search

axiomatic-systems / Bento4

Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools
http://www.bento4.com
2.03k stars 483 forks source link

Encrypted segment using MPEG-CENC method is not playable #950

Open diogoazevedos opened 7 months ago

diogoazevedos commented 7 months ago

I’m trying to encrypt the attached segment using mp4encrypt using MPEG-CENC method, but the resulting segment becomes unplayable:

mp4encrypt --method MPEG-CENC \
  --key 1:4a13a4c5449b903ca558716341531799:random \
  --property 1:KID:a167ef50633c27f314f36a038ef20d6e  \
  clear/154023527127780.mp4 cenc/154023527127780.mp4

Shaka Player throws MediaError(3,,CHUNK_DEMUXER_ERROR_APPEND_FAILED: Incorrect CENC subsample size.). Decrypting the encrypted segment using mp4decrypt and checking the integrity using FFmpeg, results into:

mp4decrypt --key a167ef50633c27f314f36a038ef20d6e:4a13a4c5449b903ca558716341531799 \
  cenc/154023527127780.mp4 clear/154023527127780.mp4

ffmpeg -v error -i clear/154023527127780.mp4 -f null -
[h264 @ 0x14263a4c0] Invalid NAL unit size (337906356 > 1).
[h264 @ 0x14263a4c0] Error splitting the input into NAL units.
[vist#0:0/h264 @ 0x142612c60] Error submitting packet to decoder: Invalid data found when processing input
[h264 @ 0x14260a400] Invalid NAL unit size (1672766743 > 1).
[h264 @ 0x14260a400] Error splitting the input into NAL units.
[vist#0:0/h264 @ 0x142612c60] Error submitting packet to decoder: Invalid data found when processing input
[h264 @ 0x1426438d0] Invalid NAL unit size (-334245472 > 1).
[h264 @ 0x1426438d0] Error splitting the input into NAL units.
[vist#0:0/h264 @ 0x142612c60] Decoding error: Invalid data found when processing input

https://github.com/axiomatic-systems/Bento4/assets/1440785/ec6946b1-0825-4745-9c7c-d8e513c6a0a4

barbibulle commented 6 months ago

When encrypting a segment by itself, you need to pass in a reference to the unit segment, where some of the encryption parameters are stored (that info is only in the init segment and not repeated in each individual segment).

diogoazevedos commented 6 months ago

@barbibulle Yup, the attached file above is the concat of the init and fragment.

diogoazevedos commented 5 months ago

@barbibulle the original segment is in TS, which is remuxed into MP4 using FFmpeg. During the remuxing the PTS is also adjusted so we've an homogenous timeline provider-agnostic.

The remuxing is essentially the following FFmpeg:

ffmpeg -i video-stream-4_144979815.ts -c:v copy \
  -fflags '-autobsf' \
  -movflags 'frag_custom+dash+delay_moov' \
  154023527127780.mp4

Original TS segment: video-stream-4_144979815.ts.log

It's not allowed to attach .ts files, but appending a .log did the trick.

Worth mentioning that this issue happens only when we encrypt segments coming from partners which are using Synamedia encoders.