Security
The master key
December 28, 2024
7:15 PM – 8:15 PM Add to calendar
7:15 PM – 8:15 PM Add to calendar
Saal ZIGZAG
This is the story of the HDCP master key that we derived back in 2010.
This is the story of the HDCP master key. How in 2010 we derived it from various public sources and from a bunch of cheapish hardware (and how we made money in the process!), and then published it on pastebin. After that it was just wait-and-see what Intel and the rest of the world would do.
With the master key anyone can make source and sink keys that interoperate with any HDCP device.
Oh, and how I learnt how to spell "forty".
HDCP MASTER KEY (MIRROR THIS TEXT!)
This is a forty times forty element matrix of fifty-six bit
hexadecimal numbers.
To generate a source key, take a forty-bit number that (in
binary) consists of twenty ones and twenty zeroes; this is
the source KSV. Add together those twenty rows of the matrix
that correspond to the ones in the KSV (with the lowest bit
in the KSV corresponding to the first row), taking all elements
modulo two to the power of fifty-six; this is the source
private key.
To generate a sink key, do the same, but with the transposed
matrix.
6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9
82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6
1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39
b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e
2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378
672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d
07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63
1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70
Additional information
| Live Stream | https://streaming.media.ccc.de/38c3/zigzag |
|---|---|
| Type | Talk |
| Language | English |
More sessions
| 12/27/24 |
With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, very custom, TI manufactured chip. But the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and is responsible for providing access to JTAG of the application processor, the internal SPMI bus, etc. We start by investigating the previous variant of the ...
|
| 12/27/24 |
In wenigen Wochen werden die Gesundheitsdaten von rund 73 Millionen in Deutschland Krankenversicherten ohne deren Zutun über Praxis- und Krankenhausgrenzen hinweg zentral in einer Akte zusammengeführt - in der [„elektronischen Patientenakte für alle“](https://www.bundesgesundheitsministerium.de/themen/digitalisierung/elektronische-patientenakte/epa-fuer-alle.html). Fortsetzung von 36C3 - [„Hacker hin oder her“: Die elektronische Patientenakte ...
|
| 12/27/24 |
We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key. In the talk, we start with the fundamentals of symmetric key cryptography before going into the details of high frequency radio, HALFLOOP-24, and the ...
|
| 12/27/24 |
PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications Fuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities. However, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities. In this talk, we present our ...
|
| 12/27/24 |
The Chipolo ONE is a Bluetooth tracker built around the Dialog (now Renesas) DA14580 chip. This talk will present the research made on this device, from extracting the firmware from the locked down chip using fault injection up to getting remote code execution over Bluetooth. The talk will also present the disclosure process and how the vendor reacted to an unpatchable vulnerability on their product.
|
| 12/27/24 |
Digital identity solutions, such as proposed through the EU's eIDAS regulation, are reshaping the way users authenticate online. In this talk, we will review the currently proposed technical designs, the impact such systems will have, and provide an outlook on how techniques from modern cryptography can help to improve security and privacy.
|
| 12/27/24 |
Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.
|
