Intel Confirms HDCP Master Key Is Out
from the oops dept
We were among the many folks who wrote about the supposed leak of the HDCP master key this week, leading to an interesting discussion in the comments — including a comment from a big time DRM supporter (he’s even written a book about DRM) who scolded us for getting the whole story wrong, insisting that there was no such thing as a master key and that Hollywood never would have agreed to HDCP if there were such a thing. This struck me and some others as odd, as many of us have followed the discussions on HDCP, and I tended to believe Ed Felten’s explanation of how HDCP works, which indicated that there was, in fact, a master key. That was from a few years ago, but Felten also just posted another explanation about how HDCP works, and it still seems to involve a master key.
And, now, Intel is apparently confirming that the leak is, in fact, the master key. So, at this point, I’m going to have to assume that the DRM expert and the scolding were wrong, and that there is, in fact, a master key… and it’s been leaked. Good thing the FCC gave the MPAA the okay to break your TV and DVR to release movies that would be “protected” by HDCP, huh? As Michael Weinberg points out, the FCC has now broken a bunch of TVs for nothing:
Today, it looks like HDCP — the DRM that the MPAA insisted was required to allow them to securely distribute movies prior to DVD release — has been broken. As a result, anyone who is motivated can make an exact digital copy of a “protected” high definition movie. Since all it takes is one motivated individual to make that first copy, this DRM (like every type of DRM before it) now serves absolutely no purpose but to inconvenience legitimate customers.
In May, I wrote that “Studios are asking the public to trade the use of any analog inputs on their devices for more magic beans.” The FCC accepted that trade. At the time, it looked like those magic beans at least pretended to have some powers to slow down copying. Today they have been revealed for what they really are — worthless.
Nice work, FCC.
Filed Under: cracked, drm, hdcp, master key
Companies: intel
Comments on “Intel Confirms HDCP Master Key Is Out”
The definition of insanity
Is doing the same thing over and over and expecting different results.
Prohibition never works.
Re: The definition of insanity
i have not failed, i’ve simply found 10,000 ways that won’t work.
Well, I guess it’s back to the drawing board for the DRM makers. They’ll have to roll out a “new” form of DRM that will effectively make the current hardware useless, while still providing no value to the consumer.
Maybe one day they will learn that every form of security, given enough time, WILL eventually be broken.
Re: Re:
If it can be unlocked, it can be broken.
Re: Re: Re:
This is true… However, my bet is that the next version will (like Steam) “require” internet connectivity. That way, when something like this occurs, you just replace the master key…
Oh. Wait. That’s how standard SSL works. Funny, that.
Then, that 4-second HDCP handshake will turn into 12 as all device certificates are validated at a central clearing house (I bet Verisign is frothing at the mouth for this).
Re: Re: Re: Re:
the key difference between SSL and any kind of DRM is the fact that with SSL both parties (the certificate holder and the certificate authority) want to maintain their trust relationship.
with DRM the consumer is also the attacker. the consumer doesn’t care if the relationship is maintained or not.
Re: Re: Re: Re:
my bet is that the next version will (like Steam) “require” internet connectivity.
Interestingly enough, there are tons of cracked copies of Half-Life 2 out there, and you can play those without needing an internet connection (the single-player campaigns, anyway).
What won’t those cracked copies do? Automatically install “updates” that break the game itself (happened with Episode 2 last year), or legal and encouraged third-party mods (like what happened last month, and hasn’t been fixed yet).
I love Half-Life, and I don’t even mind Valve that much, but this sort of behavior is just unacceptable. Hell, I’ve got a legit copy, and I’m thinking of finding a crack somewhere just so I can play those broken mods.
Re: Re: Re:2 Re:
@Chris: Well there’s more to it. There’s really 3 parties there in SSL: the browser (also, an attacker), the CA, and certificate holder. Everyone has to validate each other, and not a single one REALLY knows who each other is at the time that SSL is creating the secured connection. The same holds true with DRM, really. Splitting hairs though.
@Karl: The single player campaigns suck. The real fun begins when you get on line and play other humans. But yes, you’re right. You can play cracked copies without an internet connection – but you’re missing 80% (IMO) of the game…
Re: Re: Re:3 Re:
you can play cracked games online with other people via services like xlink-kai.
These people are totally blind. That ugly form of DRM was broken a long time ago and anyone with a few bucks can buy software to do it. Copy protection has never worked and it never will.
Funny how Bill Rosenblatt blames the hardware makers all using the same key. I thought they could change the key via an update to the device firmware. This would then make your blueray dvds unreadable. But no worry, because all you bought was a license and therefore they owe you a new dvd.
Re: Re:
Now lets see if that happens. If they update the key and your blueray disk will not play demand a new copy free of charge including shipping if they do not do this start a class action lawsuit for breach of contract.
DRM is a waste of time. You give people the cipher key and the code and tell them not to put the two together. It’s pretty obvious that’s not going to work for long.
the can change the key BUT
if they open that hole up you would begin to see cracked keys ….comparing old vs new you would in time be able to just generate a key….
It's all about control anyway...
DRM + DMCA = Hollywood Has Control
Cracked DRM + DMCA = Hollywood Still Has Control
With end-to-end DRM, Hollywood decides what devices, networks and software can legally play their content. That gives them leverage over companies like Samsung and Comcast, which is probably fine with them since the entrenched players all have a vested interest in preventing any disruptive new players from emerging.
Without some sort of illegal hack (that most people won’t do), I still won’t be able to record these first run movies on my Tivo. That is, of course, unless Hollywood lets Tivo decrypt the stream, which means Hollywood will dictate to Tivo (and me) how long I can keep it and how many times I can watch it. Many shows I record today can no longer be copied off of my Tivo since the shows remain “protected.” It doesn’t matter that Tivo could use a master key to capture a decrypted copy. Tivo would be in violation of anti-circumvention laws if they did. So would any start-up. It’s difficult for a start-up to get funded when it’s almost a sure thing that they’ll be on the loosing end of a lawsuit.
DRM is all about controlling other people’s legal business models.
(Sorry about being a broken record on this point, but I think it’s very important.)
Re: It's all about control anyway...
I was wondering when someone would bring up that point.
Here.
– Arduino can do it and I bet many people are already posting the instructions on how to build a HDMI compliant device that only needs to have the software flashed into it to replace the old HDMI that didn’t had HDCP in it.
– Hardware can be emulated in software, how long until some virtual machine gets and addon that makes it capable of copying anything.
Those things are not that hard, it inhibits companies from exploiting this not highly motivated people with the knowledge necessary to accomplish the task and when they do all will take advantage of that.
Re: Re: It's all about control anyway...
I don’t think Arduino is fast enough. You would need a fast enough DSP or FPGA, or at least a fast set of ADCs if you want to log the handshake and try to crack it later.
Re: Re: Re: It's all about control anyway...
An arduino with an arm processor is not fast enough?
Re: Re: Re:2 It's all about control anyway...
‘arduino’ is not a generic term. Arduino is a relatively cheap microcontroller + IDE package with a bunch of built in libraries.
Considering the length of that key…you’ll need a fairly hefty micro.
Re: Re: It's all about control anyway...
Both points are correct, there will be people breaking the DRM, ripping the content, and distributing it. AND, the media companies will continue to use the DMCA to squash competition, unless and until the anti-circumvention measures get repealed. OK, stop laughing.
Re: It's all about control anyway...
DRM is all about controlling other people’s legal business models.
Yes, I think you hit the nail on the head right there. Content industries don’t actually think DRM will prevent “piracy” (i.e. non-commercial, individual infringement).
They invest time, money, and lobbying pressure so that the content industries can legally force other businesses to accept their business model. Or if not, then at least pay the content industries boat-loads of cash.
If their legitimate customers are inconvenienced, who cares? Their most lucrative “customers” are not the end users, they’re the ISP’s, the hardware vendors, and the media startups.
Those media startups will usually fail, because they can’t afford the blackmail-level rates demanded by the content industry. But if they do, again, who cares? The content industry still gets their money, without risking anything.
Stopping “piracy” isn’t the point. The point is controlling other businesses in their market.
Want a perfect copy of that movie or song?
Just hit “record” it works for me. DRM or not.
BTW the best explanation ever.
Quote source:
http://www.freedom-to-tinker.com/blog/felten/understanding-hdcp-master-key-leak
Hmmm…the record feature only works in DRM free OS’s LoL
Vista is not your friend.
Considering that being a “DRM Expert” requires you to devote your life to being wrong, Bill Rosenblatt’s ignorance isn’t very surprising.
What was the key?
Anyone know what the key was? My money is on 1234.
Re: Incredible.... that's the combination on my luggage
Re: What was the key?
Thanx, now i have to change the password on my laptop!!
Re: Re: What was the key?
You think that’s bad, I just got served a subpoena for violating the DMCA with that above comment.
Re: What was the key?
That’s the key to my luggage!
“Since all it takes is one motivated individual to make that first copy…”
Boy, you really wouldn’t want to make that your Achilles heel, especially during the age of the freaking Internet.
Why won’t they learn?
Any lock has a key...
If there is a lock there is a key. Its stupid to consider it otherwise.
I’m finding it curious why Intel put time and effort into verifying that the key was cracked — do they have some sort of competing DRM technology they’re about to try and start marketing? : What’s their payoff?
Re: Re:
They don’t have to wast all that time and money making sure their products are HDCP compatible?
Re: Re:
because its intels key.
Impact
This probably won’t have much impact with regards to the pirating of HD content – BluRay has been hacked for a long time and provides convenient access to the compressed content. If you tap into the HDMI stream, you are going to have to process the uncompressed video stream and compress it again before it’s usable (for most people).
What it might do is allow cheaper hardware dongles that strip out the HDCP and ‘fix’ the devices that have problems with the HDCP handshaking. It may also allow more innovative HDMI distribution devices such as running multiple screens from one HDMI output.
Re: Impact
However it would allow some enterprising person to make a HDCP intercept device which would allow a person to DVR supposedly protected content, by grabbing the HDCP stream. So comcast (among others) could not stop you from recording live HD content (or pre-media release PPV content) by setting the “do not record” bit.
Or it might make a nifty media converter so I could use my older, non HDCP HDTV (they do exist) with new content.
Why does this sound like gun control? We hassle law abiding citizens with licensing and the criminals just take what they want.
One more reason to buy AMD.
Waldrop at the linked CNet article:
“We believe that this technology will remain effective,” he said. “There’s a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a (circumvention) device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA (Digital Millennium Copyright Act).”
Allow me to paraphrase: “Yeah. We’ve sold a lot of shit, so we have to say it’s gonna stay viable, and if some joker thinks he’s gonna screw us, we’ll sue his ass into oblivion!”
Hey Tom? Welcome to the new Internet. It’s the place where things like the Streisand effect happen. You know, where you try to crush some small guy with a lawsuit, and DMCA, and other crap… And the rest of the world knows more about what you’re trying to crush than you do. DVD Jon ring a bell?
Okay, so on to the *next* increment of DRM!
That was my point in previous article that some seem to have missed. Perhaps I should have put “effectively” in somewhere.
Also, some seem to think that they’ll always have access to open computers, but see, THIS LEAK justifies the next level of hardware control. It’s not even my original idea that it’s an intentional leak for that purpose (I forget where I read it, maybe even here). I’m more concerned with where society is headed than where it is, because the trend is clear.
Re: Okay, so on to the *next* increment of DRM!
I’m not worried about a law mandating Trusted Computing or the equivalent. But I can (maybe) see all the major computer companies doing it voluntarily under pressure from the entertainment industry. Open computers I’m sure will still be around, but they could become expensive and hard to find. Perhaps DIY only. Not a pretty picture.
The thing is, with so very many companies using Linux, which presumably would not play nicely with trusted computing, could such an initiative really go anywhere? Interesting topic. I heard a lot about trusted computing a few years ago, and nothing since; I hope it’s died.
The Hypocracy
The industry can get behind some massive DRM scheme that involves significant research, development standards, compliance from a gazillion manufactures, but they can’t figure out how to make standard power plugs or print cartridges!!! Give me a break.
Re: The Hypocracy
The industry can get behind some massive DRM scheme that involves significant research, development standards, compliance from a gazillion manufactures, but they WON’T figure out how to make standard power plugs or print cartridges!!! Give me a break.
FTFY
Re: Re: The Hypocracy
Thanks!
The cake is a lie
You can’t have your cake and eat it to
You can’t block your customers from viewing content and let them view the content to.
If you want to keep someone from copying data, they must not have access to that data. This is on conflict with the idea of distributing data.
Now, if they really wanted to keep the customer from copying data, they would’ve put it under AES256 and inside a secure vault that is guarded, but I hardly see how that would make them money.
Can someone ping Bill Rosenblatt to comment here? I’d love to see him tell us how Intel got it all wrong…
Losing my understanding of why it's there
I don’t see the point anymore. I can almost see it as a pre-consumer release security tool, but why put DRM on things you want to become widely used and desired? HD is finally a recognizable step up from standard definition, and the price point is becoming reasonable. For myself, I boughht a HD plasma on sale to replace a dying TV. I find I like HD. Now I need a new projector, so I start shopping for an HD projector,simply because I am used to seeing an HD picture. What point does DRM serve except to slow down adoption of a new technology? You don’t make money selling DRM to consumers, you make money selling films, and screens and projectors and sound equipment. Cadillacs and BMW’s don’t need drm, why does a television? Everyone has automobiles, only some have KIA’s and some have Lincolns. The difference is money, not the system to start the car. Why would you want to stop someone from buying your product? I seriously no longer understand this concept of excluding potential customers from wanting what you sell.
Re: Losing my understanding of why it's there
Cadillacs and BMW’s don’t need drm
Well, as a matter of fact…
http://www.techdirt.com/articles/20100720/01092010287.shtml
Subject
Blah. This encryption/DRM hasn’t stopped piracy in the slightest. The fact is it’s just yet another way that a corporation brainwashes other corporations in to this “win-win” technology only so they can make money licensing it out. In addition thanks to the DMCA, the lawyers are making a fortune off of it.
They knew it wouldn’t change a thing, but corporations gladly paid out licensing fees for the technology. The only winners are…the company the sells the licenses and the lawyers that sue for the DMCA/DRM breach. The other corporations and all customers lose.
Surely just simple DRM makes more sense now?
Surely the best DRM going forward in a purely pragmatic sense for all involved will be something very basic along the lines of CSS.
As we see time and time again, every DRM scheme that appears is pretty quickly rooted and this is not only embarrassing to the entertainment industry but also makes each attempt a massive loss making exercise and completely pointless. The pirates are always going to find a way to circumvent the DRM, and the movies/music/whatever will be shared.
The only benefit that the entertainment industry gets out of DRM schemes then is preventing the common man (non-techie and non-pirate) from just making copies of his movies and sharing them with his friends. They want to avoid the situation in music we have had for the past decade where even you Mum or Dad could and might easily share a burned copy of a recent album purchase with friends.
To prevent this “common-level” copying of discs, they could just as easily use a simple DRM like CSS, but use the legal protections to make sure no mainstream hardware or software manufacturer offered anything that circumvented that copy protection. Yes anybody can find some DVD-ripping utility online now to copy DVDs, but because the feature is not built into iTunes/MediaPlayer/Nero/etc they don’t.
Just making use of the legal protections like this will save them a fortune in implementing increasingly complex but equally useless DRM, and having to deal with all the associated problems that arise.
Ok two ways to make “perfect” drm.
1. the drm instantly and completes erases the data in a mini nuclear explosion if anyone comes within 10 metres of the PLAY button………
2. The DRM becomes artificially intelligent and sends drm-bots back in time to stop the content being created…..
I don’t think I ever thought I would be saying this but, the law today is the biggest threat to American wealth and prosperity.
Not surprising
DRM is really a annoying staff in digital world , it prohibit people a lot.
very interesting
Yeah, this was very interesting discussion. Actually, I?ve read it before in the newspaper.
Keep it up FCC!
Keep it up FCC! That was the good idea for accepting the trade. By the way, thank you for the sharing of this information that is very interesting to read.
good news
This was the good news. I am that I?ve read this information HDCP master key.
Thanks for share this article. Just thought I would comment and say great theme, did you create it for yourself? It looks awesome! I?ve read through a number of the articles in your website , and I love the way you blog.
Sincerely speaking, your writing abilities are above the ordinary level. Better language skills are needed for blogging, and I appreciate your ability to write well. Thanks for such a helpful information.