3

I (somewhat) recently stumbled across HDCP (high-bandwidth digital content protection), a protocol that encrypts movies and other media "on the wire".

Now there are of course tools to play blu-rays and related media on PCs (e.g. something like Cyberlink's PowerDVD) so they need to have some means to get authorized access to the protected media and thus the keys must be hard-coded into the program and if they are not hard-coded, at least an oracle access to the GPU's hardware-protected keys must be hard-coded.

So my question is simple:
What prevents an attacker from reverse engineering the player software and using the (valid) keys or the oracle access to make illegal (high-quality) media copies?

As usual, I don't want to hear about "it's against the software license" as answer, because this may prove ineffective in (quite) some situations. In other words: I'd like to hear the technical defenses used in DRM.

Please note further: This is a theoretical question and I do not plan on actually applying any knowledge learned by this question for unlawful purposes, the answers may be restricted (at the discretion of the author) to not be directly usable as attacks without major efforts. Furthermore I would prefer to only have public documents as sources here.

SEJPM
  • 9,540
  • 6
  • 37
  • 67

1 Answers1

7

What prevents an attacker from reverse engineering the player software and using the (valid) keys or the oracle access to make illegal (high-quality) media copies?

There is nothing which fully prevents the hacker and therefore such keys have already leaked, see Wikipedia; AACS Encryption Key Controversy. But there are lots of things to make it harder: code obfuscation to hide the keys, detection of debugging tools to hinder reverse engineering etc. And encryption keys can also be revoked if they get compromised.

A better protection could probably be done with the help of hardware (i.e. TPM, dongle, smartcard...) and such techniques are used in other scenarios to protect the content (Pay TV, game console). But at the moment the loss of profit due to illegal copies is probably not high enough to justify the additional costs and usability restrictions associated with such hardware.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434