假设有人下载了我的 Widevine DRM 流的多个片段:
Segment01.m4s
Segment02.m4s
段...n.m4s
他以某种方式获得了该特定流的解码初始化标头数据,他能用它做什么?他可以用它来解码他下载的片段吗?如果没有,他有什么可能的方法,以及我如何防止这种事情发生。
问问题
3891 次
1 回答
2
Your question title and your question text ask slightly different things - in the question text you just mention the attacker having the initialisation data, but in the title you also mention the attacker getting hold of the license key itself.
As others have mentioned the initialisation data, which will include the key-id, the initialisation vector etc, is already available in the stream itself.
They key itself is not available - the player must pass the key-id to the DRM system or to the application and it will then request the license key associated with that key-id from the license server. They key which is returned will itself be encrypted so only the DRM system can decrypt it and access it.
If your attacker did have the unencrypted key itself, then they would effectively have bypassed the entire DRM system and they would indeed be able to decode the stream.
于 2017-12-27T11:44:03.523 回答