Blu ray discs that again you cannot copy. So you as the end user won't gain anything from this.
  • Okay (Score:5, Insightful)

    by ledow (319597) on Friday September 17, 2010 @03:26AM (#33608504) Homepage

    Right, now all I need is for someone to build a complete HDCP stripper, emulate/strip BD+ completely, supply cheap BD-R/RW drives and media, give me a few cheap HDMI cables, a new "HD-ready" TV, and a free voucher for the BluRay version of every movie that I already "own" on DVD and I'm ready to join the HD era.

    Hell, I still can't see the extra pixels at my comfortable viewing distance (so I "must be blind"), but I have to get with technology apparently. Apparently my 1440x900x32-bit display, fed via a VGA cable, or SCART, or composite, is "obsolete" and not as good quality as me having a digital cable, despite decades of viewing to the contrary. Apparently being able to watch *anything*, not having to worry about where I bought the disk, not having to fight with new cabling that does a lesser job of simply putting some images on my screen, and being able to backup all my movies is "old-hat". Oh, and I have to pay an extra X amount per month, plus new decoder hardware, in order for them to send me a slightly higher quality signal down my aerial/satellite dish/cable. In the case of FreeView, that means second-generation hardware too. Not wanting that apparently makes me "cheap".

    I don't own Blu-ray hardware, don't own "HD ready" kit, and I don't miss it. My normal computer monitors have been "HD" for decades, you just want to add fancy definitions and restrictions so that it's "Movie Industry HD" instead of "HD". When you solve these problems, you'll see the boom in HD adoption that you are desperately hoping for.

    Movie companies: The deal in the past was always "I give you about £20, you let me watch that movie wherever I take the disc/tape, on whatever hardware I want, and I promise not to copy it". That sufficed for about 40 years. If you're not willing to keep up your end of the bargain any more, then I won't keep up mine. My morals and job require me not to break the last promise, so I just won't give you the £20 (which is creeping closer to £40 now) OR watch your movie. Deal? Last time I went to the cinema was over a year ago, and that was because I was passing, was bored, was with someone and we needed to fill a few hours until the restaurant opened. The movie we saw was a heap of crap but wasted a few hours. I can't even *name* any movies that come out in 2010. I don't feel I've missed out, though.

  • by AceJohnny (253840) <jlargentaye@ g m a i l . c om> on Friday September 17, 2010 @03:49AM (#33608638) Journal

    People are confusing this master key that breaks HDCP, saying it can help decrypt Blu-Ray discs. That's not the case: Blu-Ray is encrypted with AACS, which has a similar concept of device keys derived by a master key. AACS has a mechanism of revoking compromised device keys. Getting the AACS master key would bypass that mechanism, and would be great news.

    This key isn't the AACS master key This is an HDCP key, which would allow one to create a "unauthorized" device that can connect to HDCP-encrypted HDMI and succesfully decrypt the HD stream.

    HDCP has been known to be nearly broken since 2001 [cryptome.org], in that obtaining the device keys of 40-50 devices is enough to calculate the master key.

Did you know that for the price of a 280-Z you can buy two Z-80's? -- P.J. Plauger

Working...