[HN Gopher] How encryption for Cinema Movies works
___________________________________________________________________
How encryption for Cinema Movies works
Author : perryflynn
Score : 197 points
Date : 2025-04-20 17:52 UTC (1 days ago)
(HTM) web link (serverless.industries)
(TXT) w3m dump (serverless.industries)
| 6stringmerc wrote:
| Fascinating read and I think an accessible presentation of a lot
| of the concepts / framework and mechanics of this type of system.
| john01dav wrote:
| Even with all of this onerous encryption and DRM, it's not hard
| to find pirated copies of movies. It makes me think that the
| sacrifice in ownership rights for the theaters over their
| equipment isn't worth it.
| ajsnigrutin wrote:
| Yep, and those pirated copies are DRM free, work everywhere, no
| HDCP and other crap, no internet connection needed, so they're
| "better" in that way too (not just price-wise).
| eastbound wrote:
| Totally possible that watermark identifies cinemas and
| showtimes uniquely, and that pirates are due for a lifetime
| of prosecution. Or that studios will shut down some cinemas,
| until it stops.
|
| For 15 years you let paid options progress. Then fewer people
| pirate, then you catch the rest. At the beginning you don't
| see it putting its clamps; then suddenly you don't find
| piracy anywhere.
| ajsnigrutin wrote:
| Yes, and those paid options were one subscription that had
| "everything". Then paid options broke up into 5 different
| subscriptions, some not allowing more than 2 devices, some
| having ads in paid plans, some not available in your
| country, some only having seasons 3 and 5 of the series,
| some having the series you wanted to watch but remove it
| half way through, some give you a "buy" button for the
| media, but then take the movies away after a few months,
| etc.
|
| And people go back to piracy, because the user experience
| is better.
| Mindwipe wrote:
| > Yes, and those paid options were one subscription that
| had "everything".
|
| It really didn't. It's incredible this collective
| delusion exists when it's not true.
| alabastervlog wrote:
| It was a lot closer when they still had a streaming +
| disk option, but even then, they were missing lots (and
| lots, and lots) of stuff. I think people don't realize
| how many _tens of thousands_ (maybe into the hundreds,
| IDK, I wouldn 't be surprised) of films there are, let
| alone how many hours of TV content.
|
| This is like when people talk about how everything's on
| the Web, when it comes to books. 1) This is only even
| _sort-of_ true if by "on the Web" you mean "piracy sites
| have an epub/pdf of it", and 2) even then, extremely not
| close to true, the time from "I'm going to deep-dive this
| topic" to "... and now I need to go to the library, and
| possibly a specific library, maybe on another continent"
| is often not long at all.
| kelnos wrote:
| > _For 15 years you let paid options progress. [...] then
| suddenly you don't find piracy anywhere._
|
| And then they completely ruined it with fragmentation. When
| all I need to watch everything I wanted to watch was three
| subscriptions (Netflix, Hulu, and HBO), I was totally fine
| with the ~$40/mo and reasonably-ok-UX offered.
|
| But now it's a mess. I need subscriptions to 7 or 8
| different services (which now each cost twice what they
| used to for an ad-free experience), and the experience is
| crap. Netflix no longer plays on my Linux/Firefox setup
| (same thing happened with HBO years ago), and their anti-
| password-sharing mis-features constantly trigger for me
| even though I don't share my Netflix password. The Android
| apps for most of them are glitchy and buggy, and Chromecast
| has somehow gotten less reliable over time.
|
| The irony is that usually I would say more competition is a
| good thing. I suppose if we had lots of streaming services,
| but studios were required to license all their content
| under RAND terms to anyone who asks, we'd have _real_
| competition, and streamers would compete on the quality of
| their platform, lack of ads, etc., and not just on what
| titles they were lucky enough to be able to license.
|
| I do agree that pirating became less popular for a while,
| but that golden age is over. The piracy scene seems
| stronger than ever these days.
| Freak_NL wrote:
| > Netflix no longer plays on my Linux/Firefox setup [...]
|
| I know Netflix doesn't support anything beyond 720p or so
| on Linux, but that never bothered me. Otherwise it just
| works. Is your Firefox out of date?
|
| > The piracy scene seems stronger than ever these days.
|
| I hope so. A lot of damage was done. If it wasn't for
| archive.org a lot of older, regional stuff would not even
| be accessible. We need piracy if only for the collective
| digital archives.
|
| I refuse to take out more than one subscription. We just
| hop services.
| gruez wrote:
| Most pirated copies aren't from theatrical releases; they
| mostly come out when the titles are available on streaming/blu-
| ray. DRM might be a failure in other fields, but it's working
| pretty well in this particular case.
| johnisgood wrote:
| I think the question remains, is it still worth it given
| these holes?
| lb1lf wrote:
| It presumably is, as the effort is kept up despite the cost
| and inconvenience.
|
| My guess would be that the plan is mostly to ensure that
| when a new release premieres in theatres, going to a
| theatre is the only way to experience it in high quality.
|
| It doesn't really matter all that much if the people who
| waits for it to arrive on Netflix gets a pirated copy; it
| does matter if the ones forking over $20 to see it in a
| theatre does, though.
| sethhochberg wrote:
| A really important element of this is that much of the
| burden of maintaining the DRM is on the theaters, and the
| theaters themselves are the ones who care about
| protecting the theatrical release period: you might be
| less likely to pay them for a ticket if you can get a
| high-quality copy at home before the actual
| streaming/media release
|
| It's a different dynamic than we typically talk about
| with DRM. Most of the time DRM is something imposed on a
| consumer who doesn't really want it. But in this case,
| the consumer is the theater and they really do want the
| protection.
| perryflynn wrote:
| It also contains watermarks. So theatres which failed to
| prevent recording will run into serious issues. See
| https://dcpomatic.com/forum/viewtopic.php?t=2372
| thr0w wrote:
| NexGuard is a wild product.
| stavros wrote:
| The flea repellant?
| thr0w wrote:
| Nagra's forensic watermarking tech.
| coppsilgold wrote:
| If the software to watermark is widely available (as it
| appears to be) then an adversary has all they need to corrupt
| any existing watermark.
|
| These steganographic watermarks depend on no knowledge of the
| process. If the method is particularly ingenious (one of the
| inputs is centrally stored entropy which the extractor
| references by trialing them all) then knowledge of the
| process alone may not be sufficient to obtain a high quality
| result (as too much corruption may be required) but could be
| used to inform the next step:
|
| If you obtain two or more copies of the decrypted content you
| will be able to diff them and work out what you need to
| corrupt even without knowledge of the watermarking process.
| This probably won't work with pirated CAM's or take quite an
| effort to find the signal in the noise.
|
| Edit: After some more research it looks like they don't
| actually watermark the distributed data (the movie sent to
| cinemas). The projector inserts its unique watermark during
| playback. There may be other secret watermarks put in by
| distributors not mentioned anywhere.
| thr0w wrote:
| > If you obtain two or more copies of the decrypted content
| you will be able to diff them and work out what you need to
| corrupt even without knowledge of the watermarking process.
|
| By the time you've destroyed enough of the signal to remove
| the watermark, the content is unwatchable.
| Aurornis wrote:
| > If the software to watermark is widely available (as it
| appears to be) then an adversary has all they need to
| corrupt any existing watermark.
|
| The commercial software used to embed watermarks into the
| digital files is not readily available. It's also much more
| advanced than putting an obvious logo on screen. There are
| techniques to embed signals into the video that survive
| some amount of compression and aren't obvious to the
| viewer.
|
| You can identify signals deep below the noise floor if
| they're sufficiently low bandwidth and you know what you're
| searching for. See GPS and its ability to work even though
| the signal is completely lost in the noise until you know
| what you're searching for in the noise.
| azalemeth wrote:
| I'm friends with a professor of steganography. Apparently
| most cinema watermarking is based on very heavily error
| correcting codes within the wavelet domain that are
| specifically designed such that they are resistant to
| collusion attacks, i.e. the statistical properties of the
| "indistinguishable from random" noise are such that it is
| highly correlated among different viewers such that they
| are very much more likely to have bits in common rather
| than bits different. I'm relatively sure that the obvious
| things like taking the mean of two images (or randomly
| picking one of them) have been considered.
|
| Put it this way -- You've got huge amounts of cover data (a
| hard drive's worth) and a desire to encode at most, what,
| 128 bits of data, across about two hours, with as much
| redundancy as possible. There are plenty of patents that
| explain in detail how.
|
| My friend considers this a moderately distasteful problem,
| and mostly works on steganalysis, identifying where
| steganographic techniques have been used, as he thinks it's
| more interesting and frequently more morally justified...
| codemiscreant wrote:
| There is essentially zero piracy from these digital cinema
| releases. The pirate copies are generally from once it starts
| digitally streaming on one of the services including PPV, and
| when pirate copies exist earlier it is almost always someone
| with a camera in a theatre making a terrible quality screener.
|
| Piracy is inevitable, but in this case their model is much more
| robust that I would have predicted.
| tptacek wrote:
| Most importantly, the industry concerns itself primarily with
| the new-release window; that high fidelity copies will
| _eventually_ be widely available doesn 't break the model.
| kelnos wrote:
| I suppose this would help keep pirated copies from getting
| out _before_ the theatrical release date (presumably
| theaters are given these digital releases at least days
| before their first projection date).
|
| But it seems that more and more releases are straight-to-
| streaming, and/or sometimes simultaneous with the
| theatrical release. High-quality pirated copies often show
| up within a day of a streaming release. Sure, many are
| still theater-only for a week or more after initial
| release.
|
| I get that a big part of their business model for some
| titles relies on theater ticket sales within the first days
| or at most weeks after release, but all this DRM just feels
| like an exhausting, expensive, ultimately-losing game for
| them. Especially when we consider how theater-going has
| declined over time, especially recently.
| plastic3169 wrote:
| There are no high quality pirated versions though. The
| streaming version and even blu-ray is compressed way
| heavier than these DCP files. I'd buy these cinema
| versions of films in a heartbeat if they were availble.
| loeg wrote:
| 1080p/4k as encoded by the streaming sites / blu-ray is
| sufficiently high quality for virtually all of the
| viewing public. You're weird (no offense).
| navigate8310 wrote:
| There is nothing weird about it. If a single person has
| the resource to decrypt and manage the logistics, then
| obviously DCP is the intended way a director wants his
| audience to experience his creativity.
| adrian_b wrote:
| I do not think that's weird.
|
| A 4k movie, even from a Blu-Ray, may look very nice when
| watched at a normal speed, but if you look at the
| individual frames in order to distinguish some details
| during a sequence with fast movements, the quality is
| very bad and it may be impossible to see the details that
| you want to see.
|
| At the levels of compression that are typical for movies
| distributed by encoding with H.264, H.265 and the like, I
| have never seen any movie that still looks high quality
| when slowed down during fast action.
| cess11 wrote:
| Where do you live? Where I live only professionals and
| nerds use movie playback that allows single frame
| stepping, it's definitely a fringe phenomenon here.
| adrian_b wrote:
| I live in the EU, but any good free movie player should
| allow stepping through video frames back and forth and
| also playing with any desired speed in frames per second.
|
| This is not a feature that requires professional tools.
|
| And I do not think that you have to be a pro or a nerd in
| order to want to see clearly many of the details of the
| kind "blink and you miss it".
| clan wrote:
| You are right and it is an evil form of gate keeping.
|
| Pros before bros.
|
| Nerds are just wannabes.
|
| The mugglers may suffer as they do not know, care or can
| articulate it. If they do - they are clearly nerds and we
| can discard them as a minority.
|
| People conflate pro with premium. The mass market should
| be able to sustain premium and discount. The market might
| be too small for pro DCP content. But I would like the
| market to understand that there are 3 important segments.
| Pro, premium and discount.
|
| Pro - special specific needs. Premium - for the regular
| Joe who wants good quality. Discount - for the masses.
|
| Premium market is underserved. Unless you are willing to
| pay luxury prices for Kaleidescape or the likes.
|
| It is the race to the bottom with streaming providers
| testing commercials. They have already succeeded with the
| "junk content" as the big studios wants to keep licenses
| for their own services.
|
| The quality bar is set for the lowest/cheapest common
| denominator.
| plastic3169 wrote:
| I've worked in film mastering so yes I am an outlier. My
| point was that industry guarding the DCP makes sense as
| the leaked pirate versions are not the same thing. In
| music world everyone can buy uncompressed CD, but with
| moving image end user can only get what is equivalent of
| a mp3. This includes the illegal channels. Blu-ray is say
| 1:40 compressed from raw data. Good enough for sure but
| not the theatre experience.
| abujazar wrote:
| As someone who's been working with cinema and video
| mastering, it sounds like you haven't seen the difference
| between professional formats like DCP and consumer
| formats viewed on a proper screen or projector. There's a
| reason we still have cinemas after all.
|
| Even consumer equipment benefits greatly from visually
| lossless encoded media.
| geraldwhen wrote:
| No one goes to the theater because the picture is better.
| It often isn't.
|
| Projectors aren't maintained, or set up correctly, and
| audio balancing is often way off. People go to the movies
| to see new releases or have dedicated shared experiences
| kevinmchugh wrote:
| I am absolutely seeing mission impossible in theaters
| next month because their screens and speakers are better.
| aleph_minus_one wrote:
| > No one goes to the theater because the picture is
| better. It often isn't.
|
| > Projectors aren't maintained, or set up correctly, and
| audio balancing is often way off.
|
| This depends a lot on the cinema that you go to.
| loeg wrote:
| Most people are watching at home, on smaller screens, and
| simply do not care about pixel perfection in every frame.
| clan wrote:
| I often hear that hand waving "what the market wants".
| But it is more "what the market can suffer". See IPv4 vs
| IPv6.
|
| I am not working with mastering as the OP. But I can see
| the low fidelity of streaming services. I watch my
| content projected to a large screen.
|
| So I am one of those weirdos. I do not mind as I know I
| am a nerd. But there are more of us than you think but
| the penny pinchers wins as usual. "The majority do not
| see it". But they do. The majority went out and bought 4K
| TVs. They are slightly disappointed as it did not get
| "that much better". Most would have been just as happy
| with a 1080P OLED display. But only the geeks can
| articulate what they want.
|
| The worst local offender is the online Blockbuster.
| Compression artifacts galore. But as most view content on
| phones the audio is stereo only. So your "sufficient" is
| not my "sufficient".
|
| I get the "weird" part. No offense at all. But you are
| talking about optimizing for what the majority will
| suffer.
|
| And it is done to save the last little penny. We could
| optimize for technical excellence but pride has gone out
| of fashion.
| alabastervlog wrote:
| Even among the set of people who have something even
| semi-resembling a proper home theater--which is already a
| tiny group--I'd be 95+% would need to upgrade their gear
| quite a bit before they'd benefit at all much from
| quality higher than ~50GB-100GB blu ray rips.
|
| (stream rips do often does look like dog shit, though--I
| find sub-10GB 1080p blu-ray downscales [to get the HDR
| from the 4k blu ray, but lower res and storage space]
| usually look better than raw 4K streaming rips)
| Mindwipe wrote:
| > But it seems that more and more releases are straight-
| to-streaming, and/or sometimes simultaneous with the
| theatrical release
|
| If anything, it's less and less. Studios are pulling the
| PVOD date further and further out for successful titles
| generally (Universal excepted). All the talk from
| Cinemacon was going back to a 60 day+ exclusive
| theatrical window.
| kelnos wrote:
| Not sure of the GP's core message there, but I think this is
| kinda the point: even with all this onerous encryption on the
| cinema releases, high-quality pirated copies still very
| quickly make it out.
|
| So basically they have this very secure scheme for getting
| movies to theaters, but everything else is full of holes.
| Makes you wonder if all the effort and cost to secure the
| theater distribution chain is worth it. If you're going to
| allow playback on devices in "adversarial" hands (streaming,
| home physical media playback), it's going to be incredibly
| difficult to restrict copying. Tightening up the one instance
| where the hardware and people operating it have less
| incentive to pirate (and more incentive to _not_ pirate,
| given the risk to their theater business) seems like wasted
| effort.
|
| Certainly this does make the case of a theater-only-first
| release nearly impossible to pirate. But there aren't quite
| as many of those anymore, and all this DRM must be expensive,
| both in the hardware/software, and in the logistics. I guess
| they've found it's worth it, but... oof.
| jasode wrote:
| _> If you're going to allow playback on devices in
| "adversarial" hands (streaming, home physical media
| playback), it's going to be incredibly difficult to
| restrict copying. _
|
| Kaleidescape movie players[1][2] are an example of an
| "adversarial" environment in customers' homes but so far,
| their DRM is still unbroken by pirates. (10+ years of
| Strato players deployed out in the wild but still not
| defeated yet.)
|
| The 4k 100+ GB encrypted files downloaded by Kaleidescape
| is considered 1 step below the DCP theater releases and are
| higher quality than Blu-Ray 4k UHD discs. The downloads are
| often 40+ GB larger than 66 GB discs and downloadable
| months before physical media is available so the
| _Kaleidescape movies stored on the customers ' harddrive
| are very desirable files_ to hack and reverse engineer but
| so far, their DRM protection hasn't been bypassed.
| Kaleidescape is more locked down than the simple DVD CSS
| 40-bit encryption.
|
| Sure, a Kaledescape owner could point a video camera at the
| screen and record it (the _" analog hole"_[3]) -- but those
| types of "rips" that suffer generation losses are not
| considered high quality.
|
| [1] https://www.kaleidescape.com/systems/movie-players-
| servers/
|
| [2] https://www.kaleidescape.com/news/kaleidescape-taps-
| nexguard...
|
| [3] https://en.wikipedia.org/wiki/Analog_hole
| jdright wrote:
| That is a ridiculous statement. Nobody would even care to
| break this thing. Look at it's base price, then lookat
| their customers. It makes no sense to break it.
| jasode wrote:
| _> Look at it's base price, then lookat their customers.
| It makes no sense to break it._
|
| You're not thinking the same way the motivated pirates
| think. Some pirates (especially in Eastern Europe, Asia,
| etc) rip new releases as fast as possible to _illegally
| re-sell or re-stream_ for lower prices (or show along
| with ads for revenue). In this way, the pirates get the
| revenue instead of the legitimate movie studios.
|
| So pirate groups in combination with illegal streaming
| websites can be thought of as a black market _financial
| arbitrage_. So far, the video sources they used include
| Blu-Ray rips and streaming Netflix or Amazon Prime Video
| webrips.
|
| However, the Kaleidescope players could theoretically
| _also be included as rip sources_ ... if the DRM was
| broken. The math for profitable arbitrage isn 't that
| ridiculous. E.g. :
|
| - a 4k UHD Blu-Ray is $33.49 :
| https://www.amazon.com/Conclave-4K-UHD-Edward-
| Berger/dp/B0DP...
|
| - it would take only ~80 of those titles to recoup the
| cost of $1995 Kaleidescope player + the $7.95 rental fees
| for 80 downloads. All downloads after that break-even
| threshold is extra money for the pirates. Another bonus
| is pirating 4k UHD content that's not available on
| physical Blu-rays.
|
| But the Kaleidescope DRM isn't broken. Therefore, the
| $7.95 rental downloads can't be used as a new vector for
| pirate releases. Of course, Kaleidescape doesn't want
| this scenario to happen so they're incentivized to
| continue paying for the DRM licensing protection.
|
| And to recap the specifics I was replying to, it was
| this: _> "If you're going to allow playback on devices in
| "adversarial" hands (streaming, home physical media
| playback), it's going to be incredibly difficult to
| restrict copying."_
|
| Kaleidescape is one counterexample to that. So far, they
| have actually restricted copying with success.
| trollied wrote:
| The DRM doesn't need to be broken. If it can be displayed
| on a screen, it can be captured. Just requires
| electronics engineering effort.
| hobs wrote:
| Read their comments, the analog loophole is mentioned in
| the first one.
| jasode wrote:
| To be charitable to gp, they may be talking about
| "digital" instead of "analog" capture. E.g. something
| like HDMI capture hacks:
| https://www.google.com/search?q=hdmi+capture+hdcp+bypass
|
| The issue is the so-called "DRM" isn't just the
| encryption of the harddrive files. The DRM protection
| _also includes the watermarks in the video images that
| survive the HDMI capture_. If pirates don 't want their
| $2000 Kaleidescape player blacklisted and bricked, they
| have to figure out how to remove all forensic watermarks
| (the invisible low-level "noise" in the image frames) so
| the illegal copies can't be traced back to that specific
| compromised player.
|
| It's not impossible but it raises the threshold of
| difficulties. E.g. using differential analysis to
| reverse-engineer watermarking now requires buying TWO
| players for $4000 instead of just one for $2000; and
| paying for 2 download rentals instead of just 1. And add
| hours of analysis work on top of that. DRM doesn't have
| to make piracy impossible; it just has to make the
| cost/effort equation not attractive. For now, the
| Kaleidescape DRM scheme is "good enough" for the
| cost/effort equation to not make sense for pirates.
| wmf wrote:
| If HDCP strippers work they should also work on
| Kaleidescape.
|
| I wonder if they use watermarking so they can "burn" the
| player after a single rip.
| ale42 wrote:
| They most certainly do. A quick online search returns
| "NexGuard" as the used watermarking technology, at least
| in 2018.
|
| Edit: it's actually mentioned in a comment not far from
| here (https://www.kaleidescape.com/news/kaleidescape-
| taps-nexguard...)
| crazygringo wrote:
| > _Certainly this does make the case of a theater-only-
| first release nearly impossible to pirate. But there aren
| 't quite as many of those anymore, and all this DRM must be
| expensive, both in the hardware/software, and in the
| logistics. I guess they've found it's worth it, but...
| oof._
|
| Yes, that's the entire point. There are still tons of
| theater releases, that's literally the _entire business_ of
| cinemas. The cost of DRM is peanuts next to their revenue,
| it 's absolutely worth it to them. Nothing "oof" about it.
| dvngnt_ wrote:
| Back in my day the first releases were cam rips sold on dvds
| for $3-5 per movie. quality wasn't great but the audio could
| be ripped from the devices for hearing impaired
| https://en.wikipedia.org/wiki/Telesync
|
| quality varied but was good enough in mid 00's probably
| better
| sandworm101 wrote:
| There is zero piracy from projectors because there are a
| multitude of easier places to rip from. But close those
| doors, limit to only theatrical releases, and we will again
| see content pulled from projectors and underpaid
| projectionists.
|
| The only way to prevent piracy, to actually prevent copying,
| is to keep content in a dark vault well away from public
| view.
| teeray wrote:
| > it is almost always someone with a camera in a theatre
| making a terrible quality screener.
|
| Could an insider do a more sophisticated telecine capture
| with more fidelity?
| Aurornis wrote:
| Pirated copies of theatrical releases at the time of release
| are much more rare, though.
|
| The value of protecting releases is extremely high in the
| narrow window of finalizing production and getting it into
| theaters or online launch platforms.
|
| If there was no DRM and watermarking then these would be
| pirated constantly before release.
| anal_reactor wrote:
| Most people are completely fine watching a 720p x264 1GB
| version half a year after release. Sure, there are some purists
| who want as good image quality as possible as soon as possible,
| but that's a tiny minority. I think the actual motivation is
| that cinemas are becoming less and less relevant in the age of
| streaming, so they're doing anything they can to protect the
| little revenue they have, because the only way cinema can make
| money is to hype a movie to the moon, and then have it shown
| exclusively in cinemas for some period of time. But with
| streaming services investing in their own movies, the days of
| this distribution model are numbered. Having a cinema in 2025
| is like having an internet cafe in 2010.
| yladiz wrote:
| This really downplays the cinema experience. Yes, many people
| are fine watching a movie at home while doing something else
| (the current Netflix model of filmmaking is precipitated on
| this), and others are fine to watch at home in general, but
| few people would truly say that their setup is close to what
| you get in a cinema. The screen is much bigger, the image
| quality is higher, and the sound system is much better as
| well, compared to anything short of an actual home cinema
| setup. It's not the only reason of course, but it's one of a
| few reasons cinemas still sell out for big films like Dune 2,
| and why people will go out of their way to go watch it in the
| cinema.
|
| Streaming will never fully replace cinemas, even if it
| dramatically impacts their operating mode, and to argue
| otherwise is naive.
| anal_reactor wrote:
| > but few people would truly say that their setup is close
| to what you get in a cinema.
|
| The opposite is also true. Few cinemas have a setup that
| imitates the comfort of watching something at home.
| ddtaylor wrote:
| How are groups getting the high quality digital dumps of some
| movies then?
| pain_perdu wrote:
| I don't think new theatre releases are generally getting leak
| in digital formats anymore until they hit streaming which can
| sometimes be as soon as weeks or couple months after original
| release. Obviously 'tele-syncs' (cameras capturing the film)
| still exist but that wasn't your question. The one exception to
| this can be oscar movie season when studios release films via a
| special Apple TV app and that be be slightly less secure
| (though still water-marked).
|
| I would ask you to support your claim of 'high quality digital
| dumps' by citing one that has come out in the last couple
| years. See https://predb.net/
| lurk2 wrote:
| > A telesync (TS) is a bootleg recording of a film recorded
| in a movie theater, often (although not always) filmed using
| a professional camera on a tripod in the projection booth.
| The audio of a TS is captured with a direct connection to the
| sound source (often an FM microbroadcast provided for the
| hearing-impaired, or from a drive-in theater). If a direct
| connection from the sound source is not possible, sometimes
| the bootlegger will tape or conceal wireless microphones
| close to the speakers, as it is better than a mic on the
| camera. A TS can be considered a higher quality type of cam,
| that has the potential of better-quality audio and video.
|
| https://en.wikipedia.org/wiki/Telesync
| AStonesThrow wrote:
| This has an analog (so to speak) in the live music
| bootlegging subculture. If you can convince the roadie
| running the mixer or the sound board to plug in your shady
| recording device, then you can cut a bootleg record or tape
| which advertises that as a selling point.
|
| Live audio bootlegs of concerts are typically plagued with
| the same sort of interference, such as crowd noise, shaky
| everything, cheap microphone designed for voices only,
| overwhelming decibel levels, etc. A "clean soundboard"
| recording can bypass all that and sound comparatively good,
| especially if the band is good at playing live.
| kmeisthax wrote:
| Hollywood is stupid and eroded its own economic advantage by
| putting everything on streaming. This was already known, but it
| also makes antipiracy operations much, much harder.
|
| Ripping a stream is _always_ going to be easier than getting
| any unprotected video footage out of a movie theater. The
| stream is in your own home, you own and can tamper with all the
| equipment involved in playing it, and the economics of CDNs
| prevent robust traitor-tracing schemes[0] that could be used to
| hunt you down.
|
| In contrast, movie theaters are public locations, so every one
| of them is a known entity. The entire supply chain for movie
| projection is controlled. And that makes traitor-tracing a lot
| easier. All the hackers pointing out that DRM is fundamentally
| breakable are ignoring the fact that that only matters iff
| you're anonymous and untraceable. Otherwise, they won't bother
| making the DRM stronger, they'll just arrest people until the
| movies stop leaking.
|
| It's the XKCD laptop wrench story[1] in reverse. The crypto
| nerd imagines DRM to be easily broken trash, but the reality is
| that the security of the DRM is in the $5 wrench, not the math.
|
| Let's play contrast-and-compare. If you want to leak a stream,
| you need:
|
| - A streaming account
|
| - Knowhow or software to decrypt the data stream as it's
| downloaded and played, or,
|
| - Knowhow to modify a TV so that you can capture the
| unencrypted video and audio streams inside the TV
|
| The last one isn't done because it's a pain in the ass and the
| TV scene prefers bit-perfect rips over re-encoded captures. But
| at some point in the TV, you have to decrypt the video; LCD
| panels do not natively accept encrypted signals. And that is
| something you can build hardware to capture.
|
| Now let's try leaking a movie. There's a few avenues of attack,
| roughly corresponding to the traditional movie scene release
| categories:
|
| - You can go to the theater and point a camera at the screen.
| They actually check for this now, in pretty much any western
| country you'll get kicked out or arrested for camming a movie.
| If you don't get caught, they can still narrow you down to a
| location in the room via your shooting angle, and possibly
| determine what theater you were at with line frequency hum.
| That's enough information to narrow down the guy leaking the
| movie to a handful of customers. Do this enough times and you
| create a unique fingerprint to catch yourself with.
|
| - You can get a job as a projectionist and run the movie
| projector into another camera directly. That kind of machine is
| called a telecine, and it used to be one of the higher quality
| ways to get leaked movies back when they were on film. This is
| specifically the scenario that all the DRM in the projector is
| designed to stop. If you do anything to change the light path
| of the projector, it locks up until the manager comes in and
| types a password to authorize the change.
|
| - You could bribe the manager or owner to telecine the movie
| for you. Problem is, the number of people who actually have the
| password that unlocks the projector is really small[2] and
| traceable. If a telecine leak is traced back to their theater,
| someone's getting fired at a minimum, jailed in the worst case.
|
| - You could break the DCI scheme itself; but you still need to
| source the files and keys to decrypt the movies. This is the
| crypto nerd's imaginary scenario. Even then, the files could
| themselves have steganographically injected information
| identifying the theater who got that master copy, which you
| can't strip out merely by having the encryption keys. Again,
| nobody is giving you those files unless they're too stupid to
| understand the implications (unlikely) or they have faith that
| you can strip out the stegotext.
|
| It's just way easier to rip a stream than a movie in a theater.
| And when Hollywood moved to streaming they also made it a lot
| easier to leak movies.
|
| [0] To be clear, traitor-tracing each stream would require a
| unique encode per account to inject the stegotext; that's
| computationally unfeasible. Doing one encode per movie theater
| would still be a struggle, but less so by three orders of
| magnitude.
|
| [1] https://xkcd.com/538/
|
| [2] This is _also_ why the 3D era of film made movies way too
| fucking dark.
| mysteria wrote:
| _To be clear, traitor-tracing each stream would require a
| unique encode per account to inject the stegotext; that 's
| computationally unfeasible. Doing one encode per movie
| theater would still be a struggle, but less so by three
| orders of magnitude._
|
| If the movie is streamed in chunks, only certain short
| segments would need to be reencoded to add watermark data.
| Alternatively it might be possible to splice in a short
| segment with the watermark between keyframes of the
| preencoded film.
|
| Finally all of this could be done on the audio side which is
| much less computationally intensive compared to video.
| thr0w wrote:
| > If the movie is streamed in chunks, only certain short
| segments would need to be reencoded to add watermark data
|
| Look into A/B watermarking -
| https://techdocs.akamai.com/adaptive-media-
| delivery/docs/add...
| kmeisthax wrote:
| If you were only watermarking short sections of the video,
| wouldn't that make it possible to analyze the stegotext and
| erase it? You could have a handful of people rip the same
| video and then compare them, and if different sections get
| watermarked then you can reassemble an unwatermarked file.
| This also applies to splicing in short segments of
| watermarked video.
|
| If you have the whole thing watermarked then all you can do
| to fix that is averaging; which might not even destroy the
| stegotext.
|
| Audio watermarking is definitely an option; hell, there's
| already a DRM scheme called Cinavia that relies on
| watermarking[0]. If you cam a movie and play it on a Blu-
| Ray player, it'll actually trip this DRM scheme and, at a
| minimum, mute the audio or refuse to play the file. I would
| argue this is probably the most successful use of
| watermarking, at least in terms of "how much piracy does
| this frustrate"; but even then you can just play your cams
| on something else and get around it.
|
| And this is all assuming your CDN provider offers cheap-
| enough edge compute to inject watermarks before the video
| hits the user's device. I haven't looked into this
| recently, but I remember early DRM schemes having very
| silly bypasses[1] because CDNs could only serve static
| files. Someone else linked to Akamai documentation about
| watermarking, but I have no idea how much extra that costs
| or how much it might complicate other parts of the setup.
|
| [0] https://en.wikipedia.org/wiki/Cinavia
|
| [1] e.g. Remember when someone made an iTunes Music Store
| client that just didn't encrypt anything, because all the
| encryption was done on your own device?
| mysteria wrote:
| Sectional watermarking is always going to have a higher
| risk of detection using multiple rips but that's the
| tradeoff you get with computational power. As you said
| the best option is to watermark the whole thing but
| that's expensive.
|
| Cinavia looks interesting as it's done on the client
| side, like how programs like Photoshop detect the
| watermarks in banknotes to prevent people from using it
| to create forgeries. If they managed to get it into the
| firmware of every television, AVR, etc. then it would be
| much more effective than just having it on Blu Ray
| players.
| thaumasiotes wrote:
| > Problem is, the number of people who actually have the
| password that unlocks the projector is really small[2]
|
| > [2] This is _also_ why the 3D era of film made movies way
| too fucking dark.
|
| What is the relationship between these two things?
| washadjeffmad wrote:
| Wondered that, too.
|
| Assuming it's not a typo, guessing that 3D films needed
| some additional calibration that didn't happen because it
| was a hassle needing the manager to make and reapply the
| changes.
| kmeisthax wrote:
| 3D requires inserting an extra device into the image path
| to split the projector light into polarized halves,
| otherwise the 3D glasses don't work. Because of how light
| works, half the light is thrown away. So you either have a
| darker picture or you jack up the light (which, according
| to theater owners, means more wear on the projector's light
| source).
|
| Now, in an ordinary scenario, you'd just have the
| projectionist remove the extra polarizing step from the
| image path for 2D showings. Except, remember, all of these
| projectors have DRM specifically to control who is allowed
| to put things in the image path of the projector. So now
| management has to be called in every time a theater needs
| to change over from a 2D or a 3D film.
|
| Or you follow the path of least resistance and just leave
| all the 3D crap on the projectors all the time, keeping it
| at the same brightness for 2D (to save money on
| maintenance), which results in everything being darker.
| Thlom wrote:
| It's been a few years since I was in the industry, but I
| don't think this is entirely correct. As far as I
| remember the polarizer (or for Dolby 3D, the color wheel)
| was placed on a rail system to be slid in and out of the
| light path when required (It's possible that
| cheaper/older versions can't be automated). The polarizer
| is placed outside of the projector in front of the lens
| so no password is required to remove it. There is a
| security step between the projector and the playback
| server, but that sits on the first PCB the data signal
| from server hits on the projector (If I remember
| correctly).
|
| With regards to the projectors light source you are
| correct, higher illumination means more wear on the XENON
| lamp in older projectors. If you have the polarizer in
| front of the lens at all times that would be a problem.
| With newer laser projectors I don't think higher
| illumination is a big problem for the longevity of the
| laser.
|
| In any case, projectionists barley exists anymore and
| cinema managers knows next to nothing about the technical
| aspect of the business. Basically everything is automated
| to such a degree that all the cinema chain management
| needs to do is to populate the ticketing system, then
| films, advertisements, trailers and announcements are
| automatically downloaded, playlists created, distributed
| to screens and scheduled. Lights, projectors, doors,
| curtains and so in is also automated.
| lern_too_spel wrote:
| > Hollywood is stupid and eroded its own economic advantage
| by putting everything on streaming.
|
| If moving to streaming made them less money, they wouldn't
| have done it.
| dist-epoch wrote:
| > Hollywood is stupid and eroded its own economic advantage
| by putting everything on streaming
|
| You are making a big assumption that they had a choice, that
| if a movie was not put on streaming, the consumer would go to
| the cinema to watch it.
|
| But many consumers don't, if the movie is not streaming, they
| just don't watch it at all.
| Bedon292 wrote:
| But how much of that is because they know it will come to
| streaming soon for free? I feel like the 'if the movie is
| not streaming, they just don't watch it' mentality was
| driven by everything being put on streaming. I am not the
| average consumer, so I could definitely be off base, but I
| feel like people were more willing to go to see a movie in
| theaters when they knew it would be months before they
| would be able to see it if they didn't. Now it can be
| available for streaming within weeks, many times included
| with the subscription you already have. Hard to justify $20
| per person to go see something in a theater when you can
| all see it a month later included in your $15 subscription.
| dist-epoch wrote:
| > but I feel like people were more willing to go to see a
| movie in theaters
|
| There was no Internet, no TikTok, shitty games, not much
| to compete with movies then.
| stepupmakeup wrote:
| Screener leaks or insider (outsourced VFX for example) leaks
| Animats wrote:
| JPEG 2000 for each frame? I wonder what they use for
| decompression. JPEG 2000 decompressors are really slow. Most
| couldn't keep up with frame rate without GPU support.
| userbinator wrote:
| Dedicated hardware, not even regular GPUs. JPEG2000
| decompression has a rather complex entropy decoding part which
| is not easily parallisable.
| fulafel wrote:
| Only on the intraframe level - Frames are independent so
| overall it's "embarrassingly parallel".
| crazygringo wrote:
| There's no point to decoding in parallel if you're watching
| in sequence.
| dsr_ wrote:
| If your hardware can only manage 4 frames per second but
| you need 48, then decoding with 12 sets of hardware in
| parallel achieves your goal.
| crazygringo wrote:
| Derp, quite right. Never mind, thanks!
| Aurornis wrote:
| The parallel part would come from batch decoding upcoming
| frames across multiple cores and buffering the result.
|
| 4K at 90fps decoding is easy for commercial decoders with a
| consumer GPU. The dedicated hardware solutions are out there
| but they're not the only way to do it any more.
| perryflynn wrote:
| The frames are sent encrypted into the projector. The projector
| has special hardware for decrypt and decode.
| andreashaerter wrote:
| I also recommend an insightful talk by the author of the article,
| delivered at a Chaos Computer Club (CCC) event (GPN,
| Gulaschprogrammiernacht) on this topic. Unfortunately, it's only
| available in German, but it's definitely worth watching:
| https://media.ccc.de/v/gpn22-382-kein-kinoerlebnis-ohne-korr...
|
| ,,No cinema experience without correct certificate management...
| A look behind the scenes of a cinema with a digital projector
| system, how distributors deliver films to cinemas with end-to-end
| encryption, and how films are protected from piracy. In addition
| to an overview of projector technology, the presentation will
| demonstrate the file format and manual decryption of film data."
|
| Edit: I just realized that the author of the article also
| delivered the recorded talk, adapted my comment.
| jeffbee wrote:
| It's remarkable that they do all this in the context of box
| office revenues cratering. In 2024 American theaters has less
| gross ticket sales than they did in 1982, in constant dollars.
| The whole thing of movie theaters is just over.
| tverbeure wrote:
| Why does that context matter? It's not as if the use of DRM for
| movie theater distribution influences whether or not somebody
| goes to see a movie.
| jeffbee wrote:
| No, the other direction. Clearly the problem is that nobody
| wants their product, not that everyone wants to steal it.
| KaiserPro wrote:
| Encrypted DCPs have been around since when DVDs were still a
| revenue generator.
| dherls wrote:
| I'm confused why it's encrypted as a JPEG image per frame instead
| of one AES encrypted video file. Since the same AES key is used
| for each frame it wouldn't add any additional security imo
| Aurornis wrote:
| I think JPEG 2000 is simply the chosen format for distribution
| of the video, not for security.
|
| JPEG 2000 has some interesting properties for very high quality
| video storage and transport where bandwidth is not a concern.
| The traditional encoded video formats we know are less
| preferred at this scale.
|
| JPEG 2000 is resource intensive, though. The decoding hardware
| is probably either GPU based or using an FPGA implantation from
| one of the providers who makes hardware for this.
| userbinator wrote:
| It's definitely dedicated hardware JPEG2000 decoding.
| KaiserPro wrote:
| DCPs were designed to be jpeg200 streams with a bunch of audio
| streams as well.
|
| The idea was that they wanted up to 16bit colour (per channel)
| lossless imagery. The encryption was (or so I recall) was an
| extra feature.
| perryflynn wrote:
| One movie can be 200G to 1TB large. The chunked encryption
| allows it to seek the movie without decrypting from the
| beginning.
| 01HNNWZ0MV43FF wrote:
| But any computer with full disk encryption also has seekable
| encryption
| shmerl wrote:
| "Standards that have to be purchased". Someone is just trying to
| fleece the participants. That's what whole DRM is about most of
| the time.
| tverbeure wrote:
| Standards are often cheap. Many tech companies have a
| subscription to all IEEE papers and standards. The incremental
| cost of downloading one standard more is in the noise. But even
| if you don't have a subscription, the price for, say, the
| 802.11n standard is only $381.
| KaiserPro wrote:
| Packaging DCPs used to be a massive faff. (it might still be one)
|
| Basically they are a tar[1] of images with a bunch of audio
| streams for different speaker configurations. depending on the
| quality settings, they can be encoded for higher colour space (ie
| 16 bit log per channel)
|
| Even with lossless jpeg2000, these packages can be huge.
|
| But, back in 2011, the biggest problem was encoding jpeg2000
| required hardware to get anything near realtime performance. (I
| also think there were dedicated DCP packaging machines, but I
| never actually saw one.)
|
| One of my colleagues decided the best way to ship the finalised
| movie was to open up an NFS port on sohonet and let the
| technicolor hook the DCP packager directly.
|
| it worked, but our CTO diplomatically asked them to stop.
|
| [1] not actually but conceptually similar
| jackjeff wrote:
| > The video stream is encoded as one single JPEG2000 picture per
| frame. Each frame is encrypted with the same static AES key.
|
| Is this not a problem? It's not a good idea to reuse the same key
| to encrypt very similar files. Similar to ECB. See the famous
| penguin https://words.filippo.io/the-ecb-penguin/
|
| I'm surprised they don't use something like XTS commonly used for
| disk encryption. It derives a unique key for each block/frame and
| allow you to access each individual blocks/frames non
| sequentially.
| perryflynn wrote:
| No. They use a unique IV for each frame:
|
| > Every Frame is using a unique IV (Initialization Vector),
| which ensures that the AES Block Cipher generates always
| different cipher texts and makes brute force harder. This works
| similar to a Password Salt.
| jackjeff wrote:
| Oh thanks. I missed that. I guess that works pretty well too!
| NoMoreNicksLeft wrote:
| >Encrypted DCPs use Forensic Watermarks which contain the serial
| number of the projection system. So if a recorded copy of a movie
| appears online, the theatre will have to answer serious questions
| and may never get movies again.
|
| Is this not as simple as dumping the same movie from two
| different projectors, diffing the output, then obfuscating the
| watermark?
| TheDcoder wrote:
| To do that you need to figure out what parts are noise
| (watermark), simply diffing them would just give you a
| different noise pattern which can still be analyzed depending
| on how the watermark is encoded.
| asdcplib wrote:
| Hi, asdcplib author here (mentioned in the article.) Excellent
| writeup of DCP and related tech. FYI the colorspace of an SDR DCP
| MXF file is X'Y'Z' with gamma 2.6 (see SMPTE 428-1.) Other MXF
| formats (i.e., not cinema) use a wide variety of colorspaces.
| Despite the huge range of XYZ, DCP image files are usually
| constrained to code values that fall within P3 (again, SDR.) The
| HDR applications are more interesting.
|
| Upon reading the comments: * DCP is a B2B format. DCP usage is
| licensed by contract, not EULA. Please keep these important
| differences in mind when commenting on DRM. * Decrypt, decode,
| color processing, watermark occurs in FPGA. If you think that
| sounds hard, remember that all of this tech was originally
| deployed 20 years ago. Moore's law has made our lives much easier
| since! * Frame-by-frame encipherment, rather than whole stream,
| better supports random access and the famous tobacco
| intermissions popular in the EU.
___________________________________________________________________
(page generated 2025-04-21 23:02 UTC)