Problems With Headers

[Quint]

Hi,
notaghost's site worked for me for two streams well, after fiddling around with some headers.
Now the input format has been changed, has to be YAML. One could check this with http://yaml-online-parser.appspot.com/ Ok.
Then he gives two examples or better pre-completions, one on the main site:

Code:

accept: "*/*"
content-length: "316"
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

(simply one line for each header)

the other in his example for vdocipher:

Code:

{   "accept-language": "en-US,en;q=0.9",   "cache-control": "no-cache",   "content-type": "application/json",   "origin": "https://d2lrwez4x0gs00.cloudfront.net",   "pragma": "no-cache",   "referer": "https://d2lrwez4x0gs00.cloudfront.net/",   "sec-ch-ua-mobile": "?0",   "sec-ch-ua-platform": "Windows",   "sec-fetch-dest": "empty",   "sec-fetch-mode": "cors",   "sec-fetch-site": "cross-site",   "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" }

Both formats are YAML-syntax-conform, so http://yaml-online-parser.appspot.com/ doesn't show errors for both.

But which format is the correct for input?
If the latter is the correct format: Is there a tool to format from format 1 to 2?

[notaghost]

Both are correct . You can use any one of them.
You can enter your headers in json format or yaml format.

[Quint]

Thanks man!

Second question...:
Chrome shows an "Provisional headers are shown", so it seems that not all headers are shown or what? I learned that this can be the case for "security reasons". Fine, but how to get the missing headers? Only with sniffing (wireshark or worse)?

[notaghost]

You can check disable cache option.
If you still think some headers are missing you can use fiddler/charles proxy/wireshark they will give you exact headers .

[Quint]

Thanks again! Disable cache will not work, because then it would say "disable cache" in the error message. But I think in this case missing errors are not the problem.
Wv guesser until last month never had a problem, also your site worked well for one or two streams, suddenly no longer. An example where no account is needed:

https://www.xx.cometc

I get:
mpd:
https://vodnowusoawsdash.secure.footprint.net/.mpd

pssh:

Code:

...Ss6jyCfc1R0h7QAAADEIA...

Code:

headers:
POST /index/proxy HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Length: 5772
x-auth-token: ...
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Connection: keep-alive

But always receive some "business" error. Can someone help what I am missing? Really more headers that were omitted? Or is something else wrong?

Thanks in advance!

[lomero]

you need convert headers into curl
copy headers as curl and covert from https://curlconverter.com/

[Quint]

Thanks. I will try tomorrow, but why does notaghost say they' re correct like above? He should no best?

[Quint]

No matter how I try (with curl-cmd to Python), I always get this error from the remote site:

Error 404:<br>{"error":"forbidden.by.businessrule"}

There is some short additional "data" that has to be delivered, too. How can I do this?

[Quint]

I fear I will have to learn some Python, no way around.
But before one last stupid question:

In the browser/developer/network thing we can find the address of the license server, plus headers etc. Ok. But we also find what the server answered in binary.
So why is it necessary to receive this content again? Why is it not possible just to copy the binary answer and use it offline to calculate the keys?

[LZAA]

You do not calculate the keys.

[Quint]

Of course you do. You get some information from the license server and with this information you SOMEHOW calculate the keys. Maybe "calculate" is the wrong term - forgive me, I am not a native speaker - but you GET the keys SOMEHOW out of the information you received. So why does this have to be online, when all information already HAD been sent by the license server? Where is my lack of knowledge?

[[ss]vegeta]

Why is it not possible just to copy the binary answer and use it offline to calculate the keys?

This is actually an excellent question that I have pondered too, a few weeks ago.
I think it might be possible to do so "offline", with all the content you get from developer tools, but I haven't got the time to experiment yet.
And you might need additional knowledge of editing the code of Pywidevine/WKS or whatever is being used.
We might be missing something and we could be wrong though.

Are we sure the binary answer is always the same?

[Quint]

And how to simply copy a binary response exactly incl. zero-bytes? Don't know if this is possible out of chrome or firefox.
I guess that the whole process is somehow protected, so that one can only step in at certain points. The dll must be used at some point, so the whole scenario around this point has to be worked off. But this is only guessing.

[achilles]

I believe in the browser, the response would be for use with the chrome (for example) CDM and if using the script or website, the response would be for an android CDM. Since specific CDMs can be revoked and new ones redeployed with new algorithms, I doubt the responses would be the same.

[[ss]vegeta]

I believe in the browser, the response would be for use with the chrome (for example) CDM and if using the script or website, the response would be for an android CDM. Since specific CDMs can be revoked and new ones redeployed with new algorithms, I doubt the responses would be the same.

Exactly, that's what we were missing.

[Quint]

So the response is still something that has to be decrypted/processed somehow with the corresponding CDM. I see. I thought this would happen earlier in the process. Sounds logical and kills my "plan".