How encryption for Cinema Movies works
Piracy is inevitable, but in this case their model is much more robust that I would have predicted.
But it seems that more and more releases are straight-to-streaming, and/or sometimes simultaneous with the theatrical release. High-quality pirated copies often show up within a day of a streaming release. Sure, many are still theater-only for a week or more after initial release.
I get that a big part of their business model for some titles relies on theater ticket sales within the first days or at most weeks after release, but all this DRM just feels like an exhausting, expensive, ultimately-losing game for them. Especially when we consider how theater-going has declined over time, especially recently.
A 4k movie, even from a Blu-Ray, may look very nice when watched at a normal speed, but if you look at the individual frames in order to distinguish some details during a sequence with fast movements, the quality is very bad and it may be impossible to see the details that you want to see.
At the levels of compression that are typical for movies distributed by encoding with H.264, H.265 and the like, I have never seen any movie that still looks high quality when slowed down during fast action.
This is not a feature that requires professional tools.
And I do not think that you have to be a pro or a nerd in order to want to see clearly many of the details of the kind "blink and you miss it".
Pros before bros.
Nerds are just wannabes.
The mugglers may suffer as they do not know, care or can articulate it. If they do - they are clearly nerds and we can discard them as a minority.
People conflate pro with premium. The mass market should be able to sustain premium and discount. The market might be too small for pro DCP content. But I would like the market to understand that there are 3 important segments. Pro, premium and discount.
Pro - special specific needs. Premium - for the regular Joe who wants good quality. Discount - for the masses.
Premium market is underserved. Unless you are willing to pay luxury prices for Kaleidescape or the likes.
It is the race to the bottom with streaming providers testing commercials. They have already succeeded with the "junk content" as the big studios wants to keep licenses for their own services.
The quality bar is set for the lowest/cheapest common denominator.
Even consumer equipment benefits greatly from visually lossless encoded media.
Projectors aren’t maintained, or set up correctly, and audio balancing is often way off. People go to the movies to see new releases or have dedicated shared experiences
No one goes to the theater because the picture is better. It often isn’t.Projectors aren’t maintained, or set up correctly, and audio balancing is often way off.
This depends a lot on the cinema that you go to.
I am not working with mastering as the OP. But I can see the low fidelity of streaming services. I watch my content projected to a large screen.
So I am one of those weirdos. I do not mind as I know I am a nerd. But there are more of us than you think but the penny pinchers wins as usual. "The majority do not see it". But they do. The majority went out and bought 4K TVs. They are slightly disappointed as it did not get "that much better". Most would have been just as happy with a 1080P OLED display. But only the geeks can articulate what they want.
The worst local offender is the online Blockbuster. Compression artifacts galore. But as most view content on phones the audio is stereo only. So your "sufficient" is not my "sufficient".
I get the "weird" part. No offense at all. But you are talking about optimizing for what the majority will suffer.
And it is done to save the last little penny. We could optimize for technical excellence but pride has gone out of fashion.
(stream rips do often does look like dog shit, though—I find sub-10GB 1080p blu-ray downscales [to get the HDR from the 4k blu ray, but lower res and storage space] usually look better than raw 4K streaming rips)
But it seems that more and more releases are straight-to-streaming, and/or sometimes simultaneous with the theatrical release
If anything, it's less and less. Studios are pulling the PVOD date further and further out for successful titles generally (Universal excepted). All the talk from Cinemacon was going back to a 60 day+ exclusive theatrical window.
So basically they have this very secure scheme for getting movies to theaters, but everything else is full of holes. Makes you wonder if all the effort and cost to secure the theater distribution chain is worth it. If you're going to allow playback on devices in "adversarial" hands (streaming, home physical media playback), it's going to be incredibly difficult to restrict copying. Tightening up the one instance where the hardware and people operating it have less incentive to pirate (and more incentive to not pirate, given the risk to their theater business) seems like wasted effort.
Certainly this does make the case of a theater-only-first release nearly impossible to pirate. But there aren't quite as many of those anymore, and all this DRM must be expensive, both in the hardware/software, and in the logistics. I guess they've found it's worth it, but... oof.
Kaleidescape movie players[1][2] are an example of an "adversarial" environment in customers' homes but so far, their DRM is still unbroken by pirates. (10+ years of Strato players deployed out in the wild but still not defeated yet.)
The 4k 100+ GB encrypted files downloaded by Kaleidescape is considered 1 step below the DCP theater releases and are higher quality than Blu-Ray 4k UHD discs. The downloads are often 40+ GB larger than 66 GB discs and downloadable months before physical media is available so the Kaleidescape movies stored on the customers' harddrive are very desirable files to hack and reverse engineer but so far, their DRM protection hasn't been bypassed. Kaleidescape is more locked down than the simple DVD CSS 40-bit encryption.
Sure, a Kaledescape owner could point a video camera at the screen and record it (the "analog hole"[3]) -- but those types of "rips" that suffer generation losses are not considered high quality.
[1] https://www.kaleidescape.com/systems/movie-players-servers/
[2] https://www.kaleidescape.com/news/kaleidescape-taps-nexguard...
You're not thinking the same way the motivated pirates think. Some pirates (especially in Eastern Europe, Asia, etc) rip new releases as fast as possible to illegally re-sell or re-stream for lower prices (or show along with ads for revenue). In this way, the pirates get the revenue instead of the legitimate movie studios.
So pirate groups in combination with illegal streaming websites can be thought of as a black market financial arbitrage. So far, the video sources they used include Blu-Ray rips and streaming Netflix or Amazon Prime Video webrips.
However, the Kaleidescope players could theoretically also be included as rip sources ... if the DRM was broken. The math for profitable arbitrage isn't that ridiculous. E.g. :
- a 4k UHD Blu-Ray is $33.49 : https://www.amazon.com/Conclave-4K-UHD-Edward-Berger/dp/B0DP...
- it would take only ~80 of those titles to recoup the cost of $1995 Kaleidescope player + the $7.95 rental fees for 80 downloads. All downloads after that break-even threshold is extra money for the pirates. Another bonus is pirating 4k UHD content that's not available on physical Blu-rays.
But the Kaleidescope DRM isn't broken. Therefore, the $7.95 rental downloads can't be used as a new vector for pirate releases. Of course, Kaleidescape doesn't want this scenario to happen so they're incentivized to continue paying for the DRM licensing protection.
And to recap the specifics I was replying to, it was this: >"If you're going to allow playback on devices in "adversarial" hands (streaming, home physical media playback), it's going to be incredibly difficult to restrict copying."
Kaleidescape is one counterexample to that. So far, they have actually restricted copying with success.
The issue is the so-called "DRM" isn't just the encryption of the harddrive files. The DRM protection also includes the watermarks in the video images that survive the HDMI capture. If pirates don't want their $2000 Kaleidescape player blacklisted and bricked, they have to figure out how to remove all forensic watermarks (the invisible low-level "noise" in the image frames) so the illegal copies can't be traced back to that specific compromised player.
It's not impossible but it raises the threshold of difficulties. E.g. using differential analysis to reverse-engineer watermarking now requires buying TWO players for $4000 instead of just one for $2000; and paying for 2 download rentals instead of just 1. And add hours of analysis work on top of that. DRM doesn't have to make piracy impossible; it just has to make the cost/effort equation not attractive. For now, the Kaleidescape DRM scheme is "good enough" for the cost/effort equation to not make sense for pirates.
I wonder if they use watermarking so they can "burn" the player after a single rip.
Edit: it's actually mentioned in a comment not far from here (https://www.kaleidescape.com/news/kaleidescape-taps-nexguard...)
Certainly this does make the case of a theater-only-first release nearly impossible to pirate. But there aren't quite as many of those anymore, and all this DRM must be expensive, both in the hardware/software, and in the logistics. I guess they've found it's worth it, but... oof.
Yes, that's the entire point. There are still tons of theater releases, that's literally the entire business of cinemas. The cost of DRM is peanuts next to their revenue, it's absolutely worth it to them. Nothing "oof" about it.
quality varied but was good enough in mid 00's probably better
it is almost always someone with a camera in a theatre making a terrible quality screener.
Could an insider do a more sophisticated telecine capture with more fidelity?
The only way to prevent piracy, to actually prevent copying, is to keep content in a dark vault well away from public view.
Streaming will never fully replace cinemas, even if it dramatically impacts their operating mode, and to argue otherwise is naive.
These steganographic watermarks depend on no knowledge of the process. If the method is particularly ingenious (one of the inputs is centrally stored entropy which the extractor references by trialing them all) then knowledge of the process alone may not be sufficient to obtain a high quality result (as too much corruption may be required) but could be used to inform the next step:
If you obtain two or more copies of the decrypted content you will be able to diff them and work out what you need to corrupt even without knowledge of the watermarking process. This probably won't work with pirated CAM's or take quite an effort to find the signal in the noise.
Edit: After some more research it looks like they don't actually watermark the distributed data (the movie sent to cinemas). The projector inserts its unique watermark during playback. There may be other secret watermarks put in by distributors not mentioned anywhere.
Put it this way -- You've got huge amounts of cover data (a hard drive's worth) and a desire to encode at most, what, 128 bits of data, across about two hours, with as much redundancy as possible. There are plenty of patents that explain in detail how.
My friend considers this a moderately distasteful problem, and mostly works on steganalysis, identifying where steganographic techniques have been used, as he thinks it's more interesting and frequently more morally justified...
If you obtain two or more copies of the decrypted content you will be able to diff them and work out what you need to corrupt even without knowledge of the watermarking process.
By the time you've destroyed enough of the signal to remove the watermark, the content is unwatchable.
If the software to watermark is widely available (as it appears to be) then an adversary has all they need to corrupt any existing watermark.
The commercial software used to embed watermarks into the digital files is not readily available. It’s also much more advanced than putting an obvious logo on screen. There are techniques to embed signals into the video that survive some amount of compression and aren’t obvious to the viewer.
You can identify signals deep below the noise floor if they’re sufficiently low bandwidth and you know what you’re searching for. See GPS and its ability to work even though the signal is completely lost in the noise until you know what you’re searching for in the noise.
For 15 years you let paid options progress. Then fewer people pirate, then you catch the rest. At the beginning you don’t see it putting its clamps; then suddenly you don’t find piracy anywhere.
And people go back to piracy, because the user experience is better.
Yes, and those paid options were one subscription that had "everything".
It really didn't. It's incredible this collective delusion exists when it's not true.
This is like when people talk about how everything's on the Web, when it comes to books. 1) This is only even sort-of true if by "on the Web" you mean "piracy sites have an epub/pdf of it", and 2) even then, extremely not close to true, the time from "I'm going to deep-dive this topic" to "... and now I need to go to the library, and possibly a specific library, maybe on another continent" is often not long at all.
"I'm going to deep-dive this topic" to "... and now I need to go to the library, and possibly a specific library, maybe on another continent"
I remember an history professor saying that for a subject he was working on he had to borrow a book from the library of Congress (through the library of his university), where the only publicly available copy in the US was. Of course it was an academic book, so it's not exactly a common situation.
For 15 years you let paid options progress. [...] then suddenly you don’t find piracy anywhere.
And then they completely ruined it with fragmentation. When all I need to watch everything I wanted to watch was three subscriptions (Netflix, Hulu, and HBO), I was totally fine with the ~$40/mo and reasonably-ok-UX offered.
But now it's a mess. I need subscriptions to 7 or 8 different services (which now each cost twice what they used to for an ad-free experience), and the experience is crap. Netflix no longer plays on my Linux/Firefox setup (same thing happened with HBO years ago), and their anti-password-sharing mis-features constantly trigger for me even though I don't share my Netflix password. The Android apps for most of them are glitchy and buggy, and Chromecast has somehow gotten less reliable over time.
The irony is that usually I would say more competition is a good thing. I suppose if we had lots of streaming services, but studios were required to license all their content under RAND terms to anyone who asks, we'd have real competition, and streamers would compete on the quality of their platform, lack of ads, etc., and not just on what titles they were lucky enough to be able to license.
I do agree that pirating became less popular for a while, but that golden age is over. The piracy scene seems stronger than ever these days.
Netflix no longer plays on my Linux/Firefox setup […]
I know Netflix doesn't support anything beyond 720p or so on Linux, but that never bothered me. Otherwise it just works. Is your Firefox out of date?
The piracy scene seems stronger than ever these days.
I hope so. A lot of damage was done. If it wasn't for archive.org a lot of older, regional stuff would not even be accessible. We need piracy if only for the collective digital archives.
I refuse to take out more than one subscription. We just hop services.
My guess would be that the plan is mostly to ensure that when a new release premieres in theatres, going to a theatre is the only way to experience it in high quality.
It doesn't really matter all that much if the people who waits for it to arrive on Netflix gets a pirated copy; it does matter if the ones forking over $20 to see it in a theatre does, though.
It’s a different dynamic than we typically talk about with DRM. Most of the time DRM is something imposed on a consumer who doesn’t really want it. But in this case, the consumer is the theater and they really do want the protection.
The value of protecting releases is extremely high in the narrow window of finalizing production and getting it into theaters or online launch platforms.
If there was no DRM and watermarking then these would be pirated constantly before release.
Ripping a stream is always going to be easier than getting any unprotected video footage out of a movie theater. The stream is in your own home, you own and can tamper with all the equipment involved in playing it, and the economics of CDNs prevent robust traitor-tracing schemes[0] that could be used to hunt you down.
In contrast, movie theaters are public locations, so every one of them is a known entity. The entire supply chain for movie projection is controlled. And that makes traitor-tracing a lot easier. All the hackers pointing out that DRM is fundamentally breakable are ignoring the fact that that only matters iff you're anonymous and untraceable. Otherwise, they won't bother making the DRM stronger, they'll just arrest people until the movies stop leaking.
It's the XKCD laptop wrench story[1] in reverse. The crypto nerd imagines DRM to be easily broken trash, but the reality is that the security of the DRM is in the $5 wrench, not the math.
Let's play contrast-and-compare. If you want to leak a stream, you need:
- A streaming account
- Knowhow or software to decrypt the data stream as it's downloaded and played, or,
- Knowhow to modify a TV so that you can capture the unencrypted video and audio streams inside the TV
The last one isn't done because it's a pain in the ass and the TV scene prefers bit-perfect rips over re-encoded captures. But at some point in the TV, you have to decrypt the video; LCD panels do not natively accept encrypted signals. And that is something you can build hardware to capture.
Now let's try leaking a movie. There's a few avenues of attack, roughly corresponding to the traditional movie scene release categories:
- You can go to the theater and point a camera at the screen. They actually check for this now, in pretty much any western country you'll get kicked out or arrested for camming a movie. If you don't get caught, they can still narrow you down to a location in the room via your shooting angle, and possibly determine what theater you were at with line frequency hum. That's enough information to narrow down the guy leaking the movie to a handful of customers. Do this enough times and you create a unique fingerprint to catch yourself with.
- You can get a job as a projectionist and run the movie projector into another camera directly. That kind of machine is called a telecine, and it used to be one of the higher quality ways to get leaked movies back when they were on film. This is specifically the scenario that all the DRM in the projector is designed to stop. If you do anything to change the light path of the projector, it locks up until the manager comes in and types a password to authorize the change.
- You could bribe the manager or owner to telecine the movie for you. Problem is, the number of people who actually have the password that unlocks the projector is really small[2] and traceable. If a telecine leak is traced back to their theater, someone's getting fired at a minimum, jailed in the worst case.
- You could break the DCI scheme itself; but you still need to source the files and keys to decrypt the movies. This is the crypto nerd's imaginary scenario. Even then, the files could themselves have steganographically injected information identifying the theater who got that master copy, which you can't strip out merely by having the encryption keys. Again, nobody is giving you those files unless they're too stupid to understand the implications (unlikely) or they have faith that you can strip out the stegotext.
It's just way easier to rip a stream than a movie in a theater. And when Hollywood moved to streaming they also made it a lot easier to leak movies.
[0] To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.
[2] This is also why the 3D era of film made movies way too fucking dark.
If the movie is streamed in chunks, only certain short segments would need to be reencoded to add watermark data. Alternatively it might be possible to splice in a short segment with the watermark between keyframes of the preencoded film.
Finally all of this could be done on the audio side which is much less computationally intensive compared to video.
If you have the whole thing watermarked then all you can do to fix that is averaging; which might not even destroy the stegotext.
Audio watermarking is definitely an option; hell, there's already a DRM scheme called Cinavia that relies on watermarking[0]. If you cam a movie and play it on a Blu-Ray player, it'll actually trip this DRM scheme and, at a minimum, mute the audio or refuse to play the file. I would argue this is probably the most successful use of watermarking, at least in terms of "how much piracy does this frustrate"; but even then you can just play your cams on something else and get around it.
And this is all assuming your CDN provider offers cheap-enough edge compute to inject watermarks before the video hits the user's device. I haven't looked into this recently, but I remember early DRM schemes having very silly bypasses[1] because CDNs could only serve static files. Someone else linked to Akamai documentation about watermarking, but I have no idea how much extra that costs or how much it might complicate other parts of the setup.
[0] https://en.wikipedia.org/wiki/Cinavia
[1] e.g. Remember when someone made an iTunes Music Store client that just didn't encrypt anything, because all the encryption was done on your own device?
Cinavia looks interesting as it's done on the client side, like how programs like Photoshop detect the watermarks in banknotes to prevent people from using it to create forgeries. If they managed to get it into the firmware of every television, AVR, etc. then it would be much more effective than just having it on Blu Ray players.
If the movie is streamed in chunks, only certain short segments would need to be reencoded to add watermark data
Look into A/B watermarking - https://techdocs.akamai.com/adaptive-media-delivery/docs/add...
Problem is, the number of people who actually have the password that unlocks the projector is really small[2][2] This is also why the 3D era of film made movies way too fucking dark.
What is the relationship between these two things?
Now, in an ordinary scenario, you'd just have the projectionist remove the extra polarizing step from the image path for 2D showings. Except, remember, all of these projectors have DRM specifically to control who is allowed to put things in the image path of the projector. So now management has to be called in every time a theater needs to change over from a 2D or a 3D film.
Or you follow the path of least resistance and just leave all the 3D crap on the projectors all the time, keeping it at the same brightness for 2D (to save money on maintenance), which results in everything being darker.
With regards to the projectors light source you are correct, higher illumination means more wear on the XENON lamp in older projectors. If you have the polarizer in front of the lens at all times that would be a problem. With newer laser projectors I don't think higher illumination is a big problem for the longevity of the laser.
In any case, projectionists barley exists anymore and cinema managers knows next to nothing about the technical aspect of the business. Basically everything is automated to such a degree that all the cinema chain management needs to do is to populate the ticketing system, then films, advertisements, trailers and announcements are automatically downloaded, playlists created, distributed to screens and scheduled. Lights, projectors, doors, curtains and so in is also automated.
Hollywood is stupid and eroded its own economic advantage by putting everything on streaming
You are making a big assumption that they had a choice, that if a movie was not put on streaming, the consumer would go to the cinema to watch it.
But many consumers don't, if the movie is not streaming, they just don't watch it at all.
I would ask you to support your claim of 'high quality digital dumps' by citing one that has come out in the last couple years. See https://predb.net/
A telesync (TS) is a bootleg recording of a film recorded in a movie theater, often (although not always) filmed using a professional camera on a tripod in the projection booth. The audio of a TS is captured with a direct connection to the sound source (often an FM microbroadcast provided for the hearing-impaired, or from a drive-in theater). If a direct connection from the sound source is not possible, sometimes the bootlegger will tape or conceal wireless microphones close to the speakers, as it is better than a mic on the camera. A TS can be considered a higher quality type of cam, that has the potential of better-quality audio and video.
Live audio bootlegs of concerts are typically plagued with the same sort of interference, such as crowd noise, shaky everything, cheap microphone designed for voices only, overwhelming decibel levels, etc. A "clean soundboard" recording can bypass all that and sound comparatively good, especially if the band is good at playing live.
The choice of JPEG 2000 is unexpected. Most of the neat features of JPEG 2000 are useless for cinema. Being able to construct a low-rez version from a truncated file isn't useful. Nor is the ability to divide the image into tiles and decompress different tiles at different resolution. (That's used in JPEG 2000 medical and military imagery, where you want to zoom in on the interesting part and see it in lossless mode.) You can have more than RGB or RGBA layers, which the multispectral imagery and prepress people like. Maybe the advantage is that you can have more than 8 bits of color depth.
The choice of JPEG 2000 is unexpected.
What format would you have expected?
Maybe the advantage is that you can have more than 8 bits of color depth.
Yes, that and the (at the time) near state of the art compression efficiency. I remember reading a technical document where the engineers designing the standard argued for 12 bits per component based on experiments and studies they conducted.
JPEG 2000 has some interesting properties for very high quality video storage and transport where bandwidth is not a concern. The traditional encoded video formats we know are less preferred at this scale.
JPEG 2000 is resource intensive, though. The decoding hardware is probably either GPU based or using an FPGA implantation from one of the providers who makes hardware for this.
The idea was that they wanted up to 16bit colour (per channel) lossless imagery. The encryption was (or so I recall) was an extra feature.
The video stream is encoded as one single JPEG2000 picture per frame. Each frame is encrypted with the same static AES key.
Is this not a problem? It’s not a good idea to reuse the same key to encrypt very similar files. Similar to ECB. See the famous penguin https://words.filippo.io/the-ecb-penguin/
I’m surprised they don’t use something like XTS commonly used for disk encryption. It derives a unique key for each block/frame and allow you to access each individual blocks/frames non sequentially.
Every Frame is using a unique IV (Initialization Vector), which ensures that the AES Block Cipher generates always different cipher texts and makes brute force harder. This works similar to a Password Salt.
31. May 2024
I’m trying to understand the timeline here; the article was originally written last year and the latest spec is also from 2024 but the article has a link to this HN thread created yesterday?
Changelog: https://github.com/perryflynn/serverless.industries/commits/...
Encrypted DCPs use Forensic Watermarks which contain the serial number of the projection system. So if a recorded copy of a movie appears online, the theatre will have to answer serious questions and may never get movies again.
Is this not as simple as dumping the same movie from two different projectors, diffing the output, then obfuscating the watermark?
Upon reading the comments: • DCP is a B2B format. DCP usage is licensed by contract, not EULA. Please keep these important differences in mind when commenting on DRM. • Decrypt, decode, color processing, watermark occurs in FPGA. If you think that sounds hard, remember that all of this tech was originally deployed 20 years ago. Moore's law has made our lives much easier since! • Frame-by-frame encipherment, rather than whole stream, better supports random access and the famous tobacco intermissions popular in the EU.
Basically they are a tar[1] of images with a bunch of audio streams for different speaker configurations. depending on the quality settings, they can be encoded for higher colour space (ie 16 bit log per channel)
Even with lossless jpeg2000, these packages can be huge.
But, back in 2011, the biggest problem was encoding jpeg2000 required hardware to get anything near realtime performance. (I also think there were dedicated DCP packaging machines, but I never actually saw one.)
One of my colleagues decided the best way to ship the finalised movie was to open up an NFS port on sohonet and let the technicolor hook the DCP packager directly.
it worked, but our CTO diplomatically asked them to stop.
[1] not actually but conceptually similar
„No cinema experience without correct certificate management... A look behind the scenes of a cinema with a digital projector system, how distributors deliver films to cinemas with end-to-end encryption, and how films are protected from piracy. In addition to an overview of projector technology, the presentation will demonstrate the file format and manual decryption of film data.“
Edit: I just realized that the author of the article also delivered the recorded talk, adapted my comment.
This is one reason why they use Device lists, if such a issue becomes public, they will just block this specific projector or the whole product line for future movie releases and the leak is contained.
Also only movies which got assigned to that projection system are affected. So the damage is low/medium.