I got a comment from HorribleSubs, which mentions that Crunchyroll has finally wised up and no longer decrypts the whole subtitle file in memory. The player decrypts the subtitles line by line (or something like that) from a complete copy of the encrypted subtitle file. Therefore, the method I describe earlier, memory dumping, won’t work because the subtitle file is never fully decrypted in memory.
The fact that the encrypted subtitle file sits in memory is interesting, because it means that the subtitle file can STILL be dumped immediately — with a hacked player. You would need to know ActionScript 3, decompile the SWF file, then insert your own function that uses their decrypter to dump the entire encrypted subtitle file. This might be a gross simplification, but the general idea is correct.
I’m just wondering how much time it’s going to be before Crunchyroll starts streaming the subtitles. Then, the subtitle file will have to be dumped realtime, which is a pain in the butt. They might even strip out the timestamps if they stream the subtitles.
Too bad I don’t have any more time to play around with CR’s media player. Work, panel, college, etc…
Tags: crunchyroll, hacking, lame stuff, reverse engineering, stupididity
28 February 2009 at 3:03 pm
[...] Dumping 101, by popular demand By 静か 28 Feb 2009 edit: This post is outdated. See update to post here. [...]
8 March 2009 at 3:22 pm
Aww…After I just found this site, hoping to rip the subs…Oh well…I hope you tinker with CR when you have the chance!
1 April 2009 at 1:26 pm
ironically this has turned from anime-blog –> reversing blog
don’t go the dark side, watch hayate!
20 May 2009 at 10:43 pm
would love possibly see an update to this now that your spring semester is over
25 May 2009 at 8:26 am
waiting for update)))
28 September 2009 at 4:41 am
I can easily see this turning into an arms race, with fans trying to download and watch anime at their leisure and CR trying to prevent them.
Historically, CR is on the losing side because eventually their content has to be displayed in plaintext, at some point in time or another. Creative and technical people take advantage of this and find a way to dump the content. (That’s why Hollywood is preventing hardware manufacturers from including an analog port in new players.)
The only way CR would succeed in this is by keeping their fanbase small enough that their demand doesn’t attract the attention of people capable of this type of work yet large enough to turn a profit.
Either way, I’m sure someone’s going to RE their player, find the functions that display the content, and insert functions that dump the subtitles and the timestamps.
Then I’m sure CR will take steps to authenticate the player to make sure they haven’t been hacked, then someone’s going to find a way around that, and the wheel keeps on turning.
At a certain point, CR has to realize DRM is only effective in stopping casual users. The people who are determined to get the content will eventually get it. If they try to tighten their DRM to stop the last 10%, they’ll just end up pissing off their entire fanbase. This isn’t a war they can win.