grack.com

No, I’m not dead. Having a baby just sucks the energy out of you to do anything besides looking after the baby.

In other news, Everett was born on March 1 and he’s getting pretty big now!

After reading up on Prof. Felton’s description of the major HDCP weakness and reading the paper he referenced, I cooked up a small proof-of-concept conspiracy attack for HDCP in Java.

It turns out that you can trivially solve for a private system key by solving for the simple case of public keys that look like this (for a four-length array system):

[1 0 0 0]
[0 1 0 0]
[0 0 1 0]
[0 0 0 1]

This yields a symmetric matrix that can be used to generate any private key given any public key in milliseconds. The code implements this in HdcpKeyGenerator.

So, all you need to do to start generating your own codes is:

HdcpSystem system = new HdcpSystem(4); // key size
Conspiracy conspiracy = new Conspiracy( system, /* the keys */ );
HdcpKeyGenerator gen = conspiracy.solveForKeyGenerator();

gen.createDevice(new PublicKey(system, /* public key */));

Here’s a solvable system you can use to trace through things by hand:

 Secret Key         Public Key
 [ 26, 19, 12, 7 ]  [ 1 2 ]
 [ 13, 13, 22, 5 ]  [ 2 4 ]
 [ 22, 16, 5, 19 ]  [ 1 3 ]
 [ 12, 19, 9, 16 ]  [ 2 3 ]

The symmetric “solution” matrix for the key generator is:

 Secret Key       
 [ 18, 8, 4, 5 ]  
 [ 8, 11, 8, 2 ]  
 [ 4, 8, 1, 14 ]  
 [ 5, 2, 14, 3 ]  

To solve for any key, just add up the number in the columns that correspond to the public key. The first row is the first number, second row is the second number, etc. For the public key [ 1 2 ], we get [ 18+8, 8+11, 4+8, 5+2 ] == [ 26, 19, 12, 7 ], the same result as the input we used to generate this matrix (as you would expect).

The documentation is in the unit tests themselves. I recommend unzipping this project and opening it with Eclipse to check out and run the unit tests.

Download: hdcp.zip

An interesting read, found via a recent Scientology article on kuro5hin:

Sex, Drugs, and Cults. An evolutionary psychology perspective on why and how cult memes get a drug-like hold on people, and what might be done to mitigate the effects

Perhaps there might be an opportunity to “vaccinate” against those with more vulnerable dopamine systems with modern technology. It’s interesting to read about the human ability to absorb and transmit memes. It makes sense from an evolutionary perspective: as our genes encode less genetic behaviour, we need to make up for it in some way. Memes end up being a second set of genetic coding – though one that isn’t permanent .

Here’s a bit from the abstract:

In the aggregate, memes constitute human culture. Most are useful. But a whole class of memes (cults, ideologies, etc.) have no obvious replication drivers. Why are some humans highly susceptible to such memes?

Note that the term meme was coined by Richard Dawkins in his book The Selfish Gene.