Widevine L3 Decryptor

Script Widevine L3 Decryptor

Register & Get access to index
  • You can simply find anything your looking for by using the Search function.
    To filter the Resources by type you can also look for specific Prefixes and specific Keywords to do with your search.
    Try it!!
  • Respect developers' work and credit them appropriately. Contact us if you need to transfer control of posted content. Thank you for promoting a culture of respect and appreciation in our community.

    Credit, where credit is due!
  • Our website does not store any files on our servers. We do not host or distribute any copyrighted materials. Instead, we provide links to external file hosting providers as part of our community resources. These providers are responsible for the content they host, and any DMCA claims should be directed towards them.
  • Our community relies on the collective contributions of its members to ensure that our resources remain accurate, up-to-date, and effective.

    To help us achieve this goal, we encourage all users to rate the resources they download as either 'Working' or 'Not Working.'

Welcome!
Join this incredible group of like-minded people and start discussing everything IPTV.
Register now

Widevine L3 Decryptor​

Widevine is a Google-owned DRM system that's in use by many popular streaming services (Netflix, Spotify, etc.) to prevent media content from being downloaded.

But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable.

This Chrome extension demonstates how it's possible to bypass Widevine DRM by hijacking calls to the browser's Encrypted Media Extensions (EME) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM.

Usage​

To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as IPTVApps - DRM Secure Stream Test using HTML5 Video Player | Bitmovin.

Keys will be logged in plaintext to the javascript console.

e.g:
WidevineDecryptor: Found key: 100b6c20940f779a4589152b57d2dacb (KID=eb676abbcb345e96bbcf616630f1a3da)
Decrypting the media itself is then just a matter of using a tool that can decrypt MPEG-CENC streams, like ffmpeg.

e.g:
ffmpeg -decryption_key 100b6c20940f779a4589152b57d2dacb -i encrypted_media.mp4 -codec copy decrypted_media.mp4
NOTE: The extension currently supports the Windows platform only.

How​

In the context of browsers the actual decryption of the media is usually done inside a proprietary binary (widevinecdm.dll, known as the Content Decryption Module or CDM) only after receiving the license from a license server with an encrypted key in it.

This binary is usually heavily obfuscated and makes use of third-party solutions that claim to offer software "protection" such as Arxan or Whitecryption.

Some reversing job on that binary can then be done to extract the secret keys and mimic the key decryption algorithm from the license response.

Why​

This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.

Legal Desclaimer​

This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. Use at your own risk.
Author
Ian
Price
350 Credits
Downloads
28
Views
2,207
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from Ian

Share this resource

Buy me a ☕!


Donate via PayPal 💙
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock