An anti-piracy system to protect online video streams from unauthorized copying is flawed - and can be broken to allow streamed media from Amazon, Netflix, and others to be saved, replayed, and spread at will, we're told.

The Common Encryption Scheme (CENC) is a form of DRM that is used by video-streaming giants to ensure movies and TV shows streamed to people's devices cannot be, for instance, saved to disk in a way that allows them to be played back later or distributed to others to enjoy. When you watch a film from a Big Tech streaming platform, you're not supposed to be able to keep a copy of that media, or else people could stream something once, save it, and replay it forever, wrecking the whole subscription model approach.

The algorithms and methods set by CENC make sure only the playback application, such as the viewer's web browser, successfully decodes and displays the compressed streamed media, and thus safeguards the content from pirates.

However, the scheme has flawed encryption and is vulnerable to a proof-of-concept decryption attack, according to security researcher David Buchanan.

In a recent issue of the venerable hacking publication Phrack, Buchanan (aka "retr0id") refers to his attack as DeCENC, because it undoes CENC protection of streaming media content.

The name hearkens back to DeCSS, which famously undid the Content Scrambling System, a DRM scheme protecting DVDs from piracy, when it was published online in 1999 and unleashed a futile legal campaign to suppress the disclosed code.

Buchanan told The Register that DeCENC should be of some concern to commercial streaming platforms like Amazon Prime, Netflix, Hulu, and YouTube, which all use CENC in their content distribution platforms. The scheme encrypts and protects the data from the streamers to users' web browsers.

Although DeCENC can defeat that protection, there are easier and more practical ways to rip off streamed media, which Buchanan acknowledges.

"How concerned they [Amazon et al] should actually be [about DeCENC] depends on a lot of factors, including their threat model," he said. "Compared to other approaches, DeCENC is fairly impractical, to the extent that it's almost a mere academic curiosity. The people that streaming services ought to be most worried about likely already have more convenient techniques available to them."

In his Phrack article, Buchanan cites examples of simpler CENC-bypassing techniques, including simply capturing content from a screen, digitally recording the HDMI port using a splitter dongle, and exfiltrating decrypted video prior to the use of decompression, content keys, or Content Decryption Module (CDM) secrets.

He also points to vulnerabilities, such as the Microsoft PlayReady client compromise that was disclosed in May, as an example of a more practical attack.

"That (and any similar compromise) is the sort of thing that could enable content decryption at-scale, and in my view should be a higher priority concern from the perspective of a streaming platform," Buchanan told us.

Nonetheless, DeCENC, with its published code, represents a plausible attack technique for security researchers.

It provides a way to exfiltrate decrypted video data without changing or meddling with the CDM - the black box software that normally handles the decryption of protected content. It relies on the manipulation of inputs and outputs to that software using the documented interfaces, including the CENC file format, the Encrypted Media Extensions (EME) API, and the Media Source Extensions (MSE) API.

This technique relies on bypassing the video decoder, in order to capture streamed video that has been decrypted but remains compressed. Essentially, you trick the CDM into decrypting but not decompressing the streamed video and have it displayed directly on the screen in raw format. Then with a HDMI capture card, you can collect that decoded yet compressed data, process it, save it, and have a clean raw copy of the stream.

"The main trick here is a method to 'bypass' the video decoder," retr0id said in his write-up.

"The consequence is that decrypted (but still compressed) video data is rendered onto the screen as-is, in raw form. Visually this just looks like random noise, but if recorded and processed appropriately it can be recombined with the source media stream to obtain a playable decrypted copy. Although a capture card may be involved in this process, there is no need to re-compress any data, making the resulting file a 'WEBDL' rather than a 'WEBRip'.

"The attack involves feeding a specially crafted MPEG-CENC file (containing a crafted h264 bitstream) into the CDM. You might be thinking 'surely the CDM would detect that you're feeding in the wrong file, and reject it?' That would be a very sensible thing for it to do, but the MPEG-CENC format provides no affordances for doing so."

He added DeCENC takes a lot of fiddling to use, which is partially deliberate. "It's not my intention to release something 'user friendly,' it's more of a proof-of-concept.

"The attack processes data at approximately 2 megabits per second. Depending on the quality of the video being processed, this might be faster or slower than real-time. For big files, you could in theory run multiple instances of the attack at once to speed things up."

Perhaps the CENC authors assumed that authentication would be somebody else's problem, and so did everyone else

What makes this approach possible, Buchanan told The Register, is the use of encryption without authentication.

"I think that should've been addressed as part of the CENC specification," he explained. "Perhaps the CENC authors assumed that authentication would be somebody else's problem, and so did everyone else."

Buchanan attributes the viability of the attack to the sprawling set of overlapping specifications that describe EME, the MP4 video format, and CENC. The complexity and non-public nature of these technical documents ensures that there will be gaps that can be exploited, he contends.

To better benefit from security research, he argues, the International Organization for Standardization (ISO) should stop keeping specifications like CENC behind a paywall, pointing to The Register's past reporting on the subject.

"Apart from anything else, it makes security research much more tedious," he said. "A single spec like CENC itself is vaguely affordable (CHF 173 [$203], at the time of writing). But the reality is that there's a whole network of specs that cross-reference each other, and it's impossible to make sense of things without all of them.

"It's also hard to know which ones are relevant until you've seen them - I'm not going to spend CHF 173 on something that might be useful, and I don't think I could afford the full suite of MPEG specifications."

ISO did not immediately respond to a request for comment. ®

https://www.theregister.com//2024/09/12/cenc_encryption_stream_attack/