Posted by Amir Mazzarella on February 23, 2018
You may notice that I work a lot with web streaming and web DRM. I love the concept and find it fascinating to research. About two months ago I was working on a project to decrypt CENC encrypted MP4s according to the ISO standard (ISO/IEC 23001-7). I still haven’t finished to this day, but that’s due to a loss of motivation and time. You can find the link here: https://github.com/truedread/pymp4decrypt. It’s based on a fork I made of a python MP4 parsing utility. I had to fork it to add some extra CENC related boxes (encv
, sinf
, schi
, etc.) for the decryption to have the boxes it needs to parse. CENC is AES-CTR encryption, and with CENC there are blocks of the mdat
box encrypted with the same key but a different IV. pymp4decrypt
works by reading the number of samples and subsamples and decrypting each appropriately. It’s only one .py file, so it’s not a pain to read.
PIFF has proven issues, however. Yes, I know PIFF is not CENC, but they’re incredibly similar, and I still want to support it, considering Netflix uses PIFF encryption for its MP4s (Amazon uses regular CENC). PIFF doesn’t have explicit senc
, pssh
, or tenc
boxes. What it does have is a uuid
box that, based on the extended_type
attribute of the box, is a senc
, pssh
, or tenc
box. Parsing PIFF isn’t the problem; it’s the many headers I must fix after decryption that is. pymp4
doesn’t fix boxes for size and end markers after you change some of it, so I the decrypter would need to take it into its own hands. I also need to add support for IV sizes greater than 8 bytes, as defined in the ISO spec, since currently, the decrypter can only handle IV sizes of 8. I would also have to fix the stream parsing since it doesn’t work the same on everyone’s PC. Other than that, however, it was a nice little project to work on, even if it’s slower than the existing mp4decrypt
from the C++ Bento4 library.