Flood of 4K James Bond Leaks Further Point To iTunes Breach (torrentfreak.com) 114
AmiMoJo writes: All 24 movies from the iTunes exclusive 4K "James Bond Collection" have leaked online. This is further evidence to suggest that pirates have found a way to decrypt 4K source files from the iTunes store. How, exactly, remains a mystery. While most regular releases can be ripped or decrypted nowadays, 4K content remains a challenge to breach. Up until a few days ago, pirate sites had never seen a decrypted 4K download from Apple's video platform. However, a flurry of recent leaks, including many titles from the iTunes-exclusive "James Bond Collection," suggests that the flood gates are now open. It all started earlier this month ago when a pirated 4K copy of Aquaman surfaced online. The file is a so-called "Web" release, also known as WEB-DL in P2P circles. This means that it's a decrypted copy of the original source file. These were never seen before for 4K releases. Because the Aquaman release was only available on iTunes in this quality at the time, the most likely conclusion was that Apple's platform was the source. However, based on just one single leak, it was tricky to draw strong conclusions.
Did anyone... (Score:5, Funny)
Did anyone honestly believe that SPECTRE wouldn't be able to figure out a way to decrypt Apple's 4k movies?
Re: Did anyone... (Score:2)
Why the need to decrypt? If it can be played, it can be screencaptured, reencoded and shared. Load of bollocks the whole drm thing is.
Re: (Score:2)
Yeah, but aside from maybe watching on a table while in a car/plane, who would want to actually watch a crappy copy like that?
I certainly didn't buy nice OLED big screen TVs for the house to watch subpar quality videos, you know?
I also have in my main room an audio system that I like to play the soundtrack while watching from too, and I like to have a good audio signal fo
Re: (Score:3)
You can also capture the data stream straight from the video buffer. Every frame has to pass a video card or be converted pixel-perfect onto an LCD/LED array. With the right electronics and a cheap ASIC you could do a perfect digital capture.
Same goes for audio, at some point, some buffer in some DAC has to have an unencrypted stream.
Re: Did anyone... (Score:5, Interesting)
That's not usually true. Video codecs often place a lot of the computation work on the encoding side, since people generally only care about smooth decoding playback. That means encoding often runs far slower. I'm not sure what codecs are standard in the piracy world these days, but I'd be surprised if anything readily available to pirates can encode full-speed 4K with enough effect to make storage feasible.
To my knowledge, there are only some cameras that would have the necessary hardware, but they're rather ridiculously expensive to use for parts. What kind of budget does a pirate have, exactly?
Re: (Score:3)
What kind of budget does a pirate have, exactly?
Do you REALLY have to ask? As many doubloons as they can find floating on the seas.
But it's pushing all those large coins into those tiny USB slots to convert to eGold that's the holdup.
Re: (Score:1)
Re: Did anyone... (Score:2)
As for encoding, I only have decoding experience with h. 265 and that's intensive enough; I doubt there's a consumer-level computer in existence that can do it in realtime... maybe a massively-multicored chip like a Threadripper could, in theory...
Re: Did anyone... (Score:2)
Re: (Score:1)
Re: (Score:2)
"I'd be surprised if anything readily available to pirates can encode full-speed 4K with enough effect to make storage feasible."
My smartphone can encode 4K resolution real time at an unspecified frame rate and 1080p (2K) at 60 fps.. The compression rate is lousy (but no big deal for a hard disk or SSD), so you'd have to do a slow re-encode later on.
Re: (Score:2)
Why would they need to perform the encoding in realtime? They can use a buffer and pause playback once the buffer fills.
Re: (Score:2)
4K@60fps is trivial to do with hardware encoders available in any modern graphics card. The bigger issue here is we're talking about getting the feed to the graphics card from custom hardware. That may be out of reach. The hardware may be cheap but the setup to do so would be quite complex.
Re: Did anyone... (Score:2)
Re: (Score:2)
True, just connect on the t-con of the LCD matrix of the TV, and with an FPGA and some RAM, you store the whole picture as you receive it, and save it via PCIe, double the RAM for double buffering of course, so while a frame is being sent to the PC, another one start to fill memory. On your PC where you receive the frame via PCIe, encode it with your GPU in realtime or just save it on your 4TB RAID array or something.
Re: (Score:2)
Couple of points here.
You can also capture the data stream straight from the video buffer
Okay I'm going to ignore a lot of things here. One, TPM. Two, actual quality of playback. Three, that we're skipping capture cards (besides there isn't a 4K capture card at the moment). Okay so that said, reading memory is not a zero time operation. It requires some non-zero value of time to read memory. So that said, you are going to be reading a buffer that's always refilling with new data. That's going to give you timing issues that, unless you've got control of the flow into
Re: (Score:2)
Yeah, but aside from maybe watching on a table while in a car/plane, who would want to actually watch a crappy copy like that?
So, Nvidia includes vastly improved hardware screencap encoders [nvidia.com] in their new RTX cards... and now 4k iTunes rips are appearing. Coincidence???
Re: (Score:1)
Re: (Score:2)
It can not be lossless if the original source is not lossless. If we are talking about iTunes streaming then the best possible quality that any decoder can do is the original lossless source minus iTunes compression. When encoding the resulting stream you are double encoding. This results in an unexpected, and sometimes quite significant, loss of quality.
So how does one achieve the best possible quality without access to the original lossless source? You have to break the encryption on the iTunes com
Re: (Score:1)
Re: (Score:2)
capture the full lossless detail of reality
Of course not, but one can capture the full lossless detail observable by a human being. There is an entire field of study devoted to this concept.
The point was that if you start with a compressed file, after decompressing there is no way to encode the file while achieving quality greater then the source. To make it equal to the source you would have to compress with a lossless compressor thereby generating a file that is at least an order of magnitude larger then the source. So having an Nvidia card
Re: (Score:2)
If it can be played, it can be screencaptured, reencoded and shared. Load of bollocks the whole drm thing is.
Besides the loss of quality there's a decent chance the account information is added to the visuals with subband coding.
Also, hardware DRM is supposed to prevent the interception of the decoded data. yeah, yeah, #include von_neumann.h , etc.
Re: (Score:3)
there's a decent chance the account information is added to the visuals with subband coding
Objection- speculation.
Also, hardware DRM is supposed to prevent the interception of the decoded data.
It does. HDCP encrypts the stream over external digital interfaces (DVI, HDMI, DP).
Of course, somewhere, at some point, it must be decrypted for transport to the actual pixel device.
Re: (Score:3)
Of course, somewhere, at some point, it must be decrypted for transport to the actual pixel device
That's done within the central processor of the display. If you ever look at the memory within a 4K display, they are exactly the DDC packets as transmitted be it HDCP encrypted or not. By the time the data leaves the processor, it's already in a format that only makes sense to the display array. Actual color space data like YCBCR is never transmitted on the traces and is always handled within the chip. That actual representation, pixel by pixel, never sees life outside the display's processor, unless i
Re: (Score:2)
If it can be played, it can be screencaptured, reencoded and shared. Load of bollocks the whole drm thing is.
Besides the loss of quality there's a decent chance the account information is added to the visuals with subband coding.
Wait, what? The image quality suffers notably, but the hidden info in the image stays intact?
Re: (Score:2)
Hey, they could make a BOND movie where James Bond has to save the world from movie piracy. How meta would that be?
They could try making one that doesn't suck. That would be a start.
Re: (Score:2)
Did anyone honestly believe that SPECTRE wouldn't be able to figure out a way to decrypt Apple's 4k movies?
Plot twist: they decoded it but their screens were such shit that they couldn't stand to watch the films anyway.
Re:Did anyone... (Score:5, Funny)
Re: (Score:3)
Just stick to the Sean Connery movies and you'd be fine. Maybe Lazenby too.
Re: (Score:1)
Yep, back when Bond acted like a man.
Re: Yawn (Score:1)
Not sure you are a good judge on what is a man seeing you live in your mom's basement
Re: (Score:2)
Or The Spy Who Loved Me, if you want to see Roger Moore's one good Bond movie.
Or Skyfall, if you want a decent Craig as Bond film.
Did Pierce Brosnan have any good Bond movies? At all? Maaaaybe Goldeneye and even that's a bit rocky. Then he started making movies where we're supposed to buy that Denise Richards is a nuclear physicist.
Re: (Score:2)
Goldeneye is far and away my favorite Bond movie. Not because of Brosnan's performance (though I think he's an OK bond), but because the story wasn't just Bond's perspective, and had a bit of development of some other characters.
"I am invincible!"
Not a coder, but ..... (Score:3)
I never saw how it was supposed to be possible to really prevent someone from ripping digital content that can be played back on a computer?
It seems like iTunes itself handles the content decryption process so you can view what you purchased. And once that can take place, you could write software that captures each frame out of the video buffer along with the audio that's playing back to the speakers and saves them to a new file?
I'm sure there are challenges in keeping the video and the audio synchronized as you're saving that much data in real-time as it plays ... but modern computers should have the CPU power to do it.
Re: (Score:2, Informative)
HDCP 2.2 was broken in 2015. HDFury downgrades 2.2 to an version that's easy to strip.
Re: (Score:1)
yeah and an appletv totally isn't a computer at all in any way
Re: (Score:1)
Re:Not a coder, but ..... (Score:4, Interesting)
Which is an iOS device with an HDMI output. HDCP has long been broken (at least a decade), but the cost and effort vs profit has also been a major thing. If your movies can be rented for 99c why bother with a copy. But as the media conglomerates forgot that lesson in the last few years they've been putting "better" content (4K) under premium price ranges and even Netflix is raising prices to the point where pirating is once again viable.
Re:Not a coder, but ..... (Score:4, Interesting)
I'm sure there are challenges
Yes major ones. I don't know where you have been. Here is the not-to-technical-explaination: this is what all this trusted platform; EFI bios "secure mode" stuff is about. Its so primarily you don't have a way tell the Windows kernel that its alright to load an unsigned video driver. The signed drivers are all certified to not let you read those buffers when protected content is playing. This why you can't 4k commercial content on anything but Windows for the most part btw. (with some exceptions).
Now there are things you might be able to do. You could try to convince the content playing software that platform integrity modes were enforce when they are not; or you could try to use some kind of kernel exploit to gain access to modify the video driver stack with integrity mode enforce; load a fake video driver etc.. You could also possibly re-verse engineer the content players and patch them to not check for platform integrity, but they heavily obfuscated and usually use some kind of nasty VM layer.
The NSA was nice enough to release GHIDRA recently so if you are of for any of this sort of thing start there; you don't have to buy a copy of IDA pro anymore :-). Its not going to be easy though. A lot of really smart people have put a lot of effort into making it really really hard, they will fix whatever bug you find and probably find a way to force patches on most folks.. None of this is impossible but its hard enough that few people have the skills to approach it.
Re: (Score:2)
Re: (Score:2)
That's where HDCP comes in. It is broken for normal 1080p content but effectively it was about detecting a non-certified device (e.g. a recording device) and then preventing playback
Re: (Score:2)
That glowy thing on the other end of that HDCP connection is called "A monitor" and it doesn't show encrypted pictures nor does it do the encryption itself. Therefore it has to be getting it as raw free text.
Sounds like you don't know what HDCP [wikipedia.org] is. Yes, the glowy thing does do the decryption itself if it can receive HDCP content; that's the whole point.
Re:Not a coder, but ..... (Score:4, Interesting)
It was supposed to be impossible to get HDCP keys for devices that would let you make copies of protected streams. The standard even includes the ability to revoke keys if they are used for that purpose, and some older software and physical players need updates to replace the key with a new one due to revocations.
But of course it didn't work and there was high demand for devices which make copies or strip out the protection - not least from TV channels and streaming services. There is a Chinese company that makes a popular line which is used by Netflix and several TV networks to rip Bluray discs for streaming/broadcast.
I don't know what they thought would happen... I suppose it stops causal copying at home, but all that says is that they didn't anticipate the internet even in the post-Napster world.
Re: (Score:3)
And once that can take place, you could write software that captures each frame out of the video buffer along with the audio that's playing back to the speakers and saves them to a new file?
In theory, that not possible :
From a purley theoretical point of view, to obtain 4k content, you need a setup (hardware+software+OS) that follows certain precise rule.
You need to run special hardware (like monitors that accepts encrypted content, so on the HDMI cable, you only see encrypted noise, you can't see the actual picture).
You need to run a special OS that is designed to refuse you access to windows that contain protected content (e.g.: you don't have direct access to the frambuffer, and when you as
Re: (Score:2)
The decryption is done inside an encrypted virtual machine, which is coded to pass the resulting video and audio directly to the GPU and audio hardware. This is why your phone can play Netflix using the Netflix app, b
Re: (Score:2)
Now maybe they will finally start letting us watch 4K movies that we paid for on our 4k monitors which we also paid for. I am NOT buying what is essentially a $200 dongle to watch 4K movies. Now that the cat is out of the bag, maybe they can stop being so precious.
There probably will be a charge for it somehow.
It had to happen someday (Score:5, Interesting)
Pretty sure the number of surprised people is around 0.
I suppose this is good news for people who want 4k content but can't use proprietary stores or players. They might as well just pirate the stuff until/unless the industry starts selling standard files. (Who the fuck wants to have to use iTunes?)
Re:It had to happen someday (Score:4, Interesting)
I wonder what the cost/benefit ratio for the DRM looks like.
Costs:
- Develop the DRM
- Manage the keys/accounts
- Protect secrets
- Piss off customers
- Lose sales to people outside your ecosystem/who hate DRM
Benefits:
- Lower piracy for a limited time
- Regional pricing for a limited time
- ???
Re: (Score:3)
"- Lose sales to people outside your ecosystem/who hate DRM"
I'm no DRM fan, but do you honestly think that population of people is greater than 1% of fans who would have otherwise made such a purchase?
I am a Bond fan, but I have neither purchased or pirated a movie. I just wait about 30 minutes and one will invariably be on TBS or some other network.
Re: (Score:2)
DRM also makes the playback devices more complicated, which increases the unit costs and also increases the support costs when problems are caused for paying customers by the DRM.
Re: (Score:1)
Yup, just steal what you want because you're entitled to it. No need to pay the people who produced the content, it's yours because you deserve it.
Re: (Score:1)
it's yours because you deserve it.
Yep, it's time for the buyers to set the rules for a change. The sellers can suck it up! Everybody still gets paid.
Re: (Score:1)
Yeah, pretty much that, plus the fact that they don't even really sell it yet, so there aren't downsides to make things more nuanced or cause there to be another "side."
(What else you gonna do, run their software on your computers? That'd be silly; it's not happening. If everyone did that, we'd be living in a world full of malware and unreliable compu.. hey, waitaminute.)
If the people who made it want money, they can run a business, just like the media companies did up until the late 1990s. Back then I sp
Download paid for content (Score:1)
I buy 4K content on iTunes to play on my AppleTV on occasion, but when you download a copy to a computer it's limited to 1080p. Does this mean I can finally get copies of movies I've paid for in 4K so when Apple pulls them from its catalog I have a copy? I would actually make more 4K purchases on iTunes if I was sure I could download a copy, even if it had DRM as long as I could play it from my Mac to my TV.
Re: (Score:2)
If there's DRM then you've no guarantee that your copy will still be playable once they pull it from their catalog.
Insider Leak? (Score:2, Insightful)
Like many security issues, piracy often leverages insider leaks. Accessing the content before the DRM is applied and sharing with an insiders list is often simpler. These closed circles keep things quiet, but eventually, somebody shares outside the closed circle and then things get shared wider.
If the DRM was broken, I would expect their full catalog to have been shared online.
Re: (Score:2)
Like many security issues, piracy often leverages insider leaks.
Indeed. Most high-quality captures of movies before they have a dvd/streaming release came from theaters where whomever had access to the physical reels could scan the individual frames. With digital projection, it's changed a bit in that encrypted hard drives are being shipped, not 35mm film cans, but you can still get a decent video by plugging in an audio recorder to the sound in the projection booth, and an HD camera aimed at the screen.
Colorspace? (Score:1)
Are these just 4k resolution or do they also use some wonky colorspace that looks all washed out and displays properly on virtually nothing?
I recently tried my hand at ripping some UHD blurays. The ripping part went without a hitch but when I used ffmpeg to reencode transparently to a manageable size (h.265 CRF 19) I noticed three things.
1. Color metadata gone
2. Resulting bitrate almost identical to HD version of the same content.. WTF?
3. Nothing I have not PC or TV would play it or the original ripped cop
Re: (Score:2)
A bit off topic, but... it's *not* illegal to decrypt material that you've purchased under the DMCA. It's just illegal to decrypt material you rent (e.g., stream) or to 'traffiic' in decryption devices.
This is one of the reasons copyright owners love streaming services.
Re: (Score:2)
Re: (Score:2)
It doesn't really matter? (Score:3)
All that Netflix and iTunes etc. do is help keep honest people honest, by convenience. And they are doing very well with that. They don't really sell exclusive access to media - they sell the EASE of access to the media.
As an example: I use Netflix when possible, but fire up a very easy to use netflix-like interface to torrent streaming when I want to watch something not available there. My non-technical wife thinks that even having to consider stuff like different torrent health for the different available qualities is too much hassle, and sticks to Netflix.
This is also why I think that the really easy ways to pirate (torrent-based netflix alternatives, piracy enabled Kodi devices, etc.) should keep on being slightly suppressed in the mainstream media and general mindset. Not banned as such, but don't advertise them. This way, everyone can be happy.
In the country I live in, that's the way prostitution is legally handled: it is legal, but pimping or promoting it is quite illegal.
are they really 4k, or are they... (Score:2)
Re: (Score:2)
You are probably thinking yify, and movies released in weird resolutions like 1920x700, this was due to cinema aspect ratio and not trying to scam you.
Re: (Score:2)
They make their own bed. (Score:1)
Living in France, lots of TV shows and movies are either just not available or only available dubbed in French. The delightful media companies of course geo-fence and disallow any legal streaming from an English speaking country.
"Voila" - only workable option to see stuff I would happily pay for is via pirated copies.
Re: (Score:2)
And many people hate dubbing, even if they can understand the language into which it has been dubbed. If you can understand the original language it's almost always preferable to watch a movie with its original language track.
I did find that a lot of content in France was available with the original language as an option tho, you just have to switch the language track used by the player - most digital tv broadcasts, as well as dvds allow this etc.
Studios leaked it. (Maybe? ) (Score:3)
How can an end user know whether a copy is authorized? Obviously they haven't been given permission to distribute it, so seeders beware, but leachers have no way of knowing until it has been downloaded especially with all the fragmentation in streaming services.
We still (Score:1)
Just takes one hardware hacker (Score:2)
In the end, the signal is sent electrically and non-encrypted to the pixels. It can, at the very least, be captured in this step, with hardware that an advanced hobbyist can afford and build. This is known as the "analog hole" and nothing can be done about it unless everybody gets Digital Restriction Management hardware installed in their eyes. (Not that I would put that idea past the copyright Mafia.) Very likely it can be captured earlier.