Dece

mber 29

, 2011

28c3

bunnie

What

is H

DCP?

•Hig

h D

efinitio

n C

onte

nt Pro

tect

ion

–Pix

el-le

vel e

ncr

yption o

pera

ting

at the li

nk

laye

r

•Cip

her st

ruct

ure

–St

ream

cip

her ca

pab

le o

f ge

nera

ting

24 b

its of

pse

udora

ndom

dat

a per cl

ock

cyc

le•

Tw

o p

aral

lel 8

4-b

it b

lock

funct

ions per ro

und

•LF

SR-b

ased “ke

y sc

hedule

r”th

at w

hitens blo

ck funct

ions at

the

begi

nnin

g of eac

h h

orizo

nta

l lin

e o

f pix

els

•Blo

ck funct

ions in

itia

lized w

ith p

ublic

ly e

xchan

ged 6

4-b

it in

itia

l ve

ctor (A

n) th

at e

volv

es once

during

eac

h v

ert

ical

bla

nki

ng

inte

rval

Dece

mber 29

, 2011

28c3

bunnie

What

is H

DCP?

•Key

man

agem

ent

–Distr

ibute

d p

riva

te k

eys

with sort

of ke

y re

voca

tion

–Public

key

is a

“ke

y se

lect

ion v

ect

or”

(KSV

)•

40 b

its (2

0 z

ero

s an

d 2

0 o

nes)

–Priva

te k

ey

is a

vect

or of 40 5

6-b

it n

um

bers

–All

priva

te k

eys

derive

d fro

m a

mas

ter ke

y co

nsist

ing

of a

40x4

0 m

atrix

of 56

-bit n

um

bers

•M

aste

r ke

y ca

n b

e d

irect

ly c

om

pute

d fro

m a

co

llect

ion o

f 40 u

niq

ue p

riva

te k

eys

–The m

aste

r ke

y w

as reve

aled in

Septe

mber 20

10

Dece

mber 29

, 2011

28c3

bunnie

Why

HDCP?

•En

cryp

t vi

deo tra

nsm

issions

–Com

ple

ments

AACS,

BD+

to c

reat

e stu

dio

-to-s

creen

cryp

togr

aphic

chai

n

•Chain w

as b

roke

n lo

ng

ago: A

ACS w

as the w

eak

est

lin

k–

HDCP m

aste

r ke

y le

ak is

thus la

rgely

a “nop”fr

om

the

conte

nt ac

cess

sta

ndpoin

t

–St

rippers

bas

ed o

n le

gitim

ate H

DCP k

eys

hav

e lo

ng

been

avai

lable

on the m

arke

t; k

ey

revo

cation is

larg

ely

in

eff

ect

ive

Dece

mber 29

, 2011

28c3

bunnie

So W

hy

Imple

ment HDCP M

ITM

?

•It’s a

bout co

ntr

ol

–Bro

adca

sters

and stu

dio

s co

ntr

ol y

our sc

reen

–DM

CA a

nd o

ther le

gal t

rick

s m

ake it

ille

gal f

or yo

u

to m

odify

conte

nt –

on y

our ow

n scr

een

Dece

mber 29

, 2011

28c3

bunnie

So W

hy

Imple

ment HDCP M

ITM

?

•HDCP rest

rict

s th

e im

ple

menta

tion o

f

legi

tim

ate c

onte

nt m

anip

ula

tion

–Pic

ture

in p

ictu

re

–Conte

nt ove

rlay

s

–3r

dpar

ty filt

ering

& im

age m

odific

atio

n

•As a

resu

lt, t

here

are

few

HDM

I vi

deo m

ixin

g

solu

tions th

at c

an o

pera

te o

n

bro

adca

st/m

ovi

e c

onte

nt

Dece

mber 29

, 2011

28c3

bunnie

Goal

•Consu

mer-side c

onte

nt re

mix

ing

–Add w

eb c

onte

nt to

exi

stin

g TV

–Li

ve c

om

ment & c

hat

•“O

ver th

e top”ad

vert

isin

g–

Elim

inat

e a

ds

–O

r re

pla

ce a

ds w

ith tar

gete

d a

ds

•In

tera

ctiv

e T

V–

Add in

tera

ctiv

e e

lem

ents

to b

road

cast

TV

•Com

pat

ibili

ty w

ith a

ny

TV

Dece

mber 29

, 2011

28c3

bunnie

How

Do W

e D

o It?

Dece

mber 29

, 2011

28c3

bunnie

Dece

mber 29

, 2011

28c3

bunnie

A’: In

terc

ept an

d o

verr

ide E

DID

•HDM

I use

s an

I2C

bus (refe

rred to a

s DDC) to

com

munic

ate b

etw

een v

ideo sourc

e &

sin

k

•Bus sh

ared b

etw

een tw

o funct

ions:

–M

onitor ca

pab

ility

identifica

tion

–HDCP k

ey

exc

han

ge

Dece

mber 29

, 2011

28c3

bunnie

Snoop &

squas

h

•Snoopin

g: in

terc

ept ke

y exc

han

ge

•Squas

hin

g: forc

e T

V c

har

acte

rist

ics

–The im

ple

menta

tion c

an’t d

o a

ll HDM

I st

andar

ds

–Rew

rite

the E

DID

reco

rd o

n the fly

to reflect

only

the sta

ndar

ds N

eTV

support

s, e

.g. n

o 3

D, e

tc.

Dece

mber 29

, 2011

28c3

bunnie

I2C snoop &

ove

rrid

e

Dece

mber 29

, 2011

28c3

bunnie

I2C snoop &

ove

rrid

e

•O

vers

ample

dsq

uas

h c

an m

odify

dat

a on the

fly –Snoop a

ddre

ss, a

nd c

han

ge o

nly

bits th

at n

eed

chan

ging

Dece

mber 29

, 2011

28c3

bunnie

Hot Plu

g O

verr

ide

•Hot plu

g bus has

a FET

on it

to sim

ula

te a

plu

g/unplu

g eve

nt

–Hot plu

g is a

n o

pen-d

rain

bus, so this is

a saf

e a

nd

eas

y th

ing

to d

o

–Use

d to resy

nch

ronize sta

te w

hen n

ece

ssar

y

–Use

d to m

anip

ula

te E

DID

sta

te

Dece

mber 29

, 2011

28c3

bunnie

Dece

mber 29

, 2011

28c3

bunnie

B’, C’, D’: In

terc

ept ke

ys &

syn

c ci

pher

•G

ett

ing

An, A

KSV, B

KSV a

ccom

plis

hed w

ith

I2C snooper lis

tenin

g fo

r sp

eci

fic

addre

sses

•O

nce

key

exc

han

ge is

cap

ture

d, p

riva

te k

ey

vect

or an

d shar

ed secr

et m

ust

be d

erive

d–

Final

byt

e w

rite

of AKSV is

“tr

igge

r”to

sta

rt

auth

entica

tion

–FP

GA fires in

terr

upt to

host

linux

syst

em

–udev

eve

nt st

arts

a h

elp

er pro

gram

that

does th

e

mat

h

Dece

mber 29

, 2011

28c3

bunnie

Com

puting

Priva

te K

eys

•M

odula

r in

ner pro

duct

of m

aste

r ke

y an

d p

ublic

key

vect

ors

–HDCP m

aste

r ke

y K

is 4

0x4

0 m

atrix

of 56

-bit n

um

bers

–AKSV, B

KSV a

re 4

0-b

it n

um

bers

consist

ing

of 20

ones an

d 2

0 zero

s

–APK, B

PK a

re 4

0-e

lem

ent ve

ctors

of 56

-bit n

um

bers

Dece

mber 29

, 2011

28c3

bunnie

Com

puting

Shar

ed S

ecr

et

•M

ultip

ly K

SVsby

priva

te k

eys

to g

et 56

-bit shar

ed

secr

et K

mBKSV ·APK = Km

0APK00

1APK01

. . Km

. 1APK38

0APK39

AKSV ·BPK = Km

1BPK00

0BPK01

. . Km

. 1BPK38

1BPK39

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize C

iphers

•Plu

g An, K

m in

to c

ipher

har

dw

are

•In

it k

ey

schedule

s

•Ev

olv

e c

ipher st

ate

bas

ed o

n:

–Pix

clock

–HSYN

C

–VSYN

C

–Dat

a gu

ardban

dtim

ings

–All

in p

lain

text

Dece

mber 29

, 2011

28c3

bunnie

Pix

el-by-

pix

el s

ynch

ronizat

ion

Swap encrypted pixels for

alternate encrypted pixels

Encrypted video

cipher stream

Decrypted video

XOR

Video cable

Video source

TV

XOR

NeTV UI

video

Tx-synchronized

cipher stream

Video cable

NeTV

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize Fra

me B

uff

ers

•O

verlay

pix

els m

ust

be e

xact

ly tim

ed to v

ideo

pix

els

•O

verlay

com

es fr

om

/dev/

fb0 o

f at

tach

ed li

nux

com

pute

r

•Chal

lenge

s–

linux

inte

rrupt jit

ter is too h

igh (10

’s to 100’s o

f us, i.e.

thousa

nds of pix

els)

–Lo

cal c

ryst

al o

scill

ators

drift

ove

r tim

e (10

0’s o

f pix

els p

er

fram

e)

–Ultim

ately

, ove

rlay

“jit

ters

”an

d “drift

s”w

ithout tigh

t sy

nch

ronizat

ion

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize Fra

me B

uff

ers

•Tech

niq

ue #1: sourc

e g

raphic

s engi

ne p

ixcl

ock

from

video, n

ot lo

cally

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize Fra

me B

uff

ers

•Tech

niq

ue #1: sourc

e g

raphic

s engi

ne p

ixcl

ock

from

video, n

ot lo

cally

•Tech

niq

ue #2:

derive

tim

ing

dyn

amic

ally

fro

m v

ideo

stre

am a

nd set /dev/

fb0 p

ropert

ies to

mat

ch

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize Fra

me B

uff

ers

•Tech

niq

ue #1: sourc

e g

raphic

s engi

ne p

ixcl

ock

from

video, n

ot lo

cally

•Tech

niq

ue #2:

derive

tim

ing

dyn

amic

ally

fro

m v

ideo

stre

am a

nd set /dev/

fb0 p

ropert

ies to

mat

ch

•Tech

niq

ue #3: sta

rt L

CD D

MA b

ased o

n V

SYN

C

star

t fr

om

vid

eo str

eam

Dece

mber 29

, 2011

28c3

bunnie

Syn

chro

nize Fra

me B

uff

ers

•Tech

niq

ue #1: sourc

e g

raphic

s engi

ne p

ixcl

ock

from

video, n

ot lo

cally

•Tech

niq

ue #2:

derive

tim

ing

dyn

amic

ally

fro

m v

ideo

stre

am a

nd set /dev/

fb0 p

ropert

ies to

mat

ch

•Tech

niq

ue #3: sta

rt L

CD D

MA b

ased o

n V

SYN

C

star

t fr

om

vid

eo str

eam

•Tech

niq

ue #4: a

dd a

few

vid

eo li

nes’

ela

stic

FIF

O

buff

ering

to a

bso

rb V

SYN

C in

terrupt jit

ter

Dece

mber 29

, 2011

28c3

bunnie

Chro

ma

Key

•Chro

ma

key

rese

rves a

speci

fic

colo

r an

d

subst

itute

s its va

lue for “t

ransp

arent”

•In

this im

ple

menta

tion, F

0,0

0,F0 (a

shad

e o

f pin

k) is

th

e m

agic

colo

r–

A c

om

par

ator w

ithin

the FPG

A in

spect

s eve

ry p

ixel a

nd

switch

es a

mux

+=

Image c

opyright

©2008,

Ble

nder

Foundation / w

ww

.big

buckbunny.o

rgC

C-B

Y-3

.0

Dece

mber 29

, 2011

28c3

bunnie

TMDS to RGB

Deserialize

RGB to TMDS

Serialize

HDMI Connector

HDMI Connector

Dece

mber 29

, 2011

28c3

bunnie

Optim

izat

ions

•Key

cach

ing

–Ev

ery

vid

eo sourc

e/sink

pai

r has

a c

onst

ant sh

ared secr

et

–K

mis c

ached a

fter firs

t co

mputa

tion to im

pro

ve sys

tem

ro

bust

ness

•ED

ID c

achin

g–

More

import

ant beca

use

without ED

ID c

achin

g, u

sers

will

se

e a

double

-blin

k of th

e scr

een

•Firs

t blin

k is to m

eas

ure

the T

V’s c

apab

ilities

•Then w

e c

om

pute

the in

ters

ect

ion o

f th

e T

V c

apab

ilities an

d

NeTV

capab

ilities

•Seco

nd b

link

is to o

verr

ide the c

apab

ilities w

e d

on’t support

Dece

mber 29

, 2011

28c3

bunnie

The B

igge

r Sys

tem

Pic

ture

HDMI Connector

HDMI Connector

Dece

mber 29

, 2011

28c3

bunnie

A C

om

ple

te O

pen S

tack

PC

B

Pla

stics

FP

GA

(verilo

g)

U-b

oot

Lin

ux

An

gstr

om

dis

tro

(ap

ps/t

ools

)

Webkit

HT

ML/javascrip

tw

idge

ts (

gith

ub)

OpenEmbedded/

buildbotP

rovis

ionin

g &

up

da

te s

erv

er

(EC

2)

Dece

mber 29

, 2011

28c3

bunnie

Applic

atio

n E

nvi

ronm

ent

•TV o

verlay

apps ar

e w

eb p

ages

–CSS c

onfigu

red to p

ut “m

agic

pin

k”as

bac

kgro

und

–Apps ar

e ja

vasc

ript/

HTM

L pro

gram

s

–But yo

u c

an e

xtend to a

ny in

fras

truct

ure

that

can

write

to

/dev/

fb0 (SDL, Fla

sh, e

tc.)

•O

ur dem

o a

pps ar

e o

pen sourc

e a

nd sto

red in

a g

ithub

repo

–Updat

ing

apps co

nsist

s of doin

g a

gitpull

on the c

lient

–Configu

red to p

ull

eve

ry reboot

•Firm

war

e u

pdat

es se

rved fro

m E

C2

infr

astr

uct

ure

–Public

AM

I pro

vided so y

ou c

an m

ake y

our ow

n

–M

ore

on this la

ter

Dece

mber 29

, 2011

28c3

bunnie

HTTP A

PI

•Zero

confso

lution for netw

ork

ed in

tera

ctio

n w

ith T

V–

API pro

vides m

eth

od to send e

vents

to N

eTV

•So, a

sm

artp

hone

can:

–Disco

ver N

eTV

with B

onjo

ur

–Send e

vents

(su

ch a

s SM

S) to

the N

eTV

using

HTTP G

ET

–N

eTV

renders

these

eve

nts

on y

our TV

•Also p

rovi

des a

meth

od for file

uplo

ad to e

nab

le p

hoto

shar

ing

to the T

V

–Fa

st, e

asy

inte

grat

ion in

to “sm

arth

om

e”envi

ronm

ent

–Ex

ample

cal

l: htt

p:/

/10

.0.8

8.1/

bridge

?cm

d=t

icke

reve

nt&

mess

age=H

ello

%W

orld&

title=H

ello

%20

World

–Ea

ch A

PI ca

ll ca

n b

e rest

rict

ed to ju

st lo

calh

ost

for se

curity

Dece

mber 29

, 2011

28c3

bunnie

Turn

key

Build

Sys

tem

•Public

Am

azon E

C2

inst

ance

with p

re-b

uilt

Angs

trom

distr

ibution

–Sav

es hours

of eff

ort

dow

nlo

adin

g & b

uild

ing

sourc

es

–In

stan

ce c

om

es co

nfigu

red w

ith lo

cal g

itre

po

and

build

botto

man

age b

uild

s

–Built

imag

es co

nfigu

red to fetc

h u

pdat

es fr

om

your ow

n in

stan

ce

Dece

mber 29

, 2011

28c3

bunnie

Launch

ing

an E

C2

AM

I

Dece

mber 29

, 2011

28c3

bunnie

Loca

l cgi

tre

po

Dece

mber 29

, 2011

28c3

bunnie

Auto

-build

trigg

ers

bas

ed o

n c

om

mits

Dece

mber 29

, 2011

28c3

bunnie

Distr

ibute

Fin

ished B

uild

s

•Im

age o

nce

, auto

-updat

e fore

ver

Dece

mber 29

, 2011

28c3

bunnie

Har

dw

are is

Open

Dece

mber 29

, 2011

28c3

bunnie

Pla

stic

s ar

e O

pen

Dece

mber 29

, 2011

28c3

bunnie

Pr0

n

Dece

mber 29

, 2011

28c3

bunnie

Sch

em

atic

s

Dece

mber 29

, 2011

28c3

bunnie

And P

CB L

ayout

Dece

mber 29

, 2011

28c3

bunnie

A C

om

ple

te O

pen S

olu

tion to H

DCP M

ITM

•Har

dw

are

–Sch

em

atic

s, P

CB, indust

rial

design

, FPG

A

•Soft

war

e–

Com

ple

te, t

urn

-key

cloud-b

ased b

uild

envi

ronm

ent

•Hal

f an

hour fr

om

sta

rt to p

roduct

ion-g

rade

deplo

yment

•Ava

ilable

at ad

afru

it.com

(htt

p:/

/w

ww

.adaf

ruit.com

/pro

duct

s/609)

Dece

mber 29

, 2011

28c3

bunnie

Reca

p: H

DCP M

ITM

Im

ple

menta

tion

•Com

ple

te H

DCP M

ITM

solu

tion d

em

onst

rate

d–

Inte

rcept ke

y exc

han

ge o

n the fly

–Derive

shar

ed secr

ets

& syn

chro

nize T

xci

phers

–M

ultip

lex

ove

rlay

vid

eo u

sing

chro

ma

key

–Avo

ids decr

ypting

dat

a, there

fore

DM

CA-s

afe

–M

odifie

s ED

ID reco

rds to

forc

e c

om

pat

ibili

ty

•En

able

s vi

deo c

om

positing

funct

ional

ity

–En

able

s unco

nnect

ed le

gacy

TVs to

now

hav

e c

onnect

ed T

V

capab

ilities

–En

able

s you to m

odify y

our vi

deo c

onte

nt (sto

p/m

odify a

ds,

show

live

inte

rnet co

mm

enta

ry, e

tc.)

•A c

om

ple

tely

open h

ardw

are/so

ftw

are sta

ck

Dece

mber 29

, 2011

28c3

bunnie

Non-Infr

ingi

ng

Use

of HDCP M

aste

r Key!

•Em

bodim

ent of a

bona-

fide, n

on-infr

ingi

ng

and

com

merc

ially

use

ful a

pplic

atio

n o

f th

e H

DCP

mas

ter ke

y

•Blu

rs the a

ssoci

atio

n o

f th

e H

DCP m

aste

r ke

y w

ith

pirac

y–

Prior to

this e

xplo

it, t

he o

nly

applic

atio

n o

f th

e H

DCP

mas

ter ke

y w

as to c

ircu

mve

nt th

e e

ncr

yption o

n

copyr

ighte

d d

ata

–N

ow

, there

is a

non-c

ircu

mve

nting

applic

atio

n for th

e

HDCP m

aste

r ke

y

Dece

mber 29

, 2011

28c3

bunnie

Q&A

Implementation of MITM Attack on HDCP-Secured Links...

Documents

Transcript of Implementation of MITM Attack on HDCP-Secured Links...