I can also recommend an interesting talk from a Chaos Computer Club (CCC) event (GPN, Gulaschprogrammiernacht) on this topic (sadly, only available in German): https://media.ccc.de/v/gpn22-382-kein-kinoerlebnis-ohne-korr...
„No cinema experience without correct certificate management... A look behind the scenes of a cinema with a digital projector system, how distributors deliver films to cinemas with end-to-end encryption, and how films are protected from piracy. In addition to an overview of projector technology, the presentation will demonstrate the file format and manual decryption of film data by a guy running a cinema with a club.“
It's remarkable that they do all this in the context of box office revenues cratering. In 2024 American theaters has less gross ticket sales than they did in 1982, in constant dollars. The whole thing of movie theaters is just over.
JPEG 2000 for each frame? I wonder what they use for decompression. JPEG 2000 decompressors are really slow. Most couldn't keep up with frame rate without GPU support.
Even with all of this onerous encryption and DRM, it's not hard to find pirated copies of movies. It makes me think that the sacrifice in ownership rights for the theaters over their equipment isn't worth it.
Most pirated copies aren't from theatrical releases; they mostly come out when the titles are available on streaming/blu-ray. DRM might be a failure in other fields, but it's working pretty well in this particular case.
It also contains watermarks. So theatres which failed to prevent recording will run into serious issues. See https://dcpomatic.com/forum/viewtopic.php?t=2372
If the software to watermark is widely available (as it appears to be) then an adversary has all they need to corrupt any existing watermark.
These steganographic watermarks depend on no knowledge of the process. If the method is particularly ingenious (one of the inputs is centrally stored entropy which the extractor references by trialing them all) then knowledge of the process alone may not be sufficient to obtain a high quality result (as too much corruption may be required) but could be used to inform the next step:
If you obtain two or more copies of the decrypted content you will be able to diff them and work out what you need to corrupt even without knowledge of the watermarking process. This probably won't work with pirated CAM's or take quite an effort to find the signal in the noise.
Edit: After some more research it looks like they don't actually watermark the distributed data (the movie sent to cinemas). The projector inserts its unique watermark during playback. There may be other secret watermarks put in by distributors not mentioned anywhere.
NexGuard is a wild product.
The flea repellant?
Yep, and those pirated copies are DRM free, work everywhere, no HDCP and other crap, no internet connection needed, so they're "better" in that way too (not just price-wise).
Totally possible that watermark identifies cinemas and showtimes uniquely, and that pirates are due for a lifetime of prosecution. Or that studios will shut down some cinemas, until it stops.
For 15 years you let paid options progress. Then fewer people pirate, then you catch the rest. At the beginning you don’t see it putting its clamps; then suddenly you don’t find piracy anywhere.
Yes, and those paid options were one subscription that had "everything". Then paid options broke up into 5 different subscriptions, some not allowing more than 2 devices, some having ads in paid plans, some not available in your country, some only having seasons 3 and 5 of the series, some having the series you wanted to watch but remove it half way through, some give you a "buy" button for the media, but then take the movies away after a few months, etc.
And people go back to piracy, because the user experience is better.
How are groups getting the high quality digital dumps of some movies then?
Screener leaks or insider (outsourced VFX for example) leaks
I don't think new theatre releases are generally getting leak in digital formats anymore until they hit streaming which can sometimes be as soon as weeks or couple months after original release. Obviously 'tele-syncs' (cameras capturing the film) still exist but that wasn't your question. The one exception to this can be oscar movie season when studios release films via a special Apple TV app and that be be slightly less secure (though still water-marked).
I would ask you to support your claim of 'high quality digital dumps' by citing one that has come out in the last couple years. See https://predb.net/
> A telesync (TS) is a bootleg recording of a film recorded in a movie theater, often (although not always) filmed using a professional camera on a tripod in the projection booth. The audio of a TS is captured with a direct connection to the sound source (often an FM microbroadcast provided for the hearing-impaired, or from a drive-in theater). If a direct connection from the sound source is not possible, sometimes the bootlegger will tape or conceal wireless microphones close to the speakers, as it is better than a mic on the camera. A TS can be considered a higher quality type of cam, that has the potential of better-quality audio and video.
This has an analog (so to speak) in the live music bootlegging subculture. If you can convince the roadie running the mixer or the sound board to plug in your shady recording device, then you can cut a bootleg record or tape which advertises that as a selling point.
Live audio bootlegs of concerts are typically plagued with the same sort of interference, such as crowd noise, shaky everything, cheap microphone designed for voices only, overwhelming decibel levels, etc. A "clean soundboard" recording can bypass all that and sound comparatively good, especially if the band is good at playing live.
Hollywood is stupid and eroded its own economic advantage by putting everything on streaming. This was already known, but it also makes antipiracy operations much, much harder.
Ripping a stream is always going to be easier than getting any unprotected video footage out of a movie theater. The stream is in your own home, you own and can tamper with all the equipment involved in playing it, and the economics of CDNs prevent robust traitor-tracing schemes[0] that could be used to hunt you down.
In contrast, movie theaters are public locations, so every one of them is a known entity. The entire supply chain for movie projection is controlled. And that makes traitor-tracing a lot easier. All the hackers pointing out that DRM is fundamentally breakable are ignoring the fact that that only matters iff you're anonymous and untraceable. Otherwise, they won't bother making the DRM stronger, they'll just arrest people until the movies stop leaking.
It's the XKCD laptop wrench story[1] in reverse. The crypto nerd imagines DRM to be easily broken trash, but the reality is that the security of the DRM is in the $5 wrench, not the math.
Let's play contrast-and-compare. If you want to leak a stream, you need:
- A streaming account
- Knowhow or software to decrypt the data stream as it's downloaded and played, or,
- Knowhow to modify a TV so that you can capture the unencrypted video and audio streams inside the TV
The last one isn't done because it's a pain in the ass and the TV scene prefers bit-perfect rips over re-encoded captures. But at some point in the TV, you have to decrypt the video; LCD panels do not natively accept encrypted signals. And that is something you can build hardware to capture.
Now let's try leaking a movie. There's a few avenues of attack, roughly corresponding to the traditional movie scene release categories:
- You can go to the theater and point a camera at the screen. They actually check for this now, in pretty much any western country you'll get kicked out or arrested for camming a movie. If you don't get caught, they can still narrow you down to a location in the room via your shooting angle, and possibly determine what theater you were at with line frequency hum. That's enough information to narrow down the guy leaking the movie to a handful of customers. Do this enough times and you create a unique fingerprint to catch yourself with.
- You can get a job as a projectionist and run the movie projector into another camera directly. That kind of machine is called a telecine, and it used to be one of the higher quality ways to get leaked movies back when they were on film. This is specifically the scenario that all the DRM in the projector is designed to stop. If you do anything to change the light path of the projector, it locks up until the manager comes in and types a password to authorize the change.
- You could bribe the manager or owner to telecine the movie for you. Problem is, the number of people who actually have the password that unlocks the projector is really small[2] and traceable. If a telecine leak is traced back to their theater, someone's getting fired at a minimum, jailed in the worst case.
- You could break the DCI scheme itself; but you still need to source the files and keys to decrypt the movies. This is the crypto nerd's imaginary scenario. Even then, the files could themselves have steganographically injected information identifying the theater who got that master copy, which you can't strip out merely by having the encryption keys. Again, nobody is giving you those files unless they're too stupid to understand the implications (unlikely) or they have faith that you can strip out the stegotext.
It's just way easier to rip a stream than a movie in a theater. And when Hollywood moved to streaming they also made it a lot easier to leak movies.
[0] To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.
[2] This is also why the 3D era of film made movies way too fucking dark.
To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.
If the movie is streamed in chunks, only certain short segments would need to be reencoded to add watermark data. Alternatively it might be possible to splice in a short segment with the watermark between keyframes of the preencoded film.
Finally all of this could be done on the audio side which is much less computationally intensive compared to video.
Fascinating read and I think an accessible presentation of a lot of the concepts / framework and mechanics of this type of system.