[Ffmpeg-devel] Re: HDTV, patents, DRM
Wed Mar 15 15:03:01 CET 2006
Erik Slagter said:
> On Wed, 2006-03-15 at 03:25 +0000, M??ns Rullg??rd wrote:
>> The keys are sent in the stream encrypted with one half of an
>> public/private key pair, the other half of which is embedded inside
>> the smartcard. If you think cracking the private key is easier, go
>> ahead. Or maybe it's possible to glean something using a bus analyzer
>> connected to some chips inside the STB. Even so, it's difficult
>> enough that *very* few people will do it.
> I was under the impression that in general the transmitted keys (ECM
> "code words") are handed to the smart card which first checks whether
> you're actually allowed (EMM etc.), then applies some very secret
> algorithm to it (possibly selectable/configurable by EMM card update)
> which yields the key to actually decrypt the stream.
That is more or less how it works. The details vary between implementations.
> The hard part in this is that you don't know what goes on in the smart
> card, although I've read of people scanning the card with X-rays and
> reverse engineered the logic ;-).
That's what I'm talking about. Extracting information from the smart card
is nothing Joe Average will be doing.
> Attaching a bus scanner also seems to
> work, some do it that way, but afaik most crackers simply get their data
> from the raw ts stream.
Where do they access this raw ts stream?
> As almost any CAM system at least has been
> cracked partly apparently it's quite hard to get it 100% right.
Conditional access is really nothing but security by obscurity. It's just
that some of the systems are sufficiently obscure that nobody has managed
to RE them.
> Anyway, if you're only goal is to get the video stream without DRM
> restrictions a slightly modified STB would suffice (or use one using
> open source software, there are a few).
Open source software won't help when the secrets are embedded in silicon.
mru at inprovide.com
More information about the ffmpeg-devel