HDCP = Fail

[antron]

Intel: We can't make a system secure but we have great lawyers.

http://www.wired.com/threatlevel/2010/0 ... %20Level))

choice quote:

“Someone has used mathematics and computers to be able to work back to
what the master key is,” he said, declining to elaborate.

damn you cheaters, you're not supposed to use "mathematics" and "computers" !

Do we even need to wait for a "black box" from China? Can't someone just make an HDMI capture card driver that uses this?

[undamned]

you're not supposed to use "mathematics" and "computers" !

"Curse yooooooooooou!!!!!!"
-ud

[Specineff]

Science, bitches!

EDIT: If so, the key wasn't exactly leaked. It was reverse-engineered. They can't cry foul the way they are doing it.

Man up, you pussycats.

Do we even need to wait for a "black box" from China? Can't someone just make an HDMI capture card driver that uses this?

HDFury3 + Hauppage 1212 PVR. Legally obtainable, royally frawesome. Bank-breaking, though.

[Ex-Cyber]

Is it known whether this this was done using the attack that was formulated and published years ago (IIRC involving getting N transceivers all on the same transmission chain, where N was some unlikely-but-not-impossible number like 50)?

edit: reading a summary of that attack again, it looks like that one only lets you get one of the device keys, not the master key (though doing it to enough devices might yield enough info to reconstruct the master key)

[PsychoGun]

All creature will die and all the copy protection will be broken.

[Specineff]

edit: reading a summary of that attack again, it looks like that one only lets you get one of the device keys, not the master key (though doing it to enough devices might yield enough info to reconstruct the master key)

I thought they have already gotten the master key, from the first few lines of the article.

[Ed Oscuro]

Shit that key is huge. Nice to know where the bandwidth is going.

[neorichieb1971]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

Until manufacturers work on the basis that fiddling completely disables the device at hand, any protection will be cracked.

[Ex-Cyber]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

I'm guessing that the brainpower spent cracking HDCP is dwarfed by the brainpower spent developing it and getting all the relevant companies to buy into it in the first place. What are experts supposed to do when the "something more productive" (according to the economy) is actually less productive?

Until manufacturers work on the basis that fiddling completely disables the device at hand, any protection will be cracked.

They've actually tried to require manufacturers to do stuff like this, but doing it reliably without killing performance is kind of hard.

[cul]

Quick, make a law that bans the usage of mathematics!

[Slump]

Heh, yeah I read this on Tom's last week. Doesn't really matter since people have been bypassing HDCP for a while but I say go for it. Start manufacturing dem chips man! It'd save me a lot of the trouble at work explaining to some 70 year grandma how she needs to reseat her HDMI to get her "stories" back on

[Davey]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

Personally, I'm glad some brilliant folks have pissed their intellect away on writing MAME drivers and such. Even more so, I'm glad they're allowed to do whatever they want with their spare time.

[Ed Oscuro]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

I almost wrote a response to this as well, yesterday...interesting how this comment created so much response, isn't it. I wish people with brains wouldn't uselessly criticize efforts to drive along the state of the industry. I hate that people have to reverse engineer these systems because big companies and their cronies want to deprive us of their rights.

I'm tempted to agree, insofar as reverse engineering is not seemingly "productive," but in a way it is productive when it leads to improved security and better devices for us all. It's just the nature of life that a lot of effort is wasted on sorting "rights" and ownership. In this case, you could think of this reverse engineering as another form of testing. The years of effort hackers have put into security have paid off. On top of that, the ideological front is just as important - if even companies as big as Intel can't proof DRM from being cracked in a few years, it's a moral win for people who feel that the hardware they own and the disks they buy shouldn't be artificially limited beyond the laws of copyright.

tl;dr LOOK HOW FUCKING BIG that key is. Who's wasting energy, CPU cycles, and brainpower here?

[PsychoGun]

I'm pretty sure reverse engineering can land you in huge fucking trouble. Especially when you're fucking with copyrighted shit, has nothing to do with math being illegal.

It's what Ben Affleck's character did in Paycheck and it was hella illegal.

[antron]

I heard a radio program about the sport of lock-picking. They have competitions for this here in the states. They played a recording of a Sheriff who thought this was like having a burglary competition.

Then they played a recording of a lock designer for a major company. He said whenever he has a new design he sends it to the picking champions first before production.

If Intel had sent this to universities first they would have been told what was going to happen. Researchers eventually did anyway, and Intel dismissed them.

[Specineff]

I'm pretty sure reverse engineering can land you in huge fucking trouble. Especially when you're fucking with copyrighted shit, has nothing to do with math being illegal.

It's what Ben Affleck's character did in Paycheck and it was hella illegal.

http://en.wikipedia.org/wiki/Sega_v._Accolade

Under some circumstances, Reverse Engineering is ok. Notice that I said some, especially because this instance allows piracy as much as fair use.

[ED-057]

It's probably illegal on account of the DMCA "anti-circumvention" crap, but only here in the USA.

If I`m not mistaken there are already 100% legitimate HDMI->VGA converters so the analog hole has always been wide open. I don`t know why they even bothered with HDCP in the first place.

[GaijinPunch]

the analog hole has always been wide open.

That's what she said.

[neorichieb1971]

Surely the best protection is to have a connector which the PC doesn't support at all. Having a blu ray, DVD, HDMI socket or whatever and then putting it on a PC is like giving 50% of the meal ticket to the hacker.

[cools]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

Do you own a PC? If so, sell it.

In fact burn every piece of technology that you own as it'll all include stuff that has been reverse engineered. EVERY SINGLE ITEM.

[Ed Oscuro]

I'm pretty sure reverse engineering can land you in huge fucking trouble. Especially when you're fucking with copyrighted shit, has nothing to do with math being illegal.

Well, you don't seem as close-minded about this as PaleoRichie so here's a link for you.

In some professional cultures, you hear about "clean room" and "dirty" development, including in reverse engineering. It's more or less the same idea as having two interrogation teams - a terrorism suspect is "rendered" to another country and "interrogated" there, but the FBI (or someone else) often gets a chance to talk to him in the manner that is acceptable in US domestic courts, the idea being that they get the information but they also need something that is admissible (personally, if I was going to be waterboarded for secrets, I'd like the "regular" interrogation to be waved off, but that's not how it works). For software the idea is that the "dirty" team makes sure there is a working implementation (I guess) that can be used, and the "clean" side is the fallback option, in case there is the possibility of legal trouble.

Actually I should just give you the link to ARDI's excellent page on reverse engineering - they made the Executor emulator of the Macintosh computer, and the company founder (I think it was, can't find the actual text though) called the process something like 'trying to figure out how a V6 engine works by throwing tissue papers at it.'

Recommended for Richie also when he removes his head after finding whatever he was looking for in there.

http://www.ardi.com/reveng.php

[Ex-Cyber]

For software the idea is that the "dirty" team makes sure there is a working implementation (I guess) that can be used, and the "clean" side is the fallback option, in case there is the possibility of legal trouble.

"Dirty" and "clean" refer to who is/isn't "tainted" by exposure to the original code. The way this usually works is that the "dirty" team reverse-engineers the code, figures out how it works, and writes documents describing how it works, with no actual code included. Then the "clean" team reads the documents and implements the clone or compatible system. The idea is that you can't (practically by definition) infringe copyright without access to the supposedly copied material, so if your code turns out to be suspiciously similar, you have a concrete defense against the accusation that it was copied.

Note that this is purely in the context of copyright lawsuits. This is neither a way of avoiding reverse-engineering (which you're still doing), nor a way of avoiding patent infringement (which can happen without the knowledge of the infringer).

[Ed Oscuro]

That's a cleaner (also more accurate) description than what I wrote, cheers. The information is at the ARDI link, in my defense.

Of course, there's no rule that you always need a "dirty" implementation, in some cases. (The one bit of accurate information I remembered from that page, anyway.) For example, if you were creating an emulator, and all you needed were demos with no intellectual property from the owners of the system being emulated, that should fly. That might be realistic for a Sinclair Spectrum or maybe an early Commodore machine. Of course, even by the days of the Amiga and Macintosh, I suspect systems were complicated enough that this isn't realistic. Since Executor isn't just a CPU emulator, but has to provide an interface for programs to operate in the way they expect, even if you managed to figure out the intended functionality from looking at a third-party program's code, that program may have been written using proprietary code from the owner. I think this is pretty common today...any Windows program is likely to have references to a compiler, there's .NET programs, C#, lots of stuff from Microsoft needed to run a useful program on Windows. The ARDI page backs up my thought experiment:

To date, ARDI has used strictly clean-room reverse engineering in constructing its software, even though doing so has been less efficient than using dirty-room/clean-room reverse engineering. The benefit to ARDI of using strictly clean-room techniques is that ARDI has avoided the overhead of having separate dirty-room engineers and an intermediary. The significant drawback has been that ARDI's lower operating system layers are not sufficiently compatible to allow Apple's upper operating system layers to work with them. Such compatibility should be easy to provide using dirty-room/clean-room reverse engineering.

[austere]

I hate any kind of reverse engineering. People who have brains to do that can do something more productive with all that brain power.

Yeah, like playing Dangun Feveron I suppose... Anyway, Ed's response was pretty good, but I just wanted to add that Reverse Engineering is actually a great activity to efficiently build up your knowledge of systems. It's also fun, I can't see how anyone could depict it as a waste of time.

Under some circumstances, Reverse Engineering is ok.

Under any circumstance, reverse engineering is fine, as long as you live in a civilised country. Like China, for example.