Intel HDCP Cracked Using $350 Hardware Kit
An FPGA development board was used in a man-in-the-middle attack in obtaining and transmitting an encrypted signal from an HDMI port.
Researchers from the Ruhr University of Bochum's Secure Hardware Group in Germany have cracked the copy protection system used by HDMI ports: Intel's HDCP, or High-bandwidth Digital Content Protection. In addition to HDMI, HDCP is used to encrypt video signals transferred via DVI, DisplayPort and other connectors.
"In 2010, an HDCP master key, which is intended to form the secret core element of the encryption system, appeared briefly on a website," reads the official press release. "In response, the manufacturer Intel announced that HDCP still represented an effective protection component for digital entertainment, as the production of an HDCP-compatible chip using this master key would be highly complex and expensive."
Seemingly taking that as a challenge, the team accomplished the "inexpensive" man-in-the-middle attack by using Digilent's Atlys Spartan-6 FPGA development board. It features a Xilinx Spartan-6 LX45 FPGA (field programmable gate array) in a 324-pin BGA package, two HDMI video input ports, two HDMI video output ports, a 10/100/1000 Ethernet jack, a RS232 serial port and more.
"Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout," said team leader Prof. Dr.-Ing Tim Güneysu. "The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system."
The $349 USD ($199 Academic price) board serves as the "middleman" by modifying all communications between a Blu-ray player and a flat-screen HDTV without being detected. The team was able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.
Yet as the team points out, this man-in-the-middle attack could allow the end-user to burn films from Blu-ray discs, but recording directly from an HDMI port results in a large amount of data. That said, this method is "of no great practical use for pirates." But Güneysu envisions a real threat to security-critical systems used by law enforcement agencies and the military.
"Although Intel is already offering a new security system, HDCP 2.0, due to the backward compatibility, the weak point will also remain a problem in coming years," he concluded.
Intel and Digilent have yet to comment on the report.
Then it's captured by this MitM attack and decoded.
It seems to me there's a far superior workaround between 1 & 2 waiting to be developed.
remember the Sony's music CD protection defeated by just a piece of tape or even a sharpie marker?
actually if i recall correctly and i maybe wrong, HDMI has a hardware layer, all devices that connect via HDMI is required to implement hardware layer, if i recall the HDCP data never gets trans-coded but rather transmitted as is along with the copy protected material over the HDMI protocol, the receiving device not the transmitting device will then authenticate the HDCP data, what this device does is intercepts the copy protected material and using the master key strips out the copy protection resulting in a stream that is completely copy protected free
it should also be noted that the hardened pirates will have access to TBs of hard disk space as well as machine with hardware accelerated video capture and trans coding devices, large amount of data was rarely ever a deterrent
Of course there is. As was noted in the article by the developers of this, it has no practical use for pirates. Despite all the ROFLCOPTER $ony OWNED idiocy in the comments, this has nothing to do with copying Bluray movies. No one would use a method like this for copying movies. If you can't afford $10 movies, you can find all the movie rips you want for free at your local torrent site.
This crack has real security implications. Being able to tap secure corporate and military data transmissions creates a legitimate security concern. Gloating over something like this is plainly stupid. This hack serves no practical benefit to the consumer. Granted, since this is a physical hack the person would have to have direct access to the cable carrying the signal, but a real working example is cause for concern.
They might be quoting street price of the hardware while I believe engadget was quoting what they paid for it [a university discounted price]
Fortunatly at least the military does not trust these sort of systems, we need to transfer data securely? We use fiber optic cables that can't be tapped without it being obvious.
We're not gloating over it because it serves a benefit to the consumer. We're gloating over it because it shows that no matter how hard the try to prevent people from pirating, we will always find a way around it. Also, why the hell would the military be using HDMI cables? Seriously, they aren't a bunch of basement dwelling tech freaks. They just want the signal to go to the screen and that is it. I'm sure they still use VGA, but that aside, we all know this stuff was made to stop pirating, not for law enforcement and military protection. IF that was their concern then they would have just applied it to the products those areas purchase, not to the average everyday consumer.
and prices may go down if this thing is improved and mass produced. (if there is a market)
I hope someday consumers fight back and lash out against all this crap that's been forced down our throats.
The website I found where you can actually buy it say $350 normally and $200 for academic use.