[mythtv-users] SiliconDust to Announce CableCard Product at CES [RUMOR]

Devin Heitmueller dheitmueller at kernellabs.com
Thu Jan 7 16:32:29 UTC 2010

On Thu, Jan 7, 2010 at 11:23 AM, Ronald Frazier <ron at ronfrazier.net> wrote:
>> The HDHR box authticates to the cable card that it contains.  The
>> Windows box then authenticates to the HDHR to receive a recording
>> (encrypted).
> But that's the same basic idea, even if there is another device in the
> chain. The question is how it gets decrypted. I'm assuming the
> decryption key is passed from the cable card to the PC only through an
> authenticated chain, but as I just explained, it wouldn't be difficult
> to extract the key and pretend to be the windows system (ie: rather
> than a man-in-the-middle attack, you are simply killing Alice and
> sending in your look-alike replacement.

Yes, independent of the encryption from the headend to the OCUR
platform (in this case the HDHR), there is separate encryption from
the HDHR to the host.  They do exchange keying information (using a
public key algorithm), and Microsoft's protected storage of their
private keying information has gotten significantly better than it
used to be.

So you would have to successfully extract the private keying info from
Windows 7 (not impossible but definitely not trivial), emulate the key
exchange with the HDHR, and reverse engineer all of Microsoft's DRM to
be able to properly decrypt the stream.


Devin J. Heitmueller - Kernel Labs

More information about the mythtv-users mailing list