Downloading from vdocipher

[Broka]

Hi,

I have a video from vdocipher, audio and video are separate, got both and they are encrypted, also have the mpd, otp and token.
Can someone explain what do i need \ how do i get the keys and decrypt the files i got?
I found some old threads but they pointed to a CDM on a mobile device this a desktop only.

[lomero]

first share here mpd and pssh

[Broka]

first share here mpd and pssh

https://dmf9cnjua2s32.cloudfront.net/media/WixAvKL9dzmlt/2f840244/stream.mpd

Code:

<cenc:pssh>AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADIiKnZkb2NpcGhlcjpkOWEyM2Y2MjNkNjk0NDU2Yjc0NmZlNjNiZDM0MWIzMEjj3JWbBg==</cenc:pssh>

[lomero]

no keys for this pssh. so need video link

[Broka]

https://dmf9cnjua2s32.cloudfront.net/media/WixAvKL9dzmlt/2f840244/video_1210_1080_551.mp4

https://dmf9cnjua2s32.cloudfront.net/media/WixAvKL9dzmlt/2f840244/audio_6176_0_122.mp4

[lomero]

VIDEO link. not mp4 link ...

[Broka]

Sorry my bad, don't yell at me

Code:

<video id="shakaVid" style="width:100% !important;border:none !important;visibility: visible !important;display: block !important;opacity: 1 !important;z-index: 1 !important;max-width: 100% !important;position:absolute !important; height: 100% !important;top:0px !important;left:0px !important;pointer-events: none !important;" poster="https://dmf9cnjua2s32.cloudfront.net/poster/WixAvKL9dzmlt.720.jpeg" src="blob:https://dmf9cnjua2s32.cloudfront.net/0d9b41ca-e431-41e1-9391-fc9402c0ff2a"></video>

[sk8ordi3]

Sorry my bad, don't yell at me

Code:

<video id="shakaVid" style="width:100% !important;border:none !important;visibility: visible !important;display: block !important;opacity: 1 !important;z-index: 1 !important;max-width: 100% !important;position:absolute !important; height: 100% !important;top:0px !important;left:0px !important;pointer-events: none !important;" poster="https://dmf9cnjua2s32.cloudfront.net/poster/WixAvKL9dzmlt.720.jpeg" src="blob:https://dmf9cnjua2s32.cloudfront.net/0d9b41ca-e431-41e1-9391-fc9402c0ff2a"></video>

this is just a blob:...
copy the link your browser gives you in the address bar while playing the video

[pram0dm]

@lomero - Would you mind pointing me to the script that you use to extract the keys from the MPD and PSSH?

[lomero]

need pssh to search from database

if not found, i can test with simply l3 script. otherwise need to edit script

[pram0dm]

need pssh to search from database

if not found, i can test with simply l3 script. otherwise need to edit script

Got it. Does the original script from medvm (author of l3.py) work for VdoCipher?
If not, do you have one that was modified, and works for you, so that I could take a look at the headers portion for reference?

[lomero]

no problem about the script. the only issue with VdoCipher is the cdm. he lock fast many cdm. need to dump your own cdm from your phone (or dump with android studio)

[pram0dm]

Yes, I do have a CDM provision that was dumped from a real device.
The CDM from Android Studio never works with VdoCipher. I was able to confirm that recently.

[Silv3r]

Yes, I do have a CDM provision that was dumped from a real device.
The CDM from Android Studio never works with VdoCipher. I was able to confirm that recently.

do you know how to dump CDM/keys from android tablet ?

[pram0dm]

Yes, I do have a CDM provision that was dumped from a real device.
The CDM from Android Studio never works with VdoCipher. I was able to confirm that recently.

do you know how to dump CDM/keys from android tablet ?

It shouldn't be any different from following the sticky threads by Angela. Have you tried them yet?

I would recommend you to try them out first.

[Broka]

Sorry my bad, don't yell at me

Code:

<video id="shakaVid" style="width:100% !important;border:none !important;visibility: visible !important;display: block !important;opacity: 1 !important;z-index: 1 !important;max-width: 100% !important;position:absolute !important; height: 100% !important;top:0px !important;left:0px !important;pointer-events: none !important;" poster="https://dmf9cnjua2s32.cloudfront.net/poster/WixAvKL9dzmlt.720.jpeg" src="blob:https://dmf9cnjua2s32.cloudfront.net/0d9b41ca-e431-41e1-9391-fc9402c0ff2a"></video>

this is just a blob:...
copy the link your browser gives you in the address bar while playing the video

It's inside an iframe... a page within a page
You can't access the main page without credentials so i'm not sure how am i supposed to provide the required info

Is this one good?
https://dev.vdocipher.com/api/meta/1119b315c33d4c71ad721eeab2388ff7


Do you need the OTP? the Auth? can i have more tech info here please?

[pram0dm]

The URL headers and the token payload from the auth request would be helpful.

[Broka]

First there is an options request then a post request, here are both:

Code:

OPTIONS /auth HTTP/2
Host: license.vdocipher.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,vdo-ref
Referer: https://dmf9cnjua2s32.cloudfront.net/
Origin: https://dmf9cnjua2s32.cloudfront.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site


POST /auth HTTP/2
Host: license.vdocipher.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dmf9cnjua2s32.cloudfront.net/
content-type: application/json
Content-Length: 3332
Origin: https://dmf9cnjua2s32.cloudfront.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers


{"token":"eyJvdHAiOiIyMDE2MDMxM3ZlcnNVU0UzMjNXUTc3QzVZckFCT29yV2hQZmE1WEh3TUFYU05qMzRsZ3ZxYU9zb3lJYzIwM1hZIiwicGxheWJhY2tJbmZvIjoiZXlKMmFXUmxiMGxrSWpvaU1URXhPV0l6TVRWak16TmtOR00zTVdGa056SXhaV1ZoWWpJek9EaG1aamNpZlE9PSIsImhyZWYiOiJodHRwczovL3BsYXRmb3JtLml0c2FmZS5jby5pbC9jb3Vyc2UiLCJ0ZWNoIjoid3YiLCJsaWNlbnNlUmVxdWVzdCI6IkNBRVMvZ3NLbndzSUFSS0RDZ3JEQWdnQ0VoQlBBWDZwcHJXcDhqNTNGZDM1S3NoV0dNRGhwNWtHSW93Qk1JR0pBb0dCQU5MZDd2WG9WSlNXVTZhL1haV3BrREY0K0FVcW05L1Y4UEN0ME5LaHpKTHkyMG9jbjlKWHVkcEF5Q0gvMy9NdnIrdUJrTjFNNDN0b2NIOVI4UGk2djNKTnhlaW5BZm1qdDBVem5uVmFXeUVqMDVqTEVLd1diT0lxai9LSGhJVHMxdUNKMjFKU1JGRHgrUXpoL0ZBUW9GSWd4OW1uR0tDL25obXdPc2N1d0lXQkFnTUJBQUVvcTlRQlNBRmFrUUVLakFFd2dZa0NnWUVBMVl5b3lLaDNmRTBKM09PK1JlYXRDMHBnTVlJbjNyc3NLem9kMzNZdjJBNzlpNVB0UmRpZ0NhYWpsMitjcnlNOXo1c25WTUc0M3lSQ2xRNEhxYnFsRy9WbHRwbHhHOSt5V0xMT2hlampTUC94N0dMS3VNSnJmV3dnb05DZWVUYXBVMVpaUjlkNjI3c1Y0cTB3eklqanl1bFVXWnRLcklZUjlZSVVCREZ3R3Y4Q0F3RUFBUkFCRW9BQ1hJTVlGVGpEY1ZMbWR6TDU1dDhtVU5La3J1YjlZVm0rWnNRYkQ3WlV6eE81NVB0Nk5Vajg4eDVhcit2bmxOanZ5cnlORGtJSklaYWtIQ3VCSUJESVNCN09aQUZ1TU0yRlJ0c3hFOEhDMTUyTGliUHhLeG5HMFVhMjVnU2twMjFDWXZvVityOVlkVWM0STdoK2tNVGZYWlRuYnhvMlN3Rk12NWJuZk84K1Q1R0dHcVVhNkUwRkxDTFBGcXhiWGpreVM1RUR1VGJmQlIwQ21IeTk0a1FsbkliYnlWSkJ0SUZ5RU91QTdKN0ptWjFycGdMdXJvQXVwSHBvV2NzbnFVRVhUUktLZWZQckNyK2tKbnVHMWpHcWVGdGVSaklSdjltN2FPbzhTcXBRbnJiYlF3MTFkVSt4NTNNMGZta1p1Q0l0NlJoTnJjR0kyZzU5NDhOQjQ5Y1c2eHEzQlFxeEFnZ0JFaEJUc2FhNk5QRTV6TFBZeG9rZXltdDRHSi9Ea1pjR0lvNENNSUlCQ2dLQ0FRRUF4OXRmZjRmdVVycUU5U2ZsT2hYREdXQmpRQmkrQmpIYVQvWE0xRWhWT3g0YU45aFhEa0ZoMGkxOWJGNFpNclA0WWhzUE83SWp3alZUb1lRakI4Ymg1U0hGSmhUZDlnRnhFQ2d0THMrU1packJSSFJSM2F0YmJuM2JJUXIvdWdQSFBHU0tZczdsOGpLM3U3ZlM4RjBpM2JzZ0tNNUNYL3VlaFdCOXpWTXpUWHBhS0REQ2ZaZVBaZjVJY1d3cEhWdmF3NlFCUit4Y3d4dkRqcFRGM2JpcWhVNUZuUUhReE1hSlUxVklOekZPdzh1ZUpCN2duWmpyanNMZUtsSkVCMFNoVXE4OFFRTERGZzFIV1NnLzJSQVJrVnFKRTFiYjJwL2dMcVBmQXc2d2NVTDNqRkNRUThrazlnVHgzOXpycE5qOVlXV3F5aG5Xc2pQeFJOWGQrYndUMndJREFRQUJLS3ZVQVVnQkVvQURqdUhZS1dnSXF4V2RmbHVPNnRUekx1NUJzNndDY1dOeGFvSFNQT0ZJdzdmYzRsdXQzTDArWUFMWDYvRVIxbGtmQlBmMVFoMkR4bytlM3U3bC9jeTk1c3gxcFBxVXBDQ05rVHN1Tjc3U1RsVWV4MnY1anVrZDhGK0NhR0FzK1pvV0Z0UlY5ZEh2SVNCY3VvcGIrZEpvNjVJaU5BTXpFZXhTY201a012QUxXT0RkVlhkNVVaK3dxb2RTcmtYRTJwVzNralV3RUlZR2dTZEwyZ0FsMmhEZGd1V2lkaFBQR2I2STFrUTB3WVNGTGtieklNVGZ0Q0JoVWd3WUMwZnVVN0FCekg3ajV3bTZoTG1mT2RMRzVMNUdaSWx1dlgrTlc4NE1IZklUeXJSNXJyWnpUTVhCUFR5MUN2L2diWUxOVStGQ1hBRzhGeDFmVlROeExmL1VISlNKelVBcE9TbHNKQ2RsMFFRNk9BOFVYRGhWL1VnMDJJcmFyOXlmNTNkOE9ESHJnVHoreTJQUDVsWmovaEhMbHdaWVhDcVRNMk1LbUFYVTFJTVJmTk1HQmt1blVldkF3OEFwNVVSUVFhRXNvZjZsVnNGd1ZBcm9YdjN4K1VxNzNGczV5VHd3MDZ3U2lNcHZlczNUZ1Q1UTY3eGZlcWkwRHdqcklIWGdHcnpmNXF5MEdoc0tFV0Z5WTJocGRHVmpkSFZ5WlY5dVlXMWxFZ1o0T0RZdE5qUWFGZ29NWTI5dGNHRnVlVjl1WVcxbEVnWkhiMjluYkdVYUZ3b0tiVzlrWld4ZmJtRnRaUklKUTJoeWIyMWxRMFJOR2hZS0RYQnNZWFJtYjNKdFgyNWhiV1VTQlV4cGJuVjRHaU1LRkhkcFpHVjJhVzVsWDJOa2JWOTJaWEp6YVc5dUVnczBMakV3TGpJMU5UY3VNRElLQ0FBUUFCZ0JJQUFvRUJKS0NrZ0tNaUlxZG1SdlkybHdhR1Z5T21RNVlUSXpaall5TTJRMk9UUTBOVFppTnpRMlptVTJNMkprTXpReFlqTXdTT1BjbFpzR0VBRWFFTXFPN1NWcHM4R1ZTUllNVlNrSHNwZ1lBU0ROM2ZlaUJqQVZPTjZSZ01zREdvQUJCbUpSN2dBR1NzTDh3ckk4SlVNSUZnS2ZHajZtS09xS2kzTlN0bU5oSjA0NHdUcFFWSWJUZ1RjWGd6REM3YXhpMkNIYk1EbHhPbVJvTVFKS0xWdTdHZ1B6ejFPam9DeEN1S0xyUVRQTXRWclkrZm5lWXlGY05CWWVXdjlXRzduN2ZwK2ZRY0Y5OEhHbFQvQ2xuSFNFR0d6anZLVnd5eU50WTAzT3pkVm5WaHRLRkFBQUFBRUFBQUFVQUFVQUVEbGdDTjRXcmZQUSJ9"}

[pram0dm]

If you pulled up your Developer Tools' Network Tab, do you see only one call for auth that's POST or is there another one prior to this with a shorter token payload?

For the token payload, you will need to block the auth request from completing and fetch it from the browser while it's in red.
You can do this by adding the below entry into the hosts file of your OS and refreshing the page after you've pulled up the Developer Tools.

Code:

127.0.0.1 license.vdocipher.com

[Attachment 70954 - Click to enlarge]

There's no point in sharing the token if the request has successfully gotten through to the server.

Also, there's a TTL for the token as well, so if it's hours after you post that I take a look at it, chances are that it has already expired.

[Broka]

If you pulled up your Developer Tools' Network Tab, do you see only one call for auth that's POST or is there another one prior to this with a shorter token payload?

For the token payload, you will need to block the auth request from completing and fetch it from the browser while it's in red.
You can do this by adding the below entry into the hosts file of your OS and refreshing the page after you've pulled up the Developer Tools.

Code:

127.0.0.1 license.vdocipher.com

[Attachment 70954 - Click to enlarge]

There's no point in sharing the token if the request has successfully gotten through to the server.

Also, there's a TTL for the token as well, so if it's hours after you post that I take a look at it, chances are that it has already expired.

I didn't see another request prior to that one, the first one i see is when i click to play a video and it's the one i'm sharing.
I tried your hosts method but in my case since it's sending an options request first, the options must go trough for the POST request after to have the token otherwise if it doesn't there is no data payload attached, so i need to allow the OPTIONS and block the POSTS, i decided to use the request blocking feature of devtools to achieve that and managed to time it right, otherwise i would have switched to a proxy.

Here is the token:

Code:

{"token":"eyJvdHAiOiIyMDE2MDMxM3ZlcnNVU0UzMjNsSnNObFRJaUpWeFRKMkIyU1FQSUU0a2NCRGNqNXR2RDFMS0FXWW9rWE5hZDhzIiwicGxheWJhY2tJbmZvIjoiZXlKMmFXUmxiMGxrSWpvaU1URXhPV0l6TVRWak16TmtOR00zTVdGa056SXhaV1ZoWWpJek9EaG1aamNpZlE9PSIsImhyZWYiOiJodHRwczovL3BsYXRmb3JtLml0c2FmZS5jby5pbC9jb3Vyc2UiLCJ0ZWNoIjoid3YiLCJsaWNlbnNlUmVxdWVzdCI6IkNBRVMvZ3NLbndzSUFSS0RDZ3JEQWdnQ0VoQlBBWDZwcHJXcDhqNTNGZDM1S3NoV0dNRGhwNWtHSW93Qk1JR0pBb0dCQU5MZDd2WG9WSlNXVTZhL1haV3BrREY0K0FVcW05L1Y4UEN0ME5LaHpKTHkyMG9jbjlKWHVkcEF5Q0gvMy9NdnIrdUJrTjFNNDN0b2NIOVI4UGk2djNKTnhlaW5BZm1qdDBVem5uVmFXeUVqMDVqTEVLd1diT0lxai9LSGhJVHMxdUNKMjFKU1JGRHgrUXpoL0ZBUW9GSWd4OW1uR0tDL25obXdPc2N1d0lXQkFnTUJBQUVvcTlRQlNBRmFrUUVLakFFd2dZa0NnWUVBMVl5b3lLaDNmRTBKM09PK1JlYXRDMHBnTVlJbjNyc3NLem9kMzNZdjJBNzlpNVB0UmRpZ0NhYWpsMitjcnlNOXo1c25WTUc0M3lSQ2xRNEhxYnFsRy9WbHRwbHhHOSt5V0xMT2hlampTUC94N0dMS3VNSnJmV3dnb05DZWVUYXBVMVpaUjlkNjI3c1Y0cTB3eklqanl1bFVXWnRLcklZUjlZSVVCREZ3R3Y4Q0F3RUFBUkFCRW9BQ1hJTVlGVGpEY1ZMbWR6TDU1dDhtVU5La3J1YjlZVm0rWnNRYkQ3WlV6eE81NVB0Nk5Vajg4eDVhcit2bmxOanZ5cnlORGtJSklaYWtIQ3VCSUJESVNCN09aQUZ1TU0yRlJ0c3hFOEhDMTUyTGliUHhLeG5HMFVhMjVnU2twMjFDWXZvVityOVlkVWM0STdoK2tNVGZYWlRuYnhvMlN3Rk12NWJuZk84K1Q1R0dHcVVhNkUwRkxDTFBGcXhiWGpreVM1RUR1VGJmQlIwQ21IeTk0a1FsbkliYnlWSkJ0SUZ5RU91QTdKN0ptWjFycGdMdXJvQXVwSHBvV2NzbnFVRVhUUktLZWZQckNyK2tKbnVHMWpHcWVGdGVSaklSdjltN2FPbzhTcXBRbnJiYlF3MTFkVSt4NTNNMGZta1p1Q0l0NlJoTnJjR0kyZzU5NDhOQjQ5Y1c2eHEzQlFxeEFnZ0JFaEJUc2FhNk5QRTV6TFBZeG9rZXltdDRHSi9Ea1pjR0lvNENNSUlCQ2dLQ0FRRUF4OXRmZjRmdVVycUU5U2ZsT2hYREdXQmpRQmkrQmpIYVQvWE0xRWhWT3g0YU45aFhEa0ZoMGkxOWJGNFpNclA0WWhzUE83SWp3alZUb1lRakI4Ymg1U0hGSmhUZDlnRnhFQ2d0THMrU1packJSSFJSM2F0YmJuM2JJUXIvdWdQSFBHU0tZczdsOGpLM3U3ZlM4RjBpM2JzZ0tNNUNYL3VlaFdCOXpWTXpUWHBhS0REQ2ZaZVBaZjVJY1d3cEhWdmF3NlFCUit4Y3d4dkRqcFRGM2JpcWhVNUZuUUhReE1hSlUxVklOekZPdzh1ZUpCN2duWmpyanNMZUtsSkVCMFNoVXE4OFFRTERGZzFIV1NnLzJSQVJrVnFKRTFiYjJwL2dMcVBmQXc2d2NVTDNqRkNRUThrazlnVHgzOXpycE5qOVlXV3F5aG5Xc2pQeFJOWGQrYndUMndJREFRQUJLS3ZVQVVnQkVvQURqdUhZS1dnSXF4V2RmbHVPNnRUekx1NUJzNndDY1dOeGFvSFNQT0ZJdzdmYzRsdXQzTDArWUFMWDYvRVIxbGtmQlBmMVFoMkR4bytlM3U3bC9jeTk1c3gxcFBxVXBDQ05rVHN1Tjc3U1RsVWV4MnY1anVrZDhGK0NhR0FzK1pvV0Z0UlY5ZEh2SVNCY3VvcGIrZEpvNjVJaU5BTXpFZXhTY201a012QUxXT0RkVlhkNVVaK3dxb2RTcmtYRTJwVzNralV3RUlZR2dTZEwyZ0FsMmhEZGd1V2lkaFBQR2I2STFrUTB3WVNGTGtieklNVGZ0Q0JoVWd3WUMwZnVVN0FCekg3ajV3bTZoTG1mT2RMRzVMNUdaSWx1dlgrTlc4NE1IZklUeXJSNXJyWnpUTVhCUFR5MUN2L2diWUxOVStGQ1hBRzhGeDFmVlROeExmL1VISlNKelVBcE9TbHNKQ2RsMFFRNk9BOFVYRGhWL1VnMDJJcmFyOXlmNTNkOE9ESHJnVHoreTJQUDVsWmovaEhMbHdaWVhDcVRNMk1LbUFYVTFJTVJmTk1HQmt1blVldkF3OEFwNVVSUVFhRXNvZjZsVnNGd1ZBcm9YdjN4K1VxNzNGczV5VHd3MDZ3U2lNcHZlczNUZ1Q1UTY3eGZlcWkwRHdqcklIWGdHcnpmNXF5MEdoc0tFV0Z5WTJocGRHVmpkSFZ5WlY5dVlXMWxFZ1o0T0RZdE5qUWFGZ29NWTI5dGNHRnVlVjl1WVcxbEVnWkhiMjluYkdVYUZ3b0tiVzlrWld4ZmJtRnRaUklKUTJoeWIyMWxRMFJOR2hZS0RYQnNZWFJtYjNKdFgyNWhiV1VTQlV4cGJuVjRHaU1LRkhkcFpHVjJhVzVsWDJOa2JWOTJaWEp6YVc5dUVnczBMakV3TGpJMU5UY3VNRElLQ0FBUUFCZ0JJQUFvRUJKS0NrZ0tNaUlxZG1SdlkybHdhR1Z5T21RNVlUSXpaall5TTJRMk9UUTBOVFppTnpRMlptVTJNMkprTXpReFlqTXdTT1BjbFpzR0VBRWFFQlB1TURNc243SjVpY2ErcmlDaWIyQVlBU0NqanZpaUJqQVZPTU9CODlJQkdvQUJCbG9PQ0Z4TXFGUklnS3AzM1p3eS9vWTBtRk5uWWUvREtLeW01VWxDaUtmSDR1T1NTcFVTaEhmSmlKOTlOeWM0L3hxWEcrZjhPbktBUDZVVmFCR1BoS2sxWXA1dlhpcTdLdEpJcnhZL0NPQzl3R3o3N2lJaUxBay9sRk9iMnFrM0d4VGtpWURybzFmOTBDaktpbXBYRXpBc1F6WWFmbDlqRk5JRVo0bnFQUzFLRkFBQUFBRUFBQUFVQUFVQUVCcGN3TU4vQXc5cyJ9"}

And here is a screen shot to prove i'm not an idiot


[Attachment 70962 - Click to enlarge]

[pram0dm]

Code:

{"code": 2013, "message": "time expired"}

You will need to send me another one.

Make sure that your video frame doesn't show the time expired error. Instead it must say something like

Code:

6007. Unable to connect to license server. Try removing adblock or try different internet connection.

[Broka]

Code:

{"code": 2013, "message": "time expired"}

You will need to send me another one.

Make sure that your video frame doesn't show the time expired error. Instead it must say something like

Code:

6007. Unable to connect to license server. Try removing adblock or try different internet connection.

Ok, it does say that error, here you go:

Code:

{"token":"eyJvdHAiOiIyMDE2MDMxM3ZlcnNVU0UzMjNhZ0VybWVUcUtja0JSYjNxSTVQa3B2djJtMTQ1b0FHSlZLNDhUVXZFcjJ1WkhqIiwicGxheWJhY2tJbmZvIjoiZXlKMmFXUmxiMGxrSWpvaU1URXhPV0l6TVRWak16TmtOR00zTVdGa056SXhaV1ZoWWpJek9EaG1aamNpZlE9PSIsImhyZWYiOiJodHRwczovL3BsYXRmb3JtLml0c2FmZS5jby5pbC9jb3Vyc2UiLCJ0ZWNoIjoid3YiLCJsaWNlbnNlUmVxdWVzdCI6IkNBRVMvZ3NLbndzSUFSS0RDZ3JEQWdnQ0VoQlBBWDZwcHJXcDhqNTNGZDM1S3NoV0dNRGhwNWtHSW93Qk1JR0pBb0dCQU5MZDd2WG9WSlNXVTZhL1haV3BrREY0K0FVcW05L1Y4UEN0ME5LaHpKTHkyMG9jbjlKWHVkcEF5Q0gvMy9NdnIrdUJrTjFNNDN0b2NIOVI4UGk2djNKTnhlaW5BZm1qdDBVem5uVmFXeUVqMDVqTEVLd1diT0lxai9LSGhJVHMxdUNKMjFKU1JGRHgrUXpoL0ZBUW9GSWd4OW1uR0tDL25obXdPc2N1d0lXQkFnTUJBQUVvcTlRQlNBRmFrUUVLakFFd2dZa0NnWUVBMVl5b3lLaDNmRTBKM09PK1JlYXRDMHBnTVlJbjNyc3NLem9kMzNZdjJBNzlpNVB0UmRpZ0NhYWpsMitjcnlNOXo1c25WTUc0M3lSQ2xRNEhxYnFsRy9WbHRwbHhHOSt5V0xMT2hlampTUC94N0dMS3VNSnJmV3dnb05DZWVUYXBVMVpaUjlkNjI3c1Y0cTB3eklqanl1bFVXWnRLcklZUjlZSVVCREZ3R3Y4Q0F3RUFBUkFCRW9BQ1hJTVlGVGpEY1ZMbWR6TDU1dDhtVU5La3J1YjlZVm0rWnNRYkQ3WlV6eE81NVB0Nk5Vajg4eDVhcit2bmxOanZ5cnlORGtJSklaYWtIQ3VCSUJESVNCN09aQUZ1TU0yRlJ0c3hFOEhDMTUyTGliUHhLeG5HMFVhMjVnU2twMjFDWXZvVityOVlkVWM0STdoK2tNVGZYWlRuYnhvMlN3Rk12NWJuZk84K1Q1R0dHcVVhNkUwRkxDTFBGcXhiWGpreVM1RUR1VGJmQlIwQ21IeTk0a1FsbkliYnlWSkJ0SUZ5RU91QTdKN0ptWjFycGdMdXJvQXVwSHBvV2NzbnFVRVhUUktLZWZQckNyK2tKbnVHMWpHcWVGdGVSaklSdjltN2FPbzhTcXBRbnJiYlF3MTFkVSt4NTNNMGZta1p1Q0l0NlJoTnJjR0kyZzU5NDhOQjQ5Y1c2eHEzQlFxeEFnZ0JFaEJUc2FhNk5QRTV6TFBZeG9rZXltdDRHSi9Ea1pjR0lvNENNSUlCQ2dLQ0FRRUF4OXRmZjRmdVVycUU5U2ZsT2hYREdXQmpRQmkrQmpIYVQvWE0xRWhWT3g0YU45aFhEa0ZoMGkxOWJGNFpNclA0WWhzUE83SWp3alZUb1lRakI4Ymg1U0hGSmhUZDlnRnhFQ2d0THMrU1packJSSFJSM2F0YmJuM2JJUXIvdWdQSFBHU0tZczdsOGpLM3U3ZlM4RjBpM2JzZ0tNNUNYL3VlaFdCOXpWTXpUWHBhS0REQ2ZaZVBaZjVJY1d3cEhWdmF3NlFCUit4Y3d4dkRqcFRGM2JpcWhVNUZuUUhReE1hSlUxVklOekZPdzh1ZUpCN2duWmpyanNMZUtsSkVCMFNoVXE4OFFRTERGZzFIV1NnLzJSQVJrVnFKRTFiYjJwL2dMcVBmQXc2d2NVTDNqRkNRUThrazlnVHgzOXpycE5qOVlXV3F5aG5Xc2pQeFJOWGQrYndUMndJREFRQUJLS3ZVQVVnQkVvQURqdUhZS1dnSXF4V2RmbHVPNnRUekx1NUJzNndDY1dOeGFvSFNQT0ZJdzdmYzRsdXQzTDArWUFMWDYvRVIxbGtmQlBmMVFoMkR4bytlM3U3bC9jeTk1c3gxcFBxVXBDQ05rVHN1Tjc3U1RsVWV4MnY1anVrZDhGK0NhR0FzK1pvV0Z0UlY5ZEh2SVNCY3VvcGIrZEpvNjVJaU5BTXpFZXhTY201a012QUxXT0RkVlhkNVVaK3dxb2RTcmtYRTJwVzNralV3RUlZR2dTZEwyZ0FsMmhEZGd1V2lkaFBQR2I2STFrUTB3WVNGTGtieklNVGZ0Q0JoVWd3WUMwZnVVN0FCekg3ajV3bTZoTG1mT2RMRzVMNUdaSWx1dlgrTlc4NE1IZklUeXJSNXJyWnpUTVhCUFR5MUN2L2diWUxOVStGQ1hBRzhGeDFmVlROeExmL1VISlNKelVBcE9TbHNKQ2RsMFFRNk9BOFVYRGhWL1VnMDJJcmFyOXlmNTNkOE9ESHJnVHoreTJQUDVsWmovaEhMbHdaWVhDcVRNMk1LbUFYVTFJTVJmTk1HQmt1blVldkF3OEFwNVVSUVFhRXNvZjZsVnNGd1ZBcm9YdjN4K1VxNzNGczV5VHd3MDZ3U2lNcHZlczNUZ1Q1UTY3eGZlcWkwRHdqcklIWGdHcnpmNXF5MEdoc0tFV0Z5WTJocGRHVmpkSFZ5WlY5dVlXMWxFZ1o0T0RZdE5qUWFGZ29NWTI5dGNHRnVlVjl1WVcxbEVnWkhiMjluYkdVYUZ3b0tiVzlrWld4ZmJtRnRaUklKUTJoeWIyMWxRMFJOR2hZS0RYQnNZWFJtYjNKdFgyNWhiV1VTQlV4cGJuVjRHaU1LRkhkcFpHVjJhVzVsWDJOa2JWOTJaWEp6YVc5dUVnczBMakV3TGpJMU5UY3VNRElLQ0FBUUFCZ0JJQUFvRUJKS0NrZ0tNaUlxZG1SdlkybHdhR1Z5T21RNVlUSXpaall5TTJRMk9UUTBOVFppTnpRMlptVTJNMkprTXpReFlqTXdTT1BjbFpzR0VBRWFFTWtCRGJIUFJTWjNHUUdkVzZ3NGZKd1lBU0RWelBpaUJqQVZPTkg3aDhrSUdvQUJwcjJOV09mbXlLQis0cnpCb1hwSkFvMVd5bVZUeEcxSmRsd3g5S3R0U3FxRVdrN25TVmp5bUdRYlNQZldBOVB4aFJKRWhsbGNqMHUxdk4wZzFucnh4WHNZMnd6aENzVUUvUXJYc3RCSFVFNzdJZDg3REV1YzgwdDNCY3VvM3NnQVlJYlRMUkd4c2E5WWpBOVVOcmdlbWpURk9XcU5UVEpjTk9Yak1tY2h5YWRLRkFBQUFBRUFBQUFVQUFVQUVJa2gvZEYxNFRoNiJ9"}

[pram0dm]

It may look similar, but the OTP that's within the token keeps changing.

Try opening the page in a different browser/tab and regenerate it by refreshing the page without the network block first, and then with the block.

[Broka]

Yes, you're right my bad, they are different i compared them char per char
Edited my original to include a new blocked one, please try it and let me know if it works

[pram0dm]

Is this token for the same video URL, or has it changed?
Can you regenerate a new one, and also include the URL headers from the POST request?

If you're on Telegram, you may reach out to me @pram0dm to exchange them faster.

[Broka]

Is this token for the same video URL, or has it changed?
Can you regenerate a new one, and also include the URL headers from the POST request?

Same video, i still have it open so here are the headers:

Code:

OPTIONS /auth HTTP/2
Host: license.vdocipher.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,vdo-ref
Referer: https://dmf9cnjua2s32.cloudfront.net/
Origin: https://dmf9cnjua2s32.cloudfront.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers


POST /auth undefined
Host: license.vdocipher.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dmf9cnjua2s32.cloudfront.net/
content-type: application/json
Content-Length: 3332
Origin: https://dmf9cnjua2s32.cloudfront.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

[paladinboy]

Is this token for the same video URL, or has it changed?
Can you regenerate a new one, and also include the URL headers from the POST request?

If you're on Telegram, you may reach out to me @pram0dm to exchange them faster.

Hey, I have a similar kind of issue. I just texted you on telegram. Can you help me?
Thanks