How are you going to respond to widevine l3 decryptor's death at May 31st?

[RedPenguin]

Has anyone been able to get keys from 7plus.com.au? I tried a bunch of stuff this afternoon and got nowhere. So, before I sink more time into it, I just wanted to check if anyone has gotten this to work or if it's probably another case where neither WKS nor the website is going to work.

I haven't tried it myself, but I have heard that this site does definitely work with WKS.

I can always try when I get a chance, but will have to try and hope on an AU VPN and hope it isn't blocked.

Yeah, I used an AU VPN and while one server didn't work, another one did. 7plus seems to send some params as well which I tried passing through both as params and json in the post method. Maybe my pssh or license server is wrong. I guess I'll have to keep trying.

I just tested it real quick and it's 1-2-3 with WKS. Oddly you don't even really have to concern about headers even.

Just look inside the MPD file and grab the PSSH and LicenseURL.

Slap both of those in to l3.py and you are good to go.

I tested with this random suggested episode:

https://7plus.com.au/jack-jill

Then got

Code:

AAAAVnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADYIARIQfcb8WZ87Rdihe7ngSMii0hoNd2lkZXZpbmVfdGVzdCIIMTIzNDU2NzgyB2RlZmF1bHQ=

and

Code:

https://manifest.prod.boltdns.net/license/v1/cenc/widevine/5303576322001/4b720aae-53cd-4efe-b648-7eed8c12d6bf/7dc6fc59-9f3b-45d8-a17b-b9e048c8a2d2?fastly_token=NjFiNmFlNWFfNTA0MmY2OTM1M2MxMjFiMzc2YjU5ZDZmODUzODU1ZmMwODZkMmFiMjJiZjFhNzI0ZTRjMWFhYjA5Yjk1ZTczNQ%3D%3D

Then I put both in to l3.py and got

Code:

python3 l3.py

PSSH: AAAAVnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADYIARIQfcb8WZ87Rdihe7ngSMii0hoNd2lkZXZpbmVfdGVzdCIIMTIzNDU2NzgyB2RlZmF1bHQ=

License URL: https://manifest.prod.boltdns.net/license/v1/cenc/widevine/5303576322001/4b720aae-53cd-4efe-b648-7eed8c12d6bf/7dc6fc59-9f3b-45d8-a17b-b9e048c8a2d2?fastly_token=NjFiNmFlNWFfNTA0MmY2OTM1M2MxMjFiMzc2YjU5ZDZmODUzODU1ZmMwODZkMmFiMjJiZjFhNzI0ZTRjMWFhYjA5Yjk1ZTczNQ%3D%3D

--key 7dc6fc599f3b45d8a17bb9e048c8a2d2:38c904ed0c09c971b1286cfec95576c7

[achilles]

I just tested it real quick and it's 1-2-3 with WKS. Oddly you don't even really have to concern about headers even.

Huh, I guess I really messed up earlier. I see now it's one of those sites where the PSSH is constant, or semi-constant and what changes is the license URL. I passed through the token with the params but I guess that's not even needed as the license URL has it. I guess it's not fussy about headers either.

Thanks for trying it out, appreciate it.

[notaghost]

http://getwvkeys.herokuapp.com/vdocipher down

showing this error.

Code:

ERROR
 Error 404:<br><!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Bad Request</pre> </body> </html>

Fixed and

http://getwvkeys.herokuapp.com/vdocipher
http://getwvkeys.herokuapp.com/
Both are same.

[Johanatan]

You were using Playready pssh

Oh, what's the correct PSSH tho? Because I can only find this PSSH: AAACJnBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAgYGAgAAAQ ABAPwBPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9 ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAG MAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAA NwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQ ByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAw ACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAE YATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwA RQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQ BMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ ADwASwBJAEQAPgBqADQALwBNAEEAYQBYAGYAZABUAHAAcgArAH UAMwB1AFYARQBzACsAeAB3AD0APQA8AC8ASwBJAEQAPgA8AEMA SABFAEMASwBTAFUATQA+AHkATAB6ADEAMQBQAHoANAB0AEUAMA A9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AC8ARABBAFQAQQA+ ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==

[Flitskikker]

The decryptor uses an Android general CDM that is not revoked on many sites, but maybe the site you are trying revoked it.

I wonder if people realise that it will get revoked within days/weeks now that it's out in the open, even in plain sight on Github.
Afaik, this was the last semi-publicly available cdm that still worked on most sites.

Same goes for discussing decryption for all kinds of sites/services in plain sight in this topic.
How easy do we want to make it for them to counter it?

By posting information publicly like this, we briefly open the download door, which is immediately nailed down.

It wouldn't surprise me that sites will start to move to other protection methods, so in the end it's disadvantageous to everyone.

[Johanatan]

The decryptor uses an Android general CDM that is not revoked on many sites, but maybe the site you are trying revoked it.

I wonder if people realise that it will get revoked within days/weeks now that it's out in the open, even in plain sight on Github.
Afaik, this was the last semi-publicly available cdm that still worked on most sites.

Same goes for discussing decryption for all kinds of sites/services in plain sight in this topic.
How easy do we want to make it for them to counter it?

By posting information publicly like this, we briefly open the download door, which is immediately nailed down.

It wouldn't surprise me that sites will start to move to other protection methods, so in the end it's disadvantageous to everyone.

Ja dat weten we, maar mensen hebben gewoon weg hulp nodig ;P

[klenjo]

PSSH

Code:

AAAAYHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAEAIARIQXiEPTyOQSnC+2PWRwBO9FhoSZXJzdHJlYW15YXlpbmNpbGlrIhZQVF9NVUxfREFTSF8wMDAwMDc1Mjg2

LiCENSE

Code:

https://digiturk-drm.ercdn.com/widevine/api/erproxy

HEADERS

Code:

Accept: "*/*"
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Content-Length: "4235"
Host: digiturk-drm.ercdn.com
Origin: https://www.beinconnect.com.tr
Referer: https://www.beinconnect.com.tr/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
X-ErDRM-Message: 7E5eV_RgGauG_Vs0JH5r6yEnQmOZ0t-WS4vSsNi2StkHOIKjQYhvERTi0V4nQs9mOc19l25jTgFLaL5kMN75_kB7yOMXlFhsRFe5xzckk82PULLkR3sUHyi4zV6t1RMWBJryy14oKOLBc-3CBk73a15iSZXWzciRhhnFXF9VkOl-D9n4dVxoc0a3ukMcEcvtNTd_o6Rt2nbwSlnheZTUhg2

Can you help me please?

[DannGamerz]

Hello guys, I need help with this.

You may need malaysia vpn

MPD :
https://linearjitp-playback.astro.com.my/dash-wv/linear/5058/default_ott.mpd
PSSH :

Code:

AAAAK3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAAsiAzYwMUjj3JWbBg==

License :
https://sg-sg-sg.astro.com.my:9443/vgemultidrm/v1/widevine/license
Headers :

Code:

authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2Mzk0MDQwMjgsInN1YiI6Ijg1MzY1NTA5IiwiYXVkIjoiaXZwLnNlc3Npb25ndWFyZCIsImV4cCI6MTYzOTQxNDgyOCwic2Vzc2lvbl9kYXRhIjp7InNlc3Npb24iOnsiY29tbXVuaXR5IjoiTWFsYXlzaWEgTGl2ZSIsImJ1c1VuaXRJZCI6IkFTVFJPIiwic2NvcGUiOiJicm93c2UgcGxheWJhY2siLCJ1cElkIjoiODUzNjU1MDlfMCIsImRldklkIjoiODUzNjU1MDkuZWJkNjEyZGQtYjhhOS00MTM1LWFlNTUtM2UyMmZkYmU5YjU5IiwicmVnaW9uIjoiUE9TVFBBSUQiLCJjbWRjUmVnaW9uIjoiODAwMDAiLCJkZXZpY2VGZWF0dXJlcyI6WyJBQlIiLCJQRVJTT05BTC1DT01QVVRFUiIsIlVOTUFOQUdFRCIsIkRBU0giLCJXVi1EUk0iLCJTZWNvbmRTY3JlZW4iXSwiY21kY0RldmljZVR5cGUiOiJQQyIsImRldmljZVR5cGUiOiJDT01QQU5JT04iLCJ0ZW5hbnQiOiJrIiwic29sdXRpb25JZCI6ImsiLCJ0ZW5hbnRJZCI6IkFTVFJPIiwiZ3Vlc3RNb2RlIjpmYWxzZSwiaGhJZCI6Ijg1MzY1NTA5In0sImhoSGFzaCI6MjUsImNvbW11bml0eSI6Ik1hbGF5c2lhIExpdmUifSwic2NvcGUiOiJicm93c2UgcGxheWJhY2siLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwic3NhX2p0aSI6ImJyb3dzZXIiLCJjbGllbnRfaWQiOiJicm93c2VyIiwianRpIjoiZWQyMmVhYjctNWNhZC00OWQyLWJiMTgtZDhmOWUxNWZlMDVkIn0.e47r8DYBp8oZI_lgQLVZmksoz2-fVZ65GDPJXVFHXVs
Connection: keep-alive
content-type: application/json
Host: sg-sg-sg.astro.com.my:9443
Origin: https://astrogo.astro.com.my
Referer: https://astrogo.astro.com.my/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Json :

Code:

{"contentID":"5058","contentType":2,"authorizationToken":"AAAAQAAAAKIAAABgAAAAGgAAAGEAAAACAAIAAABjAAAACADIOk8cT5IgAAAAcAAAAHgCAQAAAAby3rnUmxu+YeUmX5+c1eisQisRWaEVaZyWbBM6KZKN9tLfJ2/iItI0HcCpj6ZswSgEbsLS8fWgAyzX5e7NeyMHT6jIYrnUFQyx4uZ0ygZ/2PMZO8wsFLZAUgHDZnK+4D6rB43IgurEpAuh677BFCamm6g=","authorizationTokenType":"1","licenseChallenge":"CAESsR8SJAoiCgwiBDUwNThI49yVmwYQARoQsiEA6nkpV+5eVmsoYikr5hgBILqn3Y0GMBU4p4eciwVC+B4KDHdpZGV2aW5lLmNvbRIQUUNP4qRMdjvMLIJqLW75pxrAHIzHlkfDGvOCngMHevgB6V53SRqnvtwOPE+0Bq4fYTWOD34lFMXppBVIvTUOn6b3VO8J7dgJyTK4hZH6tPJ0Mw0KHAFGyjd6wDC4IuknroL/6tHaxonrFhBXUE/A5hoaY/xgyJLThYtnEPOKpRsUbygnx8ouhmpmL29FSYPjBc48xJ9w3IhpMycAjHta+/2f7xI/m6aJ/pXFdWoz7dNHe4ThG+r8/b4OQvJIvaqfMUgZSEKv/AIN6TqRfq+iS2uKLIB6DZ1Sib8+5irR6t7LH0P4qJGiQqOIl3rwXeZDebm8SFxAAiObu3i4x0/KedoN4jHEjZrohzfjXWU8UgT1NIcLby0qcF3n8laK0rGpnZ4KzH9HVJp72G5D4LKJrvTHXYzJcUbhH010nK7U3E6Mgbn51rjVTj1JDvuJW1AP9J0dxwe1HDKwlDwWb+OqsSYZews4XRwFjmFXG2la5QSnE104X46NiW37SPPf0aAQK5cfpc/3gB4jleJD2FdPrzmRmJohKGEEc28rarDLXmtEDErUMfba0XXwuTE5TVzDLI4+cx8oD/hMn+ODEGHkq86+XTkf0WBvHTXIPzQM1DqITEMPMEIGKpm9Ym0KclHfpAqRXxGuSkF573+l+GbqC9Gni/GaGDuplBLfT1ce+xnOs3yf2+Ad7lTh9BN7Dysa2OOvQSuAcUY37UQtZjhUpNTwEteWUikNzPyM0a2MGivC0fybln+t7w4OATz2ArVJs2mgZZoCQk5jJXU7ZKl5n08zajHgJhUVyviro8rDA88D0zMG+Pa7F2DWoStYKUQWcWIIkdetlB1gjJrFBu3CGG17MDqz8ptEtqWKc91XylUy0AkjyCreu7nK7xGTRPptwiHc818a35xuO7gd5J/l3egd+aifa2ApLr8GF04uaMz17hUCnQd0o7+NPJRNu47WuToA2zqas8Tfb5kyKutrHx6xTK+FM6ITWI3nHiMo40YqCVYxAPEIxHLko4nanCY00fxzMMALzjHV5cGnyHUtD9zbbuMRzY6CyD0oeKWwYr0IxOY4gKzioV3n0S2yrlQJs4yKKtAMRdnPkXgJTDBQDw+c1YBr5aWxDLiWgTDzV3xTr6593GFeUtuoPTVwRjjUJ+Y0QDzadpTWDg5ywMgT/bOZYYYMopoJl4LhsQUxDevH+9/c0diQsdfw9jCmKnzleiPvxqwAMxK6x4njyMt04VXCwZBwnsoEfS1qiRzz5/DEJ0iwiPH8yYQLcd20fRrowp2J4/UvlbiVWsdYuD9+2ZoDCAjsnzDvsc/1Xe4knpw5gB3glhbAkEZzRLMLfAeoyyAaiSmLvjmrsNNllPh8/L9SePar3+YPJ8FopnLW+RoHDAPbPaUT3rqjP5goma+BdSsmnE8w+bXVmKG3iTzwv2H/Ekhpy925w0vYev2GKkI0dbMdeVhb+1+RW8TdcySh0RLhGEFQNmDNIGzWUXV92C1dPC+CdAFY1vIB7MpGHMQJ+1w/l1mrncYJLvuH3oQwKxQY69REeUg3LIZHjTWZCHP5ueL+1CBQYpoFLDrqcUwNLe8JNPAF6Ch29y+fYhd6sroh9Z4pGfkiDSLgrw8f5t9Klvygvgtz1U7eBJdmbdcWuSfRHVYoM+bhFrhZCUKRGAurcg1rOV/ww12TK348aK/RfC6bgAeJbylgKyN7u4Mdojm1QQ779gJqZRhxZWHI2yfXMikAoM4+GmErV+20V4QpPFtpM720FyROiTY8daYikRJFK/5FiTuC7nRq1gi8u+1n8G6+Ps10akycl25sWqwT1yDMQS9js8PMsz2XiNXF69IhTj/7mjijhFeHm4BrBKu/TfcT8vHtqBNacMVCsmjoegZfzMa+WGyK6u7xP/gMxf2GmUZqBFCjIiCXaGlVT1DohPYXDqylX1I3gnRL4I8zl6l8FP1WHcWKugMN5j9ir5r9MzwPwcT9MaPzd9CSfQgyZV4S9riQOhkAS8HcwGiwKt6TiyrksYSeBbdnRvFn3oTznABYrb1cycJaqzgBygKSYhmgjn8Pu7bqqBTbseuNZYIKDFEzse1/D6yS49FlXwb1m0m68uKAmrG+Fl/vGKIb2gWxepF6L9aQjKaDcUtUItNaKw1grJMCIksUd8pY4TwiHq6FvieAAPHkh0xCvvO6Vk2QdPJ/JG0EegHaIJQhxU5XiadOqEP7FO1on42KYtegSELW1OvTLIt9ac9arlt2XjhRczLUmKCNGu8piBWXIihPcZGdMIxPyewk7d7l7x+EdPz3jBgZh6Ic35/dlbHyODrZu44GrfduK5UVQjxJA+lk153BkpBYrWdp+MjKlqHuTko8tilMYNjIJuoD6E08kwOA82M7hCQvKHvn3frCfapiwWNr04+fs8JtDkmy4bd0FbbQssrZjtDLkcyM5Az+mMtv7Kjdd3ruSE/GZjsigFOLaeRJIy+NvAOoxPXWYJi2FgtT0xIHXhbLdQ6QDkGVwvNgxw2HIwNORNVKzi5hXUa0mGVrmaTtmrjkgFwq4HS2LujFQl/gchjWTAywBN+UDdUeR8RSqWcq3P/2BYb5TubBKS2T8gXs19Wa2hq/YeiWRbN8uX2Xn/N6+V6H0Ot2uSzpyt38EBdciFRyC0zB4pJ2fIklsOWpRJ565KPhh/FqY/5dBViUmPRxeHFHnJM+8PDLE6S7aM0xtylCj63RMXhmKZxA+LGimaVWhHnQ1FvcEW17E+FCill0SfpbklDPDd5Jp7FerrIuXvY0YizxgMrpa86cMfUZE9WqrFoX4uVjz3UJsEHVry5zIhIDXw+naRYoJx1UUANTD5opkzPuGzadZM1FWZM4nQeK/r2fv/nfjTsxQIxvnq7FBqpEgmtjahxuRG0qDZ00zBOgYS6w2S1ng2Zm81XKqJBktxHv2WtUspZ06ocexfh0pOI2EWQqN6+PW4ZP1dl1KL2Ol6JvLGGwSpcpLZozHZTp38fI/nZmaxWbLkB1qRmEVAvsuU2RmkiAk22NB0MOR4J9L/hhphC9WOd9MvwYEIDkdNMGRqeVSQWt+UF6hKNf1n45At/iWxyu3r6R8jY/7xrKbKH+ycy1b2BEKeBqZ+2MdzJVNp4JvY1I7IMWKG8GMgM/EpTPdcRBCTUiqSr0H4hA+mVI2O4Ahs99+QRFJsXxE8uMBV3iqCmkQAdp8eZQXNlvgtCm9mLbZqP23hX5x/xkakVFwGRkxdymUOlWSP6M7XXxsiZpAgOkzQyKWmRJuOwSV+a7TMTg7HZSTxWzxf0LZ+XYh+hmnlkgZtx+klZ86fYr8wRAWmawYwR3z1LXPqLENA5YX9YFn06LWGtE0GsAIIVPIaP6C9U712QwcuexcZ+jTIHZh75KVtKBWEz3aB3d2VJnolOeyCj/dqrPZCgzWCblzMlwcCkSk4rQW5Vzss57MzMqNB86Qwja/HQi8ZmeoFYoQYO3HXkiWHT/4bd8JYVSRHmp6EM2/mtEJOQ+f3WZnFvGLRlXX24raszmN6BRfnB/8y8GszcDHcuXN1vu5Idb15P32bDvsnmGhjr3wsAlxpiRyojbYyQgl26jc43stVcXIyxfK0C4IeXo1qlkT6gTzeHEvoVGbltEb6khdJKQc9E4oGA9cnLfafeu4N5W1Vp3y2ITugygIUh/E8WC96mXNv71l8E+jRphSVP/aRHBAqGPNMfGYhH39l/62ZHVo7d0sIN/nUnIvqR57JtC1CP1VRV73EV9Wh7n1TZgGt93+G91WqqcFmYLLkCSLRD6au2JeeiPQ6wNrWAZVWMEvb9wu54BeOKOEQin9gGsOyiQpOX8BtAe6jwOUHyBm+5LRrSvdD3waWnGuUAo2bmSDD6mVmYWQdE061b7BAZdKVMfmHARjSK64S7J17SOdWraIhbWBYSHcZ5UxqJSgbFiovNtGAKBU65i5YtLhuXbegkg2Z11oAhEV/au5R/B9ZoMFNI59+BU11w/4qZGaozs0o70SVjHFPBPWt0jQG1BeRDhuYsSSam6SLuv1j3sMgp0x1QvqF9KsOl8eOw5S7Igvjv7CarIyiD1mTK28Ki458dY2MkSXs2D+mNQYqyIi04MnRM/OjbTxsBwGzcNfCxqvdw4zFIf71HXFg24avGVGzErqetpZ50IzzvsBBrIfrStTpGNjXU7kUXrLFo85aBA1WQ7oQN1HZ0AEeDQEKELr4gEE+BlISzZ7GCgPYJbP8DkYxw0+6dEPPBf+QsJO9FKicCo5xb3hnbrpxcdnQ0O9KDrKrKw8qXypmKL6/Ag738lhTieJt08HwcsdUp3V6g7CjkKrv+ODZtkGCMjQxx4k0ezSovwhcGw6iOYZ9jDCHTEt/VZSHsYCqA4f4Z4pyBnWLej4c5TAQC38K1MpGVsgvr9Z2iHLQuMK5/mNwVSwowgfdQ/vilCCWzmXuV8EY3zpgUnSo7Efy5m5cI+ONQ9ostjlvtZ6WyZpACyx4UTctBplMOiKOJH5glHPriM60f/EyleCCXOfWYxEBLefmlkED3xMWD0SW9XyisAJNxWJEgFFfPVtKX4r9+ZcY255Z0CPhXcsC767THOUbdzpXD/XGgtruEdxaH+gsRyyS8nUZTTu4qBMWROD5iSF2ieV4HmRz4Zp6VwXsdNlFAProDnQ4poyUQ3wN9bx56irQXyb3wrqMXCNCJlFPHiBbfYf7br8HnQ0ATULVJBPNIw8rywWIa7rgnpAkETEGYFt6Ohz+54+dDJ3ae+JeCQK/IOo/5g2XhCimg4lmZLyW4d1oxaM/yX3jt1yYQbHg/5ztSUFhqSUtywpxv0PXPZftrzHHDMVDHReTZpIE+gtjRk3pEviZMh3AogNKBXh1aST6kIkZk7XuWlSGEWcaxIvpW0a6daV92TviIQAN1ItgfJ20DARznrRq2d4yqAAiVWowwbo5Ejv80PrcMH5uaI3vJ+9eCEKmZuJ1z49TRh702wEAAJMQhf6jth9ldqmg0dJxmoNsA7OlY44+sD4pA9ZSJjqA8KOnBMX6Mdwty6gPBTgf4PreVr3cKK1QDvlSUKwOVFsNvVh+qn9GOkvvfWP0Y9jUid+tStSTH9NaUuPJcyVIhzV5NZTvZFVHcN4mm/woEnA1NIsiKJA7XDqIxQhXMo0ccRxTvyi5PgRN6Ov8EsKDi0iFq2Lnze3a2LpbmunPxftDd4GVI1vmeGZ5V0qbiv/mNVCnR4iFR3RjZg/ZZNPjxOtRHENGN+I4dqZw2BiEgXoaRycPbXvQWRRhQagAEsfkisD2cIs35GSnozRnRtRd14E7NoAD6mzxkFVsQupMdrAbv50VibFbl3AypBssjd6yDUJBqYrcz1OfKrxIIA9WrmujuM0qhIACb3ZBmdwv9DhcIS50jGMsU/yqsh/aM9PfVMnAySn71oBC7xAQyzF14O23pYB4sJrjNAJ0Irh0oUAAAAAQAAABQABQAQUWcDpwzw2TM=","playbackSessionCookie":null}

I got this error,

Code:

Error 404:<br>{"id":"BAD_REQUEST","errors":["An unexpected error occurred that was not handled by the application","SyntaxError[400]: Unexpected token \b in JSON at position 0({})"]}

[[ss]vegeta]

I wonder if people realise that it will get revoked within days/weeks now that it's out in the open, even in plain sight on Github.
Afaik, this was the last semi-publicly available cdm that still worked on most sites.

Same goes for discussing decryption for all kinds of sites/services in plain sight in this topic.
How easy do we want to make it for them to counter it?

By posting information publicly like this, we briefly open the download door, which is immediately nailed down.

It wouldn't surprise me that sites will start to move to other protection methods, so in the end it's disadvantageous to everyone.

You don't just revoke Android general CDM.
As for other encryption methods, I doubt many will start changing. It would require a lot of additional work, doing it from "scratch", making sure it works on all the devices etc... I don't see it, much. Although, of course there are sites that (will) use other encryption methods.

Anyway, my philosophy is that DRM is cancer, everything should be free and downloadable. So I wanna help others too. I don't want to be selfish. If I have the "privilege" of knowing how to do something, I think others should too. And I'm prepared to take the risk for that, small or big.

The only problem I have is with people who are doing this so they can upload somewhere for profit.

[RickandMorty]

Where can I find the WKS-Keys script?

[tripnikk]

anyone else getting a 500 Internal Server Error on notaghost's site?
"The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application."

[[ss]vegeta]

anyone else getting a 500 Internal Server Error on notaghost's site?
"The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application."

That happened to me when I had something wrong with the headers.
Remove the headers that seem to be useless, and when header has numbers, quote it like "5123"

[tripnikk]

That happened to me when I had something wrong with the headers.
Remove the headers that seem to be useless, and when header has numbers, quote it like "5123"

I'll investigate, but this is also happening with headers I had already successfully used less than 24 hours ago

edit: turns out I'm an idiot. While there were legitimate problems last night, my tests I did today moments before posting failed because of user error. Carry on.

[Flitskikker]

You don't just revoke Android general CDM.
As for other encryption methods, I doubt many will start changing. It would require a lot of additional work, doing it from "scratch", making sure it works on all the devices etc... I don't see it, much. Although, of course there are sites that (will) use other encryption methods.

Isn't it comparable to the Chrome one? It's general for all Chrome users, but after sometime it will get revoked and you need a new version. I suppose on Android they can also force a module update via Play Services or something and revoke this version.

I agree with you that DRM is bad, but unfortunately the big companies think otherwise. If they notice people can defeat protection this easily (scripts and actual cdms up for grabs, everyone and his dog asking questions about them on public forums -- as opposed to a publicly available extension that spits out keys but the actual cdms+pvk more in obscurity, as before), they'll inevitably switch to more secure solutions, and then we're all out of luck. Many sites probably use some VOD solution behind the scenes (bitmovin, jwplayer, audienceplayer, etc) that may drop support for WV or the cdm, affecting all those sites. In any case, I would call it self-preservation instead of selfishness. We shouldn't be too obvious or make it too easy, in order to prolong this or any method.

Just writing down my thoughts here.

[[ss]vegeta]

Just writing down my thoughts here.

That's alright, discussion is healthy.
You are right, maybe they can easily revoke this CDM.
I'm not sure. Despite popular belief, I don't really understand all this stuff

However, even if it's as public as this, I don't think it will generate enough traffic to get it revoked.

[doctorm]

I'd been avoiding this because it seemed too complicated and I figured guesser would get an update.
It played with it today and it just worked!
Wow. Huge thanks to notaghost for that script.

Edit: I thought I'd stick my snoot in to Peacock, but I don't see a license URL and I see when this was last discussed there was an issue finding the header... which outside of the default, I haven't figured out how to properly find anywhere.

[naim2007]

http://getwvkeys.herokuapp.com/vdocipher down

showing this error.

Code:

ERROR
 Error 404:<br><!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Bad Request</pre> </body> </html>

Fixed and

http://getwvkeys.herokuapp.com/vdocipher
http://getwvkeys.herokuapp.com/
Both are same.

Site works again like a charm.
Thanks for the fix

[Adriano02]

notaghost,
On the website getwvkeys.herokuapp.com I get the error "RSA key format is not supported" and WKS-KEYS returns the error "unable to parse license - check protobufs"
Will you help to get the keys from these sites (polsatgo.pl , polsatboxgo.pl), I try different methods and it doesn't work out please

[naim2007]

it seems that when add tric "?specConform=true" to drmtoday license server work perfecty.
but without it i get "RSA key format is not supported" error.
thanks to the person who find this tric

Code:

SUCCESS
License:https://drmtoday.vieon.vn/license-proxy-widevine/cenc/?specConform=true

PSSH:AAAAgXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAGEIARIQ6dQrLZC5Pou06R0azvvENhoIY2FzdGxhYnMiOGV5SmhjM05sZEVsa0lqb2lNREl3TlRNMFRERWlMQ0oyWVhKcFlXNTBTV1FpT2lKMmIyUWlmUT09MgdkZWZhdWx0

Headers:{'accept-language': 'en-US,en;q=0.9,vi;q=0.8', 'x-dt-custom-data': 'eyJ1c2VySWQiOiIxMi1hZmRjM2Y5Zjc0OTM4YWE4M2JlMmEzMGE4YzA2MGY3NyIsInNlc3Npb25JZCI6ImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp2Y0dWeVlYUnZjbDlwWkNJNk1USXNJbk5sYzNOcGIyNUpaQ0k2SW1GbVpHTXpaamxtTFRjME9UTXRPR0ZoT0MwelltVXlMV0V6TUdFNFl6QTJNR1kzTnpFMk16a3pNakV3TURraUxDSjBhVzFsYzNSaGJYQWlPakUyTXprek1qRXdNRGtzSW5WelpYSkpaQ0k2SWpFeUxXRm1aR016WmpsbU56UTVNemhoWVRnelltVXlZVE13WVRoak1EWXdaamMzSW4wLmk5dzdYZlZZYWVwTmQyU2t4YWZhRVZRSXJSOXcxbHBxRXJ5WEFldTJjaU0iLCJtZXJjaGFudCI6InFuZXQifQ==', 'cache-control': 'no-cache', 'origin': 'https://vieon.vn', 'pragma': 'no-cache', 'referer': 'https://vieon.vn/', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': 'Windows', 'sec-fetch-dest': 'empty', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36'}

Time:21:21:14

e9d42b2d90b93e8bb4e91d1acefbc436:fe57f56666e513235ed236238987f5d0

[mister_ nex]

Please tell me where and how should i enter Request Headers in WKS-KEYS scripts

https://bitmovin.com/demos/drm

Code:

D:\video\WKS-KEYS>python l3.py

PSSH: AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==
License URL: https://widevine-proxy.appspot.com/proxy
Traceback (most recent call last):
  File "D:\video\WKS-KEYS\l3.py", line 25, in <module>
    correct, keys = WV_Function(pssh, lic_url)
  File "D:\video\WKS-KEYS\l3.py", line 19, in WV_Function
    widevine_license = requests.post(url=lic_url, data=wvdecrypt.get_challenge(), headers=headers.headers)
AttributeError: module 'headers' has no attribute 'headers

Code:

Request Headers
Host: widevine-proxy.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: ru,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://bitmovin.com
Connection: keep-alive
Referer: https://bitmovin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

----------

P.S.
thanks to these explanations I figured out with Request Headers
https://forum.videohelp.com/threads/401717-How-are-you-going-to-respond-to-widevine-l3...17#post2640024
https://forum.videohelp.com/threads/401717-How-are-you-going-to-respond-to-widevine-l3...12#post2639462

But still, there was some kind of error

Request Headers

Code:

 headers = {
    'authority': 'widevine-proxy.appspot.com',
    'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"',
    'sec-ch-ua-mobile': '?0',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36',
    'sec-ch-ua-platform': '"Windows"',
    'accept': '*/*',
    'origin': 'https://bitmovin.com',
    'sec-fetch-site': 'cross-site',
    'sec-fetch-mode': 'cors',
    'sec-fetch-dest': 'empty',
    'referer': 'https://bitmovin.com/',
    'accept-language': 'en-US,en;q=0.9',
}

Code:

D:\video\WKS-KEYS>python l3.py

PSSH:  AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==
License URL: https://widevine-proxy.appspot.com/proxy
unable to parse license - check protobufs

[naim2007]

Please tell me where and how should i enter Request Headers in WKS-KEYS scripts

https://bitmovin.com/demos/drm

Code:

D:\video\WKS-KEYS>python l3.py

PSSH: AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==
License URL: https://widevine-proxy.appspot.com/proxy
Traceback (most recent call last):
  File "D:\video\WKS-KEYS\l3.py", line 25, in <module>
    correct, keys = WV_Function(pssh, lic_url)
  File "D:\video\WKS-KEYS\l3.py", line 19, in WV_Function
    widevine_license = requests.post(url=lic_url, data=wvdecrypt.get_challenge(), headers=headers.headers)
AttributeError: module 'headers' has no attribute 'headers

Code:

Request Headers
Host: widevine-proxy.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: ru,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://bitmovin.com
Connection: keep-alive
Referer: https://bitmovin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

basic or stansard license server.

get keys easy pz with NotaGhost tool

in WKS-KEYS script no need headers at all...

Code:

SUCCESS
License:https://widevine-proxy.appspot.com/proxy

PSSH:AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==

Headers:{'accept-language': 'ru,en-US;q=0.7,en;q=0.3', 'cache-control': 'no-cache', 'origin': 'https://bitmovin.com', 'pragma': 'no-cache', 'connection': 'keep-alive', 'referer': 'https://bitmovin.com/', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': 'Windows', 'sec-fetch-dest': 'empty', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'cross-site', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36'}

Time:21:53:31

eb676abbcb345e96bbcf616630f1a3da:100b6c20940f779a4589152b57d2dacb
0294b9599d755de2bbf0fdca3fa5eab7:3bda2f40344c7def614227b9c0f03e26
639da80cf23b55f3b8cab3f64cfa5df6:229f5f29b643e203004b30c4eaf348f4

[Sorenb]

Please tell me where and how should i enter Request Headers in WKS-KEYS scripts

https://bitmovin.com/demos/drm

Code:

D:\video\WKS-KEYS>python l3.py

PSSH: AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==
License URL: https://widevine-proxy.appspot.com/proxy
Traceback (most recent call last):
  File "D:\video\WKS-KEYS\l3.py", line 25, in <module>
    correct, keys = WV_Function(pssh, lic_url)
  File "D:\video\WKS-KEYS\l3.py", line 19, in WV_Function
    widevine_license = requests.post(url=lic_url, data=wvdecrypt.get_challenge(), headers=headers.headers)
AttributeError: module 'headers' has no attribute 'headers

Code:

Request Headers
Host: widevine-proxy.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: ru,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://bitmovin.com
Connection: keep-alive
Referer: https://bitmovin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

basic or stansard license server.
get keys easy pz with NotaGhost tool

Code:

SUCCESS
License:https://widevine-proxy.appspot.com/proxy

PSSH:AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==

Headers:{'accept-language': 'ru,en-US;q=0.7,en;q=0.3', 'cache-control': 'no-cache', 'origin': 'https://bitmovin.com', 'pragma': 'no-cache', 'connection': 'keep-alive', 'referer': 'https://bitmovin.com/', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': 'Windows', 'sec-fetch-dest': 'empty', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'cross-site', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36'}

Time:21:53:31

eb676abbcb345e96bbcf616630f1a3da:100b6c20940f779a4589152b57d2dacb
0294b9599d755de2bbf0fdca3fa5eab7:3bda2f40344c7def614227b9c0f03e26
639da80cf23b55f3b8cab3f64cfa5df6:229f5f29b643e203004b30c4eaf348f4

have a try with

Code:

https://www.channel4.com/programmes/frasier/on-demand/18926-001

[RedPenguin]

Has anybody figured out X-Sky-Signature for PCocK? It seems that's the missing link to getting it working.

I know it's done in sky.js but I don't have the skills to reverse it or even "flip it and reverse it".

[chameleon920]

android_generic L3 key has been revoked?

[RedPenguin]

android_generic L3 key has been revoked?

Yes, rumor has it that AnyStream got a hold of it and used it and was killed in the blink of an eye.

[myteryuser]

Ok! I guess generic is revoked now. (Not working on many sites as we are speaking.) @notaghost can you please not update your site with the new leaked cdms! Because this is what happens if every people start to get keys for fun! Revocation happens fast on L1 cdms specially! If you wanna be a hero and want to share it just post the cdm's github link to others! Do not please update your site with it! Generic lasted this much only because it was L3 and because it was used widely! Don't expect the same to be with others too!

[notaghost]

Don't worry I am not using leaked L1 it is still L3 (non leaked tho)

[myteryuser]

Don't worry I am not using leaked L1 it is still L3 (non leaked tho)

Thank you 👍

[Flitskikker]

android_generic L3 key has been revoked?

Yes, rumor has it that AnyStream got a hold of it and used it and was killed in the blink of an eye.

That was fast.

That's what you get when cdms get available to everyone and his dog.

[codehound]

Nostream are using cached keys.