
Pirates Plunder 4K Hateful Eight, but Did They Crack DCP? - dbcooper
https://torrentfreak.com/pirates-plunder-4k-hateful-eight-but-did-they-crack-dcp-160906/
======
yRetsyM
> Commenting on the release, Sebastian Haselbeck of Tarantino fansite
> Tarantino.info says that while he’s not a fan of piracy, he believes that a
> failure to serve the market is the real problem.

> “I strongly condemn piracy and find it generally damaging, but it is a
> symptom, not the source, of market failure,” he told TF.

That's it right there. Music piracy took a long time to sort out because it
was inaccessible. Now through Spotify/Apple Music/Youtube I struggle to find
anyone who pirates music in my peers (it was prolific). It's not perfect yet
and I think there's still some change to come but it's certainly ahead of the
film industry.

~~~
tw04
Well, there are two issues as I see it:

1\. Most people have no desire to go to a theater anymore, so making people
wait months to see a new film means they're going to try to find a way to see
it sooner. If they released streaming alongside movie theater releases I would
imagine you'd knock out 90%+ of the piracy out there.

2\. People like me who are on extremely limited bandwidth connections can't
watch anything in high fidelity via something like Netflix. Need a way to
buffer the whole movie locally ahead of time. Let me queue it up the night
before so I can watch it when I get home from work and you'll have my dollars.

~~~
kenperkins
> Most people have no desire to go to a theater anymore, so making people wait
> months to see a new film means they're going to try to find a way to see it
> sooner. If they released streaming alongside movie theater releases I would
> imagine you'd knock out 90%+ of the piracy out there.

Aside: Saw Pets with my kids this week; Large Soda is now more than a Bud
Light at a Football game ($8). Consider me among those who would gladly stop
going to the theater.

~~~
vocatus_gate
It always amazes me how people talk about theater snacks like they're
mandatory or something. How about just......don't buy them?

~~~
hydrawlics
How about just......make that policy about not permitting outside snacks go
take a hike?

People are made to throw food and beverages in the trash, if they haven't been
purchased at the theater's concession stands.

When the ushers take your tickets, they make you throw away anything that's
obviously not sold in the theater, thus monopolizing local refreshments.

~~~
roywiggins
Just find a theater staffed exclusively by bored teenagers who don't enforce
the policy :)

~~~
vocatus_gate
That's my strategy..

------
contingencies
To clarify for all the other non HD-video nerds, this seems to be regarding
DCP:
[https://en.wikipedia.org/wiki/Digital_Cinema_Package](https://en.wikipedia.org/wiki/Digital_Cinema_Package)
not HDCP: [https://en.wikipedia.org/wiki/High-
bandwidth_Digital_Content...](https://en.wikipedia.org/wiki/High-
bandwidth_Digital_Content_Protection) (which is already broken, and was itself
the industry response to the breaking of DVD CSS:
[https://en.wikipedia.org/wiki/Content_Scramble_System](https://en.wikipedia.org/wiki/Content_Scramble_System)).

The use of DCP seems to be limited to very high resolution releases. HDCP is
still what current era consumer hardware uses, and it's totally wide open.

As always with DRM, it's defective by design.
[https://en.wikipedia.org/wiki/Defective_by_Design](https://en.wikipedia.org/wiki/Defective_by_Design)

If you can view it, you can copy it... it's just a matter of time, motivation,
and desired quality.

~~~
oldmanjay
I find it amusing that after all these decades people are still willing to
claim some sort of moral high ground in defense of their desire for
entertainment.

~~~
zizee
Some people believe that copyright infringement is a morally acceptable
response to copyright terms changing from limited to effectively infinite
duration.

~~~
rrrazdan
Copyright on a song or book is like ownership. Imagine a scenario where you
mould from clay an amazing aesthetically pleasing shape. Do you think that it
should be taken from you after a set time period?

~~~
hx87
No it isn't like ownership, because I can make a perfect copy without taking
away yours. After 3 years or so showing off your clay sculpture and making
money from it, why should I be able to make copies freely?

------
sprocket35
It's worth noting that the DCP format doesn't have a master key - each "reel"
of an encrypted film has its own content key, which is decrypted by each DCP
player's private FIPS protected key combined with a public Key Delivery
Message from the distributor.

So if the DCP was indeed cracked, it was either because they gained access to
the FIPS module in a DCP playback server, or they gained access to the
plaintext content keys where the KDMs are generated. If they have the server's
private key, they will be able to decrypt every other film that they have a
KDM for and we should expect to see more DCP releases.

~~~
usrusr
> they will be able to decrypt every other film that they have a KDM for and
> we should expect to see more DCP releases.

If you have individually encrypted copies, it would be stupid to not also
individually watermark them on the content level. With a bit of targeted key
invalidation, this could well be contained to a one time breach.

~~~
tomerv
There is just one encrypted copy, with one key. But that key has many copies,
each encrypted with a different copy. The device takes its private key, and
uses it to acquire the "master" key, which is then used to decrypt the media.
Of course, every movie release has its own "master" key.

~~~
sp332
Even AACS on bluray discs can have multiple different copies of some parts of
the video to watermark different sets of device keys. I know footage from
theaters can be watermarked too, so I'd be very surprised if this distribution
method didn't also have some kind of identification.

------
spaz12
The filesize of 40GB is very low for a DCP, your standard 90 minute film is
typically over 100GB. I recall Hateful Eight being over 200GB.

If they released the actual DCP .mxf files it would be proof that the DCP was
truly cracked.

~~~
Tobold
I'm assuming they reencoded it to something more efficient than mjpeg2000 (no
idea what the "standard" pirate codec for 4k is).

EDIT: According to another comment it's H264.

------
KaiserPro
Ex VFX-er here.

Firstly DCPs are not wrappers that contain MXFs. From what I remember DCP
predates MXF.

From memory (its been 8 years since I've actually dealt with creating them)
They are effectively zip files that contain JPEG2000, lots of metadata and
some sound tracks.

Crucially, the authoring and encryption are controlled by a central authority.
Each projector needs to be registered with a KDM to make sure it can receive
decryption keys.
[http://www.artsalliancemedia.com/software/screenwriter#featu...](http://www.artsalliancemedia.com/software/screenwriter#features)
is one system for managing projectors.

Getting a distribution DCP is pretty hard, also Keys are short lived. But,
someone people create non-encrypted DCPs for various purposes.

If its a MXF, then that suggests its either from a finishing house, or more
likely a producer's laptop. (ie how wolverine got leaked, a pissed up producer
leaving an unencrypted laptop on a plane. Even though their flight was
pointless, as there are many remote viewing systems about. )

~~~
b1c837696ba28b
DCP developer here. DCP track files are MXF. SMPTE ST 377:2004 (MXF) predates
SMPTE ST 429-3:2007 (DCP Sound and Picture.) ST 377 is a normative reference
of ST 429-3. There is no zip file. There is no central registration for
encryption. Each Media Block has a 2k RSA key (usually generated inside the
FIPS 140 boundary), and each content distributor has a collection of the
respective X.509 certificates.

------
aorth
The article links to the leak, where there are screenshots from both the DCP
and US Blu-ray versions of the movie. The new (DCP) source looks way better,
has much more detail. Both are in H.264 format at obscenely-high bit rates.
Other than cutting the file size in half for the same bit rates, I wonder how
H.265 would fare on this epic movie!

------
rblatz
I'm no expert on DCP or encryption. But from what I've read DCP uses AES 128,
they probably didn't crack that. But also each projector gets its own unique
key to decode the movie. Which I assume is somehow combined with the key in
the projector to create the real decryption key.

So my first guess is that they had the ability to snoop on multiple key
exchange messages and some how used that knowledge to find a shortcut to solve
AES based on the gleaned knowledge from all the gathered keys, or they broke
into a projector and took its internal key.

~~~
wmf
It sounds like no projectors are involved here.

~~~
sprocket35
Some of the projectors are connected to the DCP playback server via encrypted
HD-SDI. The content is link-encrypted between the server and projector using
Texas Instrument's "Cinelink" technology. If the TI "Enigma" module's private
key was leaked, this would enable recording the plaintext SMPTE 292M video
stream in real-time. The audio is un-encrypted obviously and easy to record,
but it is watermarked so they would be able to trace back the recording to a
specific KDM.

~~~
wyager
Jesus, they put so much effort into "encrypting" this data when it
fundamentally needs to be available in a decrypted format for the users to
watch it. At the end of the day, there's always the analog hole (or, more
likely, the digital hole between the rendering chip and the MEMS array or LCD
or whatever other mechanism lives inside the projector). No matter how many
convoluted layers of encryption they throw at these things, there's always
somewhere you can stick a camera or a few high-bandwidth digital signal
analyzers and recover the content with at worst slightly degraded quality.

~~~
sprocket35
DCP isn't a consumer format (yet), it's only intended to protect the movie
before it comes out on Bluray. And the encryption isn't convoluted at all, the
private/public key system is essentially the same as what protects your
information when you log into your bank's website.

------
ocdtrekkie
All I know is that the music industry learned a long time ago DRM didn't work
and wasn't worth it, and I can now buy MP3 files on any service, and play them
on any device. And while I don't engage in movie piracy myself, I hope these
pirates are successful in driving studios to that same point, where I can
happily shell over $30 for a 4K file and use it how I want to.

~~~
6nf
There's a difference though. DRM music files are sold directly to consumers.
These consumers have to be able to decrypt the files on their own computers /
devices which makes DRM useless.

The movie files in this case are not meant for consumers. They're only
decrypted on specialised equipment not accessible to the general public. If
you manage to get your hands on a DCP file there's nothing you can do to
decrypt it without access to the specific projector system it was intended for
(unless someone screwed up somewhere of course)

~~~
ultramancool
Yeah, but let's be honest, if I had a job as a manager at a theater and a
moderate amount of reverse engineering skill or a small team of friends with
those, well, time, access and tools combine quite well...

Sure, they make it look all secure, pass it through all that crypto and stuff
but ultimately it has to be passed to the projector chip in some form which is
unencumbered to be turned into light. At which point it's fairly trivial to
dump. Anti-tampers on the case are probably fairly limited.

~~~
hvidgaard
According to another comment here, the anti tamper mechanics on those
projecters are not limited. They are in fact quite aggressive.

If they have been any kind of smart when designing them, the decoded stream
takes a limited, shielded, and highly tamper resistant path to the projector
chip, and each and every critical component are paired with each other such
that switching one of the out automatically destroy all keys.

------
shafiqissani
I will pay 200gbp per month to the service provider that can provide 4k
offline viewing with the variety of content available through torrent sites.

I bet there is not one legal service available online where you can view 4k
media without streaming and without country specific restrictions.

~~~
mcintyre1994
Is there such a legal service in any resolution, excluding public domain
content?

------
nrclark
Another option is that somebody got ahold of some HDCP chips that fell off the
back of a truck. There are Chinese companies (Explore Semi and friends) that
make HDCP repeater chips with decryption / encryption capabilities. Those bad
boys can take an HDCP-protected input stream and strip the encryption right
off.

DCP controls chip sales very tightly in the US, but I imagine it's a practical
impossibility in Shenzhen.

~~~
OedipusRex
So it's a better quality Chinese knock off? We need a word for this.

~~~
chii
"consumer friendliness"

------
themartorana
I wonder if there's any way to measure the actual financial impact on this
movie, which I'm guessing is close to zero (and the MPAA will tell you is
millions of dollars). The amount of work and security put into these
encryption schemes is sizable to say the least. But is anyone that wouldn't
pirate it later going to pirate it now?

~~~
bArray
I think the MPAA count each watch as a potential purchase - when it's simply
not true at all.

I'll admit that I sometimes watch a poor cam video before going to the cinema.
It costs £10 a ticket plus food and fuel - about £15. Critiques often don't
represent what I like in films, so I would just not go.

Pirated films probably encourages people to watch films. It can create a
bigger hype around a film.

I think the war on piracy somewhat echoes the issues of the war on drugs.

------
mirimir
> Fans would easily spend on the roadshow cut of Hateful Eight or the integral
> cut of Kill Bill. Both are not available to buy.

Why might that be? Maybe the market is too small. But in that case, why would
they care about piracy? Strange.

~~~
wccrawford
Because it was part of the marketing campaign to get people to see it in the
theatres. It was an experience that you were unable to get in any other way,
and so it was more special and (theoretically) should draw more people to it.

I went to it, and all the little touches (like the pamphlets) were really well
done, and it was indeed a special, memorable experience.

It's like limited-edition figures or tins. Some people buy them _because_
they're limited, and it's part of the selling point. The company can't later
release it because it'd no longer fit the original sales spiel.

~~~
mirimir
OK, I get it. Thanks.

------
wmf
Did the studio send a 4K master to Okko (which appears to be _in Russia_ BTW)
even though they only need HD?

~~~
bravo22
Time will tell. DCP has a lot of security built-in. Both in hardware (FIPS
certified, anti-intrusion, etc.) and in Software -- encryption up the wazoo.

Studios rely on a lot of insecure distribution and storage mechanisms for the
big DCP file and instead rely heavily on the secure key exchange.

If they have cracked DCP, somehow, then it is a major coup.

~~~
wmf
Presumably the studio sends a master to Okko and then Okko transcodes it into
various formats for streaming. Imagine an insider sets the transcoder to
output 4K H.264 and then leaks the resulting file. It sounds like encryption
won't help here.

~~~
bravo22
They wouldn't send a DCP stream for transcoding. DCP stream can only be
decoded by the media block _inside_ the projector and the output physically
goes to the projector chip. The system has safe guards against physical
intrusion. If you open the projector, it wipes all the keys. The level of
paranoia in that thing is insane.

They keys only get programmed by the studios at manufacture time, and there is
no servicing of the parts in the decode chain. The whole module has to be
replaced.

I actually worked on a media block design about 10 years ago.

~~~
wfunction
> If you open the projector, it wipes all the keys.

What if it has no power?

~~~
pritambaral
A small battery, dedicated to tamper-detection, should take care of that.

~~~
kuschku
And liquid nitrogen should take care of that.

~~~
mokus
And a two-cent thermistor should take care of that...

------
montecarl
I had to look it up. I won't post a link here but the file appears to be 38.06
GiB!

~~~
voltagex_
Interestingly, that's less than a 50GB Blu-Ray, so tell me, why did we need a
different disc format for UHD Blu-Ray?

~~~
wmf
Because Hollywood has higher quality standards than pirates?

~~~
SSLy
Tell that to the pirate encoders who had to deband movies because the official
releases were so bad.

~~~
mappu
In the early/mid 2000s there was a whole scene around manually applying
inverse telecine to badly produced commercial anime releases, with custom
tools like YATTA.

~~~
sjwright
Don't get me started about pre-widescreen episodes of Family Guy. I don't know
how they ruined them, but they're all ruined with horrible, burned-in
interlacing artefacts.

------
anotheryou
Why was it hard to just screen capture 4k before? (sounds like it)

------
brunoqc
Not really related but I didn't know about the integral cut of Kill Bill (it's
possible to find it online). Any other gems like this? Maybe there's websites
about this.

~~~
Tobold
Apparently there is ONE theater in the world (in California of course!) that
shows it and it's REALLY GOOD.

EDIT: The one floating around the internet seems to be a fan cut. I'm curious
how it holds up to the actual thing.

That's what I heard.

Also the the Roadshow cut of Hateful Eight. That was shown in more places. I
could have seen it, but they asked for an arm and a leg, and I need those!

~~~
jonah
I saw the Roadshow cut at our local art house. It was beautiful. IIRC it was
definitely not even 2x the cost of a regular ticket and it came with a
commemorative booklet.

~~~
Tobold
Thing is, I'm poor, and it was roughly 3x the cost of the discounted ticket I
usually use.

At minimum wage I would have paid about a day's salary, and thus I "boycotted"
it.

------
supercoder
cool, downloading now.

------
Yaggo
The DVD format in NTSC regions has 480 pixel vertical resolution. Even the
half-century old NTSC spec has more vertical lines (525). I find it amazing
that DVDs are still being sold.

~~~
ryandamm
From Wikipedia's article on NTSC:

"483 scan lines make up the visible raster"

The 525 includes a lot of other stuff. Easy mistake because PAL shows 576
lines (out of 625), but only at 25 full frames / 50 interlaced half-frames per
second as opposed to 30p/60i for NTSC. (PAL DVDs are also 576.)

While they're all constrained by the scanline in the vertical direction, the
analog standards are resolution-limited in the horizontal raster by the
bandwidth / frequency response of your signal chain; I've seen beta-derived
analog NTSC that's gorgeous, far better than DVD. Especially on a really well-
corrected CRT monitor (really!).

The decision to go to an even 480p for DVD probably derives from the 8x8 pixel
blocks of the MPEG-2 compression. Having raster dimensions that are evenly
divisible by 8 is a good thing for a lot of these block-based codecs; I
believe MPEG-2 couldn't go below 8x8 (h.264 can accommodate smaller and non-
square macroblocks, though).

That said, there's a nugget of truth in your comment. When we go to digital,
we often get better average fidelity, but worse maximum fidelity. A beautiful
analog system can be really great. Maybe in twenty years we'll have a hipster
revival of 70mm film prints? It's the new vinyl...

(I'm being a little tongue-in-cheek; reports from Ang Lee's latest movie are
that the digitally-captured 4096p120 stereo 3D is better than the real thing.
I saw 30-year film industry veterans were walking out of a test screening
shaking their heads in disbelief -- I couldn't get in because the line was
around the hall.)

~~~
sp332
Even a DVD with a 16:9 image uses non-square pixels, so it encodes 480
"scanlines" but a 4:3 TV with 480 scanlines won't show the full vertical
resolution. (If it did, the horizontal would either be squished or cut off at
the sides.) A lot of people were buying HDTVs without bluray players because
their DVDs looked so much better when they could see the full resolution.

------
slr555
The "economics" here are interesting. One of the sources attributes the piracy
to a "market failure". This is not accurate. As price falls to zero and supply
is infinite (piracy) there is nothing to restrain demand. Sure I want all
those Tarantino special cuts if they don't cost me anything. Got Tarkovsky in
4K? I'll take that too.

Pirates try to justify their thefts in economic terms but at the end of the
day they are no different than someone taking socks from Walmart. They want
goods or services that others have worked to produce without compensating them
for their work.

Seriously, just own it dude. I stole this movie because I wanted it and I
could. The Hateful Eight 4K is tearing down the academic pay wall to bring
knowledge to the masses. It's a free movie and Cheetos.

~~~
humanrebar
> Pirates try to justify their thefts in economic terms but at the end of the
> day they are no different than someone taking socks from Walmart.

I agree that people just want free stuff, but stealing a physical object
deprives someone of that object.

Copying media is strictly a violation of a business model. There is minimal
(if any) marginal cost to the owner. Better analogies include sneaking into a
(not full) movie, hopping a turnstile, or not putting money into the meter
(again, when other spaces are available).

~~~
slr555
To the contrary the analogy is apt because when one takes the socks you are
not harming the next consumer (sure the cost of shrinkage is passed on) and
there are lots of places to get socks. But the party that is well and truly
fucked the most is the producer of the socks who will derive no benefit from
work spent, designing, promoting, producing or delivering the socks.

Your literal minded response suggests that, a product with a low incremental
cost is a valid measure of of the total cost of production, which it is not.
The cost is writers, actors, foley artists, costumers, grips etc. All of whom
lose money when someone decides it's okay to steal a copy. That is a thief who
will never pay a legitimate fee for what they have taken.

~~~
lostlogin
You miss a very key point. What percentage of sock sellers buy socks if they
can't steal them? The number of people who pirate digital content that they
would otherwise have bought is a lot lower than 100%. Another point. And some
of the Pirates already own what they are pirating. I've pirated content that I
own as I'm not allowed to stream from a DVD drive in a computer I own to a tv
I own for some reason. Piracy is also quicker than ripping old DVDs to a
format that is actually useful so I'm happy to acknowledge what I get up to. A
better example would be someone copying the sock exactly and using this copied
sock. Yes, this violates rights of the original sock designer and
manufacturer, but it doesn't actually take their sock.

