[mmastrac]

Is it just me, or does it seem trivial to MitM this HDCP API by just faking out the certificate chain, then faking out the method return values?

> Fortunately this doesn’t compromise the security guarantees of the original API because of the way Microsoft designed it. To prevent a MitM attack against the API calls (i.e. you hook the API and return the answer the caller expects, such as HDCP is enabled) the call is secured between the caller and graphics driver using a X.509 certificate chain returned during initialization.

[mschuster91]

You know what I'm waiting for? When game manufacturers start to require HDCP. The outrage of the youtube gamer kiddies (I personally dislike them all, but hey, they got enough influence) when they can't stream their stuff any more is going to be priceless and maybe enough to finally burn down the HDCP/DRM towers.

Or when someone develops a malware that exploits vulnerabilities in the x.509 code. I mean, if it's proper x.509, it's a hellhole of vulnerabilities - because either the crypto developers had to use common, often-flawed code like OpenSSL or develop their own.

[gizmo686]

It might just be that I hang out with more indie games; but I can't really see that happening. My sense is that the gaming industry has come to realize view the youtubers/twitchers as a form of free advertisement. Heck, a lot of game companies are giving their product away to streamers with a sufficient audience. Some even have built in twitch integration.

I suspect we will see a divergence between "gamy" games and story based games; with the latter being harsher of streamers.

[21]

Windows has it's own crypto api, I'm pretty sure the drivers would use that.

And why would game companies want to kill streaming? It's free advertising, not to mention that they all probably dream of making the next dota.

[mschuster91]

> And why would game companies want to kill streaming?

Never underestimate the power of human greed. Apple (with iTunes) has proved that the availability of unprotected content doesn't hurt the bottom line, and when I go into a store today and buy a physical CD-ROM it more often than not lacks any copy protection. And this has been the situation for years.

Meanwhile, the movie industry is soundly asleep at the wheel and its execs don't recognize that the consumer demands (near-instant access, no copy protection, no unskippable FBI warnings, no unskippable teasers, and no freaking region lock) have greatly diverged from their offerings. Or they do recognize, but cannot change their existing contracts or whatever - in this case the entire industry deserves a burn-to-the-ground event, because the situation ain't going to be fixed otherwise.

And for the game companies: there are already companies taking down "let's play" videos. Need for "absolute control", I guess. And they still haven't stopped putting retarded DRM (including what basically amounts to rootkits, in the form of anti-cheat stuff) into their games.

[motoboi]

> Meanwhile, the movie industry is soundly asleep at the wheel and its execs don't recognize that the consumer demands (near-instant access, no copy protection, no unskippable FBI warnings, no unskippable teasers, and no freaking region lock) have greatly diverged from their offerings.

Are you implying that people still use DVDs or Blu-rays?

If you are, I got genuinely curious, because in Brazil at least, I'm quite certain they got nearly extinct. Here, is Netflix, cable (or satellite), online "channels" as HBO-Go or torrent.

Based on that, it appears to me that consumer demands already won.

[nickpsecurity]

Walmart has a huge selection. People buy them. Even the local grocery chain has all the new releases. People stay renting at the Redbox, too. I don't know what the absolute numbers are on the industry but plenty of people like them.

[Retric]

Streaming solved one of gaming's core problem of letting people demo software without harming sales. That's a major benefit for effectively zero cost. So sure, there are always plenty of dumb companies out there, but the major players are not clueless.

[mjevans]

I can only hope. DRM (digital restrictions management) is defective by design.

[tinus_hn]

How would you get a key pair and certificate signed by Microsoft? The root certificate for this system is fixed so you can't just use your own.