The research was originally done in another forum,extinct now.
There is a portion in the video and audio packets payload that are repeating patterns,and similarly when encrypted.
The whole idea goes around to match this known patterns when brute forced with a control word.
The work has been done 20 years ago,but you can check Colibri's thread about his rainbow tools,and from the beginning it explains a lot of what you would want to know,but is clearly a resource to brute force faster than cudabiss (the original project,still works,by the way).