|
Encrypted video file
Hello, first of all, sorry if the wrong session.
I have an application that downloads a video file and lets you see this video later. (The idea is somehow similar to Netflix). However, this video file is somehow encrypted and the standard tool like vlc can't open it. I know this file contains at least a video because there is the MPEG header but after 1mb of "random" data unfortunately even removing this 1mb of random data is still not a valid MPEG file. So current file struct is [1mb chunk] [MPEG header] I'm not so experienced in data analysis, so I'm wondering do you have any tips, resource about "data mining" Since there is an android application I will also give a try by decompiling the APK and see how the video player is doing. But I would like to extend my data analysis skills first rather than RE. Thanks in advance |
Hi
Can you share your video file, app, ... ? |
fr.tuto.com
You can register, download the app and download some free source. for video files, I don't know as they seem to have a lot of metadata that probably contain a user/hardware ID. I will download a file later on a VM with a fake account. Thanks a lot :) |
https://www120.zippyshare.com/v/zYmL5gcV/file.html
https://www120.zippyshare.com/v/ndBGL6sq/file.html Samples of videos,nice site btw,would be great to find a solution. |
Nice site, let me try
|
Ok seems to be an nodejs things built on top of ionic/angular and Cordova(for cross-platform?).
The source code is located in build/www/main.js The var TutorialPage class is interesting stuff. Video seems to be embedded in a vg_Player(with a crossorigin) as expect, read mp4 file. Code:
<video [vgMedia]="media" [vgDash]="source" [vgHls]="source" #media id="singleVideo" preload="auto" type="video/mp4" crossorigin playsinline>\n </video>\n </vg-playerTutorialPage.prototype.play Which download the source, and sign/unsign it Code:
TutorialPage.prototype.play = function (video, autoplay, setCursor, customCursor) {At least there is the sln file (without the .cc that would have been too nice) but the PDB is still there so it should be pretty trivial. Thanks for the support guys :) |
Each videos are signed from and to the user account then?
Keep us informed,would be nice to find a solution. |
by editing the main.js and removing the sign video did the trick.
So now when I play the video, the file is decrypted and stays decrypted on the disk. Then comparing both files, only the header changed. So I look briefly within the compiled signer module. There is a encryptDecrypt method that really looks interesting since it operates only on a 15bytes buffer, the exact same size that was changed in my file. I will probably get more time tomorrow. But I guess I'm on the right track :D And of course copy/pasting the header to your video didn't work, so I guess its a kind of xor, of the first 15b of the file, I just need to find the key :) |
So it read the last 48bytes Then do a 0x2E xor on it.
hxxps://i.ibb.co/bWtK403/ecrypt-decrypt.jpg Note that the user_id and the video_id is embedded within the file (also stored at the end of the file) So here is the data structure starting from the end: 48bytes xored with 0x2E corresponding to the header of the file. 8 null bytes(delimiter?) UnknowInt32 8 null bytes(delimiter?) UnknowInt32 UnknowInt32 8 null bytes(delimiter?) UnknowInt32 video_id (int32) user_id (int32) EOF (for the video file) x bytes[FileContent] 48bytes[] that needs to be replaced by the end bytes xored for the moment they seem to be useless. So by applying that I was able to retrieve your mp4 files which are from https://fr.tuto.com/after-effects/gratuit-initiation-complete-d-after-effects-after-effects,49795.html (I didn't remove your user_id/video_id) https://www.sendspace.com/filegroup/RMqSpPbmzMobgzR7U5kRGg Btw you can get your user_id, just connect to tuto.com, inspect the src code and at the bottom, there is your user_id Next step create a python script to automate this, but should be trivial will probably have more time next weekend :) Enjoy :D BTW hxxps://www.relyze.com/beta3.html is amazing and free for non-commercial project :D |
Looks like I can't edit my post I don't know why.
Sorry for the double post. Here the python3 script, which also removes the user_id from the video :) Code:
import osNote that looking at the app, the encryption seems different on android, so just in case I'm on a PC that may differ with a mac I don't know. |
Well done thanks,videos are not mine just found it easy as they are free,time to make a standalone tool :) joke
|
Well an XOR cipher on a handful of bytes is the most partial and Ancient encryption method :). It makes sense given that encrypting video data itself with something strong especially would turn a computer into a space heater, and would probably cause stuttering and glitching. Encrypting selective consecutive frames or a good number of other options might work. Or hardware specially designed for the purpose perhaps. But the excess CPU on what is such a real time priority task makes a perfect solution impossible. Even AES with processor intrinsic would probably be too costly. Nice solutoon and script to go with it though
The post editing feature is only enabled for a fee minutes after posting, and it is beneficial since it's better to preserve mistakes and keep context in a thread then see history being rewritten to the point a thread no longer makes sense. In my experience, the edit timeout is always increasing quality of discussion. It's even used all over now, I've seen StackOverflow won't let me edit comments after some amount of minutes. Once you see the feature overused, and the difficulty it causes, you can understand the policy |
@yologuy:
by investigating code,did you see some method to get paid courses with free account? |
Quote:
|
Quote:
I understand how java works but often not how to get what i want. |
| All times are GMT +8. The time now is 17:00. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX