jordicenzano/generate-fairplay.sh

## generate-fairplay.sh
#Generate fairplay file with random generated Key, IV.
#And generate also a trobleshooting chunklist bypassing fairplay server and providing the plain key for testing

#Source data
SOURCE="/Users/jcenzano/Movies/test10m_baseline_30_320x240_a25fpsB.mp4"

#Dest data
DEST="/Users/jcenzano/Movies/hls-encrypted/result-fairplay"
KEYS_DIR="keys"
KEY_IV_FILENAME="key-iv.bin"
DEST_KEY_IV_PATHFILE="$DEST/$KEYS_DIR/$KEY_IV_FILENAME"
KEY_FILENAME="key.bin"
DEST_KEY_PATHFILE="$DEST/$KEYS_DIR/$KEY_FILENAME"

INDEX_FILENAME="index.m3u8"
INDEX_LOCAL_FILENAME="index_local.m3u8"

#Ensure dest directories exists
mkdir -p "$DEST/$KEYS_DIR"

#Keys URL in the index file
#FOR A REAL FAIRPLAY THIS SHOULD LOOK LIKE: skd://server.com/keys/abc/mykeys/KEY_FILENAME
BASE_KEYS_URL="/$KEYS_DIR"
KEY_FILE_URL="$BASE_KEYS_URL/$KEY_FILENAME"

#Generate random key + IV file
head -c 32 </dev/urandom > $DEST_KEY_IV_PATHFILE

#Create the key file
head -c 16 < $DEST_KEY_IV_PATHFILE > $DEST_KEY_PATHFILE

#Encrypt stream with fairplay settings
mediafilesegmenter -file-base "$DEST" -index-file $INDEX_FILENAME -stream-encrypt -encrypt-key-file "$DEST_KEY_IV_PATHFILE" -encrypt-key-url "$KEY_FILE_URL" -streaming-key-delivery $SOURCE

#Show Key
USED_KEY=$(head -c 16 $DEST_KEY_IV_PATHFILE | xxd -p)
echo "The key used is: 0x$USED_KEY"

#Show IV
USED_IV=$(tail -c 16 $DEST_KEY_IV_PATHFILE | xxd -p)
echo "The IV used is: 0x$USED_IV"

#To play this content locally follow this instructions: https://developer.apple.com/library/content/technotes/tn2454/_index.html
#Basically in the chunklist:
#1- Replace KEYFORMAT="com.apple.streamingkeydelivery" -> KEYFORMAT="identity"
#2- Replace KEYFORMATVERSIONS="1" -> IV=0xbcfb50eadcc9a24a64ab511c0c47dcdd (The IV used)

INDEX_LOCAL_PATHFILE="$DEST/$INDEX_LOCAL_FILENAME"
cp "$DEST/$INDEX_FILENAME" $INDEX_LOCAL_PATHFILE

#EXPERIMENTAL (create the encrypted chunklist serving the AES plane key, bypassing Fairplay server)
sed -i '' 's/KEYFORMAT="com.apple.streamingkeydelivery"/KEYFORMAT="identity"/g' $INDEX_LOCAL_PATHFILE
sed -i '' "s/KEYFORMATVERSIONS=\"1\"/IV=0x$USED_IV/g" $INDEX_LOCAL_PATHFILE
	#Generate fairplay file with random generated Key, IV.
	#And generate also a trobleshooting chunklist bypassing fairplay server and providing the plain key for testing

	#Source data
	SOURCE="/Users/jcenzano/Movies/test10m_baseline_30_320x240_a25fpsB.mp4"

	#Dest data
	DEST="/Users/jcenzano/Movies/hls-encrypted/result-fairplay"
	KEYS_DIR="keys"
	KEY_IV_FILENAME="key-iv.bin"
	DEST_KEY_IV_PATHFILE="$DEST/$KEYS_DIR/$KEY_IV_FILENAME"
	KEY_FILENAME="key.bin"
	DEST_KEY_PATHFILE="$DEST/$KEYS_DIR/$KEY_FILENAME"

	INDEX_FILENAME="index.m3u8"
	INDEX_LOCAL_FILENAME="index_local.m3u8"

	#Ensure dest directories exists
	mkdir -p "$DEST/$KEYS_DIR"

	#Keys URL in the index file
	#FOR A REAL FAIRPLAY THIS SHOULD LOOK LIKE: skd://server.com/keys/abc/mykeys/KEY_FILENAME
	BASE_KEYS_URL="/$KEYS_DIR"
	KEY_FILE_URL="$BASE_KEYS_URL/$KEY_FILENAME"

	#Generate random key + IV file
	head -c 32 </dev/urandom > $DEST_KEY_IV_PATHFILE

	#Create the key file
	head -c 16 < $DEST_KEY_IV_PATHFILE > $DEST_KEY_PATHFILE

	#Encrypt stream with fairplay settings
	mediafilesegmenter -file-base "$DEST" -index-file $INDEX_FILENAME -stream-encrypt -encrypt-key-file "$DEST_KEY_IV_PATHFILE" -encrypt-key-url "$KEY_FILE_URL" -streaming-key-delivery $SOURCE

	#Show Key
	USED_KEY=$(head -c 16 $DEST_KEY_IV_PATHFILE \| xxd -p)
	echo "The key used is: 0x$USED_KEY"

	#Show IV
	USED_IV=$(tail -c 16 $DEST_KEY_IV_PATHFILE \| xxd -p)
	echo "The IV used is: 0x$USED_IV"

	#To play this content locally follow this instructions: https://developer.apple.com/library/content/technotes/tn2454/_index.html
	#Basically in the chunklist:
	#1- Replace KEYFORMAT="com.apple.streamingkeydelivery" -> KEYFORMAT="identity"
	#2- Replace KEYFORMATVERSIONS="1" -> IV=0xbcfb50eadcc9a24a64ab511c0c47dcdd (The IV used)

	INDEX_LOCAL_PATHFILE="$DEST/$INDEX_LOCAL_FILENAME"
	cp "$DEST/$INDEX_FILENAME" $INDEX_LOCAL_PATHFILE

	#EXPERIMENTAL (create the encrypted chunklist serving the AES plane key, bypassing Fairplay server)
	sed -i '' 's/KEYFORMAT="com.apple.streamingkeydelivery"/KEYFORMAT="identity"/g' $INDEX_LOCAL_PATHFILE
	sed -i '' "s/KEYFORMATVERSIONS=\"1\"/IV=0x$USED_IV/g" $INDEX_LOCAL_PATHFILE