MP4$Video$Authen/caon$Using$...

15
MP4 Video Authen/ca/on Using File Structure and Metadata Jake Hall

Transcript of MP4$Video$Authen/caon$Using$...

Page 1: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

MP4  Video  Authen/ca/on  Using  File  Structure  and  Metadata      

Jake  Hall  

Page 2: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

MP4/3GP  Video  

•  Video  Coding  Formats  – H.264  – MPEG-­‐4  Part  10  – Advanced  Video  Coding  (AVC)  

•  File  Container  Format  – MP4  – 3GP,  3G2  

Page 3: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Movie  Atoms  

•  QuickTime  File  Format  Specifica/on  •  Allow  the  media  and  the  descrip/on  to  be  stored  separately    

•  Size  >  Type  >  Data  •  Parent  /  Child  Nes/ng  Conven/on  

Page 4: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Original  Go  Pro  Hero  3+  Black  

Page 5: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Parsing    

•  4  bytes  @  0x00  –  size  of  atom  –  32  bytes  •  4  bytes  @  0x04  –  type  of  atom  –  ^yp  

•  File  Type  Compa/bility  

Page 6: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Parsing  

•  4  bytes  @  0x20  –  size  of  atom  –  22742  bytes  •  4  bytes  @  0x24  –  type  of  atom  –  moov  •  4  bytes  @  0x28  –  size  of  atom  –  108  bytes  •  4  bytes  @  0x2C  –  type  of  atom  –  mvhd  –  Movie  Header  Atom  

Page 7: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

   ^yp  @  0x00  moov  @  0x20  •  mvhd  @  0x28  •  udta  @  0x94  

•  FIRM  @  0x9C  •  LENS  @  0xB0  •  CAME  @  0xE8  •  SETT  @  0x100  •  AMBA  @  0x110  •  free  @  0x190  

•  trak  @  0x214  •  tkhd  @  0x21C  •  tref  @  0x278  

•  tmcd  @  0x280  •  edts  @  0x28C  

•  elst  @  0x294  •  mdia  @  0x2B0  

•  mdhd  @  0x2B8  •  …  

71  atoms  in  total  

Page 8: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Using  Atomic  Parsley  to  Render  Original  Go  Pro  

Page 9: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Examples  of  Unique  Atom  Data  

Page 10: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Adobe  Premiere  Structure  Change  

Page 11: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Original  vs.  Premiere  

Page 12: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

ffmpeg  Structure  Change  

Page 13: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Original  vs.  ffmpeg  

Page 14: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Comparison  With  Other  Devices  Panasonic  Lumix                DMC  TS-­‐5   LG  G3  

Samsung    Galaxy  S5  

Samsung    Galaxy  S4  

Samsung    Galaxy  S3  

Page 15: MP4$Video$Authen/caon$Using$ …old.dfrws.org/2015/proceedings/presentations/DFRWS2015-pres6.pdfMP4$Video$Authen/caon$Using$ File$Structure$and$Metadata$ $$ Jake$Hall$ MP4/3GP$Video$

Notes  

•  Forensic  Analysis  of  Video  File  Formats  by  Gloe,  Fischer,  Kirchner  – hkp://dx.doi.org/10.1016/j.diin.2014.03.009  

•  QuickTime  File  Format  Specifica/on  – hkp://developer.apple.com/library/mac/documenta/on/QuickTime/QTFF/qnf.pdf  

•  Atomic  Parsley  – hkp://github.com/wez/atomicparsley  


Hermes jms ibmmq-ssl-channel-release2-with-mutual-authen

Hermes jms ibmmq-ssl-channel-release2-with-mutual-authen

manuale mp4

manuale mp4

Mclaren MP4-12C

Mclaren MP4-12C

MERCEDES - AutoComp · suitable for mercedes actros iv series mp4/400 higher mp4/415 mp4/400ws higher mp4/425 lower mp4/425ws lower 4 suitable formercedes acedes actros iv series

MERCEDES - AutoComp · suitable for mercedes actros iv series mp4/400 higher mp4/415 mp4/400ws higher mp4/425 lower mp4/425ws lower 4 suitable formercedes acedes actros iv series

คู่มือติดตั้ง authen-centos

คู่มือติดตั้ง authen-centos

Stage Piano MP4 - KAWAI5 WELCOME TO THE MP4 Thank you for purchasing the KAWAI MP4. The MP4 Stage Piano features 64 Internal Sounds of the highest quality. The MP4 can also be used

Stage Piano MP4 - KAWAI5 WELCOME TO THE MP4 Thank you for purchasing the KAWAI MP4. The MP4 Stage Piano features 64 Internal Sounds of the highest quality. The MP4 can also be used

MP4 - Nossent

MP4 - Nossent

Triptico Mp4

Triptico Mp4

Authen-Tic · 2021. 1. 18. · Le projet Authen-TIC, en bref: Authen-TIC est un projet ayant été mené à l’école Marie-Renouard, s’adressant aux 156 jeunes de 3e à 6e année.

Authen-Tic · 2021. 1. 18. · Le projet Authen-TIC, en bref: Authen-TIC est un projet ayant été mené à l’école Marie-Renouard, s’adressant aux 156 jeunes de 3e à 6e année.

Manual ( MP4 )

Manual ( MP4 )

CaON (Converged and Optical Networks)

CaON (Converged and Optical Networks)

CAON ELECTRIC INSTALLATION Co. Ltd - … CAON-ENVERTEC.pdf · requisitos para la fabricación y servicio, diseño y desarrollo de aisladores de silicona, núcleos de resina epoxy,

CAON ELECTRIC INSTALLATION Co. Ltd - … CAON-ENVERTEC.pdf · requisitos para la fabricación y servicio, diseño y desarrollo de aisladores de silicona, núcleos de resina epoxy,

Mp4 Manual

Mp4 Manual

NEW ITEM ON STOCK - j4europe MP4-405.pdf · ON STOCK QTC MP4/405 rear mudguard rear RH LH MERCEDES INS/400 MERCEDES ACTROS MP4 NEW ITEM ON STOCK MP4/440 68x17x6 0,3 kg MP4/444 68x23x6

NEW ITEM ON STOCK - j4europe MP4-405.pdf · ON STOCK QTC MP4/405 rear mudguard rear RH LH MERCEDES INS/400 MERCEDES ACTROS MP4 NEW ITEM ON STOCK MP4/440 68x17x6 0,3 kg MP4/444 68x23x6

Passwords*are** forChumps - SplunkConf · Limitaons*of* SplunkSSO 8! Single*Sign*On*depends*on*an*external*proxy*thatwill*handle*the* authen[caon*piece,*and*then*pass*the*username*in*an*HTTP*

Passwords*are** forChumps - SplunkConf · Limitaons*of* SplunkSSO 8! Single*Sign*On*depends*on*an*external*proxy*thatwill*handle*the* authen[caon*piece,*and*then*pass*the*username*in*an*HTTP*

Mod9 jan2014 mp4

Mod9 jan2014 mp4

MP4-Player Bedienungsanleitung - Download Centerproduktinfo.conrad.de/datenblaetter/325000-349999/343304...MP4-Player Bedienungsanleitung MP4-Player_3.qxp:BDA_MP4-Player 02.10.2007

MP4-Player Bedienungsanleitung - Download Centerproduktinfo.conrad.de/datenblaetter/325000-349999/343304...MP4-Player Bedienungsanleitung MP4-Player_3.qxp:BDA_MP4-Player 02.10.2007

CAON Standardization Activities

CAON Standardization Activities

Manual Lg Mp4

Manual Lg Mp4

smil authen

smil authen