DOCSLIB.ORG

Too Quiet in the Library: an Empirical Study of Security Updates in Android Apps’ Native Code

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Too Quiet in the Library: an Empirical Study of Security Updates in Android Apps’ Native Code Too Quiet in the Library: An Empirical Study of Security Updates in Android Apps’ Native Code Sumaya Almanee? , Arda Unal¨ ? , Mathias Payery , and Joshua Garcia? ? University of California Irvine, fsalmanee, unala, [email protected] y EPFL, [email protected] Abstract—Android apps include third-party native libraries to We argue that security implications in native libraries are increase performance and to reuse functionality. Native code is even more critical for three main reasons. First, app developers directly executed from apps through the Java Native Interface add native libraries but neglect to update them. The reasons for or the Android Native Development Kit. Android developers add precompiled native libraries to their projects, enabling their this may include concerns over regressions arising from such use. Unfortunately, developers often struggle or simply neglect updates, prioritizing new functionality over security, deadline to update these libraries in a timely manner. This results in pressures, or lack of tracking library dependencies and their the continuous use of outdated native libraries with unpatched security patches. This negligence results in outdated or vul- security vulnerabilities years after patches became available. nerable native libraries remaining in new versions of apps. To further understand such phenomena, we study the security Second, native libraries are susceptible to memory vulnerabil- updates in native libraries in the most popular 200 free apps on Google Play from Sept. 2013 to May 2020. A core difficulty ities (e.g., buffer overflow attacks) that are straight-forward to we face in this study is the identification of libraries and their exploit. Third, and contrary to studies from almost 10 years versions. Developers often rename or modify libraries, making ago [11], [44], native libraries are now used pervasively in their identification challenging. We create an approach called mobile apps. To illustrate this point, we analyzed the top 200 LibRARIAN (LibRAry veRsion IdentificAtioN) that accurately apps from Google Play between Sept. 2013 and May 2020. We identifies native libraries and their versions as found in Android apps based on our novel similarity metric bin2sim. LibRARIAN obtained the version histories of these apps from AndroZoo [2] leverages different features extracted from libraries based on totaling 7;678 versions of those 200 top free apps. From these their metadata and identifying strings in read-only sections. apps, we identified 66;684 native libraries in total with an We discovered 53=200 popular apps (26:5%) with vulnerable average of 11 libraries per app and a maximum of 141 for versions with known CVEs between Sept. 2013 and May 2020, one version of Instagram. with 14 of those apps remaining vulnerable. We find that app developers took, on average, 528:71±40:20 days to apply security To better understand the usage of third-party native libraries patches, while library developers release a security patch after in Android apps and its security implications, we conduct 54:59 ± 8:12 days—a 10 times slower rate of update. a longitudinal study to identify vulnerabilities in third-party native libraries and assess the extent to which developers I. INTRODUCTION update such libraries of their apps. In order to achieve this, we make the following research contributions: Third-party libraries are convenient, reusable, and form an • We construct a novel approach, called LibRARIAN integral part of mobile apps. Developers can save time and (LibRAry veRsion IdentificAtioN) that, given an unknown effort by reusing already implemented functionality. Native binary, identifies (i) the library it implements and (ii) its third-party libraries are prevalent in Android applications version. Furthermore, we introduce a new similarity-scoring (“apps”), especially social networking and gaming apps. These mechanism for comparing native binaries called bin2sim, two app categories—ranked among the top categories on which utilizes 6 features that enable LibRARIAN to dis- Google Play—require special functionality such as 3D ren- tinguish between different libraries and their versions. The dering, or audio/video encoding/decoding [14], [26], [40], features cover both metadata and data extracted from the [33], [38]. These tasks tend to be resource-intensive and are, libraries. These features represent elements of a library thus, often handled by native libraries to improve runtime that are likely to change between major, minor, and patch performance. versions of a native library. The ubiquity of third-party libraries in Android apps in- • We conduct a large-scale, longitudinal study that tracks creases the attack surface [35], [39] since host apps expose security vulnerabilities in native libraries used in apps over 7 vulnerabilities propagated from these libraries [20], [37]. An- years. We build a repository of Android apps and their native other series of previous work has studied the outdatedness and libraries with the 200 most popular free apps from Google updateability of third-party Java libraries in Android apps [9], Play totaling 7;678 versions gathered between the dates of [4], with a focus on managed code of such apps (e.g., Java or Sept. 2013 and May 2020. This repository further contains Dalvik code). However, these previous studies do not consider 66;684 native libraries used by these 7;678 versions. native libraries used by Android apps. Prior work [30], [24], [21], [1] has measured the similarity between binaries. However, these approaches identify semantic this section, we describe each of these three major steps of similarities/differences between binaries at the function-level, LibRARIAN. with the goal of identifying malware. LibRARIAN, orthog- onally, is a syntactic-based tool which computes similarity Unknown between two benign binaries (at the file-level) with the goal Lib Versions of identifying library versions with high scalability. Identified LibRAry veRsion Library We utilize LibRARIAN and our repository to study (1) IdentificAtioN (LibRARIAN) Versions LibRARIAN’s accuracy and effectiveness, (2) the prevalence Known Lib of vulnerabilities in native libraries in the top 200 apps, and Versions (3) the rate at which app developers apply patches to address vulnerabilities in native binaries. The major findings of our Fig. 1: LibRARIAN identifies versions of native binaries from study are as follows: Android apps by using our bin2sim similarity-scoring tech- • For our ground truth dataset which contains 46 known nique to compare known (ground-truth dataset) and unknown libraries with 904 versions, LibRARIAN correctly identifies versions of native binaries. 91:15% of those library versions, thus achieving a high identification accuracy. A. Feature Vector Extraction • To study the prevalence of vulnerabilities in the top 200 apps Our binary similarity detection is based on the extraction in Google Play, we use LibRARIAN to examine 53 apps of features from binaries combining both metadata found with vulnerable versions and known CVEs between Sept. in Executable and Linkable Format (ELF) files as well as 2013 and May 2020. 14 of these apps remain vulnerable and identifying features in different binary sections of the library. contain a wide-range of vulnerability types—including de- All shared libraries included in Android apps are compiled into nial of service, memory leaks, null pointer dereferences, or ELF binaries. Like other object files, ELF binaries contain a divide-by-zero errors. We further find that libraries in these symbol table with externally visible identifiers such as function apps, on average, have been outdated for 859:17 ± 137:55 names, global symbols, local symbols, and imported symbols. days. The combination of high severity and long exposure This symbol table is used (1) during loading and linking and of these vulnerabilities results in ample opportunity for (2) by binary analysis tools [16] (e.g., objdump, readelf, attackers to target these highly popular apps. nm, pwntools, or angr [36]) to infer information about the • To determine developer response rate of applying security binary. fixes, we utilize LibRARIAN to analyze 40 apps, focusing To distinguish between different libraries and their versions, on popular third-party libraries (those found in more apps) we need to identify differencing features. To that end, we de- with known CVEs such as FFmpeg, GIFLib, OpenSSL, fine a set of six features inherent to versions and libraries. Five WebP, SQLite3, OpenCV, Jpeg-turbo, Libpng, and XML2, features represent ELF metadata, these features are used to between Sept. 2013 and May 2020. compute the similarity score between two binaries as described We find that app developers took, on average, 528:71±40:20 in Section II-B, hence, we refer to these features as Metadata days to apply security patches, while library developers Features. Orthogonally, we leverage strings extracted from the release a security patch after 54:59±8:12 days—a 10 times .rodata section of an ELF object, which we refer to as Version slower rate of update. These libraries that tend to go for Identification Strings. This feature complements the similarity long periods without being patched affect highly popular score from the first set of features. We either use it to verify apps with billions of downloads and installs. the correctness of the version or as a fallback if the similarity • We make our dataset, analysis platform, and results available to existing binaries in our ground-truth dataset is low (see online to enable reusability, reproducibility, and others to Section II-C). build upon our work [25]. Table I shows the list of all LibRARIAN features. The features include: (i) five Metadata Features based on exported II. LibRARIAN and imported functions, exported and imported globals, and library dependencies; and (ii) one Data Feature which is Figure 1 shows the overall workflow of LibRARIAN. applied as a second factor to either substitute the Metadata LibRARIAN identifies unknown third-party native libraries Features, in case the reported similarity score is low, or to and their versions (Unknown Lib Versions) by (1) extracting confirm the reported score.
Load more

Recommended publications
  • Making Speech Recognition Work on the Web Christopher J. Varenhorst
    Making Speech Recognition Work on the Web by Christopher J. Varenhorst Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Masters of Engineering in Computer Science and Engineering at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY May 2011 c Massachusetts Institute of Technology 2011. All rights reserved. Author.................................................................... Department of Electrical Engineering and Computer Science May 20, 2011 Certified by . James R. Glass Principal Research Scientist Thesis Supervisor Certified by . Scott Cyphers Research Scientist Thesis Supervisor Accepted by . Christopher J. Terman Chairman, Department Committee on Graduate Students Making Speech Recognition Work on the Web by Christopher J. Varenhorst Submitted to the Department of Electrical Engineering and Computer Science on May 20, 2011, in partial fulfillment of the requirements for the degree of Masters of Engineering in Computer Science and Engineering Abstract We present an improved Audio Controller for Web-Accessible Multimodal Interface toolkit { a system that provides a simple way for developers to add speech recognition to web pages. Our improved system offers increased usability and performance for users and greater flexibility for developers. Tests performed showed a %36 increase in recognition response time in the best possible networking conditions. Preliminary tests shows a markedly improved users experience. The new Wowza platform also provides a means of upgrading other Audio Controllers easily. Thesis Supervisor: James R. Glass Title: Principal Research Scientist Thesis Supervisor: Scott Cyphers Title: Research Scientist 2 Contents 1 Introduction and Background 7 1.1 WAMI - Web Accessible Multimodal Toolkit . 8 1.1.1 Existing Java applet . 11 1.2 SALT .
    [Show full text]
  • Ffmpeg Documentation Table of Contents
    ffmpeg Documentation Table of Contents 1 Synopsis 2 Description 3 Detailed description 3.1 Filtering 3.1.1 Simple filtergraphs 3.1.2 Complex filtergraphs 3.2 Stream copy 4 Stream selection 5 Options 5.1 Stream specifiers 5.2 Generic options 5.3 AVOptions 5.4 Main options 5.5 Video Options 5.6 Advanced Video options 5.7 Audio Options 5.8 Advanced Audio options 5.9 Subtitle options 5.10 Advanced Subtitle options 5.11 Advanced options 5.12 Preset files 6 Tips 7 Examples 7.1 Preset files 7.2 Video and Audio grabbing 7.3 X11 grabbing 7.4 Video and Audio file format conversion 8 Syntax 8.1 Quoting and escaping 8.1.1 Examples 8.2 Date 8.3 Time duration 8.3.1 Examples 8.4 Video size 8.5 Video rate 8.6 Ratio 8.7 Color 8.8 Channel Layout 9 Expression Evaluation 10 OpenCL Options 11 Codec Options 12 Decoders 13 Video Decoders 13.1 rawvideo 13.1.1 Options 14 Audio Decoders 14.1 ac3 14.1.1 AC-3 Decoder Options 14.2 ffwavesynth 14.3 libcelt 14.4 libgsm 14.5 libilbc 14.5.1 Options 14.6 libopencore-amrnb 14.7 libopencore-amrwb 14.8 libopus 15 Subtitles Decoders 15.1 dvdsub 15.1.1 Options 15.2 libzvbi-teletext 15.2.1 Options 16 Encoders 17 Audio Encoders 17.1 aac 17.1.1 Options 17.2 ac3 and ac3_fixed 17.2.1 AC-3 Metadata 17.2.1.1 Metadata Control Options 17.2.1.2 Downmix Levels 17.2.1.3 Audio Production Information 17.2.1.4 Other Metadata Options 17.2.2 Extended Bitstream Information 17.2.2.1 Extended Bitstream Information - Part 1 17.2.2.2 Extended Bitstream Information - Part 2 17.2.3 Other AC-3 Encoding Options 17.2.4 Floating-Point-Only AC-3 Encoding
    [Show full text]
  • Ffmpeg Codecs Documentation Table of Contents
    FFmpeg Codecs Documentation Table of Contents 1 Description 2 Codec Options 3 Decoders 4 Video Decoders 4.1 hevc 4.2 rawvideo 4.2.1 Options 5 Audio Decoders 5.1 ac3 5.1.1 AC-3 Decoder Options 5.2 flac 5.2.1 FLAC Decoder options 5.3 ffwavesynth 5.4 libcelt 5.5 libgsm 5.6 libilbc 5.6.1 Options 5.7 libopencore-amrnb 5.8 libopencore-amrwb 5.9 libopus 6 Subtitles Decoders 6.1 dvbsub 6.1.1 Options 6.2 dvdsub 6.2.1 Options 6.3 libzvbi-teletext 6.3.1 Options 7 Encoders 8 Audio Encoders 8.1 aac 8.1.1 Options 8.2 ac3 and ac3_fixed 8.2.1 AC-3 Metadata 8.2.1.1 Metadata Control Options 8.2.1.2 Downmix Levels 8.2.1.3 Audio Production Information 8.2.1.4 Other Metadata Options 8.2.2 Extended Bitstream Information 8.2.2.1 Extended Bitstream Information - Part 1 8.2.2.2 Extended Bitstream Information - Part 2 8.2.3 Other AC-3 Encoding Options 8.2.4 Floating-Point-Only AC-3 Encoding Options 8.3 flac 8.3.1 Options 8.4 opus 8.4.1 Options 8.5 libfdk_aac 8.5.1 Options 8.5.2 Examples 8.6 libmp3lame 8.6.1 Options 8.7 libopencore-amrnb 8.7.1 Options 8.8 libopus 8.8.1 Option Mapping 8.9 libshine 8.9.1 Options 8.10 libtwolame 8.10.1 Options 8.11 libvo-amrwbenc 8.11.1 Options 8.12 libvorbis 8.12.1 Options 8.13 libwavpack 8.13.1 Options 8.14 mjpeg 8.14.1 Options 8.15 wavpack 8.15.1 Options 8.15.1.1 Shared options 8.15.1.2 Private options 9 Video Encoders 9.1 Hap 9.1.1 Options 9.2 jpeg2000 9.2.1 Options 9.3 libkvazaar 9.3.1 Options 9.4 libopenh264 9.4.1 Options 9.5 libtheora 9.5.1 Options 9.5.2 Examples 9.6 libvpx 9.6.1 Options 9.7 libwebp 9.7.1 Pixel Format 9.7.2 Options 9.8 libx264, libx264rgb 9.8.1 Supported Pixel Formats 9.8.2 Options 9.9 libx265 9.9.1 Options 9.10 libxvid 9.10.1 Options 9.11 mpeg2 9.11.1 Options 9.12 png 9.12.1 Private options 9.13 ProRes 9.13.1 Private Options for prores-ks 9.13.2 Speed considerations 9.14 QSV encoders 9.15 snow 9.15.1 Options 9.16 vc2 9.16.1 Options 10 Subtitles Encoders 10.1 dvdsub 10.1.1 Options 11 See Also 12 Authors 1 Description# TOC This document describes the codecs (decoders and encoders) provided by the libavcodec library.
    [Show full text]
  • Ffsake: Further Fluff with Ffmpeg
    ffsake: further fluff with ffmpeg Talking Tech, Spring 2017 2/5/17 Ethan Gates What is ffmpeg? ● Leading open-source framework for processing and manipulating audiovisual material ● Aims to decode, encode, transcode, mux, demux, stream, filter and play “anything that humans and machines have created” ● A combination of tools and libraries ○ ffmpeg - media conversion ○ ffprobe - metadata analysis/extraction ○ ffplay - playback ■ libavutil - various utilities (e.g. math equations) ■ libavcodec - codec library ■ libavformat - format (wrapper/container) library ■ libavdevice - device library (drivers for common/open hardware) ■ libavfilter - filter library ■ libswscale - scaling library ■ libswresample - audio sampling library Who’s using it? ● VLC Media Player ● YouTube ● Media Player Classic ● Chromium/Google Chrome ● Handbrake ● Facebook ● Audacity ● DaVinci Resolve ● DCP-o-matic ● Axle But what can it do? ● Make derivative copies ● Re-wrap files ● Edit files ● Generate checksums ● Create test files/streams ● Extract/insert metadata ● Generate informative (or just plain cool) audio/video effects ● Livestream video/screencapture * Thanks for this slide, Andrew Weaver Installation All about that configuration! $ brew info ffmpeg $ brew install ffmpeg --with-sdl2 --with-freetype --with-openjpeg --with-x265 --with-rubberband --with-tesseract Translation: with ffplay (playback), with added text/titles support, with JPEG 2000 codec, with H.265 (HEVC) codec, with extra audio filters, with OCR support Tasks to Cover I. Making a test file/signal
    [Show full text]
  • VIDEO DIGITIZATION at the AUSTRIAN MEDIATHEK Chives Obtain a Quality Assurance Instrument for the Recording of Their Media
    ARTICLE 8LIIQTPS]QIRXSJWYGLERSRPMRIGIVXM½GEXMSRWIVZMGITVSZMHIWFIRI½XWJSVFSXLTEVXMIWEV- VIDEO DIGITIZATION AT THE AUSTRIAN MEDIATHEK chives obtain a quality assurance instrument for the recording of their media. In the past, sound Herman Lewetz, Austian Mediathek9 carrier owners had to implement quality control by means of a cost-intensive strategy: mul- tiple recording of a single sound medium and time-consuming comparative analysis. The avail- In September 2009 the Austrian Mediathek started a project called “Österreich am Wort“. EFMPMX]SJSFNIGXMZIQIEWYVIQIRXVIWYPXWEPPS[WJSVEHVEWXMGEPP]WMQTPM½IHUYEPMX]QSRMXSVMRK Its goal is to digitize and publish via the web about 10,000 full-length recordings within three years. The misfortune for me personally was that in the proposal for this project someone had For companies or organisations dealing with the process of mass migration of analogue media, claimed 2,000 of these to be video recordings. This meant I had to start what we so far suc- long-term evaluation is an important tool for supporting the continuous internal improve- cessfully had postponed: Video digitization. ment process. For example, slow deterioration over time can be made visible. Besides the cost savings due to precise situation assessment, there is another advantage for service providers: Requirements [LIRYWMRKTPE]FEGOHIZMGIWSJHMJJIVIRXUYEPMX]MXQE]LEZIFIIRHMJ½GYPXXSEVKYIXLILMKLIV costs for recording with high-quality machines to their clients. With the help of the automatic, %WE½VWXWXIT[ISYXPMRIHXLIVIUYMVIQIRXW[IXLSYKLXMQTSVXERXJSVEHMKMXM^EXMSRWGLIQE reference-based analysis, quality differences between average and high-class playback devices that best supported long-term preservation. Unlike audio digitization there is still no widely become easily measurable. By documenting the measurement results, the client can easily see accepted archive format for video.
    [Show full text]
  • A Complete End-To-End Open Source Toolchain for the Versatile Video Coding (VVC) Standard
    A Complete End-To-End Open Source Toolchain for the Versatile Video Coding (VVC) Standard Adam Wieckowski*, Christian Lehmann*, Benjamin Bross*, Detlev Marpe*, Thibaud Biatek+, Mickael Raulet+, Jean Le Feuvre$ *Video Communication and Applications Department, Fraunhofer HHI, Berlin, Germany +ATEME, Vélizy-Villacoublay, France $LTCI, Telecom Paris, Institut Polytechnique de Paris, France {firstname.lastname}@hhi.fraunhofer.de, {t.biatek,m.raulet}@ateme.com, [email protected] ABSTRACT Standard. In Proceedings of the 29th ACM International Conference on Multimedia (MM’21). ACM, Chengdu, China, 4 pages. Versatile Video Coding (VVC) is the most recent international https://doi.org/10.1145/1234567890 video coding standard jointly developed by ITU-T and ISO/IEC, which has been finalized in July 2020. VVC allows for significant bit-rate reductions around 50% for the same subjective video 1 Introduction quality compared to its predecessor, High Efficiency Video In July 2021, the Versatile Video Coding (VVC) standard has Coding (HEVC). One year after finalization, VVC support in been finalized by the Joint Video Experts Team (JVET) of ITU-T devices and chipsets is still under development, which is aligned VCEG and ISO/IEC MPEG [1][2]. VVC was designed with two with the typical development cycles of new video coding main objectives: significant bit-rate reduction over its predecessor standards. This paper presents open-source software packages that High Efficiency Video Coding (HEVC) for the same perceived allow building a complete VVC end-to-end toolchain already one video quality and versatility to facilitate coding and transport for a year after its finalization. This includes the Fraunhofer HHI wide range of applications and content types.
    [Show full text]
  • JPEG 2000 and FFV1
    Campbell1 Savannah Campbell December 16, 2016 Digital Preservation Nicole Martin The Great Video Codec Debate: JPEG 2000 and FFV1 “I think that too much ink is being spilled over the issue of JPEG 2000 vs FFV1” – George Blood1 As analog video formats become increasingly obsolete and magnetic media degrades over time, video tapes will need to undergo digitization so that their content can be preserved. Through this process, the images and sounds encapsulated in the tape’s magnetic particles will be transformed into a series of 0s and 1s: a representation of the video stream that a computer can read and play back. When a cultural heritage institution decides to digitize its video collection for preservation purposes, it becomes necessary for the institution to consider which format should be used for the resulting files. While an uncompressed format would capture all of the data in the video as is, uncompressed encoding results in large files that rapidly fill precious storage space on hard drives and servers. On the other hand, lossy compressed formats like Apple ProRes make digital video files easy to work with in production environments due to their efficient encoding and smaller file sizes, but they compress the image irreversibly—a loss of information that conflicts with the goal of preserving the original content as it was. There is another video codec option for audiovisual archivists: mathematically lossless. With lossless video codecs, the resulting files are still compressed, but in a way that preserves all of the 1 George Blood. Personal interview by Savannah Campbell. 28 Nov. 2016.
    [Show full text]
  • Ffmpeg - the Universal Multimedia Toolkit
    Introduction Resume Resources FFmpeg - the universal multimedia toolkit Appendix Stefano Sabatini mailto:[email protected] Video Vortex #9 Video Vortex #9 - 1 March, 2013 1 / 13 Description Introduction Resume Resources multiplatform software project (Linux, Mac, Windows, Appendix Android, etc...) Comprises several command line tools: ffmpeg, ffplay, ffprobe, ffserver Comprises C libraries to handle multimedia at several levels Free Software / FLOSS: LGPL/GPL 2 / 13 Objective Introduction Resume Provide universal and complete support to multimedia Resources content access and processing. Appendix decoding/encoding muxing/demuxing streaming filtering metadata handling 3 / 13 History Introduction 2000: Fabrice Bellard starts the project with the initial Resume aim to implement an MPEG encoding/decoding library. Resources The resulting project is integrated as multimedia engine Appendix in MPlayer, which also hosts the project. 2003: Fabrice Bellard leaves the project, Michael Niedermayer acts as project maintainer since then. March 2009: release version 0.5, first official release January 2011: a group of discontented developers takes control over the FFmpeg web server and creates an alternative Git repo, a few months later a proper fork is created (Libav). 4 / 13 Development model Source code is handled through Git, tickets (feature requests, bugs) handled by Trac Introduction Resume Patches are discussed and approved on mailing-list, Resources and directly pushed or merged from external repos, Appendix trivial patches or hot fixes can be pushed directly with no review. Every contributor/maintainer reviews patches in his/her own area of expertise/interest, review is done on a best effort basis by a (hopefully) competent developer. Formal releases are delivered every 6 months or so.
    [Show full text]
  • Introduction • the Ffmpeg Family • Other Open-Source Pieces Of
    Open-Source Tools and Resources Summary • introduction • the FFmpeg family Reto Kromer • AV Preservation by reto.ch • other open-source pieces of software conclusion Akademie der bildenden Künste • Medienkunst: Technologie und Erhaltungsstrategien III Wien, 7.–10. Jänner 2020 1 2 CLI and/or GUI MD5 Checksums • command-line interface (CLI) Windows comes with: graphical user interface (GUI) CertUtil • macOS and Linux come with: md5 md5deep shasum 3 4 FFmpeg Components • ffmpeg • libavutil • ffplay • libavcodec FFmpeg • ffprobe • libavformat • libavdevice • libavfilter • libswscale • libswresample 5 6 Data Transformations File Transformations ffmpeg (CLI) ffmpeg.org demultiplex: libavformat ➔ decode: libavcodec FFmpeg Cookbook for Archivists filter: libavfilter ➔ avpres.net/FFmpeg/ encode: libavcodec ffmprovisr multiplex: libavformat ➔ amiaopensource.github.io/ffmprovisr/ 7 8 Metadata Extraction Media Players MediaInfo (GUI, CLI) VLC (GUI) ➔ mediaarea.net/MediaInfo ➔ www.videolan.org/vlc/ ffprobe (CLI) mpv (CLI) ➔ ffmpeg.org ➔ mpv.io ffplay (CLI) ➔ ffmpeg.org 9 10 A Graphical User Interface FFCommand Engine (GUI) ➔ github.com/ColorlabMD/FFCommand_Engine Other Software 11 12 The Missing Piece of Software avantages disavantages RAWcooked (CLI) TIFF data easier ➔ mediaarea.net/RAWcooked DPX bigger files OpenEXR to process JPEG 2000 data complexer FFV1 smaller files to process 13 14 RAWcooked Quality Control • encoding into Matroska (.mkv) using FFV1 QCTools (GUI), qcli (CLI) video codec and FLAC audio codec ➔ bavc.org/preserve-media/preservation-tools
    [Show full text]
  • Video Quality Measurement for 3G Handset
    University of Plymouth PEARL https://pearl.plymouth.ac.uk 04 University of Plymouth Research Theses 01 Research Theses Main Collection 2007 Video Quality Measurement for 3G Handset Zeeshan http://hdl.handle.net/10026.2/509 University of Plymouth All content in PEARL is protected by copyright law. Author manuscripts are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author. Video Quality Measurement for 3G Handset by Zeeshan Dissertation submitted in partial fulfilment of the requirements for the award of Master of Research in Communications Engineering and Signal Processing in School of Computing, Communication and Electronics University of Plymouth January 2007 Supervisors Professor Emmanuel C. Ifeachor Dr. Lingfen Sun Mr. Zhuoqun Li © Zeeshan 2007 University of Plymouth Library Item no. „ . ^ „ Declaration This is to certify that the candidate, Mr. Zeeshan, carried out the work submitted herewith Candidate's Signature: Mr. Zeeshan KJ(. 'X&_.XJ<t^ Date: 25/01/2007 Supervisor's Signature: Dr. Lingfen Sun /^i^-^^^^f^ » P^^^. 25/01/2007 Second Supervisor's Signature: Mr. Zhuoqun Li / Date: 25/01/2007 Copyright & Legal Notice This copy of the dissertation has been supplied on the condition that anyone who consults it is understood to recognize that its copyright rests with its author and that no part of this dissertation and information derived from it may be published without the author's prior written consent.
    [Show full text]
  • Scape D10.1 Keeps V1.0
    Identification and selection of large‐scale migration tools and services Authors Rui Castro, Luís Faria (KEEP Solutions), Christoph Becker, Markus Hamm (Vienna University of Technology) June 2011 This work was partially supported by the SCAPE Project. The SCAPE project is co-funded by the European Union under FP7 ICT-2009.4.1 (Grant Agreement number 270137). This work is licensed under a CC-BY-SA International License Table of Contents 1 Introduction 1 1.1 Scope of this document 1 2 Related work 2 2.1 Preservation action tools 3 2.1.1 PLANETS 3 2.1.2 RODA 5 2.1.3 CRiB 6 2.2 Software quality models 6 2.2.1 ISO standard 25010 7 2.2.2 Decision criteria in digital preservation 7 3 Criteria for evaluating action tools 9 3.1 Functional suitability 10 3.2 Performance efficiency 11 3.3 Compatibility 11 3.4 Usability 11 3.5 Reliability 12 3.6 Security 12 3.7 Maintainability 13 3.8 Portability 13 4 Methodology 14 4.1 Analysis of requirements 14 4.2 Definition of the evaluation framework 14 4.3 Identification, evaluation and selection of action tools 14 5 Analysis of requirements 15 5.1 Requirements for the SCAPE platform 16 5.2 Requirements of the testbed scenarios 16 5.2.1 Scenario 1: Normalize document formats contained in the web archive 16 5.2.2 Scenario 2: Deep characterisation of huge media files 17 v 5.2.3 Scenario 3: Migrate digitised TIFFs to JPEG2000 17 5.2.4 Scenario 4: Migrate archive to new archiving system? 17 5.2.5 Scenario 5: RAW to NEXUS migration 18 6 Evaluation framework 18 6.1 Suitability for testbeds 19 6.2 Suitability for platform 19 6.3 Technical instalability 20 6.4 Legal constrains 20 6.5 Summary 20 7 Results 21 7.1 Identification of candidate tools 21 7.2 Evaluation and selection of tools 22 8 Conclusions 24 9 References 25 10 Appendix 28 10.1 List of identified action tools 28 vi 1 Introduction A preservation action is a concrete action, usually implemented by a software tool, that is performed on digital content in order to achieve some preservation goal.
    [Show full text]
  • Cannot Find Codec Libx264 in Libavcodec
    Cannot find codec libx264 in libavcodec -ovc lavc -lavcopts vcodec=libx (I also tried with libxvid). It spat out this error at the end: Code: Cannot find codec 'libxvid' in libavcodec. [SOLVED] unsuported codecs in kdenlive. configure --enable-gpl --enable-libx and you need recent x (maverick) this codec is provided by package libavcodec-extra Cannot find codec 'libx' in libavcodec Couldn't open video filter 'lavc'. Failed to open the encoder. libx is right in the man page under. I didnt get how to "install" the x codec on windows so i can use ffmpeg to hmm - but i cant load the h codec - the avcodec_open function failed! as . double videoPTS; // init libavcodec, register all codecs and formats. Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family Cannot find codec 'h' in libavcodec VDecoder init failed:(Opening. I installed the x codec thus: Code: root@a:/home/g/dnlds# whereis decoder: [ffmpeg] FFmpeg/libavcodec audio decoders AUDIO: [Log in to get rid of this advertisement] Quality, I get error message that codecs libx and libmp3lame are missing. 0 libavcodec MOV track #0: chunks, samples MOV: AVC decoder configuration Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family Forced video codec: vssh Cannot find codec matching selected -vo. I've successfully compiled: x codec, libavcodec with x support enabled, -vf scale= Cannot find codec 'x' in libavcodec. In general, codecs are utilized by multimedia applications to encode or decode audio or video GStreamer; xine; libavcodec. [audio options] [output] ffmpeg [input] -vcodec libx -vpre medium -b k. sudo apt-get install libavcodec-extra libavdevice-extra To get even more codec support you can enable the Medibuntu repository.
    [Show full text]