Need widevine l1 clarification ?

[Sandy sai]

As of I read from Forums,

1)L3 is stored in the less secure location and so it pretty simple to extract using the dumper script

2)L1 is in the hardware secured location. To extract from here you need to find a working exploit for your specific hardware that give you read/write access to something you should not really be able to. Then you need a script that uses the exploit to read and dump exactly what you require.

3)Dumper script will only ever dump L3.... To dump L1 is a completely different process... You need to exploit your device so that you can access it's secure zone and read/write data from where it is designed not to. In short it's very difficult and every device model is likely to be different so there cannot be a single script for all.

4)1080p+ is now L1 only(i.e. L3 is used for lower quality content and L1 for higher quality)

5)if you try to extract L1 CDM with the classic method (Frida Server), it will be lowered to L3, so will be useless. Google does not like rooted devices.

Surely there are other ways to extract L1 CDM (we see that some guys are getting UHD-4K streams which are L1-protected)

NOTE(for the one who need to buy L1 CDM ):
No one will sell private CDM. You can't call it a private already.
If someone will sell you, you'll expect that it's already shared to other person as well.
It's like virus. It will spread quickly =D
Just stay with L3 and don't waste money.

================================================== ================================================== =========
From the above points I have few doubts,

for downloading 720P quality from{@M@zon Prime}

so it will use L3 only

do the WKS Script work with L3 CDM?

i tried with WKS but i showed "unable to parse license"

[T33V33]

So...

1. Yes, L3 software secured so a simple script to intercept the call and dump the CDM is all thats needed.

2. L1 is hardware secured. Normally running scripts to read/write from this is not allowed. Lots of exploits are found all the time... Some allow writing of data into readable buffers. In the cases I've seen of L1 'scripts' its not just one exploit in use. It's a combination of multiple exploits running in order. The exploits or often released as 'simple' PoCs and so need someone who knows what they are doing to write additional scripts to target the data required for L1s. Also in addition to this all devices are different so the 'addresses' of data being targeted may be different for each model and so seperate scripts are possibly needed for each exploitable device. Its also different in that for L1's we are looking to dump the keybax and not the L1 CDM files... You then use (write) another script to provision an L1 from the keybox.

3. Yes, Dumper script is and will only ever be for L3 since it targets the files dealing with L3 and not L1.

4. This still depends on the service. Some services will still give 2160p with L3. Some will only do 720p with L3... some its only SD with L3. You also need to differentiate between AndroidCDM (L1 or L3) and ChromeCDM (L3). Some treat ChromeCDM differently so will give 1080p with ChromeCDM but lower quality with AndroidCDM L3. Google's idea with AndroidCDM is that anything HD should be protected by L1. This is something that is fluid and services are activly updating their services to increase security.

5. It's not the ' try to extract L1' that causes this... There are various reasons of the device downgrading from L1 to L3.... Some devices will maintain L1 after root, others will not. Sometimes its the unlocking of the bootloader that causes the downgrade. Again, some devices will maintain L1 after bootloader unlock. One device most people already know is the Nexus 5... This device you could unlock the bootloader and root while maintaining L1... There was also a couple of exploits avaliable for it and a script to put the exploits together and then dump the L1 keybox... Sadly as a result Google blacklisted this device and so now it is not possible to provision an L1 from an Nexus 5 keybox.


They guys you see getting 4K almost certainly have one of three things....
- They have the ability to dump keyboxes (a lot don't).
- They're not using Widevine (i.e. the have Playready cracked. A few - and I mean very few - do).
- (The most likely answer) They are able to do 'L1 required' content is that they have access to an L1 API - This is how a lot of scene groups do it.

To address the doubts on the points....
WKS-Keys works fine with L3....
AMZN is SD only with AndroidCDM L3. For HD its Chrome CDM (Up to 1080p) or L1 (up to 4K)

[T33V33]

Or the simple answer... L1 will remain unobtainable for 99% of users (without leaks or buying - which carries its own risk)

Also... imagine having to spend money on an exploitable device then spending hours/days/weeks/months to actually get an L1.... Only to then run to DSNY or NF and it be revoked quickly. So many people seem to want to use all this to download things that are very easily obtained on torrents/DDL sites.

[Sandy sai]

hey mate,
Thanks for sharing this wonderful info.Now i got clear idea about GoogleCDM Vs AndroidCDM L3

[mostafasmh1996]

So...

1. Yes, L3 software secured so a simple script to intercept the call and dump the CDM is all thats needed.

2. L1 is hardware secured. Normally running scripts to read/write from this is not allowed. Lots of exploits are found all the time... Some allow writing of data into readable buffers. In the cases I've seen of L1 'scripts' its not just one exploit in use. It's a combination of multiple exploits running in order. The exploits or often released as 'simple' PoCs and so need someone who knows what they are doing to write additional scripts to target the data required for L1s. Also in addition to this all devices are different so the 'addresses' of data being targeted may be different for each model and so seperate scripts are possibly needed for each exploitable device. Its also different in that for L1's we are looking to dump the keybax and not the L1 CDM files... You then use (write) another script to provision an L1 from the keybox.

3. Yes, Dumper script is and will only ever be for L3 since it targets the files dealing with L3 and not L1.

4. This still depends on the service. Some services will still give 2160p with L3. Some will only do 720p with L3... some its only SD with L3. You also need to differentiate between AndroidCDM (L1 or L3) and ChromeCDM (L3). Some treat ChromeCDM differently so will give 1080p with ChromeCDM but lower quality with AndroidCDM L3. Google's idea with AndroidCDM is that anything HD should be protected by L1. This is something that is fluid and services are activly updating their services to increase security.

5. It's not the ' try to extract L1' that causes this... There are various reasons of the device downgrading from L1 to L3.... Some devices will maintain L1 after root, others will not. Sometimes its the unlocking of the bootloader that causes the downgrade. Again, some devices will maintain L1 after bootloader unlock. One device most people already know is the Nexus 5... This device you could unlock the bootloader and root while maintaining L1... There was also a couple of exploits avaliable for it and a script to put the exploits together and then dump the L1 keybox... Sadly as a result Google blacklisted this device and so now it is not possible to provision an L1 from an Nexus 5 keybox.


They guys you see getting 4K almost certainly have one of three things....
- They have the ability to dump keyboxes (a lot don't).
- They're not using Widevine (i.e. the have Playready cracked. A few - and I mean very few - do).
- (The most likely answer) They are able to do 'L1 required' content is that they have access to an L1 API - This is how a lot of scene groups do it.

To address the doubts on the points....
WKS-Keys works fine with L3....
AMZN is SD only with AndroidCDM L3. For HD its Chrome CDM (Up to 1080p) or L1 (up to 4K)

Hi buddy
Do you know how to dump or find the latest ChromeCDM in the form of ClientID,PrivateKey, and VMP blob?

[T33V33]

So...

1. Yes, L3 software secured so a simple script to intercept the call and dump the CDM is all thats needed.

2. L1 is hardware secured. Normally running scripts to read/write from this is not allowed. Lots of exploits are found all the time... Some allow writing of data into readable buffers. In the cases I've seen of L1 'scripts' its not just one exploit in use. It's a combination of multiple exploits running in order. The exploits or often released as 'simple' PoCs and so need someone who knows what they are doing to write additional scripts to target the data required for L1s. Also in addition to this all devices are different so the 'addresses' of data being targeted may be different for each model and so seperate scripts are possibly needed for each exploitable device. Its also different in that for L1's we are looking to dump the keybax and not the L1 CDM files... You then use (write) another script to provision an L1 from the keybox.

3. Yes, Dumper script is and will only ever be for L3 since it targets the files dealing with L3 and not L1.

4. This still depends on the service. Some services will still give 2160p with L3. Some will only do 720p with L3... some its only SD with L3. You also need to differentiate between AndroidCDM (L1 or L3) and ChromeCDM (L3). Some treat ChromeCDM differently so will give 1080p with ChromeCDM but lower quality with AndroidCDM L3. Google's idea with AndroidCDM is that anything HD should be protected by L1. This is something that is fluid and services are activly updating their services to increase security.

5. It's not the ' try to extract L1' that causes this... There are various reasons of the device downgrading from L1 to L3.... Some devices will maintain L1 after root, others will not. Sometimes its the unlocking of the bootloader that causes the downgrade. Again, some devices will maintain L1 after bootloader unlock. One device most people already know is the Nexus 5... This device you could unlock the bootloader and root while maintaining L1... There was also a couple of exploits avaliable for it and a script to put the exploits together and then dump the L1 keybox... Sadly as a result Google blacklisted this device and so now it is not possible to provision an L1 from an Nexus 5 keybox.


They guys you see getting 4K almost certainly have one of three things....
- They have the ability to dump keyboxes (a lot don't).
- They're not using Widevine (i.e. the have Playready cracked. A few - and I mean very few - do).
- (The most likely answer) They are able to do 'L1 required' content is that they have access to an L1 API - This is how a lot of scene groups do it.

To address the doubts on the points....
WKS-Keys works fine with L3....
AMZN is SD only with AndroidCDM L3. For HD its Chrome CDM (Up to 1080p) or L1 (up to 4K)

Hi buddy
Do you know how to dump or find the latest ChromeCDM in the form of ClientID,PrivateKey, and VMP blob?

No