Class Break of TiVoToGo DRM

Last week I wrote about the security problems of having a secret stored in a device given to your attacker, and how they are vulnerable to class breaks. I singled out DRM systems as being particularly vulnerable to this kind of security problem.

This week we have an example: The DRM in TiVoToGo has been cracked:

An open source command-line utility that converts TiVoToGo movies into an MPEG file and strips the DRM is now available online. Released under a BSD license, the utility—called TiVo File Decoder—builds on the extensive reverse engineering efforts of the TiVo hacking community. The goal of the project is to bring TiVo media viewing capabilities to unsupported platforms like OS X and the open source Linux operating system. TiVoToGo support is currently only available on Windows.

EDITED TO ADD (12/8): I have been told that TiVoTo Go has not been hacked: "The decryption engine has been reverse engineered in cross-platform code - replicating what TiVo already provides customers on the Windows platform (in the form of TiVo Desktop software). Each customer's unique Media Access Key (MAK) is still needed as a *key* to decrypt content from their particular TiVo unit. I can't decrypt shows from your TiVo, and you can't decrypt shows from mine. Until someone figures out how to produce or bypass the required MAK, it hasn't been cracked."

And here's a guide to installing TiVoToGo on your Mac.

EDITED TO ADD (12/17): Log of several hackers working on the problem. Interesting.

Posted on December 7, 2006 at 12:42 PM • 21 Comments

Comments

edDecember 7, 2006 1:52 PM

When Bruce Schneier talks, even inanimate algorithms listen and tremble. Why just last week, Bruce was dissin' DRM algorithms, so what happens next? The TiVo DRM algorithm heard Bruce, immediately lost all self-esteem, and promptly caved to hackers who'd been assaulting it for months. "OK, OK, I give up," it was heard to whimper, "Just stop twisting my bits."

MixedsignalDecember 7, 2006 2:43 PM

Nice reverse engineering job! But there has been other tools (DirectShow Dump) that can extract raw MPEG files on Windows PC.

JIveDecember 7, 2006 3:52 PM

I there a similar program out there for other DVR systems? ie directv or comcast boxes?

ChuckDecember 7, 2006 3:53 PM

This does not look like a real crack to me. They have just reproduced the function of the Tivo DLL under windows. They can't read the files without the keys. Of course, as i understand it, the DLL sends the signal to the display and a tool is needed to grab that signal and generate an MP3.


Chuck

MegaZoneDecember 7, 2006 4:13 PM

Heh, cool seeing a story I originally posted (http://blog.tivolovers.com/384800.html) bounce around the net and end up here. :-)

Mixedsignal - Yes, DirectShow Dump, TVHarmony AutoPilot, and other tools can dump the MPEG-2 out of the .tivo file - but only on Windows. Those tools work by exploiting a loophole in Windows DirectShow. The TiVo decryption DLL is implemented as a DirectShow filter. Any playback systems, such as Windows Media Player, calls the DLL on playback to do the decryption. These tools act as playback systems and play the video, albeit at high speed, but instead of taking the MPEG-2 from the filter and passing it to a codec for display, they take the raw data and write it out to a file.

This new TiVo Decoder replaces the filter and the whole DirectShow mess and directly decodes the file. By default it is designed to stream the result for playback, the file save is for convenience. This allows it to work on any platform, not just Windows.

These tricks are similar to how QTFairUse6 and myFairTunes6 can strip the DRM off ITMS purchased music in iTunes. (http://www.hymn-project.org/forums/viewforum.php?f=4)


Chuck - While the encryption algorithm wasn't cracked, the key generation system was. The MAK isn't the encryption key, but it is part of the key generation. The key generation system was reverse engineered. Once you have the decryption key, the actual encryption is using standard algorithms, so you can easily decrypt the data. It is a lot cleaner than the DirectShow filter grab tricks, and those only worked on Windows.

Dean HardingDecember 7, 2006 4:58 PM

Is it something that TiVo can patch around? I don't know how TiVo works...

Of course, even if they do patch it, it won't take long for the next crack, so good job!

MegaZoneDecember 7, 2006 5:22 PM

Dean,

Sure. TiVo can always modify their DRM and push an update down to the TiVo boxes. They'd also need to release an updated TiVo Desktop application to keep the official solution working.

But the DirectShow loophole on Windows has been known, and exploited, since the day TiVoToGo was released, and nothing was done to block it. (Though that might take Microsoft's help.) I don't know if they'll actually try to counter this.

The concern is that this might kill the chances for TiVoToGo to be approved by CableLabs for the CableCARD enabled Series3 boxes.

anonDecember 7, 2006 10:37 PM

from what i can tell, it's not cracked or broken. it's more like a unix/linux port of tivotogo. you still can't decode without the key.

AnonDecember 8, 2006 2:16 AM

Chuck: This does not look like a real crack to me.

What makes a crack real? I'd say when it defeats the protection scheme and accomplishes whatever was trying to be prevented. Say, producing a DRM free file given a DRMed file. Or do you think that the crackers were "cheating?"

C GomezDecember 8, 2006 7:56 AM

Really, I could care less if something is cracked, not cracked, or whatever. As long as you can use content you've legally purchased rights to, I'm for it.

Dave ZatzDecember 8, 2006 8:31 AM

I have put together a guide on how to use this utility to prepare shows on the MacOS platform, though replacing the apps with Linux-specific apps will having you working on that OS as well.

http://www.zatznotfunny.com/2006-12/...

Bruce: This is not a true crack. The decryption engine has been reverse engineered in cross-platform code. Each customers Media Access Key (MAK) is still needed as a key to decrypt content from their particular TiVo unit.

MegaZoneDecember 8, 2006 10:14 AM

Hi Dave, fancy meeting you here. ;-)

It gets into the 'what is a 'true crack'' debate. I would call this a crack - TiVo Decode allows people to do exactly what the DRM system was meant to prevent, access the raw MPEG-2 contents freely. Effectively it recreates the same functionality of the TiVo Desktop DirectShow filter DLL on Windows, but it does so while giving the user control. The DRM, as a system, is cracked - it no longer does what it was meant to do. The algorithms haven't been cracked, no, but the system has.

It is still solid reverse engineering, recreating the key generation system from scratch. The MAK isn't the key - the MAK is just one of the known texts that feeds the key generator. Having the MAK does you know good without the key generating code, which has been recreated. While you need the MAK, the MAK was never hidden. The DRM was supposed to prevent access by people who *know* the MAK.

Dave ZatzDecember 8, 2006 12:06 PM

Hey Mega,

I suppose it's open to debate (I was originally on the "It's been cracked!" side) and much of it is semantics and hair splitting. But unless *you* can remove the DRM from *my* TiVo shows, I say the encryption is intact even if the decryption methodology is now public.

AnonymousDecember 9, 2006 6:18 PM

@zatz, mega

I would say "the DRM has been broken", whether or not it's been "cracked". It's pretty clear that an un-DRM'ed file can be redistributed far and wide for anyone to use, so the fact that one Tivo subscriber somewhere has to do it once using a MAK doesn't seem like a huge barrier.

AnonymousDecember 10, 2006 12:14 PM

re: "the DRM has been broken"

I've changed my mind. "The DRM has been defeated" covers cracks, breaks, or anything else.

menacemafiaApril 19, 2007 1:30 AM

well, out of curiosity, has the DRM been cracked. Or it is, but just for TiVo and not any other DRM protect files? like for instance a subscription protected DRM. well if this already solved, please help me out with my DRM media that i have.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..