Questions tagged [drm]
DRM (digital rights management) is the enforcement of restrictions on access control to data through technical means, such as copy protection.
131 questions
2
votes
1
answer
91
views
If the video only has one frame, then Widevine won't work?
I'm curious about Widevine, and I've done some search on it, and I've heard that it's protected by repeated frame-by-frame encryption and compounding, so if the video only has one frame (or that frame ...
- 21
1
vote
1
answer
114
views
Couldn't an HDCP bypass "attack" always be done losslessly, given a known compression algorithm was used?
When DRM-protected video is displayed on an output device, these streams are sometimes saved and re-encoded, resulting in quality loss. However, let's say we can obtain the outputted video in a pixel-...
- 1,291
13
votes
6
answers
7k
views
Is it impossible to protect an API from data redistribution?
Say there is a frontend mobile app and a backend server (let's call this service MyApp) which hosts an API for the mobile app to connect to. The backend server makes any needed requests to third party ...
- 233
0
votes
0
answers
172
views
How to prevent public key tampering
I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor ...
- 1
8
votes
1
answer
3k
views
Displaying on screen without being recordable by another app
A couple years ago I rented a movie on iTunes and began watching it in the Windows 10 x64 desktop app.
At one point, I opened OBS in capture screen mode. To my amazement, the iTunes window showed only ...
- 744
1
vote
1
answer
341
views
Could the Brain virus technically prevent software piracy?
The Brain virus is an early virus targeting the IBM PC / MS DOS platform.
Sometimes, it is claimed that one of the virus' purpose was to prevent the copying of some software that the virus was ...
1
vote
3
answers
146
views
Is there a way to store data securely on a client so that it can only be read by the client while connected to an authorising source?
I have a difficult issue facing an online gaming social space I frequent where personal content I've made for the platform is being stolen by users.
I'm wondering if there are any solutions to make ...
- 111
1
vote
0
answers
408
views
How do screenshot blocking technologies work? [closed]
I've noticed I can't take screenshots of videos in Star+. When I paste whatever I tried to shot, it comes all black (subtitles however are visible). After some research, I found out it happens with ...
- 121
1
vote
0
answers
2k
views
Why can I watch videos on Crunchyroll without having DRM content enabled in Firefox?
The title pretty much covers the question. I'm using Linux and, whenever I go to sites like Amazon Prime and such, if I try to watch any of their videos, the player would error out in an error code ...
- 167
1
vote
0
answers
226
views
How to find applications which use Replay Protected Memory Block (RPMB) partition of the underlying storage device in Android Trusty? [closed]
I am trying to find a list of applications which use RPMB partition in the underlying Storage Device (eMMC/UFS/NVMe) in Android Trusty environment.
How do I go about doing this ?
Thanks
0
votes
2
answers
390
views
How to put executable code in files? [closed]
I have PDF, Word and MP4 files on my site and I want to protect them from illegal downloading even if my site hacked. I want to put executable code in the files, so if someone downloads and opens them,...
- 9
2
votes
2
answers
2k
views
How to decrypt a file to memory and run it from memory?
How someone might run an encoded executable, mp3, or any other file safely in memory after being decrypted.
A use case might be someone trying to make code or a file only usable through their service ...
0
votes
1
answer
156
views
Can a source code be shared and secured form unauthorized use at the same time?
We have developed a script that generates certain reports as output. Input data being confidential in nature, one of our clients wants the code to be hosted in their country and also for the business ...
- 1
-1
votes
1
answer
274
views
securing certificate based authentication for linux and windows applications
I am wondering what are the possible options for the following:
Let's say you have a software-agent you want to deploy on systems running both on Windows and Linux, e.g. an agent written in C++.
Let's ...
- 129
0
votes
1
answer
224
views
How to prevent Source code excessive usage and redistribution?
We sell our code to a company that they can run our code 100 times a month. We need to do a few things before giving the code to the company.
Hide our logic (we can hide our logic by code obfuscation)...
2
votes
0
answers
535
views
DRM implementation for offline licensing
I am improving one of the DRMs that I'm using for my software, and I have a few questions about how to best implement transferable licenses for offline computers. But first, a disclaimer - I am very ...
- 121
0
votes
1
answer
7k
views
How a website knows if a video has been watched or downloaded?
There's a video lecture streaming on a university platform that runs javascript. Can the system detect if I'm downloading the video (via IDM) rather than just watching it? In other words, how can a ...
1
vote
1
answer
162
views
What are the roles of the "PACKAGER" in a digital rights management system?
I am studying about the basics of DRM systems. I recently discovered that the term packager is the application that encrypts the original content from the creator. Is there any other work this ...
Manikandan
1
vote
2
answers
230
views
python time since epoch hacking system variable
I am trying to figure out whether it's safe to let a payed software check its own license date validity using the client's computer
the way this is done is by invoking time.time() function from ...
- 111
0
votes
1
answer
259
views
Is using SecureString in combination with Xor considered secure enough for standalone Windows app?
The environment is Windows. We are using 3rd party tools in our app, and for tools to work they require method call and pass a license key that is a string.
License.Import(string name, string email, ...
- 1,345
0
votes
0
answers
180
views
How to restrict software distribution or make sure it should not be copied [duplicate]
I Want to release software and it is going to be hosted on the client system. How to make sure that it should not be copied or how to restrict unpaid users using the software.
I have 2 questions.
...
20
votes
3
answers
6k
views
How does Widevine, FairPlay, and other DRM's work under the hood?
I am trying to understand how DRM works under the hood. There doesn't seem to be much information about it on the web so I figured I would ask here.
After some attempted research, I found it ...
- 680
39
votes
6
answers
10k
views
Schemes/ Mechanisms that could provide one time decryption?
I am quite familiar with most of the common undergrad/grad security foundations; but I couldn't find anything related to this scenario:
A scheme/system where a piece of data can only be 'decrypted' ...
- 511
0
votes
1
answer
529
views
Server encryption, client decryption, without the client having the ability to encrypt?
Is it possible to encrypt data server side and then decrypt it client side; without the client having the ability to encrypt the data themselves after decrypting?
I'm working on a license manager ...
- 101
0
votes
3
answers
5k
views
Should I trust signed GOG games, which are not original?
First I don't want to promote any kind of pirated software here, just don't know where and how to ask this question.
I find out crackers share games released on GOG (which are DRM free), it's ...
- 259
20
votes
5
answers
5k
views
How to use FDE without needing to share the encryption password
We have an AI model which needs to be deployed on premise. The hardware will be provided by us, so we can do what ever we want on the device. The device is a mini PC running Ubuntu 18.04.
The UI is ...
- 311
7
votes
3
answers
1k
views
Encrypt folder on Linux that can only be decrypted on that specific OS and device
Suppose I want to give a computer to someone that runs an application. I want to avoid that the program can be copied to another computer or be tampered with. For that, I want to encrypt the folder ...
- 173
0
votes
1
answer
255
views
Securing Delphi application SSL traffic from decryption
I wrote a VCL app using Delphi10.2. It has a simple activation setup, encrypted key is stored in Kinvey backend. The key to decrypt the encrypted key is hidden in the source code.
Now in order to ...
- 3
0
votes
2
answers
867
views
How to protect HMAC key embedded in code from someone who would copy entire source?
I and a friend are developing a web game. The front-end to back-end communication will be carried out by the means of an API.
We realized that someone could then easily hook up to our API and make a ...
- 1
1
vote
2
answers
334
views
Encrypting intellectual property on client side
Is it possible to effectively protect/encrypt intellectual property that is on the client side?
Assume that I am selling a product (software) to clients, that contains intellectual data, for example ...
- 13
0
votes
3
answers
297
views
How to track the usage of image
We are running an image content system where we allow the option to download the image freely by any user.
Now I want to do the following things for those images:
Track down the usage of the image ...
- 109
14
votes
1
answer
957
views
How do HTML5 DRM addons protect their output?
HTML5 has a DRM framework Encrypted Media Extensions (EME), that allows DRM companies to create content decryption modules (CDM) to decrypt DRM protected content. Browsers should use a sandbox to run ...
- 3,472
3
votes
3
answers
2k
views
Returning POST JSON data securely?
I have a webpage (HTTPS encrypted and authorized only via domain credentials) that displays grid information. This grid information is received via a POST request to my server which will send back ...
- 145
2
votes
3
answers
3k
views
How to prevent unauthorized users from accessing an image on my server just by URL?
I have a few dynamically generated images on my server (of high business value), which are supposed to be viewed only via our mobile app. The image is simply loaded from the URL as PNG. How can I ...
- 121
1
vote
3
answers
509
views
Why is it required to HMAC riv in HDCP 2.3?
In HDCP 2.3 (pdf) during the Session Key Exchange, the HDCP transmitter sends also the 256-bit HMAC of riv (HMAC-SHA256(riv, kd)).
Why is it required? Does it prevent any attack?
- 393
1
vote
3
answers
461
views
Per-User Image DRM for Finding a Leaker? [duplicate]
I'm managing a client that distributes their users images and files through one source. My background is heavily in development as opposed to security, and I'm of course familiar with some tricks that ...
- 11
2
votes
0
answers
74
views
Protecting website from content theft [duplicate]
I have a website called http://example.com. there is another website called http://example1.com it has the same content as for my website.
If I upload file on my website like http://example.com/test....
- 121
-1
votes
2
answers
332
views
How to identify the user who revealed private mp3 to public? [duplicate]
I have a service that serves mp3 files to a small circle of people.
In the case of a revelation, how could I know who had done that?
What technology could I use to sign every copy of the mp3 files ...
0
votes
2
answers
340
views
Is there any way to track the status of a document sent to an external entity?
I'm wondering what the capabilities for document (PDF/DOCX/XLSX/PPTX) tracking are , specifically to determine whether a client has broken a non-disclosure agreement.
Here's a scenario:
Service ...
- 746
3
votes
0
answers
3k
views
How can Web Crypto API and IndexedDB protect data stored on the client side against user manipulation?
Imagine web apps that are supposed to work with no or only a few interactions with the web server, for example:
a browser game in which the player's level and progress are to be saved locally.
a game,...
- 131
1
vote
0
answers
287
views
How secure is a file on a raspberry pi?
Let's say I change the password for the root & pi user to something impossible to brute force, say 20 characters.
Then in one of my files on my raspberry pi, I hardcode a password.
Is this ...
- 225
18
votes
1
answer
6k
views
How difficult is it to intercept the POST response body when SSL is used?
For an Android application that is performing POST requests (JSON) over SSL and receiving a JSON object as a response, how difficult is it to get the JSON response?
Is the easiest way to decompile ...
- 189
1
vote
1
answer
491
views
Are the details about the Widevine bug now public?
There was a bug in Widevine last year which enabled downloading Encrypted Media Extension Content.
They stated that they would give full details after 90 days. Was this meant for public disclosure or ...
- 1,492
-1
votes
1
answer
551
views
Audio steganography and DRM
I recently made a post about an audio steganography program and had another concern I thought I might ask. I understand that most music has DRM in them. If I hide secret files in audio files with DRM ...
user178802
3
votes
2
answers
1k
views
DRM using embedded private key
I've started learning about cryptography used for DRM solutions, and curious to know if this is a valid solution for a custom embedded system running purchased software assets.
ECDSA public / private ...
5
votes
1
answer
3k
views
How does video protection work when someone is recording their screen?
I forgot to turn my video recorder off and accidentally recorded my screen when I watched some series on some website. When I re-watched the video a few weeks later, I noticed that the part where the ...
user168683
1
vote
0
answers
95
views
Can files be retrieved from a VM instance state that was initially encrypted on a disk?
If I were to make a VM disk that was encrypetd, boot it, enter the encrypted passphrase and save the resulting 'image state' (of the running VM).
Would this image have the 'encrypted' files easily ...
3
votes
1
answer
451
views
How protected are files within a running encrypted VM on a possibly non secure hypervisor / host?
I've got a set of source code files (compiled C#) that I want to prevent direct read access to. The program will be running on the VM. I was thinking of storing these in an encrypted hard disk VM, the ...
1
vote
0
answers
736
views
Can we screen record Netflix strems? [duplicate]
No I don't want to do it and I don't have a Netflix account but I have heard the different ways Netflix uses DRM to protect its content such as encrypted streaming and watermark. But someone can just ...
- 133
0
votes
1
answer
684
views
What is the mechanism to protect photos uploaded on social media? [closed]
I know water mark the photograph is one method to protect ones copyright over the picture. is there any other technique through which one can prevent or detect the plagiarism of photos.
- 9