REN: Now, listen, Cadet. I've got a job for you. See this button? DON'T TOUCH IT! It's the
HDCP eraser button, you fool!
STIMPY: So what'll happen?
REN: That's just it! We don't know! Maayyybeee something bad?... Mayyybeee something good! I guess we'll never know! 'Cause you're going to guard it! You won't touch it, will you?
So you read last week's column on OPM and you thought, "That's not fair! That's just evil – pure evil." You subsequently traversed the twelve different stages of DRM grief (eleven of which appear to be anger) and you happily arrived at step 12, hackery.
The next day, you, as a loyal reader, returned to Engadget and were greeted by the apparent answer to all your DVI/HDMI/HDCP woes. There in front of you stood Spatz-Tech's DVIMAGIC. "Take that, you evil HDCP doers. You can't keep me down."
For those unaware ? Spatz-Tech?s DVIMAGIC, while sold and marketed as a DVI amplifier, is attracting attention among
the consumer crowd as an HDCP stripper. The device is placed between your playback device (e.g. computer, cable box,
HD-DVD player, etc) and your display device. The DVIMAGIC then pretends to be a secure device. Once the DVIMAGIC
convinces the playback device to send the signal, it receives the signal, decrypts the signal, and sends a bit-perfect
copy of the signal out the other end to your monitor. The result is a pristine restriction-free copy of your
Oh, sure ?- used like this, these devices fly in the face of the DMCA. But that?s a small price to pay for a working display. Besides, as many proudly proclaimed, ?We?re not from the US. They can?t touch us.?
Well? there?s a bigger problem looming ahead. Unfortunately, the good people behind HDCP weren?t complete idiots. If you thought that the idea of OPM was a little scary, you?re going to love Key Revocation Lists. Consider revocation HDCP?s version of the History Eraser Button.
So what is revocation? Let?s first start with a brief look at HDCP.
There are three main parts to HDCP?s security system. First, there is the cryptographic Authentication and Key Exchange (AKE). When a company wishes to produce an HDCP-compliant device, that company requests a set of keys from the HDCP licensing body. After the licensing body has determined that the company?s product has been designed in a manner robust enough to withstand attacks and that the keys will be protected, the company will be given a series of unique secret keys.
AKE is the cryptographic method that uses these keys to determine a mutual value with which to encrypt the data traveling between the playback device and the display device.
Once both the playback device and the display device have settled on a value with which to encrypt the content, all the video content will be encrypted using this mutual value (this is the second part). Additionally, the system will check every couple of seconds to ensure the integrity of both the keys and the link.
So far, that seems reasonable. However, what happens when rogue devices start to appear on the market? What happens when a company?s design wasn?t as robust as first thought or, worse yet, a company?s secret keys are leaked ?into the wild.?
This is where key-revocation lists come into play. The third aspect of HDCP security is ?device renewability.? This is the ability for media, streaming content, or even other devices to invalidate keys known to be a problem. For instance, let?s assume that you?ve purchased a DVIMAGIC. That little device is sitting between your cable box and your television. Everything is going fine. Then, one day, you wake up to discover that your television is no longer working with all the channels. What happened? Your cable box just used System Renewability Messages (SRMs) to invalidate the keys used by your DVIMAGIC. From that point on, your cable box will treat your DVIMAGIC as a rogue device. As such, it will not allow it to pass AKE.
Will your DVIMAGIC work with a HD-DVD player? That depends: what discs have you tried to play? Revocation lists are encoded onto the DVDs. The newer the disc is, the larger the revocation list will be, and, once you?re ?caught,? that playback device should never pass AKE.
For a ?hack,? this might be annoying. However, what happens when legitimate keys are ?in the wild?? For instance, let?s assume for a second that a large plasma-television company was the victim of a break-in/angry employee/etc. The result is that said company?s keys have landed in the hands of a DVIMAGIC-type dongle maker. When that dongle-maker is caught, will the powers-that-be revoke its keys knowing that, in doing so, there will be legitimate customers caught in the crossfire?
The answer isn?t 100% clear. Content owners might very well say, ?Too bad ? Company X didn?t properly protect its keys.? The result? Unclear.
What we do know is that with HDCP there is shiny red button that can be used to retroactively remove functionality.
And did Stimpy press that button? You betcha!
Column note: there is no guarantee that the DVIMAGIC device will be added to any revocation list. The DVIMAGIC product is simply used to demonstrate the general type of product which could, in theory, be revoked.
If you have comments or suggestions for future columns, drop me a line at firstname.lastname@example.org.