[mythtv] TiVo versus MCE versus my cable company
Joseph A. Caputo
jcaputo1 at comcast.net
Thu Mar 3 22:15:24 UTC 2005
On Thursday 03 March 2005 16:46, Brad Templeton wrote:
> On Thu, Mar 03, 2005 at 03:46:56PM -0500, Joseph A. Caputo wrote:
> > Anybody catch this link embedded in the article?
> > http://www.edbott.com/weblog/archives/000373.html
> > As I've said before, I'm curious to see what kind of solution MS MCE
> > uses to satisy the 'robustness' clause of the broadcast flag
> > regulation... obviously they believe they'll have a PC-based
> > (Shuttle
> > XPC) solution that accepts a CableCard by Q3 this year.
> There are a number of approaches I could speculate on them taking.
> I don't think it's ready yet, but clearly Palladium (TCPA) would be
> the long term answer to this question.
That's what I thought, when I considered this issue in a thread a week
or two ago, but I doubt that's an option at this point.
> If they have to do this before it's ready, they would do similar
> stuff. The cablecard slot would refuse to decrypt for any
> applications it doesn't trust. This could be as simple as the
> card demanding a magic key from the applications, or it could be
> much more.
> However, it might be that simple. Yes, careful reverse engineers
> could find out the keys (though they might be custom to that
> PCI card or cablecard and thus only useful to you) but you might risk
> a DMCA violation by using them.
> And besides, that's all a lot of work, even when you can do it.
> They know the systems don't secure the content perfectly and there
> will be leakage. If leakage is limited to the people who can hack the
> keys out of their card and possibly violate the DMCA to get it to
> the video, they appear to be happy. Even though that one decrypted
> might spread all over the net.
See my comments below on this...
> Of course, they might also arrange for each card to insert a custom
> string steggo'd into the video it decrypts, if they want to find out
> who did it.
Interesting (and scary!) notion...
> Cards could also expect to be able to call home for new keys on
> a regular basis.
I'd doubt that... implementation would be difficult, and probably have
to be in software rather than something in the card. But you never
> But they don't need to work that hard, just hard enough to raise the
> bar until they can deploy Palladium in the MCE computers.
Not true. The 'robustness' clause of the Broadcast Flag mandate
specifically prohibits them from releasing something potentially
crackable, basically meaning that the protection has to be hard-wired
into the silicon. *All* software and firmware can be hacked. The FCC
has seen what's happend with CSS, Tivo, X-Box, and region-locked DVD
players -- all hacked with combinations of software, firmware or
modchips. If I had to guess, I'd say that they will include at least a
rudimentary Palladium-like capability to lock down the platform.
Anything short of that would be hacked pretty quickly.
More information about the mythtv-dev