HDCP 2.2 is cracked and bypassed by HDMI splitter´s or converters. Ten years ago the master-key for HDCP was leaked to the net. But why is it bypassed again?
Companies that sell solutions to protect the customers content are high payed and those systems cost´s a bunch of money. But the devil is in the detail. Every crypto is just a layer that prevent´s that normal people can not copy or share the content to each other. If you ask people who are interested in bypassing such protections you find out they are very creative in thinking.
A senior crypto engineer does not check every possible way or worst case scenario. He did what he get payed for and nothing more. There are multiple ways to leak critical information s out of Blueray players or Smart TV´s and more. HDCP we can find on your local computer,beamer,tv…. and set-top boxes.
A company for iptv want to have a cheap and good solution to protect the content. The problem is there is no cheap way… and here begins the problem.
If i wanna have 1 gallon of milk i have to pay the farmer fully. Both sides are happy… i got the fresh milk and he can invest for more stuff in his farm and can survive.
So a design of good hardware depends first on the engineer who did the most work, but the management want to keep the cost´s low to get more profit. The management removes good part´s of the engineers process and replace the part´s with cheap unsecure solutions.
But back to HDCP!
Every who is in digital stuff knows that a flash EEPROM can be dumped. Company´s did this fault every time to rise the profit. A „secure“ flash ic is a bit expensive then a normal one… it´s just penny´s but they calculate in masses.
Possible Attacks are:
- Rooting your device and grab data
- Sniff the Key on HDMI
- Dump a flash ic to get the RSA cert´s
- Decrypt the traffic and leak data or content
After grabbing confidential stuff:
- decrypt the traffic at least the magic key (AES or 3DES)
- Build your homemade solution
For example HDFury has a down converter from HDCP 2.2 to 1.4 that converts to the compromised version of HDCP. HDFury isnt th the only Manufacturer of such devices.
A Lawsuit against HDFury is on and you get the info here
A HDCP KILLER xD
This happens if you design a system and don´t think about what you do. Those converters bypass the HDCP 2.2 by using a legal for now to make a conversion to HDCP 1.4. A least it´s not forbidden to forget to use the 2.2 version. There is no law in the moment for that. If the use the 2.2 version and remove watermark´s or emulate the crypto it´s a big problem by the law.
I dunno about the other problems like pulling data from a non secured flash or a general IC that is not protected. But i think if is there no protection and i can use the flash ic for another thing i can pull legally the code. Modify the code is a fraud.
Anyway if a secure system alloud´s to get converted it´s not a secure system and a company sold rubbish to the customer. A strict system has not alloud to bypass ohh my mistake … i mean convert. *giggle*
Another HOME MADE PROBLEM…..
Hi, today i wanna talk about the security of 7Zip. If you think 7 Zip is good for you then think about your security. If you wanna encrypt a file with AES you are welcome.
Till today AES is one of the strongest encryption, but be carefull what you do!
7zip generates a SHA256 that has your Password inside.
So far secure if you don’t have arround 120.000€ for a small cluster network. At least a single GPU need 10 years to crack a 7Zip hash that has 8 chars, to cut the time a Cluster and a NAS as collector can split the time to less than 5 years.
Cracking an encryption (the password or key) takes a bunch of time. Why not generate all possible keys and check them? Sure it takes lot´s of space like Petabytes… but once generated it´s faster. Same to the RSA…. generate is faster than tear down to primes.
SHA256 with 5 Chars = 16 Hours on a single GPU.
*Cracking speed of a HASH depens on your local GPU!
Importent is that the SHA256 is based on AES, that means if you use C as password the SHA is always Unique! Make 2 files with the same password…. you will see a different HASH! So if you use the password C often or a name like Mike or Anton it´s easyer to tear down. So the AES function is useless on 7Zip and Winrar. It´s not secure!
Grab a AES encrypter tool… that do not put your password into the archive too!
Using some kind of thoose packers with encryption is like using a known backdoor. Why using a password if it´s inside a file? Make no sense!
Well made in China means mostly counteright product´s. You should never by computer part´s on Ebay or Alibaba etc!
The Core is pirated by filthy few somewhere in Korea or China, even the Samsung Ram is not Samsung…. more than a bad copy of it.
What did they do?
For me it looks like the main Pcb is a faulty by manufacturing process and it´s a Geforce 2X GTX series. They have overwritten the Chip information s and the Vendor and Subvendor ID and patched all facts to Geforce 650 TI.
Even the sensor for temperature is broken.
This is how to make money with scam ware…. on multiple way…
The Seller only refunds 20-25% of the price. This is the way to make money isn’t it?
I wish that those people will get cancer or a bad accident.
Die Gema hat mal wieder geklagt, das die Telekom die Seite Goldesel sperren soll. Seht euch das Video von Semper an und lacht euch weg.
@Gema wenn Sie kein Personal haben, das fähig ist solche Webseiten hops zu nehmen, stellen Sie Personal ein, das es kann.
Was SemperVideo schon sagte… VPN Service und die Sperre ist weg. Das heisst auch das die Gema nicht für 50 Cent denkt. Das würde auch bedeuten das immer mehr Webuser auf eine VPN umstellte würden und man sich alle Zähne selber zieht gegen Copyright Verstöße vor zu gehen.
Here’s what 10 year old kids get up to in DayZ: „Hacking“ into servers and using global voice chat to troll people and streamers like me. Annoying and absolutely wrong. Someone needs to get a hold of this kid and teach him a lesson. He followed me into several servers, cussing me out, playing very wrong music, especially in the light of recent events.
After a quick lookup it´s possible that a member of twitch was peeking Themeepfactors stream.
Azmaraboyzz & Aznaz4 it´s not 100% proofed. Cause we dont have access to any IP addresses or anything else. This calles himself a Hacker….
We hope that the NSA or FBI even the rest of all international Secret Services can get him!
Here is the Video Evidence that TheMeepfactor recorded and i published it.
Here you can see the Stream included Server switching, that means the global voice is true.
You can see the full Stream @ http://www.twitch.tv/themeepfactor/v/26105168
Well everybody know´s that hacking IC´s can be really hardcore at least if you need to recover data that is only aviable on the chip and he source is lost.
For 400 Usd you can recover your Rom or Flash content on your own. All you need is a modded microscope and a SLR cam with 10-18mpx.
This example is a really bad once… too much rest of dirt on it but you can see the column ^^.
After remove the top layer or meshes you have access to it. With a grid you can analyze the dot´s and convert them to hex. Thats very easy on AVR or PIC.
For high security mostly you only can image encrypted binarys.
ID: is 9F A4
Check out the Jedec ID´s ar https://www.jedec.org/standards-documents/docs/jep-106ab
9F never been attached to the Jedec ID list from xx-2015.
Well AliExpress selling again fake chips from SST. Cheap print x4 under the microscope and a silly stamp.