Apple HTTP Live Streaming PKCS 7 encrypted stream

1

M3U8 streams can be encrypted using AES-128 with or without IV, as described here: http://tools.ietf.org/html/draft-pantos-http-live-streaming-07#section-3.3.4. Now I have a stream that is apparently encrypted using certificates. It is located at: http://vod-and.llnw.cdn.m6web.fr/phls-vod/Top-Chef_c11281322_Episode-8_600k.mp4.m3u8

In this file, we have a key URI with the form of faxs://faxs.adobe.com and an IV. This key URI means that we have to use EXT-X-FAXS-CM, which holds base64-encoded PKCS #7 certificates chaining.

Can we get stream with all this information, and how?

Velcro

Posted 2013-04-20T16:23:49.757

Reputation: 335

Answers

0

In order to decrypt encrypted video stream you need encryption key. This key is not part of the stream. It should be obtained separately.

EXT-X-FAXS-CM header contains DRM meta-data and not the key.

This is excert from Adobe Media Server developer guide: The Adobe Access Server protected variant playlist also needs to include the #EXT-X-FAXS-CM tag. The value of #EXT-X-FAXS-CM tag in variant playlist is the relative URI referring to the DRM metadata of one of the individual streams.At the client, the #EXT-X-FAXS-CM tag in variant playlist will be used to create the DRM session. The same DRM session will be used for all encrypted M3U8 files inside the variant playlist.

Full guide can be found here: http://help.adobe.com/en_US/adobemediaserver/devguide/WS5262178513756206-4b6aabd1378392bb59-7fe8.html

There is also mention that faxs://faxs.adobe.com URI is for local key serving. So key obtained locally from a device.

By the way its AES-128 encryption and PKCS#7 padding.

Nikolai

Posted 2013-04-20T16:23:49.757

Reputation: 520

So we must find the encryption key in the Android app... – Velcro – 2013-05-01T08:59:32.657

Asked: 2013-04-20T16:23:49.757

Viewed: 1 480 times

Active: 2016-07-21T21:40:45.647