Folks,
The project that I am working on requires that a certain video can be played on an android device for x number of times. After that, it must stop playing. When a client gets the video file, he or she also gets another file that contains the Android device ID and the number of times the video can be played. The original file and the metadata file are both encrypted.
My first thought is just to write a video decoder for the video file. Each time the file is played, the decoder first checks if Android device and the count are valid, decrements the count, starts decrypting the data and streaming it to the mpeg-4 decoder shipped with the OS.
I would appreciate your feedback on this idea. Please share your thoughts if you feel there is a better way to do it.
One problem I see is where to store the actual count. Storing it in the file itself won't work as the user can simply backup the original file and replace it after the count exceeds. It has to be stored in some other part of the system that cannot be tampered by the end-user.
Thank you in advance for your help.
Regards, Peter
Useless to store it anywhere on the actual device, because anywhere an app can touch a user can as well. Best bet is to use a remote server for authorization, but then you get spoofing problems. But your real goal is to make it a nuisance, not worth going around, instead of making it impossible to crack, because you can't.
Okay, the simplest way would be similar to something you first suggested, and needs no further infrastructure: store the information in a file. This is defeated by reloading the file, as you suggested, but even that is a high enough barrier for some.
Defeat reloading the file via obsfucating where you're storing the information. Possibilities include text files (easy to spot), or perhaps image files (like images that are supposedly button images).
Remember, it only takes 1 guy 1 time to point the playback into a recorder, and you have a perfect, DRM-free copy running around in the wild. Remember that you're simply trying to make it easy enough to view legitimately and difficult enough to crack (take the difference of those) that people won't bother cracking it.