engadget.com — Just as the MPAA is preparing to offer movies to customers at home while they're still in theaters by limiting playback to DRM-protected digital outputs only, the HDCP protocol they rely on may have been cracked wide open. All devices that support HDCP, like Blu-ray players, set-top boxes and displays with HDMI inputs, have their own set of keys to encrypt and decrypt protected data and if keys for a particular device are compromised, they can be revoked by content released in the future which will then refuse to play. Now, posts have been floating around on Twitter about a supposed "master key" which renders that protection unusable since it allows anyone to create their own source and sink keys.
Who discovered this and by what technique isn't immediately clear, but as early as 2001 security researcher Niels Ferguson proposed that it could be easily revealed by knowing the keys of less than 50 different devices. Hardware HDCP rippers like the HDfury2 and DVIMAGIC have been around for a while and various AACS cracks easily allow rips of Blu-ray discs but if this information is what it claims to be, then the DRM genie could be permanently out of the bag allowing perfect high definition copies of anything as long as the current connector standards are around. While it's unlikely your average user would flash their capture device with a brand new key and get to copying uncompressed HD audio and video, keeping those early releases off of the torrents in bit perfect quality could go from difficult to impossible.HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently originally appeared on Engadget on Tue, 14 Sep 2010 00:14:00 EDT. Please see our terms for use of feeds.Permalink | Twitter |Email this|Comments
Sep 14, 2010 View in Crawl 4
fanclerksSep 14, 2010
This is too freaking funny. It was only a matter of time. Hello DRM free media!! Here's a link to the actual key and how to create them also - http://pastebin.com/kqD56TmU
tubelogrSep 14, 2010
Thanks for posting a link to the actual key. Engadget forgot to do so.
rjccviiiSep 14, 2010
It's at the bottom, it says "HDCP Master Key." did you forget to read all the way down?
pxmmSep 14, 2010
Let's hope links to the key don't "disappear"...
mortikahnSep 14, 2010
I've mirrored the key on my site, just in case it tries to disappear.
tubelogrSep 14, 2010
I dont think pastebin will remove it either. They usually rock when it comes to things like this.
latrosicariusSep 14, 2010
Would this now be legal b/c of the recent court decision on fair use?
http://arstechnica.com/software/news/2010/07/court-breaking-drm-for-a-fair-use-is-legal.ars
electricketchupSep 14, 2010
I'm not a lawyer, but I'd have to guess so. Sharing this HDCP master key does allow us break through vendor/supplier lock in.
ultramagnus0001Sep 15, 2010
DMCA prevents digital decryption for fair use, bastards. I say fair use because I hate waiting for a blu-ray to load and have kids. Mandatory previews, screw you!
gibsonicSep 14, 2010
1. open link from fanclerks
2. select entire master key
3. copy
4. open notepad
5. paste
6. save file for future use
7. ...
8. Digg v4 sux
9. ...
10. profit?!?!Comment is buried, click here to see the rest.
phoenixfurySep 14, 2010
Oh goodie! When's the next key song coming?
brandon223Sep 15, 2010
Dont forget the t-shirts http://www.cafepress.com/HDCP
Internets moves fast these days.
artworkz918Sep 15, 2010
lame
electricketchupSep 14, 2010
Great News Everybody!
thediggpiggSep 15, 2010
What is it professor?
sexyboboSep 15, 2010
Have you fixed the poison slime pipes?
jqp123Sep 14, 2010
DRM is a mis-application of encryption.
Why? Because the keys aren't secured. The playback device is the decoder. In order to decode the content, the keys have to exist in the playback device and/or on the media, it's simply a matter of finding them.
Anyone can buy a decoder device and with the right tools, effectively "watch" the decoding process as it takes place. In military terms, this is like giving an enemy spy full access to your communication setup and processes. No military would ever allow this for the obvious reason that it is blatantly unsecure.
electricketchupSep 14, 2010
Having a temporary monopoly on the control of the media the produce is way different than military communications. When military communications get cracked, people die, and militaries can lose wars. I don't think it's fair to assume that media corporations should act as if they were military.Comment is buried, click here to see the rest.
jqp123Sep 14, 2010
"I don't think it's fair to assume that media corporations should act as if they were military."
Fair? I don't know (or care) about "fair" or how the media crops should act. I'm simply pointing out why their DRM encryption is weak.
tsuruchibrianSep 14, 2010
The movie industry is in a unique situation, in that their customers (the people who must view the content) ARE their enemies.
addiktionSep 15, 2010
Yeah instead they just take their secure drives and laptops home and lose them, making all those millions of dollars worth of security equipment useless.
gsp8181Sep 14, 2010
Could have at least waited for HDBaseT, hdmi is a horrible standard
fanclerksSep 14, 2010
As far as I understand it, HDBaseT is still using the same protocols and everything that are used across HDMI, just using a different media to convey the signal to allow more bandwidth and varying types of data to be sent that HDMI doesn't currently support. But that's just from the little bit that I've read about it.
gsp8181Sep 15, 2010
HDBaseT is essentially CAT6 with the HD standards. which is why I prefer it over HDMI, easier and cheaper to install
entroperSep 14, 2010
I'm going to need a new avatar.
...oh. That's waaaaay more pixels...
aceofhertzSep 14, 2010
How was this cracked and we still can't solve the Zodiac Killer letters?
hikaruzeroSep 14, 2010
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0
Anybody else remember this? ;)
Forever_ZeroSep 15, 2010
I scrolled down looking specifically for this!
brandon223Sep 15, 2010
If they start spamming the HDCP code to news headlines we are in for a long ass night..
satanaelSep 15, 2010
No HD CP pedobear?
angelbunnySep 15, 2010
Got to give it to engadget to write another article with no facts and all speculation.
Anyone who knows the basics of how encryption works knows there is always a 'master key', expect it isn't called a master key. Basically, it is a key that lets the company make new keys. These new keys are what end up shipped in the blue ray decoders. This way if a key gets cracked then sony (or whoever) can generate a new key. Following me here?
Clashing multiple hashes to find this 'master key' is much faster than bruite forcing. Theoretically every key you add to the pot the less time it takes to bruite force. However, 50 keys isn't much. Bruite forcing would still take years of a render farm. If people where serious and wanted to decrypt blue ray once and for all then there would be a project like @home where people can download a client to their computer that lets them add to the render farm. The entire planet could take part and finding the key would only be a matter of time. But, no one does this. Why? Obviously it isn't _that_ big of a deal or it would be done.
Don't hold your breath people. Just because there is a key that can decrypt (and encrypt) all the keys out there doesn't mean it will be found any time soon.Comment is buried, click here to see the rest.
teh_techieSep 15, 2010
Dude...
Master Key: http://pastebin.com/kqD56TmU
solistusSep 15, 2010
Reading comprehension fail. The Engadget story doesn't contradict anything you just said, and it pretty clearly states that the rumor it's reporting on is that the *master key* has been found. It has, and it's all over the net.
angelbunnySep 15, 2010
oh snap! My apologies.. I didn't realize it was actually found. This is awesome!
solistusSep 15, 2010
So... Is a source that actually lists the master key gonna make the front page of digg, like, ever? It's the top technology story on Reddit with almost +2000 votes, and the only thing I see here on digg is an engadget article that mentions the key is rumored to be in the wild, with under 400 diggs. Digg sure has fallen quite a ways since the HD DVD encryption digg revolt :(
blackadderiiiSep 15, 2010
Yeah. When I read about the HDCP "leak" I came to see if they fixed digg yet because it reminded me of that
Clearly it is still broken. Might pop back next time something reminds me digg exists, might not.
Closed AccountSep 15, 2010
Yup Digg is dead. the comments sections are dead with nothing but spammers left. i just came here to see the desolate wasteland Digg has became. Good thing Reddit was there to take its place.Comment is buried, click here to see the rest.
rajatworkSep 15, 2010
telln you people, cryptography does not work! Oh wait..
Closed AccountSep 15, 2010
Did anybody else spot how they misunderstood what a sync key is?
dmuxSep 15, 2010
it amazes me how these geniuses figure this s**t out.
AndreaBergmannSep 15, 2010
real or not? Still waiting for confirmation
bigglespipSep 15, 2010
6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
3c901d46bada9a 40981ffcfa376f a4b686ca8fb039 63f2ce16b91863 1bade89cc52ca2
4552921af8efd2 fe8ac96a02a6f9 9248b8894b23bd 17535dbff93d56 94bdc32a095df2
cd247c6d30286e d2212f9d8ce80a dc55bdc2a6962c bcabf9b5fcbe6f c2cfc78f5fdafa
80e32223b9feab f1fa23f5b0bf0d ab6bf4b5b698ae d960315753d36f 424701e5a944ed
10f61245ebe788 f57a17fc53a314 00e22e88911d9e 76575e18c7956e c1ef4eee022e38
f5459f177591d9 08748f861098ef 2...arse, it doesn't fit, that's genius!
admiralwoofSep 15, 2010
I think this sums it up very nicely
http://www.gameranx.com/images/updates/1281104758drm.jpg
nightsweatSep 15, 2010
Time for a new upgraded standard! Rainbow-Ray will feature a gazillion lines of resolution and audio only dogs can hear but require you to insert a valid credit card into the player every time you watch a disc.
dvddesignSep 15, 2010
DIVX already failed, but thanks for trying.
Closed AccountSep 15, 2010
Wow, 584 diggs and 43 comments on the top of the front page. This place is f**king dead now, eh?
uselesstriviaSep 15, 2010
What a pointless waste of time DRM is. Do they not realize that almost all of the illegal copies out there come from leaked sources? The minute you send out a DVD screener someone is going to crack it and put it online. You can get most movies in high quality digital formats well in advance of any DVD release and sometimes before the movie even comes out.
Limiting the number of devices your content can be viewed on is completely pointless and counterproductive.
entroperSep 15, 2010
So, the thing about this is, you still need to know which 20 rows from the 40 to use to generate the key you're looking for. This leaves 40 choose 20, or 137,846,528,820 possible keys. I suppose 137 billion isn't too high a number for brute-force attacks, though.
harrisbradleySep 15, 2010
Stories like this make be feel like my Digg.com is finally back.
qbertmanSep 19, 2010
Whahahaha !