What about crypographic attacks, like described (for example) here? http://osiris.978.org/~brianr/crypto-research/hdcp/irwin.html
With those, you wouldn't have to bother about being blacklisted.
Anyways, I like the DVIMAGIC, but I fear it'll be banned pretty soon.

So why not hack the revocation lists? Why can't a hack like DVI magic replace the packets of data that represent the list with blablabla?

IANAL, but as I said in the last column's comments, I'd be surprised if the DMCA can really be used to legitimately challenge this device. This device does exactly what every HDCP device does--strip the DRM from the signal in order to make legitimate use of it. The legitimate use here is sending a usable signal to a display that is not HDCP-enabled. The only real difference is that the wires in the device that has HDCP capability are a few millimeters long, while the wires using the DVIMAGIC are a few centimeters long. It seems silly for anyone to argue that if the DVIMAGIC came glued inside the housing of some display device, it would be legitimate, but outside the housing it is not.

Besides all that, your column is fear-mongering again: there is no way content producers are going to shoot themselves in the foot by locking the majority of their customers out with this appraoch, certainly not any time in the era of HD-DVD.

Gil,

http://en.wikipedia.org/wiki/Public_key_encryption

Check out how public key encryption works. It would be theoretically impossible to hack a revocation list itself--though it might be possible to circumvent the revocation list from being transmitted or analyzed (though doubtful).

Best,
Ryan

#2, The reason why is because the DVIMAGIC device is between the DVD player and the TV, not between the DVD player and the DVD. The DVD tells the DVD player not to talk to the DVIMAGIC box, there's nothing that the DVIMAGIC box can do about it. The only possible solution would be to make a copy of the DVD sans the revocation lists and put that in the DVD player instead of the original.

This device has a legit use - people don't have to purchase new monitors. I think the DMCA will hold little against it, in that respect. It allows backwards compatibility with the majority of existing displays.

Oh, and I forgot to mention that the Chinese will be happy to pump out DVD players that don't do key revocation like hotcakes, just as quickly as they're pumping out boxes like the DVIMAGIC now. You see, it's all predicated on the idea that anyone gives a damn about respecting someone's DRM--which clearly no one does unless compelled. Product manufacturers that don't care, chipping, a little sticker you can place over some part of the DVD, whatever you can think of, the economics will never let draconian DRM plans like this succeed. Give us some real info, Stephen.

The strategy is clear: if content providers (or whomever) start revoking keys, the best thing to do is get as many legitimate keys as possible blocked. This could conceivably be done with little devices that generate random keys in an attempt to get them revoked. When legitimate customers start seeing their service cut down, then, and only then will they be inclined to do something about it. They won't necessarily have any idea _why their content has stopped flowing - just that it has. When _normal people start complaining about a system, then it will have to be changed.
Additionally, a device must only have a finite amount of space for revoked keys. Maybe it can store 1000 keys, or 10,000, or 10,000,000, but keys can be generated pretty quickly.
Show these DRM people that their schemes only harm legitimate users.

By the way, to all the people who didn't get it: The DVIMAGIC doesn't hack anything. It has just the normal chips (same as any HDCP-TV could use) built in.

I think evo has nailed it. The people pirating on a large scale, that is, everyone in China, will route around this damage without even breaking stride. The result will be pirated discs without revocation lists, and/or players that don't care about them in the first place. To the DRM industry: thanks for playing, there are some lovely parting gifts for you on the way out.

Hell, given the device's backwards compatibility features, the government should subsidize these little boxes the way they will for people without access to digital-to-analog TV converters.

HA! Two birds with one stone.

Ryan Block: eliminating it from the data stream is what I was talking about. By hacking it I meant not changing it but replacing it with something or simply nothing

Until computers are totaly secured there will always be a way to circumvent DRM. Public Key encryption does is secure during transmission, but if you can hack the sender or receiver you can just listen in on the transmission. So, as long as my computer is the receiver, and as long as my computer is under my control, there will be a way to bypass DRM.
Microsoft is working on making the OS and the hardware one big secure black box which the user has no control over any more, but I doubt they will succeed ...

If they can't sue over DMCA, they can sue for breach of contract. It doesn't matter if you use the same chips as everyone else, because you're not allowed to use chips in "bad" ways: http://news.com.com/Studios+settle+lawsuit+on+DVD-copying+chips/2100-1030_3-5671173.html

It also doesn't matter where the box is made. The chip maker (likely Silicon Image) is in the US.

If this box actually works, the legal attack seems certain.

The fall out from key revocation of a TV or DVD player would be immense.

Imagine That a popular brand of a popular TV has it's key's copied and used in a DVImagic like device and one of the movie studios, in a moment of idiocy, revoked the keys to that TV on their next block buster release.

Several hundred thousand or million Americans would then take a class action against that movie studio for selling them a DVD *that intentionally and knowingly caused their $1000+ TV to "break" *

A complete slam dunk for the class action lawyers.

The funny thing is what if that TV model was Sony, and the movie studio was the one that Sony owned�
�.which side of the corporation would win the fight for protecting the interests of their shareholders?

Note to everyone proclaiming that manufacturers would never dare revoke their keys... The blacklist is a bluff, of sorts.

Assume most of these devices have flash ROMs like your cell phone.

I add new minutes or change my phone number by entering a stream of meaningless digits from the vendor (Tracfone). If Magnavox has to revoke a code, why couldn't they mail their users a new one for reprogramming with the remote?

All those DVD hacks for reprogramming region codes work exactly this way.

Honestly, if you were in this consortium, wouldn't you pretty much require an engineer back door for fixing these kinds of things?

The bigger question down the road (hinted at above) is how soon someone produces a keygen for these keys, making the entire "revoke list" concept useless.

What's to stop fake revocation lists from being released as some sort of corporate sabotage? Is it possible for a company's competitor to release a fake list to black out an entire product line? How about a cracker attempting to revoke the keys to the top 10 consumer electronic items, or how about a mistaken revocation?

My thoughts exactly Bob.

Or what about some kind of worm over cable shutting down everyone device.

"The bigger question down the road (hinted at above) is how soon someone produces a keygen for these keys, making the entire "revoke list" concept useless."

Well, the way a lot of CSS cracking apps work these days is by simple brute force. Over a period of time, there is no encryption method that cannot be cracked in this way, no matter how many bits it's using. I don't really know how robust HDCP is, but generally speaking most "consumer" encryption is never more than a few years ahead of common desktop computing power (as CSS demonstrates).

The bottom line is HDCP is worthless, like all similar encryption and DRM methods. I mean one way or another, it has been and will be circumvented if people want it to be. The only methods of DRM that have *not* been cracked so far are those that don't really matter (like Janus). As soon as any particular DRM scheme approaches relevance, it's toast.

Thing is, the DRM industry probably knows this. Its *customers* apparently do not. The best any DRM company can hope for is to sell a bunch of hapless manufacturers their DRM scheme before it starts to bother anyone with enough knowledge to get around it and post their tools on the internet. It will *always* be this way.

HDCP stands in the shoulder of AACS which is the DRM for HD-DVD. Anyone who wants to access the encryped content of HD-DVD media should obtain a set of private keys form aacsla.com. Using those private keys they can get the symmetric key (which is also in the media) used for encryption, provided those private keys are not in the revocation list. The HD-DVD media has a revocation list for all rougue DVD players. Those DVD players would not be able to get the key.

This key can be same for all the instance of the disc or it may be different for each disc. (So if one hacker breaks his key, it can not be used by others)

The primary reason Wintel is bending over backwords to implement TCP 1.2/NGCB/Lagrande technology is to store those private key securely. If you lose your private key, they will revoke it.

May be the switching of Apple to Intel is also related to this

Quote from Simon:
"Microsoft is working on making the OS and the hardware one big secure black box which the user has no control over any more, but I doubt they will succeed ..."

Sounds like Apple, but they use Silver...

Anyway, MS is a software vendor, they wont do that. They couldnt care less what people do if it makes people happy. They have the largest market base, and software programmers care about that even more than the security of their products. MS is going to continue to make improvements in the security of Windows, but they cant lock it down too much, as this would significantly reduce usability.

Encryption itself is basically flawed. Some say that there is no type of secure encryption, but that is not actually true. In reality, any system that uses a key shorter than the amount of data transmitted can be cracked. Any key that uses a one time use key thats the same length as the amount of data is completely uncrackable, as there can be no analyzation of the data. The best method is to devise a method of either transmitting the data or the key in such a way that it cant be intercepted. In military usage, I would transfer multiple terabyte keys manually (by courier or something similar), and in the field all data transmitted with these keys would be perfectly safe. As the key becomes shorter than the amount of data it becomes increasingly easier to crack, as the same code (even if augmented) will have to be applied to different parts of the encrypted data.

The fundamental problem with this is that some say that it is not feasible to use keys this long. They are right. In consumer applications it is not possible to use infinitely long keys. They use keys that are long, and would seem to be long enough. Unfortunately for the MPAA, either the algorithm itself is fundamentally flawed, or the technology to "brute force" decrypt data will quickly become available as computing power increases.

The MPAAs efforts to force encryption onto everything will not work. As with the RIAA and encryted music, it just doesnt work. Apple makes a proprietary DRM, and there are DRM removers everywhere. There is really no use in having this DRM, because all it actually does is remove functionality from the user, when the same audio tracks can often be obtained illegally off of file sharing networks, without the same DRM problems, not to mention bought in stores for the same price with better quality and more functionality. This is why you dont see so many problems with Microsoft's Janus DRM scheme, because firstly it is integrated (iTunes uses an add on proprietary method), and secondly because it is licensed (many stores use it), and allows people to use media the way they feel they should be able to. Correctly used, as with Janus, it can lead to even greater functionality for users, such as with music subscription services, an idea which would not have been possible without the improvements in MS' DRM.

I think I am out of stuff to say, so happy cracking until the DMCA gets you.

Maybe I missed this: where can one acquire a DVIMagic box?

Headlines: Of the future......

Rapist released early for good behavior, speaks out on how bad the 8 months were.

Teen murders 26 classmates in school shootout.

New York� man goes to jail for 50 years, under newly revised DMCA�. Still claims "I am not in control of all my proteins, how was I to know some were copyrighted?"

Ad: Are you using copyrighted DNA, get tested with a friend for half off, only at 7-11�.

High school math teacher to stand trial for teaching freshmen decryption algorithms. Claims "It was just math!"

The 85 year old woman arrested today, claims "I didn't know it was illegal for me to remove the sticker!" Disney� seeks $150,000 in damages, cites "Ignorance of the law is no defense"

Sony� believes 12 year old in Spain� may have copied a CD for a friend; U.S. RIAA� officers seek extradition.

Have a Happy 140th Mickey Mouse�.

Mickey Mouse� is a registered trademark of Disney�, Buena vista�, and was used with permission.
Written permission on file with the U.S. department of Disney� Congress Division.

Not funny?
It's not supposed to be.

i too missed where or when the dvimagic box will be availbe... if i gotta get a dvi switch box for my new 24" dell it might as well be something that lasts by allowing me to play most hd content on it.

This seems like it would have to have some sort of public key. Are you saying it doesn't? What's stopping people from dumping the code from a TV to get the keys?

As with all ideas of total control DRM this only appeals to the the control freak psychotics that own the content. I hope this is hacked or even removed as quickly as possible.

Because if I understand this correctly I can't help but wonder how long it will be till security exploit ridden Micrsoft gets a virus or spyware infection that revokes your display for everything or just shows annoying advertisements. It might be hard to do but if I can think of it someone can do it.