The HDCP Master Key Is Real: Blu-Ray and HDMI Cracked
A few days ago, we reported on the leak of what purported to be a leaked master key for HDCP, the Intel-developed DRM [digital rights management] protocol that prevents the copying of digital and audio content via a set of 40 56-bit keys. HDCP is currently the DRM standard for, among other means of HD transmission, HDMI, DVI, and Blu-Ray.
Now, Intel has confirmed that the leak “does appear to be a master key” for HDCP: “What we have confirmed through testing is that you can derive keys for devices from this published material that do work with the keys produced by our security technology … this circumvention does appear to work.”
This means, in theory, that it’s now possible to yank HDCP-encrypted content as it’s transmitted from a Blu-Ray player or over an HDMI cable. However, technical hurdles remain.
The key consists of a forty-by-forty matrix of 56-bit hexadecimals with the following instructions: “To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV,” the instructions say. “Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key. To generate a sink key, do the same, but with the transposed matrix.”
Knowing that this matrix exists and that these operations upon it work and constitute an HDCP ‘master key’ is one thing: Applying it in the real world to decrypt HDCP transmissions is a lot trickier, and would most likely require someone to make a computer chip with the master key embedded. Surprisingly, even as Intel confirmed the likely authenticity of the master key, they brushed off the likelihood that it would have significant practical applications.
Intel doesn’t think piracy will suddenly increase, Waldrop told FoxNews.com. “For someone to use this information to unlock anything, they would have to implement it in silicon — make a computer chip,” he told FoxNews.com. And after making a chip, someone would have to build it into a device, either on an individual basis or on a production line. And Intel just doesn’t see that happening.
“It would be a lot of work and a lot of expense to do that,” Waldrop said. Nevertheless, the risk exists that pirates in countries less respectful of copyright law could take on that expense, releasing Blu-ray players and televisions that bypass the licensing fees and knock a chunk off retail costs.
The “could” in that last sentence frankly seems pretty damning. So much high-def content is currently protected by HDCP as it’s transmitted: It’s all like a juicy nut protected by a shell, and now that everyone irreversibly knows how to crack that shell, there’s a ton of impetus to do so. While video capture cards and the like already exist to grab said content and record it to a computer’s hard disk, a means of grabbing that content more easily and with less loss of quality is of obvious interest both to righteous DIY types who want full ownership of and access to the content that they buy for themselves, and, less licitly, for bootleggers who stand to profit off of better wares.
One Slashdotter surmises that the way this might play out in reality is that “all that needs to happens is for a company to make a NON-HDCP compliant capture card which just happens to be easily flashable. Think they might end up selling a lot of those? Think some companies in asia would be willing to make that ‘mistake.’ This goes beyond Bluray. Want to get HD quality capture of your favorite HBO show, or maybe some first -release movie rentals (movies rented while still in theaters)? Everything ends up as an HDMI stream protected by HDMI.”
That HDMI stream hasn’t yet been stripped of its protection in an actionable way, but dismissing the master key leak as merely a sort of academic achievement, as Intel seems to be doing, is short-sighted. The HDCP master key leak will be practically applied by someone in not too much time, although it remains to be seen how widespread that application will be or how commercially damaging it will be to digital content rightsholders, considering that fairly high-quality substitute goods for HDCP-cracked content already exist via other cracks and workarounds. However it plays out, this represents one more blow against DRM.