PallyCon Anti-Capture Guide
PallyCon Anti-Capture is a product that can monitor recording programs when playing Widevine DRM video in Windows Chrome browser.
This document explains how to download and install the Anti-Capture product, explains the process and how to apply it to the player.
Secure Video Watch extension: Chrome browser extension (installed from Chrome Web Store)
Secure Video Watch Service: Windows service based application
On the web page, the
SecureVideoWatch.js API sends a message to the extension and the Windows service application installed on the PC. The service application returns the results to the extension in the requested message, and the extension returns the results back to the web page.
For example, if you send a message such as whether anti-capture is installed, monitoring start / stop, etc., the anti-capture program will receive the message through the extension and return the result.
Client environment required to apply PallyCon Anti Capture is as follows.
Windows 7, Windows 8.1, Windows 10
Chrome browser version 79 and later (latest version as of December 2019)
The relevant program must be installed on the client system as follows:
Chrome extension: Go to the Chrome Web Store and install the Secure Video Watch extension on a Chrome browser.
Service Application: Download and install SecureVideoWatchService_Setup.exe.
Anti-Capture Monitoring Process
When you play an HTML5 video with Anti Capture in the above client environment, the following process is repeated continuously to monitor the screen recording.
The player playing the content calls the SecureVideoWatch.js API to send a message to the extension.
The message is received by the Native Message Host and delivered to the
Secure Video Watchservice installed on your PC.
Secure Video Watchservice receives the message and returns the monitored result.
The native message host that receives the result passes it to the extension and raises an event if there is an issue.
PallyCon Anti-Capture product provides the following test samples. You can use the samples to understand the anti-capture feature and refer to it when developing the actual service.
Library for sending and receiving messages with Chrome extensions - SecureVideoWatch.js
Library for playing DRM DASH contents - video.js, dash.all.min.js, videojs-dash.js
Other libraries applied to the page - bootstrap.min.css, jquery.js, style.css, video-js.css
Preparing Test Environment
Node.js can be used to test
PallyCon Anti-Capture locally.
Download and install Node.js.
Open a terminal, go to the deployed
samplefolder and execute the
npm installcommand. - Modules to run the sample are downloaded and installed.
When the download is complete, execute the
node appcommand. (See picture below) - If no module is found, install it by running
npm install module name. - After installation is complete, run the
In your browser, call the URL
Applying to Your Website
To apply PallyCon Anti-Capture to a website other than PallyCon’s demo page or a local environment, the domain must first be registered in the PallyCon anti-capture chrome extension.
If you want to use PallyCon Anti-Capture product, please provide your domain to register through a separate contact.
You must use an https URL for your player webpage instead of http. (Requires SSL / TSL application)
SecureVideoWatch.js API delivers messages to
Secure Video Watch service installed on your PC through Chrome extensions. When the result is returned, the extension will again accept
SecureVideoWatch.js and process it.
The step-by-step API shown below must be applied to the webpage from staging content to end playback.
|1. Load Page||CheckInstall||When the page loads, check to see if AntiCapture is installed.|
|2. Prepare to play||ActivateAntiCapture||Activate the anti-capture program installed before starting video playback.|
|3. Start playing||StartMonitoring||Monitoring starts when the video is played.
|4. After playback ends||StopMonitoring||Monitoring stops when video playback is completed / stopped.|
|5. Deactivate||DeactivateAntiCapture||If there is no longer content playback, deactivate the monitoring with the DeactivateAntiCapture API.|
|CheckInstall||Check the extension to see if Anti-Capture is installed on your PC. If NOK, you need to disable video playback and install anti-capture program.|
|ActivateAntiCapture||Enables monitoring of anti-capture services installed on your PC through the extension.|
|DeactivateAntiCapture||Deactivates the monitoring of anti-capture services installed on your PC through the extension.|
|CheckCaptureStatus||Anticapture program checks the monitored information and returns the result.|
|SetMonitoringInterval||Change the monitoring interval of the Anti-Capture service. A cycle of 5 seconds or less is not recommended for heavy use of system resources.|
|StartMonitoring||CheckCaptureStatus API is called every 5 seconds to continuously check monitoring information. If you call StartMonitoring without calling ActivateAntiCapture, an error occurs.|
|StopMonitoring||Stops calling the CheckCaptureStatus API. Calling DeactivateAntiCapture before calling StopMonitoring results in an error.|
This is an example of applying
SecureVideoWatch.js to the
Countermeasures against Issues
Various Recording Programs
PC Screen Recorders
There are many recording programs, and new ones are coming out. In addition, client games or related programs may support recording.
For example, if you install Windows native XBox client, Steam program, NVIDIA / AMD driver, etc., the recording program will be installed together. In this case, the recording program or the related service should be terminated.
There are many Chrome extensions support recording. If these extensions are installed in Chrome, the anticapture program will raise an event.
Even if the user doesn’t record, if the screen capture extension is installed, the anti-capture program will trigger the event, so you can delete or disable the extension.
Please report to us if you find a new recording program or if there is a recording program that is not registered in Anti-Capture program during the test.
Web applications have many security vulnerabilities due to code exposure and debugging. Therefore, once development is complete, basic protection is required by obfuscating code, and it is recommended to obfuscate files that call PallyConLib.js API.