Log in

View Full Version : Stream En/Decryption DirectShow filters, ready for alpha testing


ChristianHJW
30th September 2003, 09:19
Hi,

Jory 'jcsston' Stone, one of the matroska core devs, has a little surprise for you, he has created a set of DirectShow filters that will allow to encrypt any stream during the muxing process, and will insert automatically on playback asking for a password, he made it as a DirectShow 'finger training', to use Gabest's words ;) ....

To make this clear right fom the start, these filters are not limited to matroska ! They were tested with matroska, but should work fine with OGM and AVI also !! This is just said out front, to avoid any stupid conspiracy theories of the matroska enemies here on this board, who had stated already that they see commercial interests behind the project.

We are currently collecting ideas of what to do with it, and here are our first considerations :

1. Protect your private movie collection from access by kids and/or your parents. This can be extremely useful for self-made 'movies' ;) !

2. Fool your friends, by burning the latest freaky movies for them, and then they need a PW to view them ;)

3. For release groups : With the help of Gabest, we could establish a system where every release group gets its own PW, and Gabest hardcodes them all into DVobSub. That way all SSA streams could be stored encrypted in the MKV or OGM file, and DVobSub has the PW for them, so people can view them, but not extract them , unless they are skilled programmers. If only Gabest was here, i guess this could be implemented in no time :( ....

Ideas and thoughts welcome

Here the binaries : http://corecodec.org/download.php/34/DSCrypt_v0.1.zip

Known bugs :

1. Doesnt work with Vorbis or AAC audio right now, only VCM video and ACM audio ( MP3, AC3 ) are supported

jcsston
30th September 2003, 09:45
Originally posted by ChristianHJW
he made it as a DirectShow 'finger training', to use Gabest's words ;) ....
:D A FLAC encoder filter took more typing ;)

robUx4
30th September 2003, 10:54
That sounds like an excellent "open DRM" alternative. Where everyone can become its own "authority" (and we can build some larger ones).

Is the encryption based on PKI (Public Key Infrastructure) and the groups/authorities hold the private key...

Also in the option of having VSFilter (DVobSub?) store the decoding keys, it should be stored in a way only Gabest can have it back... Not possible with a 100% open source code.

Tuning
30th September 2003, 11:25
Great idea!Like in zips or RARs.
Can the PW changed after done encryption?

jcsston
30th September 2003, 15:47
Right now it's using AES encryption with a 16 character password/key. If your password is shorter the rest is filled will 0's and if it's too long it is cut off.

Tuning: No, the password cannot be changed after encryption, however you can decrypt and rencrypt at the sametime by chaining the filters together.

Tuning
30th September 2003, 16:02
I have d/l'd the DSCrypt,but i don't know how to use it.How the *.dll can be prepared to use ?


:) - Tuning

RadicalEd
30th September 2003, 16:07
Usually dropping it your system directory and running a regsvr on it (start>run regsvr whatever.dll) would do it. You can then use graphedit to insert it into a filter chain.

Tuning
30th September 2003, 16:11
Thanks RadicalEd,
I thought it was only applicable to *.ax files.
;)

Sirber
30th September 2003, 18:18
Can it works with RV9 and RA8?

jcsston
30th September 2003, 18:26
Originally posted by Sirber
Can it works with RV9 and RA8?
I have not tested that yet, but I should be able to make it work with any stream (with the right amount of hacking that is ;) ).

haibane
1st October 2003, 19:17
For the sub files, will the extraction require a different password.
Because sometimes after mux the sub file into matroska, we might need correct the error in the sub file.

jcsston
2nd October 2003, 05:51
I have a new release download (http://corecodec.org/download.php/35/DSCrypt-v0.2.zip).
I now have support for encryption of ASCII, UTF-8, SSA, ASS, and USF subtitles. Also there are different modes of encryption now.

Sirber: Sorry but it may take a while for me to get RV/RA encryption working correctly. I've gotten it to encrypt but getting the decoders to connect to the decryped stream is the trouble.

I've also been unable to get Vorbis working, it will encrypt and even connect to the Vorbis decoder. But nothing happens (no sound or video).

Edit: Forgot the link.

Sigmatador
2nd October 2003, 12:16
and how to decode this file on linux ??? can it be done with loop-aes ?

jcsston
3rd October 2003, 01:02
For the sub files, will the extraction require a different password.
Because sometimes after mux the sub file into matroska, we might need correct the error in the sub file.
The idea of using encryption to protect subs is that the decryption would take place inside the subtitle renderer using a preset password the user doesn't ever know about, making it harder for someone to extract the subs.
So the answer to your question would be no, you would use the same password for encryption and decryption.

and how to decode this file on linux ??? can it be done with loop-aes ?
To allow decryption on-the-fly during playback on Linux would require changing each player to support that.


To any interested developers,
I'm using the Crypto++ (http://www.eskimo.com/~weidai/cryptlib.html) C++ lib to encrypt each frame with a reset key, which allows any frame decrypted without requiring previous frames.

The encryption methods you can use are
ASE (the orignal method),
ASE with MD5 password hashing,
BlowFish,
BlowFish with MD5 password hashing.

When using the MD5 password hashing, instead of using the password directly as a key I create a 16-byte MD5 hash from the password and use that.

mf
4th October 2003, 13:51
Originally posted by ChristianHJW
3. For release groups : With the help of Gabest, we could establish a system where every release group gets its own PW, and Gabest hardcodes them all into DVobSub. That way all SSA streams could be stored encrypted in the MKV or OGM file, and DVobSub has the PW for them, so people can view them, but not extract them , unless they are skilled programmers. If only Gabest was here, i guess this could be implemented in no time :( ....
You're just asking for that to be cracked. I do not doubt Gabest's skills, but I don't think they'll be any better than that of those who created CSS, the numerous serial key protection systems, and other schemes which have already been cracked or which will be cracked in a short time. Subtitle protection is no use anyway, if you want me to demonstrate it to you I can rip you a hardsub fansub release to .SUB/.IDX and OCR it.

cweb
12th October 2003, 16:55
Originally posted by RadicalEd
Usually dropping it your system directory and running a regsvr on it (start>run regsvr whatever.dll) would do it. You can then use graphedit to insert it into a filter chain.

Is it possible to use software such as Vdubmod? I suppose the latter would need an update to recognise this filter..

phro
21st October 2003, 06:58
I'd have to agree with MF. No amount of obfuscation can protect a hardcoded decryption key forever. This would be one of those Crack Once Run Everywhere deals once somebody figured it out. It would be awesome though if you could get a working system in place that couldn't be cracked. Brutal irony, the netizens that bypassed commercial copy protection for their own use produce a home brew solution so rip groups can't snarf each others releases. Heheh.

If you decide to go ahead with that I would suggest switching to a PKI system so you can just hardcode the private key and give out the public key to anybody who wants to make a protected release. It would save a lot of arguing about who deserves a key and revisions of filters that don't have certain keys, etc.