> Commenting on the release, Sebastian Haselbeck of Tarantino fansite Tarantino.info says that while he’s not a fan of piracy, he believes that a failure to serve the market is the real problem.
> “I strongly condemn piracy and find it generally damaging, but it is a symptom, not the source, of market failure,” he told TF.
That's it right there. Music piracy took a long time to sort out because it was inaccessible. Now through Spotify/Apple Music/Youtube I struggle to find anyone who pirates music in my peers (it was prolific). It's not perfect yet and I think there's still some change to come but it's certainly ahead of the film industry.
1. Most people have no desire to go to a theater anymore, so making people wait months to see a new film means they're going to try to find a way to see it sooner. If they released streaming alongside movie theater releases I would imagine you'd knock out 90%+ of the piracy out there.
2. People like me who are on extremely limited bandwidth connections can't watch anything in high fidelity via something like Netflix. Need a way to buffer the whole movie locally ahead of time. Let me queue it up the night before so I can watch it when I get home from work and you'll have my dollars.
> Most people have no desire to go to a theater anymore, so making people wait months to see a new film means they're going to try to find a way to see it sooner. If they released streaming alongside movie theater releases I would imagine you'd knock out 90%+ of the piracy out there.
Aside: Saw Pets with my kids this week; Large Soda is now more than a Bud Light at a Football game ($8). Consider me among those who would gladly stop going to the theater.
> If they released streaming alongside movie theater releases I would imagine you'd knock out 90%+ of the piracy out there.
That's the problem that Sean Parker is hoping to address with his proposed streaming service[1]. At $50 a movie, that doesn't seem unreasonably priced. Until then, though, there's always the Prima Cinema option[2], but then you're looking at $500 a movie, plus $100k+ for the the initial setup, so it's not a great choice if you're impoverished.
I go out of my way to buy DRM-free. I buy on Humble/GOG over Steam (and often filter games my DRM-free), I prefer bandcamp and buying real physical CDs at bars.
eBooks are problematic because finding DRM-free stores for current titles is near impossible and I hate that my notes and the book are tied to a B&N/Google/Amazon account unless I use tools to extract them (books + notes). I'm essentially paying near the same price as a used copy of the physical book, but I'm renting the book. If Amazon of Google ever give up their books service in a prolific blaze of fire, customers lose all those purchases.
However much i do not like to spoil your party due to sharing the sentiment; please note that your example is an pyrrhic victory.
Sure, services who uphold basic principles such as listening to a market demand and adjusting prices to it exist nowadays; yet the root of the problems; it being impossible to define a marginal price; still exists.
Some of the monopolistic effects are not felt by the masses, yet they surely do exist.
Think about market entry for example, virtually impossible.
We have to raise the level of the debate i'm afraid....
If you meant thousands literally, I think it's a relatively low number. There's always going to be a large group of people seeding popular files to improve their ratio on a specific tracker. They're probably not even interested in those specific files. It's just for better reputation on the site.
> who knows how many people have downloaded from them
BT trackers do. And with enough seeds / pretend-seeds you can get a fairly precise numbers of downloaders.
There's still a number of countries where Spotify is not exactly cheap. Or where you can't get easy access to a permanent connection for streaming. But those places aren't huge record label customers either.
The top movies are getting ten of thousands of seeders. They get thousands in each of their localized version (French, German, Spanish...).
Go to one of the "current-best-streaming-site-of-the-moment.inwhatevercoutry" [1]
Some of the streaming sites publish the "views per video" (or downloads per video for DDL site). The top 10 videos are all in the hundreds of thousand of views.
The English streaming sites are in the millions of views per top video. They get more audience because of the language.
In comparison, it seems to me that music is not very popular for streaming/DDL/torrenting. If anything, it should concentrate all the views in a few places only because songs exist in a single version in a single language.
[1] easy to find in the "top 100 most visited site per country" with alexa.com :D
The use of DCP seems to be limited to very high resolution releases. HDCP is still what current era consumer hardware uses, and it's totally wide open.
The use of DCP seems to be limited to very high resolution releases.
The DCP is just a digital print (what movie theaters play for digital releases instead of the reels of film that go with analog releases). It's not really about resolution per se, it's just a term for the whole package that the theater gets.
To add to this - a typical cinema release is a pretty big file - frame-by-frame encoded as jpg2000 in 4k. Often shipped on hard drives, or downloaded via dedicated fiber lines. They key material is distributed separately, and allows for fine-grained control of play back (eg time of day - to the point that if a screening is sufficiently delayed, it may sometimes have to be cancelled if a new key can't be acquired in time...).
This all works due to proprietary hardware - the modifications to the 4k cinema projectors that enable decryption almost at the lens/imaging chip can cost as much as the projector itself, doubling the price of the projector (last I heard from around 15k to 30k USD).
With a more sane key distribution (no master keys in equipment, like with dvds) - I don't believe DCP is likely to be cracked in the same sense CSS was: probably the more likely scenario is that some insider leak some of the distributors private keys which would allow certain releases to be cracked - but would likely also trigger key roll over.
Also worth nothing that the DCP format is pretty nice, has optional encryption - and you can make your own. With the right contacts you can view your own footage on on a cinema screen :-)
The point of DRM is to make that time, motivation, and quality equation not make sense. Every day that a new videogame stays off Piratebay is an extra day of full revenue.
I'm not defending DRM, but it's important to know one's enemy.
Is that true, though? I'd expect that the people who only download cracked games will wait for the game to be cracked and up for download, no matter how long that takes. The people who download games to trial them and then buy the ones they like will likewise wait until they can give it a shot before potentially wasting money. The last group, those who buy legit copies of games at or near release, are going to buy it no matter what.
I agree in principle, but I think the adage that "Every day that a new videogame stays off Piratebay is an extra day of full revenue" is a bit of a false equivalency.
> a new videogame stays off Piratebay is an extra day of full revenue.
Yes and now, You cannot say that people who pirate games are necessarily going to buy the game if it were not "free". That's the argument used by the industry to justify DRM and it makes no sense whatsoever since the market would be like 100 times bigger if you calculate things this way. It would not.
> The point of DRM is to make that time, motivation, and quality equation not make sense. Every day that a new videogame stays off Piratebay is an extra day of full revenue.
This can't be true as written, as long as people expect it to show up there eventually. Every day it stays off piratebay is an extra day of revenue intermediate between full and "already out on piratebay" levels.
The DRM works because the value of these things appears to be greatly time-sensitive -- most of the cost is already getting-it-right-away, which DRM can protect, rather than the fundamental timeless value of the product, which DRM can't protect.
It's a great idea, but I don't know if it's like that for video games though. They may earn more money, but when they fail to code a proper backend and the launch breaks their system, they lose even more. Like for the last SimCity.
It depends on what the desired outcome of the DRM is. A prime example of effective DRM is Denuvo [0]. Loosely speaking, there are two main groups of people who pirate games - those who would buy it otherwise, and those who wouldn't. There's not much you can do about the latter group, so they're not really worth considering. The former group however are the potential lost sales. The sales for a AAA video game usually peak on release or very shortly after, and fall off a cliff very quickly., If your DRM system manages to keep a crack for your game from being leaked for the first few weeks of its life, you will capture many of the people who fall into the "might buy your game" category.
The DRM for games is altogether another beast than DRM for movies or audio. Games are interactive so while cracking them should in theory always be possible (unless they are server based), the cracked version represents a possible threat to the users. Did really someone crack the software for the fun of it or is it malware? With movies such concerns are limited to exploiting bugs in movie players, so attack surface is much lower. Also, all one needs to do is capture the output and write it to file. The "hack" is quite trivial with proper equipment.
Regarding HDCP, while 1.x is currently wide open, I'm not aware of any "crack" of HDCP 2.2, the currently required version for 4k content. There might have been keys leaked, but key extraction is only getting harder, with devices embedding keys deeper into the chipsets, with software/hardware video paths inaccessible from traditional OSes, etc.
Also, I would be surprised their isn't a watermark in there that will point to the cinema who leaked the version.
> If you can view it, you can copy it... it's just a matter of time, motivation, and desired quality.
And exactly the time and motivation needed is why DRM can work in the end. Modern DRM schemes like AACS employ methods to change keys for new works. So when crackers find a key that allows them to circumvent the DRM scheme they can't publish it or it would soon get useless and they would have to do the work to extract a key again.
This is probably what we're seeing here.
This means that for consumers the DRM stays effective. They can't do copies of things they legally bought.
Modern DRM schemes like AACS
employ methods to change keys
for new works. So when crackers
find a key that allows them to
circumvent the DRM scheme they
can't publish it or it would
soon get useless and they would
have to do the work to extract
a key again.
Okay, just think about this for a minute.
Who would EVER care about a cipher key, when YOU STILL NEED TO EXPOSE THE RAW PIXEL RASTER, AND AUDIO CHANNELS TO THE END USER, IN ORDER FOR ANYTHING TO BE VALUABLE AT ALL?
Users will always eventually get the whole thing in the clear, in straight-up plain text somehow, eventually anyway. And all anyone needs is a buffer big enough to capture it, and it's trivial to assemble one.
You need to be able to watch a movie with the naked eye, and hear the sound with your ears. That's how movies work.
It's trivial to capture the raw data, and people have been living with NTSC quality picture and sound for decades.
This is not about perfectly matching the SHA256 hashes of the original MPEG artifacts. People just want a copy, and it's easy to skim one, somehow, one way (cracking) or another (brute force direct copies of the image frames and pulse code samples, at the signal source).
I don't know DCP, but from reading wikipedia it's something different than HDCP:
HDCP is encryption during transmission (like SSL), e.g. encryption while transferring the movie data through the HDMI cable. It is not used for encrypting data on a storage medium (like CSS, and apparently also DCP are).
I find it amusing that after all these decades people are still willing to claim some sort of moral high ground in defense of their desire for entertainment.
Filmmakers themselves talk about movies being culture as well as entertainment, and without piracy, being part of contemporary culture become (even more) a matter of your disposable income. So regardless if it is moral or not ( what is moral is not easily established in a global context ) we can ask if piracy does more good than bad for society ? Is there an even better alternative ?
In the end, copyright is based on laws created by governements as trade agreements, rarely involving the voting public when it's not a dictator or monarch making the rules. In effect copyright is a matter of law, not moral, and sometimed the law is not moral. In this case, I stay my judgement as it can only cloud the real issues.
Personally I think everybody who is not an adult, without a job or a home should by default be allowed free access to anything we call culture. Being part of society is - which everyone should be - is down to having a shared context. The so called entertainment is a major part of this, and without access to it you become an 'other', the outsider.
I find it amusing that after all these decades people are still willing to have cultural artefacts being distributed at the whim of corporations rather than passionate archivists who actually care for the work.
So many movies are only available commercially in their objectively worst version (pan and scan, poor subtitles, no subtitles just dubbing, missing scenes, censored scenes, poor audio or poor picture), people who actually care for the film more than the copyright holders go out of their way to combine several awful versions into a version better than commercially available because they actually care about what they're distributing because it's for passion not profit..
I find it amusing that people in the US have been willing to extend copyright from the original 28 years to 100 years, and in most cases to give no moral rights to the artists involved in the creation of the work.
And this is the framework the US is pushing the rest of the world to adopt.
> If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.
> That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property.
After all these centuries, people are still willing to claim some sort of moral high ground in killing other people for their beliefs. And downloading a file is amusing?
Some people believe that copyright infringement is a morally acceptable response to copyright terms changing from limited to effectively infinite duration.
It's worth noting that the DCP format doesn't have a master key - each "reel" of an encrypted film has its own content key, which is decrypted by each DCP player's private FIPS protected key combined with a public Key Delivery Message from the distributor.
So if the DCP was indeed cracked, it was either because they gained access to the FIPS module in a DCP playback server, or they gained access to the plaintext content keys where the KDMs are generated. If they have the server's private key, they will be able to decrypt every other film that they have a KDM for and we should expect to see more DCP releases.
> they will be able to decrypt every other film that they have a KDM for and we should expect to see more DCP releases.
If you have individually encrypted copies, it would be stupid to not also individually watermark them on the content level. With a bit of targeted key invalidation, this could well be contained to a one time breach.
There is just one encrypted copy, with one key. But that key has many copies, each encrypted with a different copy. The device takes its private key, and uses it to acquire the "master" key, which is then used to decrypt the media.
Of course, every movie release has its own "master" key.
As far as I know, MXF basically contains JPEG pictures and because of that, it can't use motion prediction algorithms used in modern video codes, so the size of 40 GB for a 4K video in H.264 format is possible.
But I agree that it's better to see the original decrypted container.
Firstly DCPs are not wrappers that contain MXFs. From what I remember DCP predates MXF.
From memory (its been 8 years since I've actually dealt with creating them) They are effectively zip files that contain JPEG2000, lots of metadata and some sound tracks.
Crucially, the authoring and encryption are controlled by a central authority. Each projector needs to be registered with a KDM to make sure it can receive decryption keys. http://www.artsalliancemedia.com/software/screenwriter#featu... is one system for managing projectors.
Getting a distribution DCP is pretty hard, also Keys are short lived. But, someone people create non-encrypted DCPs for various purposes.
If its a MXF, then that suggests its either from a finishing house, or more likely a producer's laptop. (ie how wolverine got leaked, a pissed up producer leaving an unencrypted laptop on a plane. Even though their flight was pointless, as there are many remote viewing systems about. )
DCP developer here. DCP track files are MXF. SMPTE ST 377:2004 (MXF) predates SMPTE ST 429-3:2007 (DCP Sound and Picture.) ST 377 is a normative reference of ST 429-3. There is no zip file. There is no central registration for encryption. Each Media Block has a 2k RSA key (usually generated inside the FIPS 140 boundary), and each content distributor has a collection of the respective X.509 certificates.
The article links to the leak, where there are screenshots from both the DCP and US Blu-ray versions of the movie. The new (DCP) source looks way better, has much more detail. Both are in H.264 format at obscenely-high bit rates. Other than cutting the file size in half for the same bit rates, I wonder how H.265 would fare on this epic movie!
I'm no expert on DCP or encryption. But from what I've read DCP uses AES 128, they probably didn't crack that. But also each projector gets its own unique key to decode the movie. Which I assume is somehow combined with the key in the projector to create the real decryption key.
So my first guess is that they had the ability to snoop on multiple key exchange messages and some how used that knowledge to find a shortcut to solve AES based on the gleaned knowledge from all the gathered keys, or they broke into a projector and took its internal key.
Some of the projectors are connected to the DCP playback server via encrypted HD-SDI. The content is link-encrypted between the server and projector using Texas Instrument's "Cinelink" technology. If the TI "Enigma" module's private key was leaked, this would enable recording the plaintext SMPTE 292M video stream in real-time. The audio is un-encrypted obviously and easy to record, but it is watermarked so they would be able to trace back the recording to a specific KDM.
All I know is that the music industry learned a long time ago DRM didn't work and wasn't worth it, and I can now buy MP3 files on any service, and play them on any device. And while I don't engage in movie piracy myself, I hope these pirates are successful in driving studios to that same point, where I can happily shell over $30 for a 4K file and use it how I want to.
There's a difference though. DRM music files are sold directly to consumers. These consumers have to be able to decrypt the files on their own computers / devices which makes DRM useless.
The movie files in this case are not meant for consumers. They're only decrypted on specialised equipment not accessible to the general public. If you manage to get your hands on a DCP file there's nothing you can do to decrypt it without access to the specific projector system it was intended for (unless someone screwed up somewhere of course)
Yeah, but let's be honest, if I had a job as a manager at a theater and a moderate amount of reverse engineering skill or a small team of friends with those, well, time, access and tools combine quite well...
Sure, they make it look all secure, pass it through all that crypto and stuff but ultimately it has to be passed to the projector chip in some form which is unencumbered to be turned into light. At which point it's fairly trivial to dump. Anti-tampers on the case are probably fairly limited.
So UHD BlueRays, they don't use DCP correct? But those haven't been broken as well (as far as we know), and that seems like the media to target to create 4k torrents.
Readit News
> “I strongly condemn piracy and find it generally damaging, but it is a symptom, not the source, of market failure,” he told TF.
That's it right there. Music piracy took a long time to sort out because it was inaccessible. Now through Spotify/Apple Music/Youtube I struggle to find anyone who pirates music in my peers (it was prolific). It's not perfect yet and I think there's still some change to come but it's certainly ahead of the film industry.
1. Most people have no desire to go to a theater anymore, so making people wait months to see a new film means they're going to try to find a way to see it sooner. If they released streaming alongside movie theater releases I would imagine you'd knock out 90%+ of the piracy out there.
2. People like me who are on extremely limited bandwidth connections can't watch anything in high fidelity via something like Netflix. Need a way to buffer the whole movie locally ahead of time. Let me queue it up the night before so I can watch it when I get home from work and you'll have my dollars.
Aside: Saw Pets with my kids this week; Large Soda is now more than a Bud Light at a Football game ($8). Consider me among those who would gladly stop going to the theater.
Box office sales have generally increased over the past 20+ years. Possibly people in your peer group may not, but this does not seem correct. http://www.boxofficemojo.com/yearly/http://www.the-numbers.com/market/
That's the problem that Sean Parker is hoping to address with his proposed streaming service[1]. At $50 a movie, that doesn't seem unreasonably priced. Until then, though, there's always the Prima Cinema option[2], but then you're looking at $500 a movie, plus $100k+ for the the initial setup, so it's not a great choice if you're impoverished.
[1] http://www.businessinsider.com/sean-parker-streaming-rental-... [2] http://www.businessinsider.com/prima-movie-2016-4
Please note that I don't mind DRM when used in streaming but I find it onerous when I "purchased" something.
eBooks are problematic because finding DRM-free stores for current titles is near impossible and I hate that my notes and the book are tied to a B&N/Google/Amazon account unless I use tools to extract them (books + notes). I'm essentially paying near the same price as a used copy of the physical book, but I'm renting the book. If Amazon of Google ever give up their books service in a prolific blaze of fire, customers lose all those purchases.
Sure, services who uphold basic principles such as listening to a market demand and adjusting prices to it exist nowadays; yet the root of the problems; it being impossible to define a marginal price; still exists. Some of the monopolistic effects are not felt by the masses, yet they surely do exist. Think about market entry for example, virtually impossible. We have to raise the level of the debate i'm afraid....
Music piracy is still huge. Any top 40 album is going to have THOUSANDS of seeders, who knows how many people have downloaded from them.
> who knows how many people have downloaded from them
BT trackers do. And with enough seeds / pretend-seeds you can get a fairly precise numbers of downloaders.
There's still a number of countries where Spotify is not exactly cheap. Or where you can't get easy access to a permanent connection for streaming. But those places aren't huge record label customers either.
The top movies are getting ten of thousands of seeders. They get thousands in each of their localized version (French, German, Spanish...).
Go to one of the "current-best-streaming-site-of-the-moment.inwhatevercoutry" [1]
Some of the streaming sites publish the "views per video" (or downloads per video for DDL site). The top 10 videos are all in the hundreds of thousand of views.
The English streaming sites are in the millions of views per top video. They get more audience because of the language.
In comparison, it seems to me that music is not very popular for streaming/DDL/torrenting. If anything, it should concentrate all the views in a few places only because songs exist in a single version in a single language.
[1] easy to find in the "top 100 most visited site per country" with alexa.com :D
Dead Comment
The use of DCP seems to be limited to very high resolution releases. HDCP is still what current era consumer hardware uses, and it's totally wide open.
As always with DRM, it's defective by design. https://en.wikipedia.org/wiki/Defective_by_Design
If you can view it, you can copy it... it's just a matter of time, motivation, and desired quality.
The DCP is just a digital print (what movie theaters play for digital releases instead of the reels of film that go with analog releases). It's not really about resolution per se, it's just a term for the whole package that the theater gets.
This all works due to proprietary hardware - the modifications to the 4k cinema projectors that enable decryption almost at the lens/imaging chip can cost as much as the projector itself, doubling the price of the projector (last I heard from around 15k to 30k USD).
With a more sane key distribution (no master keys in equipment, like with dvds) - I don't believe DCP is likely to be cracked in the same sense CSS was: probably the more likely scenario is that some insider leak some of the distributors private keys which would allow certain releases to be cracked - but would likely also trigger key roll over.
Also worth nothing that the DCP format is pretty nice, has optional encryption - and you can make your own. With the right contacts you can view your own footage on on a cinema screen :-)
See eg:
http://www.knuterikevensen.com/?p=2559
I'm not defending DRM, but it's important to know one's enemy.
Yes and now, You cannot say that people who pirate games are necessarily going to buy the game if it were not "free". That's the argument used by the industry to justify DRM and it makes no sense whatsoever since the market would be like 100 times bigger if you calculate things this way. It would not.
This can't be true as written, as long as people expect it to show up there eventually. Every day it stays off piratebay is an extra day of revenue intermediate between full and "already out on piratebay" levels.
The DRM works because the value of these things appears to be greatly time-sensitive -- most of the cost is already getting-it-right-away, which DRM can protect, rather than the fundamental timeless value of the product, which DRM can't protect.
It depends on what the desired outcome of the DRM is. A prime example of effective DRM is Denuvo [0]. Loosely speaking, there are two main groups of people who pirate games - those who would buy it otherwise, and those who wouldn't. There's not much you can do about the latter group, so they're not really worth considering. The former group however are the potential lost sales. The sales for a AAA video game usually peak on release or very shortly after, and fall off a cliff very quickly., If your DRM system manages to keep a crack for your game from being leaked for the first few weeks of its life, you will capture many of the people who fall into the "might buy your game" category.
[0] https://en.wikipedia.org/wiki/Denuvo
Also, I would be surprised their isn't a watermark in there that will point to the cinema who leaked the version.
And exactly the time and motivation needed is why DRM can work in the end. Modern DRM schemes like AACS employ methods to change keys for new works. So when crackers find a key that allows them to circumvent the DRM scheme they can't publish it or it would soon get useless and they would have to do the work to extract a key again. This is probably what we're seeing here.
This means that for consumers the DRM stays effective. They can't do copies of things they legally bought.
Who would EVER care about a cipher key, when YOU STILL NEED TO EXPOSE THE RAW PIXEL RASTER, AND AUDIO CHANNELS TO THE END USER, IN ORDER FOR ANYTHING TO BE VALUABLE AT ALL?
Users will always eventually get the whole thing in the clear, in straight-up plain text somehow, eventually anyway. And all anyone needs is a buffer big enough to capture it, and it's trivial to assemble one.
You need to be able to watch a movie with the naked eye, and hear the sound with your ears. That's how movies work.
It's trivial to capture the raw data, and people have been living with NTSC quality picture and sound for decades.
This is not about perfectly matching the SHA256 hashes of the original MPEG artifacts. People just want a copy, and it's easy to skim one, somehow, one way (cracking) or another (brute force direct copies of the image frames and pulse code samples, at the signal source).
HDCP is encryption during transmission (like SSL), e.g. encryption while transferring the movie data through the HDMI cable. It is not used for encrypting data on a storage medium (like CSS, and apparently also DCP are).
In the end, copyright is based on laws created by governements as trade agreements, rarely involving the voting public when it's not a dictator or monarch making the rules. In effect copyright is a matter of law, not moral, and sometimed the law is not moral. In this case, I stay my judgement as it can only cloud the real issues.
Personally I think everybody who is not an adult, without a job or a home should by default be allowed free access to anything we call culture. Being part of society is - which everyone should be - is down to having a shared context. The so called entertainment is a major part of this, and without access to it you become an 'other', the outsider.
Moral or not.
So many movies are only available commercially in their objectively worst version (pan and scan, poor subtitles, no subtitles just dubbing, missing scenes, censored scenes, poor audio or poor picture), people who actually care for the film more than the copyright holders go out of their way to combine several awful versions into a version better than commercially available because they actually care about what they're distributing because it's for passion not profit..
And this is the framework the US is pushing the rest of the world to adopt.
> That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property.
--Thomas Jefferson
So if the DCP was indeed cracked, it was either because they gained access to the FIPS module in a DCP playback server, or they gained access to the plaintext content keys where the KDMs are generated. If they have the server's private key, they will be able to decrypt every other film that they have a KDM for and we should expect to see more DCP releases.
If you have individually encrypted copies, it would be stupid to not also individually watermark them on the content level. With a bit of targeted key invalidation, this could well be contained to a one time breach.
If they released the actual DCP .mxf files it would be proof that the DCP was truly cracked.
EDIT: According to another comment it's H264.
Firstly DCPs are not wrappers that contain MXFs. From what I remember DCP predates MXF.
From memory (its been 8 years since I've actually dealt with creating them) They are effectively zip files that contain JPEG2000, lots of metadata and some sound tracks.
Crucially, the authoring and encryption are controlled by a central authority. Each projector needs to be registered with a KDM to make sure it can receive decryption keys. http://www.artsalliancemedia.com/software/screenwriter#featu... is one system for managing projectors.
Getting a distribution DCP is pretty hard, also Keys are short lived. But, someone people create non-encrypted DCPs for various purposes.
If its a MXF, then that suggests its either from a finishing house, or more likely a producer's laptop. (ie how wolverine got leaked, a pissed up producer leaving an unencrypted laptop on a plane. Even though their flight was pointless, as there are many remote viewing systems about. )
So my first guess is that they had the ability to snoop on multiple key exchange messages and some how used that knowledge to find a shortcut to solve AES based on the gleaned knowledge from all the gathered keys, or they broke into a projector and took its internal key.
The movie files in this case are not meant for consumers. They're only decrypted on specialised equipment not accessible to the general public. If you manage to get your hands on a DCP file there's nothing you can do to decrypt it without access to the specific projector system it was intended for (unless someone screwed up somewhere of course)
Sure, they make it look all secure, pass it through all that crypto and stuff but ultimately it has to be passed to the projector chip in some form which is unencumbered to be turned into light. At which point it's fairly trivial to dump. Anti-tampers on the case are probably fairly limited.
What tech is used on UHD consumer Bluerays?