Blu-Ray falls: HDCP key crack confirmed

Intel has confirmed that the rumored master key crack for HDCP (the high-definition video "copy protection" used in Blu-Ray, high def consoles, and many game consoles) is real. Blu-Ray and other systems that rely on HDCP are now terminally compromised.
As a practical matter, the most likely scenario for a hacker would be to create a computer chip with the master key embedded it, that could be used to decode Blu-ray discs. A software decoder is unlikely, "but I'd never say never," Waldrop said.

"It's really hard to predict 100 percent, but that seems to be the prime scenario," Waldrop said of the possibility that a chip might be created.

HDCP Master Key Confirmed; Blu-Ray Has Been Cracked (via /.)

(Image: Why I Don't Like HDCP, a Creative Commons Attribution Share-Alike (2.0) image from artgoeshere's photostream)


  1. It’s very interesting that the crack has been confirmed, but the text of the story is nonsense as it assumes that DHCP is used to encrypt the contents of Blu-Ray discs on disc. It’s not. Not even a little.

    AACS and BD+ are used to encrypt the contents of a Blu-Ray disc. DHCP is not. DHCP is used to protect the digital signal which flows over HDMI between the Blu-Ray player and the TV or other monitor. The Blu-Ray disc is encrypted with AACS and optionally BD+. Blu-Ray players decrypt the AACS and BD+ and then decompress the video and, if necessary, scale it to match the display resolution of the TV. Then that unencrypted, decompressed, scaled signal is reencrypted using DHCP and sent to the TV. The TV then decrypts it and displays it.

    This is done for two purposes. The first is so that a pirate can’t record the stream between the Blu-Ray player and the TV. This signal would be uncompressed, and therefore huge, but pirates could recompress it before sharing it over the internet, so it would still be valuable to them. The second is so that you can’t build a TiVo like device to pretend to be the television and just record everything rather than display it. All device manufacturers have to guarantee that they won’t do that before they are given the keys needed to authenticate themselves to the players and decrypt the signal. This break means that the second point is now entirely null and void. You can now build any device you want and using the provided information make it so that your device will authenticate to the Blu-Ray player as being a valid, approved device.

    Because the specification allows for repeaters and splitters which have their own keys and actually do a decryption/reencryption step, it also means that the first point is pretty well null and void because you can build a device which looks like and authenticates as a repeater and then records the signal as a side effect while also displaying to the television.

    Now, this crack doesn’t mean that tomorrow you’ll be able to buy that sort of device. There’s still a lot of engineering which would be needed to make such a device practical, especially if it’s going to compress things on the fly at HD-level resolutions. However, it means that there is now no information barrier to building such a device.

    There also will never be a “software” version of this crack because it’s not about decrypting Blu-Ray discs. The Blu-Ray discs are not at issue here. This news has no bearing on AACS or BD+. The current state of the art is that BD+ is pretty well broken as it was just a virtual machine which had to be reverse engineered and pretty much has been and AACS would be solid if they could protect the device keys, but they can’t. Someone keeps getting new device keys and they have no way to know which device they came from, so they’re revoking the most likely candidates and hoping and so far, it isn’t working.

    1. I was assuming that the Intel guy was talking about the possibility of forcing a HDCP source to push faster-than-realtime streams to a bogus sink; otherwise yeah, this enables you to create devices and virtual devices that record at realtime, but not bus-limited byte-for-byte copies.

    2. of course you mean to say HDCP (High-bandwidth Digital Content Protection), not DHCP (Dynamic Host Comfiguration Protocol). And let’s not mistake those with HDPC (High Definition Personal Computer?) or HCDP (um… Harris County Democratic Party)… ok I’ve had enough.

      1. Yeah, I absolutely meant HDCP, not DHCP. Sorry, I saw the post right before I went to bed and want to help clarify things. Apparently I was even more tired than I had realized.

  2. Speaking as someone who bought the HD DVD for their Xbox 360, got hooked on HD and hardly games anymore, got completely bummed when Warner sold out to Sony, and now has a PS3 primarliy for Blu-ray, can I just say:



  3. “… the possibility that a chip might be created …”

    Do they not have chip design where this guy comes from? I guarantee someone already has a SPICE model built and two weeks from today will be shipping first spin samples to select customers. In a year you’ll be able to buy them in Taiwan and Shanghai already in a device.

    1. Except SPICE is for analog circuits. This would probably be a MATLAB or other model. I don’t know why they’d say it couldn’t be SW, unless they mean normal processors are too slow. A simple FPGA could probably do the trick, couldn’t it?

  4. I think KeithIrwin is right here — I’ve cracked Blu-Ray discs myself several times before this crack was released. And all I used was off-the-shelf software.

    But the reason I cracked Blu-Ray discs was *not* for piracy. See, my monitor and Blu-Ray player absolutely refused to get along. Instead of a movie, all I could see was an HDCP content warning. By cracking the disc, I removed the copy protection and was able to play the movie as intended.

    1. Ah, but is that (breaking “copy protection” for private fair-use uses) still illegal in the US? BY the letter of the DMCA, yes, but I think I read (here on bb) something about the 9th Circuit Court of Appeals..? anyone?

      And in Canada it’s still legal. For now.

      1. “Ah, but is that (breaking “copy protection” for private fair-use uses) still illegal in the US? BY the letter of the DMCA, yes, but I think I read (here on bb) something about the 9th Circuit Court of Appeals..? anyone?”

        Yes it was on BB and I expect that particular judgement will be very prominent in the ensuing fallout from this.

        Y’know we should just all chip in and start a class action. I’m sure we could find some kind of tort to sue over in all this. Rise up consumers and take back ownership of your hardware!

      2. Passing laws which limits our citizens’ rights and liberties, solely to benefit the bottom line of foreign corporations, ought not to be any part of a responsible government’s priorities, IMHO.

  5. This matters, but not much – the whole entertainment industry is not suffering because people pump their hard-drives with pirate data, but because their output is degrading and increasingly dull.

    The fetishists who want to have 8,000 movies at their disposal would otherwise not have added to the entertainment economy, so the fact they “have” the data is neither here, nor there.

    Besides, with movie rental increasingly online / bluray by mail, who actually wants to go through the hassle of downloading? It’s a fetish, like downloading images of porn and categorising it into carefully organised folders.

    In economic terms, this whole shebang is wasted efficiency – the entertainment industry is chasing money that isn’t there, in an increasingly silly way, and annoying its customer base while it’s at it.

    Once upon a time I bothered buying discount DVDs in foreign countries, but they were generally rubbish, and edited, copies of rubbish, and badly edited, movies. I give up, and embrace deliver by mail for my movie needs

    And I select what I watch very carefully – I don’t have time to waste.

    1. Although your use of the word fetish fits one of the lesser used definitions of the word (I would hope you didn’t mean the common definition), but the more accurate word and definition is compulsion. Fetish can refer to the fixation or irrational thought, but compulsion s the fixated or irrational act – physically doing the downloading and cataloging.

      Being a Pack Rat, even digital a one, is not fetish.

  6. If you can afford the hardware to recompress a 24f/s, 1920×1080/24-bit colour, 7.2 channel 192kHz/24-bit in real time, I’d imagine paying the patent fees for HDCP compliance would be the least of your worries.

  7. A spice model? Lol.. You use verilog or vhdl to design a chip. You might make a spice model of the hdmi buffer but I’m sure most foundries already have an hdmi-compatible pad that just works. If you sent a spice deck to tsmc they’d wonder what planet you are on. You’d send tsmc a gds2 file.

    Just your friendly Internet ASIC design brigade fulfilling your Friday RDA of pointless pedantry. Carry on.

  8. If anyone is wondering what a practical application of this would look like, I’d imagine that a tiny little converter box with an HDMI input and output could be built.

    The box would connect to the Blu-Ray player via HDMI, fake the HDCP authentication, then pass an unrestricted HDMI signal onto another device. This box could cost less than $100.

    Then, you could connect the HDMI signal to a computer’s capture card such as the $200 BlackMagic Design Intensity card and capture the video in any program, using BMD’s free software or even Premiere/Final Cut. These programs can capture directly to an editor friendly codec like ProRes, DNxHD or DVCProHD, so dealing with the uncompressed digital signal isn’t an issue.

    1. My thoughts exactly….An in-line chip to respond compliance to the playing device.

      Buying any HDCP hardware has been out of the question for me up until now. Its ironic that the defeat of the very mechanism meant to “protect profits” may cause consumers like me to start purchasing their “defective by design” products after all.

  9. Imagine how many more processor cycles we’d have a millisecond if there wasn’t this constant presence awaiting and protecting The Precious from bad BAD pirateses.

Comments are closed.