HDCP / DRM 2015/2016

Weak Hardware

HDCP 2.2 is cracked and bypassed by HDMI splitter´s or converters. Ten years ago the master-key for HDCP was leaked to the net. But why is it bypassed again?

Companies that sell solutions to protect the customers content are high payed and those systems cost´s a bunch of money. But the devil is in the detail. Every crypto is just a layer that prevent´s that normal people can not copy or share the content to each other. If you ask people who are interested in bypassing such protections you find out they are very creative in thinking.

A senior crypto engineer does not check every possible way or worst case scenario. He did what he get payed for and nothing more. There are multiple ways to leak critical information s out of Blueray players or Smart TV´s and more. HDCP we can find on your local computer,beamer,tv…. and set-top boxes.

A company for iptv want to have a cheap and good solution to protect the content. The problem is there is no cheap way… and here begins the problem.

If i wanna have 1 gallon of milk i have to pay the farmer fully. Both sides are happy… i got the fresh milk and he can invest for more stuff in his farm and can survive.

So a design of good hardware depends first on the engineer who did the most work, but the management want to keep the cost´s low to get more profit. The management removes good part´s of the engineers process and replace the part´s with cheap unsecure solutions.

But back to HDCP!

Every who is in digital stuff knows that a flash EEPROM can be dumped. Company´s did this fault every time to rise the profit. A „secure“ flash ic is a bit expensive then a normal one… it´s just penny´s but they calculate in masses.

Possible Attacks are:

  • Rooting your device and grab data
  • Sniff the Key on HDMI
  • Dump a flash ic to get the RSA cert´s
  • Decrypt the traffic and leak data or content

After grabbing confidential stuff:

  • decrypt the traffic at least the magic key (AES or 3DES)
  • Build your homemade solution

For example HDFury has a down converter from HDCP 2.2 to 1.4 that converts to the compromised version of HDCP. HDFury isnt th the only Manufacturer of such devices.

A Lawsuit against HDFury is on and you get the info here



This happens if you design a system and don´t think about what you do. Those converters bypass the HDCP 2.2 by using a legal for now to make a conversion to HDCP 1.4.    A least it´s not forbidden to forget to use the 2.2 version. There is no law in the moment for that. If the use the 2.2 version and remove watermark´s or emulate the crypto it´s a big problem by the law.

I dunno about the other problems like pulling data from a non secured flash or a general IC that is not protected. But i think if is there no protection and i can use the flash ic for another thing i can pull legally the code. Modify the code is a fraud.

Anyway if a secure system alloud´s to get converted it´s not a secure system and a company sold rubbish to the customer. A strict system has not alloud to bypass ohh my mistake … i mean convert. *giggle*






Dieser Beitrag wurde unter Weak Hardware abgelegt und mit , , , , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.