Hey, I finally learned how to break widevine and managed to get some drm content decrypted. I did this woth tubi which was relatively easy. So, Next I would like to embark on the adventure of decrypting some paid streamings, esp. D1sn3y and H8O M1X. any tutorials on that? From what I tried, the process is not as simple as with tubi (maybe because tubi is mkre straightforwaed and free?). Anyway, Im eager to learn and would be grateful of any good guide on that. 🏴☠️
Edit: Okay, since I grasped bascics, now its getting easier and I managed to download some content from D1sn3y using N_m3u8DL-RE but only in 720p. Is it possible to get it in 1080p?
Disney, MAX, and other uses L1 for 1080p and up. Even if you managed to download a 1080p from Disney, you need L1 keys. If you have an android that has L1 cdm, you can extract it (don’t know how). And L1 cdm gets blacklisted after few hours or days. You need another L1.
Streamfab is much easier to use for L3 content. Streamfab emulator can download 10 videos per day, and then use VPN or TMAC to bypass 10 downloads.
Be careful, some people will try to scam you selling you L1 cdm.
Okaaay, now I got it. If I wanted to use L1 cdms I would have to extract them oftenly right? And propably They would have to be from physical device and not virtual android studio?
Anyway, it seems more complicated. But what about L2? just of curiosity - where is it used? Never heard of L2.
To decrypt 1080p content I would need L1 keys? L3 would not work? Technically, could I extract L1 cmds from browser and use those?
AFAIK, L1 are hardware backed using Trusted Execution Environment like ARM TrustZone. Unless you can find an exploit to exfil the key from the chip, you have no luck. It was done before and published, but I believe it is patched already. Anyone holding such exploit would keep close to their chest to avoid it beimg patched.
How would knowledge like this get shared in the scene? I’d imagine it would need to be passed somehow between teams, no?
Maybe. I’m not in the loop but I believe you would need to gain some solid trust from the core team to get that access. It won’t be a knowledge just flows in the scene up for any newly join members to grab.
It won’t be a knowledge just flows in the scene up for any newly join members to grab.
Oh for sure not. That would be so suscepticle to DRM-moles ;D
Yes, it won’t work with L3 keys. As far as I know, L1 is different, you cannot just extract it without hacking it.
I never heard of L2 too so no idea. And yeah, you need physical device for L1. In some cases, you don’t actually need the device, but the keys to decrypt the video.
I have heard about a TamperMonkey userscript called EMELogger that logs some information about EME, in the web tools console making it easier to get the PSSH. I haven’t tried it though.
Also, I don’t think you will find guides on paid content as this is considered highly illegal (I think).
I dont have issues with getting pssh or lic url - I got it already. But im in a situation in which i possesse decrypting key of content and need the content itself - in highest quality ofc. I fully understand why there are not a lot of guides for those - maybe some vip will pm me and give me some instructions tho.
Oh, I missed the L1 in the title. Basically, all the decryption at L1 is happening inside a Trusted Execution Environment. This is a dedicated chip that does all encryption-decryption (among other things). This is why it is so difficult to extract the keys, because they don’t enter the CPU or are stored in RAM, because the dedicated chip handles all of these.
So I don’t think you can find a guide about this, because if anyone has found even one exploit, they would be keeping it to ourselves, so that it doesn’t get patched.
Although it is very difficult, I think the only real solution is to reverse engineer a TEE and find an exploit yourself.
If you manage to do this, please let me know! I am happy to get updates about progress in this topic.
hahaha I wish I would, Im not so skilled tho
Violentmonkey > Tampermonkey, it’s fully open source
You need to get L1 keys somehow, and as far as I know, there are no guides on how to do this. The L1 keys are protected using a Trusted Execution Environment (TEE), like the TPM on PCs (Windows) and ARM TrustZone for mobile devices, making it very hard to crack them. Although this has happened before, now they should’ve patched the exploit, and if you want to get L1 keys you will have to reverse engineer the chips and find your own.
