Film-Tech Cinema Systems
Film-Tech Forum ARCHIVE


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Chinese bootleg DCP Piracy busted

   
Author Topic: Chinese bootleg DCP Piracy busted
Steve Guttag
We forgot the crackers Gromit!!!

Posts: 12814
From: Annapolis, MD
Registered: Dec 1999


 - posted 06-07-2019 01:14 PM      Profile for Steve Guttag   Email Steve Guttag   Send New Private Message       Edit/Delete Post 
https://celluloidjunkie.com/2019/06/06/hunting-ghost-no-1-chinas-most-sophisticated-movie-piracy-ring/

 |  IP: Logged

Sean McKinnon
Phenomenal Film Handler

Posts: 1712
From: Peabody Massachusetts
Registered: Sep 2000


 - posted 06-07-2019 04:07 PM      Profile for Sean McKinnon   Author's Homepage   Email Sean McKinnon   Send New Private Message       Edit/Delete Post 
Wow! Not very good for GDC and the studios!

 |  IP: Logged

Carsten Kurz
Film God

Posts: 4340
From: Cologne, NRW, Germany
Registered: Aug 2009


 - posted 06-07-2019 04:41 PM      Profile for Carsten Kurz   Email Carsten Kurz   Send New Private Message       Edit/Delete Post 
Oh wow. Fascinating read, and Sychowski obviously knows and understands what he is writing about.
First it sounds incredibly complicated and sophisticated, then you realize that film-pirates developed their own encryption system to protect their illegal content, and the whole conspiracy goes belly up because that criminal encryption system is broken and the pirated content is uploaded to illegal streaming platforms and everything goes public...

Hilarious...

- Carsten

 |  IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000


 - posted 06-07-2019 10:43 PM      Profile for Leo Enticknap   Author's Homepage   Email Leo Enticknap   Send New Private Message       Edit/Delete Post 
quote: GDC spokesperson quoted in the article
"...GDC is actively working with the stakeholders in China and US to devise a viable solution to eradicate the second hand, pre-DCI/non-DCI compliant servers from the market.”
Interesting. I was recently told that one major manufacturer of IMSes is offering a substantial discount for customers wishing to upgrade from an older server to their newly released model, but on condition that they be given evidence of the physical destruction of the old media block (they suggested a video). I wonder if that is part of the reason why. There again, why wouldn't they just require that the whole unit be returned to them? That way, they could make 100% certain of its destruction.

That having been said, forcing all media blocks running pre-DCI firmware out of circulation will be easier said than done. On this forum alone, we probably get a thread started every couple of months along the lines of "I have a Series 1 projector and a server running pre-DCI software and firmware ... can I upgrade it to run SMPTE DCPs?"

There then follows the usual explanations about TLS certificate recovery, DH and TLS, etc. The takeaway is that there are a lot of theaters out there running Series 1 projectors being fed by pre-DCI servers and media blocks, the owners of whom are loathe to upgrade them, lest they break something. There is no easy way to force these people to upgrade to more secure systems. The choice is either the carrot (offering a massive discount on new equipment, or heavily subsidized service calls by a tech to upgrade Series 1 stuff), or the stick (no more DCPs of major blockbusters for you until you upgrade).

But I'm sure that this news will result in a renewed push to get these older media blocks out of circulation. Not sure what form(s) it'll take, though.

 |  IP: Logged

Steve Guttag
We forgot the crackers Gromit!!!

Posts: 12814
From: Annapolis, MD
Registered: Dec 1999


 - posted 06-08-2019 11:28 AM      Profile for Steve Guttag   Email Steve Guttag   Send New Private Message       Edit/Delete Post 
Another key take away was that a GDC employee could "spoof" the mediablock serial number so while you could blacklist a number, they could get another valid number to put into that server.

If you have a inside-person with that capability, it is going to be hard to stop it. Since the manufacturers create their own serial numbers and certificates, it is hard to stop that sort of thing short of blacklisting a company (essentially killing it) or have such severe penalties as a deterrent. It isn't like a back-door was left open that someone outside of the manufacturer exploited, they exploited someone on the inside.

I'm sure this is probably a reason that lead to GDC no longer changing serial numbers in field units. Sure, they'll change a server chassis to match the mediablock, the mediablock IS the serial number, not vice-versa. And, likely, a reason the SX-2000AR, despite being the same server as the SX-3000 (or close enough to not have a legitimate reason for discontinuing support on the SX-2000AR mediablock). That is the last of the servers where there are two things with a serial number that have to match...no more field changes of serial numbers (as of this coming October).

 |  IP: Logged

Dennis Benjamin
Phenomenal Film Handler

Posts: 1445
From: Denton, MD
Registered: Feb 2002


 - posted 06-08-2019 11:43 AM      Profile for Dennis Benjamin   Author's Homepage   Email Dennis Benjamin   Send New Private Message       Edit/Delete Post 
Interesting read...

 |  IP: Logged

Carsten Kurz
Film God

Posts: 4340
From: Cologne, NRW, Germany
Registered: Aug 2009


 - posted 06-08-2019 01:03 PM      Profile for Carsten Kurz   Email Carsten Kurz   Send New Private Message       Edit/Delete Post 
In this case they were using a very old server. Some early DCP servers employed nothing more than a J2k decoder board as 'media block'. No secure clock, no secure silicon. Just software running on the CPU. One would think that with these systems, you could simply duplicate the identity of the server by cloning the system/boot drive. Which doesn't even need insider knowledge.
Don't know if it was that easy in this case with the early GDC.

You would think it would be easy to sort out these devices by blacklisting that whole range of certificates over time. Doremi e.g. offered compliant replacement media blocks later. If you don't follow the replacement rule, your system could or would sooner or later be blacklisted from receiving KDMs. I guess there were just too many of those old GDCs around in China, and/or GDC wasn't bothered enough to enforce a replacement.

I'm wondering wether that very early decommissioning of some Qube XP-D server range (certificate ran out and would not be renewed just a few years after purchase) had a similar reason?

e.g.:
http://www.film-tech.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic;f=16;t=002923#000000

- Carsten

 |  IP: Logged

Steve Guttag
We forgot the crackers Gromit!!!

Posts: 12814
From: Annapolis, MD
Registered: Dec 1999


 - posted 06-08-2019 01:22 PM      Profile for Steve Guttag   Email Steve Guttag   Send New Private Message       Edit/Delete Post 
The article is misleading, in that respect.

The GDC SX2100, SX2001 servers used a mediablock with the secure number, but their original clock was...wait for it...the BIOS clock! So yeah, while it is password protected, a removal of the BIOS battery can get around that ant-hill of a hurdle.

This was true of that server line through version 7.x. Starting with version 8, the clock was on the mediablock and one had to add an additional "loopback" cable to the normal management network to put the mediablock as the rightful security manager for the server, including for time. If you were to read the instructions for going to version 8, they were extremely explicit to get the time correct BEFORE doing the upgrade because after, you were bound to the +/- 6 minute rule (UTC time). There was also a whole procedure to get the mediablock's NIC configured to the right IP as well. That was all for getting it DCI compliant (not using the BIOS clock, among other things). Ever notice that the show clock on a GDC SX2000-2100 is never quite right? It checks/updates at show start when it talks to the SM to get an accurate time.

A simple thing that could be done would be to ensure that KDMs do not work on non-DCI compliant servers, period. DCI compliance happened in 2010 (at least as far as servers go and their security managers), by 2015 they could have legitimately said, you've had enough time to do a software upgrade that, I think, nobody was charging for.

That said, if there is an inside tech at the manufacturer that will spoof a serial number...that is hard to stop. Those servers could be running DCI compliant software and still get around the KDM issue by spoofing a real serial number.

I still put this back at when illegal copies of current release movies get out, it isn't at the theatre level they are doing the deed (by and large) someone on the inside (studio, screener, this case a manufacturer's employee) has allowed it to happen. And by that, I'm in no way implying that GDC or any Studio authorized, encouraged or in any way condoned the action, just that they hold all of the cards...er...keys to allow it to happen.

We, on the other hand, get the KDM frantic calls weekly when some key doesn't work because they needed version 43 out of a possible 62 of the key and either they didn't notice the date/sound difference or the distributor sent the wrong keys (or even looked at the wrong serial number list because they had a computer issue and are looking at a 6-month old list that doesn't reflect a server swap).

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 06-08-2019 07:01 PM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
According to the article, they still didn't really break the encryption itself, they eventually just managed to duplicate certificates.

They still used cameras to capture the movies from a projection screen, albeit in their private bootleg "cinema".

I guess it will be hard to root out even the last rogue Chinese operation, where some otherwise officially operating cinema is making bootleg copies via "professional setups" after-hours, so a small, closed circle can make a few bucks extra a month.

You can see for how little money you can already motivate someone to make a copy of all high-profile incoming DCPs over there...

 |  IP: Logged

Steve Guttag
We forgot the crackers Gromit!!!

Posts: 12814
From: Annapolis, MD
Registered: Dec 1999


 - posted 06-08-2019 09:14 PM      Profile for Steve Guttag   Email Steve Guttag   Send New Private Message       Edit/Delete Post 
Per copy, it may be a little money but when you add it all up, it is serious money. The bottom line is, people made a movie and own its copyright. It isn't for anyone to just take. It is every much a theft as if they took a physical piece of property.

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 06-09-2019 02:00 AM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
The piracy operation in question was much more than just a standard bootlegger who simply leaked the movie on the Internet, they had a serious, mobster-style, business model around it. They probably made millions, not only in RMB, but also in USD equivalents.

They also seemingly, didn't sell to end-users but primarily to illicit cinemas, who probably paid a whole lot more for the hot material than some random end-user would pay for a bootlegged DVD, Blu-Ray or USB stick.

But the article mentions that they sourced the copies of the original DCPs from a projectionist at a local multiplex, who earned the equivalent of about $100 to $150 a month for what he did.

My point was, the wage gap simply makes it far easier to bribe people into doing something like that. I doubt anybody in e.g. the U.S. or Western Europe would be taking the risk for such kind of compensation, because of the enormous risk involved.

 |  IP: Logged

Carsten Kurz
Film God

Posts: 4340
From: Cologne, NRW, Germany
Registered: Aug 2009


 - posted 06-09-2019 05:52 AM      Profile for Carsten Kurz   Email Carsten Kurz   Send New Private Message       Edit/Delete Post 
I guess that server was something prior to the SX series. Maybe an SA-2100 or even a predecessor. As the GDC obviously can be reserialized in the field, that leads to possibilities to actually just grab a private key and certificate as well. I understand why GDC now seemingly wants to end that option.

Sooner ar later, these servers probably would have to be phased out anyway because of potential issues with SMPTE DCPs. But you probably never can get hold of every single one in such a gigantic economy..

The sheer number of these 'private' (=illegal?) cinemas in a society that most of us believe to be under tight administrative control is disturbing.

- Carsten

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 06-09-2019 06:08 AM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
I think, the next big threat will be removing the actual watermarks. In this particular case, it was only due to the watermarks they did have a clue where they had to start looking.

There is a new trend right now, where cinema auditoriums are only getting smaller. There is also a trend for the "luxury screening room" rental options, where you rent a small auditorium/screening room for a couple of hours to watch one of the latest A-list releases with your friends. Those rooms are fully DCI compliant, but it will be almost impossible to police all those small rooms.

Also, the only thing that's currently stopping certain otherwise legit operations from bootlegging content after-hours, is the watermarking. Once that can be successfully removed, the game is on...

 |  IP: Logged

Steve Guttag
We forgot the crackers Gromit!!!

Posts: 12814
From: Annapolis, MD
Registered: Dec 1999


 - posted 06-09-2019 05:57 PM      Profile for Steve Guttag   Email Steve Guttag   Send New Private Message       Edit/Delete Post 
The photo showed an SX-2001. There is no reason any of the conventional GDC servers couldn't have been part of this sort of operation.

 |  IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000


 - posted 06-09-2019 07:59 PM      Profile for Leo Enticknap   Author's Homepage   Email Leo Enticknap   Send New Private Message       Edit/Delete Post 
quote: Marcel Birgelen
There is a new trend right now, where cinema auditoriums are only getting smaller. There is also a trend for the "luxury screening room" rental options, where you rent a small auditorium/screening room for a couple of hours to watch one of the latest A-list releases with your friends. Those rooms are fully DCI compliant, but it will be almost impossible to police all those small rooms.
Agreed. I don't know if this is happening in China as well, but here in California the business model seems to be changing. All the new builds I've been involved in installing in the last year or so have been sites that consist of multiple small auditoria (30-50 seats, typically), with luxury seating and at-seat restaurant service during the movie. The operators can't be raising anything like enough revenue to run these places from movie ticket sales alone, and so the emphasis seems to be on providing as wide a choice of movies as possible to attract customers to eat out, which is where, I'm guessing, the real margins are to be made.

Of course this is great news for us, because multiple small auditoria means lots of projector, server and audio equipment sales. But the studios must be worried, as a reduction in the typical seat count per theater will be a threat to their income stream, unless customers can be persuaded to pay a lot more per ticket.

I've only experienced a theater like this once as a customer, and I have to say I found the experience a bit disconcerting, especially trying to eat a meal in the dark!

But as you say, and bringing this back to topic, more auditoria means more potential opportunities for piracy, even if it is just camcordering.

 |  IP: Logged



All times are Central (GMT -6:00)  
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.