Merge pull request #1 from tomer8007/main

merge
This commit is contained in:
fzfile 2020-10-31 20:31:11 +01:00 committed by GitHub
commit 08f1abc046
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 53 additions and 51 deletions

View File

@ -3,7 +3,7 @@
But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable.
This Chrome extension demonstates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM. This Chrome extension demonstrates how it's possible to bypass Widevine DRM by hijacking calls to the browser's [Encrypted Media Extensions (EME)](https://www.html5rocks.com/en/tutorials/eme/basics) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM.
## Usage ## Usage
To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm _[Update: link got broken?]_. To see this concept in action, just load the extension in Developer Mode and browse to any website that plays Widevine-protected content, such as https://bitmovin.com/demos/drm _[Update: link got broken?]_.
@ -35,5 +35,7 @@ Some reversing job on that binary can then be done to extract the secret keys an
## Why ## Why
This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless. This PoC was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.
This is **NOT** intended for copyright infringement or encouraging piracy.
## Legal Disclaimer ## Legal Disclaimer
This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. **Use at your own risk.** This is for educational purposes only. Downloading copyrighted materials from streaming services may violate their Terms of Service. **Use at your own risk.**

View File

@ -1,8 +1,8 @@
{ {
"manifest_version": 2, "manifest_version": 2,
"name": "Widivine Decryptor", "name": "Widevine Decryptor",
"short_name": "WidevineDecryptor", "short_name": "WidevineDecryptor",
"description": "Decrypts and logs media keys from websites that use Widivine DRM", "description": "Decrypts and logs media keys from websites that use Widevine DRM",
"version": "1.0.0", "version": "1.0.0",
"permissions": "permissions":
[ [
@ -15,14 +15,14 @@
"browser_action": { "browser_action": {
}, },
"content_scripts": "content_scripts":
[ [
{ {
"matches": ["https://*/*"], "matches": ["https://*/*"],
"js": ["content_script.js"], "js": ["content_script.js"],
"css": [], "css": [],
"run_at": "document_start" "run_at": "document_start",
"all_frames": true
} }
], ],
"web_accessible_resources": ["content_key_decryption.js", "eme_interception.js", "lib/*", "protobuf-generated/*"] "web_accessible_resources": ["content_key_decryption.js", "eme_interception.js", "lib/*", "protobuf-generated/*"]