VideoHelp Forum

+ Reply to Thread
Page 1 of 8
1 2 3 ... LastLast
Results 1 to 30 of 226
Thread
  1. Notes on my journey to get a working Content Decryption Module (CDM)

    I chose a cheap Android TV box T95 S1 2Gb/16Gb at £29.99 from Amazon.

    Download a frida-server from https://github.com/frida/frida/releases

    I had success with frida-server-15.1.17-android-arm.xz - the latest release - although I tried many other releases along the way.

    adb via USB cable does not work between a PC and the Android TV box; you’ll need to connect over wifi..
    Code:
    adb connect <box-ip-address>
    and accept the link request to the Android box displayed on the T95 screen

    I tried using Frida from Google play store and that is perhaps an easy way to get the server software on the machine but I had problems with it and reverted to hand loading the frida-server and running it from SuperUser.

    Code:
    adb push frida-server-15.1.17-android-arm /sdcard/
    Code:
     adb shell
    move the server so it can be run

    Code:
     mv /sdcard/fridaserver-15.1.17-android-arm /data/local/tmp/
    Starting the frida-server first explicitly become super-user and clear any user environment variables active by including a hyphen after su.
    Code:
     su -
    Give execute program privileges
    Code:
    chmod +x  /data/local/tmp/fridaserver-15.1.17-android-arm
    start the server
    Code:
     /data/local/tmp/fridaserver-15.1.17-android-arm
    check its running..
    Code:
     ps | grep frida
    That will give you a process number to kill it with later if you need to.
    Code:
     kill ####
    Dumper – download from https://github.com/wvdumper/dumper and extract.
    To work Dumper needs python modules for:- frida, protobuf and pycryptodome . The Python modules are installed with
    Code:
    python pip install frida protobuf==3.20.3 pycryptodome
    Dumper is a python program to extract the CDM keys; it talks to the frida-server on the Android box. There is much misdirection about which pythons to use. I spent a day setting up a virtual machine and running pythons 3.6 , 3.7 and 3.9 all to no avail.
    The latest python on my daily driver machine 3.10.2 finally worked but it perhaps because of the wrinkles of timing everything right.
    Code:
     python dump-keys.py
    will run the software when ready.

    Prepare android-tv-box; update chrome to the latest version the Play-Store has
    On the TV box start the updated Chrome browser and open https://bitmovin.com/demos/drm; let the page load and then close chrome. Next time Chrome is started it will automatically load this page with widevine protected content.

    I think timing and sequence are important; from memory a few days after getting keys from my CDM
    1. Reboot the android box
    2. reboot your PC and from the PC
    3. adb connect <android-tv-ip>
    4. adb shell
    5. su -
    6. chmod +x /data/local/tmp/frida-server-15.1.17-android-arm
    7. /data/local/tmp/frida-server-15.1.17-android-arm
    8. optional; check running ps | grep frida
    9. on the android tv box start Chrome
    10. and immediately on the Pc start dumper: python dump-keys.py
    11. wait for "hooks completed" to appear on the screen then load the page to play the movie. (Or if the page is already loaded hold 'shift' down while clicking the browser refresh icon)
    Mine then dumped after days of trying. Misdirection read here suggested stopping and starting the playing movie; I think keys are shared from Chrome and the bitmovin site as soon as the page loads. So stopping and starting the movie when playing just wastes everyone's time.

    Ok with keys dumped what do you do with them? A hack!! Find a key generator and replace their keys with yours!
    Find WKS-KEYS https://anonfiles.com/XdUbwepdve/WKS-KEYS_rar and unpack

    Locate WKS-KEYS/pywidevine/L3/cdm/devices/android-generic/
    Two files to be replaced:- device-client-id-blob and device-private-key.

    Dumper stored the android-tv-box keys in key-dumps/MBOXprivate-keys//xxxx/xxxxxxxx/client-id-bin and private-key-pem these two replace in name and body the ones in WKS-KEYS. The *bin becomes the blob (binary large object)

    Now, in theory you have a working CDM and can generate your own keys. I found an encrypted video to download, located the request headers saved as a cURL and encoded intp python here:- https://curlconverter.com/ . I put them in headers.py in the WKS-KEYS folder. Eventually when I tried to decrypt keys I got an error about the key length being wrong. Some WiseHead wrote in their experience it was because the CDM was not working --- uurgh!!

    So I slept on the problem and realised that the servers we ‘attack’ try to repel us. But bitmovin.com/demos.drm is there to help.

    So I checked my keys were working there;-
    Code:
    https://bitmovin-a.akamaihd.net/content/art-of-motion_drm/mpds/11331.mpd
    this link loaded in a browser will show PSSH keys between <cenc: pssh> html markup and

    Code:
    https://cwip-shaka-proxy.appspot.com/no_auth
    is the license. Edit: 2 Oct 2022 this URL has changed since March and the correct version is above.

    running
    Code:
     python l3.py
    and plugging in the PSSH and licence gave me:-

    Code:
    --key 0294b9599d755de2bbf0fdca3fa5eab7:3bda2f40344c7def614227b9c0f03e26
    --key 639da80cf23b55f3b8cab3f64cfa5df6:229f5f29b643e203004b30c4eaf348f4
    Taadaa!! I nearly fell off my chair

    I downloaded the video:-
    Code:
    yt-dlp –allow-unplayable https://bitmovin-a.akamaihd.net/content/art-of-motion_drm/mpds/11331.mpd
    that gave two files an mp4 video and m4a audio encrypted.

    Decrypted with mp4decryt -from https://www.bento4.com/downloads/
    Code:
    mp4decrypt –key 0294b9599d755de2bbf0fdca3fa5eab7:3bda2f40344c7def614227b9c0f03e26  <infile.mp4>  <outfile.mp4>
    Note: 2 October 2022
    The license url has changed and also when testing I got back 5 keys :

    Image
    [Attachment 67047 - Click to enlarge]



    It is unusual, but RTE.ie gives 5 keys too! If you need to deal with more than one set of keys, just chain them one after the other, as below.
    Code:
    mp4decrypt --key ccbf5fb4c2965be7aa130ffb3ba9fd73:9cc0c92044cb1d69433f5f5839a159df --key 9bf0e9cf0d7b55aeb4b289a63bab8610:90f52fd8ca48717b21d0c2fed7a12ae1 --key eb676abbcb345e96bbcf616630f1a3da:100b6c20940f779a4589152b57d2dacb --key 0294b9599d755de2bbf0fdca3fa5eab7:3bda2f40344c7def614227b9c0f03e26 --key 639da80cf23b55f3b8cab3f64cfa5df6:229f5f29b643e203004b30c4eaf348f4 encrypted_input.mp4 decrypted_output.mp4
    Do the same for the audio file and you then need to combine the audio and video into one playable stream with ffmpeg. It comes installed on my Linux distro.
    Code:
    ffmpeg -i decrypted.mp4 -i decrypted.m4a -vcodec copy -acodec copy your_movie.mp4
    That’s all I know and now I am off to see if I can do it for real. I may be away for some time!!

    Addendum:
    It seems there is now a Dumper version that with a bit of work from you will get keys for other Androids - all the way up to Android 12 is claimed. They all need to be rooted of course and doing it on your daily driver phone is never a good idea. You will lose L1 on your phone when you root (though Xiaomi possibly not).
    I have not tested these. See https://github.com/Diazole/dumper Direct your questions to the author on this.

    When you have digested the above and got your CDM, tried a few keys, The Dungeon of Despair awaits your pleasure!!

    Please follow netiquette and ask your questions here in this thread, so all may benefit.
    Last edited by A_n_g_e_l_a; 4th Dec 2022 at 06:40. Reason: added addendum; added protobuf version - thanks kenyard. headers
    Quote Quote  
  2. Member
    Join Date
    Jan 2019
    Location
    hawaii
    Search PM
    wow great discover ...

    better late than never
    Quote Quote  
  3. Member
    Join Date
    Nov 2021
    Location
    Spain
    Search PM
    Did you try using Netflix? I made first attempts with bitmovin demos in Chrome and using amazon app on some boxes and phones with no result, but using Netflix succeeded quickly.

    Enviado desde mi Redmi Note 4 mediante Tapatalk
    Quote Quote  
  4. Originally Posted by lomero View Post

    better late than never
    Late? It was perfectly on time for me, Sunshine
    Quote Quote  
  5. Originally Posted by cimbor View Post
    Did you try using Netflix? I made first attempts with bitmovin demos in Chrome and using amazon app on some boxes and phones with no result, but using Netflix succeeded quickly.

    Enviado desde mi Redmi Note 4 mediante Tapatalk
    No. Just bitmovin..
    Quote Quote  
  6. Yikes!

    I have just used my cdm in the defunct narrowvine-reborn and it only bloody works!!! Off to watch some videos..
    Quote Quote  
  7. Originally Posted by A_n_g_e_l_a View Post
    Eventually when I tried to decrypt keys I got an error about the key length being wrong. Some WiseHead wrote in their experience it was because the CDM was not working --- uurgh!!
    Now, who would that be?
    Originally Posted by A_n_g_e_l_a View Post
    Off to watch some videos..
    The videos can be watched anyhow.
    That's not the actual joy

    Also, excellent detailed write-up, thanks for sharing.
    Quote Quote  
  8. Originally Posted by [ss]vegeta View Post
    Now, who would that be?
    Why you of course! I've learnt a lot; thanks so much!
    Quote Quote  
  9. Thanks for documenting, in detail. Important for future reference, when needed.
    Quote Quote  
  10. Member
    Join Date
    Feb 2022
    Location
    Europe
    Search PM
    just wanted to say, great write up
    Quote Quote  
  11. Member k2000's Avatar
    Join Date
    Jan 2022
    Location
    Canada
    Search PM
    widevine reborn does not decrypt even with an Android CDM L3.My can download .
    Quote Quote  
  12. Originally Posted by k2000 View Post
    widevine reborn does not decrypt even with an Android CDM L3.My can download .
    I beg to differ. And it would have been infinitely more polite just to say you haven't managed to get it working, wouldn't it? Yoof today!!

    It might not do everything and headers may be a problem; but it does work. You cannot just replace the CDM. You need to configure narrowvine-reborn.py and another file I cannot remember the name of. But you will see it when narrowvine complains.

    I got it to work with this https://player.stv.tv/episode/48d2/sony-commons. No header problems here.

    [edit 6 April 2022]
    The video link above has had an upgrade to its manifest. The manifest now loads around 17 part video and audio files. Most of them are adverts. You can tell the 'updated' manifests as the start will be ssai. Yt-dlp will now fail with simple configurations.

    The link above is not a good one to practice on now - find somewhere else.
    Last edited by A_n_g_e_l_a; 6th Apr 2022 at 09:38. Reason: download link now pointing to a difficult manifest
    Quote Quote  
  13. Member
    Join Date
    Feb 2022
    Location
    Europe
    Search PM
    Same here, most of my stuff is based of Narrowvine-reborn, it needs some custom stuff here and there and it probably isn't the best solution out there but it is all I had when I got into this stuff.
    Quote Quote  
  14. Member k2000's Avatar
    Join Date
    Jan 2022
    Location
    Canada
    Search PM
    Originally Posted by A_n_g_e_l_a View Post
    Originally Posted by k2000 View Post
    widevine reborn does not decrypt even with an Android CDM L3.My can download .
    I beg to differ. And it would have been infinitely more polite just to say you haven't managed to get it working, wouldn't it? Yoof today!!

    It might not do everything and headers may be a problem; but it does work. You cannot just replace the CDM. You need to configure narrowvine-reborn.py and another file I cannot remember the name of. But you will see it when narrowvine complains.

    I got it to work with this https://player.stv.tv/episode/48d2/sony-commons. No header problems here.
    Yes sorry I didn't know I only tested my CDM without changing anything else.
    Quote Quote  
  15. A great guide for beginners. That's exactly what the forum needs. (instead of "hey bro, gimme the keys" messages)

    I won't use these methods but I want to thank Angela.

    Unfortunately I sold my Android TV Box (with 9.0) last year and I'm afraid to root my Android 9.0 phone (there's a high risk about its camera functionality after root).
    Quote Quote  
  16. Member
    Join Date
    Mar 2022
    Location
    UK
    Search PM
    Great guide, I finally got this working with a T95 S1 TV box.
    Quote Quote  
  17. Originally Posted by A_n_g_e_l_a View Post
    Notes on my journey to get a working Content Decryption Module (CDM)

    I chose a cheap Android TV box T95 S1 2Gb/16Gb at £29.99 from Amazon.

    Download a frida-server from https://github.com/frida/frida/releases

    I had success with frida-server-15.1.17-android-arm.xz - the latest release - although I tried many other releases along the way.

    That’s all I know and now I am off to see if I can do it for real. I may be away for some time!!

    Will this work to get decryption keys from Udemy website?
    Quote Quote  
  18. Originally Posted by A_n_g_e_l_a View Post
    I chose a cheap Android TV box T95 S1 2Gb/16Gb at £29.99 from Amazon.
    What versions of Android do you recommend? Can I use 7.x, 8.x, 9.x or 10.x without problems?
    In the case of your box, what version was it?
    Quote Quote  
  19. The TV box T95 S1 is android version 7. I think I read that it all works up to Android 9. Perhaps others can confirm?
    Last edited by A_n_g_e_l_a; 5th Apr 2022 at 13:33.
    Quote Quote  
  20. Originally Posted by A_n_g_e_l_a View Post
    The TV box T95 S1 is android version 7. I think I read that it all works up to Android 9. Perhaps others can confirm?
    Its pre rooted too.

    https://forum.videohelp.com/threads/404994-Decryption-and-the-Temple-of-Doom#post2650297 - great write up
    Last edited by codehound; 5th Apr 2022 at 15:37.
    Discord codehound#0348
    Quote Quote  
  21. Originally Posted by rajhlinux View Post


    Will this work to get decryption keys from Udemy website?
    Yes, until you make an incorrect licence request because you haven't understood the process, and first analysed it in a good debugger - and the vdo lic server will revoke your cdm. You will be dumping cdm's daily unless you learn the process of the site you keep asking questions / making threads about.

    The cdm by itself is not the answer to udemy / vdo as people have told you in numerous threads. You will not stumble on the answer to this, you need to understand the process of the website and the calls and responses.
    Last edited by codehound; 5th Apr 2022 at 16:32.
    Discord codehound#0348
    Quote Quote  
  22. Originally Posted by codehound View Post
    Originally Posted by rajhlinux View Post


    Will this work to get decryption keys from Udemy website?
    Yes, until you make an incorrect licence request because you haven't understood the process, and first analysed it in a good debugger - and the vdo lic server will revoke your cdm. You will be dumping cdm's daily unless you learn the process of the site you keep asking questions / making threads about.

    The cdm by itself is not the answer to udemy / vdo as people have told you in numerous threads. You will not stumble on the answer to this, you need to understand the process of the website and the calls and responses.
    I don't have the time to play guessing games with the server(s) or what not. It's super dumb and just makes the backend web devs to update their servers.

    It would be more logical of my time to reverse engineer the widevine DRM engine which isn't so hard to do. It's similar to cracking/breaking keyed softwares, just that I need to dump decryption keys. Basically I click a video (no need to clown around with the license requests which children here do) and voila, decryption keys. Oddly enough "Udemy.com" actually have some fascinating courses which teaches you noobs fundamental reverse engineering down to assembly language to do these kinds of stuffs.
    Reverse engineering is fun, it's like solving a puzzle with some detective and investigation mindset.

    You can use Hex Rays' IDA Pro bundle to get busy at it... good luck spending thousands for it. But obviously everyone here would torrent it out.
    Maybe Ghidra could be a free alternative... last time I heard about Ghidra, it was good news that it's able to help reverse engineers crack softwares.
    Quote Quote  
  23. Originally Posted by rajhlinux View Post

    I don't have the time to play guessing games with the server(s) or what not. It's super dumb and just makes the backend web devs to update their servers.

    It would be more logical of my time to reverse engineer the widevine DRM engine which isn't so hard to do. It's similar to cracking/breaking keyed softwares, just that I need to dump decryption keys. Basically I click a video (no need to clown around with the license requests which children here do) and voila, decryption keys. Oddly enough "Udemy.com" actually have some fascinating courses which teaches you noobs fundamental reverse engineering down to assembly language to do these kinds of stuffs.
    Reverse engineering is fun, it's like solving a puzzle with some detective and investigation mindset.

    You can use Hex Rays' IDA Pro bundle to get busy at it... good luck spending thousands for it. But obviously everyone here would torrent it out.
    Maybe Ghidra could be a free alternative... last time I heard about Ghidra, it was good news that it's able to help reverse engineers crack softwares.
    I thought only English was acceptable on here ? Plus it looks like you're hijacking a great tutorial thread into yet another udemy / vdo fiasco.
    Last edited by codehound; 5th Apr 2022 at 18:20.
    Discord codehound#0348
    Quote Quote  
  24. Thanks for reminding me only low IQ lurks around here who doesn't even know what "English" is and loves to clown around with servers. No fool, I didn't deliberately ask to make it into an Udemy topic, just asked a simple question which it's answer could've been "yes" or "no". Get over with it, go chew on a different topic.
    Quote Quote  
  25. Originally Posted by rajhlinux View Post
    Thanks for reminding me only low IQ lurks around here who doesn't even know what "English" is and loves to clown around with servers. No fool, I didn't deliberately ask to make it into an Udemy topic, just asked a simple question which it's answer could've been "yes" or "no". Get over with it, go chew on a different topic.
    Hi rajhlinux!
    Thanks for commenting in my thread. However it appears no-one knows the answers you seek. Isn't udemy a subscription or pay site? And doesn't that make asking for information about gaining access to the site against this forum's rules? I wouldn't want you to upset anybody!

    I wrote this thread in a spirit of being helpful; do you think you could subscribe to that ideal, for me, and leave out the unpleasant vitriol in the comments you make? I'm sure you are a nice man, and indeed have something useful to say; but I guess you've been having a few bad days. I know a man of your ability, as you told us, could make short work of reverse engineering binary code so I'm sure, if you really tried, you could access the site yourself quite easily. Perhaps, if the moderators are looking the other way, you might even return and, in your own thread, show everybody how you did it.

    Kind regards,
    Quote Quote  
  26. Originally Posted by A_n_g_e_l_a View Post
    Hi rajhlinux!
    Thanks for commenting in my thread. However it appears no-one knows the answers you seek. Isn't udemy a subscription or pay site? And doesn't that make asking for information about gaining access to the site against this forum's rules? I wouldn't want you to upset anybody!

    I wrote this thread in a spirit of being helpful; do you think you could subscribe to that ideal, for me, and leave out the unpleasant vitriol in the comments you make? I'm sure you are a nice man, and indeed have something useful to say; but I guess you've been having a few bad days. I know a man of your ability, as you told us, could make short work of reverse engineering binary code so I'm sure, if you really tried, you could access the site yourself quite easily. Perhaps, if the moderators are looking the other way, you might even return and, in your own thread, show everybody how you did it.

    Kind regards,
    That's one of the most incredible replies I've ever read, along with some of Jack's.
    Quote Quote  
  27. Originally Posted by A_n_g_e_l_a View Post
    Hi rajhlinux!
    Thanks for commenting in my thread. However it appears no-one knows the answers you seek. Isn't udemy a subscription or pay site? And doesn't that make asking for information about gaining access to the site against this forum's rules? I wouldn't want you to upset anybody!

    I wrote this thread in a spirit of being helpful; do you think you could subscribe to that ideal, for me, and leave out the unpleasant vitriol in the comments you make? I'm sure you are a nice man, and indeed have something useful to say; but I guess you've been having a few bad days. I know a man of your ability, as you told us, could make short work of reverse engineering binary code so I'm sure, if you really tried, you could access the site yourself quite easily. Perhaps, if the moderators are looking the other way, you might even return and, in your own thread, show everybody how you did it.

    Kind regards,
    Well Reverse engineering is simply a hobby of mine, I do not like the idea to make profit or hurt the content creators based on piracy, I like to crack things just so that it benefits me.
    However reverse engineering down to the machine code is extremely time consuming, could take day(s) or even week(s) to crack anything.
    It's like drawing a map and writing details of a "New World" from scratch.
    It all boils down to what it's worth cracking. With my time and effort, I could make more money spending those time in "cracking" with other resources.
    Cracking widevine DRM so that I can download paid courses is simply ridiculous and laughable, losing thousands based on my time for something that is not worth it.

    I do not understand what makes people think I am being "frustrated" for not being able to easily download Udemy content.
    Screen capture is working very well for me, it is a win-win, I learn the course as I screen capture.

    I originally assumed that people found a way in downloading and decrypt DRM videos easily, but after sending few days on this site, it seems that the low level software engineers at google (Widevine) have done some phenomenal job in perfecting their DRM engine. Its so effective that widevine makes it extremely difficult and near impossible for web devs to pirate content.

    Hence I find it super silly how web devs here are finding silly ways to get by widevine.

    Anyhow, if I have the "luxury" to spend some "hobby" time, I'll definitely get involved in cracking widevine. But as of now I guess I have no choice but to screen capture (which isn't a big deal). I personally hate python, curl and other languages and also hate the idea that one needs to "chit chat" with web severs. The only things I would rather spend time to crack are low level languages since it is more meaningful.
    Quote Quote  
  28. LMAO, the only answer suited to most drm related threads here. and maybe this thread too. Too much grammar and less googling is the cause , it seems XD

    Hence I find it super silly how web devs here are finding silly ways to get by widevine

    ways so silly that a great linux hacker like you could not understand even after all this time, there are literally codes left in pieces in some places here, but no I HaTe PyThOn, cuz its too much for me to understand, or even trying to understand.
    Last edited by PUOPUO; 8th Apr 2022 at 05:48.
    Quote Quote  
  29. Yea silly kids like you doesn't know the difference between a wannabe "linux hacker" and someone who does low level reverse engineering, it absolutely has nothing to do with Linux or what not.
    I don't even use linux, don't have the time to do all the childish "hacking" loaded on youtube. I use Unix (FreeBSD/MacOS) (You obviously don't even know the difference between Linux/Unix). Anyways, keep staying busy with python, it's better for low level hardware/software engineer folks to keep getting paid more than all the high level python dev kids.
    The more you stay busy with "python" and clowning around with "servers" the more google's low level software engineers will keep you kids frustrated for not being able to pirate DRM content and begging your souls for help on this forum.

    Theres a good reason why "pyhton" wasn't used to create widevine's DRM software same goes for creating "chrome". Your computers, phones, routers, internets and etc all functions because of low level c/c++ NOT because of python.

    The best "pirates" or "hackers" doesn't even waste their time playing around with python. (Yes theres a difference between a "pirate" and a "hacker")

    My username has "linux" just so that I can tell you that I do not even use it.
    Quote Quote  
  30. doesnt look like im the the one begging for udemy around lol


    gimme gimme udemy
    Quote Quote  



Similar Threads