As of last night or so, the Beeb are now using a slightly different XOR scheme to encrypt programmes. The offsets and the pattern are different.
I did a bit of experimentation before breakfast this morning by writing a simple program to parse the individual atoms in the QuickTime file.
The analyser is in my iplayer-dl subversion repository, as
svn co http://paulbattley.googlecode.com/svn/iplayer-dl
I haven’t yet cracked all the details, but I think I can determine the key fairly reliably by doing the following:
- Find the first atom with a non-ASCII name
- Take the two bytes after the name: these are the key
XORing the name seems to yield an atom of
some files. It’s similar to the expected
moov, but I’m
not sure of the significance.
In addition, the length of encrypted atoms is wrong. There may be a simple transform to correct these, but XOR doesn’t seem to be it.
Still, I think we’re close to finding, as Irregular Shed put it, the ‘flowerpot that the key is left underneath.’