http://pastebin.com/kqD56TmU

It seems as though the HDCP master key has been cracked/leaked :)

HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently: http://www.engadget.com/2010/09/14/hdcp-master-key-supposedly-released-unlocks-hdtv-copy-protect/

Knowledge of such a master key isn't required to derive the in-the-clear data! It has always been possible to make a little board that has (say) an Analog Devices part with an HDMI input and a burned in HDCP key and connect the digital data to another chip with an HDMI output for which HDCP has been turned off. Both that approach and this idea of generating new key pairs and burning them into devices require very sophisticated HW capabilities.

Knowledge of such a master key isn't required to derive the in-the-clear data! It has always been possible to make a little board that has (say) an Analog Devices part with an HDMI input and a burned in HDCP key and connect the digital data to another chip with an HDMI output for which HDCP has been turned off. Both that approach and this idea of generating new key pairs and burning them into devices require very sophisticated HW capabilities.

Well, to assemble such a "HDCP decrypter" board, you would need a "legitimate" HDCP controller chip, which you won't get (easily). The whole concept of HDCP depends on the idea that only "trustworthy" manufacturers will produce HDCP controllers and only those manufacturers will get valid HDCP keys to burn into their controller chips. The manufacturer must make sure that his controller chips are only used in devices that won't give the user access to decrypted data. All output of the "HDCP enabled" device must be digital and HDCP-encrypted again. If any HDCP manufacturer produces a board that converts HDCP-encypted data to non-encrypted data, he will loose his license and his keys will get revoked. The same happens if the manufacturer sells his HDCP controllers to "dubious" companies who sell "HDCP decrypter" boards (or anything like that). So if any "HDCP decrypter" boards are available on the marked, this is only because the vendor managed to obtain working HDCP controller chips through some "dark channel". If it now turns out that they really leaked the Master key, everybody can easily produce a "HDCP decrypter" board - without controller chips from "dubious" sources. And safe from future revocation.

(Maybe even more important is that some Chinese company, who isn't willing to pay licensing fees and/or buy controller chips from third parties, can support HDCP in their devices now)

HDCP strippers have been available for years. Even Amazon sells them.

Well, to assemble such a "HDCP decrypter" board, you would need a "legitimate" HDCP controller chip, which you won't get (easily). I'm staring at one right now for which I have a complete development environment. I'd get fired if I made such a board and did anything with it unauthorized but many people are not so worried about it. So you're right in theory but that kind of protection didn't stop the Russkies from getting our nuclear tech. :)

Disclaimer: I have no intent of making any such device. This is a theoretical discussion only.

EDIT: Also see nurbs' post.

Disclaimer: I have no intent of making any such device. This is a theoretical discussion only.



I hope you do not mean a nuclear device :scared:

so how can the leaked key be validated? some FPGA with fast I2C interface in order to verify the data from a real source or sink...
on a side note: if it is authentic, then everyone should copy it before the pages are taken down.

The data is in clear, a fast generic controller/CPU that emulates the HDCP protocol would do the trick (provided this news is indeed real). At least in theory. AFAIK all the HDMI->DVI used certified chips.

The data is in clear, a fast generic controller/CPU that emulates the HDCP protocol would do the trick (provided this news is indeed real). At least in theory. AFAIK all the HDMI->DVI used certified chips.
yes, but I'm not sure whether a general purpose processor is fast enough for the required data rate (HDvideo exceeds 1Gbps).

I was not talking about the PIC family here :p

(HDvideo exceeds 1Gbps).
This is basically the only working protection, at least from a consumer point of view.

so how can the leaked key be validated?

http://www.foxnews.com/scitech/2010/09/16/intel-confirms-hdtv-code-cracked/

Intel confirmed Thursday to FoxNews.com that the High-bandwidth Digital Content Protection (HDCP) -- the digital rights management software that governs every device that plays high-def content -- had in fact been compromised.

"It does appear to be a master key," said Tom Waldrop, a spokesman for Intel, which developed and oversees the HDCP technology