Does changing from integrated to discrete video break DRM?

Post Reply
User avatar
FrankAZ

Posts: 42
Joined: Wed Apr 04, 2012 8:16 pm
Location: Chandler, AZ

HTPC Specs: Show details

Does changing from integrated to discrete video break DRM?

#1

Post by FrankAZ » Thu Mar 02, 2017 9:25 pm

Hello,

It's been a very long time since I last posted. A policy of ignoring my curiosity and not 'fixing' a working HTPC until it is truly broken has stood me well for years. But I am now faced with increasing urgency to implement a fix and would appreciate the expertise of the forum before I break something out of ignorance.

My HTPC has been running 24/7 since October 2010. Recently I have begun to notice display issues which I have tentatively diagnosed as being caused by the Intel Integrated Graphics. They do not follow HDMI cable, TV, or recording. I think the time is coming to plug in a discrete video card and use that instead, and because I now have a 4K TV I'll choose a card which supports 4K if only to complete the 4K path between media and the screen. My worry is that I have literally thousands of DRM-protected recordings stashed away on my network so it is important to me that I not damage my HTPC's DRM mechanism.

Has anyone personal experience of adding a modern (likely nVidia) graphics card to an older machine to replace the Intel Integrated Graphics and NOT borking their DRM? I will leave the old Intel graphics enabled and visible to the OS, just not the primary output and not hooked up. So, the DRM system will only see the addition of one extra video component. The rest of the HTPC, though old, is fit for the task.

I saw the various threads about a registry edit to pacify WMC about a over-resolution output device.

Of course, I add my voice to the vocal minority complaining to deaf or non-existent ears about the agonizing inability to transfer DRM from one machine to another even with as many restrictions as Microsoft and their licensees might demand. Same network; same OS; same Microsoft account; maintain old machine presence on the same network; phone-home to Microsoft every X hours; purchase a discrete DRM dongle to educate on the old machine and keep plugged into the new machine; anything...

Frank.
i3-540 | DH57DD | 4GB DDR3-1333 | InfiniTV4 \ 2250 | Intel SSD \ WD 1TB | Silverstone GD05

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#2

Post by Crash2009 » Sat Mar 11, 2017 3:53 am

New card will likely break Playready, but you might get lucky. Make a good System Image and test it on a spare HD to make sure it works.

I never had the patience or the ambition to jump through all those hoops to save my protected recordings.

Couple search terms for you. Find one of Richard1980's posts then search mspr.hds (this is the file that holds the "keys" to your protected recordings) Richard, as well as a few others have written plenty on how to not lose.

Bee_Dee_3_Dee claims to have come up with a way to share protected with various WMC's by using Junction Links. PM him and see if you can pick his brain a bit. Bee_Dee_3_Dee comments on post #37, Richard1980 in post #36

http://www.thegreenbutton.tv/forums/vie ... 019#p48019

I was always curious if there actually is a chip on the MB that stores the hardware list, and that some variants of PlayReady used that chip to compare old to new hardware.

Good Luck finding anything at MS. PlayReady is likely one of their most closely guarded secrets. You would think they would provide a service to register your hardware, approve the addition you want to make, and adjust the PlayReady so you dont lose your recordings.

I don't have any first hand experience with this.....just what I read.

User avatar
FrankAZ

Posts: 42
Joined: Wed Apr 04, 2012 8:16 pm
Location: Chandler, AZ

HTPC Specs: Show details

#3

Post by FrankAZ » Sat Mar 11, 2017 5:46 am

Crash,

thank you for the reply. I will experiment in a couple of weeks while my wife is out of town and I have the run of the HTPC sufficient to break and fix it without being under any time pressures. I'll likely start by backing up and then stuffing in a spare non-4K video card to check my hypothesis about it being the integrated graphics, and along the way give a first check to the DRM resiliency.

Until recently I worked for Intel so have a little insight into how the unique value at the origin of the DRM might be derived. That the system is resilient to arbitrary small changes at all is more of a clue since it indicates that the individual unique system values must be stored discretely and in such a way that they may be recovered. That is the only way that a change of each value may be detected and perhaps permitted. Were a hash of the aggregate uniqueness be stored then there wouldn't be a way to distinguish a small change from a large change from any change.

There are a multitude of unique or at least high-entropy values stored in even the simplest computer system. Intel has steered clear of a unique value accessible to software in consumer CPUs since the publicity catastrophe around CPU Serial Number. But, every die has a plethora of identification values fused in during manufacture, not least the wafer#, row# and column# from the fab, lotid#, s-code#, plus thousands of other tuning values to adjust bias voltages and output drive characteristics to bring each die into specification. Some of those may be read by the right tools, and some during SINIT in early boot, before OS launch, or even run-time with the right privileges. Non-consumer CPUs (Xeons, embedded parts, ...) have uniqueness deliberately baked-in with EPID values which are tied to system uniqueness for security technologies. In any matter, the CPUID instruction is a primitive instruction which reports out a manufacture-time fuse pattern which while not unique will identify a small lot of CPUs.

So, the CPU may be identified.

Similarly for the chipset.

Then there are hardware die idents in the ethernet controllers, the graphics sub-system, the memory controller, the interrupt controller, etc etc etc. A bunch of values which collectively begin to be universe-unique.

Ditto for third-party components. HDD/SSD serial numbers, video-card s/n, memory DIMM s/n, flash devices, the firmware hub, pretty well anything and everything smarter than a resistor.

There may even be a TPM, either integrated into the chipset, as a discrete part, or as a soft-TMP in firmware running on the Management Engine, another CPU core in the chipset not exposed to the user directly. The TPM is designed to keep secrets.

Then there are firmware build versions for the BIOS components, the ME, the video, the Ethernet controllers. Not unique by any means, but together with other value it all adds to the uniqueness of a system in the time-line.

Finally, volatile changeable things like the MAC address(ses) stored in flash local to the i/o devices. They wouldn't use anything like MAC in their algorithm because anyone can change a MAC address with free tools provided by the manufacturers, and what they are trying to prevent is DRM leakage through system-cloning.

In short, not only is a unique value stored in the system, there are more than you can shake a stick at.

The DRM method must have an algorithm for finding values, consistently choosing which to use, and combining them with a random number to create a unique per-system value to bury in the DRM mechanism and to begin the certificate-chain incremented for each new recording. Any injury to the DRM would never be able to recover the original root key even on an unchanged system because of that random number generated when DRM was initialized.

But, all those values must be stored individually (or perhaps re-read periodically) and the original or at least the latest random number must be stored too because when one component is swapped and one value used in the calculation of the DRM key is changed the system is smart enough to decide whether that one thing changing is a big enough change to decide to scrub DRM, I can't think of another way that the keys can be maintained without being able to rebuild them while either re-keying everything or recreating the original key.

Microsoft would not be going out of their way to save those values in a non-volatile store hidden from consumer-level curiosity. It's not like their own licensing method. They want the DRM to break first if anyone tries to futz with it. Their DRM will be using a chain of one-way functions similar to those used in crypto key-exchange, and the algorithm(s) will be hidden in plain-sight. The security comes from the one-way math and the random number.

Frank.
i3-540 | DH57DD | 4GB DDR3-1333 | InfiniTV4 \ 2250 | Intel SSD \ WD 1TB | Silverstone GD05

User avatar
Crash2009

Posts: 4357
Joined: Thu May 17, 2012 12:38 am
Location: Ann Arbor, Michigan

HTPC Specs: Show details

#4

Post by Crash2009 » Sat Mar 11, 2017 6:46 am

I broke DRM several times. Asus M4A78Pro I went from the HD4000 onboard to the hd6700 Pcie. A couple times my bios battery died-settings went back to default...broke DRM (this one was fixable) took awhile to remember how I had the bios set. I heard a couple guys got away using similar hardware so I bought a spare M4A78Pro and an HD6700 Different serials yes but possibly close enough to avoid DRM shutdown. Brand new in box with original plastic wrapper HD6700 and motherboard, been collecting dust since 2012 Almost had to use the spare board one time.

Made a big mistake taking the htpc out to the back yard to blow the dust out with the compressor...must have been a few drops of water in the air hose.. shorted the board. Found a guy that told me to wash it with Windex, spray it with 95% alcohol, and leave it for a few days in the back window of the car. All I thought about while waiting for it to dry was, OMG please don't lose my movies. Lucked out that time too.

I have read about a few guys that have changed out MB's, VC's, just about everything. Not sure how long their luck lasted though.

Maybe this little bump will draw out some success story for you, or maybe even someone that knows what to do.

Make sure you backup mspr.hds

User avatar
DavidinCT

Posts: 1556
Joined: Mon Feb 13, 2012 3:45 pm
Location:

HTPC Specs: Show details

#5

Post by DavidinCT » Sat Mar 11, 2017 3:34 pm

Although I have worked on these cases over the years, I have been lucky enough not to deal with this issue on my person a machines. It came down to a care about content in my case, as I had the movie someplace else and if I lost it I didn't care enough to TRY to troubleshoot.

As crash said, this is a very tricky one. I would clone your OS drive (using Acronis or one of the other packages), then work on it, if all else fails, remove hardware change restore and try again. Changing a video card would be a very high chance of breaking this.

I'll be watching this thread, good luck !
-Dave
Twitter @TheCoolDave

Windows Media Center certified and WMC MVP 2010 - 2012

SciFiGeek

Posts: 45
Joined: Thu Nov 10, 2016 2:46 am
Location:

HTPC Specs: Show details

#6

Post by SciFiGeek » Thu Apr 06, 2017 2:41 am

It seems as though an attempt was scheduled, any luck? Obviously backup as everyone has said.

A thought, I wonder if the fact that the integrated hardware is still in the system makes a difference to Play Ready.

My Video Card add was during DRM-less service.... Now I have DRM service...

Wishing us all with DRM content the best of hardware life. May your equipment get warm and flaky from inevitable fan failures but never burn up.

User avatar
Bee_Dee_3_Dee

Posts: 281
Joined: Tue Feb 19, 2013 4:39 pm
Location:

HTPC Specs: Show details

#7

Post by Bee_Dee_3_Dee » Fri Apr 14, 2017 4:51 pm

See:
http://www.thegreenbutton.tv/forums/vie ... =68&t=4725
(Video Card Upgrade: GT640.... Sun Mar 10, 2013 11:23 am)

^^ i think i had no prob upgrading vid cards and DRM not broken. (^^ the reference to 3 and 4 recordings means i already had a Ceton 4 TV tuner with Cable card.)

but always do like Crash and DavidinCT suggest as far as imaging C drive before attempting anything ur unfamiliar with doing. i like to insist on doing so regardless of the degree of changes u make to a PC. Before i play Spider Solitaire on my i7-6850K Gaming rig, i image the Boot drive. (JK but Technically true because i Image that drive everyday just before using it. ;) )

Post Reply