TiVo File Encryption Cracked

An anonymous reader writes "TiVo file encryption has been cracked. Details on the project can be found on the wiki. Mac and Linux users rejoice!" The project page says, "The conversion still requires the valid MAK of the TiVo which recorded the file, so it cannot be used to circumvent their protection, simply to provide the same level of access as is already available on Windows."

Possibility for series3 HD Tivo?

[adam (1231)]

After reading the linked "details" article, I am at a loss to tell whether or not this will work with HD-Tivo. I've wanted to buy one of these for a long time (and they've recently hit the market [engadget.com], but at $700ish I can't justify the cost unless I have some way to archive my programing (and Tivo2Go is not offered for HDcontent). HD-DVD and BluRay are both non-starters at the moment, whereas HBO, Showtime, Cinemax, etc all play assloads of HD content all the time (including many movies that aren't out on DVD yet, as well as their own series such as Deadwood, Dexter, etc).

So can anyone tell me if this actually brightens the prospects of being able to use a series 3 HD Tivo to record HD shows and then archive them offline for storage? I did RTFA but the jargon about headers and address bytes and whatnot got a little heavy for me.

Re:Possibility for series3 HD Tivo?

[by Anonymous Coward]

No, this just applies to standard def content from a Series 2 TiVo. You must use the Home Media Option to get the files off the TiVo top begin with. The Series 3 TiVo (the HD version) does not support the Home Media Option.

Re:Possibility for series3 HD Tivo?

[MBCook (132727)]

It won't. Series 3 do not have the necessary feature enabled because Cable Labs won't let them (yet). Look for it in a future release (if hell freezes over).

For getting video off a Series 3, I worry that it will take an external drive (once they enable THAT) and then get the files that way.

I say all this as a Series 3 owner who, really, doesn't have a ton of use for extracting video.

In short: Series 3 need not apply.

Re:

[jedidiah (1196)]

Yup. A HD TV isn't expensive really. Anymore HD is just a standard feature with any TV that's a decent large screen TV for watching movies. All of that progressive DVD content will be more than adequately cool. You don't even need to futz with the HD channels (payware or otherwise).

Infact, when stacked up next to a nice progressive DVD those HD channels aren't that hot anyways. Even when not compared to good DVD's in a side by side comparison those HD channels aren't that impressive.

Many people don't have t

DMCA?

[Thunderstruck (210399)]

If I recall, the DMCA prohibits trafficing in technology to bypass security measures on copyrighted media put in place by the owners of that copyright.

The limitations on Tivo are copy protections put in place by a third party, not the owner. (I can still record the same programs on my betamax with no trouble.) Have I missed something?

Re:DMCA?

[Aadain2001 (684036)]

IANAL, but from my understanding it can summed up as: the MPAA/ABC/CBS/etc can't sue them for this (they didn't put the protection in place), but TiVo certainly can!

Re:DMCA?

[ahknight (128958)]

It's not TiVo's media. You are, however, breaking the license agreement for the service if you do this and they can disconnect you. That's about it. (IANAL, either)

Re:DMCA?

[Jerf (17166)]

Why "recall"? This is the Internet. Look it up.

Sec. 1201. Circumvention of copyright protection systems

            `(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

I don't see any reference to who is adding the "protection". This is probably a DMCA violation.

'Course, unless you run Linux but have never watched a DVD, you've pretty much already opened that door.

IANAL, but while I'm sure you could argue either way, I'm pretty sure that the better argument is that the DMCA is intended to allow non-owners to add protection, as TiVo is here, for exactly the sort of things TiVo is doing.

Re:DMCA?

[acklenx (646834)]

No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

Call me crazy, but if you can circumvent it, then it doesn't seem like it effectively controls access. So you can crack anything that you can crack, duh.

Re:DMCA?

[cfulmer (3166)]

Well, the relevant part of the DMCA is this:

'a technological measure "effectively controls access to a work" if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.'

(that's 17 U.S.C. 1201(a)(3)(B)). Under your reading, where it says "with the authority of the copyright owner," that means that the copyright owner has to approve the encryption being put in place. Since I don't think Tivo has agreements with all the media companies, I don't think this applies. Also, I don't think Tivo adds anything to the media, so it doesn't have any copyright in it. So, under this section, you're right.

But, there's another section, 17 U.S.C. 1201(b) which says that you cannot traffic in something that circumvents "a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof." And, here, it does that if it "prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title." That's a bit odd to read -- the expression "a right of a copyright owner" is a term of art which basically means "the things only copyright owners can do." The end result is that you cannot traffic in circumvention devices, even if they circumvent something that was not put there with the agreement of the copyright owner, so long as it keeps you from doing something that only the copyright owner can do (i.e. *copying*).

I think that the end result of this odd situation is that people can circumvent the encryption on the Tivo, but can't provide a tool for others to do the same thing.

[See a lawyer before you rely on this.]

Cool, but not *too* cool.

[Space cowboy (13680)]

It's cool that Mac/Linux users can now access their media in the same way as Windows users have been able to. It's not *too* cool (ie: dangerous to TiVo, and by extension the implementors) because you still need your MAK key, and all it does is provide the same level of access as TiVo already provide to windows users.

The crucial thing here is that TiVo took a business decision not to support Mac/Linux users. They can't really complain when those users decide to support themselves, giving themselves the same abilities that TiVo provide to Windows users...

Personally I think this is the right balance - my TiVo has been sitting in a corner since I moved house - the new cable box does everything TiVo did, and does it in HD (although the interface sucks a bit. Bad comcast). With this though, I can see a new lease of life for the TiVo ... a few creative uses come to mind :-)

Simon

Re:Yay fair use

[Lumpy (12016)]

Funny, I've been doing this with my ReplayTV for years now. I made the decision to go replay instead of Tivo back then and enjoyed full access to my content, no features removed (I still have a commercial skip button that works, no pause ad's and everything works as it should and was promised when I bought it.

Nice to see that TiVO owners can catch up to the rest of us now, but a smarter decision at the beginning would have given you that choice from the start.

if someone figures out how to take a TiVo and install a linux distro on it and a mythtv install I'll be all over buying a Tivo or two to hack, but until then. I'll keep using my networked replays.

Oh no!

[PHAEDRU5 (213667)]

A cloud of smug!

Re:Yay fair use

[Manchot (847225)]

Commercial skip: Still works on the Tivo, except now you have to push a six-button sequence every couple months to get it to work.
Ads: Barely visible. They either appear on the bottom of the Now Playing screen, in which case they're optional, or it takes up an eighth of the screen during the commercial for the product being shown. In essence, the latter are only visible in the short time while you're fast-forwarding, showing you a stationary ad for a couple seconds. Those ads are exceedingly rare anyway. (I saw one for the Wii yesterday during primetime, but that's the first I've seen in weeks.)

It seems to me that many people on Slashdot, the Richard Stallman crowd especially, act like Tivo is most evil company on the planet for a few very minor faults (especially when it comes to DRM). In reality, I like Tivo because while they do pay lip service to the likes of the RIAA and the MPAA, it is only lip service. They didn't actually remove the commerical-skip feature: they just put in an easy workaround to get it. They included DRM to prevent themselves from getting sued, but it is extremely minimal DRM that is easily circumvented by the owner of the Tivo with a single DirectShow filter. If ReplayTV had paid lip service, it might still be around.

In fact, Tivo even does things that most Slashdotters would applaud, but are villainized nonetheless. Though they have a few patents, a lot of it is for innovative hardware. They aren't like some of the patent-whores who patent things invented fifteen years ago: they basically co-invented the DVR, and made a damn good one. They even use Linux and released their code under the GPL. And yet, we still hear Stallman complaining about the fact that the Tivo hardware locks you out from changing the software. What he (and many others) apparently miss is that when you buy a Tivo, you're not buying a general purpose computer: you're buying a DVR. I mean, God forbid that they prevent users from running them out of business by buying the hardware for far less than it costs Tivo to make it and loading MythTV onto it. (Yes, Tivo subsidizes the cost of the hardware, but only because you are agreeing to pay for the service.)

Re:

[jedidiah (1196)]

Quite simply, I shouldn't need to indulge in a "hack" that is a well known secret in order to get my PVR to skip ahead 30 seconds. You've just been conditioned to accept this. Nevermind how annoying it is anytime there's a power hit.

It's really quite nice being able to completely power down the MythTV box that sits in my living room. If I do the same to my Tivo, not only does stuff not get recorded but I will have to re-enter that stupid hack to get my 30-second skip back again.

That's not even getting into

Re:Why TiVo when you can MythTV?

[Scutter (18425)]

Check it out, and you'll be amazed.

I did, and I wasn't. It was a giant pain in the a** to set up and configure, it didn't work reliably, and the cost for hardware was way higher than buying a TiVo.

Re:

[MoxFulder (159829)]

The reason hardware for MythTV costs more is because Tivo sells their hardware at a loss, because they can count on making up for it in high subscription fees.

I recently spec'ed out a MythTV box with an 80gb hard drive and hardware MPEG encoding and a nice media center case for $350 shipped from NewEgg. A pretty good deal, I'd say, and it can actually be used for other things than just watching TV (it's got an Athlon 64, 512 mb RAM, and NVidia GeForce 6150 graphics).

Re:Why TiVo when you can MythTV?

[scribblej (195445)]

It's a pain in the ass to set up and configure. I can't argue with you there. If you've done it once successfully, though (or two or three times) it becomes much easier.

However, I take issue with "didn't work reliably" and "cost was higher than a tivo."

My own MythTV works flawlessly, using a donated PIII-750 (cost: $0) for the server, and a Hauppauge 150 (cost: $60) for the tuner/encoder. There are no monthly fees. If you can show me a TiVo with lifetime subscription for $60, I'll be amazed. And tell my friends to buy it.

My MythTV also has features that TiVo will never have -- like the ability to automatically detect and skip commercials, the ability to select programs to automatically burn to DVD, and support for enough tuners to simultaneously record everything on every channel (well, in theory... I'd love to see the hardware for that!).

I like the TiVo. It's easy to use. But I like my MythTV a lot more. And I don't have to worry about what stupid decisions TiVo corporate might make -- like encrypting my videos so only I can watch them, support for the "Broadcast" flag, and wasting my storage space with advertisements.

Re:

[FatAlb3rt (533682)]

Your MythTV didn't cost you $60. Just because someone donated the computer to you doesn't mean it was free.

Although I'm not sure what your point is here, I guess I'll go with it. Just because you griped enough to DirecTV and didn't get charged for a year doesn't make it free to you either. Be sure to count the time on the phone with them, the downtime without the service, and the general BS that you have to put up with when speaking w/ customer service.

There's that and there's the time it cost you to put

Re:Why TiVo when you can MythTV?

[hal2814 (725639)]

"Why TiVo when you can MythTV?"

Why post on-topic when you can blatantly go off-topic and get modded up for it? This is a nuts and bolts Tivo article. It's not about considering one DVR solution over another. No other solution is even on the table here. I'm not the biggest fan of Tivo but I'm getting a bit sick of these folks who feels some sort of duty to shove in a reference to MythTV every time Tivo is mentioned. I for one won't be amazed by links about MythTV but I can't read a single DVR article that doesn't have some wonky poster extolling the virtues of MythTV. We get it. We know. Stick to the topic.

Re:

[jedidiah (1196)]

This is an article about the BS associated with proprietary solutions. The possibility of using an open solution and BYPASSING all of this BS is very much on point. I am a LONG time Tivo user that chose to build a MythTV system over this very problem.

Re:

[the_crowbar (149535)]

$500 for a TiVO w/ Lifetime subscription is not a bad price, but let me break down my MythTV box.

• $119 nMedia Media Center Case I could have used an old beige box, but this case fits in perfectly with my other components
• $88 Athlon64 3000+ CPU
• $87 Asus A8N-VM CSM motherboard with Geforce 6150 onboard
• $95 Seagate 400GB SATA 3.0 HD
• $90 1GB DDR RAM Crucial ValueRAM
• $10 Universal Remote
• $5 Homemade Serial IR receiver
• $40 2 WinTV software encoder cards from Ebay

Total: $534

I happen to have Charter HD cable

Re:No it hasn't.

[pegr (46683)]

It hasn't been "cracked", since it still requires your Media Access Key to decode the video.
 
Remember what Bruce says kids: In the classic encryption scenerio, A(lice) encrypts her message to B(ob) to protect it from C(harles). With DRM, Bob and Charles are the same person!

Re:No it hasn't.

[mrsbrisby (60242)]

It hasn't been "cracked", since it still requires your Media Access Key to decode the video.

Yes it has. The MAK isn't the key to the encrypted stream- the MAK is what's printed on the System Information page in the TiVO.

This defeats TiVO's DRM that was used to prevent Linux and Mac users from watching shows on their PC.

Please stop replying if you have no idea what you're talking about.

Re:No it hasn't.

[mrsbrisby (60242)]

The MAK isn't the key to the encrypted stream-

Yes it is... RTFWiki.

No it isn't. read the wiki yourself. I've been following it for months.

The key is produced through a (previously) unknown tranformation involving the MAK. Since the MAK is published, as well as the cipher, as well as the protocol.

TiVo's DRM prevented Linux and Mac users from watching their shows only as a side effect. The intent of TiVo's DRM is to prevent people who don't know the MAK from watching the content.

I don't know what the intent of Tivo's DRM was, and I strongly suspect you don't either.

The DRM as implemented couldn't do what you say it was intended to do- people regularly rip from their tivo and show the results to people who don't have the MAK.

This is a nice piece of reverse engineering, but no encryption scheme was cracked.

Its a wonderful piece of reverse engineering, but if you're nitpicking that people didn't break the turing cipher, I've got news for you: Nobody had to. They broke the method of creating the key.