HDCP Master Key Confirmed; Blu-ray Content Vulnerable
The leaked HDCP master key protecting millions of Blu-ray discs and devices that was posted to the Web this week has been confirmed as legitimate, Intel representatives said late Thursday.
The leaked HDCP master key protecting millions of protected devices, including Blu-ray drives, that was posted to the Web this week has been confirmed as legitimate, Intel representatives said late Thursday.
The disclosure means, in effect, that the content flowing over the encrypted HDMI connection may be recorded and authenticated using an unlicensed device.
Intel spokesman Tom Waldrop said after two days of investigation, the company had informed its partners and licensees that the key, , was indeed legitimate.
"We have tested this published material that was on the Web," Waldrop said. "It does produce product keys... the net of that means that it is a circumvention of the code."
As a practical matter, the most likely scenario for a hacker would be to create a computer chip with the master key embedded it, that could be used to decode Blu-ray discs. A software decoder is unlikely, "but I'd never say never," Waldrop said.
"It's really hard to predict 100 percent, but that seems to be the prime scenario," Waldrop said of the possibility that a chip might be created.
Waldrop said that the company has contacted hundreds of its licensees, and still believes that the HDCP technology represents a legitimate protection. Now, however, the content industry will have to turn to legal remedies if pirated material is detected.
The "key" was posted to the Internet on Tuesday, where it was quickly picked up and disseminated via Twitter and other social media links.
HDCP (High Definition Content Protection) is the content encryption scheme that protects data, typically movies, as they pass across a DVI or an HDMI cable. The bitstream now can be recorded and decrypted, allowing an encrypted film to be copied - a huge blow to Hollywood.
HDCP was created by Intel and is administered by Digital Content Protection LLP.
Weaknesses in the HDCP protocol have been known since 2001, when Scott Crosby discovered what he claimed were flaws in the HDCP 1.0 revision. (HDCP is currently in revision 1.3.) Whether there is in fact a master key algorithm, whether that key was published, and whether users could take that key and extract previously encrypted data is unknown.
"I have no way of knowing if this is the actual master secret, but if it is, I am not surprised," Crosby said in an email on Tuesday night. "I am not the only one to predict that this could occur; the master secret can be calculated from the secret keys stored on as few as 40 TV's, computer monitors, video cards, or video players and millions of HDCP supporting video cards and TV's are in people's homes all over the world."
However, the wealth of HD content available for download at pirate sites like The Pirate Bay indicates that pirates have had no problems obtaining copyrighted HD movie data.
"AACS and BD+ are used to encrypt the contents of a Blu-Ray disc. HDCP is not," Keith Irwin, an assistant professor of computer science at Winston-Salem State University in North Carolina, and author of the paper "Four Simple Cryptographic Attacks Against HDCP," wrote in an email. "HDCP is used to protect the digital signal which flows over HDMI between the Blu-Ray player (or other HD video source) and the TV or monitor. The Blu-Ray disc is encrypted with AACS and optionally BD+. Blu-Ray players decrypt the AACS and BD+ and then decompress the video and, if necessary, scale it to match the display resolution of the TV. Then that unencrypted, decompressed, scaled signal is reencrypted using HDCP and sent to the TV. The TV then decrypts it and displays it.
"This is done for two purposes," Irwin added. "The first is so that a pirate can't record the stream between the Blu-Ray player and the TV. This signal would be uncompressed, and therefore huge, but pirates could re-compress it before sharing it over the internet, so it would still be valuable to them. The second is so that you can't build a TiVo like device to pretend to be the television and just record everything rather than display it. All device manufacturers have to guarantee that they won't do that before they are given the keys needed to authenticate themselves to the players and decrypt the signal. This break means that the second point is now entirely null and void. You can now build any device you want and using the provided information make it so that your device will authenticate to the Blu-ray player as being a valid, approved device.
"Because the specification allows for repeaters and splitters which have their own keys and actually do a decryption/reencryption step, it also means that the first point is pretty well null and void because you can build a device which looks like and authenticates as a repeater and then records the signal as a side effect while also displaying to the television," Irwin said.
"Now, this crack doesn't mean that tomorrow you'll be able to buy that sort of device," Irwin concluded. "There's still a lot of engineering which would be needed to make such a device practical, especially if it's going to compress things on the fly at HD-level resolutions. However, it means that there is now no information barrier to building such a device."
The code to unlock DVDs protected by the Content Scrambling System have been known for years, and are protected by the DVD-CCA, which has sued companies like and that have attempted to market solutions that rip or store DVD content on a hard drive.
The "master key" instructions follow:
"This is a forty times forty element matrix of fifty-six bit hexadecimal numbers," the instructions say.
"To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV," the instructions say. "Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key.
"To generate a sink key, do the same, but with the transposed matrix."
Editor's Note: This story has been corrected to note that the Blu-ray discs themselves haven't been unlocked using the leaked key, but the content stream, and updated with details from Keith Irwin.