Restrict Video Downloading & Decrypting

[jackbrain232]

Hello All,

First off, I would like to thank the Forum creators and maintainers.
I have learnt so much from this forum.

I was testing for my client who provides paid content and I was able to download and decrypt their videos by just mimicking their network traffic.

I would like to know what steps can we take in order to secure the content or make it hard enough to download and decrypt the videos.

Thank you

[stabbedbybrick]

No.

[jackbrain232]

This is a freelancing opportunity.

If anyone can help me with this, they get paid.

Thanks.

[Karoolus]

if it's protected, it can be cracked. simple as that

[jackbrain232]

if it's protected, it can be cracked. simple as that

I understand myfriend, it can be cracked by professionals like you. But how can we make it hard enough for noob hackers like me to download and decrypting videos :P

Is there any way, like supporting only L1 CDM, rejecting okhttp user-agent, using multiple security features like geofencing, root, proxy detection etc etc

What all can steps can we take in order to maximize security.

Thank you

[Karoolus]

if it's protected, it can be cracked. simple as that

I understand myfriend, it can be cracked by professionals like you. But how can we make it hard enough for noob hackers like me to download and decrypting videos :P

Is there any way, like supporting only L1 CDM, rejecting okhttp user-agent, using multiple security features like geofencing, root, proxy detection etc etc

What all can steps can we take in order to maximize security.

Thank you

None of the things you mentioned will keep people out. Just look at "the scene", they have everything available for download minutes after release.

Also, you have to find a balance between usability and security. If you tighten security too much, you'll stop people from using your service. Support only L1 CDM? So anyone who uses a PC to watch content is automatically blocked, as well as some TVs or Android boxes.
All the network related stuff you mention is easily avoided as well, so that's useless.

[Quint]

If your goal is to keep "professionals" (professional thieves) from stealing and re-release your content, you can't, as it is said already. No way if not stritcly hardware-based (and even this will of course be cracked, as you know).

If your goal is to keep normal users who just want to download to watch it offline at home:
1. Why then at all?
2. They can always screen-record, which is enough for their purpose.

[Magicians]

Hello All,

First off, I would like to thank the Forum creators and maintainers.
I have learnt so much from this forum.

I was testing for my client who provides paid content and I was able to download and decrypt their videos by just mimicking their network traffic.

I would like to know what steps can we take in order to secure the content or make it hard enough to download and decrypt the videos.

Thank you

**** off. You wont get any help here.

[jackbrain232]

if it's protected, it can be cracked. simple as that

I understand myfriend, it can be cracked by professionals like you. But how can we make it hard enough for noob hackers like me to download and decrypting videos :P

Is there any way, like supporting only L1 CDM, rejecting okhttp user-agent, using multiple security features like geofencing, root, proxy detection etc etc

What all can steps can we take in order to maximize security.

Thank you

None of the things you mentioned will keep people out. Just look at "the scene", they have everything available for download minutes after release.

Also, you have to find a balance between usability and security. If you tighten security too much, you'll stop people from using your service. Support only L1 CDM? So anyone who uses a PC to watch content is automatically blocked, as well as some TVs or Android boxes.
All the network related stuff you mention is easily avoided as well, so that's useless.

I understand...so there's nothing much that can be done here to avoid business loss

[jackbrain232]

If your goal is to keep "professionals" (professional thieves) from stealing and re-release your content, you can't, as it is said already. No way if not stritcly hardware-based (and even this will of course be cracked, as you know).

If your goal is to keep normal users who just want to download to watch it offline at home:
1. Why then at all?
2. They can always screen-record, which is enough for their purpose.

As of now, we are serving content only on the mobile application and nowhere else and we need to secure it.
Screen recording is a way but there is content worth more than 1000+ hours which I believe is not possible to record for an individual. So, we were thinking of securing the content from the application and the servers.
But there are people who are reverse engineering the application and bypassing all the security.
I thought of asking here but it turns out that it won't be possible to secure the content anyway.

[jackbrain232]

Hello All,

First off, I would like to thank the Forum creators and maintainers.
I have learnt so much from this forum.

I was testing for my client who provides paid content and I was able to download and decrypt their videos by just mimicking their network traffic.

I would like to know what steps can we take in order to secure the content or make it hard enough to download and decrypt the videos.

Thank you

**** off. You wont get any help here.

why so much hate...magicians?

[Quint]

But there are people who are reverse engineering the application and bypassing all the security.

Reverse engineering is an old thing... But in case of net-delivering "protected" content not even necessary. It is so easy to sniff network traffic that a lot of intelligent "script kiddies" can quite easily find workarounds in Python... Onky the hardware-bsed parts are hard.

I thought of asking here but it turns out that it won't be possible to secure the content anyway.

That's how it is. But I know from my own experience well that right holders ignore these facts, and insist to have their content "secured"... So good luck to your mission.

[jackbrain232]

But there are people who are reverse engineering the application and bypassing all the security.

Reverse engineering is an old thing... But in case of net-delivering "protected" content not even necessary. It is so easy to sniff network traffic that a lot of intelligent "script kiddies" can quite easily find workarounds in Python... Onky the hardware-bsed parts are hard.

I thought of asking here but it turns out that it won't be possible to secure the content anyway.

That's how it is. But I know from my own experience well that right holders ignore these facts, and insist to have their content "secured"... So good luck to your mission.

Thank you very much Quint

[jackbrain232]

If your goal is to keep "professionals" (professional thieves) from stealing and re-release your content, you can't, as it is said already. No way if not stritcly hardware-based (and even this will of course be cracked, as you know).

If your goal is to keep normal users who just want to download to watch it offline at home:
1. Why then at all?
2. They can always screen-record, which is enough for their purpose.

Hi, we are planning to go with the Samsung hardware based tablet solution which will be protected by samsung knox security and an encrypted sd card.
Is this the way to go or it can be hacked as well?

[ElCap]

This is a freelancing opportunity.

If anyone can help me with this, they get paid.

Thanks.

i assume you are paying Quint for this info?

[jackbrain232]

This is a freelancing opportunity.

If anyone can help me with this, they get paid.

Thanks.

i assume you are paying Quint for this info?

yes, if he or anyone helps us secure the content