HDCP, and the little guy getting screwed... Again.

[Professor.Ham.Slap]

I found an interesting article on IGN Gear today. Definitely worth a read with a lot of interesting points. http://gear.ign.com/articles/702/702074p1.html

All HDCP's Base Are Belong To Us

Critical flaws in the HDCP copy-protection scheme revealed.

by

Gerry Block

April 17, 2006 - A good deal of public outcry occurred

when it was announced that next-generation HD-DVD and Blu-ray players

would require full HDCP copy-protection compliance with every link in

the chain between player and monitor. Essentially, this requirement

effectively made more than 3,000,000 HDTVs already sold in America

incompatible with the new DVD standards, a severe disservice to all

early-adopting consumers.

Though that situation has been somewhat ameliorated of late with Sony's

announcement that their first generation of Blu-ray players and media

would export full 1080p resolution over all connections (component,

DVI, and HDMI), the issue of HDCP compatibility and the difficulties

the rather sudden rollout is causing consumers is still pressing.

Microsoft's forthcoming Windows Vista OS will require full HDCP

compatibility in practically every component involved, from optical drive,

to video card, to monitor. At present, all 'HDCP Compatible' video

cards are, in fact, merely compatible and are not at all compliant,

while PC monitors another serious concern, as even some of the newest,

such as BenQ's FP93G 2ms response-time gaming monitor, are not HDCP

compatible.

Hollywood studios' insistence that next-gen DVD be protected by

higher-grade copy protection than the easily cracked CSS scheme

employed in DVDs is understandable. However, when accomplished at the

cost of severely punishing the best early-adopting consumers by making

expensive electronics incompatible, with so little forewarning that the

move can be accurately characterized as massively indifferent, if not

downright vengeful, public retaliation is justified.

Jon Lech Johansen, the Norwegian hacker who famously developed DeCSS

software that broke open the original CSS DVD encryption, has publicly

pledged to fight HDCP and AACS in a similar fashion, and engineers and

knowledgeable users around the world are rallying to uphold their

rights of fair-use. While Hollywood has scoffed at hackers'

pronouncements in the past, recent news may put the studios in a very

weak position.

Last week, Princeton mathematics professor Ed Felten published a

relatively practical examination and groundwork for the manner in which

HDCP will be cracked. While it has been publicly known since 2001 that

the HDCP encryption scheme is flawed, thanks to the work and academic

paper "A Cryptanalysis of the High-Bandwidth Digital Content

Protection System" produced by Scott Crosby et al, Felton's post

details in simplified math and practical terms the inevitability of the

system being broken.

What Professor Felten makes clear is the fact that, due to obvious

flaws in the HDCP encryption scheme, HDCP will not simply be cracked or

bypassed, but entirely owned. The entire HDCP system relies upon a

secret set of 1600 special numbers that form a 40-by-40 matrix. If

these numbers are discovered, every conceivable HDCP license key can be

produced. According to Professor Felten, this is "virtually certain" to

happen in the next couple of years.

The general (and rather simplified) concept of HDCP copy-protection

involves a handshake between two compliant devices. Each device has a

private value and a public value. When two devices communicate, they

exchange their public values. Each device combines its own private

value with its partner's public value, creating a secret key. The

critical flaw in the system is the fact that the public and private

values are combined using simple addition. Because all the mathematics

involved are linear and rather simple, an attacker could generate a

straightforward series of equations that will eventually solve for each

device's secret value.

According to Professor Felten, once the secret values of 40 HDCP

devices are discovered, the entire 40-by-40 matrix of special numbers

that make HDCP encryption work will be reverse-engineered and the

entire system will be broken. Once this is accomplished, it will be a

simple task to produce dongle-attachments that will allow HDCP

protected information to be tricked into working with non-compliant

hardware.

Breaking HDCP protection will not be quite as revolutionary a step as

what DeCSS allowed for consumer DVD copying, as uncompressed 1080p

content greatly exceeds the bandwidth and memory capacity available to

general consumers today, but easily accessible to those with a

relatively minimal amount of investment capital. Breaking HDCP will

also be considered a violation of the Digital Millennium Copyright Act

(DMCA), and will subject any who do so to litigation from the MPAA. The

critical point in this consideration is the fact that the DMCA is not

universally recognized. While the USA, Japan, and many European nations

have signed on, some of our closest neighbors, including Canada, have

not. The end result will be the commercial exploitation of HDCP's flaws

in countries that have decided not to support the DMCA, and likely

piracy on the scale of what is already occurring internationally with

DVDs.

As such, and as usual, it will be the common, law-abiding American

consumer that pays the price for yet another boondoggle and failure on

the part of Hollywood studios to outthink the hacking community. While

most of the world will sidestep HDCP, Americans will be the ones that

pay the price of incompatibility and frustration, forced to upgrade

perfectly good hardware simply to conform to a failed copy-protection

system. Hollywood executives will be able to continue to blame piracy

for their steeply declining theater returns and ignore the possibility

that it is their marginal content and delivery system that is no longer

appealing to customers.

The hackers that break HDCP are not the criminals in this sordid tale

of consumer abuse. Technologically illiterate Hollywood executives and

the equally uneducated politicians they finance are the felons here.

Preying upon Americans' lack of knowledge on the topic, these parties,

and major industry players like Microsoft are steamrolling HDCP, even

after its critical flaws were publicly announced five years ago. The

train has already left the station, and we will live with this

situation for a solid decade. Such is the price for obeying the law.

[oldbuckster]

It's business as usual. The consumer buys the "state of the art Whatever","the Best", whatever you choose to call it, pays their money, and lo and behold, six months latter it's old, not worthy anymore, and some new format comes out that's 'State of the Art", and Joe consumer buys it all again. It never stops.

[Professor.Ham.Slap]

Yeah but the problem here is that this could all be avoided. Component

video has all the bandwidth necessary to carry the 1080 signal, it's

just that Hollywood has a dead rat up its butt again and have decided

that it would make things too easy to pirate (you know, because of all

of those recording devices that support component input. [8-)]). And

here we are again, the system is flawed and can be cracked rather

easily it would appear. However, once again this might be good news if

the importing of override devices to the US is a possibility. It's

things like this that keep making me question why the hell I continue

to support Hollywood by buying movies in the first place. [8o|]

[Professor.Ham.Slap]

Another thought just occured to me as well. Once HDCP is cracked, how

long do you think it will take Hollywood to come up with the new latest

and greatest encryption scheme rendering all our current equipment

obsolete?

[Jay481985]

i hate the ridicolous markups on cds and price fixing on cds and dvds and now they want to f the customers over even more.......

[J.4knee]

I offer so little support to the movie industry it would be very easy for me to do without the new generation product and their medium. I detest copyright vioations but when an industry does this they deserve it. If all the studio's in Hollywood were to go under I'd loose very little sleep. I have a 1080i DLP HDTV and if I cannot use it with the new players and medium I simply won't buy the devices or watch the movies.

[DrWho]

Here's an idea...

Why don't they fricken put the discs inside a protective case like

miniDiscs and old floppy disks. I think it's ridiculous that I have to

"hack" just to make a fricken backup copy for a medium that is

guaranteed to break after a year.

I wouldn't be surprised if early adopters of the latest technology

couldn't sue these companies...I know there are supposed to be some

laws that protect early adopter consumers from getting screwed over by

companies changing their protocols.

The industry is shooting themeselves in the foot and it pisses me off

because I will eventually become one of the future engineers pumping

out these products and wanting to kill my boss for being a complete

idiot.

Copy protection = stupid...it only hurts the innocent people.

[J.4knee]

Here's an idea...

Why don't they fricken put the discs inside a protective case like miniDiscs and old floppy disks. I think it's ridiculous that I have to "hack" just to make a fricken backup copy for a medium that is guaranteed to break after a year.

I wouldn't be surprised if early adopters of the latest technology couldn't sue these companies...I know there are supposed to be some laws that protect early adopter consumers from getting screwed over by companies changing their protocols.

The industry is shooting themeselves in the foot and it pisses me off because I will eventually become one of the future engineers pumping out these products and wanting to kill my boss for being a complete idiot.

Copy protection = stupid...it only hurts the innocent people.

Well said

[oldbuckster]

Movies and CD's are two different issues. Bootleg movies, on the whole, are terrible. I love it when someone buys a new movie release off the street, or at a computer fair, gets it home, plays it, and it's filmed with a camcorder and mics, in the theatre.That's one example where Hollywood is right, but if I buy a kids movie, and want to burn a copy for the kids to ruin, instead of original copy, I should be able to, I paid for the original copy, and want to save it while in good shape. The same with CD's, I want a copy for my car, so I burn one for car use, and keep the original at home, no mis-use, it doesn't get stolen, and the original remains in good shape, what's the harm in that? Hollywood, and the record companies, just want more returns for their investments, Horsehockey, give the consumer a break, Why don't they go after the equipment makers for making the equipment in the first place? Don't complain about copies, when you sell us products to make copies.It's like Gunmakers saying,Guns don't kill,blame the bullets, it's the bullet that kills you, not the gun it's fired from....Duh. It just never ends, and in the end, the consumer again pays the bill. Wish I hadn't seen this thread, pissed again...[:@][:$][]

[ZAKO]

Yeh!!!!.....Its kinda like the guys here making there own Khorn. No one gets screwed except the janiter getting laid off at Klipsch Co.