DRM
UserpicAdobe Protected Streaming
Posted by Moxietype

The Media-Streams are encrypted "on the fly" by the Flash Media Server (the protocol used is rtmpe or rtmps). In addition the client player can be verified via "SWF-Verification", to make sure that only the official client can be used.

Encryption:

All contents are encrypted by the Flash Media Server "on the fly". This means, there is no encryption of the source file needed (which is different to Microsoft DRM, for instance). For data transmission, a special protocol is used: rtmpe or rtmps.

rtmps uses SSL-encryption, rtmpe makes use of proprietary encryption algorithms. rtmpe causes less CPU-load than rtmps on the Flash Media Server. In the past, some tools were able to capture rtmpe Streams by taking advantage of a security hole within the flash player object. Adobe fixed that issue in Jan. 2009.

Currently, there are no known hacks for rtmps and for rtmpe and also there are no known tools to perform rtmpe/rtmps decryption, but it is known that private groups have found a way to rip those streams (HorribleSubs ripping Crunchyroll)

SWF-Verification:

This technique is used to ensure that only the official Flash client, delivered by the content owner, can be used to request the streaming data.

All officially allowed clients (which are in fact *.swf Files) need to be placed on the Flash Media Server. Any unknown client requesting a connection will receive a "connection reject".

The combination of both techniques ensures that streams cannot be sniffed and stored into a local file. SWF verification is needed to avoid that manipulated clients can access the content. Those clients could possibly write the unencrypted content to a file.

Besides that, it is possible to restrict connections to the Flash Media Server to a list of known hosts, to avoid that the whole player (the flash client) is placed on a foreign site.

Source



Return to Home