Blu-ray / HDCP cracked - it only took 6 years!


Inactive User
Nov 16, 2004
Reaction score
Source: BBC News - Seeing the big picture on content
Seeing the big picture on content

The cracking of another content protection technology, comes as no surprise to Bill Thompson

The only real surprise about the news that HDCP has been compromised was that it took so long.

The 'high bandwidth copy protection' scheme has been in use since 2004 even though the possibility that someone would be able to reconstruct the master key by examining HDCP-capable devices was known even before any systems were commercially available.

Now it seems that this has been done, and as a result anyone who wants to - and has access to the appropriate technology - will be able to build hardware that can read HDCP-protected material and make perfect digital copies if they want.

The technologies in our homes and the legal environment that determines how we live are both shaped in the interests of the entertainment industry ”
End Quote Bill Thompson

This is an important leak because HDCP is used to control the playback of video and audio over the HDMI, DVI and DisplayPort high-definition interfaces, and has been built into millions of set-top boxes and Blu-Ray players.

It works by creating a secure digital channel between different components in a system, such as a set-top box and a flatscreen TV, that cannot easily be eavesdropped by software or hardware, thereby reducing the chances of programmes or films being copied without permission.

Before any data is sent from one device to another the sender checks that the receiver is allowed to receive, and then encrypts the data as it is passed.

This relies on sets of encryption keys that are stored within the device, and these keys are only provided to manufacturers who sign a license that stops them building devices that copy content and commits them to them to "frustrate attempts to defeat the content protection requirements", even if the copies would be allowed under fair use laws.

The key that was posted on the Pastebin website and copied to many other sites since it appeared is the master key that is used to generate the device keys, and it means that anyone who wants to could build HDCP-compatible hardware that does not follow the restrictions in the license.

Everything broadcast on digital TV or issued on Blu-Ray can now be copied, at least in principle.

Breaking HDCP will require specialised hardware, unlike the the cracking of the Content Scrambling System (CSS) that encrypts the content stored on commercial DVDs which could be implemented in software like DeCSS, but it is still likely to worry the television and movie industry executives who were relying on the belief that they could protect digital content as it was being distributed.

Using technical measures to enforce copyright seems attractive to rights-holders who do not understand the limits of the technologies that are available today or the serious underlying flaws in any attempt to build uncrackable controls.

All of these systems rely on encrypting data, whether that data is the digital file to be played or, as with BBC proposals to add rights management to Freeview HD, the metadata in the programme guide that makes the content findable.

However the actual file, whether it's a film or a song or an executable program, has to be available in unencrypted form at the point when it is presented to or used by the customer.

Harsh laws

Any keys needed to unlock it must, therefore, be stored in devices that are in the hands of the customer, and so a suitably motivated and skilled user, or group of users, will always be able to discover what they are.

In the case of HDCP the developers thought they could get around that by building a mechanism to revoke, or invalidate, any keys that had been compromised and circulating that list over the network or on new Blu-Ray disks, but the publication of the master key makes that strategy useless.

The HDCP debacle is a perfect example of why the content industries are pressing so hard for laws to make storing, copying or sharing unlicensed copies of their material a criminal rather than civil offence, why they push governments to pass laws threatening to cut people off from the whole internet if they dare copy files without permission, and why they want to see new rights-friendly international agreements such as the Anti-Counterfeiting Trade Agreement (ACTA) replace the more balanced treaties of the World Intellectual Property Organisation.

Technology alone cannot offer the degree of protection which the movie, television and record industries believe they need in order to keep their businesses viable, and so they push for harsh laws that make it a crime to get round the easily-broken technical measures.

HDCP may always have been fatally compromised, but they want you to go to prison if you make unlicensed players for protected content.

The result is that the technologies in our homes and the legal environment that determine how we live are both shaped in the interests of the entertainment industry - I include sport in that category - despite the damage that might result to innovation, entrepreneurship, creative expression or economic development in those parts of the world that do not form large markets for Hollywood movies.

We should, instead, seek a different balance and a different approach to copyright law and its application and enforcement.

Bill Thompson is an independent journalist and regular commentator on the BBC World Service programme Digital Planet. He is currently working with the BBC on its archive project.