Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researcher Cracks Google's Widevine DRM (L3 Only) (zdnet.com)

Posted by BeauHD on from the sounds-cooler-than-it-is dept.

The L3 protection level of Google's Widevine DRM technology has been cracked by a British security researcher who can now decrypt content transferred via DRM-protected multimedia streams. ZDNet's Catalin Cimpanu notes that while this "sounds very cool," it's not likely to fuel a massive piracy wave because "the hack works only against Widevine L3 streams, and not L2 and L1, which are the ones that carry high-quality audio and video content." From the report: Google designed its Widevine DRM technology to work on three data protection levels --L1, L2, and L3-- each usable in various scenarios. According to Google's docs, the differences between the three protection levels is as follows:

L1 - all content processing and cryptography operations are handled inside a CPU that supports a Trusted Execution Environment (TEE).
L2 - only cryptography operations are handled inside a TEE.
L3 - content processing and cryptography operations are (intentionally) handled outside of a TEE, or the device doesn't support a TEE

"Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM," [British security researcher David Buchanan] said on Twitter. "Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg." Albeit Buchanan did not yet release any proof-of-concept code, it wouldn't help anyone if he did. In order to get the DRM-encrypted data blob that you want to decrypt, an attacker would still need "the right/permission" to receive the data blob in the first place. If a Netflix pirate would have this right (being an account holder), then he'd most likely (ab)use it to pirate a higher-quality version of the content, instead of bothering to decrypt low-res video and lo-fi audio. The only advantage is in regards to automating the pirating process, but as some users have pointed out, this isn't very appealing in today's tech scene where almost all devices are capable of playing HD multimedia [1, 2].

76 comments

  1. Oops by butzwonker · · Score: 2

    I didn't even know that Google is in this shit business. Good to know, in order to avoid products that use this DRM crap.

    1. Re: Oops by Anonymous Coward · · Score: 0

      It is too small of a payload and exposed to nasty attacks - TEE is simple in some scenarios and not so much in others. It is something to do with the original sixteen bit encryption algorithm

    2. Re:Oops by Anonymous Coward · · Score: 0

      Good to know, in order to avoid products that use this DRM crap.

      Fortunately there are still BD disks available of the series and movies.. ;)

    3. Re: Oops by Anonymous Coward · · Score: 0

      https://m.youtube.com/watch?v=X3orqPl83Dk

    4. Re: Oops by Anonymous Coward · · Score: 0

      OK can we get back to our basements and play D&D? I need to roll a 1d14 for character stats and also pick a good module

    5. Re:Oops by dogsbreath · · Score: 2

      Widevine is used on stream transport and you almost certainly have watched something that was wrapped & unwrapped by their DRM code. Unlikely you will ever run across a consumer product that says "Widevine enabled".

    6. Re:Oops by ArchieBunker · · Score: 1

      Can you name any sites that use it?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    7. Re: Oops by Anonymous Coward · · Score: 0

      DRM annoys the hell out of legitimate customers but is ineffective against piracy. Drives more consumers into piracy. Couple that with regional restrictions on who can watch what and when and charge different prices (The main purpose of DRM), e.g. Canada gets a small subset of content available in the USA but still sees all the promos, trailers, reviews, etc., so Canada turns out to have among the highest rates of piracy. What's not to like about it?

    8. Re: Oops by Anonymous Coward · · Score: 0

      Not here not now

    9. Re:Oops by CastrTroy · · Score: 4, Informative

      The most popular one is probably Netflix. If you use Netflix on an Android device you have used WideVine.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    10. Re:Oops by swillden · · Score: 2

      The most popular one is probably Netflix. If you use Netflix on an Android device you have used WideVine.

      Or Google Play video, or Amazon Video, or Hulu, or basically any Android app that plays commercial content. Maybe even YouTube; not sure.

      I believe that Android and ChromeOS devices these days are required to provide L1, while desktop Chrome and Firefox provide only L3. L2 pretty much doesn't exist. You can tell easily what your device has: If your Netflix (etc.) streams are limited to 480p, then the device supports L3. If you can watch HD (720p, 1080i/p, 4K), then the device supports L1.

      More detail: https://www.androidauthority.c...

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    11. Re:Oops by Anonymous Coward · · Score: 0

      Actually it's quite common in cheap chinese Android Tv boxes to list widevine L1 support.

    12. Re: Oops by MightyYar · · Score: 1

      I still pirate out of pure laziness. I pay for Netflix and Amazon Prime but it's often easier to simply search for a pirated version of whatever than to log in and search all the separate services. Kodi is no joy, but once set up it's still a better experience than any of the legit offerings - simply because search is centralized. The rights holders obviously aren't starving or they'd be more consumer-friendly - I have very little empathy for them and try to minimize the amount of money I send their way.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    13. Re:Oops by Anonymous Coward · · Score: 0

      Youtube: Nope.

      I've got a 100% free software laptop which has none of this insane anti-user stuff and Youtube works just fine.

    14. Re:Oops by Anonymous Coward · · Score: 0

      Back in the last 90s/early 2000s they were pushing to introduce Trusted Computing (including TPMs - hardware dongles).

      People said it was for DRM, not for user security - and that once it was in machines, it was game over for your digital rights. Everything else was a software update after that.

      They were mocked by various paid-for security researchers who claimed that TC hardware wasn't useful for DRM.

      Shockingly, the researchers turned out to be lying shills. The hardware IS useful for DRM - and IS being used for it.

      Amazed I am not.

    15. Re:Oops by Anonymous Coward · · Score: 0

      To run Netflix on a raspberry pi you need to install Widevine support in Chromium.

    16. Re: Oops by Carewolf · · Score: 1

      I can watch full HD with a desktop browser on a cpu without encryption. Only 4K content seems to demand OS and hardware support for "trusted" computing.

    17. Re:Oops by Anonymous Coward · · Score: 0

      Youtube: Nope.

      I've got a 100% free software laptop which has none of this insane anti-user stuff and Youtube works just fine.

      I can watch YouTube streams in VLC. However, sometime last year, music videos from YouTube stopped working. Still the case today. Obviously something is different with music videos.

      I can still watch all in a web browser.

      Captcha: insight

    18. Re:Oops by dogsbreath · · Score: 1

      If you use any IPTV service then you have had content wrapped with Widevine

    19. Re: Oops by Anonymous Coward · · Score: 0

      That doesnâ(TM)t mean it is not useful for security - disk encryption is one of the uses of TPM. However, as it turns out, DRM isnâ(TM)t at all that effective as a protection, there are ways of ripping DRM protected content (a quick search shows several applications claiming to be able to remove Netflix DRM ). In a worse case scenario the content can be converted to analog and back to digital with minimal loss.

    20. Re: Oops by Anonymous Coward · · Score: 0

      sure it is.

      That's why the endorsement key is baked into the TPM and is kept secret from the owner of the machine. The only people who know it are the manufacturer... oh and every government agency that demands their list so they can break open all the encryption built on it.

      Because... it is about security... just not YOUR security.

  2. Re:Me and my llama by Anonymous Coward · · Score: 0

    u going at tooth hurty?

  3. it's a hack! by Anonymous Coward · · Score: 0

    No, no it isn't. Not everything involving computers that's slightly unusual is a "hack", stupid zdnet, but I repeat myself.

    1. Re: it's a hack! by Anonymous Coward · · Score: 0

      I know and just because you take a dozen events and all but one are attacks has no bearing on whether the remaining event is a hack

  4. DRM ugh. by serviscope_minor · · Score: 1

    I remember back in the early 2000s when google sounded like some sort of geek paradise where they also paid you.

    Now it's all about privacy violation and apparently DRM now too. Yuck.

    --
    SJW n. One who posts facts.
    1. Re:DRM ugh. by Anonymous Coward · · Score: 0

      I remember back in the early 2000s when google sounded like some sort of geek paradise where they also paid you.

      Now it's all about privacy violation and apparently DRM now too. Yuck.

      That's not true.

      To be fair to Google, you left out "kowtow to totalitarian regimes and help them oppress their people".

      Whaddaya expect from an ad agency?

  5. Re: Me and my llama by Anonymous Coward · · Score: 0

    Hahahahaha uh no. I have an on call dentist do you not? And you should have said tooth hurTEE

  6. Yawn ... by dogsbreath · · Score: 4, Insightful

    With respect to piracy of entertainment streams, what does it matter when HDCP is so eminently hackable? Widevine has been around forever and has not made any difference to unauthorized recording and distribution of video and audio.

    Widevine protects the stream down to the user's endpoint where it is conveniently stripped of any effective protection. I don't see how the entire stream path can ever be completely locked down.

    Widevine exists only to satisfy contract demands by content providers to protect the streams. Lot$ spent (and passed on to the consumer) to do nothing.

    1. Re:Yawn ... by Anonymous Coward · · Score: 0

      Widevine exists only to satisfy contract demands by content providers to protect the streams.

      And this break means that the termination condition on those contracts is triggered and people without the latest hardware lose their legitimate access to the content. Not that it matters much as more and more streaming catch-up content is moving behind pay-walls anyway.

    2. Re:Yawn ... by Anonymous Coward · · Score: 0

      This level of protection is valuable too. For unprotected content it will likely be stolen from your cdns - you will pay for storage and transfer but someone else will get revenue by offering this content on their site/app.
      Also widevine is free outside of initial implementation dev time.

    3. Re:Yawn ... by Anonymous Coward · · Score: 0

      Why yes, it's that shitty Firefox plugin that magically installs itself.

    4. Re:Yawn ... by dogsbreath · · Score: 2

      And this break means that the termination condition on those contracts is triggered and people without the latest hardware lose their legitimate access to the content.

      Uh, no.

      I don't think there are any delusions at the executive level and this certainly does nothing to contracts. Stream DRM is demanded by contract. This is a boiler plate thing about being seen to protect. The headend does their bit to implement DRM and delivers the protected stream to the user end point; c'est fini.

      What hardware issues? Either ignore the issue (unlikely, although this is not a high value exploit), or patch the code and move on.

      No service disruption; no revenue disruption.

      The interesting aspect of this story is the amateur implementation at L3. Raises questions about the rest of their code but again: who the hell cares? It does nothing anyways.

    5. Re:Yawn ... by dogsbreath · · Score: 1

      This level of protection is valuable too. For unprotected content it will likely be stolen from your cdns - you will pay for storage and transfer but someone else will get revenue by offering this content on their site/app.
      Also widevine is free outside of initial implementation dev time.

      Yes. Let's make sure the pipe does not leak while pumping everything into an open bucket.

      Recording is trivial.
      Near real time re-streaming is easy.

      Initial implementation and ongoing support can be expensive but you are right, Google has made Widevine effectively free to use. More being seen to protect; a political issue of particular importance to Google.

    6. Re: Yawn ... by fuzzyfuzzyfungus · · Score: 3, Interesting

      I imagine that the main area of interest(aside from people doing cryptoanalysis for its own sake or professionally) is in getting output that hasn't been decompressed, potentially resized or munged a bit by the decoding device's particular color profile; and finally grabbed off the HDMI output and recompressed.

      If the stream provided to L3 clients is lousy enough you may still come out ahead by qualifying for L1-super-premium-secure and then HDCP stripping; but the clean copy will be worse than what was originally provided.

      There's also the matter of convenience: HDMI framegrabbers are much cheaper than they used to be; but setting up a capture arrangement based on one is still way more of a hassle than just being able to clean up a media file with just a little bit of software manipulation. Unless the provider caps the download bitrate to 'just fast enough for real-time, maybe 30-90 seconds of buffer to cover for glitches' the software attack is likely to be faster as well: analog hole or HDCP strip attacks are usually real-time at best(sometimes slower if re encoding is computationally expensive) unless the target can be coaxed to play back at greater than 1x speed and your capture device can cope with it

      Probably not going to set the world on fire in the Bluray rip scene; but could be very popular indeed for services that forbid or tightly restrict offline use in favor of streaming only and people who want access to that media when out and about without burning tons of cell data. Small screen makes resolution less of a concern and the fact that most phones don't exactly support simultaneous HDMI output and HDMI capture and encoding makes a pure software attack attractive.

    7. Re:Yawn ... by Anonymous Coward · · Score: 0

      Those contracts are constantly under review as I have seen several cases where a series is pulled mid season from the streaming service due to the lost rights caused by failed negotiation or some new, additional requirements that can't be legally fulfilled (not that I would know such things existing). The hardware issues can probably be best experienced in the world of 4k Netflix and UHD disks. Not that I would ever believe that the companies involved would require SGX support for streaming ad-filled 720p content.

    8. Re:Yawn ... by swillden · · Score: 1

      Widevine exists only to satisfy contract demands by content providers to protect the streams. Lot$ spent (and passed on to the consumer) to do nothing.

      This. I'm not a fan of DRM.

      Though at least the cost isn't large, because AFAIK there is no license fee for Widevine. It does add some complexity to the device manufacturing process because keys have to be injected, but on a per-unit basis that's negligible.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re:Yawn ... by Anonymous Coward · · Score: 0

      Indeed.

      I really wish they would fix WideVine functionality on ARM devices cause that doesn't presently work.
      - See attempting to play Netflix via Chromium on ARM devices. Any vs. > 64.x, doesn't work.

      Caveat: This is on Linux, so I have no idea about Windows on ARM or even if Chromium is available.

    10. Re:Yawn ... by Wrath0fb0b · · Score: 1

      Widevine exists only to satisfy contract demands by content providers to protect the streams. Lot$ spent (and passed on to the consumer) to do nothing.

      It might be lots of money in absolute terms, but it's peanuts on the scale of Netflix. Since they are a public company, we can look at their financial filings and take a look. The entirely of R&D spending is less than 10% of their total operating expenses, which is dominated by buying/creating content and continuing operating expenses (servers, bandwidth). Then there's marketing, and only below that is R&D. Even assuming pessimistically that a whopping 5% of all R&D spending related to DRM (which is crazy), that still amounts to a half percent of total expenses. Dividing it over the subscriber base makes it about a $0.50/yr charge.

      I'm not saying it's necessarily money well spent (although if the content owners require it, you should just roll it into the cost of paying them rather than put it in R&D) but it's really not a ton of money. They probably spend more on one failed new series than the total spent on all DRM related R&D activities for a decade.

    11. Re:Yawn ... by dogsbreath · · Score: 1

      Though at least the cost isn't large, because AFAIK there is no license fee for Widevine. It does add some complexity to the device manufacturing process because keys have to be injected, but on a per-unit basis that's negligible.

      True this. Last time I had anything to do with Widevine was before Google. Still becomes part of the streaming infrastructure and is both an implementation cost and ongoing expense.

    12. Re: Yawn ... by dogsbreath · · Score: 1

      RE: desire to use raw stream vs hdmi output

      True enough from the viewpoint of a purist.

      With respect to piracy, inability to grab the raw stream is of almost zero significance as long as there is a hackable end point.

  7. Just use the analog/hdmi hole by Anonymous Coward · · Score: 0

    Just use the analog hole and record the HDMI stream if you want DRM stuff.

    Yawn.

  8. DRM is fundamentally broken by Anonymous Coward · · Score: 0

    "Here's the encrypted message, and here's the decryption device. You know what the plaintext message is."

    That CAN'T work. There's a reason military decryption devices are top secret.

    How the hell do the morons creating this think it can possibly work? They're openly distributing the encrypted message, the plaintext message, and hundreds of millions if not billions of the decryption devices.

    Yeah, it's not the engineers that are the morons - it's the fucking not-smart-enough-to-know-what-they-don't-know executives willing to spend billions of dollars to "protect their content".

    Dude - if no one pirates it, it's because no one wants to watch your dreck. The DRM didn't help. The real pirates get though that effectively instantly.

    1. Re:DRM is fundamentally broken by Opportunist · · Score: 1

      Be honest. If you got paid to develop something you KNOW cannot work and are not required to make it work... would you refuse?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re: DRM is fundamentally broken by Anonymous Coward · · Score: 0

      Yeah, it's not the engineers that are the morons - it's the fucking not-smart-enough-to-know-what-they-don't-know executives willing to spend billions of dollars to "protect their content".

      Oh stop making sense. Everyone was thinking it but you had to say it

    3. Re:DRM is fundamentally broken by TheDarkMaster · · Score: 1

      The key to Netflix's success: Ease to use (even my mother can find and watch the series she likes, without my help) and reasonable price. Is it so hard to put it in the minds of executives from content companies?

      --
      Religion: The greatest weapon of mass destruction of all time
    4. Re:DRM is fundamentally broken by MightyYar · · Score: 1

      I would until I found a job that was more personally fulfilling. I once worked on a doomed project, and it was demotivating as hell. I was weeks away from quitting when the guy in charge got canned.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  9. Widewhatnow? by Opportunist · · Score: 1

    Did anyone even know about this before now?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Worthless, anyway. by Anonymous Coward · · Score: 0

    These things don't stop the pirates that matter. The ones that put actual effort in to it.
    At some point, these data-streams need to be made useful for human consumption. Every single DRM system fails at that stage because all it takes is hijacking the display / sound drivers with a virtual one and recording that.
    Crop, tidy it up, compress it, upload it, let others download it.
    They can do whatever moronic shit they want, they will never be able to stop these people. They might be able to stop some shitty extension or 2, but that's about it.
    They've also failed disastrously to take down pirate sites because it costs more money than the industries at large make. In fact, it even harms them as has been proved countless times before that piracy aids many industries thrive.

    I wish they would stop. It's dumb. It serves nobodies interests.
    A large chunk of piracy is sampling for memes, reviews or screencaps, or piracy across borders due to shitty exclusivity rights or outright ban in region X.
    Kill the regions, enjoy more profit. Region-blocks are a drain on profits. They are "short-term profits over long-term profits"-minded nonsense. International buyers and sellers are the evidence.

    The only stuff I pirate is stuff from countries that will outright not be airing their stuff outside of their respective countries, like China, Japan, Korea. Gotta see my Chinese basket-weaving cartoons.
    If they were to stop being so hateful of the west, they could make even more money off content.
    Korean and Japanese gaming industries are proof of that, and to a lesser extent, animation and 3D modelling. (Korea especially in the latter 2, to say "Japanese anime" is almost laughable since most has been superseded by Korean animators!)
    I would like to not do it. I like supporting people. But there is zero chance to avoid that.
    They don't see anyone outside their countries as an income source. No harm done with respect to them...

    1. Re: Worthless, anyway. by Anonymous Coward · · Score: 0

      And that was what, your fifteen minutes of fame?

    2. Re: Worthless, anyway. by Anonymous Coward · · Score: 0

      It is his funeral

  11. Shove It Up Your Trump Hole by Anonymous Coward · · Score: 0

    And Smoke It

  12. Every hour spent watching Netflix by Anonymous Coward · · Score: 0

    Every hour spent watching Netflix is an hour lost forever. Wasted and thrown away. Anyone wanting to break DRM and pirate Netflix movies is an even bigger moron.

    1. Re:Every hour spent watching Netflix by MightyYar · · Score: 1

      Ooo! That's exactly what Mr. Robot said!

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  13. Firefox has a widevine NPAPI Plug-in by williamyf · · Score: 4, Informative

    Yup. For all those 5 of us still using firefox post-52 Quantum, the old NPAPI plug-in architecture/plumbing is still inthere, alive and well. It is used to support certain "strategic" plug-ins. Only by "invite".

    Flash is the one which garnered the most publicity, but a few others still exist, and Google's SandVine is among them. In my install, the other one is Cisco's H264 decoder Plug in. Others may exist. Please notice that this has nothing to do with your previous install. If your plug-in is in the white list, it will be installed. If not, firefox will refuse to run it, even if all the plumbing is still there because "Quantum" and "Reasons"...

    --
    *** Suerte a todos y Feliz dia!
  14. Re:Me and my llama by Anonymous Coward · · Score: 0

    where u find a llama dentist at????????????????????????

  15. Re: Me and my llama by Anonymous Coward · · Score: 0

    Pretty sure there is a WinAmp plugin for that.

  16. Low res is fine for phones by Anonymous Coward · · Score: 0

    Seriously, nobody can see 4K on a phone. Nobody can see HD on a phone. Regular old low-res video looks JUST FINE on a phone. If your screen is 4 inches across and 18 inches from your face, that's a 4.5:1 ratio, meaning that SD is just fine. It's not until you get below 3:1 that even 720p begins to become noticeable, let alone necessary.

    This guy could scrape Netflix' entire library and phone users would be perfectly happy with the results.

    1. Re:Low res is fine for phones by ledow · · Score: 1

      I pity people who think they "need" to buy HD / 4K / 8K. I've literally never looked at a movie and thought "Oh, that needs more resolution". Not in 1980's VHS, not now.

      Now, computer desktops may be different - that requires per-pixel accuracy in some cases - but you'll find that those people who do 4K desktops also have anti-aliasing and all kinds of other shit enabled too.

      It's a pissing contest. I pity them if they honestly cannot watch SD without flinching. First, because it's just in their heads, second, it's because they're looking for flaws rather than watching the movie, third, because they are never going to be satisfied, fourth because it costs them more to get the same level of satisfaction as I get from SD.

      SD. Stereo. 44Khz audio. 128Kbit MP3. Non-HDR. I'd be happy if we'd never gone past SVGA.

      Think to yourself: When was the last time you had the VERY LATEST tech and said "Oh, that's still pixellated?" Never. So why would you then need to replace that technology a few years later for something "better"?
        Because when you had SD it was an improvement over analogue video, when you got HD it was an improvement over SD, etc. etc... and you only cared if you sat there counting dots.

    2. Re:Low res is fine for phones by Anonymous Coward · · Score: 0

      Get your vision checked. HD is a huge and visible improvement (both in resolution and colorspace) on SD, even for movies. Watch 2001 in both formats, let me know which is satisfying. I agree that 4k and up isn't that interesting. It's really an incremental improvement.

    3. Re:Low res is fine for phones by Anonymous Coward · · Score: 0

      The only reason people do it now, is to try and feel as if they are actually getting something new out of the latest mandatory DRM refresh imposed by the industry.

      Rule # 1 of DRM: Once the keys / update mechanisms are known you have to physically replace it.

      Software updates to "resecure the system" won't work because the updates can be decrypted by your adversary and the new keys will be compromised long before they get installed. Hardware refresh is the only way to go.

      The problem with hardware refresh is that virtually no-one is going to pay for it if the selling feature on the box is "Will play media after $DATE." You have to trick them into thinking they are getting something out of it for them to pay. The Digital TV transition was one, the constant resolution increases were a reliable second choice. The problem today is that the resolution increases offer nothing new for buyers because A. Most content isn't delivered at that level of detail. and B. The current resolutions have surpassed the limits of the receiving hardware, the human eye.

      The current push is going to be one of the last ones using the resolution increase incentive. There may be another round or two, perhaps 3 or 4 if they fix problem A, but most people are starting to realize that they aren't getting any more benefits with that new purchase. The real problem for the industry is where to go from here. They've tried "curved screens" and another failed "3D glasses thing." Content delivery is still a problem, especially in the US, for high data density content, audio-philes are not near as common place as pixel-philes, and even if they were, we hit the limits of human hearing decades ago. There's really not much more to justify a purchase currently beyond accessories and even that can only milk out 1 or 2 more refreshes if done correctly. Long story short, the DRM war for non-interactive video content may finally be coming to a close for nothing more than the enemy running out of ammo.

    4. Re:Low res is fine for phones by Anonymous Coward · · Score: 0

      Get your vision checked!
      We know HD is better and can scientifically quantify that. Your brain actually has to work harder to view "SD" (which is practically HD compared to a VHS) than it does HD content. Unless you have poor eyesight and it makes no difference.

    5. Re:Low res is fine for phones by Anonymous Coward · · Score: 0

      Wow, your eyes must really be bad.

      Watched 'The Hobbit" over the summer, and my DVD rips looked really bad (not recompressed). Was glad to get my hands on an HD copy of the final movie instead of my DVD copy. Was way better.

      Book was better too, but that's another story.

    6. Re:Low res is fine for phones by ledow · · Score: 1

      Vision checked regularly.

      95" diagonal projected display, capable of 1080p.

      Literally, I stopped pressing the HD channels as they do nothing. I never bought films in HD (unless they were the same price as the SD version), because they do nothing. I watch Netflix, Amazon Prime, DVB-T2, and everything else in SD.

      At the distances involved, even at a huge screen size, it makes no difference. None. Sure, if you projected my Windows desktop there, I'd notice straight away if it wasn't even in the original rez, and I could spot a stray dot on the screen at 20 paces.

      But watching moving video content, even animations? No. I can't notice it. Nor can most people.

      I've literally challenged people who give me this shit at parties to tell me whether the screen is on BBC One or BBC One HD, etc. They can't, no more than random chance.

      P.S. I've watched 2001 in both formats. a) It's a dire movie filled with nothing but music and endless slow-motion space scenes with no dialogue - you have all the time in the world to spot a pixel, so any encoding of it is going to have a real easy time removing edges and anything you do spot will be MPEG artifacts. b) I wouldn't be able to tell the difference, unless challenged, and allowed to get right up close to the screen.

      Play it under VLC, with the right aliasing and deinterlacing options etc. and I guarantee you can't tell the difference. In which case, I'd rather pay for the SD version and turn on such options.

    7. Re: Low res is fine for phones by Anonymous Coward · · Score: 0

      Re: 2001, try reading any of the text on the consoles. Of course edges look the same. Edges are low frequency detail. And I can see the difference between BBC One and BBC One HD. One is a blurry mess.

  17. Re: Me and my llama by Anonymous Coward · · Score: 0

    Oh they is everywhere. I guess you were not aware that camelid orthodontia is the highest satisfaction rated profession in the world. It is possible that your veteridentist is away for professional development so just leave a message and they will call you when they return to the office :)

  18. Re: Me and my llama by Anonymous Coward · · Score: 0

    Do they have telemedicine for dentists now? Just turn on bluetooth!

  19. Re: Me and my llama by Anonymous Coward · · Score: 0

    I tried one but it really kicked the llama's ass

  20. Are you asking a psychopath to be honest? by Anonymous Coward · · Score: 0

    Yep, only psychopaths would not refuse to treat others like that. But they wouldn't be honest.
    Obviously, that's incomprehensible gibberish to an American, from the society of psychopaths.

  21. And here's the key too! by Anonymous Coward · · Score: 0

    DRM, *by definiton* requires the user to receive the decryption key. So his computer can decrypt the data.

    That's why the actual "pirates" (the Content Mafia that steals our money and doesnâ(TM)t work for it) came up with the TPM.

    Because of course, the above only works, *if it is not your device!*
    Like any console, non-"rooted" smartphone, or TPM-tainted PC.

    Unless of course, you have *physical access*. Then it depends on how tamper-proof it is.
    So for PCs, it requires bullshit like bus communication between the CPU, GPU and even screen (HDMI) to be encrypted!

    Which of course still does not help, since your freaking *eyes* still need to actually *see* the "content".
    Which every other device hence can always do too.

    That's why I always said that the logical "final solution" would be DRM chips right inside your brain.
    I have *zero* doubt, that the coke-headed criminals that came up with the whole "intellectual property" oxymorom, to create their imaginaly artificial scarcity monopoly, to steal the money of us and of artists without working for it (and no other purpose whatsoever) would gladly force global implantation of such chips, if they could.

  22. L3 may be your only option by Anonymous Coward · · Score: 0

    L1 and L2 are not (yet) broken, but L3 is the only supported option on hardware without a "Trusted Execution Environment".

  23. Web rips by Anonymous Coward · · Score: 0

    Web rips are still a thing; good luck stopping recording lol...

  24. DFA on WBC: Research and tooling by Anonymous Coward · · Score: 0

    First inception of a DFA attack on White-box Cryptography AES:
    https://www.blackhat.com/eu-15/briefings.html#unboxing-the-white-box-practical-attacks-against-obfuscated-ciphers

    Tooling used for the attack:
    https://github.com/SideChannelMarvels/JeanGrey

    Blog post on tool and experiments:
    https://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html

  25. Now we dont have streaming by Angeluffy · · Score: 1

    He cracked this bs and now Google and Netflix cut access to streaming of people with L3 devices. Even if you pay HD, you are now restricted to 480p.