[Ffmpeg-devel] Re: HDTV, patents, DRM

Måns Rullgård mru
Wed Mar 15 15:03:01 CET 2006

Erik Slagter said:
> On Wed, 2006-03-15 at 03:25 +0000, M??ns Rullg??rd wrote:
>> The keys are sent in the stream encrypted with one half of an
>> public/private key pair, the other half of which is embedded inside
>> the smartcard.  If you think cracking the private key is easier, go
>> ahead.  Or maybe it's possible to glean something using a bus analyzer
>> connected to some chips inside the STB.  Even so, it's difficult
>> enough that *very* few people will do it.
> I was under the impression that in general the transmitted keys (ECM
> "code words") are handed to the smart card which first checks whether
> you're actually allowed (EMM etc.), then applies some very secret
> algorithm to it (possibly selectable/configurable by EMM card update)
> which yields the key to actually decrypt the stream.

That is more or less how it works.  The details vary between implementations.

> The hard part in this is that you don't know what goes on in the smart
> card, although I've read of people scanning the card with X-rays and
> reverse engineered the logic ;-).

That's what I'm talking about.  Extracting information from the smart card
is nothing Joe Average will be doing.

> Attaching a bus scanner also seems to
> work, some do it that way, but afaik most crackers simply get their data
> from the raw ts stream.

Where do they access this raw ts stream?

> As almost any CAM system at least has been
> cracked partly apparently it's quite hard to get it 100% right.

Conditional access is really nothing but security by obscurity.  It's just
that some of the systems are sufficiently obscure that nobody has managed
to RE them.

> Anyway, if you're only goal is to get the video stream without DRM
> restrictions a slightly modified STB would suffice (or use one using
> open source software, there are a few).

Open source software won't help when the secrets are embedded in silicon.

M?ns Rullg?rd
mru at inprovide.com

More information about the ffmpeg-devel mailing list