Back


MP4s and CENC

Posted by Amir Mazzarella on February 23, 2018


          You may notice that I work a lot with web streaming and web DRM. I love the concept and find it fascinating to research. About two months ago I was working on a project to decrypt CENC encrypted MP4s according to the ISO standard (ISO/IEC 23001-7). I still haven’t finished to this day, but that’s due to a loss of motivation and time. You can find the link here: https://github.com/truedread/pymp4decrypt. It’s based on a fork I made of a python MP4 parsing utility. I had to fork it to add some extra CENC related boxes (encv, sinf, schi, etc.) for the decryption to have the boxes it needs to parse. CENC is AES-CTR encryption, and with CENC there are blocks of the mdat box encrypted with the same key but a different IV. pymp4decrypt works by reading the number of samples and subsamples and decrypting each appropriately. It’s only one .py file, so it’s not a pain to read.

          PIFF has proven issues, however. Yes, I know PIFF is not CENC, but they’re incredibly similar, and I still want to support it, considering Netflix uses PIFF encryption for its MP4s (Amazon uses regular CENC). PIFF doesn’t have explicit senc, pssh, or tenc boxes. What it does have is a uuid box that, based on the extended_type attribute of the box, is a senc, pssh, or tenc box. Parsing PIFF isn’t the problem; it’s the many headers I must fix after decryption that is. pymp4 doesn’t fix boxes for size and end markers after you change some of it, so I the decrypter would need to take it into its own hands. I also need to add support for IV sizes greater than 8 bytes, as defined in the ISO spec, since currently, the decrypter can only handle IV sizes of 8. I would also have to fix the stream parsing since it doesn’t work the same on everyone’s PC. Other than that, however, it was a nice little project to work on, even if it’s slower than the existing mp4decrypt from the C++ Bento4 library.


   MP4    CENC    DRM    PYMP4    PYMP4DECRYPT   

 Share on: Twitter / Facebook / Google+ / Email