Video encryption for local software

Question

I want to show some video files in my local software with some protection in case a user wants to copy them. I searched encryption methods and some DRM solutions, but I don't want internet connection, if that is not the only choice. I am developing my application with C#. Video files will be on CD.

Basicly what I am planning to do is, keep video files encrypted on CD, and have decryption on RAM so not every player can play encrypted file, only my player can and they won't be copied (I hope). I heard a similiar project made on Delphi but I don't know if this is the best way in C#.

My questions are

1. Is this a good approach in C#?
2. Is this method suitable for mp4 or avi files?
3. Are there any libraries for this process in C#?

Progress: I searched about CD copy protections in SO. A user recommended keeping data of CDs prewritten area and store it somewhere. Maybe I can make unique players, each can have that data embedded. Or, use a database on web but I'm afraid this will create more security leaks, I will need to secure database also. However, it can be a better idea as no user will have the key embedded in their program. I feel like I'm really stuck :) Any help will be appreciated.

Answer 1

DRM is always security through obscurity. As long as you are obscure, it might work for you for a while. However ...

You can use a custom decrypting video play and people will just copy the player. So, they would have to protect the player too -- this means generating a magic token and having the user enter that token. Unless you want. If you want this to work, you must have some form of product registration, where the registration key (the magic token) is based up identifying information on the target computer.

For example, you combine some "stuff" from the target computer, say primary hard drive volume id, create timestamp or the system volume (just to keep it real simple), then you write a webservice that register the software takes these time items and generates the token and this is put back to the users computer by whatever mechanism. Your software then computers the token via the same algorithm when the player runs and fails with a licensing error if they don't match.

You now have new problems. 1) People can inspect the local executable to figure out you token algorithm and just where it computes the OK/NOT OK flag and patch the code to make it ok to decrypt the video stream. 2) If someone rebuild's their computer due to a hard drive failure, their software no longer works. So, you have to figure that out too unless you want to have unhappy customers saying bad things about you on facebook. 3) People know your licensing server will go down when you go out of business, die., etc. so they won't buy your protected video in the first place 4) You will waste of lot of your time that could be spent more productively earning money doing something useful. 5) And you will waste money too

By using a DVD and its native copy protection, you don't waste a lot of your time, but you don't get much protection either an lots of people are smart enough to type in "decrypt dvd" on their favorite search engine. This is the "Kobayashi maru scenario"

Forget to mention one final coffin nail. C# is a bad approach for security through obscurity because CLR can easily be disassembled, you would also need to obfuscate your C# code -- still much easier to decompile / debug that native x85 code.

Answer 2

1. No, this is not a good approach. Your assumption is that the CD will be copied, but your player won't. This is quite unlikely.

2. In general those files can be played by other applications anyway (if you'd encrypt the files, they wouldn't be AVI files anymore). You could scramble the video, though, so other applications can play it but it just looks entirely wrong. Can be as simple as flipping the R and G channels in RGB.

3. No, because the idea is flawed to start with. See point 1. There is probably snake oil for sale, though.

Keep in mind that your budget is about a billion times smaller than Hollywood's. They'd want the same DRM as you want, and still couldn't get it.

Answer 3

You can try BoxedApp video streaming (commercial, payed), which is applicable to any stream.