From my understanding, and again due to security. All SDI-based DCI cards ever released into the wild should never have supported SDI without CineLock encryption active, even with no projector on the other end doing the CineLock handshake. So technically, unless someone overstepped the security requirements, it should be impossible to get unencrypted SDI out of any DCI-based card.

But then again, I have indicated numerous times certain things should not have happened due to security constraints, but people keep proving me wrong. I shake my head and wonder why we even bothered with these billions and billions of dollars of implementing secure playback of theatrical content when such cowboy misconduct has occurred.

If you want to play (open) DCP you have to convert DCP (Image encoded format) to regular Monitor can interpret/decode this signal (like to NTSC). With this converter (SDI to HD), you are only converting from one input to another output, not the DCP signal. It's not so easy.

Another way: Extract DCP's from Doremi player and play them on PC with a NeoDCP Player or similar.

If all you want is to watch unencrypted DCP, or edit them into something else to render them out as viewable on anything..
DCP-O-Matic is a basic player. Works well. Free.
Davinci Resolve, I think even the free version, can import, play and edit unencrypted DCPs to anything you want. Super fast as well.

In the Dolby DSS100/DSP100 and DSS200 when using the cat862 (HD-SDI) media block, you can disable link encryption completely (instructions for doing so are in the manual, v4, pp. 102-103 - there is a copyright/no duplication notice on it, so I am not snipping and pasting here); however, with link encryption disabled, it will only play unencrypted DCPs.

I don't know if this is possible on Doremi/Dolphin servers as well.

Qube, would PLAY even if cinelink encryption handshake didn;t occur, but still encrypted. GDC refuse to play at all if no projector handshake is not present.

Not sure about Doremi units.

I'm sure that one of the ideas was during the transition, many theatres had a "trailer" projector that would run trailers in the lobby. One could use a conventional A/V projector that supported HDSDI and then use a server with link encryption disabled to feed such a projector lobby or other non-movie use.

i have no problem with the ability to disable link-encryption so long as it won't play encrypted content. This is no different than HDCP is to HDMI. You can have HDMI signals in the free and clear but if the content has the flag set, then HDCP puts the hammer down.

I apologize for my “cowboy misconduct”. My end goal was to be able to use a piece of equipment, that would have otherwise ended up in the landfill, for personal use. I mean no malice or have any intention of pirating from the theater. I just want to convert my own movies or videos into a format that it uses so I can make use of it. I just like the cinelister software and the ability to send pulses to relays to control my lights through the dolphins GPIO port. And control my sound processor through Ethernet. I’ve always enjoyed going over the top on a lot of things. It may not make sense in a personal environment but that is how I do things. I live in an RV and I have a business class network system consisting of a rack of various switches and Ethernet cables going to about every possible spot I could neatly fit a cat5e jack. Not because it’s practical or not but because I enjoy taking things to the next level beyond the usual residential setup. It’s my passion to take broken or disused equipment like this and try to make use of it in my own setup. If it is not possible to use this with civilian TVs or projectors then this is the time to let me know. It seems like it’s possible with some of the things I’ve read across here. Otherwise if it is bad or immoral for me to give second life to this Doremi then I will shut it down unhook it and place it in my junk pile with the other stuff I need to haul to the dump. Which I was trying to avoid in the first place. Otherwise I thank you all for your time and have a good day.

Don't worry about it. James seems to have some sort of hard-on about the whole DCP encryption system and thinks that anyone trying to either get it to work when it should (and isn't) or bypass it for personal, non commercial uses is out to rip off the studios for millions of dollars.

IMHO the whole idea was incredibly stupid from the get-go. The biggest source of piracy was camcording from cinemas, then later when the Academy decided on the brilliant idea of sending out standard DVD screeners was better than making the voting members actually go to a real theatre and actually WATCH with the paying movie-going public. Those dvds are/were the prime source for pirated content, and you can bet that there was no control or tracking of who got it, and whether they actually returned it to the Academy. (And who "borrowed" it from the original recipient.)

Also keep in mind that most (actually I firmly believe it is ALL) post-production workflow is NOT encrypted. Very easy for that material to be leaked (or hacked) before it is actually authored to the final encrypted form.

And of course the real elephant in the room is the STUDIOS THEMSELVES releasing first run on streaming platforms DURING THE RUN.

Your planned setup is quite frankly brilliant and as a current RV dweller even more amazing to me. So keep posting with your questions and progress, and ignore anyone who tries to piss on your parade.

Another issue that post houses are now having to battle with is WFH-itis. Someone who works at a major independent house, that handles high profile work, was recently telling me that editors, colorists, etc., are increasingly demanding that the right to work from home most of the time be written into their contracts, which of course presents the post houses' IT departments with the challenge of ensuring that the VPNs, equipment owned and maintained by third parties, etc. etc. are all kept secure.

You would expect the replacement of physical media with streaming in the consumer sector to have largely taken care of the leaking of content via that route (because the encryption method used can easily be updated or strengthened via app or firmware updates at the receiving end, whereas with discs, it can't); I'd be interested to know if there has been any significant reduction in piracy over the past 1-3 years as a result.

Yes well. I have a stiff collar about DCI security yes. And I have done nothing but inform you of what SHOULD be the case. I am not trying to be difficult.

Remember, the studios will spend 100's of millions of dollars to try and stop piracy on ISPs network. Make examples of those who have shared a film seeing them into the ground. This is serious stuff that multinational companies will protect at all costs. Playing with this stuff is like playing with fire or worse. So yes, I get a little stiff about these issues.

Remember the ghost server. See https://celluloidjunkie.com/2019/06/...e-piracy-ring/
An international team was working for about a year tracking this down.

And at the end of the day, from my understanding, it occurred due to loose support/developer tools allowing something to happen and should never have gotten into the wild.

From my perspective, the biggest issue and lowest hanging fruit to bypassing DCI security is the developer kit still in the field. So I get very nervous that such kit is still out there. The vendor should have sent free replacements years ago.

Date-of-release streaming was a universal disaster as streaming anywhere, piracy everywhere. HDCP is a joke and can be bypassed with ease.

Imagine if a pirate group could find a DCI player that bypassed encryption and watermarking. Piracy would explode and I can see a 30% drop in the international box office as a possibility. Threatening this industry in a huge way. Threatening our careers in a huge way.

As an example, a DCI-SDI card that allowed any form of unencrypted playout would significantly lower the effort needed to bypass the security. As such, cards that did this should not ever have been in the field. Or if they were, would have been tracked down and destroyed by now. That's what should have happened to maximise security around DCI encrypted content.

Some vendors take these issues more seriously. for example, GDC players wouldn't;t even play a thing unless a cinelink valid handshake was active. However, this made it impossible to test a player without a 50-100k Projector (as a dongle) to allow it. Other vendors would error but send out the signal. (Ie as DCI white noise, the native signal is encrypted). I preferred this as it allowed testing of a player, we typically did burn-in before sending to site in the early days. (The kit was notoriously unreliable in the early days)

So unfortunately, trying to utilise any old DCI kit for anything else apart from taking the commodity parts, is a no-go area from my perspective. It shouldn't work anyway, and otherwise, it should be destroyed if no longer in service if you ask me. It's just not worth the risks involved.

I'm not trying to pick a fight, but how can allowing a media block to play unencrypted source content without encryption lower that effort?

If a content provider chooses to supply unencrypted DCPs, then those can very easily be re-rendered into any form you like. Any old PC can do that: you don't need a DCP server or media block. If the DCP is encrypted, you still need a KDM, the secure clock restrictions are still enforced, the output is still link encrypted, and you still have the 128-bit public/private key encryption.

Where you may have a point is that if the media block is capable of playing unencrypted output under any circumstances whatsoever, that in theory makes it easier to make an unauthorized modification to the security manager software such that it can output encrypted DCPs en clair as well as unencrypted ones. But if you're capable of overcoming all the obstacles involved in reverse engineering this firmware and then getting it back into a FIPS-protected processor, you are likely capable of modifying it such as to change the requirement that all output be encrypted, too.

Anyways, in terms of Devin's project, all this is moot. There are at least two models of DCI-compliant media blocks (the Dolby DSP100 and cat862) that have an unencrypted in = unencrypted out mode, and there may be others, whether anyone feels that this is a good idea or not. If somebody acquires one for personal use and that acquisition and use does not involve doing anything illegal, I don't have a problem with that.

As for the Chinese GDC incident you linked to, it was basically a pre-DCI server with the crucial vulnerability that the media block's private key could be cloned with that of another, thereby enabling KDMs that were issued for other media blocks to be used with the compromised one. Some early pre-DCI server/media block combos also used the server's BIOS clock as the reference clock, too, thereby enabling one legitimate KDM essentially to be without any time restriction (as long as you knew the time window that the KDM was supposed to be open for).

The jump to DCI-compliant firmware closed both of these loopholes. As you allude to, the problem for the industry was getting the pre-DCI equipment still in the field either upgraded or returned to the OEM for certifiable destruction. As it was sold outright to its owners, they can't be forced to upgrade it or part with it if they don't want to. I don't know if it's possible to write KDMs such that they simply won't work on a media block that is still on pre-DCI firmware, but if so and IMHO, that is the best way to deal with that problem.

Leo, bypassing encryption is a job of overcoming a sequence of issues. If you managed to make a card play encrypted content like it was not encrypted. or simply bypass the forensic watermarking. Having then to hack the player software to allow unencrypted playback is another wall to climb making it harder to achieve. Capability considerations is not really a factor. It's more like, adding extra characters to a password to up the entropy. It just makes it more difficult for any attacker making it less likely they will bother. And that's why vendors now restrict those capabilities.
The fact you indicate some old hardware in the field is still getting updated to current certificates is not the point. I consider that inappropriate, but some bean-counter has gotten it across the line for approval, likely not wanting to spend the money to fix the problem. Doesn't make it right, still opens up potential attack vectors.

At the end of the day, encryption is all about building a wall that costs a lot to get over. All encryption is trackable. It's just how much effort/money it take.

Great, get this old hardware going, but I am just pointing out the risks. I am all for utilising hardware that's old but still worthwhile. I do it all the time myself as I have the technical ability to do so.
But be informed about the ramifications of doing so with DCI equipment.

There are no ramifications. If the studios were worried about certain servers being out in the wild, they wouldn't be out there.

By definition security and usability are at odds, and yet both are connected to profit. Clearly neither security nor usability in principle are perfect in DCinema, but the balance between them has been optimized for least shows lost and least movies pirated. To that end, I consider DCI's security successful.

In most cases (the possible exception being some VPF arrangements), servers and media blocks were sold by their manufacturers outright, not rented or leased. The end users own them. If the studios want them removed from use, they cannot force their owners to part with them. Their two options are either simply to refuse to issue KDMs for pre-DCI media blocks, or to provide incentives for owners to trade in older servers and media blocks for upgrades. GDC was doing this at one point, and would even accept a video of you smashing your old server up with a hammer in lieu of actually shipping it to them! I don't know if that offer still stands.