Although I too am no cryptographer, I believe there is an additional constraint where the public exponent needs to be small. Also the paper I read says these conditions can lead to discovery of the key in "polynomial time" which doesn't necessarily mean fast.
I'm again talking out of my depth, so take this with salt, but my understanding is the small public exponent is for the sterotyped message version of that attack not the partial key recovery variant.
Hasn't this person committed a crime if they are in the U.S.?[1]
Not that I think that this is morally wrong, just that I've always been concerned that people who try this and gain enough attention could face legal penalties. I would not do something like this without taking measures to stay anonymous. A similar case is the PS3 hacking case.
The world is large, so I'm not convinced this is an interesting question unless we're already certain where they are. We don't bother to discuss Indian or Chinese law on these matters either (even though both of those countries are also large).
The majority of media-based DRM implementations are completely bunk and fundamentally broken. You — yes, you, reader — are able to take advantage of DRM implementations and break their fundamental premise without much effort. What's the point if someone with a faint degree of technical ability can redirect your content? I'd argue you're just putting lipstick on a pig.
The idea itself is nice; I get the point. If I'm a studio I want people to pay for the product. DRM doesn't encourage people do that at all. It's like the idea of media blackouts in local markets: you're just driving people to alternative sources, not to buy a cable package.
The majority of media-based DRM implementations are completely bunk and fundamentally broken. You — yes, you, reader — are able to take advantage of DRM implementations and break their fundamental premise without much effort
But, apparently not Widevine and not the kind of HN reader who wrote the article. They spent weeks trying to extract the key and failed. The article is a story of their failure.
The thing with the key is also checking if you're licensed, and negotiating with the OS/GPU/display device to prevent you from screen recording it. So the key isn't useless. It doesn't stop you from pointing a camera at the screen and recording it that way, but stuff like Cinavia can stop that too. So, the key does matter.
So in the end, Widevine complexity won. For now. I have always thought that obfuscation is easier to undo. It is the underlying MATH which is difficult. The best anti-cheat are Math heavy than the instruction trickery. Though both are present simultaneously.
Can someone explain what's the point of DRM for video streaming when you can do screen recording so easily. It could make sense in books and games but why is netflix such a heavy proponent for it?
Depending on the solution,it might involve watermarking so that they can trace where the streams that end up on the internet come from and cut off those users. If nothing else, im sure it shows up in the analytics if someone's netflix account is 24/7 streaming every episode of every show without break.
Although the real answer is probably: studios require it in their contracts and netflix has to play nice.
I think people often evaluate DRM as if it stands alone. In reality it's only one component in an integrated system of technology, economics and law.
A good enough DRM system does not have to be 100% unbeatable all the time. It's sufficient to:
a. Delay a hacked release until after most of the sales have already occurred. This is very often the case with successful game DRM. A crack after six months is irrelevant because virtually all the sales are in the first month or so. A crack that comes out after everyone with interest has already ponied up doesn't matter much, and in fact an unbeatable DRM that never gets cracked would suggest misallocation of resources!
b. Focus cracks on a handful of specialists who can then be investigated and potentially prosecuted or bought out. A DRM so easy 100,000 people can crack it is very different to a DRM that only 5 people have cracks for and where they keep their cracks private. The latter becomes amenable to non-technical approaches. Again, an unbeatable DRM would probably represent a waste of effort.
There are quite a few DRM schemes that have achieved this level of good-enough success which is why despite decades of people railing against it in online forums such as this one, it sticks around regardless.
You will most likely find that your OS gives you a black square for the DRM content when you record the screen. This is facilitated by OS support on Windows, iOS, etc.
It’s also why HDCP exists to prevent capture from HDMI etc.
A workaround for that is to put a lightweight OS onto a virtualbox VM and then record the output from the Host OS after putting the VM into fullscreen mode, or you cand buy a cheap HDMI splitter that accepts HDCP on the input but doesn't put it back on the output.
It doesn't on linux distros. It's dead easy to record DRM'd media, although it takes a little bit of oomph to not drop frames. This is why Netflix limits Linux to 1080p.
>It is my honest opinion that DRM is a malignant tumor growing upon various forms of media, and that people that either implement or enforce implementation are morally repugnant and do no good to society. With that in mind, I was sad to learn in May 2021 that the original extension would soon be rendered obsolete.
I really can't agree more. I don't use, and never have, services that require DRM. I buy my games from gog.com and itch.io and the like, get media from free-to-air television and state broadcasters, and buy music either from the artist or from good and reputable music labels like hyperion.co.uk. I buy books in a dead-tree form, or as DRM-free PDFs. I will simply not buy, use, or support DRM and I occasionally tell firms that I am not giving them business because of their inane corporate decisions.
This might seem like a hard rant, but all of these binary blobs can be broken with varying degree of difficulty -- as this person's work shows -- because DRM is fundamentally pointless. It's such a waste of human endeavor! Think how many CPU cycles are burnt doing this! Estimate what the total cost of HDCP + Widevine + DRM etc is on the planet! It is pointless, insulting, and frustrating!
I dunno, it gave this person a lot of trouble and the result is maybe a very narrow victory that doesn't practically matter? And this is the lowest level of widevine security - L3 which is basically assumed to be owned. Good luck with L1 which uses trusted compute primitives. DRM has won.
And I'm saying this as someone who agrees DRM is a threat to society as we're taking things that the world could otherwise have for free and denying it them so we can instead charge a small % for it. So we're intelligent enough to build this kind of technical sophistication but we are unable/unwilling to figure out a different model for financing it.
If you know where to look L1 content can be readily downloaded, including the original 4K streams. As usual the net effect of DRM is to make the paid service inferior to piracy. That's not what I would call "wining".
I don’t understand how it can ever be secure unless you let some DRM representatives basically come and do inspections.
Fundamentally, you are going to show a video and play an audio stream. Fundamentally, it can be recaptured perfectly because it must be displayed and played perfectly. There is simply no way around it. DRM can only make life hard for the regular Joes.
> I don’t understand how it can ever be secure unless you let some DRM representatives basically come and do inspections.
Oh god, that’s a level of hell I haven’t even imagined. I wonder if the future could ever become as dystopian as that for real. What it would take for that to happen, and how.
I don't know, but assume, that the movie studios do this for movie theaters.
Seems to work pretty well, since too my knowledge those are only ever leaked by audience members pointing a hidden camera at the screen (with all the quality issues that entails).
In theory DRM could be mathematically perfect. However DRM relies on actual implementations both in software and hardware and shares a lot with broader security. Software implementations can have bugs but it’s relatively easy to ship fixes. The hardware level however is where it becomes very difficult to ensure a valid implementation of “secure compute” or “trusted zones” which are key to DRM and general security, particularly from an agent with physical access. It costs money to ship new fixed hardware, if it’s even possible. Then even if a given hardware implementation is correct there are ways to physically glitch the hardware to skip the checks. ESP32 chips had an issue like that where the hardware encryption was correct but simply “glitching” the voltage at the correct time could cause the processor to skip the encryption check entirely [1]. It’s very difficult and costly to make hardware immune to all such attacks. Small seemingly unrelated physical details can become novel ways to break the encryption system (like specter).
Ultimately I’ve come to believe that DRM and it’s cousin of system security is an economic game. So DRM useless in that it will probably be cracked after some time, but that time can translate to revenues or control until that point. It depends on how much money you have to throw at either hardening and cracking systems. It’ll likely become harder (i.e. more expensive) in the future to crack hardware DRM in the future as the technology becomes more sophisticated and classes of vulnerability are discovered and mitigated. But then the cracks become more valuable both for anti-DRM or anti-security.
How can DRM ever be perfect? It relies on your computer to be able to decrypt the data so it an never be "mathematically perfect" like regular encryption can be.
Current DRM is all about shoving the decryption part as deep in to a chip as possible and betting on the fact that it is physically too hard to extract that info. So it will always be exploitable with some amount of effort.
The DRM implementation and algorithm could be "perfect" in a mathematical sense, but as you point out they tend to rely on a PUF in the silicon hardware. Currently very hard to extract but not completely so. However, say a system had a quantum based PUF then it could be unclonable due to QM. Such a system could still be potentially cracked by causing issues in the processor itself like with the ESP32s. Which was my point, since there's a physical system to work in it'd be impossible in a practice to make perfect. Hence it boils down to economics.
It doesn't boil down to economics at all. Even if you push a googolplex dollars into perfecting it. If you wanted you can still relatively easily snoop the electrical signals that control an LCD to reconstruct the video. This is not possible to encrypt and never will be.
It could only be described as "mathematically perfect" in the sense that without the decryption key, the encrypted data is no more useful than random bytes.
But DRM fundamentally needs to have the decryption key available at the end user's device - which at least in my opinion, makes it better described as "provably mathematically impossible".
You still have to deliver the new keys to the clients. As long as the client can decrypt the file, the client can also decrypt and dump it to storage. And if the top pirates keep their methods secret, you can change the keys all you want and not know how they are extracting them each time.
Pay NZ$20/mo for Netflix in UHD, or fuck around on pirate sites to make sure none of the people making the series and films I'm enjoying, while hoping that no-one has dropped an entertaining payload in the site ads or the files I'm downloading is "piracy is more convenient"?
The downvotes are for a shit take disconnected from the reality of people who aren't determined not to pay for something.
It sure is when I can load an entire show on a Plex instance and can sync it on my mobile device without any arbitrary limitation (like how many episodes I can sync, or synced copies that expires after a while which I experienced abroad on Netflix).
This has nothing with a determination not to pay or to have studios go out of business. This has everything to do with artificially restricting me from being able to watch the content I pay for in a manner which is convenient to me. I have no interest in buying into a proprietary ecosystem of shitty software just to watch a TV series.
Whenever a service provides content in a way which I can access DRM free, I make sure to reward them for it by voting with my wallet. I sometimes also tell them to make sure they understand that one of the factors in my decision to give them money was the fact that they offered the content DRM free. But not because I wanted to re-upload it for free via bittorrent or show it in a cinema to all my friends, but precisely because I wanted to watch it on my computer without having to install crazy whitebox crypto nonsense.
I don't think normalising having to run someone else's crazy whitebox crypto nonsense on your computer is a good idea. Even if most people don't know or care.
This seems to be confirmed by the fact that most torrent sites have 4K copies of brand new streaming only content while no publicly known exploits exist.
Since you are running the exploit locally without affecting other peoples machines, I imagine it would be close to impossible to work out what exploit they are using.
Are those actual decrypted copies of the original stream, though? Or did they just re-record the output? For the latter you'd only need to break HDCP, right?
Well but there's likely to be at least a small quality difference, and a considerable a quality per file size difference, because the video would need to be re-encoded.
Broken TZ does not mean the algorithms are broken, only that exploits exist to bypass TZ. Fixing the exploits doesn't break anything about the algorithms for decode / decrypt.
Yep. I remember when Blu-ray "required" Windows Vista because it had better DRM APIs then a few months later the studios gave in and allowed playback on XP... which was immediately cracked. Ultimately you have to meet customers where they are which is old devices.
DRM is always pointless because the content has to be converted to analog form at some point. So, it gets decrypted in the DistrustZone, decompressed, then encrypted again before it goes over HDCP to your display, which then decrypts it to show it on the screen. Couldn't you capture the LVDS signal that the display panel receives? And even if you don't do that, isn't every version of HDCP cracked already so you could use a capture card instead?
The last bastion of DRM is forensic watermarking (so they can trace the leaked video back to your device) and key revocation (so your device won't play any new content). These techniques are so complex that they aren't used much.
So they trace the ripped video file to a particular throwaway account that was registered with a prepaid card, then what? And if you're determined enough, you could as well rip multiple copies on behalf of multiple accounts and average out the pixel colors.
> you could as well rip multiple copies on behalf of multiple accounts and average out the pixel colors.
Can you show that this can reliable get rid of the fingerprinting? This particular method could be countered by only including the fingerprint info in a few random frames, then you'd be able to retrieve the account info of all the accounts that participated in ripping. I don't think finding a method to counter any sort of fingerprinting is as easy as "just averaging the pixels".
It's my understanding that most schemes actually use very low frequency encoding with a large amount of error robustness built in (probably involving Haar wavelets) in order to maximize the probability that it survives re-encoding. Still, these schemes are not faultless: if you have two devices, and are knowledgeable enough to break the DRM twice for the same content, you're probably smart enough to take the md5 and shasum of the resulting bitstreams and diff them. Any discrepancy results in signal processing transforms until they have the same hashes...
If they can get the content key out of TZ, they don't even need the per-device key, and TZ based decoder anymore.
They just straight decrypt any files, which were at some point laying in the open on CDNs.
I believe, sooner or later it will come to the point when the only way left for DRMed content to work will be to have each stream individually encrypted, and watermarked at the backend at an enormous computational expense.
Watermarking is the kind of DRM I'm 100% okay with.
Please, sell me a watermarked but DRM-free video file that I can use with any player on any device. If I share it, you'll know it was me, but otherwise I have complete freedom. Win-win.
Isn't it also incompatible with the distribution model? Because personalizing video for every customer is hard to scale for companies that rely on reducing cloud costs
I took conradev to mean "the model of distributing the same content to everyone via traditional (passive) CDN".
Movie theater watermarking is done during playback, but if Netflix was going to do watermarking, it would have to be done prior to delivery of streamed bits or it would be susceptible to the same "it's just software" attacks as any other local software-only approach to DRM.
I think if DRM didn't exist piracy would be just as rampant (i.e. not very, since for the average joe it seems more convenient to just go on netflix or amazon prime or whatever) and people would still get paid.
People are against DRM not because they don't want to pay for content, but because they want to be able to play the content they pay for. And not in breach of the license they have been sold.
I have every interest in participating in the content market and paying people to make content. I have no interest in having to buy special proprietary hardware or run special proprietary code on my computer just to do it.
>we're taking things that the world could otherwise have for free and denying it them so we can instead charge a small % for it
Are we? Where are the studios making feature-length movie-quality content and putting it on YouTube to be supported by ad money? There isn't even an equivalent to TV in that form factor. All of the new content that requires any sort of production budget (actor salaries, non-trivial special effects) is on platforms with subscription fees and DRM to require those subscription fees because we can't have these things for free.
Seriously though, those of us who don’t like DRM need to switch messaging from “It’s bad AND it’s pointless/useless!” to “It’s bad!” The “it’s pointless” part has clearly been interpreted as a challenge, and now we’ve got incredibly invasive junk creeping in at all levels of hardware and software, and it’s not actually inconveniencing everyday consumers that much (hackers and powerusers are a different story), and it’s working better all the time.
I’m not sure exactly how to make this argument these days, but smugly saying “DRM will always be pointless in the end!” isn’t actually true, and I feel like we need to focus on the fact that the measures being taken to make it not pointless are impinging on both user privacy and the ability of open ecosystems (like Linux distros and more open hardware) to be useful for everyday media playback.
DRM is merely a symptom of the copyright disease. People actually want to believe data is scarce when it's not. When proven wrong, they make technology to force scarcity. It makes products and services worse for everyone and even then it barely works.
The only way to stop this is to abolish copyright.
I agree that our current copyright system is certainly out of hand, but it does serve a purpose. Out of curiosity, what system would you suggest in its stead?
Maybe patronage schemes? Crowdfunding? I have no idea. I just know that we can't go on like this.
The only way to enforce copyright in the 21st century is to destroy computing freedom. I'd rather sacrifice the entire copyright industry than have computers that only run software they approve.
> every song from Amazon MP3 is DRM-free and encoded in high-quality 256-kbps MP3 format. This means that they will play on any MP3 player, so you don't need to worry about file format compatibility or licenses that expire.
The production costs in music are orders of magnitude lower than those for video. It takes far fewer people far fewer days to record a song than a TV show or a movie. The equipment involved in recording, mixing, and special effects are all dramatically cheaper, which also makes the entire process more accessible and enables scales that do not exist for most media.
A business model for one thing does not generalize.
Sell things for money generalized pretty well in basically every other field. It actually generalized pretty well in video too. This is just adding "remove the DRM". It'll be fine once all the old studio execs retire...
The price of music is dramatically lower. Its consumption model is entirely different - a song may be played dozens of times on a radio station or a streaming platform, each performance for pennies. Video, on the other hand, is predominately a single-shot mechanism. There's enough new content that almost no customers will watch the same piece of video multiple times. You have to make back all of your revenue in that initial purchase. Combined with higher production costs, you need higher prices. You also need a guarantee people will have to pay those prices to justify the investment and even begin the process. DRM is such a guarantee.
First, streaming services charge people money and sell them a thing: access to music. Not liking it won't make that different than movie tickets.
Second, the price is identical. Streaming providers charge $10/month (or very close to it) regardless of what the content is. Also, albums when new are $10-$20, and movies new are $10-$20.
Very few stores choose not to enforce copyright. Those that do have smaller selections of works for sale because copyright holders refuse to sell their stuff there. The result is still a service that's inferior to copyright infringement.
> Those that do have smaller selections of works for sale...
Did you not see the name in the link? More to the point, can you point me to a major music store which does use DRM? I'm not aware of one. Perhaps you've been pirating music so long you missed the shift? It happened around 2009.
Here's an article from 2014 about the steps to remove DRM from your pre-2009 library. Tl;Dr, delete and redownload from Apple, no DRM! This is Apple's recommended approach.
Yes, I did see your link. I guarantee you if I search certain songs in there, they won't even sell them to me because of where I live. No doubt all the pop stuff is there but I don't like that stuff.
In any case, I don't listen to music very often. When I want to listen to something, I just look up specific songs on YouTube. I never cared enough to "pirate" music but I can tell you that the quality of "pirated" music is orders of magnitude higher than whatever is sold by Amazon. The people in those communities go to truly incredible lengths to ensure they have the highest quality audio possible. Companies generally just want to push out a release for the lowest possible cost.
I care more about films, series, video games and software in general. You'll find that in those categories DRM is the rule.
How do you feel about "effective DRM"? For example, an online RPG where you pay a monthly subscription to play with others in the same world.
You could play single-player, or reverse engineer it and try to create a private server and modified client to play with others who choose to use the same modified client, but unless the implementation is unusually poor, the "DRM" is pretty much unavoidable if you want to play on the official servers.
That’s not really DRM, that’s actively providing a service. Some studios try to tie in single player experiences with online components as a form of DRM but those are invariably quickly cracked and are often a source of embarrassing launch day failures so they’re not that common.
That depends a lot on whether or not the servers do actually provide value (e.g. a decent MMORPG – in my life I've played Eve and WoW, until about 2007) or are just egregious (I have a legal license for Adobe's Creative Suite CS6, and I'm sure as hell not upgrading).
The point of DRM isn't to prevent piracy, but to control manufacturers, who cannot legally break DRM, so they have to comply with whatever the DRM licensing cartel demands.
Prevent screenshots, prevent skipping ads, prevent recording (remember VHS recorders?), enforce region locking.. so many legal activities can be effectively made illegal, since manufacturers cannot both support DRM, and offer these options.
> This might seem like a hard rant, but all of these binary blobs can be broken with varying degree of difficulty -- as this person's work shows -- because DRM is fundamentally pointless.
I think that this ease of circumventing DRM is actually an indirect, but major, reason why movie theaters will never really go away. Online streaming new movie releases is great for direct-to-consumer business, but it comes with the risk of losing control of your distribution due to ease of piracy. Why would a frugal person pay $30 for "premier access" to a new movie on Disney+ when they can just go to Pirate Bay and torrent a perfect-quality rip for free? It's much easier to keep AMC Theatres in line than a global network of average Joes.
DRM is not about piracy. Content producers know that all their content ends up on PirateBay anyway, and know DRM causes them support costs and lost customers.
For content distributors DRM is still worth in because of the power it gives them in dictating how the content can be viewed. They can demand hardware manufacturers to give them prominent placement, or be blocked. They can sell the same content over and over again for every screen type and platform individually, with rules and prices at maximum each will bear. They can set their own rules, instead of relying on general provisions of the copyright law.
But the point is that DRM doesn't give content producers power over how content can be viewed. I could, if I wanted, go on The Pirate Bay and torrent Black Widow for free, and watch it however, wherever, whenever I want, regardless of whatever DRM Disney+ has on their streaming. It doesn't matter whether hardware manufacturers are restricted from displaying DRM content, because they can be bypassed entirely.
But that happens only after they've already sold the finely-carved distribution contracts, got branded TV remotes, and kickbacks they wanted. The legally-operating companies that sign contracts need to act like DRM is real, because the law says it's real.
I used to go to the movie theatres all the time and spend $30+ to see a movie in the Dolby Digital Experience and the like, but it’s easier for me to pirate than it is for me to sign up for whatever streaming service and watch a movie there. They’re always available immediately after release in the highest quality.
Bad Windows font, probably. It's just using the default system fonts, which in case of Segoe UI doesn't employ caps for I. Ironically, Segoe (just Segoe, the reference font) do have caps on I.
No. Once Google revokes an old version of the CDM, the servers will refuse to issue a license for that version. The license basically contains encrypted keys for the content. If you already saved the decrypted keys for a specific content, you will be able to decrypt it even after the revocation, but you won't be able to get the keys for any new content with that version anymore.
We're not (yet) at the point where actual content keys are rotated frequently, because that sounds like a lot of effort though technologies exist for this already, they're just not in widespread use.
> Every time this is broken, am I right in saying all encrypted media needs to be re-encrypted with the updated version of widevine?
Yes, but so far no big Netflix-like website did it. It's a credible guess that all encrypted L1 content long been downloaded, and is just waiting decryption (NF used to use HTTP to serve encrypted files in the open, without any API wall some years ago)
By this point everyone would agree that platforms that eliminate all piracy dies. So they’ll send out couple DMCAs until it’s sufficiently unknown and that’ll be all.
The point of semi-unusable DRMed crap when L1 released keep getting WEB-DLed?
Very likely it's not the Shield now which leaks L1, but an actual key recovery because they get the stream even before it gets watermarked in the secure domain.
My guess, it's Qualcomm's debugging TZ applets. They cannot really revoke keys because they will take down a giant amount of Snapdragon based handsets for which manufacturers don't bother to put a single OTA.
This is also likely why Netflix uses such a silly restrictions as refusing to run on old Android version numbers on some Snapdragon handsets, which are easily root bypassable.
Lately Google has mostly stopped revoking whole devices. Instead, when someone extracts a key from a device and it leaks publicly, they just revoke that one specific device's key. That improves the experience for legitimate users, but also means the person who extracted the key can just go buy another device of the same model and use the same exploit to extract a new working key.
1080p WEB-DLs are very common if you're in the right places, but even public trackers should have plenty. 4K is slightly less common but does also happen, with frequency depending on the streaming service.
The Grand Tour S04E03 4k web-dl is readily available on private torrent trackers hours after public release on Amazon Prime.
No idea what encryption Amazon use, but suffice to say it is thoroughly broken by someone out there. Given the expense of acquiring those presenters and the production costs of their shows, and how they bring people to the Prime video platform, I suspect Amazon is reasonably interested in keeping that content protected.
I've never really looked long into these things, but now that most GPUs do the actual video decoding, how come it's still not possible to use Linux or any random OS? Isn't the GPU supposed to somehow guarantee that it only sends the decrypted stream to a compliant screen? Isn't this the point of HDCP?
When this was done in software, I understand that open source decoders could have been modified to pipe the clear stream to disk, but now the software basically just hands the encrypted blob to a "trusted" hardware decoder.
Linux is not the issue here but ARM processor as OP said. First DRM library for ARM came only earlier this year so finally I am able to play DRM content on Raspberry Pi 4 in Chromium but I am not going to because chromium is painfully slow and plugin maintainers have figured out how to play Netflix in Kodi.
edit: DRM library still doesn't get to "fully FLOSSed"
So then Netflix et al.'s requirement of Windows or macOS in order to play high definition video is purely artificial on x86?
Last time I checked (a few months ago) they didn't even support Chrome (either Windows or Mac) for UHD, they required Safari, Edge or their own Windows app.
The UHD restriction is not a technical one. Content producers and the rest of the media industry has strict requirements about streaming. UHD content uses proprietary DRM systems from Microsoft and Apple that are considered more secure than WideVine, which is why those browsers are permitted to watch 4k.
You can't watch UHD content on Edge for Linux, for example, because the necessary DRM isn't implemented.
So does this mean that the DRM is still at least partially implemented in software?
I also seem to remember that Netflix on Windows (don't know about mac) also requires hardware decoding support for HEVC1 (or whatever their codec is). I never got it to work with an intel GPU (8th gen udh630 — supposed to support it) but it worked with an AMD GPU.
Partially, for sure. However, even with hardware support you need some kind of licensed (signed?) binary interface with the DRM hardware to ensure that nobody is decoding a hundred Netflix streams at a time.
I don't know a lot about how everything works below the hood, but you can probably find some of the details on the Microsoft website [0] if you want.
This wasn't my understanding. If the decoding happens in hardware, I wouldn't have expected the decoded video to be passed back to the display server to be sent back again to the GPU and out to the screen.
My understanding was that there was some kind of compositing going on, in hardware, where the display server would tell the GPU to display the output between some coordinates, but the server itself wouldn't know what the actual output would be.
DRM consumes more energy annually than Bitcoin (needs to be fact checked) so breaking it and distributing the decrypted media is a favor to the environment and humanity.
> In the end, I only extracted about half of the RSA key.
Not a cryptographer, but i thought half the rsa key was all you needed with coopersmith's attack.