A Brief History Of Anti-piracy - Rael Sasiak-Rushby

hopefully you're here because you're interested in you know piracy anti-piracy it's a lot of fun I haven't bit of a confession the title of this was a brief history of anti-piracy but I kind of as writing it like bit the dirty millennial and who for tap 2000 probably isn't relevant to me I'm going to kind of find out if it warrants a kind of became a brief overview of anti-piracy really what I want to do through this is talk about what the kind of general concept of how we prevent piracy and then look a few technologies as well what's the end of it like cool so and then towards the end I'll talk about the future of DRM a bit

of a glossary for this presentation I may use the phrases cop protection digital rights management or anti-piracy measures techniques interchangeably they are different things you can search them up to find them yourself you can ask me about them later if you want but for the purposes of this talk they're all the same thing they are about preventing piracy in some way or other or they are tools or techniques used to prevent piracy within this context I mean if you're going to do at all kinds of piracy we have to define what is a pirate and so I mean a big company it gets a lot of piracy problems this Disney so we might go for that

definition which is fairly self-explanatory very obvious but mean for our reasons we're actually going to be talking about people who create a list of copies of media the people are going to be distributing that media and the people that consume that media and all of these people will be classed as a pirate they represent the different areas in which we tackle piracy and any sort of technique or technology we use to prevent piracy will aim to hit one or more of these people or steps within the process and so I did I did do a bit of what is the history of piracy and so the first case that I could find from reading up was in the 570 ad

which was in Ireland and it was the first legal cop the first legal case all brought before King at that time a monk was copying Seltzer's so st. Columba was underneath like was not big on the church hierarchy but he was visiting a another another abbey of st. finian of Melissa Melissa Melissa Abbey and he copied the books that this person had and it was at that time when you had religious texts you know it took weeks to copy books and so a particular priest or like Abbess books were his property and they contained the sum of religious texts that he had gone out and found through his travels or through his meditations on the words of

God this case was brought before the king the King actually ruled in favor of the original owner of the book saying you have to telling sorry telling st. Columba to give the copy to san finian because any copy is the owner of the 'like the owner of the original owns the copy as well so that's the oldest case of that that I could find and then when you're looking at kind of statutes and laws coming in the first one was the statue of an brought about in 1710 mainly giving rights to booksellers and publishers essentially the person who owned it the person who authored it didn't necessarily own it at that point it was more the actual publisher that owned it

and they had exclusive rights to that material it was mainly used as a censorship scheme essentially everything had to go through the crown to get copyright and the cop they could deny copyright and or they could deny the ability to copy things to anyone they could sense of what they wanted on the copy press we're not actually gonna go into how good or bad DRM is it's a whole political minefield if you really want to hear about my opinions on it talk to me later and the part but for this thing we're just purely looking at the technology we're going to be you know politically agnostic we don't really care we just want to know

how it works what the aims of anti-piracy so there's kind of four main areas here we want to make it difficult to make those unauthorized copies of media so you know someone's got a DVD you don't want them making another DVD selling off their mates or if they're installed a game on their computer you don't want them just copying the files off to their mate again distribution like making copies of it should be difficult we want to have to trace any traitors within a system so this is one of the key things that you'll find in a lot of systems is figuring out whom who released it you know how did they get ahold of the media and then you can set

you can then kind of reverse back to how did they get a copy how do they make a copy so there's a difference between whether I pull a film off of Netflix or whether I've got a camera from a cinema versus if I rip it off a blu-ray disc and I want to know which of those three was the weak link so that I can focus my anti-piracy methods on securing that channel again he also means like for example if you've got distribution with certain companies you might want to say this person did not fill their contractual obligations I will now sue them for X million because you know Sony left a server open on the internet

revocation of access this comes down to trade tracing again once you've found out who the traitor is you want to make sure that they can no longer do the piracy in the future you want to revoke their access to ideally retroactive access so they can't access any media they had before but at least prevent access to new media in the future so they are you know there's punitive measures they can't keep releasing that same media they have to find new techniques or something like that and this is really interesting because at the end of the day you have to realize that leaks are inevitable so you need to be able to revoke things as quick as

fast as possible and then but still allow other people and that's kind of the main the fourth point essentially really has to be unobtrusive to legitimate usage one of the main arguments about DRM comes in video games because DRM slows down video games it's it is obtrusive in some regards they try and make it as honest truth as possible but when you look at things like your blu-ray disc if you have to put in your blu-ray disc and then type in a password using your TV remote you'd never use a blu-ray disc because it would be really annoying and you'd hate it and any other media that said you didn't have to do that would be

the one that wins an interesting story on unobtrusive to legitimate store usage is well there's a couple of them mainly from video games assassin's creed to the fact that the authentication service went down for a while which meant you couldn't save anything and then it wiped all the save files on your computer if it couldn't connect every like two minutes or something daft again legitimate users were blast off in that situation because the Pirates had broken the code that did the verification so they'd never required verification so pirates never had an issue that there's DRM who denovo which was used to protect a whole bunch of their whole bunch of games including things like Batman

Arkham Asylum and when the diNovo servers went down at one point no one with the legitimate copy of the game could play the game for about I think it was three days and servers were down but a pirate could so again the you have to be unobtrusive to legitimate usage it's the more that you hamper the legitimate usage the more it's going to affect your business model the more people might turn to other methods or even just like competitive companies oh and another one for that is that a lot of games are now unplayable because their servers don't exist so the game called Darkspore you can't ever play lawbreakers you can't ever play again just because the servers

that ran the authentication and don't exist anymore the company didn't bother to keep them up after three years so contents of this presentation as I say general techniques are going to cover water marking stenography steganography cutting off supply chains source to sink protection on my verification and to reverse engineering so that you kind of general how we would do anti-piracy in general sense and then going into more specifics on cinavia HTH CDP Widevine vm protect and then a few miscellaneous ones which I thought were really interesting kind of like side channels on how we might protect the media what marking a steganography I mean you've probably all seen this kind of stuff so over watermarking if

you ever watch TV where did this one come from well it's obviously a ripoff of the hub because it's right there in the logo sometimes they try and hide them a bit or they try and again to make it unobtrusive to the legitimate user you can barely see this one up in the top left and this one is even less like you can barely see it but again this is all about kind of traitor tracing essentially it's saying that if you see this screen going up or you see a video going up with this watermark in the corner that you know that the Pirates are currently ripping from this stream which means they've suddenly they've got

access to this TV channel or this digital media distribution system and they have somehow found a way of getting that media so for this like most people rip off of TVs they've got DVR boxes essentially but you know if you've got the hub one that's an online service or it's a desk set-top box how are the users getting into that that's that's a point of investigation as opposed to like trying to target everyone figure out where it came from I can go it must be people are on the hub where's the weakness within the hub an interesting one that I put in here because it's something I know a bit about and some are friends do

hard stopping can be used as a way of watermarking essentially it's something we have to get around if you're doing certain types of piracy and fan selling and stuff but essentially what it means is you've got your video and if it's in a foreign media you've got subtitles well if you burn that on to the video then you can see if someone is using your video source because it's got the giant subtitles button into it especially one of the best sources within kind of Japanese anime for video quality streaming is a German site and so they have German subtitles button into the videos you know a lot of the kind of piracy is aimed at an

english-speaking audience and so you know it's very obvious they don't want to see giant German subtitles along the bottom it's ruining their picture quality an interesting what I love steganography essentially great talk if you want to see it called doom behind the music so this is Mike McGowan and he's the music producer behind the music in Doom and for one of the bass lines I forget which track it is within the game but he essentially you steganography and you can see 666 and a pentagram within the music and so well this is steganography hiding data within other files within music you essentially set different frequencies and they're almost impass like there were they're imperceptible to humans or just sounds

like a bit of distortion but when you run it through a spectrum analyzer you'll see images I swear I'd heard about one in Radiohead but I couldn't find the image of it and but I know of other ones and if you just search kind of steganography music online you'll get some great ones but it's not just music you've also got it in JPEG files so I mean there's a really classic one hiding data within exif data on a jpeg put an encrypted zip file and exif data the other one that gets used a lot and you'll see that with Facebook tracking is is what's known as desolate air discrete cosine transform is the method used to compress a lot of images and

because you just basically flip the low-level bits in that and it's imperceptible you don't notice one pit like one bit level of slightly less blue but a computer can and it can fingerprint and say this image was pulled from this Facebook group or it was uploaded to Facebook at this time and then was saved at this time and so you know we can do this within media in films we can hide images or we can hide data within the frames we can hide it within the audio or we could hide it within some sort of file or metadata that comes along with streaming services and the good one in case you haven't heard of it

printers and they're sneaky yellow dots so I recently heard about this as an anti money counterfeiting measure and then it kind of went a bit big when was a reality winner reality lay winner was essentially cool because of yellow dot so if you don't know the story of reality will a winner she was a contractor working with the NSA and she got a hold of some confidential documents she printed them off in the office and she then scanned them and sent them to the register the register contacted the NSA to verify the integrity of these documents were they correct and it they eventually traced it back to her and the full story and that is that when you go to print something

it will always print yellow dots you can't see them if you get a piece of paper next time you printed something and look very carefully it's not always enabled most of times is there's tiny yellow dots just kind of across the page barely noticeable to you but they contain data so usually it's a timestamp MAC address of the printer and they might include other data depending on what the system's hooked up to do in this case it uniquely identified the printer that she used to print the time that she used to print it and from that they could conclude that she was the only what like she had been the one to send that print job because at the

system they obviously sent print jobs scan in and they think so they could tell that at that time the person using that printer and they knew which printer it was was her therefore she had printed those documents therefore she was the leak to the register and so you know she got caught and I didn't follow up on exactly what punishment she's received but you know it's how you get caught why are we doing all these watermarking and stuff usually it's just identification we want to find out where this originally came from and you get a lot of them broadcasters you could even do reviewers and beat testers often get caught out for this especially when you see movie leagues

it's usually from what are known as screeners so they send them off to other publishers or companies or viewers to say like here's a screener what do you think of this film you know give us up give us some feedback and it can also help categorize the leaker so a lot of films include kind of watermarks within their audio tracks and you might be able to see things like all of these cameras have come from the distribution that was given to Odeon specifically the distribution that was given to Odeon in the north of England and that kind of narrows down your search to okay which positions within thing or then you might also go like a collaboration on groups

and say okay this group only seems to hit northern ones but they sometimes hit this one that's in a different band okay they must live in this location it's about narrowing down who well that's all great and stuff but obviously you know not everyone gets caught pirates are still at large and one of the most obvious ones I mean when I saw the reality later when the case was why didn't she just do a very low contrast scan or very very high contrast can he do a standard scan on a document and your standard office scanner now he'll do a black and whites down only which it won't pick up the yellow dots because that's kind of the point of them being

barely noticeable they were just turned to white and in that case she wouldn't have been caught essentially if you produce high and that also comes into a lot of thing so when you look talked about cam reps from cinemas you essentially make poor quality recordings and that might get rid of some watermarks if the watermark is one bit level in a color your camera's not going to contain that information that camera that you've got or if it's an audio it's gonna have extra reverb or something like that depending on the kind of shape of you the cinema or the quality of your microphone the poor quality means that that watermark or thing or steganography has been obliterated source mixing so

going back to the hard something what some groups will do essentially they get that really nice video quality off the German site and then they'll get another video which is slightly lower quality but pretty much okay and then they detect where the subtitling is patch out the subtitles with the videos of the slightly lower quality so most of the video is high quality but there's a low level slice of it that is slightly lower quality but another thing you might do if your say ripping films if you can get three sources ideally from as disparate places as possible then you do a frame-by-frame or audio mixing and you basically say whichever data two of these sources agree on is the correct

one because then whichever one is that if there's any difference then that's a watermark in the third one essentially so you assume that if any two agree that's the correct thing and that could help you clear through a whole bunch of frames that they might put in to detect like so they might use watermarking frames where they have specific frames or scenes that are only present in certain releases and then there's watermark removal techniques I mean we're in the age of computers and really fast graphics and all that stuff you can detect watermarks in the corners of things we're trying to adjust them back out especially if they're slightly there those white ones it's like transparency

you can kind of adjust those out essentially and correct for the colors that were behind them so the next thing you can do you can cut off the waterhole and so what I'm talking about here is making sure they as a user or an obtainer of illegal media I can't forget too that illegal media so I mean the common ones you'll see here DMCA requests raids how the legal action I hope I'm not the only one who's seen that this site has been seized when you've been browsing for whatever content you would like to see or maybe you just happen to look at cat when it went down but you see site down site takedowns a lot especially in big media

stuff and you know Digital Millennium Copyright Digital Millennium Copyright Act various sites get tons of these and it basically essentially asks you to get rid of copywriting media when we're talking in more of a nation level we're talking about blacklist to certain domains so the UK requires the all ISPs block access to certain domains or they won't let you resolve certain IP address that domain they won't let you resolve certain domains they're gonna let you connect to certain my piece common ones everywhere like hopefully you'll realize you can't properly connect to Pirate Bay usually cap had problems for ages nyan doesn't exist well it's a new question of it and so that's kind of nation level and that's

something that really is not something in this room you'll be involved in but I something that happens and that's about big media companies going to cut governments and requesting it search engines DMCA's Google gets all of the DMCA's in the world I forget I've still figures for it once and it's an insane figure about how many like DMCA's they get every day and again you know remove it from the search engine if I search up for Deadpool film on Google ideally it will only ever send me to Amazon it won't list or you can download it from this site here so and it's about making harder if you know where to search you'll always find it

but you know your average user your mum your dad who wants to go and see this film and they can't be bothered to go see it or pay for it it's about making that harder tracking network usage you might think this doesn't happen people get caught for this a lot especially in the world of torrenting so a common thing would be if there's a high upload from a home user there's kind of no excuse for that usually there's people to get around it with having excuses especially as we get this work at home kind of culture coming through but when ISPs seem high upload from a home user sometimes they'll be involved in protocol tracking so you

know if they're seeing certain packets that look like a UDP UDP BitTorrent connections or requests or just unusual times of operation most home uses are online 24/7 that might indicate that they're running a home server they might have a seed box or there might be some other reason why they're doing something and it's just it's again again identifying narrows the band of people a bit suspicious and people do get caught for this or at least investigated because of this circumnavigating you know if you're if you're in these scenes where you're trying to if you're trying to distribute these kind of things it's all about good OPSEC hopefully everyone knows like Dread Pirate Roberts got caught and you can look into the various

objects that happened or the very his OPSEC and how bits of it failed and how it worked out it's a great talk from it on Def Con if you're interested if you're looking for the media you might use tor VPNs or other proxy services to try and route your traffic through an ISP that doesn't block connection to certain sites you can transmit using disguise packets so tor does this a lot but I believe there's some plugins for various torrenting programs that will essentially connect in different ways things that don't look like standard BitTorrent connections or standard file sending and then obscure and deep links so if you're using onion sites tired of people to track it and they're not gonna

be able to block all of them supposed to sync protection it's all about trusted chains so when we've got media we have to produce it somewhere we will then encode it that's probably on a company server somewhere we then have to deliver it so for a streaming site that's across the internet will have CBN's everywhere and we'll be streaming that media to an individual users computer but a delivery channel might also be mastering a blu-ray disc or something like that or producing a an installation for a game so we need to securely deliver that content to the user where they need to protect it while it's being decoded especially if you've got systems like DRM with Widevine

you want to protect the secrets that allow the decryption of this media to produce a nice image you can see and then it goes all the way down to the audio-visual displays so there's a hdmi cable plugged in here which is going into various players but up until it gets to a screen you want it protected so that at no point could I jack in something in the middle or wiretap the HDMI cable and just pull the stream of nice pictures because that's what I would do if I wanted to stream if I wanted to you know pirate a film I might just play it on my laptop and screen record it and at the end of the day

there's always gonna be some way of doing it I mean it's gonna get that if I really wanted to I mean I could have a separate screen HD Mike cable in the back and it can be all secure all the way up to the screen but I will make a PCB that's let slots on the front and pulls all of the raw pixel data out if it's gonna cut if it's gonna net me 20k for some reason to do that I'll do it but it's not so it's about making it hard enough that it's not worth the effort it would take me to do to get the media in a good stat format it's also

usually about pushing it down the chain as far as possible because especially within kind of pirate communities you'll be looking at trying to get the most authentic experience so they will try and go as close to the original production as possible if I rip it from this screen it's going to have a lot of decoder errors because of my specific graphics decoder that I'll have it'll be huge uncompressed because it will be raw bitmap and there should be really unwieldy there might be crackling there might be problems with the cabling realistically as a pirate I'm gonna try and get all the way back to that first server that they had it on in RAW format

because that's as close to the original and the closer to the most consumer experience I could ever get okay so the other type online verification this has mainly applying to video games but I mean hopefully well no I don't suppose everyone is still at video games but one-time license checks in the old days when you had your CDs or whatever or your big floppy discs slam one of those in it comes up with a please enter your license key it's a one-time check on the installation time allows users to crypt the CD copy the files over to your machine and they are a tree ville one time so if if you're kind of downloading a game off of steam you

download the game files from the server at that point there is a a check being done that you have the authentication to receive those game files from Steam so that's a check that happens on boot-up of the game or whatever media you're using you might get a check as well so the classic games that require that you have a CD in at all times or something like that and that might be then they only copy certain files they don't copy the full game or they might be providing like constant license checks against the CD or they might be doing it online as well and periodic rechecks and the most interesting form for me on this is data

retrieval which is something you're seeing more and more in video games so essentially instead of providing you with the full game now it provides you with 99% of the logic for the game but games like prince of persia sands of time had an interesting thing of piracy protection where you have to be online all the time and the reason you have to be online is because none of the door logic was in the game so every time you flick a switch to open a door it contacts the server to ask should which door does this switch open what does it do is there a delay is there anything and only when the surfer responded yes

it's a door open that one then it would perform actions so you're seeing this more and more where they push some of the logic of the game onto a server and again it stops you playing in an offline mode and it's mainly to stop piracy because if you force them to be always online you force them to be authenticating to a server all the time to do these checks and that means that you know you're constantly being able to authenticate there's only one person using this game at the time and it's legit I could perhaps perform other actions about like hashing the filesystem send that off check that the hash still matches to what it was

expected and how do we get around that well the most usual thing is to fake the verified by server responses so well there's two main methods you can spin up a fake server for a century route your dear Nestor that it always talks to that fake server and then you know in the case of Prince of Persia it asks you what does switch number five do and you go opens door eh it just sends it back you capture what requests you expect and then you faked that server you can fake requirements for an offline mode so you know Steam requires that you've logged in at least once and it has various methods with by which it

maintains a kind of safe mode when it's in offline but you can fake those I'm not sure entirely on the details but there are ways of you know making steam think you're you've been online once the other main thing patch supplier verification at the binary say if you do reverse engineering and stuff like that you would realize that you could just get the raw binary figure out which the verification calls what they need to be returning and then you just patch that out or give them the correct return things or you might even reimplementation functionality so I forget the game but there was a crack team who basically implemented a whole bunch of logic in a game because it was

done on the server and they just added it in it's another function it got called on and it just allows you to you know break that requirement of being online and do reverse engineering so it's not huge it doesn't happen too much but obviously as you're if you're a pirate and you're trying to crack a game there's gonna be a lot of that they don't want you to crack it they don't want to make it really easy to go that's the verification call make it return true done and so I mean this is just one Sloane or a couple of slides but obfuscation compiled programs to non-standard instructions movies turing-complete which is I find hilarious or use obscure or undocumented

functionality and there's a really interesting talks on on kind of what gets done on this and I suggest you search them up but you know reverse engineering happens I mean we've seen all of the Def Con talks and I particularly recommend this last one because it's very interested is specifically about DRM code and some of the kind of undocumented functionality it uses to prevent people attaching debuggers stuff for that don't worry about pictures as the references at the end and I will pick up pick up the slides online so we've gone through really broad terms of what piracy is what it can be done and let's focus a bit more on some specific technologies and paths go into how those work so I

mentioned cinavia at one point their tagline is it kills camera rips fast and so essentially it's the audio watermarking system it's specifically designed to withstand the kind of standard distortions you would find from someone having a shitty microphone and recording on their phone in a theater it only uses eight bits of data to identify itself but it usually is used to tag a particular release as theatrical release or it's for home content on a blu-ray disc or it's a preview release and those numbers come once and then any playback device that receives this media should try and verify if the cinavia watermark is present and if it is is it of the correct type so if it is essentially

hears it detects the theatrical release playback when you put your blu-ray disc into your blu-ray player it won't play in the media because you shouldn't have that audio track that indicates that it's probably a camera or maybe someone took audio from the film recording and put it on a different video image to get from somewhere else splice them together again it's about preventing people mixing their channels and doing copying some bits from the specification because I found them interesting so it's uniquely adapted to every single audio track that'll get obviously being part of film and media they don't want it to interrupt the audio quality and I'm sure that there'll be a lot of audio files

especially film producing the audio people behind the film's who will be very annoyed if it did impact the audios at the audio sounds games that they have created it will usually it will modulate along with the sound and it will only pick out bits than these two it's only a bit so there's a lot that they don't have to you don't have to put in too much and the specification says that it should be able to identify most media for a clean copy for about after about five seconds and if it's a dirty copy oh you'd like very distorted it still reckons it should be able to detect the watermark within about thirty seconds of

the content and it kind of mentions the things that it should survive here and you'll note there's a large list of things that are specifically designed to get around and still be present because I mean this is something that a pirate might try to get rid of these kind of things if you've got you know you're recording you might do have a Equalization or you might do kind of error correction maybe adjust some of the like use different codecs essentially codecs would compress it in different ways and result in slightly different sounds HDCP and I've just realize I miss put that in the title the high def high bandwidth digital content I always thought it was high definition

content protection but I mean this would be the reason why like it could work Cooper was here I'd be telling him that is the reason why it's annoying to split HDMI stream if you've ever tried to record your xbox through a splitter so that you can stream it online the reason why it's really annoying to do is because of hdcp and as obvious obviously there's a next KDC forever think so it's all about assume making sure that the supply chain is correct and that everything within it is approved and has been licensed correctly and you know there's someone held accountable if the security isn't correct so it's about preventing unauthorized media streams essentially each device has to

authenticate the next device in the HDMI stream and they do for diffie-hellman key exchanges between each device they have to they have signatures or it's given to them by the I haven't got the name of the company on me there's a an overarching company that runs this and you have to get stiffed off of them and you have to have it signed by them and each device verifies that every other device has been correctly signed for and it also prevents eased eavesdropping cos as I said all the data is encrypted between two different stream boxes and even if you're using splitters or pizzas each of those identifies to the next step and there's also things in place to say I do not

allow more than one hop or one repeater they can only go on one channel I don't allow splitting and various things like that few interesting things from the specification I didn't know about this foresight look into it but it has a locality check so it requires that any messages sent have a round time trip a round trip time of under 20 milliseconds and so there's an actual account I check where it will send a piece of data a request a hash of it and then you have as a the receiving device has to send it back to the original within 20 milliseconds or else it will go you're too far away I'm afraid I can't serve

you this content there's 128-bit global secret in every device and it's provided and yeah you also get this giant RSA key well not really giant because I mean 1024 is not a pretty good RSA put key but it's stored within the device I don't know that's been pulled out you can't HDCP spec is available online just search it up and have a look through it if you're a hardcore nerd ace yes the big elephant in the room so if you're not aware ACS is the protection method or blurryness and so first of all there was content security system which is on DVDs it's a way of protecting your media with title keys and stuff like

that if you're interested look into it it's kind of interesting to learn how they do this it's almost entirely broken if you want to rip your DVD onto your local computer there's a great piece of software called DVD decrypter and there's been one DVD that I know that hasn't properly worked which annoyingly is my favorite which is there which is neither speed take your drift defends so I crossed the piers take a drift so but now we have a ACS and this is on the blu-rays and it's the improved version of CSS it takes a lot of the kind of cool fundamentals of how we encrypt and then adds on a bunch of other technologies that we've

mentioned here and this kind of stronger encryption system so na ACS compliant device requires it to have cinavia I'm gonna talk a bit about the subset difference talk a bit about what's called ICP and I've already talked about HDCP so ICP if you're ever wondering why you've got this great Apple TV and it doesn't allow you to play more than you know 720 when you plug into your to your computer monitor or something like that it's because if because of ICP essentially when is a specification says if you can't get HDCP connection between two by two devices you do not allow the highest level of quality so usually it will drop down from being a 1080p film

on a blu-ray down to only giving you 720 this is also the case for if you're trying to play a blu-ray disc on your computer and your blu-ray disc drive does not have correct drivers through to the graphics card which then goes through to the they display if not there's something in that chain doesn't want to talk properly you'll only see a 720 image on your computer as opposed to the 1080p that you paid a stupid amount for a blurry for subset difference so this is about trait the litera tracing this is about revocation have access within the ases world and it's a big topic in itself in fact so big that I've actually done a previous talk on this

what I was working on this I realized that this needed its own talk so if you look up besides Manchester making a subset difference I did a talk on exactly how it works but essentially the gist of it is that you can revoke media in the few so when I find out that the LG's CD drive has been the thing that's been D capped to find out the secret within it that allows SDS decryption then I revoke access for that particular key but any blu-ray discs produced before I revoke it can still be accessed by the LG device because there's no way of updating it when there's no way of updating those CDs they've already been

pressed they've already been think but it's about preventing future access to new media and so yeah all you need is encrypted keys that are only accessible by licensed systems but none of those that are on the revocation list and so it's interesting when you look at this because we've ended up with like loads of replications I forget the exact number and I think I've got it a slight layer but we're on like yeah I mentioned in the last slide we've got a lot of hate a lot of a SES rivet replications already happened from various devices being cracked or just you know end-of-life for a lot of media or security things supposed to seem protection so as I kind of alluded to in

the ICP thing with a blu-ray disc will perform HTTP from all the way from a drive through to the screen that you're playing on which is why blu-ray disc players for computers are horrible because they require a whole bunch of systems in place the blu-ray disk drive has to be correctly installed it has to have the right drivers it usually when you get a computer it comes with the drivers so you can't change your CD drive or you can't pull a CD drive out of blu-ray disc drive out of someone else's computer and use it because it will be licensed only to that computer and then it also requires that your motherboard if you connect your display

from motherboard or if it's from the graphics card that has to be HDCP compliant but so there's a whole bunch of checks again it's about it's about protecting that source to sink protection they can't get it off the disk in raw formats it's encrypted when the disc starts pulling that encrypted data off it then is sent encrypted to a decoding mechanism or whichever thing is going to display it it's protected to that then from the actual raw image essentially is protected in transit on the HDMI cable up to your a/v system what is the state of piracy na s es so the last I saw was a SC s 71 so there's been 71 different

versions of replications on device keys that was as of July last year and as far as I'm aware I haven't done this but blurry tip blu-ray ripping tools still work with the latest releases as judging by what you see coming out of various groups you know they're all getting blurry somehow so there must be some way of ripping them the tooling is also fairly interesting so if you if you're interested in this and you want to rip blu-rays any DVD seems to be the most common one that I know of people using make MKV was around for a while I don't know if it's still alive this may be out date it was ages since I

looked into the actual things but originally when I looked into it they had a really interesting policy on you can buy two modes of licenses so you have your online mode of decryption and your offline mode so an online you would put in your blu-ray disc into your drive and it would send a request it would get the title ID what disc this was and send it off to the server and then asked for the decryption key off on the server the server would have that decryption key to hand or produce it and then it would send you about the decryption key so you didn't have to you didn't know how it got that decryption key you just knew

here's an ID please give me the decryption key and you have to pay a lot more to get the offline encryption mode where they would have to give you that secret that allows the decryption of the media now the reason for that is essentially they don't want you know the big companies to just pay for the offline folks just buy the offline version get the secret and then figure out which drive that they had you know D capped or whatever you know system was currently vulnerable because then they would just revoke that in the future things so they want to protect you know their investment in versus engineering a certain key [Music] last I checked so I actually did check

just for I came here currently any DVD is on a hundred and ten dollars for a lifetime license and they promise you no updates for a lifetime anytime a new MKV mkb replication this comes out they will make sure that your your purchase still works with any of the latest blu-ray discs online DRM and so this is what we're kind of going more and more nowadays we're getting streaming everywhere and the big players in this are Widevine play ready and fair play so white line is owned by google play ready is Microsoft I forget which who adds Fair Play might be Apple but then think is there's a whole bunch of different systems for this we're really going to talk about

wide vine because it is the most often used in most systems whereas available people will opt to use white wine white wine has three levels of security level two I've never seen used and I don't understand where it would be used and but your main functions are level three so if you've got it if you're watching Netflix on your laptop it's a level three Widevine DRM protection what that means is there's a piece of software running on your machine that connects to a server and it gets authentication and it decrypts it takes the media it decrypts it within the CPU and then that decrypted media is sent off to your you know your screen whatever media is

currently doing the display and then a level one which you really only get inside phones or embedded devices so TVs the decryption there is a decryption secret stored within a trusted execution environment on the device and these are meant to be like very secure and it should contain a why buying key box and they allows that within this trust for this right the trusted execution environment receives in the decrypting the encrypted media it contacts the license server gets a license key and then that data goes straight to the screen there is no visibility or no reading of the CPU or the CB you can do is say here's a file and here's my license key

can you please solve that out for me and this is all about you know protecting your encryption streams a lot of media will require that level one is the only way you'll ever get high definition so it's why you'll get kind of 4k streams only on your TV or High Definition off of your mobile but you might not get it on your computer because it only supports level three a bit of how that works so a content processing server would request the Widevine server saying hey I've got a video file and I'd like to have it be be secured can you please provide me with an encryption key and so you know the license server gives you an

encryption key content processing server will encrypt it and then send it off to the CDN to be distributed to users when they request it as a user I want to view this video so you know I request to the CDN I'd like to watch it I receive a copy of that encrypted media if you're looking at something like encrypted media standards within web your browser then finds out it's encrypted it's encrypted with this thing and the main license server proxy is this address I need to go request something off of them and so it was asking if you can get a license and it will actually go off to the license server proxy first so this

is in place to allow specific companies to authenticate whether a user has signed in so if your Netflix you know it comes to your license server you've got an authentication token on that request you identify yes this user has access they've paid up it's fine you forward that on to the license server the license server returns a key and then once that's done the like the old computer can have the decryption key has the media it can now present you your lovely DRM protected media has it been broken so level three or layer three was recently declared as broken by a guy well I say recently as last year he discovered a flaw within some of their

implementations which left it vulnerable and there's no there's no publicly disclosed exploit for low layer one or there's no knowledgeable like this is how it gets done it would require the extraction of a key box from a trusted execution environment so you'd need to do something whether that requires decapping a device in which case it would have decap protections or would require some sort of exploit within the kind of security management mode of the processor but I mean recently again recently last year there was an exploit within cow comm secure execution environment and maybe that can be used to expose some keys it wasn't the specific target of this research but it could perhaps be used and I will just

say that you know I know that certain things are protected by wide line level one and I've seen that media available online unencrypted so someone knows how to do it or someone has got access to something to get around it from media going back to video games just because it's another thing VM protect so essentially all we're doing here is we're running our games within a non-standard VM just an emulation it will slow down the execution but it makes again it's an anti reverse engineering technique and it also allows you to do some interesting things on you know verify code again look into that DRM talk because you talked about some very interesting ways in which they jump

around code using essentially kind of things that you shouldn't do in code with interrupts and so that's that's the kind of the meat in the presentation these are the funny ones that I really just like these kind of side channels say the Nintendo splash screen is essentially I'd like to class it as a side channel piracy prevention and back in the day there wasn't really a good way of knowing what where the copyright would protect your game and so what Nintendo decided was that when you turn on a Nintendo and you've got game cartridges in the back that game cartridge has to display the Nintendo logo for a certain amount of time and for a certain certain period

of time in the bedrock sequence and the Gameboy will pull the screen at that point and check it against a version of the Nintendo logo it has in ROM right and it just verifies that logo is displayed the thing is if you put a trademarked logo within your pirate game that you're selling off somewhere else that's a trademark violation and that's very easy to take to court and get you you know pull all your day up or get all your like fun they're like sued to oblivion essentially so in an age where you couldn't protect copyright or you couldn't trust copyright to protect your media you can use this method of you know having having trademarks another

great one is the ps1 what was rap so putting things within a specification that aren't quite within the specification the PlayStation 1 was a huge risk at the time when they were developing it they wanted to use CDs because it will increase the game market it's easier to produce them but you know if it's easy to produce everyone has game CD rippers or CD burners how do you prevent that well the PlayStation 1 actually puts a small amount of wobble in the initial track because no CD is perfectly circular none of the tracks on it are and a CD drive will just account for that wobble as it reads but the ps1 would check for that wobble it expects a

certain frequency wobble at the beginning and if it's not present you know this isn't the correct game it's been burn now if you try to burn that meteor on to your home computer as some people may have done as kids it won't burn properly because the CD drive will just take that into account and it won't even read it it won't let your system know that it exists it would just thinks it's part of a manufacturing defect so you'll never get that wobble and also you can never burn it on to things because nothing was ever designed for consumers to burn a wobble into things why would you do that it's imperfections why would you burn an

imperfection in and then you get onto more funny cases like Spyro the troll multiple levels of DRM and this was more about they knew that gonna get pirated it's always going to happen now what they took the approach of doing is make a bit of it that looks like it's cracked so you give them a game it wouldn't boot at first and never laugh god I need to crap this they go away it's got to the boot screen I press new game it boots up yeah finished crapped it obviously got rid of it all it wasn't until about like it's only until yeah about halfway through the game apparently that the second level of DRM kicks in at which point like some

things just start disappearing games get the game gets slightly harder and stuff like that and what that essentially means is delays the Pyrus they've released their their crack within the first week of it being released and then suddenly all these people are coming back to them going this is crap it doesn't play properly and then it takes them another two months to figure out what's actually happened and where to remove this thing so they can provide the correct pirate version and there's a great talk on this and I do suggest you watch it does have a brief explanation the ps1 wobble in there because they do also check for that where where will we go in the future of DRM and as I said

the beginning you've always got to realise it will get broken eventually people do it for fun people who do it for profit there's smart Minds doing great things and there's evil smart minds trying to break it essentially what we look at with DRM is we're trying to protect the initial sales usually we want to get that first first month or so when everyone wants it we want people to have to buy it then so that we can get in that initial sales we want to be able to identify things fast and as we get to this kind of distributed media system where it's really easy to copy files on the internet send them everywhere we

want to be able to identify people faster and faster so I mean if you see things like YouTube with this Content ID system it's essentially how do we identify media as painlessly for us as possible but first as fast as possible so that that infringing media gets taken down and we really want to be able to when we're designing systems design inefficient revocation you see some systems so DVD CSS system was great it was a great example of this it really didn't have a good May of once you found someone who broke in it there was no way of stopping them breaking in the future like it was just well now it's broken we can't stop them and I think honestly and

I hate this I hope it doesn't happen but I would say that a lot of interactive media is gonna end up pushing computations onto the cloud it's gonna be off of your system it's gonna be in an always online mode it's gonna have to contact the server for various calls and we're already seeing things like there's a reason why Google really wanted to push steadier Australia levers called because there is you can't did like you don't pirate that you can't pirate that experience and the game is never on your computer so you can't you know DRM break it and send it on to someone else we're pretty much at the end who was I my name

is Rae oh I've got a github where all my presentations will go up and you can see previous ones there you can follow me on Twitter although I very rarely do stuff on there occasionally tweet grumpy tweets I would say questions but it's probably not much times like two minutes left there's some references here there people were in signatures references more references and remember that an on a lot keeps an honest man honest things will get broken thank you for attention [Applause]