widevine
Theatricality and deception, powerful agents to the uninitiated. But we are
initiated, aren’t we, Bruce?
The Dark Knight Rises (2012)
first Widevine commit was
May 21 2022
what is a CDM?
the way it works, is you need a key to decrypt the media. to get that key, you
make a request to a license server, and they give you the key back. however the
key returned from the license server, is itself encrypted, so before you can
use the key, you have to decrypt it. that's what the CDM is for. without the
CDM, you cant decrypt the key, and you cant then use the decrypted key to
decrypt some media. there's a lot more detail to it, but thats the high
level view of whats going on.
where did proto file come from?
https://github.com/rlaphoenix/pywidevine/blob/master/pywidevine/license_protocol.proto
other interesting files:
WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
Widevine_DRM_Architecture_Overview.pdf
https://github.com/github/dmca/blob/master/2020/11/2020-11-09-Google.md
PSSH
https://integration.widevine.com/diagnostics
where to download L3 CDM?
I can't host those here for legal reasons, but you should be able to download
them from here or
from search
how to dump L3 CDM?
install Android Studio. then create Android virtual device:
- abi
- x86
- api level
- 24
- target
- Android 7.0 (Google APIs)
then download Widevine Dumper. Then install:
pip install -r requirements.txt
then download Frida server, example file:
frida-server-15.1.17-android-x86.xz
then start Frida server:
adb root
adb push frida-server-15.1.17-android-x86 /data/frida-server
adb shell chmod +x /data/frida-server
adb shell /data/frida-server
then start Android Chrome and visit Shaka Player. click the green play
button. if you receive this prompt:
bitmovin.com wants to play protected content. Your device’s identity will be
verified by Google.
click ALLOW. then start dumper:
$env:PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION = 'python'
python dump_keys.py
once you see "Hooks completed", go back to Chrome and click the green play
button again. result:
2022-05-21 02:10:52 PM - Helpers.Scanner - 49 - INFO - Key pairs saved at
key_dumps\Android Emulator 5554/private_keys/4464/2770936375