2

I have a file which i've encrypted in CENC, and i'm trying to now decrypt it using mp4decrypt from the bento4 mp4decrypt tools. The file consists of a single h264 track in an mp4 file. This is the output of mp4info --verbose

File:
major brand:      dash
minor version:    0
compatible brand: iso6
compatible brand: dash
Movie:
 duration:   0 ms
 time scale: 120000
 fragments:  yes

Found 1 Tracks
Track 1:
flags:        7 ENABLED IN-MOVIE IN-PREVIEW
id:           1
type:         Video
duration: 0 ms    
language: und
media:
sample count: 0
timescale:    120000
duration:     0 (media timescale units)
duration:     0 (ms)
bitrate (computed): 6386.097 Kbps
display width:  1920.000000
display height: 817.021271
Sample Description 0
[ENCRYPTED]
  Coding:         encv
  Scheme Type:    cenc
  Scheme Version: 65536
  Scheme URI:
Protection System Details:
[schi] size=8+32
  [tenc] size=12+20
    default_AlgorithmID = 1
    default_IV_size = 8
    default_KID = [23 b6 70 1b e9 8b 4e ea 80 4e 9b 59 6c 59 37 a5]
Bytes: 0000000000000001000000000000000000000000000000000780033000480000004800000000000000010a41564320436f64696e670000000000000000000000000000000000000000000018ffff000000476176634301640028ffe1002e67640028acc8501e019effc0c7c0c81a808080a000007d200017701c00000301c9c380000773595359803c60c65801000668e938233c8f
Coding:      avc1 (H.264)
Width:       1920
Height:      816
Depth:       24
AVC Profile:          100 (High)
AVC Profile Compat:   0
AVC Level:            40
AVC NALU Length Size: 4
AVC SPS: [67640028acc8501e019effc0c7c0c81a808080a000007d200017701c00000301c9c380000773595359803c60c658]
AVC PPS: [68e938233c8f]
Codecs String: avc1.640028

So to decrypt it using the above key, surely I would do:

mp4decrypt --key 1:23b6701be98b4eea804e9b596c5937a5 --show-progress input.mp4 output.mp4

MP4 Decrypter - Version 1.4
(Bento4 Version 1.5.0.0)
(c) 2002-2015 Axiomatic Systems, LLC
usage: mp4decrypt [options] <input> <output>
Options are:
--show-progress : show progress details
--key <id>:<k>
  <id> is either a track ID in decimal or a 128-bit KID in hex,
  <k> is a 128-bit key in hex
  (several --key options can be used, one for each track or KID)
  note: for dcf files, use 1 as the track index
  note: for Marlin IPMP/ACGK, use 0 as the track ID
  note: KIDs are only applicable to some encryption methods like MPEG-CENC
  --fragments-info <filename>
  Decrypt the fragments read from <input>, with track info read
  from <filename>.

All I get is zero output on the command-line, and the output file is still unplayable.

Any ideas? the video track is for the whole file, it's not split into segments itself.

John Bergqvist
  • 852
  • 13
  • 38

1 Answers1

1

You are trying to decipher the file with the Key ID instead of the Key itself. "23 b6 70 1b e9 8b 4e ea 80 4e 9b 59 6c 59 37 a5" is the identifier of the key, not the key itself. Sure you will not decipher. It is in the file in order for the DRM system to retrieve the key (sending or searching the keyID for getting the Key itself in return). Try to use the key value to decipher. Your mp4encrypt command should have been used with an option like: --key 1::0000000000000000 as your IV size is 8

Rémi Cohen-Scali
  • 99
  • 3
  • So if that is the KeyID, how do I use that value to get the actual key? – John Bergqvist Oct 07 '16 at 11:04
  • The short answer is: I don't know, it depends :) The long answer is: did you cipher the content by yourself ? If yes you should know how to get the key from the keyID. If not, it depends the DRM you are using for managing the content protection. In a standard DRM, a key server shall be exposed in order to get the key from the keyID. The delivery of the "key = Fdrm(kid)" can vary according to drm and to purchase/consumption use case. But this is really a DRM problem and not a content protection problem. – Rémi Cohen-Scali Oct 12 '16 at 08:10