Get Pssh Key of MPD Files

[notaghost]

The mechanics of the the system is fairly simple. You need

1)pssh key and
2)the url of the license server.

These are fairly easy to obtain.
Pssh is derived from the init.mp4 which is turn is derived from the first file of yt-dlp.
The license server url is obtained via a F12 inspection of the browser display.

These are the easy parts.

Now for the not so easy parts.

You need a program that will communicate with the license server and send it the pssh and negotiate the get_challenge. One such program was the browser addon uploaded by Tomer8007. This is now, for all intents and purposes, dead. Other such programs include wvclient and pywidevine. Obtaining wvclient is easy whilst pywidevine is hidden like you would not believe.

Now, suppose you have the pssh, the lic server and say pywidevine, you still face a formidable challenge. Getting the coveted keys is still not that simple. Remember, no body wants you the get access to these forbidden fruits, especially Google. The biggest obstacle is that you will need a working CDM. A working CDM is required and without it you are going nowhere. A working CDM consists of basically of three files : device_client_id_blob, device_private_key and device_vmp_blob (token.bin). If you think finding pywidevine is difficult, well finding a good device_private_key is even more so. Here is the scenario that adds to this difficulty. Google is monitoring the usage of the device_private_key and if their algorithms red flags the device_private_key as being abused, then that key is shut down. So, obviously, nobody wants to share. So how can the average joe get a working CDM? Well unless he knows someone who is willing to share then he is out of luck. Working CDMs are derived from android devices with widevine capability. Getting the private key from such devices requires skills beyond mine.

So now your odyssey has changed from finding a replacement for Tomer8007's program to that of finding a good CDM.

Now even if you have a good pssh, a good lic server, pywidevine and a good CDM you still need knowledge of python and the communications between the client (pywidevine) and the server (license server). This can be obtained via the F12 inspection of the web browser. You will need to note the header information and know how to apply it to the python program.

After considering all the obstacles before me, I have decided not to pursue this this quixotic adventure any further.

Good Explanation .

[[ss]vegeta]

Google is monitoring the usage of the device_private_key and if their algorithms red flags the device_private_key as being abused, then that key is shut down.

It's funny how they've let the extension be used for something like almost a year.

[cntnes]

.... the key is a secret. Getting is requires doing a license challenge, and various post challenge processing. It is what the extension exploit does, the details of which have been discussed in other threads.

Guess I have some searching to do.

Regards

Did you have any luck @jack_666 with this?

===========

Still searching, but I have a never give up attitude. Some more than mere mortals have said that they have found this elusive elixir and got it gratis. This gives me hope. Soldiering on .... Hi-yo, Silver! Away!

Any luck getting the secret key from pssh?

The mechanics of the the system is fairly simple. You need

1)pssh key and
2)the url of the license server.

These are fairly easy to obtain.
Pssh is derived from the init.mp4 which is turn is derived from the first file of yt-dlp.
The license server url is obtained via a F12 inspection of the browser display.

These are the easy parts.

Now for the not so easy parts.

You need a program that will communicate with the license server and send it the pssh and negotiate the get_challenge. One such program was the browser addon uploaded by Tomer8007. This is now, for all intents and purposes, dead. Other such programs include wvclient and pywidevine. Obtaining wvclient is easy whilst pywidevine is hidden like you would not believe.

Now, suppose you have the pssh, the lic server and say pywidevine, you still face a formidable challenge. Getting the coveted keys is still not that simple. Remember, no body wants you the get access to these forbidden fruits, especially Google. The biggest obstacle is that you will need a working CDM. A working CDM is required and without it you are going nowhere. A working CDM consists of basically of three files : device_client_id_blob, device_private_key and device_vmp_blob (token.bin). If you think finding pywidevine is difficult, well finding a good device_private_key is even more so. Here is the scenario that adds to this difficulty. Google is monitoring the usage of the device_private_key and if their algorithms red flags the device_private_key as being abused, then that key is shut down. So, obviously, nobody wants to share. So how can the average joe get a working CDM? Well unless he knows someone who is willing to share then he is out of luck. Working CDMs are derived from android devices with widevine capability. Getting the private key from such devices requires skills beyond mine.

So now your odyssey has changed from finding a replacement for Tomer8007's program to that of finding a good CDM.

Now even if you have a good pssh, a good lic server, pywidevine and a good CDM you still need knowledge of python and the communications between the client (pywidevine) and the server (license server). This can be obtained via the F12 inspection of the web browser. You will need to note the header information and know how to apply it to the python program.

After considering all the obstacles before me, I have decided not to pursue this this quixotic adventure any further.

wow, thanks for sharing this. really helpful.

[romanok]

The key you need is missing in 'pssh'.

do you know how to get pssh?

[LZAA]

Why do you need 'pssh'?

[romanok]

I thought the pssh was needed to know the key

[lomero]

no.
anyway pssh is into mpd file. open with notepad.

[moni]

Google is monitoring the usage of the device_private_key and if their algorithms red flags the device_private_key as being abused, then that key is shut down.

It's funny how they've let the extension be used for something like almost a year.

This is simply a way to attract more customers.

[[ss]vegeta]

no.
anyway pssh is into mpd file. open with notepad.

Sometimes it is not.

This is simply a way to attract more customers.

I don't think so.

[NiesmialyGosc]

no.
anyway pssh is into mpd file. open with notepad.

Hi Lomero, the following .mpd file contains multiple PSSH strings, so how can I determine which one to use??

Code:

https://ipla-e1-81.pluscdn.pl/p/vm2dash/08/0897136437d81253076a60933e6b933847c60e2e/manifest.mpd

Plus could you guide me on what is the general way to figure out the license proxy URL?

Thank you!

[NiesmialyGosc]

For this aforementioned mpd, how do we go about fixing the error below?

Code:

C:\Users\DELL\video\Bento4-SDK-1-6-0-639.x86_64-microsoft-win32\WKS-KEYS>py l3.py

PSSH: AAAATXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAC0IARIQJMAV1i4HIe2g+gAAAKiiCRoNY3lmcm93eXBvbHNhdCIIzyUIAAAAAAA=
License URL: http://b2c-www.redefine.pl/rpc/drm/
unable to parse license - check protobufs

Am I using the wrong parameters?

Many thanks in advance
Nies

[lomero]

Nies, to determine right pssh to use, need video link to try
also right lic url and issue to get key, the same. need video link to test

[NiesmialyGosc]

Nies, to determine right pssh to use, need video link to try
also right lic url and issue to get key, the same. need video link to test

Hi Lomero, I've sent the link in PM, thank you!

[ridibunda]

My post about PSSH will be helpful to the beginners:

https://forum.videohelp.com/threads/404586-how-to-work-out-the-pssh-when-not-shown-in-...pd#post2647121

[rajhlinux]

i hate fish, except maybe to look at.

lmfao

[rajhlinux]

.... the key is a secret. Getting is requires doing a license challenge, and various post challenge processing. It is what the extension exploit does, the details of which have been discussed in other threads.

Guess I have some searching to do.

Regards

Did you have any luck @jack_666 with this?

===========

Still searching, but I have a never give up attitude. Some more than mere mortals have said that they have found this elusive elixir and got it gratis. This gives me hope. Soldiering on .... Hi-yo, Silver! Away!

Any luck getting the secret key from pssh?

After considering all the obstacles before me, I have decided not to pursue this this quixotic adventure any further.

Well said, he pretty much gave the full answer. I have read somewhere on this forum that an "android OS" for the PC can be used as a CDM and get the keys using frida-server tool... I will explore this if it is true and make a post about. Not sure if widevine CDM can be run on such custom "android OS"...

[rajhlinux]

Google is monitoring the usage of the device_private_key and if their algorithms red flags the device_private_key as being abused, then that key is shut down.

It's funny how they've let the extension be used for something like almost a year.

Facts... ".mpd detector" is also still working perfectly till this very day.

Google devs knows it ain't easy to get the keys so in essence it really doesn't make any difference.


[Attachment 64023 - Click to enlarge]