TiVoToGo Encryption – cracked?

Posted on Sunday, December 3, 2006 by MegaZone

Well, it looks like someone cracked the DRM on TiVoToGo, making it possible to decrypt the files on non-Windows platforms. It is C code which reportedly runs on Linux, Solaris, and Windows. (I’m sure someone will port it to Mac if it doesn’t run there already.) This is the Wiki reporting the development, and this is the project page on SourceForge. It is open source, BSD license. Right now it looks like a geek-level solution – you run it from the command line. But I’m sure someone will wrap it in a nice package to make it usable for the average user.

TiVo will probably not be happy about this, but I’m not surprised. There have been ways to strip the DRM on Windows for a while, such as DirectShow Dump, using holes in the DirectShow mechanism, and it was clear people were working on a real ‘crack’ for the system to remove the Windows requirements. Pretty much any widely used DRM system will have people dedicated to cracking it. There is more motivation because TiVo has failed to support any platform other than Windows, leaving Linux/UNIX and MacOS users out in the cold since TTG was released. The lack of an official solution is always going to increase motivation for users to find their own answers.

EDIT: Here’s a guide to using this on a Mac and another one for automatically using it with Galleon on a Mac.

EDIT: This landed on Digg – albeit indirectly. The person who posted it link to the PVRWire story which originated from this post.

About MegaZone

MegaZone is the Editor of Gizmo Lovers and the chief contributor. He's been online since 1989 and active in several generations of 'social media' - mailing lists, USENet groups, web forums, and since 2003, blogging.    MegaZone has a presence on several social platforms: Google+ / Facebook / Twitter / LinkedIn / LiveJournal / Web.    You can also follow Gizmo Lovers on other sites: Blog / Google+ / Facebook / Twitter.
This entry was posted in TiVo. Bookmark the permalink.
  • emarosan
  • clunkclunk
  • emarosan

    Yay!!! This means that within a week, we should have a nice GUI candy coated wrapping for Mac OSX. Finally!

  • auryn29a

    YES!

    *does a little dance*

  • cassiusdrow

    Unless TiVo has already upped the encryption ante, this will probably delay the approval for MRV and TTG for the Series 3.

  • jerronimo

    Awesome!

    I always forget about the https server on the tivo itself. I always hit the regular non-secure one instead. Is there a listing of other webpages that are on it? i know that it automatically goes to the ‘now playing’ page, but what other interfacey stuff is hidden on there?

  • teelo

    That’s exactly what I thought. :( Now it’s just a question if this will be a delay or a “permanent delay” like USB support for the DirecTV units. :( Crap.

  • wickerdotus

    Crapola…

    As soon as I read the post here, the Series 3 was the first thing I thought about.

    I wonder if Tivo already has a plan in place for when the DRM was (not if) cracked. I wouldn’t be surprised to see a new update pushed down to the older Tivos in the near future.

    Tivo at least has the luxury of being able to push down required updates whereas other vendors don’t have that option.

  • stile99

    DVDs were cracked basically because people wanted to watch them on Linux boxes, and were told various things, which all boiled down to ‘no’. The legal and moral issues have all been well-discussed elsewhere, no need to hash them again.

    Now TiVo files have been cracked for a very similar reason. Other platforms came a-knockin’, nobody answered.

    I agree this is certainly not going to help the S3, but I must admit my only shock in relation to this news is it took this long.

    As you note, any DRM system is a target. But any DRM system that says “only you may enter…you, you, and you can bugger off” is pretty much wearing steak underpants and dancing in front of a legion of starved pitbulls.

    For what it is worth, I do believe TiVo when they say they were working on it. (Mac support). However, the barn door is wide open, the horse is long gone, and the point is now moot. My hope now is that TTG isn’t pulled entirely.

  • megazone

    Yeah, I thought of that right away when I heard about this. I expect that TiVo will change the DRM to defeat this crack.

    DRM is a lost cause really, there are many ways to attack DRM and all the major DRM systems have been cracked to one degree or another. AACS from Blu-ray & HD DVD haven’t been busted yet, but they’re fairly new.

    The thing is, you could have TTG on the S3 and just not allow some shows to be transferred if that’s what the content provider wants. It doesn’t have to be all or nothing.

  • megazone

    Not really, there are XML pages – which is what TiVo Desktop loads – but the info is pretty much the same, just XML files. It would be nice if more pages – like the To Do list – were available.

  • megazone

    Telling the Linux community “No X for you” is like daring them to crack it, really. We’ve seen it again and again and again with DRM, proprietary formats, etc. I think that’s what really drove this – note that the original platform for this crack was Linux. TiVo pretty much said they wouldn’t be supporting Linux, so there was always good motivation for that community to solve it themselves.

    I remember asking them about Linux at CES when TTG was first announced, when it was still going to be a dongle system, and they didn’t plan on supporting Linux back then.

    And the only thing surprising to me as well is that it took so long. Though I suspect the extraction hacks possible on Windows for a long time now reduced the motivation for some.

    I believe TiVo too – but they’ve been ‘working on it’ for a couple of years. I saw what I was told was working Alpha software at CES2006. I’ll be going to CES2007 in a month, and it isn’t out yet. By this point they could’ve written their own decryption and playback engine from scratch. After a few missed promised dates, at this point I’ll believe it when it is available to download.

  • jerronimo

    ooh, actually, that is useful to me. what are the URLs to the XML pages?

  • megazone
  • jerronimo

    indeed it does, that’s exactly what i’m looking for!
    Thanks! :D

  • doc_quixote

    This has been out in some form (that even my feeble Google-fu was able to find) 6 months ago, and TiVo’s Google-fu is unlikely to be so non-existant to have missed it. If TiVo was going to push down a change to DRM (or disable T2G downloads, or restricting downloads to people known to be running “legit” software), they probably would have done so by now.

    I do suspect, however, that if the cable-card-enabled S3 units don’t already block downloads of anything that was transmitted encrypted, they will soon…

  • anonymous

    I am successfully watching downloaded content on my Mac, without using any sort of Windows solution at all.

    Downloaded from the TiVo via the web interface (though I’ll probably start using Galleon), decrypted it via tivodecode, and I’m able to watch it in VLC. QT doesn’t like the files though.

    I was able to use iSquint to convert it to an MPEG4, and now my iPod is playing Robot Chicken :-)

  • anonymous

    I would love to hear how you went about using tibodecode on your MAC.
    I am sure everyone on a mac wouldn’t mind knowing ethier.

    How easy is it?

  • megazone

    There have been ways to extract the video on Windows since pretty much the day TTG was released. But this is the first I’ve seen code that works without the TiVo DLL and runs on other platforms, and it was only posted to SourceForge for the first time a few days ago.

  • anonymous

    It’s not too bad if you’re familiar with the CLI. You compile it like most any other command line program, then run it, inputting your MAK, the destination file, and the source file.

  • doc_quixote

    … and it was only posted to SourceForge for the first time a few days ago.

    Erm… I can say, with absolute certainty, that the detail given on that page was sufficient (for someone minimally skilled in related arts) to make a decoder several months ago. :)

    The discussion is via wiki, the whole thing was not posted in one go. Several months elapsed between JimFowler’s last comment and someone being brave enough to publically post something that could potentially result in a takedown notice or IP litigation.

  • anonymous

    Great. Way to ruin it for those who use Tivo Desktop legitamately! Now Tivo will probably turn TivoToGo back off. Couldn’t you have just used DirectShow dump with your Media Access Key???

  • megazone

    I know, I used to do secure networks and crypto, but I’m so rusty now trying to do it myself would be a challenge. But someone being able to homebrew their own solution and maybe share it with a few people is different from someone posting working code that anyone can use – well, a lot more people. I know compiling C is beyond most end users. So the posting of this is a major milestone. Once the code is ‘in the wild’ it can’t be recalled, and it will spur secondary development – GUI tools, etc.

    I had a DRM sripping application for Windows well before the likes of DirectShow Dump, etc, came out. But the author gave it to me in confidence with the understanding that I wouldn’t redistribute it. I still use it because it is nicer than DirectShow Dump, but it does pretty much the same thing.

  • megazone

    No, because that only works on Windows. This code works on Linux, MacOS, UNIX – it is portable and allows non-Windows users to use TiVoToGo.

    Until TiVo does something to block this.

  • stile99

    Really…what can they do? There’s nothing different going on this week than there was last week…people are using their MAK and watching shows recorded by their TiVo box on devices other than their TiVo box. All that has changed is the range of devices being used.

    If they change DRM, that new one is going to be treated the same as the old. I have the same fear as our anonymous friend, actually. Like I said, the barn door is open and the horse is long gone. Get a new horse, close the door, and it will just happen again. The only ‘sure’ way to make sure a horse doesn’t escape from that barn again is to burn the barn down, and nobody wants to see that.

  • megazone

    They could make the DRM a lot tougher to crack. Look at Apple’s FairPlay – the system was cracked early on, but Apply keeps updating it. They changed it in 6.x and broke the previous cracks. No one has been able to recreate that crack, which allowed direct decryption of the files. The new cracks work like DirectShow Dump for TiVo – users found ways to snag the raw AAC frames post decryption out of the standard playback stream. But Apple updated things again in 7.x, breaking that – until users were able to find what changed and recreate them.

    Apple keeps iterating and making hackers work on it over and over, raising the bar each time. The protection hasn’t been broken since the 6.x update (well, DVDJon claims to have something) so it takes more and more work to rip anything.

    TiVo can certainly improve their DRM, making it harder to crack. It is an arms race, any DRM system that is left unchanged for long enough will probably be cracked.

    The question is, is it worth it? They may just decide to drop TTG on the S3 for good and leave the DRM as-is. But if it hurts expansion of the business, say it scares of TiVoCast partners, etc, then they are probably best off trying to patch it.

  • kyouteki

    Any chance on you posting a binary? I don’t have Xcode on my box or access to my OS DVDs at the moment.

  • anonymous

    Xcode is available from Apple’s Developer Site for free.

  • anonymous

    I posted an OSX PPC binary on the project download page. This may work for you. Sorry, I don’t own a Mac, and don’t know much about them, I just compiled it on the SF.net Compile Farm and zipped it up.

  • kyouteki

    Here’s a Mac binary and a little automator workflow I whipped up to run it for me:

    http://www.geocities.com/kyoutekia/

  • anonymous

    A Tivo is a Linux computer. ALL Tivos, including stand alone models, DirecTivos, Series 1s and Series 2s have been hacked pretty much since release. Top Two Hacks . . . turning off encryption and turning on usb ethernet adapters. Shows get recorded without encryption and copied to any PC on network. Hacking the encryption on the PC player side isnt even needed. Just a way to convert and/or play Tivo .ty files.

  • megazone

    TiVo Decode doesn’t require any hacking by the end user, it works with a standard Series2. That’s important, it opens it up to many people who are not comfortable hacking their TiVos, or just don’t have any interest in doing so.

    Also, to do the software hacks on the more recent models of TiVo requires doing a hardware prom mod. That puts the hacking out of reach for even more people.

    Having working TTG code will allow 3rd parties to develop new applications that work for any TiVo S2 user.

  • unteins

    I don’t believe Tivo one bit anymore. They’ve managed to update a ton of other software since they announced that MAc Support would be out. They could have pulled resources to get it done, but they just don’t give a hoot about Mac users.

    That’s fine, but they’ve lost me as a customer because of it. Yeah, I’m just one person, but I won’t be updating any of my boxes since Tivo is now the broken promise company. I will probably continue to pay my $6.95 vasselage until the box dies or until Apple provides me a financially viable video on demand service.

    At least the hackers care enough to make things work.