HD copy protection may have been busted

What’s purported to be the “master key” that protects Blu-ray and other HD content has been published online. But even if it is genuine, it’s debatable how much practical difference there will be.

A poster on the Pastebin site, designed for easy sharing of text and code, has published what’s billed as the HDCP master key, a grid of 1600 numbers, each made up of 14 hexadecimal characters. It also has the instructions:

To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key. To generate a sink key, do the same, but with the transposed matrix.

Now, I’ll be honest enough to admit that this hurts my head a little bit (this is where our more mathematically literate readers can jump in!), but the points is that if these instructions are correct, it’s a relatively simple task to generate your own key. That allows you to hook up a Blu-ray player or other HD device to a recording device, then use your generated key on the recording device to create a connection that both devices consider legitimate, thus allowing the content to pass through without encryption.

The leaks has already prompted speculation that plans by movie companies to stream protected HD video might have to be put on hold for fear that the movies would be pirated immediately.

There is a theory, though, that this isn’t the master key and that such a thing doesn’t exist. Instead what may have happened is that it’s a key used by many (but not all) manufacturers that get their HDCP hardware from the same source. That means that although in theory any key found to be used in equipment for piracy could be disabled by the people behind the HDCP system, doing so would be impractical as it could stop legitimate devices working and prompt legal action.

[Picture credit: Leo Reynolds]