widevine

README

widevine

Theatricality and deception, powerful agents to the uninitiated. But we are initiated, aren’t we, Bruce?

The Dark Knight Rises (2012)

first Widevine commit was May 21 2022

what is a CDM?

the way it works, is you need a key to decrypt the media. to get that key, you make a request to a license server, and they give you the key back. however the key returned from the license server, is itself encrypted, so before you can use the key, you have to decrypt it. that's what the CDM is for. without the CDM, you cant decrypt the key, and you cant then use the decrypted key to decrypt some media. there's a lot more detail to it, but thats the high level view of whats going on.

where did proto file come from?

https://github.com/rlaphoenix/pywidevine/blob/master/pywidevine/license_protocol.proto

other interesting files:

WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
Widevine_DRM_Architecture_Overview.pdf

https://github.com/github/dmca/blob/master/2020/11/2020-11-09-Google.md

PSSH

https://integration.widevine.com/diagnostics

where to download L3 CDM?

I can't host those here for legal reasons, but you should be able to download them from here or from search

how to dump L3 CDM?

install Android Studio. then create Android virtual device:

abi

x86

api level

24

target

Android 7.0 (Google APIs)

then download Widevine Dumper. Then install:

pip install -r requirements.txt

then download Frida server, example file:

frida-server-15.1.17-android-x86.xz

then start Frida server:

adb root
adb push frida-server-15.1.17-android-x86 /data/frida-server
adb shell chmod +x /data/frida-server
adb shell /data/frida-server

then start Android Chrome and visit Shaka Player. click the green play button. if you receive this prompt:

bitmovin.com wants to play protected content. Your device’s identity will be verified by Google.

click ALLOW. then start dumper:

$env:PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION = 'python'
python dump_keys.py

once you see "Hooks completed", go back to Chrome and click the green play button again. result:

2022-05-21 02:10:52 PM - Helpers.Scanner - 49 - INFO - Key pairs saved at
key_dumps\Android Emulator 5554/private_keys/4464/2770936375

Documentation

Index

• type CDM
  • func (c CDM) Key(m *LicenseMessage) ([]byte, bool)
  • func (c *CDM) License(p Poster) (*LicenseMessage, error)
  • func (c *CDM) New(private_key, client_id, key_id []byte) error
• type LicenseMessage
• type Poster

Types

type CDM

type CDM struct {
	// contains filtered or unexported fields
}

wikipedia.org/wiki/Encrypted_Media_Extensions#Content_Decryption_Modules

func (CDM) Key

func (c CDM) Key(m *LicenseMessage) ([]byte, bool)

func (*CDM) License

func (c *CDM) License(p Poster) (*LicenseMessage, error)

func (*CDM) New

func (c *CDM) New(private_key, client_id, key_id []byte) error

2024-3-31: content ID is optional with all servers except Roku. with Roku, you can omit the PSSH completely, since its already embedded in the request URL. however if you do provide a key ID, you also have to provide a one byte content ID. any byte should work, but they use `*` so lets go with that

type LicenseMessage

type LicenseMessage struct {
	// contains filtered or unexported fields
}

type Poster

type Poster interface {
	RequestUrl() (string, bool)
	RequestHeader() (http.Header, error)
	RequestBody([]byte) ([]byte, error)
	ResponseBody([]byte) ([]byte, error)
}