If you know where to look L1 content can be readily downloaded, including the original 4K streams. As usual the net effect of DRM is to make the paid service inferior to piracy. That's not what I would call "wining".
I don’t understand how it can ever be secure unless you let some DRM representatives basically come and do inspections.
Fundamentally, you are going to show a video and play an audio stream. Fundamentally, it can be recaptured perfectly because it must be displayed and played perfectly. There is simply no way around it. DRM can only make life hard for the regular Joes.
> I don’t understand how it can ever be secure unless you let some DRM representatives basically come and do inspections.
Oh god, that’s a level of hell I haven’t even imagined. I wonder if the future could ever become as dystopian as that for real. What it would take for that to happen, and how.
I don't know, but assume, that the movie studios do this for movie theaters.
Seems to work pretty well, since too my knowledge those are only ever leaked by audience members pointing a hidden camera at the screen (with all the quality issues that entails).
In theory DRM could be mathematically perfect. However DRM relies on actual implementations both in software and hardware and shares a lot with broader security. Software implementations can have bugs but it’s relatively easy to ship fixes. The hardware level however is where it becomes very difficult to ensure a valid implementation of “secure compute” or “trusted zones” which are key to DRM and general security, particularly from an agent with physical access. It costs money to ship new fixed hardware, if it’s even possible. Then even if a given hardware implementation is correct there are ways to physically glitch the hardware to skip the checks. ESP32 chips had an issue like that where the hardware encryption was correct but simply “glitching” the voltage at the correct time could cause the processor to skip the encryption check entirely [1]. It’s very difficult and costly to make hardware immune to all such attacks. Small seemingly unrelated physical details can become novel ways to break the encryption system (like specter).
Ultimately I’ve come to believe that DRM and it’s cousin of system security is an economic game. So DRM useless in that it will probably be cracked after some time, but that time can translate to revenues or control until that point. It depends on how much money you have to throw at either hardening and cracking systems. It’ll likely become harder (i.e. more expensive) in the future to crack hardware DRM in the future as the technology becomes more sophisticated and classes of vulnerability are discovered and mitigated. But then the cracks become more valuable both for anti-DRM or anti-security.
How can DRM ever be perfect? It relies on your computer to be able to decrypt the data so it an never be "mathematically perfect" like regular encryption can be.
Current DRM is all about shoving the decryption part as deep in to a chip as possible and betting on the fact that it is physically too hard to extract that info. So it will always be exploitable with some amount of effort.
The DRM implementation and algorithm could be "perfect" in a mathematical sense, but as you point out they tend to rely on a PUF in the silicon hardware. Currently very hard to extract but not completely so. However, say a system had a quantum based PUF then it could be unclonable due to QM. Such a system could still be potentially cracked by causing issues in the processor itself like with the ESP32s. Which was my point, since there's a physical system to work in it'd be impossible in a practice to make perfect. Hence it boils down to economics.
It doesn't boil down to economics at all. Even if you push a googolplex dollars into perfecting it. If you wanted you can still relatively easily snoop the electrical signals that control an LCD to reconstruct the video. This is not possible to encrypt and never will be.
It could only be described as "mathematically perfect" in the sense that without the decryption key, the encrypted data is no more useful than random bytes.
But DRM fundamentally needs to have the decryption key available at the end user's device - which at least in my opinion, makes it better described as "provably mathematically impossible".
You still have to deliver the new keys to the clients. As long as the client can decrypt the file, the client can also decrypt and dump it to storage. And if the top pirates keep their methods secret, you can change the keys all you want and not know how they are extracting them each time.
Pay NZ$20/mo for Netflix in UHD, or fuck around on pirate sites to make sure none of the people making the series and films I'm enjoying, while hoping that no-one has dropped an entertaining payload in the site ads or the files I'm downloading is "piracy is more convenient"?
The downvotes are for a shit take disconnected from the reality of people who aren't determined not to pay for something.
It sure is when I can load an entire show on a Plex instance and can sync it on my mobile device without any arbitrary limitation (like how many episodes I can sync, or synced copies that expires after a while which I experienced abroad on Netflix).
This has nothing with a determination not to pay or to have studios go out of business. This has everything to do with artificially restricting me from being able to watch the content I pay for in a manner which is convenient to me. I have no interest in buying into a proprietary ecosystem of shitty software just to watch a TV series.
Whenever a service provides content in a way which I can access DRM free, I make sure to reward them for it by voting with my wallet. I sometimes also tell them to make sure they understand that one of the factors in my decision to give them money was the fact that they offered the content DRM free. But not because I wanted to re-upload it for free via bittorrent or show it in a cinema to all my friends, but precisely because I wanted to watch it on my computer without having to install crazy whitebox crypto nonsense.
I don't think normalising having to run someone else's crazy whitebox crypto nonsense on your computer is a good idea. Even if most people don't know or care.
This seems to be confirmed by the fact that most torrent sites have 4K copies of brand new streaming only content while no publicly known exploits exist.
Since you are running the exploit locally without affecting other peoples machines, I imagine it would be close to impossible to work out what exploit they are using.
Are those actual decrypted copies of the original stream, though? Or did they just re-record the output? For the latter you'd only need to break HDCP, right?
Well but there's likely to be at least a small quality difference, and a considerable a quality per file size difference, because the video would need to be re-encoded.
Broken TZ does not mean the algorithms are broken, only that exploits exist to bypass TZ. Fixing the exploits doesn't break anything about the algorithms for decode / decrypt.
Yep. I remember when Blu-ray "required" Windows Vista because it had better DRM APIs then a few months later the studios gave in and allowed playback on XP... which was immediately cracked. Ultimately you have to meet customers where they are which is old devices.
