4. Shaka Packager 분석 및 복호화(Decrypt) 방법 고안

저번 VC.One님의 도움으로 파일이 Shaka Packager로 암호화되어있다는 것을 알게 되었다.

 

따라서 먼저 Shaka Packager가 무엇이고, 어떤 방식으로 작동하며, 복호화하는 방법에 대해 조사해보았다.

정보를 정리하는 글이니 읽기 좋게 두괄식으로 쓰겠다.

 

 

 

1. Shaka Packager의 개념과 특징

• Shaka Packager는 서버에서 클라이언트에게 영상 파일을 전송할 때 사용하는 암호화/복호화 도구
• 구글 Widevine 팀에서 개발하는 오픈소스 기반의 미디어 패키징 툴.
• 영어로 암호화는 Encrypt 복호화는 Decrypt라는 용어를 사용

 

• 콘텐츠의 불법 사용과 유출을 방지하기 위해, 서버측은 "멀티 DRM(Digital rights management) 솔루션"을 도입 → 이 과정에서의 파일 암호화를 멀티 DRM 패키징이라고 칭함
• 멀티 DRM 패키징 = 영상 파일을 암호화 해 전달하기에 안전한 상태로 만드는 것
• Shaka Packager는 이 과정에 쓰이는 도구(방식) 중 하나

 

• DRM 콘텐츠는 암호화된 상태로 최종 사용자 기기에 전달(스트리밍 또는 다운로드)되며, 해당 콘텐츠를 재생하려면 암호화 키를 포함한 DRM 라이선스를 DRM 서버로부터 발급 받아야 함.
• 물론 위 암호화 키는 우리가 알아들을수가 없는 문자들로 쓰여있다고함.
•  MPEG-CENC는 멀티 DRM 패키징의 결과물 계열의 이름이고 DASH방식을 채택함. 관례적으로 MPEG-DASH와 MPEG-CENC는 동의어처럼 사용하는 듯. 나도 그렇게 사용할 예정.
• 라프텔 서버가 사용하는 방식인 MPEG-DASH 또한 멀티 DRM 패키징의 결과물
• MPEG-DASH는 엣지, IE11, 크롬, 파이어폭스 등 브라우저와 PlayReady 또는 Widevine DRM을 지원하는 각종 기기 (스마트TV, 셋탑박스, OTT 기기 등) 에서 작동함
• MPEG-DASH는 Common Encryption 규격에 따라 AES-128* 방식으로 암호화되어 PlayReady**와 Widevine DRM***으로 보호되는 DASH 방식 콘텐츠
• DASH/HLS 콘텐츠에 대한 멀티 DRM 패키징을 지원하며, VOD(Video On Demand)와 라이브 콘텐츠 패키징이 가능. (대충 실시간 스트리밍을 지원한다는 뜻. VOD는 영상을 쪼개서 각 조각이 필요한 사람에게 해당 조각을 전송해주는 방식이라고 생각하면 됨)

 

*AES-128 : 암호화 방식의 한 종류. (https://namu.wiki/w/AES)

**PlayReady : 암호화, 출력 방지 및 디지털 권한 관리를 포함하는 Microsoft의 미디어 파일 복사 방지 기술

***Widevine DRM : 구글 크롬 및 파이어폭스 웹 브라우저, 안드로이드의 안드로이드 미디어DRM, 안드로이드 TV 및 기타 전자통신 기기에서 사용하는 구글의 몇 안되는 독점 디지털 권한 관리 기술 (https://namu.wiki/w/%EC%99%80%EC%9D%B4%EB%93%9C%EB%B0%94%EC%9D%B8)

 

 

 

[참조]

https://pallycon.com/ko/blog/%EB%A9%80%ED%8B%B0-drm-%EA%B5%AC%EC%84%B1-%EC%9A%94%EC%86%8C%EC%9D%98-%EC%9D%B4%ED%95%B4-4%EB%B6%80-drm-%ED%8C%A8%ED%82%A4%EC%A7%95%EA%B3%BC-cpix-speke-api/

반응형

 

 

 

 

2. Shaka Packager 복호화하기

1. 

일단 Shaka Packager는 오픈소스이기 때문에 Decryption Key만 얻을 수 있다면 복호화하는 것이 가능하다고 한다.

오픈소스는 아래 Github에서 확인할 수 있었다. Readme.md에 간단한 설명도 첨부되어 있었는데 큰 도움은 안됐다.

나중에 시간 내서 다시 꼼꼼히 읽어보기는 할 예정이다.

 

https://github.com/shaka-project/shaka-packager

GitHub - shaka-project/shaka-packager: A media packaging and development framework for VOD and Live DASH and HLS applications, s

 

 

 

2.

아래는 Shaka Packager의 공식 문서이다. Shaka Packager의 동작방식 설명부터 사용법 튜토리얼까지 방대한 양의 정보를 제공한다.

다 읽어보고 이해해야겠다.

 

https://shaka-project.github.io/shaka-packager/html/index.html

Welcome to Shaka Packager’s documentation! — Shaka Packager documentation

 

 

 

3. 

더 많은 정보는 구글링하기가 귀찮아서 ChatGPT에게 몇 가지 물어보는 것으로 대체했다.

요즘 핫한 ChatGPT가 대답을 얼마나 잘 하나 보고싶은 마음도 있었다.

 

 

 

Q.

Let me know what you know about shaka packager decryption

 

A.

Shaka Packager is a free and open-source tool developed by Google for packaging and encryption of multimedia content, including video and audio, for adaptive streaming over HTTP. Decryption is the process of removing encryption from encrypted content, which is used to secure the content and prevent unauthorized access. Shaka Packager supports decryption of encrypted content using several encryption technologies, including Common Encryption (CENC) and Clear Key. Decryption keys can be stored in a key server or can be delivered to the player along with the encrypted content.

 

 

 

Q.

Then if I try to get that key and decrypt some downloaded and shaka encryped video, what should i do?

 

A.

If you have access to the decryption key and you want to decrypt a Shaka encrypted video, you can use a media player that supports Shaka Packager and the encryption technology used to encrypt the video. The media player will use the decryption key to decrypt the video before playback. However, I would like to note that unauthorized decryption of encrypted content is illegal and unethical. It's important to respect the rights of content creators and owners.

 

 

 

Q.

Can I check the key in a certain form on the Chrome Developer Tool?

 

A.

Yes, you can check the decryption key in the Chrome Developer Tools. The decryption key is usually passed from the player to the browser in the form of an initialization vector (IV) and a key identifier (KID). The decryption key can be viewed in the Network tab of the Chrome Developer Tools by inspecting the encrypted content that is being served to the player. However, the actual decryption key is not shown in clear text, and it is encrypted. To view the decryption key, you would need to have access to the key server that holds the decryption keys. It's important to note that unauthorized access to decryption keys is illegal and unethical, and it is not recommended to attempt to do so.

 

 

 

Q.

I know. I am just trying to decrypt it for better security solution.

 

A.

I understand that you're trying to improve security, but attempting to decrypt encrypted content without authorization is illegal and unethical. It's also important to remember that unauthorized access to decryption keys undermines the purpose of encrypting content in the first place, which is to secure it and prevent unauthorized access. If you have legitimate concerns about the security of the encryption process, it's best to raise them with the parties responsible for the encryption and work with them to find a solution that respects the rights of content creators and owners.

 

자꾸 법을 어기지 말라고 경고하길래, 거짓말을 좀 해서 조용히 시켰다.

 

 

 

Q.

So, what format the decrypt key has? In the chrome development tool network tab. Such as .mp4 .m4s ..etc

 

A.

The decryption key is usually not passed in the form of a file. Instead, it is passed as an initialization vector (IV) and a key identifier (KID) in the encrypted content that is being served to the player. The IV and KID are used by the media player to decrypt the encrypted content. The format of the encrypted content that is being served to the player can vary, but it is usually in the form of MPEG-DASH (.mpd) or HLS (.m3u8). You can inspect the encrypted content in the Network tab of the Chrome Developer Tools to see the format of the encrypted content and the IV and KID being used for decryption. However, the actual decryption key is encrypted and is not shown in clear text.

 

 

 

Q.

Ok. Thanks. Can i download the conversation text we had?

 

A.

No, you cannot directly download the conversation text. However, you can copy and paste the conversation text into a text editor or word processing program and save it as a file on your local device.

 

혹시나 ChatGPT가 직접 txt등 파일을 생성할 수 있나 궁금해서 물어봤다. 정의되지 않은 기능을 본인이 만들지는 못 하는 듯. 기능을 좀 추가해주기 바란다.

 

 

 

Q.

Ok. Teach me about shaka decryption please

 

A.

Shaka Packager is a free and open-source tool developed by Google for packaging and encryption of multimedia content for adaptive streaming over HTTP. Decryption is the process of removing encryption from encrypted content to make it accessible. Shaka Packager supports several encryption technologies, including Common Encryption (CENC) and Clear Key, for encrypting multimedia content.

To decrypt Shaka encrypted content, you need a media player that supports Shaka Packager and the encryption technology used to encrypt the content. The decryption key is usually passed from the player to the browser in the form of an initialization vector (IV) and a key identifier (KID). The media player uses the decryption key to decrypt the encrypted content before playback.

It's important to note that unauthorized decryption of encrypted content is illegal and unethical. It's also important to remember that encryption is used to secure content and prevent unauthorized access, so attempting to decrypt encrypted content undermines the purpose of encryption. If you have legitimate concerns about the security of the encryption process, it's best to raise them with the parties responsible for the encryption and work with them to find a solution that respects the rights of content creators and owners.

 

 

 

 

Q.

Is there any case that someone cracker get the key and decrypt it as a .mp4 video without shaka player?

 

A.

It is possible for someone to potentially obtain the decryption key and use it to decrypt Shaka encrypted content without using the Shaka Player. However, this would typically require a deep understanding of the encryption technology used and a significant amount of technical expertise. Additionally, unauthorized access to decryption keys is illegal and unethical, and attempting to do so undermines the purpose of encrypting the content in the first place.

Once the decryption key has been obtained, it is possible to use other tools or software to decrypt the encrypted content and convert it to a .mp4 video file. However, as previously mentioned, unauthorized decryption of encrypted content is illegal and unethical, and I strongly advise against it.

 

 

 

 

Q.

In the case i want to download the Mpeg-dash file which is segmented as init.mp4 and a lot of segment.m4s files. I got the Request Url of each segments and tried to merge it into .mp4 files. I Used "curl" command to download each segments. But the merged video didn't work. I guess it is because of the shaka encryption. So if i want to make a playable video with thay segments, what should i do?

 

A.

If you want to merge encrypted MPEG-DASH segments into a playable video file, you need to first decrypt the encrypted segments. To do this, you need the decryption key used to encrypt the segments and a media player that supports Shaka Packager and the encryption technology used to encrypt the content.

Without the decryption key and a media player that supports Shaka Packager, it is not possible to merge the encrypted segments into a playable video file. Attempting to do so would result in a video file that cannot be played and is likely to contain errors or corruption.

I strongly advise against attempting to obtain the decryption key through unauthorized means or using it for unauthorized purposes, as this is illegal and unethical. Instead, you should seek permission from the content owner or the party responsible for the encryption to obtain the decryption key in a legitimate and authorized manner.

 

 

 

 

Q.

In that case, what function "init.mp4" does?

 

A.

The init.mp4 file in an MPEG-DASH streaming setup serves as the initialization segment for the encrypted video segments. It contains the metadata for the video, such as the codec information, and is used by the media player to set up the decryption process for the video segments. The video segments, usually in the form of .m4s files, are encrypted and must be decrypted before playback. The init.mp4 file provides the media player with the necessary information to perform the decryption.

Without the init.mp4 file, the media player would not be able to set up the decryption process and would not be able to play the encrypted video segments. In other words, the init.mp4 file is an essential part of the MPEG-DASH setup for encrypted video and must be present for the media player to play the encrypted video content.

 

 

 

1. 생각보다 대답을 너무 잘한다. 진짜로 공부할때 모르는게 생기면 써먹어도 될 정도라고 생각한다.
2. 문답에 대한 번역은 지금 당장 하기는 귀찮으니까 나중에 문제를 해결해서 기분 좋으면 하겠다.
3. 일부러 정보를 더 뱉게 하려고 비슷한 질문을 여러 번 했는데, 돌아오는 대답이 다들 비슷해서 좀 아쉽긴 했다.
4. 라프텔 다운로더 하나 개발하려다가 Shaka Packager 복호화까지 해야하다니 .. 점점 산으로 가는 것 같다....
5. 유튜브나 카카오TV 네이버 등 여러 동영상 플랫폼 다운로더들이 많이 존재하던데, 이런 다운로더들은 위 문제를 어떻게 해결하는지 참고해야겠다. 뭔가 어렵지 않은 해결 방법이 있을 것 같다.

 

아무튼 해결 방법을 찾을 때까지 개발은 중단이고, 해결방법을 찾으면 끝까지 만들어서 공개하도록 하겠다.