Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

WV L1 Keys/ PR SL 3000 keys require breaking into the TEE to steal those decryption keys.

Ever wondered why netflix 4k web-dls take a while for less popular shows?

Netfliy monitors these more tightly apparently and blacklist keys that are used to download. Then the group needs to buy some new device, the old one is burned.



It's true that known-compromised keys get revoked, but it's possible to avoid them knowing you've compromised a particular device.


I think there's some kind of watermarking going on, so once a rip is released to the public they can trace it back to which device keys were used to decrypt it.


Watermarking would require a separate version of each encoded file for each target device, which is not amenable to efficient CDN-ing.

It's quite easy to grab the encrypted media files, as they go over the wire - do this from two devices and compare what you get. (you don't need to strip the DRM to see if the two files are identical)


They wouldn't necessarily need to serve different data to each client when they control the whole playback stack, they could get clever by including duplicate frame data with subtle differences and making each device key only able to decrypt one of the variants. Repeat that throughout a show to add additional bits to the signature until it's uniquely identifiable.


But they don't control the playback stack, once the attacker has the keys. The attacker brings their own stack, decrypting the data with their own software.


That doesn't help the attacker if their key can only decrypt the subset of frames which Netflix wants them to be able to decrypt.


Watermarking was a problem when Widevine L1 was first introduced. Pirates seem to have found a way to scrub the watermark from their releases. Either that or someone is burning a _lot_ of cash on playback hardware judging from the rate of 4K WEB-DL releases.


It doesn't need to be a lot - just replaced in the same cadence as the latency from initial broadcast to key revocation. Even if it's all in-house in Netflix and the watermark sufficient to identify the specific device key not all releases are made instantly after being made available on the platform, it still has to be downloaded, verified, watermark extracted before the key can be revoked.

If that's just a total of a single day, 365 cheap netflix devices per year certainly isn't out of the question, especially with the number of people involved in the many ripping groups.


Depending on the bit size of a watermark, device-based watermarking should be easy to defeat using a quorum of devices to agree on bit values. It should only take around log2(n) attackers to remove an n-bit watermark.


Interesting, I hadn't heard about that. But this knowledge is obscure by design I suppose.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: