Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
756 views
in Technique[技术] by (71.8m points)

c++ - How to Decrypt Encrypted MPEG CENC with BENTO4 sdk

I have a file which was encrypted in CENC I believe, and i'm trying to decrypt it for over few months now using mp4decrypt from the bento4 mp4decrypt tools but trust me I just don't know-how. This is the output of mp4info --verbose

C:UsersVDesktopBento4-SDK-1-6-0-637.x86_64-microsoft-win32in>mp4info --verbose C:UsersVectorDesktopAkachiAkachifmp4_480p_450000.mp4
File:
  major brand:      iso6
  minor version:    1
  compatible brand: mp42
  compatible brand: dash
  compatible brand: msdh
  compatible brand: msix
  compatible brand: iso6
  compatible brand: avc1
  compatible brand: isom
  fast start:       yes

Movie:
  duration:   0 ms
  time scale: 12800
  fragments:  yes

Found 1 Tracks
Track 1:
  flags:        7 ENABLED IN-MOVIE IN-PREVIEW
  id:           1
  type:         Video
  duration: 0 ms
  language: eng
  media:
    sample count: 0
    timescale:    12800
    duration:     0 (media timescale units)
    duration:     0 (ms)
    bitrate (computed): 449.854 Kbps
    sample count with fragments: 175934
    duration with fragments:     90078208
    duration with fragments:     7037360 (ms)
  display width:  854.000000
  display height: 480.000000
  Sample Description 0
    [ENCRYPTED]
      Coding:         encv
      Scheme Type:    cenc
      Scheme Version: 65536
      Scheme URI:
    Protection System Details:
    [schi] size=8+32
      [tenc] size=12+20
        default_isProtected = 1
        default_Per_Sample_IV_Size = 8
        default_KID = [95 6f 1b f0 f9 35 48 3e b8 21 38 ae 52 63 3f 4c]
    Bytes: 000000000000000100000000000000000000000000000000035601e000480000004800000000000000010a41564320436f64696e670000000000000000000000000000000000000000000018ffff00000031617663430142c01effe100196742c01ed900d83de6f011000003000100000300320f162e4801000568cb834b200000005073696e660000000c66726d6161766331000000147363686d0000000063656e630001000000000028736368690000002074656e630000000000000108956f1bf0f935483eb82138ae52633f4c
    Coding:      avc1 (H.264)
    Width:       854
    Height:      480
    Depth:       24
    AVC Profile:          66 (Baseline)
    AVC Profile Compat:   c0
    AVC Level:            30
    AVC NALU Length Size: 4
    AVC SPS: [6742c01ed900d83de6f011000003000100000300320f162e48]
    AVC PPS: [68cb834b20]
    Codecs String: avc1.42C01E

C:UsersVDesktopBento4-SDK-1-6-0-637.x86_64-microsoft-win32in>

What I have access to:

(1) AUDIO AND VIDEO FILES .mp4 which contains the encrypted content for the Apk data files
(2) MANIFEST.mpd also from the apk data files
<!--
com.castlabs.drmtoday.encrypter dashencrypter 2.0.135
-->
<!--isoparser-1.1.21-->
<MPD profiles="urn:mpeg:dash:profile:isoff-on-demand:2011" type="static" minBufferTime="PT20S" mediaPresentationDuration="PT1H57M17S">
<ProgramInformation moreInformationURL="www.castLabs.com"/>
<Period id="0" start="PT0S" duration="PT1H57M17S">
<AdaptationSet segmentAlignment="true" subsegmentAlignment="true" subsegmentStartsWithSAP="1" startWithSAP="1" bitstreamSwitching="true" mimeType="audio/mp4" lang="eng" minBandwidth="32600" maxBandwidth="135700">
<ContentProtection cenc:default_KID="956f1bf0-f935-483e-b821-38ae52633f4c" schemeIdUri="urn:mpeg:dash:mp4protection:2011" value="cenc"/>
<ContentProtection schemeIdUri="urn:uuid:9a04f079-9840-4286-ab92-e65be0885f95">
<cenc:pssh>
AAADNHBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAxQUAwAAAQABAAoDPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgA4AEIAdAB2AGwAVABYADUAUABrAGkANABJAFQAaQB1AFUAbQBNAC8AVABBAD0APQA8AC8ASwBJAEQAPgA8AEwAQQBfAFUAUgBMAD4AaAB0AHQAcABzADoALwAvAGwAaQBjAC4AZAByAG0AdABvAGQAYQB5AC4AYwBvAG0ALwBsAGkAYwBlAG4AcwBlAC0AcAByAG8AeAB5AC0AaABlAGEAZABlAHIAYQB1AHQAaAAvAGQAcgBtAHQAbwBkAGEAeQAvAFIAaQBnAGgAdABzAE0AYQBuAGEAZwBlAHIALgBhAHMAbQB4ADwALwBMAEEAXwBVAFIATAA+ADwATABVAEkAXwBVAFIATAA+AGgAdAB0AHAAOgAvAC8AdwB3AHcALgBpAHIAbwBrAG8AdAB2AC4AYwBvAG0APAAvAEwAVQBJAF8AVQBSAEwAPgA8AEMASABFAEMASwBTAFUATQA+AHQAdAAwAFgAeABiAFYAcABMAGIAQQA9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==
</cenc:pssh>
<mspr:pro>
FAMAAAEAAQAKAzwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AOABCAHQAdgBsAFQAWAA1AFAAawBpADQASQBUAGkAdQBVAG0ATQAvAFQAQQA9AD0APAAvAEsASQBEAD4APABMAEEAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwBsAGkAYwAuAGQAcgBtAHQAbwBkAGEAeQAuAGMAbwBtAC8AbABpAGMAZQBuAHMAZQAtAHAAcgBvAHgAeQAtAGgAZQBhAGQAZQByAGEAdQB0AGgALwBkAHIAbQB0AG8AZABhAHkALwBSAGkAZwBoAHQAcwBNAGEAbgBhAGcAZQByAC4AYQBzAG0AeAA8AC8ATABBAF8AVQBSAEwAPgA8AEwAVQBJAF8AVQBSAEwAPgBoAHQAdABwADoALwAvAHcAdwB3AC4AaQByAG8AawBvAHQAdgAuAGMAbwBtADwALwBMAFUASQBfAFUAUgBMAD4APABDAEgARQBDAEsAUwBVAE0APgB0AHQAMABYAHgAYgBWAHAATABiAEEAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA=
</mspr:pro>
</ContentProtection>
<ContentProtection schemeIdUri="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">
<cenc:pssh>
AAAAVHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADQIARIQlW8b8Pk1SD64ITiuUmM/TBoIY2FzdGxhYnMiEJVvG/D5NUg+uCE4rlJjP0wqAlNE
</cenc:pssh>
</ContentProtection>
<Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
<Representation codecs="mp4a.40.2" audioSamplingRate="48000" id="aac_64000.mp4" bandwidth="65200">
<AudioChannelConfiguration schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011" value="2"/>
<BaseURL>aac_64000.mp4</BaseURL>
<SegmentBase timescale="48000" indexRangeExact="true" indexRange="1643-7302">
<Initialization range="0-1642"/>
</SegmentBase>
</Representation>
</AdaptationSet>
<AdaptationSet id="1" segmentAlignment="true" subsegmentAlignment="true" subsegmentStartsWithSAP="1" startWithSAP="1" bitstreamSwitching="true" mimeType="video/mp4" par="16:9" frameRate="25000/1000" sar="1:1" minWidth="256" maxWidth="1280" minHeight="144" maxHeight="720" minBandwidth="60400" maxBandwidth="1111000">
<ContentProtection cenc:default_KID="956f1bf0-f935-483e-b821-38ae52633f4c" schemeIdUri="urn:mpeg:dash:mp4protection:2011" value="cenc"/>
<ContentProtection schemeIdUri="urn:uuid:9a04f079-9840-4286-ab92-e65be0885f95">
<cenc:pssh>
AAADNHBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAxQUAwAAAQABAAoDPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgA4AEIAdAB2AGwAVABYADUAUABrAGkANABJAFQAaQB1AFUAbQBNAC8AVABBAD0APQA8AC8ASwBJAEQAPgA8AEwAQQBfAFUAUgBMAD4AaAB0AHQAcABzADoALwAvAGwAaQBjAC4AZAByAG0AdABvAGQAYQB5AC4AYwBvAG0ALwBsAGkAYwBlAG4AcwBlAC0AcAByAG8AeAB5AC0AaABlAGEAZABlAHIAYQB1AHQAaAAvAGQAcgBtAHQAbwBkAGEAeQAvAFIAaQBnAGgAdABzAE0AYQBuAGEAZwBlAHIALgBhAHMAbQB4ADwALwBMAEEAXwBVAFIATAA+ADwATABVAEkAXwBVAFIATAA+AGgAdAB0AHAAOgAvAC8AdwB3AHcALgBpAHIAbwBrAG8AdAB2AC4AYwBvAG0APAAvAEwAVQBJAF8AVQBSAEwAPgA8AEMASABFAEMASwBTAFUATQA+AHQAdAAwAFgAeABiAFYAcABMAGIAQQA9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==
</cenc:pssh>
<mspr:pro>
FAMAAAEAAQAKAzwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AOABCAHQAdgBsAFQAWAA1AFAAawBpADQASQBUAGkAdQBVAG0ATQAvAFQAQQA9AD0APAAvAEsASQBEAD4APABMAEEAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwBsAGkAYwAuAGQAcgBtAHQAbwBkAGEAeQAuAGMAbwBtAC8AbABpAGMAZQBuAHMAZQAtAHAAcgBvAHgAeQAtAGgAZQBhAGQAZQByAGEAdQB0AGgALwBkAHIAbQB0AG8AZABhAHkALwBSAGkAZwBoAHQAcwBNAGEAbgBhAGcAZQByAC4AYQBzAG0AeAA8AC8ATABBAF8AVQBSAEwAPgA8AEwAVQBJAF8AVQBSAEwAPgBoAHQAdABwADoALwAvAHcAdwB3AC4AaQByAG8AawBvAHQAdgAuAGMAbwBtADwALwBMAFUASQBfAFUAUgBMAD4APABDAEgARQBDAEsAUwBVAE0APgB0AHQAMABYAHgAYgBWAHAATABiAEEAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA=
</mspr:pro>
</ContentProtection>
<ContentProtection schemeIdUri="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">
<cenc:pssh>
AAAAVHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADQIARIQlW8b8Pk1SD64ITiuUmM/TBoIY2FzdGxhYnMiEJVvG/D5NUg+uCE4rlJjP0wqAlNE
</cenc:pssh>
</ContentProtection>
<Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
<Representation codecs="avc1.42c01e" width="854" height="480" id="fmp4_480p_450000.mp4" bandwidth="454400">
<BaseURL>fmp4_480p_450000.mp4</BaseURL>
<SegmentBase timescale="12800" indexRangeExact="true" indexRange="1756-22895">
<Initialization range="0-1755"/>
</SegmentBase>
</Representation>
</AdaptationSet>
</Period>
</MPD>
(3) lICENCE REQUEST AND RESPONSE FROM WEB BROWSER DOM
https://lic.drmtoday.com/license-proxy-widevine/cenc/?sid=c5b086ae-cd76-46e9-a1e0-bab92a678388
{
    "status": "OK",
    "status_message": "",
    "license": "CAIShwIKKgoQiZbQgm48FuV3jjlqJ3JvlRIQiZbQgm48FuV3jjlqJ3JvlRoAIAEoABIXCAEQARgAIP+ZngEo/5meATD+s7wCYAEaZhIQKCYnU8beT4g+Nud9mOQLDhpQjY+r0fy26hir5Mnt3v/p4phQL0QLcqhVAiXSAVfEVthkwm2VGgu0W1QDSgP1gpNlw5VmKdxlgCQBmyUXtBJf3TeC83DsPYPIEmHnheOKSa8gARpOChCVbxvw+TVIPrghOK5SYz9MEhDBBCkFcfZ9qFDuJPs3Y6AxGiD330rNcM9RelmbkhZPjN7arHH6Rwqf02iYwwppj+TCyyACKAFiAkhEIJLy8P8FOABQAhogEun2P7X4LTCnyyUjpAUYIroVxMyo8Ni+EfI6T9klY+kigAJtRXv8TT/sOC91IkhrJaJ4ThUFcSGswIKLwm+a5wUFa0gjJAGL5Fz/pjYkp+I/FMWB1FUYl3U2a+VDEt53ETNYOGzeoGrtBVZsGx79T7WDZU/uBX29HyTnm9meOgzytkUZzMah7MAFlE04hs7cAHbBla0lynDjNO96CMJ6mzw1FdH42TmXfklzR16eKVklbS7bwvhgL3EBz/1TowBBSyYqbqRsJ48kX1K2qoz0XqjGuC/ZsJ79psmg078ZRT2Kpv6sbtTQC754I7bcvN/nh7Wy5sE7CGWmPrxJxZyENYAxrguzDCNIW0yopBh6ZSvWTwbXCg2FogfFqLXakgTSvo2JOjMKMTE2LjMuMiBCdWlsdCBvbiBTZXAgMTUgMjAyMCAxMzoxOTowMiAoMTYwMDIwMTE0MilAAVgA",
    "license_metadata": {
        "content_id": "Cko

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

There are two different issues at play:

  • CENC (Common Encryption)
  • DRM (Digital Rights Management)

CENC is vendor independent. So the encryption is done once and it is a standard. The keys are a secret and usually not stored or transmitted in clear text.

DRM is vendor specific and specifies how the keys are exchanged.

Neither CENC nor DRM are easy to crack.

The instructions on how to get the keys (DRM) are stored in the pssh box and is handed to the secure compute hardware of your computer which then engages in a secure key exchange.

In your case the secure compute hardware will contact https://lic.drmtoday.com/license-proxy-headerauth/drmtoday/RightsManager.asmx and ask for the key with the ID f01b6f9535f93e48b82138ae52633f4c using a token that you got after logging in.

You can have multiple DRM systems in use. For example Widevine (Google) or PlayReady (Microsoft)

You can only decrypt the streams if you have the key(s) that were used to encrypt the content in the first place. Looking at your captured license request - I am gathering Google's Widevine DRM system is used.

You can assume Google is using a 'state-of-the-art' key exchange method that you can't crack with a right click on the browser window or the browser dev tools.

I don't have any knowledge of the inner workings of Widevine but I'd guess they do something like this: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

GPAC does decrypt but you have to provide the keys and their key ID https://github.com/gpac/gpac/wiki/Common-Encryption


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...