Dang nab it. Google has a hard time figuring out when things are 'fake'. :P
However, if you managed to get faked 5C authentication working (a fairly big if, I'll admit, but possible), you'd be given the seed value (which is used to compute all the keys for this data stream), as well as the encrypted data stream. Since the encryption/decryption algorithm is known (and so it is possible to brute-force the keys given the output, albeit slowly), the only thing you need to figure out is how to go from the seed value to the key. Depending on how sophisticated the mapping is, you might only need to compute a relatively small number of (seed->key) pairs to figure it out. Once you had that, you could compute the keys directly, sidestepping the encryption entirely.
It's certainly not something that would be *easy* to do, but the 5C content protection and encryption system does not appear to be immune to attack.