- I also recommend an insightful talk by the author of the article, delivered at a Chaos Computer Club (CCC) event (GPN, Gulaschprogrammiernacht) on this topic. Unfortunately, it's only available in German, but it's definitely worth watching: https://media.ccc.de/v/gpn22-382-kein-kinoerlebnis-ohne-korr...
„No cinema experience without correct certificate management... A look behind the scenes of a cinema with a digital projector system, how distributors deliver films to cinemas with end-to-end encryption, and how films are protected from piracy. In addition to an overview of projector technology, the presentation will demonstrate the file format and manual decryption of film data.“
Edit: I just realized that the author of the article also delivered the recorded talk, adapted my comment.
- Hi, asdcplib author here (mentioned in the article.) Excellent writeup of DCP and related tech. FYI the colorspace of an SDR DCP MXF file is X'Y'Z' with gamma 2.6 (see SMPTE 428-1.) Other MXF formats (i.e., not cinema) use a wide variety of colorspaces. Despite the huge range of XYZ, DCP image files are usually constrained to code values that fall within P3 (again, SDR.) The HDR applications are more interesting.
Upon reading the comments: • DCP is a B2B format. DCP usage is licensed by contract, not EULA. Please keep these important differences in mind when commenting on DRM. • Decrypt, decode, color processing, watermark occurs in FPGA. If you think that sounds hard, remember that all of this tech was originally deployed 20 years ago. Moore's law has made our lives much easier since! • Frame-by-frame encipherment, rather than whole stream, better supports random access and the famous tobacco intermissions popular in the EU.
- Even with all of this onerous encryption and DRM, it's not hard to find pirated copies of movies. It makes me think that the sacrifice in ownership rights for the theaters over their equipment isn't worth it.
- There is essentially zero piracy from these digital cinema releases. The pirate copies are generally from once it starts digitally streaming on one of the services including PPV, and when pirate copies exist earlier it is almost always someone with a camera in a theatre making a terrible quality screener.
Piracy is inevitable, but in this case their model is much more robust that I would have predicted.
- Not sure of the GP's core message there, but I think this is kinda the point: even with all this onerous encryption on the cinema releases, high-quality pirated copies still very quickly make it out.
So basically they have this very secure scheme for getting movies to theaters, but everything else is full of holes. Makes you wonder if all the effort and cost to secure the theater distribution chain is worth it. If you're going to allow playback on devices in "adversarial" hands (streaming, home physical media playback), it's going to be incredibly difficult to restrict copying. Tightening up the one instance where the hardware and people operating it have less incentive to pirate (and more incentive to not pirate, given the risk to their theater business) seems like wasted effort.
Certainly this does make the case of a theater-only-first release nearly impossible to pirate. But there aren't quite as many of those anymore, and all this DRM must be expensive, both in the hardware/software, and in the logistics. I guess they've found it's worth it, but... oof.
- > Certainly this does make the case of a theater-only-first release nearly impossible to pirate. But there aren't quite as many of those anymore, and all this DRM must be expensive, both in the hardware/software, and in the logistics. I guess they've found it's worth it, but... oof.
Yes, that's the entire point. There are still tons of theater releases, that's literally the entire business of cinemas. The cost of DRM is peanuts next to their revenue, it's absolutely worth it to them. Nothing "oof" about it.
- >If you're going to allow playback on devices in "adversarial" hands (streaming, home physical media playback), it's going to be incredibly difficult to restrict copying.
Kaleidescape movie players[1][2] are an example of an "adversarial" environment in customers' homes but so far, their DRM is still unbroken by pirates. (10+ years of Strato players deployed out in the wild but still not defeated yet.)
The 4k 100+ GB encrypted files downloaded by Kaleidescape is considered 1 step below the DCP theater releases and are higher quality than Blu-Ray 4k UHD discs. The downloads are often 40+ GB larger than 66 GB discs and downloadable months before physical media is available so the Kaleidescape movies stored on the customers' harddrive are very desirable files to hack and reverse engineer but so far, their DRM protection hasn't been bypassed. Kaleidescape is more locked down than the simple DVD CSS 40-bit encryption.
Sure, a Kaledescape owner could point a video camera at the screen and record it (the "analog hole"[3]) -- but those types of "rips" that suffer generation losses are not considered high quality.
[1] https://www.kaleidescape.com/systems/movie-players-servers/
[2] https://www.kaleidescape.com/news/kaleidescape-taps-nexguard...
- That is a ridiculous statement. Nobody would even care to break this thing. Look at it's base price, then lookat their customers. It makes no sense to break it.
- >Look at it's base price, then lookat their customers. It makes no sense to break it.
You're not thinking the same way the motivated pirates think. Some pirates (especially in Eastern Europe, Asia, etc) rip new releases as fast as possible to illegally re-sell or re-stream for lower prices (or show along with ads for revenue). In this way, the pirates get the revenue instead of the legitimate movie studios.
So pirate groups in combination with illegal streaming websites can be thought of as a black market financial arbitrage. So far, the video sources they used include Blu-Ray rips and streaming Netflix or Amazon Prime Video webrips.
However, the Kaleidescope players could theoretically also be included as rip sources ... if the DRM was broken. The math for profitable arbitrage isn't that ridiculous. E.g. :
- a 4k UHD Blu-Ray is $33.49 : https://www.amazon.com/Conclave-4K-UHD-Edward-Berger/dp/B0DP...
- it would take only ~80 of those titles to recoup the cost of $1995 Kaleidescope player + the $7.95 rental fees for 80 downloads. All downloads after that break-even threshold is extra money for the pirates. Another bonus is pirating 4k UHD content that's not available on physical Blu-rays.
But the Kaleidescope DRM isn't broken. Therefore, the $7.95 rental downloads can't be used as a new vector for pirate releases. Of course, Kaleidescape doesn't want this scenario to happen so they're incentivized to continue paying for the DRM licensing protection.
And to recap the specifics I was replying to, it was this: >"If you're going to allow playback on devices in "adversarial" hands (streaming, home physical media playback), it's going to be incredibly difficult to restrict copying."
Kaleidescape is one counterexample to that. So far, they have actually restricted copying with success.
- The DRM doesn't need to be broken. If it can be displayed on a screen, it can be captured. Just requires electronics engineering effort.
- Read their comments, the analog loophole is mentioned in the first one.
- To be charitable to gp, they may be talking about "digital" instead of "analog" capture. E.g. something like HDMI capture hacks: https://www.google.com/search?q=hdmi+capture+hdcp+bypass
The issue is the so-called "DRM" isn't just the encryption of the harddrive files. The DRM protection also includes the watermarks in the video images that survive the HDMI capture. If pirates don't want their $2000 Kaleidescape player blacklisted and bricked, they have to figure out how to remove all forensic watermarks (the invisible low-level "noise" in the image frames) so the illegal copies can't be traced back to that specific compromised player.
It's not impossible but it raises the threshold of difficulties. E.g. using differential analysis to reverse-engineer watermarking now requires buying TWO players for $4000 instead of just one for $2000; and paying for 2 download rentals instead of just 1. And add hours of analysis work on top of that. DRM doesn't have to make piracy impossible; it just has to make the cost/effort equation not attractive. For now, the Kaleidescape DRM scheme is "good enough" for the cost/effort equation to not make sense for pirates.
- I was talking digital. The output has to hit a device that does something with pixels at some point. At that stage it isn’t encrypted. (Think ribbon cable to LCD, or equivalent). No reason why an FPGA or some custom hardware can’t grab that, just requires engineering effort.
- If HDCP strippers work they should also work on Kaleidescape.
I wonder if they use watermarking so they can "burn" the player after a single rip.
- They most certainly do. A quick online search returns "NexGuard" as the used watermarking technology, at least in 2018.
Edit: it's actually mentioned in a comment not far from here (https://www.kaleidescape.com/news/kaleidescape-taps-nexguard...)
- Most importantly, the industry concerns itself primarily with the new-release window; that high fidelity copies will eventually be widely available doesn't break the model.
- I suppose this would help keep pirated copies from getting out before the theatrical release date (presumably theaters are given these digital releases at least days before their first projection date).
But it seems that more and more releases are straight-to-streaming, and/or sometimes simultaneous with the theatrical release. High-quality pirated copies often show up within a day of a streaming release. Sure, many are still theater-only for a week or more after initial release.
I get that a big part of their business model for some titles relies on theater ticket sales within the first days or at most weeks after release, but all this DRM just feels like an exhausting, expensive, ultimately-losing game for them. Especially when we consider how theater-going has declined over time, especially recently.
- There are no high quality pirated versions though. The streaming version and even blu-ray is compressed way heavier than these DCP files. I’d buy these cinema versions of films in a heartbeat if they were availble.
- 1080p/4k as encoded by the streaming sites / blu-ray is sufficiently high quality for virtually all of the viewing public. You're weird (no offense).
- I’ve worked in film mastering so yes I am an outlier. My point was that industry guarding the DCP makes sense as the leaked pirate versions are not the same thing. In music world everyone can buy uncompressed CD, but with moving image end user can only get what is equivalent of a mp3. This includes the illegal channels. Blu-ray is say 1:40 compressed from raw data. Good enough for sure but not the theatre experience.
- I do not think that's weird.
A 4k movie, even from a Blu-Ray, may look very nice when watched at a normal speed, but if you look at the individual frames in order to distinguish some details during a sequence with fast movements, the quality is very bad and it may be impossible to see the details that you want to see.
At the levels of compression that are typical for movies distributed by encoding with H.264, H.265 and the like, I have never seen any movie that still looks high quality when slowed down during fast action.
- Most people just watch at normal speed. Single-steppers (myself among them) are, objectively, weird.
> I have never seen any movie that still looks high quality when slowed down during fast action.
Then don't do this? No one does this. Theaters certainly don't offer this experience.
- Where do you live? Where I live only professionals and nerds use movie playback that allows single frame stepping, it's definitely a fringe phenomenon here.
- I live in the EU, but any good free movie player should allow stepping through video frames back and forth and also playing with any desired speed in frames per second.
This is not a feature that requires professional tools.
And I do not think that you have to be a pro or a nerd in order to want to see clearly many of the details of the kind "blink and you miss it".
- That the tooling might be pervasive doesn't mean it gets any use outside of fringe groups.
- You are right and it is an evil form of gate keeping.
Pros before bros.
Nerds are just wannabes.
The mugglers may suffer as they do not know, care or can articulate it. If they do - they are clearly nerds and we can discard them as a minority.
People conflate pro with premium. The mass market should be able to sustain premium and discount. The market might be too small for pro DCP content. But I would like the market to understand that there are 3 important segments. Pro, premium and discount.
Pro - special specific needs. Premium - for the regular Joe who wants good quality. Discount - for the masses.
Premium market is underserved. Unless you are willing to pay luxury prices for Kaleidescape or the likes.
It is the race to the bottom with streaming providers testing commercials. They have already succeeded with the "junk content" as the big studios wants to keep licenses for their own services.
The quality bar is set for the lowest/cheapest common denominator.
- There is nothing weird about it. If a single person has the resource to decrypt and manage the logistics, then obviously DCP is the intended way a director wants his audience to experience his creativity.
- As someone who's been working with cinema and video mastering, it sounds like you haven't seen the difference between professional formats like DCP and consumer formats viewed on a proper screen or projector. There's a reason we still have cinemas after all.
Even consumer equipment benefits greatly from visually lossless encoded media.
- No one goes to the theater because the picture is better. It often isn’t.
Projectors aren’t maintained, or set up correctly, and audio balancing is often way off. People go to the movies to see new releases or have dedicated shared experiences
- I am absolutely seeing mission impossible in theaters next month because their screens and speakers are better.
- > No one goes to the theater because the picture is better. It often isn’t.
> Projectors aren’t maintained, or set up correctly, and audio balancing is often way off.
This depends a lot on the cinema that you go to.
- Most people are watching at home, on smaller screens, and simply do not care about pixel perfection in every frame.
- I often hear that hand waving "what the market wants". But it is more "what the market can suffer". See IPv4 vs IPv6.
I am not working with mastering as the OP. But I can see the low fidelity of streaming services. I watch my content projected to a large screen.
So I am one of those weirdos. I do not mind as I know I am a nerd. But there are more of us than you think but the penny pinchers wins as usual. "The majority do not see it". But they do. The majority went out and bought 4K TVs. They are slightly disappointed as it did not get "that much better". Most would have been just as happy with a 1080P OLED display. But only the geeks can articulate what they want.
The worst local offender is the online Blockbuster. Compression artifacts galore. But as most view content on phones the audio is stereo only. So your "sufficient" is not my "sufficient".
I get the "weird" part. No offense at all. But you are talking about optimizing for what the majority will suffer.
And it is done to save the last little penny. We could optimize for technical excellence but pride has gone out of fashion.
- Even among the set of people who have something even semi-resembling a proper home theater—which is already a tiny group—I'd be 95+% would need to upgrade their gear quite a bit before they'd benefit at all much from quality higher than ~50GB-100GB blu ray rips.
(stream rips do often does look like dog shit, though—I find sub-10GB 1080p blu-ray downscales [to get the HDR from the 4k blu ray, but lower res and storage space] usually look better than raw 4K streaming rips)
- > But it seems that more and more releases are straight-to-streaming, and/or sometimes simultaneous with the theatrical release
If anything, it's less and less. Studios are pulling the PVOD date further and further out for successful titles generally (Universal excepted). All the talk from Cinemacon was going back to a 60 day+ exclusive theatrical window.
- Back in my day the first releases were cam rips sold on dvds for $3-5 per movie. quality wasn't great but the audio could be ripped from the devices for hearing impaired https://en.wikipedia.org/wiki/Telesync
quality varied but was good enough in mid 00's probably better
- > it is almost always someone with a camera in a theatre making a terrible quality screener.
Could an insider do a more sophisticated telecine capture with more fidelity?
- There is zero piracy from projectors because there are a multitude of easier places to rip from. But close those doors, limit to only theatrical releases, and we will again see content pulled from projectors and underpaid projectionists.
The only way to prevent piracy, to actually prevent copying, is to keep content in a dark vault well away from public view.
- Most pirated copies aren't from theatrical releases; they mostly come out when the titles are available on streaming/blu-ray. DRM might be a failure in other fields, but it's working pretty well in this particular case.
- I think the question remains, is it still worth it given these holes?
- It presumably is, as the effort is kept up despite the cost and inconvenience.
My guess would be that the plan is mostly to ensure that when a new release premieres in theatres, going to a theatre is the only way to experience it in high quality.
It doesn't really matter all that much if the people who waits for it to arrive on Netflix gets a pirated copy; it does matter if the ones forking over $20 to see it in a theatre does, though.
- A really important element of this is that much of the burden of maintaining the DRM is on the theaters, and the theaters themselves are the ones who care about protecting the theatrical release period: you might be less likely to pay them for a ticket if you can get a high-quality copy at home before the actual streaming/media release
It’s a different dynamic than we typically talk about with DRM. Most of the time DRM is something imposed on a consumer who doesn’t really want it. But in this case, the consumer is the theater and they really do want the protection.
- While at the same time dealing with potentially untrustworthy employees and the prisoner's dilemma.
- Most people are completely fine watching a 720p x264 1GB version half a year after release. Sure, there are some purists who want as good image quality as possible as soon as possible, but that's a tiny minority. I think the actual motivation is that cinemas are becoming less and less relevant in the age of streaming, so they're doing anything they can to protect the little revenue they have, because the only way cinema can make money is to hype a movie to the moon, and then have it shown exclusively in cinemas for some period of time. But with streaming services investing in their own movies, the days of this distribution model are numbered. Having a cinema in 2025 is like having an internet cafe in 2010.
- This really downplays the cinema experience. Yes, many people are fine watching a movie at home while doing something else (the current Netflix model of filmmaking is precipitated on this), and others are fine to watch at home in general, but few people would truly say that their setup is close to what you get in a cinema. The screen is much bigger, the image quality is higher, and the sound system is much better as well, compared to anything short of an actual home cinema setup. It’s not the only reason of course, but it’s one of a few reasons cinemas still sell out for big films like Dune 2, and why people will go out of their way to go watch it in the cinema.
Streaming will never fully replace cinemas, even if it dramatically impacts their operating mode, and to argue otherwise is naive.
- > but few people would truly say that their setup is close to what you get in a cinema.
The opposite is also true. Few cinemas have a setup that imitates the comfort of watching something at home.
- Pirated copies of theatrical releases at the time of release are much more rare, though.
The value of protecting releases is extremely high in the narrow window of finalizing production and getting it into theaters or online launch platforms.
If there was no DRM and watermarking then these would be pirated constantly before release.
- It also contains watermarks. So theatres which failed to prevent recording will run into serious issues. See https://dcpomatic.com/forum/viewtopic.php?t=2372
- If the software to watermark is widely available (as it appears to be) then an adversary has all they need to corrupt any existing watermark.
These steganographic watermarks depend on no knowledge of the process. If the method is particularly ingenious (one of the inputs is centrally stored entropy which the extractor references by trialing them all) then knowledge of the process alone may not be sufficient to obtain a high quality result (as too much corruption may be required) but could be used to inform the next step:
If you obtain two or more copies of the decrypted content you will be able to diff them and work out what you need to corrupt even without knowledge of the watermarking process. This probably won't work with pirated CAM's or take quite an effort to find the signal in the noise.
Edit: After some more research it looks like they don't actually watermark the distributed data (the movie sent to cinemas). The projector inserts its unique watermark during playback. There may be other secret watermarks put in by distributors not mentioned anywhere.
- I'm friends with a professor of steganography. Apparently most cinema watermarking is based on very heavily error correcting codes within the wavelet domain that are specifically designed such that they are resistant to collusion attacks, i.e. the statistical properties of the "indistinguishable from random" noise are such that it is highly correlated among different viewers such that they are very much more likely to have bits in common rather than bits different. I'm relatively sure that the obvious things like taking the mean of two images (or randomly picking one of them) have been considered.
Put it this way -- You've got huge amounts of cover data (a hard drive's worth) and a desire to encode at most, what, 128 bits of data, across about two hours, with as much redundancy as possible. There are plenty of patents that explain in detail how.
My friend considers this a moderately distasteful problem, and mostly works on steganalysis, identifying where steganographic techniques have been used, as he thinks it's more interesting and frequently more morally justified...
- > If the software to watermark is widely available (as it appears to be) then an adversary has all they need to corrupt any existing watermark.
The commercial software used to embed watermarks into the digital files is not readily available. It’s also much more advanced than putting an obvious logo on screen. There are techniques to embed signals into the video that survive some amount of compression and aren’t obvious to the viewer.
You can identify signals deep below the noise floor if they’re sufficiently low bandwidth and you know what you’re searching for. See GPS and its ability to work even though the signal is completely lost in the noise until you know what you’re searching for in the noise.
- > If you obtain two or more copies of the decrypted content you will be able to diff them and work out what you need to corrupt even without knowledge of the watermarking process.
By the time you've destroyed enough of the signal to remove the watermark, the content is unwatchable.
- How would one know this? Care to share with the class?
- Quite often it's industry insiders themselves who release rips from the Blu-Ray screener disks sent for Academy Awards consideration.
- Yep, and those pirated copies are DRM free, work everywhere, no HDCP and other crap, no internet connection needed, so they're "better" in that way too (not just price-wise).
- Totally possible that watermark identifies cinemas and showtimes uniquely, and that pirates are due for a lifetime of prosecution. Or that studios will shut down some cinemas, until it stops.
For 15 years you let paid options progress. Then fewer people pirate, then you catch the rest. At the beginning you don’t see it putting its clamps; then suddenly you don’t find piracy anywhere.
- Yes, and those paid options were one subscription that had "everything". Then paid options broke up into 5 different subscriptions, some not allowing more than 2 devices, some having ads in paid plans, some not available in your country, some only having seasons 3 and 5 of the series, some having the series you wanted to watch but remove it half way through, some give you a "buy" button for the media, but then take the movies away after a few months, etc.
And people go back to piracy, because the user experience is better.
- > Yes, and those paid options were one subscription that had "everything".
It really didn't. It's incredible this collective delusion exists when it's not true.
- It was a lot closer when they still had a streaming + disk option, but even then, they were missing lots (and lots, and lots) of stuff. I think people don't realize how many tens of thousands (maybe into the hundreds, IDK, I wouldn't be surprised) of films there are, let alone how many hours of TV content.
This is like when people talk about how everything's on the Web, when it comes to books. 1) This is only even sort-of true if by "on the Web" you mean "piracy sites have an epub/pdf of it", and 2) even then, extremely not close to true, the time from "I'm going to deep-dive this topic" to "... and now I need to go to the library, and possibly a specific library, maybe on another continent" is often not long at all.
- > "I'm going to deep-dive this topic" to "... and now I need to go to the library, and possibly a specific library, maybe on another continent"
I remember an history professor saying that for a subject he was working on he had to borrow a book from the library of Congress (through the library of his university), where the only publicly available copy in the US was. Of course it was an academic book, so it's not exactly a common situation.
- > For 15 years you let paid options progress. [...] then suddenly you don’t find piracy anywhere.
And then they completely ruined it with fragmentation. When all I need to watch everything I wanted to watch was three subscriptions (Netflix, Hulu, and HBO), I was totally fine with the ~$40/mo and reasonably-ok-UX offered.
But now it's a mess. I need subscriptions to 7 or 8 different services (which now each cost twice what they used to for an ad-free experience), and the experience is crap. Netflix no longer plays on my Linux/Firefox setup (same thing happened with HBO years ago), and their anti-password-sharing mis-features constantly trigger for me even though I don't share my Netflix password. The Android apps for most of them are glitchy and buggy, and Chromecast has somehow gotten less reliable over time.
The irony is that usually I would say more competition is a good thing. I suppose if we had lots of streaming services, but studios were required to license all their content under RAND terms to anyone who asks, we'd have real competition, and streamers would compete on the quality of their platform, lack of ads, etc., and not just on what titles they were lucky enough to be able to license.
I do agree that pirating became less popular for a while, but that golden age is over. The piracy scene seems stronger than ever these days.
- > Netflix no longer plays on my Linux/Firefox setup […]
I know Netflix doesn't support anything beyond 720p or so on Linux, but that never bothered me. Otherwise it just works. Is your Firefox out of date?
> The piracy scene seems stronger than ever these days.
I hope so. A lot of damage was done. If it wasn't for archive.org a lot of older, regional stuff would not even be accessible. We need piracy if only for the collective digital archives.
I refuse to take out more than one subscription. We just hop services.
- I'm confused why it's encrypted as a JPEG image per frame instead of one AES encrypted video file. Since the same AES key is used for each frame it wouldn't add any additional security imo
- I think JPEG 2000 is simply the chosen format for distribution of the video, not for security.
JPEG 2000 has some interesting properties for very high quality video storage and transport where bandwidth is not a concern. The traditional encoded video formats we know are less preferred at this scale.
JPEG 2000 is resource intensive, though. The decoding hardware is probably either GPU based or using an FPGA implantation from one of the providers who makes hardware for this.
- It's definitely dedicated hardware JPEG2000 decoding.
- DCPs were designed to be jpeg200 streams with a bunch of audio streams as well.
The idea was that they wanted up to 16bit colour (per channel) lossless imagery. The encryption was (or so I recall) was an extra feature.
- As per asdcplib's author themselves in another clmment:
> Frame-by-frame encipherment, rather than whole stream, better supports random access and the famous tobacco intermissions popular in the EU.
- One movie can be 200G to 1TB large. The chunked encryption allows it to seek the movie without decrypting from the beginning.
- But any computer with full disk encryption also has seekable encryption
- Maybe someone with more knowledge could comment on what happened here: https://wikileaks.org/sony/docs/05/docs/Digital%20Cinema/Dig...
- Well, the DCI system relies on trusted (TPM-ish) hardware. One server vendor has used insecure certificates. So if a AES key for a movie is encrypted / shipped for such insecure certificate the AES key for the movie can be decrypted outside of the actual projector hardware.
This is one reason why they use Device lists, if such a issue becomes public, they will just block this specific projector or the whole product line for future movie releases and the leak is contained.
Also only movies which got assigned to that projection system are affected. So the damage is low/medium.
- JPEG 2000 for each frame? I wonder what they use for decompression. JPEG 2000 decompressors are really slow. Most couldn't keep up with frame rate without GPU support.
- Dedicated hardware, not even regular GPUs. JPEG2000 decompression has a rather complex entropy decoding part which is not easily parallisable.
- Only on the intraframe level - Frames are independent so overall it's "embarrassingly parallel".
- There's no point to decoding in parallel if you're watching in sequence.
- If your hardware can only manage 4 frames per second but you need 48, then decoding with 12 sets of hardware in parallel achieves your goal.
- Although you still have four frames of latency if you do it that way. All the audio has to be delayed to match. Parallelized decode of JPEG 2000 frames is quite possible, though.
The choice of JPEG 2000 is unexpected. Most of the neat features of JPEG 2000 are useless for cinema. Being able to construct a low-rez version from a truncated file isn't useful. Nor is the ability to divide the image into tiles and decompress different tiles at different resolution. (That's used in JPEG 2000 medical and military imagery, where you want to zoom in on the interesting part and see it in lossless mode.) You can have more than RGB or RGBA layers, which the multispectral imagery and prepress people like. Maybe the advantage is that you can have more than 8 bits of color depth.
- > The choice of JPEG 2000 is unexpected.
What format would you have expected?
> Maybe the advantage is that you can have more than 8 bits of color depth.
Yes, that and the (at the time) near state of the art compression efficiency. I remember reading a technical document where the engineers designing the standard argued for 12 bits per component based on experiments and studies they conducted.
- The ability to read a lower rez version of the images is a feature that is actively used. That way you don’t need to have both a 2K and 4K DCP for movies that have a 4K version, 2K projectors can simply decode the 4K DCP at 2K resolution.
- Derp, quite right. Never mind, thanks!
- The parallel part would come from batch decoding upcoming frames across multiple cores and buffering the result.
4K at 90fps decoding is easy for commercial decoders with a consumer GPU. The dedicated hardware solutions are out there but they’re not the only way to do it any more.
- The frames are sent encrypted into the projector. The projector has special hardware for decrypt and decode.
- Packaging DCPs used to be a massive faff. (it might still be one)
Basically they are a tar[1] of images with a bunch of audio streams for different speaker configurations. depending on the quality settings, they can be encoded for higher colour space (ie 16 bit log per channel)
Even with lossless jpeg2000, these packages can be huge.
But, back in 2011, the biggest problem was encoding jpeg2000 required hardware to get anything near realtime performance. (I also think there were dedicated DCP packaging machines, but I never actually saw one.)
One of my colleagues decided the best way to ship the finalised movie was to open up an NFS port on sohonet and let the technicolor hook the DCP packager directly.
it worked, but our CTO diplomatically asked them to stop.
[1] not actually but conceptually similar
- > The video stream is encoded as one single JPEG2000 picture per frame. Each frame is encrypted with the same static AES key.
Is this not a problem? It’s not a good idea to reuse the same key to encrypt very similar files. Similar to ECB. See the famous penguin https://words.filippo.io/the-ecb-penguin/
I’m surprised they don’t use something like XTS commonly used for disk encryption. It derives a unique key for each block/frame and allow you to access each individual blocks/frames non sequentially.
- No. They use a unique IV for each frame:
> Every Frame is using a unique IV (Initialization Vector), which ensures that the AES Block Cipher generates always different cipher texts and makes brute force harder. This works similar to a Password Salt.
- Oh thanks. I missed that. I guess that works pretty well too!
- >Encrypted DCPs use Forensic Watermarks which contain the serial number of the projection system. So if a recorded copy of a movie appears online, the theatre will have to answer serious questions and may never get movies again.
Is this not as simple as dumping the same movie from two different projectors, diffing the output, then obfuscating the watermark?
- To do that you need to figure out what parts are noise (watermark), simply diffing them would just give you a different noise pattern which can still be analyzed depending on how the watermark is encoded.
- > 31. May 2024
I’m trying to understand the timeline here; the article was originally written last year and the latest spec is also from 2024 but the article has a link to this HN thread created yesterday?
- Maybe the author saw a bunch of hits coming from HN and edited his post to add the link to the discussion? It doesn't seem as if the author themselves posted their article.
- Yes, I added some notes/improvements while the discussion was happening here.
Changelog: https://github.com/perryflynn/serverless.industries/commits/...
- How are groups getting the high quality digital dumps of some movies then?
- I don't think new theatre releases are generally getting leak in digital formats anymore until they hit streaming which can sometimes be as soon as weeks or couple months after original release. Obviously 'tele-syncs' (cameras capturing the film) still exist but that wasn't your question. The one exception to this can be oscar movie season when studios release films via a special Apple TV app and that be be slightly less secure (though still water-marked).
I would ask you to support your claim of 'high quality digital dumps' by citing one that has come out in the last couple years. See https://predb.net/
- > A telesync (TS) is a bootleg recording of a film recorded in a movie theater, often (although not always) filmed using a professional camera on a tripod in the projection booth. The audio of a TS is captured with a direct connection to the sound source (often an FM microbroadcast provided for the hearing-impaired, or from a drive-in theater). If a direct connection from the sound source is not possible, sometimes the bootlegger will tape or conceal wireless microphones close to the speakers, as it is better than a mic on the camera. A TS can be considered a higher quality type of cam, that has the potential of better-quality audio and video.
- This has an analog (so to speak) in the live music bootlegging subculture. If you can convince the roadie running the mixer or the sound board to plug in your shady recording device, then you can cut a bootleg record or tape which advertises that as a selling point.
Live audio bootlegs of concerts are typically plagued with the same sort of interference, such as crowd noise, shaky everything, cheap microphone designed for voices only, overwhelming decibel levels, etc. A "clean soundboard" recording can bypass all that and sound comparatively good, especially if the band is good at playing live.
- Screener leaks or insider (outsourced VFX for example) leaks
- Hollywood is stupid and eroded its own economic advantage by putting everything on streaming. This was already known, but it also makes antipiracy operations much, much harder.
Ripping a stream is always going to be easier than getting any unprotected video footage out of a movie theater. The stream is in your own home, you own and can tamper with all the equipment involved in playing it, and the economics of CDNs prevent robust traitor-tracing schemes[0] that could be used to hunt you down.
In contrast, movie theaters are public locations, so every one of them is a known entity. The entire supply chain for movie projection is controlled. And that makes traitor-tracing a lot easier. All the hackers pointing out that DRM is fundamentally breakable are ignoring the fact that that only matters iff you're anonymous and untraceable. Otherwise, they won't bother making the DRM stronger, they'll just arrest people until the movies stop leaking.
It's the XKCD laptop wrench story[1] in reverse. The crypto nerd imagines DRM to be easily broken trash, but the reality is that the security of the DRM is in the $5 wrench, not the math.
Let's play contrast-and-compare. If you want to leak a stream, you need:
- A streaming account
- Knowhow or software to decrypt the data stream as it's downloaded and played, or,
- Knowhow to modify a TV so that you can capture the unencrypted video and audio streams inside the TV
The last one isn't done because it's a pain in the ass and the TV scene prefers bit-perfect rips over re-encoded captures. But at some point in the TV, you have to decrypt the video; LCD panels do not natively accept encrypted signals. And that is something you can build hardware to capture.
Now let's try leaking a movie. There's a few avenues of attack, roughly corresponding to the traditional movie scene release categories:
- You can go to the theater and point a camera at the screen. They actually check for this now, in pretty much any western country you'll get kicked out or arrested for camming a movie. If you don't get caught, they can still narrow you down to a location in the room via your shooting angle, and possibly determine what theater you were at with line frequency hum. That's enough information to narrow down the guy leaking the movie to a handful of customers. Do this enough times and you create a unique fingerprint to catch yourself with.
- You can get a job as a projectionist and run the movie projector into another camera directly. That kind of machine is called a telecine, and it used to be one of the higher quality ways to get leaked movies back when they were on film. This is specifically the scenario that all the DRM in the projector is designed to stop. If you do anything to change the light path of the projector, it locks up until the manager comes in and types a password to authorize the change.
- You could bribe the manager or owner to telecine the movie for you. Problem is, the number of people who actually have the password that unlocks the projector is really small[2] and traceable. If a telecine leak is traced back to their theater, someone's getting fired at a minimum, jailed in the worst case.
- You could break the DCI scheme itself; but you still need to source the files and keys to decrypt the movies. This is the crypto nerd's imaginary scenario. Even then, the files could themselves have steganographically injected information identifying the theater who got that master copy, which you can't strip out merely by having the encryption keys. Again, nobody is giving you those files unless they're too stupid to understand the implications (unlikely) or they have faith that you can strip out the stegotext.
It's just way easier to rip a stream than a movie in a theater. And when Hollywood moved to streaming they also made it a lot easier to leak movies.
[0] To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.
[2] This is also why the 3D era of film made movies way too fucking dark.
- > Problem is, the number of people who actually have the password that unlocks the projector is really small[2]
> [2] This is also why the 3D era of film made movies way too fucking dark.
What is the relationship between these two things?
- 3D requires inserting an extra device into the image path to split the projector light into polarized halves, otherwise the 3D glasses don't work. Because of how light works, half the light is thrown away. So you either have a darker picture or you jack up the light (which, according to theater owners, means more wear on the projector's light source).
Now, in an ordinary scenario, you'd just have the projectionist remove the extra polarizing step from the image path for 2D showings. Except, remember, all of these projectors have DRM specifically to control who is allowed to put things in the image path of the projector. So now management has to be called in every time a theater needs to change over from a 2D or a 3D film.
Or you follow the path of least resistance and just leave all the 3D crap on the projectors all the time, keeping it at the same brightness for 2D (to save money on maintenance), which results in everything being darker.
- It's been a few years since I was in the industry, but I don't think this is entirely correct. As far as I remember the polarizer (or for Dolby 3D, the color wheel) was placed on a rail system to be slid in and out of the light path when required (It's possible that cheaper/older versions can't be automated). The polarizer is placed outside of the projector in front of the lens so no password is required to remove it. There is a security step between the projector and the playback server, but that sits on the first PCB the data signal from server hits on the projector (If I remember correctly).
With regards to the projectors light source you are correct, higher illumination means more wear on the XENON lamp in older projectors. If you have the polarizer in front of the lens at all times that would be a problem. With newer laser projectors I don't think higher illumination is a big problem for the longevity of the laser.
In any case, projectionists barley exists anymore and cinema managers knows next to nothing about the technical aspect of the business. Basically everything is automated to such a degree that all the cinema chain management needs to do is to populate the ticketing system, then films, advertisements, trailers and announcements are automatically downloaded, playlists created, distributed to screens and scheduled. Lights, projectors, doors, curtains and so in is also automated.
- Wondered that, too.
Assuming it's not a typo, guessing that 3D films needed some additional calibration that didn't happen because it was a hassle needing the manager to make and reapply the changes.
- To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.
If the movie is streamed in chunks, only certain short segments would need to be reencoded to add watermark data. Alternatively it might be possible to splice in a short segment with the watermark between keyframes of the preencoded film.
Finally all of this could be done on the audio side which is much less computationally intensive compared to video.
- > If the movie is streamed in chunks, only certain short segments would need to be reencoded to add watermark data
Look into A/B watermarking - https://techdocs.akamai.com/adaptive-media-delivery/docs/add...
- If you were only watermarking short sections of the video, wouldn't that make it possible to analyze the stegotext and erase it? You could have a handful of people rip the same video and then compare them, and if different sections get watermarked then you can reassemble an unwatermarked file. This also applies to splicing in short segments of watermarked video.
If you have the whole thing watermarked then all you can do to fix that is averaging; which might not even destroy the stegotext.
Audio watermarking is definitely an option; hell, there's already a DRM scheme called Cinavia that relies on watermarking[0]. If you cam a movie and play it on a Blu-Ray player, it'll actually trip this DRM scheme and, at a minimum, mute the audio or refuse to play the file. I would argue this is probably the most successful use of watermarking, at least in terms of "how much piracy does this frustrate"; but even then you can just play your cams on something else and get around it.
And this is all assuming your CDN provider offers cheap-enough edge compute to inject watermarks before the video hits the user's device. I haven't looked into this recently, but I remember early DRM schemes having very silly bypasses[1] because CDNs could only serve static files. Someone else linked to Akamai documentation about watermarking, but I have no idea how much extra that costs or how much it might complicate other parts of the setup.
[0] https://en.wikipedia.org/wiki/Cinavia
[1] e.g. Remember when someone made an iTunes Music Store client that just didn't encrypt anything, because all the encryption was done on your own device?
- Sectional watermarking is always going to have a higher risk of detection using multiple rips but that's the tradeoff you get with computational power. As you said the best option is to watermark the whole thing but that's expensive.
Cinavia looks interesting as it's done on the client side, like how programs like Photoshop detect the watermarks in banknotes to prevent people from using it to create forgeries. If they managed to get it into the firmware of every television, AVR, etc. then it would be much more effective than just having it on Blu Ray players.
- > Hollywood is stupid and eroded its own economic advantage by putting everything on streaming.
If moving to streaming made them less money, they wouldn't have done it.
- > Hollywood is stupid and eroded its own economic advantage by putting everything on streaming
You are making a big assumption that they had a choice, that if a movie was not put on streaming, the consumer would go to the cinema to watch it.
But many consumers don't, if the movie is not streaming, they just don't watch it at all.
- But how much of that is because they know it will come to streaming soon for free? I feel like the 'if the movie is not streaming, they just don't watch it' mentality was driven by everything being put on streaming. I am not the average consumer, so I could definitely be off base, but I feel like people were more willing to go to see a movie in theaters when they knew it would be months before they would be able to see it if they didn't. Now it can be available for streaming within weeks, many times included with the subscription you already have. Hard to justify $20 per person to go see something in a theater when you can all see it a month later included in your $15 subscription.
- > but I feel like people were more willing to go to see a movie in theaters
There was no Internet, no TikTok, shitty games, not much to compete with movies then.
- Fascinating read and I think an accessible presentation of a lot of the concepts / framework and mechanics of this type of system.
- "Standards that have to be purchased". Someone is just trying to fleece the participants. That's what whole DRM is about most of the time.
- Standards are often cheap. Many tech companies have a subscription to all IEEE papers and standards. The incremental cost of downloading one standard more is in the noise. But even if you don't have a subscription, the price for, say, the 802.11n standard is only $381.
- It's remarkable that they do all this in the context of box office revenues cratering. In 2024 American theaters has less gross ticket sales than they did in 1982, in constant dollars. The whole thing of movie theaters is just over.
- Why does that context matter? It's not as if the use of DRM for movie theater distribution influences whether or not somebody goes to see a movie.
- Encrypted DCPs have been around since when DVDs were still a revenue generator.
