Intel Confirms HDCP Master Key Is Out

from the oops dept

Fri, Sep 17th 2010 4:05am — Mike Masnick

We were among the many folks who wrote about the supposed leak of the HDCP master key this week, leading to an interesting discussion in the comments -- including a comment from a big time DRM supporter (he's even written a book about DRM) who scolded us for getting the whole story wrong, insisting that there was no such thing as a master key and that Hollywood never would have agreed to HDCP if there were such a thing. This struck me and some others as odd, as many of us have followed the discussions on HDCP, and I tended to believe Ed Felten's explanation of how HDCP works, which indicated that there was, in fact, a master key. That was from a few years ago, but Felten also just posted another explanation about how HDCP works, and it still seems to involve a master key.

And, now, Intel is apparently confirming that the leak is, in fact, the master key. So, at this point, I'm going to have to assume that the DRM expert and the scolding were wrong, and that there is, in fact, a master key... and it's been leaked. Good thing the FCC gave the MPAA the okay to break your TV and DVR to release movies that would be "protected" by HDCP, huh? As Michael Weinberg points out, the FCC has now broken a bunch of TVs for nothing:

Today, it looks like HDCP -- the DRM that the MPAA insisted was required to allow them to securely distribute movies prior to DVD release -- has been broken. As a result, anyone who is motivated can make an exact digital copy of a "protected" high definition movie. Since all it takes is one motivated individual to make that first copy, this DRM (like every type of DRM before it) now serves absolutely no purpose but to inconvenience legitimate customers.

In May, I wrote that "Studios are asking the public to trade the use of any analog inputs on their devices for more magic beans." The FCC accepted that trade. At the time, it looked like those magic beans at least pretended to have some powers to slow down copying. Today they have been revealed for what they really are -- worthless.

Nice work, FCC.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cracked, drm, hdcp, master key
Companies: intel

58 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Flame, 17 Sep 2010 @ 4:25am

The definition of insanity
Is doing the same thing over and over and expecting different results.

Prohibition never works.
[ link to this | view in chronology ]
- chris (profile), 17 Sep 2010 @ 9:20am
  
  Re: The definition of insanity
  i have not failed, i've simply found 10,000 ways that won't work.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 4:33am

Well, I guess it's back to the drawing board for the DRM makers. They'll have to roll out a "new" form of DRM that will effectively make the current hardware useless, while still providing no value to the consumer.

Maybe one day they will learn that every form of security, given enough time, WILL eventually be broken.
[ link to this | view in chronology ]
- Greevar (profile), 17 Sep 2010 @ 6:16am
  
  Re:
  If it can be unlocked, it can be broken.
  [ link to this | view in chronology ]
  - Kingster (profile), 17 Sep 2010 @ 7:40am
    
    Re: Re:
    This is true... However, my bet is that the next version will (like Steam) "require" internet connectivity. That way, when something like this occurs, you just replace the master key...
    
    Oh. Wait. That's how standard SSL works. Funny, that.
    
    Then, that 4-second HDCP handshake will turn into 12 as all device certificates are validated at a central clearing house (I bet Verisign is frothing at the mouth for this).
    [ link to this | view in chronology ]
    - chris (profile), 17 Sep 2010 @ 9:28am
      
      Re: Re: Re:
      the key difference between SSL and any kind of DRM is the fact that with SSL both parties (the certificate holder and the certificate authority) want to maintain their trust relationship.
      
      with DRM the consumer is also the attacker. the consumer doesn't care if the relationship is maintained or not.
      [ link to this | view in chronology ]
    - Karl (profile), 17 Sep 2010 @ 12:22pm
      
      Re: Re: Re:
      my bet is that the next version will (like Steam) "require" internet connectivity.
      
      Interestingly enough, there are tons of cracked copies of Half-Life 2 out there, and you can play those without needing an internet connection (the single-player campaigns, anyway).
      
      What won't those cracked copies do? Automatically install "updates" that break the game itself (happened with Episode 2 last year), or legal and encouraged third-party mods (like what happened last month, and hasn't been fixed yet).
      
      I love Half-Life, and I don't even mind Valve that much, but this sort of behavior is just unacceptable. Hell, I've got a legit copy, and I'm thinking of finding a crack somewhere just so I can play those broken mods.
      [ link to this | view in chronology ]
      - Kingster (profile), 20 Sep 2010 @ 5:14am
        
        Re: Re: Re: Re:
        @Chris: Well there's more to it. There's really 3 parties there in SSL: the browser (also, an attacker), the CA, and certificate holder. Everyone has to validate each other, and not a single one REALLY knows who each other is at the time that SSL is creating the secured connection. The same holds true with DRM, really. Splitting hairs though.
        
        @Karl: The single player campaigns suck. The real fun begins when you get on line and play other humans. But yes, you're right. You can play cracked copies without an internet connection - but you're missing 80% (IMO) of the game...
        [ link to this | view in chronology ]
        
        chris (profile), 20 Sep 2010 @ 6:41am
        
        Re: Re: Re: Re: Re:
        you can play cracked games online with other people via services like xlink-kai.
        [ link to this | view in chronology ]
JR Smith (profile), 17 Sep 2010 @ 5:02am

These people are totally blind. That ugly form of DRM was broken a long time ago and anyone with a few bucks can buy software to do it. Copy protection has never worked and it never will.
[ link to this | view in chronology ]
abc gum, 17 Sep 2010 @ 5:03am

Funny how Bill Rosenblatt blames the hardware makers all using the same key. I thought they could change the key via an update to the device firmware. This would then make your blueray dvds unreadable. But no worry, because all you bought was a license and therefore they owe you a new dvd.
[ link to this | view in chronology ]
- Sean T Henry (profile), 17 Sep 2010 @ 6:55am
  
  Re:
  Now lets see if that happens. If they update the key and your blueray disk will not play demand a new copy free of charge including shipping if they do not do this start a class action lawsuit for breach of contract.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 5:08am

DRM is a waste of time. You give people the cipher key and the code and tell them not to put the two together. It's pretty obvious that's not going to work for long.
[ link to this | view in chronology ]
NAMELESS.ONE, 17 Sep 2010 @ 5:18am

the can change the key BUT
if they open that hole up you would begin to see cracked keys ....comparing old vs new you would in time be able to just generate a key....
[ link to this | view in chronology ]
Jim, 17 Sep 2010 @ 5:20am

It's all about control anyway...
DRM + DMCA = Hollywood Has Control

Cracked DRM + DMCA = Hollywood Still Has Control

With end-to-end DRM, Hollywood decides what devices, networks and software can legally play their content. That gives them leverage over companies like Samsung and Comcast, which is probably fine with them since the entrenched players all have a vested interest in preventing any disruptive new players from emerging.

Without some sort of illegal hack (that most people won't do), I still won't be able to record these first run movies on my Tivo. That is, of course, unless Hollywood lets Tivo decrypt the stream, which means Hollywood will dictate to Tivo (and me) how long I can keep it and how many times I can watch it. Many shows I record today can no longer be copied off of my Tivo since the shows remain "protected." It doesn't matter that Tivo could use a master key to capture a decrypted copy. Tivo would be in violation of anti-circumvention laws if they did. So would any start-up. It's difficult for a start-up to get funded when it's almost a sure thing that they'll be on the loosing end of a lawsuit.

DRM is all about controlling other people's legal business models.

(Sorry about being a broken record on this point, but I think it's very important.)
[ link to this | view in chronology ]
- Anonymous Coward, 17 Sep 2010 @ 5:54am
  
  Re: It's all about control anyway...
  I was wondering when someone would bring up that point.
  
  Here.
  
  - Arduino can do it and I bet many people are already posting the instructions on how to build a HDMI compliant device that only needs to have the software flashed into it to replace the old HDMI that didn't had HDCP in it.
  
  - Hardware can be emulated in software, how long until some virtual machine gets and addon that makes it capable of copying anything.
  
  Those things are not that hard, it inhibits companies from exploiting this not highly motivated people with the knowledge necessary to accomplish the task and when they do all will take advantage of that.
  [ link to this | view in chronology ]
  - Anonymous Coward, 17 Sep 2010 @ 9:16am
    
    Re: Re: It's all about control anyway...
    I don't think Arduino is fast enough. You would need a fast enough DSP or FPGA, or at least a fast set of ADCs if you want to log the handshake and try to crack it later.
    [ link to this | view in chronology ]
    - Anonymous Coward, 17 Sep 2010 @ 9:44am
      
      Re: Re: Re: It's all about control anyway...
      An arduino with an arm processor is not fast enough?
      [ link to this | view in chronology ]
      - Anonymous Coward, 18 Sep 2010 @ 2:32am
        
        Re: Re: Re: Re: It's all about control anyway...
        'arduino' is not a generic term. Arduino is a relatively cheap microcontroller + IDE package with a bunch of built in libraries.
        
        Considering the length of that key...you'll need a fairly hefty micro.
        [ link to this | view in chronology ]
  - nasch (profile), 17 Sep 2010 @ 11:29am
    
    Re: Re: It's all about control anyway...
    Both points are correct, there will be people breaking the DRM, ripping the content, and distributing it. AND, the media companies will continue to use the DMCA to squash competition, unless and until the anti-circumvention measures get repealed. OK, stop laughing.
    [ link to this | view in chronology ]
- Karl (profile), 17 Sep 2010 @ 12:41pm
  
  Re: It's all about control anyway...
  DRM is all about controlling other people's legal business models.
  
  Yes, I think you hit the nail on the head right there. Content industries don't actually think DRM will prevent "piracy" (i.e. non-commercial, individual infringement).
  
  They invest time, money, and lobbying pressure so that the content industries can legally force other businesses to accept their business model. Or if not, then at least pay the content industries boat-loads of cash.
  
  If their legitimate customers are inconvenienced, who cares? Their most lucrative "customers" are not the end users, they're the ISP's, the hardware vendors, and the media startups.
  
  Those media startups will usually fail, because they can't afford the blackmail-level rates demanded by the content industry. But if they do, again, who cares? The content industry still gets their money, without risking anything.
  
  Stopping "piracy" isn't the point. The point is controlling other businesses in their market.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 5:27am

Want a perfect copy of that movie or song?

Just hit "record" it works for me. DRM or not.

BTW the best explanation ever.

DRM in any form is Evil and
Comment by Anonymous on September 17th, 2010 at 1:56 am.

What the content providers are yet to realise is this.... End users are not HDCP compliant.

Quote source:
http://www.freedom-to-tinker.com/blog/felten/understanding-hdcp-master-key-leak
[ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 5:28am

Hmmm...the record feature only works in DRM free OS's LoL

Vista is not your friend.
[ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 5:38am

Considering that being a "DRM Expert" requires you to devote your life to being wrong, Bill Rosenblatt's ignorance isn't very surprising.
[ link to this | view in chronology ]
Jon Renaut (profile), 17 Sep 2010 @ 5:48am

What was the key?
Anyone know what the key was? My money is on 1234.
[ link to this | view in chronology ]
- Anonymous Coward, 17 Sep 2010 @ 5:51am
  
  Incredible.... that's the combination on my luggage
  [ link to this | view in chronology ]
- ofb2632 (profile), 17 Sep 2010 @ 6:00am
  
  Re: What was the key?
  Thanx, now i have to change the password on my laptop!!
  [ link to this | view in chronology ]
  - Jon Renaut (profile), 17 Sep 2010 @ 6:26am
    
    Re: Re: What was the key?
    You think that's bad, I just got served a subpoena for violating the DMCA with that above comment.
    [ link to this | view in chronology ]
- Anonymous Coward, 17 Sep 2010 @ 8:45am
  
  Re: What was the key?
  That's the key to my luggage!
  [ link to this | view in chronology ]
bushman, 17 Sep 2010 @ 6:22am

"Since all it takes is one motivated individual to make that first copy..."

Boy, you really wouldn't want to make that your Achilles heel, especially during the age of the freaking Internet.

Why won't they learn?
[ link to this | view in chronology ]
Berenerd (profile), 17 Sep 2010 @ 6:28am

Any lock has a key...
If there is a lock there is a key. Its stupid to consider it otherwise.
[ link to this | view in chronology ]
mdmadph (profile), 17 Sep 2010 @ 6:38am

I'm finding it curious why Intel put time and effort into verifying that the key was cracked -- do they have some sort of competing DRM technology they're about to try and start marketing? :\ What's their payoff?
[ link to this | view in chronology ]
- Chronno S. Trigger (profile), 17 Sep 2010 @ 6:43am
  
  Re:
  They don't have to wast all that time and money making sure their products are HDCP compatible?
  [ link to this | view in chronology ]
- RST101 (profile), 17 Sep 2010 @ 6:49am
  
  Re:
  because its intels key.
  [ link to this | view in chronology ]
Simon, 17 Sep 2010 @ 6:48am

Impact
This probably won't have much impact with regards to the pirating of HD content - BluRay has been hacked for a long time and provides convenient access to the compressed content. If you tap into the HDMI stream, you are going to have to process the uncompressed video stream and compress it again before it's usable (for most people).

What it might do is allow cheaper hardware dongles that strip out the HDCP and 'fix' the devices that have problems with the HDCP handshaking. It may also allow more innovative HDMI distribution devices such as running multiple screens from one HDMI output.
[ link to this | view in chronology ]
- CDWatters (profile), 17 Sep 2010 @ 8:04am
  
  Re: Impact
  However it would allow some enterprising person to make a HDCP intercept device which would allow a person to DVR supposedly protected content, by grabbing the HDCP stream. So comcast (among others) could not stop you from recording live HD content (or pre-media release PPV content) by setting the "do not record" bit.
  
  Or it might make a nifty media converter so I could use my older, non HDCP HDTV (they do exist) with new content.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 7:07am

Why does this sound like gun control? We hassle law abiding citizens with licensing and the criminals just take what they want.
[ link to this | view in chronology ]
Overcast (profile), 17 Sep 2010 @ 7:17am

One more reason to buy AMD.
[ link to this | view in chronology ]
Kingster (profile), 17 Sep 2010 @ 7:20am

Waldrop at the linked CNet article:
"We believe that this technology will remain effective," he said. "There's a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a (circumvention) device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA (Digital Millennium Copyright Act)."
Allow me to paraphrase: "Yeah. We've sold a lot of shit, so we have to say it's gonna stay viable, and if some joker thinks he's gonna screw us, we'll sue his ass into oblivion!"
Hey Tom? Welcome to the new Internet. It's the place where things like the Streisand effect happen. You know, where you try to crush some small guy with a lawsuit, and DMCA, and other crap... And the rest of the world knows more about what you're trying to crush than you do. DVD Jon ring a bell?
[ link to this | view in chronology ]
out_of_the_blue, 17 Sep 2010 @ 9:16am

Okay, so on to the *next* increment of DRM!
That was my point in previous article that some seem to have missed. Perhaps I should have put "effectively" in somewhere.

Also, some seem to think that they'll always have access to open computers, but see, THIS LEAK justifies the next level of hardware control. It's not even my original idea that it's an intentional leak for that purpose (I forget where I read it, maybe even here). I'm more concerned with where society is headed than where it is, because the trend is clear.
[ link to this | view in chronology ]
- nasch (profile), 17 Sep 2010 @ 11:37am
  
  Re: Okay, so on to the *next* increment of DRM!
  I'm not worried about a law mandating Trusted Computing or the equivalent. But I can (maybe) see all the major computer companies doing it voluntarily under pressure from the entertainment industry. Open computers I'm sure will still be around, but they could become expensive and hard to find. Perhaps DIY only. Not a pretty picture.
  
  The thing is, with so very many companies using Linux, which presumably would not play nicely with trusted computing, could such an initiative really go anywhere? Interesting topic. I heard a lot about trusted computing a few years ago, and nothing since; I hope it's died.
  [ link to this | view in chronology ]
Steve R. (profile), 17 Sep 2010 @ 9:25am

The Hypocracy
The industry can get behind some massive DRM scheme that involves significant research, development standards, compliance from a gazillion manufactures, but they can't figure out how to make standard power plugs or print cartridges!!! Give me a break.
[ link to this | view in chronology ]
- Anonymous Coward, 17 Sep 2010 @ 9:44am
  
  Re: The Hypocracy
  The industry can get behind some massive DRM scheme that involves significant research, development standards, compliance from a gazillion manufactures, but they WON'T figure out how to make standard power plugs or print cartridges!!! Give me a break.
  
  FTFY
  [ link to this | view in chronology ]
  - Steve R. (profile), 17 Sep 2010 @ 10:09am
    
    Re: Re: The Hypocracy
    Thanks!
    [ link to this | view in chronology ]
Bengie, 17 Sep 2010 @ 9:46am

The cake is a lie
You can't have your cake and eat it to

You can't block your customers from viewing content and let them view the content to.

If you want to keep someone from copying data, they must not have access to that data. This is on conflict with the idea of distributing data.

Now, if they really wanted to keep the customer from copying data, they would've put it under AES256 and inside a secure vault that is guarded, but I hardly see how that would make them money.
[ link to this | view in chronology ]
nonanonymous, 17 Sep 2010 @ 10:38am

Can someone ping Bill Rosenblatt to comment here? I'd love to see him tell us how Intel got it all wrong...
[ link to this | view in chronology ]
Mosaic user, 17 Sep 2010 @ 11:45am

Losing my understanding of why it's there
I don't see the point anymore. I can almost see it as a pre-consumer release security tool, but why put DRM on things you want to become widely used and desired? HD is finally a recognizable step up from standard definition, and the price point is becoming reasonable. For myself, I boughht a HD plasma on sale to replace a dying TV. I find I like HD. Now I need a new projector, so I start shopping for an HD projector,simply because I am used to seeing an HD picture. What point does DRM serve except to slow down adoption of a new technology? You don't make money selling DRM to consumers, you make money selling films, and screens and projectors and sound equipment. Cadillacs and BMW's don't need drm, why does a television? Everyone has automobiles, only some have KIA's and some have Lincolns. The difference is money, not the system to start the car. Why would you want to stop someone from buying your product? I seriously no longer understand this concept of excluding potential customers from wanting what you sell.
[ link to this | view in chronology ]
- Karl (profile), 17 Sep 2010 @ 1:22pm
  
  Re: Losing my understanding of why it's there
  Cadillacs and BMW's don't need drm
  
  Well, as a matter of fact...
  http://www.techdirt.com/articles/20100720/01092010287.shtml
  [ link to this | view in chronology ]
BruceLD, 17 Sep 2010 @ 3:38pm

Subject
Blah. This encryption/DRM hasn't stopped piracy in the slightest. The fact is it's just yet another way that a corporation brainwashes other corporations in to this "win-win" technology only so they can make money licensing it out. In addition thanks to the DMCA, the lawyers are making a fortune off of it.

They knew it wouldn't change a thing, but corporations gladly paid out licensing fees for the technology. The only winners are...the company the sells the licenses and the lawyers that sue for the DMCA/DRM breach. The other corporations and all customers lose.
[ link to this | view in chronology ]
Tim Dickinson (profile), 17 Sep 2010 @ 4:33pm

Surely just simple DRM makes more sense now?
Surely the best DRM going forward in a purely pragmatic sense for all involved will be something very basic along the lines of CSS.

As we see time and time again, every DRM scheme that appears is pretty quickly rooted and this is not only embarrassing to the entertainment industry but also makes each attempt a massive loss making exercise and completely pointless. The pirates are always going to find a way to circumvent the DRM, and the movies/music/whatever will be shared.

The only benefit that the entertainment industry gets out of DRM schemes then is preventing the common man (non-techie and non-pirate) from just making copies of his movies and sharing them with his friends. They want to avoid the situation in music we have had for the past decade where even you Mum or Dad could and might easily share a burned copy of a recent album purchase with friends.

To prevent this "common-level" copying of discs, they could just as easily use a simple DRM like CSS, but use the legal protections to make sure no mainstream hardware or software manufacturer offered anything that circumvented that copy protection. Yes anybody can find some DVD-ripping utility online now to copy DVDs, but because the feature is not built into iTunes/MediaPlayer/Nero/etc they don't.

Just making use of the legal protections like this will save them a fortune in implementing increasingly complex but equally useless DRM, and having to deal with all the associated problems that arise.
[ link to this | view in chronology ]
hmm, 17 Sep 2010 @ 5:20pm

Ok two ways to make "perfect" drm.

1. the drm instantly and completes erases the data in a mini nuclear explosion if anyone comes within 10 metres of the PLAY button.........

2. The DRM becomes artificially intelligent and sends drm-bots back in time to stop the content being created.....
[ link to this | view in chronology ]
Anonymous Coward, 17 Sep 2010 @ 11:32pm

I don't think I ever thought I would be saying this but, the law today is the biggest threat to American wealth and prosperity.
[ link to this | view in chronology ]
drm removal, 25 Sep 2010 @ 8:05am

Not surprising
DRM is really a annoying staff in digital world , it prohibit people a lot.
[ link to this | view in chronology ]
Horse Medications, 6 Jul 2011 @ 6:23pm

very interesting
Yeah, this was very interesting discussion. Actually, I�ve read it before in the newspaper.
[ link to this | view in chronology ]
online classes, 30 Aug 2011 @ 12:54pm

Keep it up FCC!
Keep it up FCC! That was the good idea for accepting the trade. By the way, thank you for the sharing of this information that is very interesting to read.
[ link to this | view in chronology ]
esl teaching jobs in korea, 31 Aug 2011 @ 6:03am

good news
This was the good news. I am that I�ve read this information HDCP master key.
[ link to this | view in chronology ]
AuthorHouse, 14 May 2012 @ 1:52am

Thanks for share this article. Just thought I would comment and say great theme, did you create it for yourself? It looks awesome! I�ve read through a number of the articles in your website , and I love the way you blog.
[ link to this | view in chronology ]
iUniverse, 24 May 2012 @ 11:24pm

Sincerely speaking, your writing abilities are above the ordinary level. Better language skills are needed for blogging, and I appreciate your ability to write well. Thanks for such a helpful information.
[ link to this | view in chronology ]