Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6463] New: dissector for HDCP (High bandwidth Digital Cont

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 17 Oct 2011 14:19:49 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6463

           Summary: dissector for HDCP (High bandwidth Digital Content
                    Protection)
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx


Created an attachment (id=7254)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7254)
new dissector for the HDCP protocol, patch against r39446

Build Information:
TShark 1.7.0 (SVN Rev 39446 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.16.6, with libpcap 0.9.8, with libz 1.2.3.3,
without POSIX capabilities, with threads support, without SMI, without c-ares,
without ADNS, without Lua, with Python 2.5.2, with GnuTLS 2.4.2, with Gcrypt
1.4.1, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.29.1, with locale en_US, with libpcap version 0.9.8, with
libz 1.2.3.3.

Built using gcc 4.3.2.

--
Dear all,

recently, I had to look into HDCP a little bit. As there's no wireshark
dissector for this protocol, I decided to start one. Please find it attached.

HDCP can run on top of TCP, there's no fixed port number assigned. I created a
heuristic dissector that's disabled by default and can be enabled by setting a
preference (similar to the hilscher dissector). The idea behind this is that
some HDCP messages are hard to recognize (e.g. one byte message id + 8 random
bytes). Having the dissector enabled at all times may generate false positives.

For long unsigned int values (>64bit), I used FT_BYTES.

For now, the dissector supports only the most common messages used during an
hdcp authentication. It uses the ptvcursor api and should be easy to extend.

I ran checkAPI.pl and checkhf.pl. Code is fuzz-tested. The attached sample
capture shows an HDCP authentication between a DVB receiver and a mobile device
that acts as a sink for audio/video content.

Thanks for your feedback and for merging this new dissector.

   Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube