TiVo File Encryption Cracked

An anonymous reader writes "TiVo file encryption has been cracked. Details on the project can be found on the wiki. Mac and Linux users rejoice!" The project page says, "The conversion still requires the valid MAK of the TiVo which recorded the file, so it cannot be used to circumvent their protection, simply to provide the same level of access as is already available on Windows."

Yay fair use

This is good news for people who are trying to use content they recorded, like they should be able to.

Re:Yay fair use

Funny, I've been doing this with my ReplayTV for years now. I made the decision to go replay instead of Tivo back then and enjoyed full access to my content, no features removed (I still have a commercial skip button that works, no pause ad's and everything works as it should and was promised when I bought it.

Nice to see that TiVO owners can catch up to the rest of us now, but a smarter decision at the beginning would have given you that choice from the start.

if someone figures out how to take a TiVo and install a linux distro on it and a mythtv install I'll be all over buying a Tivo or two to hack, but until then. I'll keep using my networked replays.

Oh no!

A cloud of smug!

Re:Yay fair use

Commercial skip: Still works on the Tivo, except now you have to push a six-button sequence every couple months to get it to work.
Ads: Barely visible. They either appear on the bottom of the Now Playing screen, in which case they're optional, or it takes up an eighth of the screen during the commercial for the product being shown. In essence, the latter are only visible in the short time while you're fast-forwarding, showing you a stationary ad for a couple seconds. Those ads are exceedingly rare anyway. (I saw one for the Wii yesterday during primetime, but that's the first I've seen in weeks.)

It seems to me that many people on Slashdot, the Richard Stallman crowd especially, act like Tivo is most evil company on the planet for a few very minor faults (especially when it comes to DRM). In reality, I like Tivo because while they do pay lip service to the likes of the RIAA and the MPAA, it is only lip service. They didn't actually remove the commerical-skip feature: they just put in an easy workaround to get it. They included DRM to prevent themselves from getting sued, but it is extremely minimal DRM that is easily circumvented by the owner of the Tivo with a single DirectShow filter. If ReplayTV had paid lip service, it might still be around.

In fact, Tivo even does things that most Slashdotters would applaud, but are villainized nonetheless. Though they have a few patents, a lot of it is for innovative hardware. They aren't like some of the patent-whores who patent things invented fifteen years ago: they basically co-invented the DVR, and made a damn good one. They even use Linux and released their code under the GPL. And yet, we still hear Stallman complaining about the fact that the Tivo hardware locks you out from changing the software. What he (and many others) apparently miss is that when you buy a Tivo, you're not buying a general purpose computer: you're buying a DVR. I mean, God forbid that they prevent users from running them out of business by buying the hardware for far less than it costs Tivo to make it and loading MythTV onto it. (Yes, Tivo subsidizes the cost of the hardware, but only because you are agreeing to pay for the service.)

Possibility for series3 HD Tivo?

After reading the linked "details" article, I am at a loss to tell whether or not this will work with HD-Tivo. I've wanted to buy one of these for a long time (and they've recently hit the market [engadget.com], but at $700ish I can't justify the cost unless I have some way to archive my programing (and Tivo2Go is not offered for HDcontent). HD-DVD and BluRay are both non-starters at the moment, whereas HBO, Showtime, Cinemax, etc all play assloads of HD content all the time (including many movies that aren't out on DVD yet, as well as their own series such as Deadwood, Dexter, etc).

So can anyone tell me if this actually brightens the prospects of being able to use a series 3 HD Tivo to record HD shows and then archive them offline for storage? I did RTFA but the jargon about headers and address bytes and whatnot got a little heavy for me.

Re:Possibility for series3 HD Tivo?

No, this just applies to standard def content from a Series 2 TiVo. You must use the Home Media Option to get the files off the TiVo top begin with. The Series 3 TiVo (the HD version) does not support the Home Media Option.

Re:Possibility for series3 HD Tivo?

It won't. Series 3 do not have the necessary feature enabled because Cable Labs won't let them (yet). Look for it in a future release (if hell freezes over).

For getting video off a Series 3, I worry that it will take an external drive (once they enable THAT) and then get the files that way.

I say all this as a Series 3 owner who, really, doesn't have a ton of use for extracting video.

In short: Series 3 need not apply.

i've been copying files for a while off mine

whats the news? i've been doing this for a while, they come to the pc in a proprietary format and then i use tshow to clean them up. I'm using a series 1.

No it hasn't.

It hasn't been "cracked", since it still requires your Media Access Key to decode the video.

Re:No it hasn't.

It hasn't been "cracked", since it still requires your Media Access Key to decode the video.
 
Remember what Bruce says kids: In the classic encryption scenerio, A(lice) encrypts her message to B(ob) to protect it from C(harles). With DRM, Bob and Charles are the same person!

Re:No it hasn't.

It hasn't been "cracked", since it still requires your Media Access Key to decode the video.

Yes it has. The MAK isn't the key to the encrypted stream- the MAK is what's printed on the System Information page in the TiVO.

This defeats TiVO's DRM that was used to prevent Linux and Mac users from watching shows on their PC.

Please stop replying if you have no idea what you're talking about.

Re:No it hasn't.

The MAK isn't the key to the encrypted stream-

Yes it is... RTFWiki.

No it isn't. read the wiki yourself. I've been following it for months.

The key is produced through a (previously) unknown tranformation involving the MAK. Since the MAK is published, as well as the cipher, as well as the protocol.

TiVo's DRM prevented Linux and Mac users from watching their shows only as a side effect. The intent of TiVo's DRM is to prevent people who don't know the MAK from watching the content.

I don't know what the intent of Tivo's DRM was, and I strongly suspect you don't either.

The DRM as implemented couldn't do what you say it was intended to do- people regularly rip from their tivo and show the results to people who don't have the MAK.

This is a nice piece of reverse engineering, but no encryption scheme was cracked.

Its a wonderful piece of reverse engineering, but if you're nitpicking that people didn't break the turing cipher, I've got news for you: Nobody had to. They broke the method of creating the key.

DMCA?

If I recall, the DMCA prohibits trafficing in technology to bypass security measures on copyrighted media put in place by the owners of that copyright.

The limitations on Tivo are copy protections put in place by a third party, not the owner. (I can still record the same programs on my betamax with no trouble.) Have I missed something?

Re:DMCA?

IANAL, but from my understanding it can summed up as: the MPAA/ABC/CBS/etc can't sue them for this (they didn't put the protection in place), but TiVo certainly can!

Re:DMCA?

It's not TiVo's media. You are, however, breaking the license agreement for the service if you do this and they can disconnect you. That's about it. (IANAL, either)

Re:DMCA?

Why "recall"? This is the Internet. Look it up.

Sec. 1201. Circumvention of copyright protection systems

            `(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

I don't see any reference to who is adding the "protection". This is probably a DMCA violation.

'Course, unless you run Linux but have never watched a DVD, you've pretty much already opened that door.

IANAL, but while I'm sure you could argue either way, I'm pretty sure that the better argument is that the DMCA is intended to allow non-owners to add protection, as TiVo is here, for exactly the sort of things TiVo is doing.

Re:DMCA?

No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

Call me crazy, but if you can circumvent it, then it doesn't seem like it effectively controls access. So you can crack anything that you can crack, duh.

Re:DMCA?

Well, the relevant part of the DMCA is this:

'a technological measure "effectively controls access to a work" if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.'

(that's 17 U.S.C. 1201(a)(3)(B)). Under your reading, where it says "with the authority of the copyright owner," that means that the copyright owner has to approve the encryption being put in place. Since I don't think Tivo has agreements with all the media companies, I don't think this applies. Also, I don't think Tivo adds anything to the media, so it doesn't have any copyright in it. So, under this section, you're right.

But, there's another section, 17 U.S.C. 1201(b) which says that you cannot traffic in something that circumvents "a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof." And, here, it does that if it "prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title." That's a bit odd to read -- the expression "a right of a copyright owner" is a term of art which basically means "the things only copyright owners can do." The end result is that you cannot traffic in circumvention devices, even if they circumvent something that was not put there with the agreement of the copyright owner, so long as it keeps you from doing something that only the copyright owner can do (i.e. *copying*).

I think that the end result of this odd situation is that people can circumvent the encryption on the Tivo, but can't provide a tool for others to do the same thing.

[See a lawyer before you rely on this.]

Cool, but not *too* cool.

It's cool that Mac/Linux users can now access their media in the same way as Windows users have been able to. It's not *too* cool (ie: dangerous to TiVo, and by extension the implementors) because you still need your MAK key, and all it does is provide the same level of access as TiVo already provide to windows users.

The crucial thing here is that TiVo took a business decision not to support Mac/Linux users. They can't really complain when those users decide to support themselves, giving themselves the same abilities that TiVo provide to Windows users...

Personally I think this is the right balance - my TiVo has been sitting in a corner since I moved house - the new cable box does everything TiVo did, and does it in HD (although the interface sucks a bit. Bad comcast). With this though, I can see a new lease of life for the TiVo ... a few creative uses come to mind :-)

Simon

Why TiVo when you can MythTV?

Neat idea and all -- the TiVo. Rather than fight with DRM, I'm using MythTV [mythtv.org]. All the shows I want are recorded, plus I get the added bonus of being able to drag and drop shows to my laptop for watching later. Add in the many other features that come with MythTV, and it's a wonder why people would use a TiVo. Check it out [mysettopbox.tv], and you'll be amazed.

Re:Why TiVo when you can MythTV?

Check it out, and you'll be amazed.

I did, and I wasn't. It was a giant pain in the a** to set up and configure, it didn't work reliably, and the cost for hardware was way higher than buying a TiVo.

Re:Why TiVo when you can MythTV?

It's a pain in the ass to set up and configure. I can't argue with you there. If you've done it once successfully, though (or two or three times) it becomes much easier.

However, I take issue with "didn't work reliably" and "cost was higher than a tivo."

My own MythTV works flawlessly, using a donated PIII-750 (cost: $0) for the server, and a Hauppauge 150 (cost: $60) for the tuner/encoder. There are no monthly fees. If you can show me a TiVo with lifetime subscription for $60, I'll be amazed. And tell my friends to buy it.

My MythTV also has features that TiVo will never have -- like the ability to automatically detect and skip commercials, the ability to select programs to automatically burn to DVD, and support for enough tuners to simultaneously record everything on every channel (well, in theory... I'd love to see the hardware for that!).

I like the TiVo. It's easy to use. But I like my MythTV a lot more. And I don't have to worry about what stupid decisions TiVo corporate might make -- like encrypting my videos so only I can watch them, support for the "Broadcast" flag, and wasting my storage space with advertisements.

Re:Why TiVo when you can MythTV?

"Why TiVo when you can MythTV?"

Why post on-topic when you can blatantly go off-topic and get modded up for it? This is a nuts and bolts Tivo article. It's not about considering one DVR solution over another. No other solution is even on the table here. I'm not the biggest fan of Tivo but I'm getting a bit sick of these folks who feels some sort of duty to shove in a reference to MythTV every time Tivo is mentioned. I for one won't be amazed by links about MythTV but I can't read a single DVR article that doesn't have some wonky poster extolling the virtues of MythTV. We get it. We know. Stick to the topic.

On a slightly related topic...

Are there any new solutions these days for recording tv that _DON'T_ require subscribing to a monthly service, like the vcr did? Like, say... recording programs to a large hard drive and then being able to either play from the HD or else transfer them to a computer and burn DVD's of the stuff for permanent storage.

Big frakin' deal.

--begin opinion--

I don't understand why someone would go through the effort of downloading movies from their TiVo to watch on a PC.

- Basic TiVo quality isn't so hot
- The TV shows that I record in high-quality usually exist on purchasable DVD's anyway
- Who ever watch movies more than once or twice? Thanks to Netflix, there is a never ending list of good movies that I've never seen

I don't see all the fuss. TiVo is fine, the DRM is fine. TiVo records disposable media, and media worth hanging onto is worth purchasing for better transfer quality.

Can I get some anecdotal evidence about who actually needs so proliferate their TiVo data?

The only case I can see is if your kid is on the local news and you want a permanent record. Even then, you can usually contact the news station for that.

--end opinion--

Security 101

Its only a matter of time before mechanisms involving Security by obscurity is compromised.
"So in war, the way is to avoid what is strong and to strike at what is weak."
--Sun Tzu, in The Art of War.

InterTiVoNet

So can a MythTV install now send shows recorded by TiVo to other MythTV or TiVo players across the Internet? Do you even need MythTV to do this?

F***in' A!

Now who will write a MythTV plugin, so I can use Inter-room transfers (or whatever TiVo calls them) between TiVo and Myth? It has already worked the other way, right (at least if you use MPEG2 encoding)?

Do any of you actually OWN a TiVo?

Because the download counter on sourceforge is showing whooping 117 downloads! And that's combined total for the EXE and source code downloads.

What's with all the off topic discussions? This is a big deal if you are a TiVo owner. I have 200 GB of .tivo files on my computers and no way to play them unless I install the craptastic Tivo Desktop application. I should have known that any topic on /. would inevitably go off tangent into DRM and OSS discussion...

Let's talk about something more relevant to this topic. Such as: I just tried the app and the damn thing doesn't work at all. Granted, I ran it under VMWare (because I don't exactly trust strange programs off the Internet...) but that should not matter.

umm wasn't this done years ago?

I remember following a procede a while back that allowed you to take the home media files from a series2 (.tivo file) and run it through some program that was included in windows and viola! you got a regular uncompressed mpg2 stream (.mpeg) within a minute or so. it was so easy i thought it was a fake but it really worked. i had no problem with the mpegs after that.

Mac semi solution

I can pull Tivo video with my Mac with both Series 1 and Series 2. I also can stream video directly to my Mac. See here [danslagle.com]

Yay? Rejoice?

Okay, so TiVo's are useful, right? You have a computer if your reading this right? Then why not just dish out $100 and get a Digital TV Tuner. It'll turn your computer into a DRM-Free TiVo-like device. Why make a box for MythTV? Why not just use your CURRENT box? or better yet, do some trading with old parts. You cant tell me you dont have something. I just traded a set of speakers for a AMD Athlon XP 1.3ghz, 256mb DDR RAM, a Gigabyte Mobo AND a MX 400. All sufficent for a MythTV box, am I correct? Seems cheaper than a TiVo, and more convenient to MOST of you here, so why all the fuss?

TV Programs w/ Mac Linux compatibility w/ TIVO...

...Man, this will have a huge impact on the users of the 12 million TIVO systems out there.

* Offset 0x0 through 0x03 "TiVo" stream header -- null padded?

* Offset 0x12-0x13 - (value 0x474, 1140) length of XML copyright header -- null padded?

* Offset 0x16-0x17 - (value 0x463, 1123) length of metadata??

* Offset 0x0C-0x0D - (value 0x3800) start of video??

* Offset 0x0F - (value 0x3) flags??

Amazing what cryptanalysis can do!

Now, if only the decoders would make something of the spaghetti code (encrypted word/s) data of the war/tyranncy/sabotage/game/trauma (I don't know what it is exactly) in Iraq and give some real leadership to our country. And TIVO could gain some market share from civilians and insurgents who had watched YouTube: if Iraq achieves a good state of civility and there aren't any more stunts to video record on YouTube.

A "nonce"?

It mentions "nonce" in the text. Well in British english that means a child molestor though I suspect thats not what they mean here , so what does it mean?