Sunday, September 18, 2011

HDCP: Cool New Hack

In the previous post I mentioned the fact that the HDCP master root key was publicly revealed about a year ago. Last week Nate Lawson, on his root labs rdist blog, pointed out that the Chumby NeTV is probably the first commercial use of these leaked keys - and it's a very cool hack indeed.

The Chumby Wiki describes the NeTV as follows.
NeTV is designed to work as an add-on to video sources like Boxee, Revue, Roku, PS3, Xbox360, DVR, DVD, set top boxes, etc. It sits between these devices and the TV. NeTV's key benefit is adding push delivery of personalized internet news on top of all platforms in a non-intrusive and always-on manner.
When I first saw mention of the Chumby NeTV (on TechCrunch) I wondered how it could work with HDCP secured content but I didn't take the time to consider the question more in depth. Nate did - and came back with a surprising answer.

According to Nate, the NeTV uses the HDCP master root key to derive the unique key set of the two devices it's connected to (the video source and the television) and calculate the key used by the video source to encrypt the content. It then uses this to key not to decrypt the content but to replace parts of the video images with it's own (encrypted) overlay data.

At first glance you may wonder why the developers of the NeTV didn't simply generate their own unique key set (based on the master root key) and used that to decrypt the video from the video source - why go to the trouble of replacing parts of the encrypted video stream?

But by doing so the NeTV developer solved several two possible issues:
  1. If the NeTV were to decrypt the HDCP protected signal from the video source it may have been in violation of the DMCA. By not decrypting this signal Chumby reduced the risk of being sued.
  2. If the NeTV were to use it's own key set, not generated by the HDCP licensing authority, the NeTV may have been taken out of service by some future countermeasure against illegal devices with unauthorized HDCP keys (e.g. through device revocation). Using the TV and video source's own keys prevents this.
So who is this ingenious Chumby NeTV developer?  No other than Bunnie Huang of Hacking the XBOX fame. Once a master - always a master.



No comments:

Post a Comment