search

krzemienski / awesome-video

A curated list of awesome streaming video tools, frameworks, libraries, and learning resources.
https://awesome.video
Creative Commons Zero v1.0 Universal
1.53k stars 164 forks source link

[Question] How to Protect Streaming Content from "Downloader"? #34

Open wshen001 opened 3 years ago

wshen001 commented 3 years ago

Hi @krzemienski:

I have an m3u8 manifest file that enables the general AES-128 protection. Basically, it follows the same guideline here (https://www.theoplayer.com/blog/content-protection-for-hls-with-aes-128-encryption).

However, I realize that a simple youtube-dl can easily download the whole stream files and merge them back to the mp4 file. Is there a way to protect content from Downloader? And in terms of stream protection, what would you recommend? I remember when I still worked at the same company with you, we used Dash stream and I remember it had a more sophisticated way to protect the stream files.

krzemienski commented 3 years ago

@wshen001 hey man! Long time no talk...so in terms of protection you would need to look into DRM - since you mentioned Theo one of the links I have here there is relative - https://www.buydrm.com/sites/default/files/pdf/webinar/050217_DeployingKeyOSMulti-DRM_withTHEOPLayer_Webinar.pdf and if you are not looking to use a vendor for DRM management I'd suggest looking at clearkey https://github.com/Dash-Industry-Forum/dash.js/wiki/Generate-MPEG-DASH-content-encrypted-with-MPEG-CENC-ClearKey

wshen001 commented 3 years ago

@krzemienski yea... it's been a long time~~ I didn't really do too much video-related work until recently that my company recently published a series of content videos. Thank you for pointing out valuable resources for me.

I still have questions here. The video we use already has AES-128 encryption, however, the decrypt key has to be declared in a manifest file because currently, we are using HLS. Here is an example:

#EXTM3U
#EXT-X-TARGETDURATION:10
#EXT-X-KEY:METHOD=AES-128,URI="https://security.theoplayer.com/sequence-1.key"
#EXTINF:10.0,
http://media.theoplayer.com/video1/sequence-1-segment-1.ts
#EXTINF:10.0,
http://media.theoplayer.com/video1/sequence-1-segment-2.ts
#EXT-X-KEY:METHOD=AES-128,URI="https://security.theoplayer.com/sequence-2.key"
#EXTINF:10.0,
http://media.theoplayer.com/video1/sequence-2-segment-1.ts
#EXTINF:10.0,
http://media.theoplayer.com/video1/sequence-2-segment-2.ts
#EXT-X-ENDLIST

It's a bit closer to the open-source link you shared with me for the DASH. Their example encrypted the content with the key and declares the decrypt key in MPD file. It looks very close to the HLS one that we use now.

Therefore, do you mean that if we use MPEG-CENC with DASH it can block the Downloader to decrypt it?

The youtube-dl download tool actually reads the manifest file and uses the decrypt key to decrypt the video and use FFmpeg to merge the decrypted video to mp4... Could you explain to me how a DRM system (or solution) would prevent the content from getting decrypted easily?