From 5f4358573fb9436aa1278c8100704d8098b63987 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?netop=3A//=E3=82=A6=E3=82=A8=E3=83=8F?= <1288356+NetOperatorWibby@users.noreply.github.com> Date: Tue, 20 Oct 2020 12:10:17 -0500 Subject: [PATCH 1/4] Proofreading and copy edits --- README.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a2727be..e09d176 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,33 @@ # Widevine L3 Decryptor -[Widevine](https://www.widevine.com/solutions/widevine-drm) is a Google-Owned DRM system that's in use by many popular streaming services (Netflix, Spotify, ...) to protect media contnet from being downloaded. +[Widevine](https://www.widevine.com/solutions/widevine-drm) is a Google-owned DRM system that's in use by many popular streaming services (Netflix, Spotify, &c) to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable. -This Chrome extension demonstates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics/) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM. +This Chrome extension demonstates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM. ## Usage -To see this concept in action, just load the extnesion in developer mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm. +To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm. -Keys will be logged in plaintext to the javascript console: +Keys will be logged in plaintext to the javascript console. -`WidevineDecryptor: Found key: 100b6c20940f779a4589152b57d2dacb (KID=eb676abbcb345e96bbcf616630f1a3da) -` +e.g: + +``` +WidevineDecryptor: Found key: 100b6c20940f779a4589152b57d2dacb (KID=eb676abbcb345e96bbcf616630f1a3da) +``` Decrypting the media itself is then just a matter of using a tool that can decrypt MPEG-CENC streams, like `ffmpeg`. e.g: -`ffmpeg -decryption_key 100b6c20940f779a4589152b57d2dacb -i encrypted_media.mp4 -codec copy decrypted_media.mp4` +``` +ffmpeg -decryption_key 100b6c20940f779a4589152b57d2dacb -i encrypted_media.mp4 -codec copy decrypted_media.mp4 +``` ## How In the context of browsers the actual decryption of the media is usually done inside a proprietary binary (`widevinecdm.dll`, known as the Content Decryption Module or CDM) only after receiving the license from a license server with an encrypted key in it. -This binary is usually heavily obfuscated and makes use of third-party solutions that claim to offer software "protection" such as [Arxan](https://digital.ai/application-protection) or [Whitecryption](https://www.intertrust.com/products/application-shielding/). +This binary is usually heavily obfuscated and makes use of third-party solutions that claim to offer software "protection" such as [Arxan](https://digital.ai/application-protection) or [Whitecryption](https://www.intertrust.com/products/application-shielding). Some reversing job on that binary can then be done to extract the secret keys and mimic the key decryption algorithm from the license response. @@ -30,5 +35,4 @@ Some reversing job on that binary can then be done to extract the secret keys an This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless. ## Legal Desclaimer -This is for educational purposes only. Downloading copyrighted matirials from streaming services may violate their Terms Of Service. Use at your own risk. - +This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. **Use at your own risk.** From 1b0b723dfcaa0f05006d005dbf81fb2a75363971 Mon Sep 17 00:00:00 2001 From: Tomer <11458759+tomer8007@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:04:03 +0300 Subject: [PATCH 2/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e09d176..743deed 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Widevine L3 Decryptor -[Widevine](https://www.widevine.com/solutions/widevine-drm) is a Google-owned DRM system that's in use by many popular streaming services (Netflix, Spotify, &c) to prevent media content from being downloaded. +[Widevine](https://www.widevine.com/solutions/widevine-drm) is a Google-owned DRM system that's in use by many popular streaming services (Netflix, Spotify, etc.) to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable. From 5e7873e893dc5d428d5fecf3dde4994ee83c96a2 Mon Sep 17 00:00:00 2001 From: Tomer <11458759+tomer8007@users.noreply.github.com> Date: Tue, 20 Oct 2020 22:20:00 +0300 Subject: [PATCH 3/4] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 743deed..0682f6c 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ e.g: ``` ffmpeg -decryption_key 100b6c20940f779a4589152b57d2dacb -i encrypted_media.mp4 -codec copy decrypted_media.mp4 ``` +*NOTE*: The extension currently supports Windows only. ## How In the context of browsers the actual decryption of the media is usually done inside a proprietary binary (`widevinecdm.dll`, known as the Content Decryption Module or CDM) only after receiving the license from a license server with an encrypted key in it. From cfa841ad647a0725a325ad7f56c9fe0e09e214cf Mon Sep 17 00:00:00 2001 From: Tomer <11458759+tomer8007@users.noreply.github.com> Date: Tue, 20 Oct 2020 22:22:02 +0300 Subject: [PATCH 4/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0682f6c..0817291 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ e.g: ``` ffmpeg -decryption_key 100b6c20940f779a4589152b57d2dacb -i encrypted_media.mp4 -codec copy decrypted_media.mp4 ``` -*NOTE*: The extension currently supports Windows only. +*NOTE*: The extension currently supports the Windows platform only. ## How In the context of browsers the actual decryption of the media is usually done inside a proprietary binary (`widevinecdm.dll`, known as the Content Decryption Module or CDM) only after receiving the license from a license server with an encrypted key in it.