Network News

X My Profile
View More Activity

Blu-ray's HDCP security possibly cracked. So what?

There's been some interesting chatter since yesterday over the possibility that the encryption meant to lock down the video cables connecting Blu-ray players and high-definition televisions has been broken--permanently.

As the headline on Engadget's post read: "HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently." The key in question is a lengthy string of hexadecimal text that underlies a copy-prevention regime called "High-bandwidth Digital Content Protection," used in Blu-ray movies and other forms of high-definition content.

While HDCP's digital rights management (DRM) is "revocable"--it allows copyright owners to generate a fresh set of encryption keys for new releases, after which law-abiding owners of Blu-ray players have to wait for firmware updates to watch those titles --the master key by its nature can't be revoked without making every existing release unplayable on hardware that complied with the old key. Game over!

Except this game has been over for a long time. The encryption on Blu-ray hasn't stopped those titles from showing up on peer-to-peer file-sharing networks in massive volumes. So Blu-ray owners who couldn't watch a newly-purchased copy of Avatar until a firmware update for their players arrived only had to turn to BitTorrent to find a copy they could view on the device of their choice.

An intellectual-property lawyer who has been working on DRM issues for years described yesterday's reported master-key leak as "a science experiment that has no commercial meaning." In practical terms, it's easier to use existing Blu-ray cracks to rip a disc to a computer than to use the master-key compromise to break HDCP--after which you'd have to sit through a real-time duplication of the movie as it plays.

Now if the studios would ever realize the ultimate futility of DRM--as opposed to market-based measures, like making it easier and more pleasant to get a legitimate copy of a movie to rent or buy--then we'd be on to something.

Update, 9/16, 4 p.m. Thanks for the comments about my not addressing HDCP-locked material not stored on Blu-ray discs. That's an interesting point that I didn't think to address in a post that led off with a Blu-ray-specific headline, so I will now.

In most of those other cases--cable and satellite TV, for instance--breaking the lock on an HDCP connection wouldn't let you do anything that you can't do today with analog high-def component-video outputs. You'd just have fewer cables to connect to the HDCP-cracking recorder of your choice. (Replacing a cable or satellite box itself would be a much tougher proposition, thanks to authentication protocols employed by TV providers that have had plenty of experience battling people who don't want to pay for their service.)

The movie industry would dearly love to close the "analog hole" that component-video outputs represent, and in some cases there are provisions for an "analog sunset"--Blu-ray players won't have analog outputs forever. An analog night has already arrived on a few platforms: For example, two years ago I noted how new Apple laptops would not let you watch an iTunes movie download if you plugged in an external display that didn't obey HDCP.

But in any situation involving recorded media--downloaded, bought or rent on a disc, saved on a DVR's hard drive--it will remain easier to crack the DRM preventing a computer from treating the file or the disc as it would any other bit of data: something that it can copy perfectly and quickly. The one exception there would be video streamed in real-time over the Web... right? If there are others, I'd like to know about them.

By Rob Pegoraro  |  September 15, 2010; 11:27 AM ET
Categories:  DRM , Video  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Twitter redesigns site to ease browsing, media sharing
Next: Microsoft posts Internet Explorer 9 beta (updated with first-look review)


Hate to break it to you, Rob, but the HDCP master key is not about Blu-ray. It is about being able to copy HD content in the process of delivery (cable, satellite, etc). As in, with the HDCP master key you no longer have to go through your cable/satellite company for a DVR, you could just run it into your PC and save the content there at full HD quality. It is what is referred to as the "analog hole" with pre-digital transmission. It allows you to record the HD content at full quality while said content is in transmission.

HDCP is not what was protecting Blu-ray, it is what was protecting content in route from the source to the display. It is the hardware, not the Blu-ray disk, which the use of this master key applies to.

Posted by: murch240z | September 15, 2010 3:38 PM | Report abuse

Daaaannnggg!!! BUSTED!!!! OOOOHHHHH

Posted by: psinha4569 | September 16, 2010 7:17 AM | Report abuse

Go ahead, break it to Rob, he needs the edification.

Posted by: hairguy01 | September 16, 2010 7:50 AM | Report abuse

Bottom line is that DRM is a dinosaur and does not work in the market. There will always be smarter people out there to crack whatever scam they dream up to make it so one can copy it anytime anywhere. Make the movies put them on DVD and don't charge so much and people will buy them in higher quantities. There will always be the ones who will copy stuff no matter what you do but that is not the ones you need to be spending your time on and waste your money on. The only saying once the Genie is out of the bottle you can't put him back in again... DRM is the Genie and it's been cracked in some may ways...

Posted by: Concerned5 | September 16, 2010 7:57 AM | Report abuse

I'm confused. I'm also not that technical. I think it would be worth Rob's time to address the earlier postings that appear to contradict his column.

Posted by: tojo45 | September 16, 2010 8:17 AM | Report abuse

The first poster here is correct. HDCP is a scheme to protect the digital product during transmission to a display device. So now those with the key and appropriate hardware could create a digital copy of ANY content by capturing it after the decoder (like a Bluray player). But Rob's general point is also correct - that genie's been out of the bottle - BR can already be ripped using commercially available software and played back on a PC from hard drive. HDCP beoing compromised is just another avenue folks can use to copy protected digital content.

Posted by: temartin | September 16, 2010 8:40 AM | Report abuse

Was going to post a correction but Murch beat me to it - he's correct though. This article needs correction because the author apparently has confused AACS (the DRM used by BD) with HDCP. Or at least confused his audience :)

Getting around AACS encryption has been ridiculously easy for years now. Breaking the HDCP chain, however, has not. This has big implications for things like video capture, third party DVR's, you name it.

Posted by: Ixian | September 16, 2010 9:45 AM | Report abuse

On pirate p2p networks, TV shows in HD are available the next day and BluRay movies are available once the discs come out. So what was this protection trying to address and why did it have no impact on piracy to date? If it has no impact on piracy, what's the point to begin with?

Posted by: antispy | September 16, 2010 9:58 AM | Report abuse

@tojo45, think about it this way. You know how you (probably) use SSL/https to securely log into your bank, or purchase items online? HDCP is like encrypts the data during transfer so only the authorized parties can use it; to anyone else it's useless gibberish. Well, instead of doing this over the Internet, in this case the trusted parties are electronic devices, like TVs and DVD players, and the "internet" is an HDMI cable. This is supposed to prevent the digital video from being copied by connecting the HDMI cable to untrusted/uncertified electronic devices.

Posted by: MaxH | September 16, 2010 10:00 AM | Report abuse

There isn't an encryption in existence that cannot be broken.

This, every instance before it and every one after, is inevitable.

Posted by: trident420 | September 16, 2010 11:02 AM | Report abuse

The industry should save time by requiring all consumers to sign an admission of guilt for piracy prior to allowing the purchase of media or hardware.

Posted by: Bakamono | September 16, 2010 1:49 PM | Report abuse

Useful comments here. So this means that I could finally build my own DVR, and capture HD content from cable, without having to buy/rent their crappy DVRs? If so, then I'd say this IS a significant development and a happy one.

Posted by: mwalker1 | September 16, 2010 2:51 PM | Report abuse

As previous posts say, the HDMI root key enables capture of content transmitted from DVD, BluRay, and set top boxes to televisions. However, it requires custom hardware - as there is no off the shelf HDMI input card. The HDMI video is uncompressed, so it would require a lot of computation to reduce the storage requirement by about a factor of ten. And closed caption and other metadata contained in the native MPEG is lost.

Posted by: RouterMonkey | September 16, 2010 4:03 PM | Report abuse

The movie and record industries can't seem to learn that selling for less will sell more and lead to less piracy. And with electronic distribution, they have even less costs and inventory to deal with. They could easily sell movies or records for many years. I can go to a thrift store and buy a perfectly good VHS tape or DVD that sold for $20+ for under a dollar.

Posted by: gmclain | September 16, 2010 4:15 PM | Report abuse

Thanks for the input, everybody. You're absolutely right that HDCP does more than "protect" Blu-ray recordings, so I revised the post a few minutes ago to address some of those other cases.

- RP

Posted by: robpegoraro | September 16, 2010 4:37 PM | Report abuse

We're headed towards a dystopia where you the "consumer" (not citizen, "consumer") won't actually own any copies of books, music, movies, or TV shows. You'll own a locked down, encrypted copy that will stop working a few years down the road as technology changes, companies go out of business, and DRM servers quit being operated.

Hackers broke this particular copy-protection protocol, but it's just a speed bump on our corporate-paved road to Hell. As DRM gets built into all hardware, and general-purpose computers phase out in favor of corporate-controlled, limited-purpose "appliances" (i.e. PCs get replaced with locked-down devices along the iPhone/iPad model), 99% of "consumers" won't have access to devices that can even break the encryption.

Fortunately, certain parts of the world will remain a "wild west" of rogue hardware makers that are beyond the reach of US corporate bought-and-paid-for DRM enforcement laws. Data may still be free in those parts of the world. But in the US, and all of the countries that the US can successfully browbeat into enforcing media-giant-friendly laws, the future looks grim.

Posted by: kcx7 | September 16, 2010 6:37 PM | Report abuse

Tell me this will allow Linux to handle BD in some way or another...

Posted by: YesWeCan_2008 | September 16, 2010 8:30 PM | Report abuse

I'll tell you one way this could play out - many people don't realize it, but right now, this very minute, you can buy an HDMI capture card for perfectly legal purposes. They are pretty useful for camcorder "pro-sumers" who use them to edit true high quality video. However right now that's all they are useful for since HDCP blocks capturing any kind of protected content such as that coming from your cable or satellite box. For that, you have to use something like the Hauppage HDPVR and the analog component outputs of your device (assuming it has them). This is the so-called "analog hole" that big media is dearly trying to close (and they will probably succeed in doing so), also it has several technical limitations.

What breaking HDCP means is you could buy a perfectly legal HDMI capture card and in conjunction with a perhaps no so-legal HDCP ripper program capture video from your cable/satellite/etc provider, on your terms, to the DVR of your choice - such as the excellent Open-Source MediaPortal - without any DRM restrictions. All of that, other than the circumventing HDCP part, is perfectly legal by the way. For HTPC (Home Theater PC) users, a small but influential group, this is the holy grail.

The concept is already used in practice, ironically enough for AACS protection - check out AnyDVD HD, a software program (Google it). Written and sold by a company outside the US where the DMCA does not apply it is extremely popular in HTPC circles for getting around DRM on Blu Ray disks - disks people have legally purchased, yet because of strict DRM cannot play for one reason or another - and I would not be the least surprised to learn they were already at work on adding HDCP decryption in to their routine.

That's just one example of what could be done now that this is broken. I may be talking about a niche market favored by techies - Grandma isn't going to roll her own DVR, I get it - but stuff like this tends to filter out to a much broader audience over time. Just look at all the commerical playback devices now being sold by major companies in retail stores, like the WD Live, various Windows Media Extenders, set top boxes from Netgear, DLink, and others, or for that matter the Boxee Box. Those are a direct result of HTPC hobbiest forces at work over the past decade (I'm one of them, in case it isn't obvious). Who knows where this will lead?

Posted by: Ixian | September 16, 2010 8:45 PM | Report abuse

I recently discovered a site that debunks the HDMI buzz. HDMI is a poorly engineered hodgepodge that is lucky to work for you, which is why some people have so much trouble with it.

Blue Jeans Cable wrote a very informative collection of pages that explain HDMI and why it is substandard.

It certainly explained the problems I have had with HDMI and why I have happily switched over to using analog component video.

Posted by: BoteMan | September 16, 2010 9:28 PM | Report abuse

I'm one of the people Ixian said didn't realize HDMI capture cards were available. One question, though, is whether they can be programmed to satisfy the two-way handshake necessary for an HDCP-enabled source to send video.

Posted by: RouterMonkey | September 17, 2010 1:57 PM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.

characters remaining

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company