I really hope this question isn't off-topic...
Background
The question pertains to media security (video, audio, etc.), where the media in question is digitally protected (legally, DMCA-style) or otherwise (open to the public, but should not be redistributed according to some license or another).
For example, a video on Youtube may be open to the public (for viewing), but should not be redistributed. A video on PBS may share the same regulations on the content of the site, but they're secured in very different manners.
I haven't been able to work this out with Adobe Flash, but with HTML5 there seems to be a pretty straightforward way to get the actual media content when no obfuscation is in place.
Edit: For clarification, I'm asking in the context of the average user who could likely follow the below method I give for downloading a video from PBS, but who would find it near impossible to download a video from Youtube.
Method
I'll take Youtube (HTML5) and PBS (JW Player 6.11.4920) as an example to walk through what I'm talking about.
La Famiglia on PBS's website:
1.) Disable Adobe Flash (chrome:plugins -> Adobe Flash -> disable, for example)
- This forces JW Player to fall back to HTML5
2.) Open Developer Tools -> look at the Network tab
3.) Start playing the video
4.) Notice video/mp4 in the Type column:
5.) The request URL is the direct link to the media that is downloadable. Voilà.
Clearly this is insecure. If this were copyrighted content, a person could easily download it and redistribute via torrents, file upload sites, etc. Not great! With Adobe Flash-only media players, this type of method seems impossible to do, but that may just be my lack of investigative skills.
Let's take a look at Haddaway - What Is Love on Youtube:
1.) Youtube is HTML5 now, great, skip a few steps and go directly to Developer Tools
2.) Look for some video format. Found some!:
3.) Obfuscation, on a high level
As we can see, some sites implement some form of media access control to prevent unauthorized access. In Youtube's case, it may be for efficiency but by the look of their request URL format:
http://ift.tt/1FQCGv7
It seems that they're restricting access in a lot of ways. The process to actually retrieve the video (from Youtube) requires reverse-engineering (example) the constructed URL (request URL), downloading each chunk and building the data incrementally. Google seems to be doing a good job for the casual user, but a developer can reverse engineer the request URL and create 'Youtube downloaders', as are very common nowadays.
Questions
Is there a specific name for the method that Youtube is using (fragmentation + access control via querystring parameters)?
Are there widely-used/named methods for 'obfuscating' media in this fashion?
Is it even (technically) possible to fully prevent unauthorized media access? My guess is no, so long as someone is willing to spend the time to reverse-engineer the necessary metadata.
Aucun commentaire:
Enregistrer un commentaire