fzfile
GitHub
commit
08f1abc046
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable.
|
But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable.
|
||||||
|
|
||||||
This Chrome extension demonstates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM.
|
This Chrome extension demonstrates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm _[Update: link got broken?]_.
|
To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm _[Update: link got broken?]_.
|
||||||
@ -35,5 +35,7 @@ Some reversing job on that binary can then be done to extract the secret keys an
|
|||||||
## Why
|
## Why
|
||||||
This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.
|
This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.
|
||||||
|
|
||||||
|
This is **NOT** intended for copyright infringement or encouraging piracy.
|
||||||
|
|
||||||
## Legal Disclaimer
|
## Legal Disclaimer
|
||||||
This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. **Use at your own risk.**
|
This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. **Use at your own risk.**
|
||||||
|
|||||||
@ -1,8 +1,8 @@
|
|||||||
{
|
{
|
||||||
"manifest_version": 2,
|
"manifest_version": 2,
|
||||||
"name": "Widivine Decryptor",
|
"name": "Widevine Decryptor",
|
||||||
"short_name": "WidevineDecryptor",
|
"short_name": "WidevineDecryptor",
|
||||||
"description": "Decrypts and logs media keys from websites that use Widivine DRM",
|
"description": "Decrypts and logs media keys from websites that use Widevine DRM",
|
||||||
"version": "1.0.0",
|
"version": "1.0.0",
|
||||||
"permissions":
|
"permissions":
|
||||||
[
|
[
|
||||||
@ -15,14 +15,14 @@
|
|||||||
"browser_action": {
|
"browser_action": {
|
||||||
|
|
||||||
},
|
},
|
||||||
|
|
||||||
"content_scripts":
|
"content_scripts":
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"matches": ["https://*/*"],
|
"matches": ["https://*/*"],
|
||||||
"js": ["content_script.js"],
|
"js": ["content_script.js"],
|
||||||
"css": [],
|
"css": [],
|
||||||
"run_at": "document_start"
|
"run_at": "document_start",
|
||||||
|
"all_frames": true
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"web_accessible_resources": ["content_key_decryption.js", "eme_interception.js", "lib/*", "protobuf-generated/*"]
|
"web_accessible_resources": ["content_key_decryption.js", "eme_interception.js", "lib/*", "protobuf-generated/*"]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user