Hacker News new | ask | show | jobs
by marcosdumay 4413 days ago
It's still your computer... Capture the firmware when loading, and decompile it.

The problem starts only when "they" decide to mandate in our hardware. (And yep, "they" are already doing it, for several values of "they". We are fighting the wrong war here.)
1 comments
klodolph 4413 days ago
That won't work, you'll need to try harder.

I have some insider knowledge of how these chips work. First, you get the chips with crypto keys already installed, so having a copy of the firmware source code won't help. Second, the keys are unique to the device, so getting it won't give you much. Third, the firmware is authenticated so modifying the firmware won't help. Fourth, the chip is designed to be resistant to physical attack.

link
wyager 4413 days ago
You don't need to compromise every chip. You just need to compromise one. That's not particularly hard. You can use some fancy equipment to extract the private key, and then you can decode any video the chip could decode.

Or, if you want to be lazy, just hook a VGA cable up to a transcoder.

link
klodolph 4413 days ago
But a particular chip will only have the keys for a small number of videos. When you buy a movie, you download that movie encrypted with a unique key, and the unique key is encrypted with your device key. So compromising one chip won't give you any kind of "master key" or anything especially valuable. The movie can be stored anywhere, when you need to play it you will pass the encrypted key to the device and the device will use it to decrypt, decode, and then send the movie directly to video output (possibly re-encrypted with something like HDCP, although that's a broken scheme).

The chip will also not send high-definition output to VGA, so you will need to do better. Basically, you have to hack the hardware.

I'd like to clarify that I'm not defending DRM, just that circumventing DRM is not as easy as people in this thread intimate. I think the reason why DRM will fail is because of economic pressures: the cost of deploying millions of devices designed to protect ubiquitous data against a small number of highly intelligent and motivated cryptography experts and hardware hackers.

link
wyager 4413 days ago
Someone already has to buy a movie to rip and upload it. One organization can buy lots of movies at a time and upload them all.

And the analog hole can't be closed. If the video is encrypted on the wire, you can just jack into the TV's DSP hardware (at worst).

link