Thread: GFY EDUCATIONAL SERIES: How to prevent Piracy - A new way.
View Single Post
Old 04-24-2011, 08:56 PM  
OnanistsCash
Confirmed User
 
OnanistsCash's Avatar
 
Industry Role:
Join Date: Mar 2011
Posts: 183
Quote:
Originally Posted by gir View Post
Hi borked,

Great thread there, you made me post after years of lurking

Unfortunately it spiralled down from flv DRM to the wonders of image recognition, se lets go back for a little.

What i'm interested in is a real (that is, not yet cracked) DRM seriously stopping power users and warez scene from sharing the content online.

Few points about your suggestions:
  • http progressive - kids play, quite a lot know to use dwhelper
  • rtmp/rtmpe in wowza is all cool and nice, however all this is simply circumvented (including sessions, tokens..) by freely available rtmpdump/rtmproxy and GUI clones based on it.


Not much people know about rtmp ripping, but it is expected to progressively get worse (i'm looking forward for rtmpdump support in dwhelper .

The truth is, progressive/f4v streaming is cheaper since you'll sacrifice wowza beast which provides only thin layer of false sense of security at the significant expense of server resources..

Few points about content recognition:
  • Watermarking is deterrent only for casual pirate, and those usually dont do much harm since they dont know how to mirror the site en masse.
  • The analog hole/screen capturing is too slow/tedious/lofi for real-world rips
  • What is important is to prevent warez scene siterips, this is the real cat and mouse.
  • Siterips are usually performed by web scraping bot and member bruteforced l/p combo or using stolen credit card data. Trying to prosecute the card owner wouldn't do much good (in addition to ccbill chargeback).

So, are we screwed or not?

IMHO: It can be done if you're willing to play the cat & mouse.

DRM is tricky. Adobe with RTMPE were foolish enough to drink the cool-aid...

However they've left the door open for clendestine solutions....

since Flash 10 it is possible to to fetch some data, mangle it, and pass it to flv decoder (NetStream.appendBytes), all inside the swf...

The idea would be:

on server:
  • encrypt the stream on server using aes key
in browser (as3/swf):
  • fetch the stream (urlloader, sockets, whatever)
  • some huge obfuscated blackbox generates same key as server and decrypts the stream
  • pass the raw flv to the video object for display

When someone manages to crack this (HUGE reverse engineering effort), just change the obfuscated blackbox inside the swf and start over again. Perhaps tedious, but plug-in DRM is imho the only effective way i can think of.

Now I am curious, would there be market interest in doing it this way? Possibly as a managed service, so users of such a solution would be shielded from the cat&mouse mentioned. Probably with some guarantee that the site cannot be readily ripped and published as a single torrent.

Is there any other way without constant blackbox updates to keep pirates at the bay?
LOL, finally i see some real coders here ;)

Bro, why bother reverse engeenering a stream when you can simply fetch it already decoded at the end users computer with a simple dll hook?

All you say its great if you are trying to sniff the connection, but for what we are talking, an end user ( Leecher or not ) grabing the content, they don't need to reverse engeneer the stream, they just have to wait the stream to be decrypted and save it via the syscall/dll hook

btw, catch me up anytime you want, its been years i don't hear someone speaking that "language" Lets keep in touch
__________________
**** GREAT OPPORTUNITY! I SAY IT ;) ****

Selling PaySite + Program + Tons of Promo Content + Hybryd TGP + Everything you need to start quick, jus focus on pushing traffic :P https://gfy.com/showthread.php?t=1071451

**** GREAT OPPORTUNITY! I SAY IT ;) ****
OnanistsCash is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote