|
|
 
|
|
Author
|
Topic: Chinese bootleg DCP Piracy busted
|
|
|
|
|
|
|
Leo Enticknap
Film God
Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000
|
posted 06-07-2019 10:43 PM
quote: GDC spokesperson quoted in the article
"...GDC is actively working with the stakeholders in China and US to devise a viable solution to eradicate the second hand, pre-DCI/non-DCI compliant servers from the market.”
Interesting. I was recently told that one major manufacturer of IMSes is offering a substantial discount for customers wishing to upgrade from an older server to their newly released model, but on condition that they be given evidence of the physical destruction of the old media block (they suggested a video). I wonder if that is part of the reason why. There again, why wouldn't they just require that the whole unit be returned to them? That way, they could make 100% certain of its destruction.
That having been said, forcing all media blocks running pre-DCI firmware out of circulation will be easier said than done. On this forum alone, we probably get a thread started every couple of months along the lines of "I have a Series 1 projector and a server running pre-DCI software and firmware ... can I upgrade it to run SMPTE DCPs?"
There then follows the usual explanations about TLS certificate recovery, DH and TLS, etc. The takeaway is that there are a lot of theaters out there running Series 1 projectors being fed by pre-DCI servers and media blocks, the owners of whom are loathe to upgrade them, lest they break something. There is no easy way to force these people to upgrade to more secure systems. The choice is either the carrot (offering a massive discount on new equipment, or heavily subsidized service calls by a tech to upgrade Series 1 stuff), or the stick (no more DCPs of major blockbusters for you until you upgrade).
But I'm sure that this news will result in a renewed push to get these older media blocks out of circulation. Not sure what form(s) it'll take, though.
| IP: Logged
|
|
Steve Guttag
We forgot the crackers Gromit!!!
Posts: 12814
From: Annapolis, MD
Registered: Dec 1999
|
posted 06-08-2019 11:28 AM
Another key take away was that a GDC employee could "spoof" the mediablock serial number so while you could blacklist a number, they could get another valid number to put into that server.
If you have a inside-person with that capability, it is going to be hard to stop it. Since the manufacturers create their own serial numbers and certificates, it is hard to stop that sort of thing short of blacklisting a company (essentially killing it) or have such severe penalties as a deterrent. It isn't like a back-door was left open that someone outside of the manufacturer exploited, they exploited someone on the inside.
I'm sure this is probably a reason that lead to GDC no longer changing serial numbers in field units. Sure, they'll change a server chassis to match the mediablock, the mediablock IS the serial number, not vice-versa. And, likely, a reason the SX-2000AR, despite being the same server as the SX-3000 (or close enough to not have a legitimate reason for discontinuing support on the SX-2000AR mediablock). That is the last of the servers where there are two things with a serial number that have to match...no more field changes of serial numbers (as of this coming October).
| IP: Logged
|
|
|
|
|
|
Steve Guttag
We forgot the crackers Gromit!!!
Posts: 12814
From: Annapolis, MD
Registered: Dec 1999
|
posted 06-08-2019 01:22 PM
The article is misleading, in that respect.
The GDC SX2100, SX2001 servers used a mediablock with the secure number, but their original clock was...wait for it...the BIOS clock! So yeah, while it is password protected, a removal of the BIOS battery can get around that ant-hill of a hurdle.
This was true of that server line through version 7.x. Starting with version 8, the clock was on the mediablock and one had to add an additional "loopback" cable to the normal management network to put the mediablock as the rightful security manager for the server, including for time. If you were to read the instructions for going to version 8, they were extremely explicit to get the time correct BEFORE doing the upgrade because after, you were bound to the +/- 6 minute rule (UTC time). There was also a whole procedure to get the mediablock's NIC configured to the right IP as well. That was all for getting it DCI compliant (not using the BIOS clock, among other things). Ever notice that the show clock on a GDC SX2000-2100 is never quite right? It checks/updates at show start when it talks to the SM to get an accurate time.
A simple thing that could be done would be to ensure that KDMs do not work on non-DCI compliant servers, period. DCI compliance happened in 2010 (at least as far as servers go and their security managers), by 2015 they could have legitimately said, you've had enough time to do a software upgrade that, I think, nobody was charging for.
That said, if there is an inside tech at the manufacturer that will spoof a serial number...that is hard to stop. Those servers could be running DCI compliant software and still get around the KDM issue by spoofing a real serial number.
I still put this back at when illegal copies of current release movies get out, it isn't at the theatre level they are doing the deed (by and large) someone on the inside (studio, screener, this case a manufacturer's employee) has allowed it to happen. And by that, I'm in no way implying that GDC or any Studio authorized, encouraged or in any way condoned the action, just that they hold all of the cards...er...keys to allow it to happen.
We, on the other hand, get the KDM frantic calls weekly when some key doesn't work because they needed version 43 out of a possible 62 of the key and either they didn't notice the date/sound difference or the distributor sent the wrong keys (or even looked at the wrong serial number list because they had a computer issue and are looking at a 6-month old list that doesn't reflect a server swap).
| IP: Logged
|
|
|
|
|
|
Marcel Birgelen
Film God
Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012
|
posted 06-09-2019 02:00 AM
The piracy operation in question was much more than just a standard bootlegger who simply leaked the movie on the Internet, they had a serious, mobster-style, business model around it. They probably made millions, not only in RMB, but also in USD equivalents.
They also seemingly, didn't sell to end-users but primarily to illicit cinemas, who probably paid a whole lot more for the hot material than some random end-user would pay for a bootlegged DVD, Blu-Ray or USB stick.
But the article mentions that they sourced the copies of the original DCPs from a projectionist at a local multiplex, who earned the equivalent of about $100 to $150 a month for what he did.
My point was, the wage gap simply makes it far easier to bribe people into doing something like that. I doubt anybody in e.g. the U.S. or Western Europe would be taking the risk for such kind of compensation, because of the enormous risk involved.
| IP: Logged
|
|
|
|
Marcel Birgelen
Film God
Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012
|
posted 06-09-2019 06:08 AM
I think, the next big threat will be removing the actual watermarks. In this particular case, it was only due to the watermarks they did have a clue where they had to start looking.
There is a new trend right now, where cinema auditoriums are only getting smaller. There is also a trend for the "luxury screening room" rental options, where you rent a small auditorium/screening room for a couple of hours to watch one of the latest A-list releases with your friends. Those rooms are fully DCI compliant, but it will be almost impossible to police all those small rooms.
Also, the only thing that's currently stopping certain otherwise legit operations from bootlegging content after-hours, is the watermarking. Once that can be successfully removed, the game is on...
| IP: Logged
|
|
|
|
Leo Enticknap
Film God
Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000
|
posted 06-09-2019 07:59 PM
quote: Marcel Birgelen
There is a new trend right now, where cinema auditoriums are only getting smaller. There is also a trend for the "luxury screening room" rental options, where you rent a small auditorium/screening room for a couple of hours to watch one of the latest A-list releases with your friends. Those rooms are fully DCI compliant, but it will be almost impossible to police all those small rooms.
Agreed. I don't know if this is happening in China as well, but here in California the business model seems to be changing. All the new builds I've been involved in installing in the last year or so have been sites that consist of multiple small auditoria (30-50 seats, typically), with luxury seating and at-seat restaurant service during the movie. The operators can't be raising anything like enough revenue to run these places from movie ticket sales alone, and so the emphasis seems to be on providing as wide a choice of movies as possible to attract customers to eat out, which is where, I'm guessing, the real margins are to be made.
Of course this is great news for us, because multiple small auditoria means lots of projector, server and audio equipment sales. But the studios must be worried, as a reduction in the typical seat count per theater will be a threat to their income stream, unless customers can be persuaded to pay a lot more per ticket.
I've only experienced a theater like this once as a customer, and I have to say I found the experience a bit disconcerting, especially trying to eat a meal in the dark!
But as you say, and bringing this back to topic, more auditoria means more potential opportunities for piracy, even if it is just camcordering.
| IP: Logged
|
|
|
|
All times are Central (GMT -6:00)
|
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
Printer-friendly view of this topic