TiVoToGo DRM cracked

[MickeS]

I'm guessing this has already been posted here, but I couldn't find a thread about it... so if it HASN'T been posted, here's a thread.

http://community.livejournal.com/tivolovers/384800.html

I wonder what this will mean for ToGo for Mac?

[ZeoTiVo]

Well it is not really a crack per se as it still requires the Media Access Key from the user and just basically does the same pipe and filtering in a C program.

the good news for Mac and Linux users is that you do not need TiVo desktop installed to run this program.

While I do not think this will induce an uptick in files from TiVos shared on the internet - since people could have done that already by just getting a windows PC this si somewhat bad news for TiVo, inc. as it weakens the perception of security on their platform in the content owner's eyes.

[Stu_Bee]

Quote:

Originally Posted by ZeoTiVo

as it weakens the perception of security on their platform in the content owner's eyes.

Yeah..and that's all it is perception. Even tivo allows people to currently strip the DRM from their content via the Tivo Desktop+ transcoding to other video formats.
The only protection Tivo can be offering at this point is the Do Not Allow download flags.

[Jiffylush]

I see this as bad news for S3 owners waiting for TTG and MRV.

I hope it isn't but this is just the type of thing cablelabs would use as a reason not to enable TTG and MRV.

[MickeS]

Quote:

Originally Posted by Jiffylush

I see this as bad news for S3 owners waiting for TTG and MRV.

I hope it isn't but this is just the type of thing cablelabs would use as a reason not to enable TTG and MRV.

Which never has made any sense to me, since recording devices for the PC are allowed.

[ZeoTiVo]

Quote:

Originally Posted by MickeS

Which never has made any sense to me, since recording devices for the PC are allowed.

it is all about the HD on premium channels and the coming downloading of movies.

OTA content or premium SD content is not so important to the copyright holders anymore, but they are looking for that locked down digital stream they can provide thier content on and feel like no one is dipping into the stream without paying.

[jmoak]

Quote:

from the soueceforge page:
The conversion still requires the valid MAK of the TiVo which recorded the file, so it cannot be used to circumvent their protection, simply to provide the same level of access as is already available on Windows.

So it's not actually "cracked", is it?

Or is it just a "perception" thing?

It's not, but they say it is, but it's really not, but it does not matter, 'cause they say it is, even though it's not, so it may as well be, 'cause they say it is, even though it's not, everyone says it is, or is it? I mean, the title says it is, so it must be, right? right?

[MickeS]

Nope, I guess "cracked" is not entirely correct. More shorthand for "circumventable without TiVo-provided software" .

[ZeoTiVo]

Quote:

Originally Posted by jmoak

It's not, but they say it is, but it's really not, but it does not matter, 'cause they say it is, even though it's not, so it may as well be, 'cause they say it is, even though it's not, everyone says it is, or is it? I mean, the title says it is, so it must be, right? right?

I think you have it now. That is exactly how the content providers will think it through

[rainwater]

Since the DRM scheme has been reverse engineered and you can circumvent the DRM without the TiVo software, then it has been officially cracked (whether it requires the MAK or not).

[ZeoTiVo]

Quote:

Originally Posted by rainwater

Since the DRM scheme has been reverse engineered and you can circumvent the DRM without the TiVo software, then it has been officially cracked (whether it requires the MAK or not).

A crack to me denotes you can open any .tivo file without needing the specific key

I think it is better to say it has been hacked

[Aflat]

Quote:

Originally Posted by MickeS

Which never has made any sense to me, since recording devices for the PC are allowed.

Yes but recording devices using a cable card on a PC is not allowed. The only machiena cbale card can be installed into is an approved cable card computer. You can't make a home brewed media center PC that can read cable cards.

[jmoak]

Quote:

Originally Posted by ZeoTiVo

I think you have it now. That is exactly how the content providers will think it through

Who can blame 'em? Engadget (home of the famous "Tivo Deathwatch") titles it "TiVo DRM cracked, non-Windows users rejoice", this thread says "TiVoToGo DRM cracked", and I'll betcha a goggle search tomorrow will display at least a half dozen more "Tivo Cracked!" headlines.

Content providers, et. all.

Even though you still need the tivo key to do anything and even sourceforge plainly states "it cannot be used to circumvent their protection", many will loudly proclaim "it has been officially cracked!"

edit:
Woah! No sooner than I thought it, even before I posted it....

[rainwater]

Quote:

Originally Posted by Aflat

Yes but recording devices using a cable card on a PC is not allowed. The only machiena cbale card can be installed into is an approved cable card computer. You can't make a home brewed media center PC that can read cable cards.

It doesn't matter what you call it. Anyone who can get .tivo files off their TiVo is going to have the MAK anyways. Sure, you couldn't distribute .tivo files around, but that is not really a big concern anyways if you can just strip the DRM off immediately and have a MPEG-2 file. Of course you have been able to easily do this for a while so its not a big deal to Windows users. The big question will be what will TiVo do if someone writes a piece of software that mimics TiVo Desktop on the Mac.

[mportuesi]

Quote:

Originally Posted by rainwater

The big question will be what will TiVo do if someone writes a piece of software that mimics TiVo Desktop on the Mac.

I imagine it should be pretty straightforward to modify Galleon to call-out to this unlocking utility. That would pretty much put Galleon on par with TiVo Desktop.

[jmoak]

Quote:

Originally Posted by rainwater

Sure, you couldn't distribute .tivo files around, but that is not really a big concern anyways

That IS "The Big Concern", to the program providers, anyway.

Quote:

Originally Posted by rainwater

The big question will be what will TiVo do if someone writes a piece of software that mimics TiVo Desktop on the Mac.

If this sourceforge development had been touted correctly, it would have been a boon to tivo. Heck, writing a workaround that allows other os's to work with tivo files while maintaining the need to use the tivo keys and authorization method? I'd imagine they'd say, "Thanks!!"

But to have it touted as a "crack" and therefore thought of as a circumvention of their drm system... WHEW! Lord only knows how they'll react.

[id242]

Wow, I guess the people who do run this forum, DO censor messages posted.

Even if you follow the guidelines listed in the forum rules, posts that the moderators don't personally agree with, somehow disappear.

All the regulars know this already, I guess that's what they mean when they write "IBTL", which either means "In Before The Lock" (Censorship) or "I Better Tellyou Later", which means "Hush Hush. We are not suppose to talk about such things in public".

[Dan203]

Your post was deleted because it was a duplicate, not because it was censored.

Dan

[davezatz]

Quote:

Originally Posted by rainwater

Since the DRM scheme has been reverse engineered and you can circumvent the DRM without the TiVo software, then it has been officially cracked (whether it requires the MAK or not).

I think it's fair to say it's been cracked. Perhaps there are varying levels of 'crack' but deconstructing the decryption mechanism is a very big deal. If we want to argue that needing a MAK means it's not been cracked, someone will build us a brute force MAK testing engine and solve that lickity split.

I think most folks will use this for legit reasons. People want TiVoToGo on the Mac and TiVo hasn't delivered. As was mentioned above, let's plug this into Galleon and call it a day.

[TydalForce]

Anybody who wants to record TV, edit out the commercials, and then distribute it under questionable circumstances is already doing so via computer-based TV Tuner cards.

This really doesn't change anything. TV shows are still going to show up on BitTorrent, with our without TiVo around.

This is, however, good news for those of us on Mac or Linux (or other?) who want to download a few shows from their TiVo to take on the go with them.

[rainwater]

Quote:

Originally Posted by davezatz

I think it's fair to say it's been cracked. Perhaps there are varying levels of 'crack' but deconstructing the decryption mechanism is a very big deal. If we want to argue that needing a MAK means it's not been cracked, someone will build us a brute force MAK testing engine and solve that lickity split.

I think most folks will use this for legit reasons. People want TiVoToGo on the Mac and TiVo hasn't delivered. As was mentioned above, let's plug this into Galleon and call it a day.

Yeah, the big deal is you can now remove the DRM without any dlls or TiVo software. This can't sit well with TiVo, but I'm not sure what they can do now that the source code is out there.

And I agree, I think this was all brought about due to lack of support from TiVo for platforms other than Windows (even though Tivo Desktop Plus removes the DRM itself for portable devices).

I would disagree that this affects the S3 because I have a hard time believing TTG will ever be possible on the S3 for digital cable recordings and I don't see how this affects MRV anyways.

[davezatz]

Quote:

Originally Posted by TydalForce

Anybody who wants to record TV, edit out the commercials, and then distribute it under questionable circumstances is already doing so via computer-based TV Tuner cards.

TiVo, Inc could make the argument that bypassing their DRM scheme violates the DMCA if they or their partners feel threatened. Megazone suggested this could lead to an arms war, though I wonder if TiVo has the skills on hand to come up with a new mechanism and get it out there in a timely fashion. (Mac TTG is nearly two years late...)

I don't mind republishing DirectShow Dump or GraphEdit stuff because we're essentially letting TiVo software decrypt the show (as designed) and we just happen to be saving the results. I briefly thought of hosting some of this new stuff on my site, but I think it's a grey area I don't want to touch. I will however try it out tonight on my Mac.

Quote:

Originally Posted by rainwater

I would disagree that this affects the S3 because I have a hard time believing TTG will ever be possible on the S3 for digital cable recordings and I don't see how this affects MRV anyways.

TTG for the S3 has always been a long shot due to political and technical issues, though it's more likely SD content could be moved around. MRV could be impacted just from a perception stand-point. If CableLabs feels like TiVo hasn't built a secure platform they could be reluctant to certify features they may not fully trust as it is.

[minckster]

Edit: D'oh! Forget my question! I just noticed that --mak says "required."

Are you guys sure that the program requires the MAK? One of the flags (?) is "--noverify, do not verify MAK while decoding." I'm not sure what else that would mean.

Quote:

Usage: ./objects.dir/tivodecode [--help] [--verbose|-v] [--no-verify|-n] {--mak|-m} mak [{--out|-o} outfile] <tivofile>

--mak, -m media access key (required)
--out, -o output file (default stdout)
--verbose, -v verbose
--no-verify, -n do not verify MAK while decoding
--help print this help and exit

[petew]

Quote:

Originally Posted by minckster

Are you guys sure that the program requires the MAK? One of the flags (?) is "--noverify, do not verify MAK while decoding." I'm not sure what else that would mean.

The MAK is part of the decrypt key. I presume if it's wrong and you use --noverify you'll just get a scrambled MPG output.

[ZeoTiVo]

Quote:

Originally Posted by id242

All the regulars know this already,

that is was a duplicate thread of a thread right at the top of the first page with the obvious title "TiVoToGo DRM cracked"? - yah - we knew that

[ZeoTiVo]

Quote:

Originally Posted by davezatz

If we want to argue that needing a MAK means it's not been cracked, someone will build us a brute force MAK testing engine and solve that lickity split.

If someone could come up with a way to do that then I would call it cracked and that would indictae weak encryption/security.

but to use the same pipe and filter method that TiVo does and require the MAK itself to do the decryption is a hack. A good hack, and one that will make Mac users with TiVos happy that they can do all the processing on a Mac now.

even the early ability to get content off a TiVo DVR before/without desktop was a hack and not a crack as they simply truned off the flag that said to decrypt the content as it was being recorded. All of this is still illegal under the DMCA as it all circumvents the security mechanisms so in court it would be a small distinction


I think the distinction is important due to the perception of content providers as they argue with TiVo over how secure content is on the TiVo box. And that argumnet is brewing now at cablelabs over certifying TiVoToGo in hardware with cable cards

[MickeS]

Quote:

Originally Posted by jmoak

Even though you still need the tivo key to do anything and even sourceforge plainly states "it cannot be used to circumvent their protection", many will loudly proclaim "it has been officially cracked!"

Since every single person who owns a TiVo Series 2 has a MAK, and this requires ownership of a Series 2 to extract files in the first place, I think "cracked" is fairly accurate shorthand for what they've done, since it doesn't require any official TiVo software. ZeoTivo's suggestion "hack" is probably better though.

[Redux]

Do .tivo files have any advantage over .ty files?

Trying to manufacture an excuse to play with a new toy.

[sommerfeld]

Quote:

Originally Posted by ZeoTiVo

Well it is not really a crack per se as it still requires the Media Access Key from the user and just basically does the same pipe and filtering in a C program.

Except that the MAK is apparently only 32 bits long, which puts the crypto into the "good against your kid sister" class rather than the "good against a determined adversary" class.

To put this into concrete terms: a 32-bit key means that there are only 2^32 possible keys - just over 4 billion. This may seem like a lot, but current commodity desktop computers are clocked at around 2GHz - two billion ticks per second. Even if you need tens of thousands of cycles to try each key, modestly tuned key-search software running on commodity hardware most likely could try all four billion in a day.

[sommerfeld]

Quote:

Originally Posted by MickeS

ZeoTivo's suggestion "hack" is probably better though.

I'll stay professional and say that the file encoding has been reverse-engineered; as is typical for proprietary encodings not subject to public peer review, the encoding scheme appears to be cryptographically weak.