/widevine

DRM

Primary LanguageGoOpen Software License 3.0OSL-3.0

widevine

Theatricality and deception, powerful agents to the uninitiated. But we are initiated, aren’t we, Bruce?

The Dark Knight Rises (2012)

first Widevine commit was May 21 2022

what is a CDM?

the way it works, is you need a key to decrypt the media. to get that key, you make a request to a license server, and they give you the key back. however the key returned from the license server, is itself encrypted, so before you can use the key, you have to decrypt it. that's what the CDM is for. without the CDM, you cant decrypt the key, and you cant then use the decrypted key to decrypt some media. there's a lot more detail to it, but thats the high level view of whats going on.

where did proto file come from?

https://github.com/rlaphoenix/pywidevine/blob/master/pywidevine/license_protocol.proto

other interesting files:

WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
Widevine_DRM_Architecture_Overview.pdf

https://github.com/github/dmca/blob/master/2020/11/2020-11-09-Google.md

PSSH

https://integration.widevine.com/diagnostics

where to download L3 CDM?

I can't host those here for legal reasons, but you should be able to download them from here or from search

how to dump L3 CDM?

install Android Studio. then create Android virtual device:

abi
x86
api level
24
target
Android 7.0 (Google APIs)

then download Widevine Dumper. Then install:

pip install -r requirements.txt

then download Frida server, example file:

frida-server-15.1.17-android-x86.xz

then start Frida server:

adb root
adb push frida-server-15.1.17-android-x86 /data/frida-server
adb shell chmod +x /data/frida-server
adb shell /data/frida-server

then start Android Chrome and visit Shaka Player. click the green play button. if you receive this prompt:

bitmovin.com wants to play protected content. Your device’s identity will be verified by Google.

click ALLOW. then start dumper:

$env:PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION = 'python'
python dump_keys.py

once you see "Hooks completed", go back to Chrome and click the green play button again. result:

2022-05-21 02:10:52 PM - Helpers.Scanner - 49 - INFO - Key pairs saved at
key_dumps\Android Emulator 5554/private_keys/4464/2770936375