MPEG_CENC-buchanan2024

2024-11-05

MPEG-CENC: Defective by Specification

by David “retr0id” Buchanan

Remark
“DRM is defective by design”
DeCNC
DRM
encryption without authentication
encryption
h264 (AVC)
h265 (HEVC)
paywalled by ISO
video streaming
codec
Content Decryption Module
license acquisition
CENC - common encryption
“the analog hole”
camrip
digitally recording the HDMI port
video decompression
hardware video encoder
exfiltrating content keys
exfiltrating CDM secrets
key material
obfuscation
content key provisioning
cryptographic side-channel attacks
archivist
WEBDL
WEBRip
Encrypted Media Extensions (EME)
Media Source Extensions (MSE)
HTML <video> elements
ClearKey “DRM”
black box
“Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services
I_PCM
AES_CTR
XOR
ciphertext
Network Abstraction Layer (NAL)
Chroma subsampling
RGB/YUV triples
Limited Range Color
Coding Tree Units (CTU)
libx264
kvazaar
Python
pixel
mp4box
bento4
metadata
Firefox
Chromium
“The H.264 Advanced Video Compression Standard” book, Iaine E, Richardson
pymp4
torrent

References
https://security.stackexchange.com/questions/2202/lessons-learned-and-misconceptions-regarding-encryption-and-cryptology/2206#2206
https://www.iso.org/standard/84637.html ISO/IEC 23001-7:2023 Part 7 (MPEG-CENC)
https://www.w3.org/TR/encrypted-media/ W3C EME
https://github.com/DavidBuchanan314/DeCENC
https://torrentfreak.com/4k-content-protection-stripper-beats-warner-bros-in-court-1605xx/
https://en.wikipedia.org/wiki/Generation_loss
http://phrack.org/issues/68/8.html “Practical cracking of white-box implementations” by SysK
https://twitter.com/David3141593/status/1080606827384131590
https://seclists.org/fulldisclosure/2024/May/5 “Microsoft PlayReady - complete client identity compromise” by Adam Gowdiak
https://hyrathon.github.io/posts/wideshears/wideshears-wp.pdf “Wideshears: Investigating and Breaking Widevine on QTEE” by Qi Zhao
https://arxiv.org/abs/2204.09298 “Exploring Widevine for Fun and Profit” - Gwendal Patat, Mohamed Sabt, Pierre-Alain Fouque, 2022
https://en.wikipedia.org/wiki/White-box_cryptography#Security_goals - Code Lifting
https://www.youtube.com/watch?v=SEBuiecLZGg “37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure” by Adam Batori
https://web.dev/articles/eme-basics “EME WTF? An introduction to Encrypted Media Extensions”, by Sam Dutton
https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/wang_ruoyu “Steal This Movie”
“High Efficiency Video Coding (HEVC): Algorithms and Architectures” by Vivienne Sze, Madhukar Budagavi, Gary J. Sullivan, 2014. ISBN 3319068946, Springer
https://www.w3.org/TR/media-source-2/ W3C MSE
“The H.264 Advanced Video Compression Standard” by Iain E. Richardson
https://github.com/beardypig/pymp4
https://github.com/mozilla/gecko-dev/blob/9c65def36af441133c75a44b126e65184b039b2f/dom/media/eme/clearkey/ClearKeyDecryptionManager.cpp

Links to this note

Notes

MPEG_CENC-buchanan2024

2024-11-05

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit