MPEG_CENC-buchanan2024

0001-01-01

MPEG-CENC: Defective by Specification

by David “retr0id” Buchanan

Phrack Magazine Issue 71, article 6

https://phrack.org/issues/71/6.html

Remark
“DRM is defective by design”
DeCNC
DRM
encryption without authentication
encryption
h264 (AVC)
h265 (HEVC)
paywalled by ISO
video streaming
codec
Content Decryption Module
license acquisition
CENC - common encryption
“the analog hole”
camrip
digitally recording the HDMI port
video decompression
hardware video encoder
exfiltrating content keys
exfiltrating CDM secrets
key material
obfuscation
content key provisioning
cryptographic side-channel attacks
archivist
WEBDL
WEBRip
Encrypted Media Extensions (EME)
Media Source Extensions (MSE)
HTML <video> elements
ClearKey “DRM”
black box
“Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services
I_PCM
AES_CTR
XOR
ciphertext
Network Abstraction Layer (NAL)
Chroma subsampling
RGB/YUV triples
Limited Range Color
Coding Tree Units (CTU)
libx264
kvazaar
Python
pixel
mp4box
bento4
metadata
Firefox
Chromium
“The H.264 Advanced Video Compression Standard” book, Iaine E, Richardson
pymp4
torrent
References
https://security.stackexchange.com/questions/2202/lessons-learned-and-misconceptions-regarding-encryption-and-cryptology/2206#2206
https://www.iso.org/standard/84637.html ISO/IEC 23001-7:2023 Part 7 (MPEG-CENC)
https://www.w3.org/TR/encrypted-media/ W3C EME
https://github.com/DavidBuchanan314/DeCENC
https://torrentfreak.com/4k-content-protection-stripper-beats-warner-bros-in-court-1605xx/
https://en.wikipedia.org/wiki/Generation_loss
http://phrack.org/issues/68/8.html “Practical cracking of white-box implementations” by SysK
https://twitter.com/David3141593/status/1080606827384131590
https://seclists.org/fulldisclosure/2024/May/5 “Microsoft PlayReady - complete client identity compromise” by Adam Gowdiak
https://hyrathon.github.io/posts/wideshears/wideshears-wp.pdf “Wideshears: Investigating and Breaking Widevine on QTEE” by Qi Zhao
https://arxiv.org/abs/2204.09298 “Exploring Widevine for Fun and Profit” - Gwendal Patat, Mohamed Sabt, Pierre-Alain Fouque, 2022
https://en.wikipedia.org/wiki/White-box_cryptography#Security_goals - Code Lifting
https://www.youtube.com/watch?v=SEBuiecLZGg “37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure” by Adam Batori
https://web.dev/articles/eme-basics “EME WTF? An introduction to Encrypted Media Extensions”, by Sam Dutton
https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/wang_ruoyu “Steal This Movie”
“High Efficiency Video Coding (HEVC): Algorithms and Architectures” by Vivienne Sze, Madhukar Budagavi, Gary J. Sullivan, 2014. ISBN 3319068946, Springer
https://www.w3.org/TR/media-source-2/ W3C MSE
“The H.264 Advanced Video Compression Standard” by Iain E. Richardson
https://github.com/beardypig/pymp4
https://github.com/mozilla/gecko-dev/blob/9c65def36af441133c75a44b126e65184b039b2f/dom/media/eme/clearkey/ClearKeyDecryptionManager.cpp

No notes link to this note