Protected AAC File Format

1
Protected AAC File Format

• A look into the FairPlay
• DRM scheme used by the
• iTunes Music Store

2
Overview

• High-level description of the MPEG-4 file format
• Introduction to AES (Rijndael) encryption
• A look at how Apples FairPlay DRM scheme
  works
  
• References and further study
• QA

3
MPEG-4 File Structure

• Atom based.
• Two main atoms moov and mdat
• moov contains metadata about the actual media
  data
  
• mdat contains the actual media data

4
MPEG-4 Atom Structure

• Every atom has a header (size, type)
• Atoms may be nested
• Atom type is used to determine how to parse the
  atom data

5
Typical m4p (Protected AAC) File

• ftyp -- file type
• moov -- metadata information
• drms -- DRM metadata
• user -- iTunes user ID
• key -- iTunes user key
• iviv -- AES initialization vector
• name -- iTunes user name
• priv -- AES private key
• mdat -- encrypted media data
• a series of samples, each encrypted
  individually
  
• free -- unused space

6
AES (Rijndael) Overview

• Block cipher (symmetric, works on groups of
  bits)
  
• Variable block and key length (iTunes uses 128
  bits for both)
  
• Two common modes electronic cookbook (ECB --
  more performant) and cipher-block-chaining (CBC
  -- more secure, used by iTunes)

7
AES (Rijndael) Description

• Components
• Initialization vector
• Key
• Input Data
• Algorithm is initialized with the initialization
  vector (provides a possible additional layer of
  security).
  
• Each block of the input data is then hashed using
  the given key.

8
ECB vs. CBC mode

• Using ECB, repeated instances of the same input
  block encrypted under the same key form the same
  cipher block. Thus, you can determine the key by
  analyzing the output data for common blocks --
  not secure!
• CBC avoids this by chaining. Each block is
  XORed with the previous cipher block before
  encryption. Thus, there is no (efficient) way to
  determine the key by analyzing the output data.

9
Apples FairPlay DRM

• ISCInfo key database stored on hard drive / iPod
  contains user keys for the AES encryption of the
  sound sample data. Which key was used is in the
  key and user atoms within the drms atom.
• Each user key in the database is encrypted using
  a system key.
  
• On Windows, the system key is a hash of Bios
  Version, Processor Name and Windows Version (from
  registry).
  
• On an iPod, the system key is the iPod hardware
  ID.

10
Typical m4p (Protected AAC) File

• ftyp -- file type
• moov -- metadata information
• drms -- DRM metadata
• user -- iTunes user ID
• key -- iTunes user key
• iviv -- AES initialization vector
• name -- iTunes user name
• priv -- AES private key
• mdat -- encrypted media data
• a series of samples, each encrypted
  individually
  
• free -- unused space

11
References and further study

• MPEG-4 description (http//www.chiariglione.org/mp
  eg/standards/mpeg-4/mpeg-4.htm)
  
• AES homepage (http//csrc.nist.gov/CryptoToolkit/a
  es/)
  
• VideoLAN project (http//videolan.org/)
• Hymn project (http//hymn-project.org/)

12
Questions?

• Why is the sky blue?
• What is the price of beans in China?
• Will I lead a happy life?