introduction to video reverse engineering · introduction to video reverse engineering vittorio...
TRANSCRIPT
![Page 1: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/1.jpg)
Introduction to video reverse engineering
Vittorio Giovara
Brussels 2016-01-29 FOSDEM - Open Media
CC-BY-SA
1
![Page 2: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/2.jpg)
About me‣ Libav/FFmpeg developer (~10 decoders)
VideoLAN association member
‣ First known use of x264 in broadcasting
‣ Took part to HEVC/H.265 standardization
‣ Pupil of Kostya
‣ [email protected] on Freenode IRC
2
![Page 3: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/3.jpg)
What
‣ Reverse engineering can be considered a fundamental element of science
‣ Understand how things work and find rules about their behaviour
‣ As such it can be applied to anything
3
![Page 4: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/4.jpg)
What
‣ ... but let's focus on digital video for now
4
![Page 5: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/5.jpg)
Theory
‣ A video is a series of frames
‣ Frames are data that represent images
‣ They can either be compressed or not
‣ Data is packed in some way
5
![Page 6: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/6.jpg)
Many many ways‣ Lossless or lossy
‣ There might be a header
‣ Frames contain RGB(A), YUV, deltas, entropy, slices, inter/intra prediction...
‣ Luckily many codecs rip each other off (Real, DivX, VP1-9, and many more)
6
![Page 7: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/7.jpg)
Categories‣ Screencast
‣ Run-length encoding
‣ Intermediate
‣ Entropy-based
‣ Japanese codecs
7
![Page 8: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/8.jpg)
Tools of trade‣ Common sense
‣ Specifications and patents
‣ Strings and debug info
‣ IDA/HexRays
‣ Someone to talk with
8
![Page 9: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/9.jpg)
A few examples‣ Quickdraw PICT
• Samples + Spec + Decoder
‣ TDSC.asf
• Samples
‣ CSEUvec.dll
• Samples + Decoder
9
![Page 10: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/10.jpg)
PICT
![Page 11: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/11.jpg)
![Page 12: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/12.jpg)
![Page 13: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/13.jpg)
![Page 14: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/14.jpg)
TDSCFormat : Windows MediaFile size : 39.3 MiBDuration : 7mn 42sOverall bit rate mode : VariableOverall bit rate : 713 KbpsMaximum Overall bit rate : 717 KbpsEncoded date : UTC 2015-03-02 12:41:49.784
VideoID : 1Format : TDSCCodec ID : TDSCBit rate mode : VariableBit rate : 703 KbpsWidth : 1920 pixelsHeight : 1080 pixelsDisplay aspect ratio : 16:9Frame rate mode : VariableNominal frame rate : 30.000 fpsBit depth : 8 bitsLanguage : Chinese (TW)
14
‣ ./avconv -i ~/tdsc.asf -f image2 -frames 1 zlib1.dat
![Page 15: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/15.jpg)
15
![Page 16: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/16.jpg)
5 line tool
unsigned char ibuf[SIZE], obuf[SIZE * 10];int main(void){ uLong ilen, olen; ilen = fread(ibuf, 1, sizeof(ibuf), stdin); olen = sizeof(obuf); uncompress(obuf, &olen, ibuf, ilen); fwrite(obuf, 1, olen, stdout); return 0;}
16
‣ Can be easily extended to skip the header dynamically
‣ Try different compressors
![Page 17: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/17.jpg)
17
![Page 18: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/18.jpg)
18
‣ Tag based
‣ GEPJ is JPEG in little endian later in the file, WAR means RAW
‣ Count the readable tags, they are 240
‣ 0x80070000 is 1920 0xC8FFFFFF is -1080
‣ The 0x28 next to size is suspicious
![Page 19: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/19.jpg)
19
![Page 20: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/20.jpg)
‣ Every frames is ZLIB-compressed
‣ TAG-based format with tiles
‣ Uses Windows-header style
‣ Has mixed JPEG and RAW data
20
![Page 21: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/21.jpg)
Canopus HQX
STOP - IDA TIME
![Page 22: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/22.jpg)
![Page 23: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/23.jpg)
![Page 24: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/24.jpg)
![Page 25: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/25.jpg)
![Page 26: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/26.jpg)
![Page 27: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/27.jpg)
![Page 28: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/28.jpg)
Why‣ You can read the Matrix!
‣ Avoiding vendor lock-in
๏ Cineform/GoPro ♒︎ SMPTE-VC5
‣ Fighting digital obsolescence
๏ FFV1/MKV archiving codec
‣ Daala, Thor, VP10 (Open media alliance?)
28
![Page 29: Introduction to video reverse engineering · Introduction to video reverse engineering Vittorio Giovara Brussels 2016-01-29 FOSDEM - Open Media CC-BY-SA 1](https://reader033.vdocument.in/reader033/viewer/2022052500/5f8d9d2191181f7f9529b98e/html5/thumbnails/29.jpg)
Thanks
Questions?
29