September 27, 2016

Researchers Crack HD Con­tent Pro­tec­tion System

(LiveHacking.Com) – Security researchers have broken the High-band­width Di­gi­tal Con­tent Pro­tec­tion (HDCP) system used on HD devices (such as Blu-ray) with HDMI ports to pro­tect di­gi­tal video sent to TVs and monitors against un­aut­ho­ri­zed copying.

Using a man-in-the-middle (or in this case a computer board in the middle), Prof. Dr.-Ing Tim Güneysu of the Secure Hardware Group at Germany’s Ruhr University of Bochum, has found a way to con­nect any non-com­pli­ant mo­ni­tor (which would include devices able to record the video) to a HDCP ­pro­tec­ted video sour­ce.

To do the decoding the professor and his students used a low-cost Di­gi­lent’s Atlys De­ve­lop­ment Board with a Xi­l­inx Spar­tan-6 LX45 FPGA. The board has all the necessary con­nec­tors for video input and out­put. The total setup cost no more than $250.

“We developed an independent hardware solution instead, based on a cheap FPGA board” explained Prof. Dr.-Ing. Tim Güneysu, who set to work with the final year student Benno Lomb. “We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.”

The result is that the team can now:

  • Suc­cess­ful­ly con­nect any non-com­pli­ant mo­ni­tor to a HDCP ­pro­tec­ted video sour­ce
  • Extract all secret ses­si­on keys es­ta­blis­hed du­ring au­then­ti­cation
  • De­crypt sin­gle-link video streams with a re­so­lu­ti­on of 720p or 1080i in re­al-ti­me.

This man-in-the-middle attack is of little interest for pirates as there are simplier ways to “rip” a Blu-Ray disc. However Prof. Güneysu does see a real threat to security-critical systems, for example at authorities or in the military.

Although Intel is already offering a new security system, HDCP 2.0, but since it is backward compatibile, the weak point will also remain a problem in coming years.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks