Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flood of 4K James Bond Leaks Further Point To iTunes Breach (torrentfreak.com)

Posted by msmash on from the how-about-that dept.

AmiMoJo writes: All 24 movies from the iTunes exclusive 4K "James Bond Collection" have leaked online. This is further evidence to suggest that pirates have found a way to decrypt 4K source files from the iTunes store. How, exactly, remains a mystery. While most regular releases can be ripped or decrypted nowadays, 4K content remains a challenge to breach. Up until a few days ago, pirate sites had never seen a decrypted 4K download from Apple's video platform. However, a flurry of recent leaks, including many titles from the iTunes-exclusive "James Bond Collection," suggests that the flood gates are now open. It all started earlier this month ago when a pirated 4K copy of Aquaman surfaced online. The file is a so-called "Web" release, also known as WEB-DL in P2P circles. This means that it's a decrypted copy of the original source file. These were never seen before for 4K releases. Because the Aquaman release was only available on iTunes in this quality at the time, the most likely conclusion was that Apple's platform was the source. However, based on just one single leak, it was tricky to draw strong conclusions.

20 of 114 comments (clear)

  1. Did anyone... by skam240 · · Score: 5, Funny

    Did anyone honestly believe that SPECTRE wouldn't be able to figure out a way to decrypt Apple's 4k movies?

    --
    I ignore Anonymous Coward posts. If you want to discuss something, that's awesome. Log in.
    1. Re: Did anyone... by guruevi · · Score: 2

      You can also capture the data stream straight from the video buffer. Every frame has to pass a video card or be converted pixel-perfect onto an LCD/LED array. With the right electronics and a cheap ASIC you could do a perfect digital capture.

      Same goes for audio, at some point, some buffer in some DAC has to have an unencrypted stream.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:Did anyone... by ToTheStars · · Score: 4, Funny

      No, Mr. Bond, I expected you to pay!

    3. Re: Did anyone... by Sarten-X · · Score: 4, Interesting

      That's not usually true. Video codecs often place a lot of the computation work on the encoding side, since people generally only care about smooth decoding playback. That means encoding often runs far slower. I'm not sure what codecs are standard in the piracy world these days, but I'd be surprised if anything readily available to pirates can encode full-speed 4K with enough effect to make storage feasible.

      To my knowledge, there are only some cameras that would have the necessary hardware, but they're rather ridiculously expensive to use for parts. What kind of budget does a pirate have, exactly?

      --
      You do not have a moral or legal right to do absolutely anything you want.
    4. Re: Did anyone... by DamnOregonian · · Score: 2

      there's a decent chance the account information is added to the visuals with subband coding

      Objection- speculation.

      Also, hardware DRM is supposed to prevent the interception of the decoded data.

      It does. HDCP encrypts the stream over external digital interfaces (DVI, HDMI, DP).
      Of course, somewhere, at some point, it must be decrypted for transport to the actual pixel device.

    5. Re: Did anyone... by grep+-v+'.*'+* · · Score: 2

      What kind of budget does a pirate have, exactly?

      Do you REALLY have to ask? As many doubloons as they can find floating on the seas.

      But it's pushing all those large coins into those tiny USB slots to convert to eGold that's the holdup.

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    6. Re: Did anyone... by slack_justyb · · Score: 2

      Of course, somewhere, at some point, it must be decrypted for transport to the actual pixel device

      That's done within the central processor of the display. If you ever look at the memory within a 4K display, they are exactly the DDC packets as transmitted be it HDCP encrypted or not. By the time the data leaves the processor, it's already in a format that only makes sense to the display array. Actual color space data like YCBCR is never transmitted on the traces and is always handled within the chip. That actual representation, pixel by pixel, never sees life outside the display's processor, unless it was originally transmitted that way.

      Technically, you could sit there and read the grid array signal and work backwards from there to attempt to understand the timing and what not, but I do want to mention that the data sent to the actual pixels are not a pixel by pixel read of the data, but instead a rough interpretation of that pixel-by-pixel data based on what the processor thinks the actual substance that makes up the display can handle. If the stuff your display is made out of can't handle a pixel going from color A to color B in a reasonable amount of time, the processor just glosses over that by sending a somewhat color A first, somewhat color B next, but somewhat mixture of the two for both frames. So even then you aren't getting a pixel-by-pixel read, just what the processor thinks the underlying substance can handle.

  2. Not a coder, but ..... by King_TJ · · Score: 2

    I never saw how it was supposed to be possible to really prevent someone from ripping digital content that can be played back on a computer?

    It seems like iTunes itself handles the content decryption process so you can view what you purchased. And once that can take place, you could write software that captures each frame out of the video buffer along with the audio that's playing back to the speakers and saves them to a new file?

    I'm sure there are challenges in keeping the video and the audio synchronized as you're saving that much data in real-time as it plays ... but modern computers should have the CPU power to do it.

    1. Re:Not a coder, but ..... by Anonymous Coward · · Score: 2, Informative

      HDCP 2.2 was broken in 2015. HDFury downgrades 2.2 to an version that's easy to strip.

    2. Re:Not a coder, but ..... by DarkOx · · Score: 3, Interesting

      I'm sure there are challenges

      Yes major ones. I don't know where you have been. Here is the not-to-technical-explaination: this is what all this trusted platform; EFI bios "secure mode" stuff is about. Its so primarily you don't have a way tell the Windows kernel that its alright to load an unsigned video driver. The signed drivers are all certified to not let you read those buffers when protected content is playing. This why you can't 4k commercial content on anything but Windows for the most part btw. (with some exceptions).

      Now there are things you might be able to do. You could try to convince the content playing software that platform integrity modes were enforce when they are not; or you could try to use some kind of kernel exploit to gain access to modify the video driver stack with integrity mode enforce; load a fake video driver etc.. You could also possibly re-verse engineer the content players and patch them to not check for platform integrity, but they heavily obfuscated and usually use some kind of nasty VM layer.

      The NSA was nice enough to release GHIDRA recently so if you are of for any of this sort of thing start there; you don't have to buy a copy of IDA pro anymore :-). Its not going to be easy though. A lot of really smart people have put a lot of effort into making it really really hard, they will fix whatever bug you find and probably find a way to force patches on most folks.. None of this is impossible but its hard enough that few people have the skills to approach it.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    3. Re:Not a coder, but ..... by guruevi · · Score: 3, Interesting

      Which is an iOS device with an HDMI output. HDCP has long been broken (at least a decade), but the cost and effort vs profit has also been a major thing. If your movies can be rented for 99c why bother with a copy. But as the media conglomerates forgot that lesson in the last few years they've been putting "better" content (4K) under premium price ranges and even Netflix is raising prices to the point where pirating is once again viable.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    4. Re:Not a coder, but ..... by AmiMoJo · · Score: 3, Interesting

      It was supposed to be impossible to get HDCP keys for devices that would let you make copies of protected streams. The standard even includes the ability to revoke keys if they are used for that purpose, and some older software and physical players need updates to replace the key with a new one due to revocations.

      But of course it didn't work and there was high demand for devices which make copies or strip out the protection - not least from TV channels and streaming services. There is a Chinese company that makes a popular line which is used by Netflix and several TV networks to rip Bluray discs for streaming/broadcast.

      I don't know what they thought would happen... I suppose it stops causal copying at home, but all that says is that they didn't anticipate the internet even in the post-Napster world.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Not a coder, but ..... by DrYak · · Score: 2

      And once that can take place, you could write software that captures each frame out of the video buffer along with the audio that's playing back to the speakers and saves them to a new file?

      In theory, that not possible :

      From a purley theoretical point of view, to obtain 4k content, you need a setup (hardware+software+OS) that follows certain precise rule.
      You need to run special hardware (like monitors that accepts encrypted content, so on the HDMI cable, you only see encrypted noise, you can't see the actual picture).
      You need to run a special OS that is designed to refuse you access to windows that contain protected content (e.g.: you don't have direct access to the frambuffer, and when you ask for a screen shot, the OS gives you back a picture where protected windows have their content grayed out).
      You need a special decryption module that will only accept to work if it detects such conditions (e.g.: Widevine L1 will only work in such conditions - usually done by a combination of onsite and remote checking. E.g.: Widevine signs and encrypt the serial number (IMEI) of your smartphone, the server will decrypt and sign-check the IMEI and lookup if it corresponds to a whitelist of certified devices. Attempting to unlock the bootloader of the smartphone will immediately destroy some of the keys involved in the process).
      Basically, the theory is you will not get any 4k content if you machine is able to take the aformentionned screen shots.

      In practice:

      Well, you're trying to apply cryptography, so Alice and Bob can have a private conversation without Eve eavesdropping. Except that in the case of DRM, Alice and Eve are the same girl. What the fuck did you expect ?!?

      To take the above exemple, you could image a special hacked version of Widevine, that is patched to always believe the emulator it's running in is legit hardware, and that will submit some "known good" serial to the server signed with some stolen key. the sever will happily stream 4k to you, and you'll happily record the output of the virtual screen of the emulator.

      ... but modern computers should have the CPU power to do it.

      If you want to throw modern CPU at it, you could even try to throw an extremely high resolution camera at it, that will film the 4k screen's output (in, say, 8k or even more. Same for the audio), and then run it into a software that can perfectly model the screen and guess what the actual image was to produce that image on the screen (and same with audio-speaker modeling) - i.e.: substract any artifact caused by the screen. (In layman terms: if the camera is fast enough and high resolution enough to film the individual R, G, B element going on and off, you can rebuild the actual signal that was sent to the screen without the kind of problem that you'll have with a camrip done in a movie theater).
      And no magical solution will ever be able to do anything against that, because at the end of the day, the content has to be viewable by human eyeballs and audible to human ears.

      Even more so when the media industry is lagging a lot behind the recording tech capability.
      As of today, 4k 60fps is the max quality that you can get out of streamed media.
      As of today, simply by using an array of several ultra-high DSLR cameras, you can get insanely more resolution, to the point where you're seeing clearly the individual R, G and B pixels, with no artifacts.
      Media industry is just screwed.

      --
      "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  3. It had to happen someday by Cajun+Hell · · Score: 4, Interesting

    Pretty sure the number of surprised people is around 0.

    I suppose this is good news for people who want 4k content but can't use proprietary stores or players. They might as well just pirate the stuff until/unless the industry starts selling standard files. (Who the fuck wants to have to use iTunes?)

    --
    "Believe me!" -- Donald Trump
    1. Re:It had to happen someday by AmiMoJo · · Score: 3, Interesting

      I wonder what the cost/benefit ratio for the DRM looks like.

      Costs:
      - Develop the DRM
      - Manage the keys/accounts
      - Protect secrets
      - Piss off customers
      - Lose sales to people outside your ecosystem/who hate DRM

      Benefits:
      - Lower piracy for a limited time
      - Regional pricing for a limited time
      - ???

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:It had to happen someday by MooseTick · · Score: 2

      "- Lose sales to people outside your ecosystem/who hate DRM"

      I'm no DRM fan, but do you honestly think that population of people is greater than 1% of fans who would have otherwise made such a purchase?

      I am a Bond fan, but I have neither purchased or pirated a movie. I just wait about 30 minutes and one will invariably be on TBS or some other network.

      --
      Ninjas don't carry tic tacs
  4. Re:Yawn by Z00L00K · · Score: 2

    Just stick to the Sean Connery movies and you'd be fine. Maybe Lazenby too.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  5. Insider Leak? by Anonymous Coward · · Score: 2, Insightful

    Like many security issues, piracy often leverages insider leaks. Accessing the content before the DRM is applied and sharing with an insiders list is often simpler. These closed circles keep things quiet, but eventually, somebody shares outside the closed circle and then things get shared wider.

    If the DRM was broken, I would expect their full catalog to have been shared online.

  6. It doesn't really matter? by schweini · · Score: 2

    I think this showcases how piracy and torrenting and DRM don't really matter - BluRay rips of basically anything are always available, if you know where to look. Sure - this 4k version is new, but whatever.
    All that Netflix and iTunes etc. do is help keep honest people honest, by convenience. And they are doing very well with that. They don't really sell exclusive access to media - they sell the EASE of access to the media.
    As an example: I use Netflix when possible, but fire up a very easy to use netflix-like interface to torrent streaming when I want to watch something not available there. My non-technical wife thinks that even having to consider stuff like different torrent health for the different available qualities is too much hassle, and sticks to Netflix.
    This is also why I think that the really easy ways to pirate (torrent-based netflix alternatives, piracy enabled Kodi devices, etc.) should keep on being slightly suppressed in the mainstream media and general mindset. Not banned as such, but don't advertise them. This way, everyone can be happy.
    In the country I live in, that's the way prostitution is legally handled: it is legal, but pimping or promoting it is quite illegal.

  7. Studios leaked it. (Maybe? ) by technosaurus · · Score: 2

    Studies have shown that "pirated content" actually increases sales. By leaking it, not only can they benefit from increased revenue, but they can also extort money from "illegal downloaders".
    How can an end user know whether a copy is authorized? Obviously they haven't been given permission to distribute it, so seeders beware, but leachers have no way of knowing until it has been downloaded especially with all the fragmentation in streaming services.