Understanding Widevine

[ptumster]

I'm a developer trying to port a streaming service from the (now deprecated) CDN-provided video player to the Shaka player. Our CDN has an existing license server that I'm pointing the Shaka player to, that demands a widevineChallenge parameter, which I can't seem to populate.

I'm having difficulty understanding how the client issues the Widevine challenge -- presumably the Content Decryption Module (CDM) in Chrome generates this, but I can't seem to get my hands on it programmatically.

Can anyone please help me to understand this? I'm new to video streaming.

[codehound]

Here you go developer:

https://lmgtfy.app/#gsc.tab=0

[ptumster]

Here you go developer:

https://lmgtfy.app/#gsc.tab=0

Heh. That was less helpful than you might have thought.

Here's a snippet I found in today's research that highlights my difficulty:

To help explain what I'm suggesting I'll quickly run through roughly how the Widevine DRM system works.

Amazon Verification Tokens ---> (a) Client Issues Widevine Challenge ---> Server Issues Widevine License ---> Client Extracts Key and Stores in White-Box ---> Decryption of Content ---> Decrypted Content Held Within Memory Buffers ---> (b) Video Sent Securely via HDCP

What makes it difficult is that the processes involved are heavily obsfucated from between (a) and (b).

So the CDN we're using requires a license request with a JSON body that includes an identifier for the video and an attribute called 'widevineChallenge'. I can't seem to figure out how to determine the widevineChallenge value that the Shaka player is supposed to use when communicating with the license server.

[PUOPUO]

Here you go developer:

https://lmgtfy.app/#gsc.tab=0

Heh. That was less helpful than you might have thought.

Here's a snippet I found in today's research that highlights my difficulty:

To help explain what I'm suggesting I'll quickly run through roughly how the Widevine DRM system works.

Amazon Verification Tokens ---> (a) Client Issues Widevine Challenge ---> Server Issues Widevine License ---> Client Extracts Key and Stores in White-Box ---> Decryption of Content ---> Decrypted Content Held Within Memory Buffers ---> (b) Video Sent Securely via HDCP

What makes it difficult is that the processes involved are heavily obsfucated from between (a) and (b).

So the CDN we're using requires a license request with a JSON body that includes an identifier for the video and an attribute called 'widevineChallenge'. I can't seem to figure out how to determine the widevineChallenge value that the Shaka player is supposed to use when communicating with the license server.

so you developing with amazon? too specific on that one . dEvElOpEr

[ptumster]

so you developing with amazon? too specific on that one . dEvElOpEr

No, although I am working with AWS for some of my lambda proxy code, our CDN is not Amazon. I'm working with Comcast as a CDN.

[notaghost]

What is Widevine (according to Wikipedia):

Widevine is a proprietary digital rights management (DRM) technology from Google used by the Google Chrome, Brave and Firefox web browsers (including some derivatives), Android MediaDRM, Android TV



How it works (according to Android Authorities):

Widevine implements a selection of industry standards to protect content as it’s transferred over the internet and played back on devices. For a quick overview, it makes use of a combination of CENC encryption, licensing key exchange, and adaptive streaming quality to manage and send video to users. To achieve this, Widevine protects content across three levels of security, simply named L3, L2, and L1.



Device levels: L1―no resolution or HDR restriction; highest level of protection. Both cryptography and media processing operations occur in a trusted execution environment (TEE).

L2―(typically) 540p resolution limit. Only cryptography operations are executed in a TEE, not media processing.

L3―(typically) 480p resolution limit. Software-based DRM only.



System devices: https://github.com/Cronick/WV-System-ID-Overview/blob/main/Overview.csv

Get decryption keys (needed): WKS-KEYS:

https://github.com/SASUKE-DUCK/WKS-KEY/releases/tag/WKS-KEYS-V2

(thnx@CEO of Anime widevine_keys:

https://github.com/medvm/widevine_keys

GetWVKeys:

https://getwvkeys.cc/

(thnx @notaghost web service if you're too lazy to use the above options) Decrypt any video media:
mp4decrypt: https://www.bento4.com/downloads/
shakapackager: https://github.com/shaka-project/shaka-packager


(copied from

CEO of HDTV

)

[ridibunda]

L3 is not 480p-limited. Some 720p and 1080p contents also are protected with L3.

That's just the service provider's choice, not a Widevine law.

That's because L3-protection guarantees "maximum view number".

L1 is a hardware-based protection. Since all computer processors and many mobile chips (tablets & phones) do not have L1 support, you can watch only L3-protected contents on such devices.

We all know that nobody wants to be a member to watch 480p-SD contents. So, more HD content with L3 means; more viewings from more devices, more memberships.

L1 is hardware-based, it is directly-related to the processor. L1 support can only be integrated by processor manifacturers, like Amlogic, NVIDIA, TSMC (Apple)...

Microsoft's PlayReady 3.0 is also hardware-based, another maximum protection level for Ultra-HD contents. It is the only hardware-based protection supported by computer processors (Intel 7th Gen at least).

[violetsparkle]

What is Widevine (according to Wikipedia):

Widevine is a proprietary digital rights management (DRM) technology from Google used by the Google Chrome, Brave and Firefox web browsers (including some derivatives), Android MediaDRM, Android TV



How it works (according to Android Authorities):

Widevine implements a selection of industry standards to protect content as it’s transferred over the internet and played back on devices. For a quick overview, it makes use of a combination of CENC encryption, licensing key exchange, and adaptive streaming quality to manage and send video to users. To achieve this, Widevine protects content across three levels of security, simply named L3, L2, and L1.



Device levels: L1―no resolution or HDR restriction; highest level of protection. Both cryptography and media processing operations occur in a trusted execution environment (TEE).

L2―(typically) 540p resolution limit. Only cryptography operations are executed in a TEE, not media processing.

L3―(typically) 480p resolution limit. Software-based DRM only.



System devices: https://github.com/Cronick/WV-System-ID-Overview/blob/main/Overview.csv

Get decryption keys (needed): WKS-KEYS:

https://github.com/SASUKE-DUCK/WKS-KEY/releases/tag/WKS-KEYS-V2

(thnx@CEO of Anime widevine_keys:

https://github.com/medvm/widevine_keys

GetWVKeys:

https://getwvkeys.cc/

(thnx @notaghost web service if you're too lazy to use the above options) Decrypt any video media:
mp4decrypt: https://www.bento4.com/downloads/
shakapackager: https://github.com/shaka-project/shaka-packager


(copied from

CEO of HDTV

)

Nice copypasta from me kek.