Axinom PSSH Box Decoder

[axemanozh]

I've been dependent on this tool as part of the process I learned from generous people in this thread: https://forum.videohelp.com/threads/406950-Bally-Sports-Download-Help

However, it seems like this has now been recently placed behind a registration portal and is no longer publicly accessible. I tried to register, saying I was an independent developer, but was rejected from access. Does anyone know of a way to access it or of an equivalent tool?

http://tools.axinom.com/decoders/PsshBox

[Stoc]

Same happened to me, I've been rejected twice, they were asking for a "company name" lol.

For the moment the best way to get the PSSH is the EME logger method, it's a bit tricky but It is worth.

[axemanozh]

Same happened to me, I've been rejected twice, they were asking for a "company name" lol.

For the moment the best way to get the PSSH is the EME logger method, it's a bit tricky but It is worth.

Thanks. I was trying to get the EME logger working when the Axinom portal was suggested. Guess I have to try to figure it out again.

[Karoolus]

You could also get the PSSH from the MPD or the init file

[axemanozh]

You could also get the PSSH from the MPD or the init file

I’ve been getting it from N_m3u8DL-RE output, which gave it in a format I ran through the Axinom tool to convert into the PSSH the CDM reads. I haven’t been able to see it directly in developer tools when I looked. Is there somewhere specific I should be looking?

[notaghost]

there is also this https://integration.widevine.com/diagnostics

[Karoolus]

You could also get the PSSH from the MPD or the init file

I’ve been getting it from N_m3u8DL-RE output, which gave it in a format I ran through the Axinom tool to convert into the PSSH the CDM reads. I haven’t been able to see it directly in developer tools when I looked. Is there somewhere specific I should be looking?

https://forum.videohelp.com/threads/405001-How-to-get-the-widevine-pssh-from-init-mp4-...pt#post2650501

there is also this https://integration.widevine.com/diagnostics

Nice one, did not know about this site

[axemanozh]

there is also this https://integration.widevine.com/diagnostics

Wow, thanks I will definitely check this one out.

[axemanozh]

You could also get the PSSH from the MPD or the init file

I’ve been getting it from N_m3u8DL-RE output, which gave it in a format I ran through the Axinom tool to convert into the PSSH the CDM reads. I haven’t been able to see it directly in developer tools when I looked. Is there somewhere specific I should be looking?

https://forum.videohelp.com/threads/405001-How-to-get-the-widevine-pssh-from-init-mp4-...pt#post2650501

there is also this https://integration.widevine.com/diagnostics

Nice one, did not know about this site

Thanks, Karoolus. I always appreciate the willingness to help. It would certainly be best to be able to do everything on your own without being dependent on outside tools, which can go down or see public access get pulled, such as Axinom. I will be giving this one a try this weekend.

[Stoc]

there is also this https://integration.widevine.com/diagnostics

How do we use this exactly? What should I add in content id box?

[axemanozh]

Using the https://integration.widevine.com/diagnostics site, I get this as the PSSH:

Code:

AAAAjnBzc2gBAAAA7e+LqXnWSs6jyCfc1R0h7QAAAAAAAABqImIIARIQkwJhp4HnPpyEaSG1UrNNlyJMZXlKaGMzTmxkRWxrSWpvaVVrVlFURUZaTFdOa1lXSm1NVEJsTFdSbFlUY3ROR1JrWlMxaFpEZGxMVE16TnpFNU5EaGpaV1E0TnlKOUjj3JWbBg==

[Attachment 74123 - Click to enlarge]


[Attachment 74124 - Click to enlarge]

Running that through keysdb.net, I get a 412 Precondition failed error, which I believe means it doesn't like my headers.


[Attachment 74125 - Click to enlarge]

Am I doing something wrong here?

I also tried using the TamperMonkey EME logger script method and get this:


[Attachment 74126 - Click to enlarge]

Code:

AAADSHBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAygoAwAAAQABAB4DPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgBwADIARQBDAGsAKwBlAEIAbgBEADYARQBhAFMARwAxAFUAcgBOAE4AbAB3AD0APQA8AC8ASwBJAEQAPgA8AEwAQQBfAFUAUgBMAD4AaAB0AHQAcABzADoALwAvAGwAaQBjAC4AZAByAG0AdABvAGQAYQB5AC4AYwBvAG0ALwBsAGkAYwBlAG4AcwBlAC0AcAByAG8AeAB5AC0AaABlAGEAZABlAHIAYQB1AHQAaAAvAGQAcgBtAHQAbwBkAGEAeQAvAFIAaQBnAGgAdABzAE0AYQBuAGEAZwBlAHIALgBhAHMAbQB4ADwALwBMAEEAXwBVAFIATAA+ADwATABVAEkAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwBwAGwAYQB5AHIAZQBhAGQAeQAtAHUAaQAuAGUAeABhAG0AcABsAGUALgBjAG8AbQA8AC8ATABVAEkAXwBVAFIATAA+ADwAQwBIAEUAQwBLAFMAVQBNAD4ARgBuAEsAVABVAFAATwAyAHMATgBnAD0APAAvAEMASABFAEMASwBTAFUATQA+ADwALwBEAEEAVABBAD4APAAvAFcAUgBNAEgARQBBAEQARQBSAD4AAAAAgnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAGIIARIQkwJhp4HnPpyEaSG1UrNNlyJMZXlKaGMzTmxkRWxrSWpvaVVrVlFURUZaTFdOa1lXSm1NVEJsTFdSbFlUY3ROR1JrWlMxaFpEZGxMVE16TnpFNU5EaGpaV1E0TnlKOQ==

The instructions I am finding for this method say to run it through here: https://base64.guru/converter/decode/hex

Which I do and get this result:


[Attachment 74127 - Click to enlarge]

Code:

000000827073736800000000edef8ba979d64acea3c827dcd51d21ed0000006208011210930261a781e73e9c846921b552b34d97224c65794a6863334e6c64456c6b496a6f69556b56515445465a4c574e6b59574a6d4d54426c4c57526c595463744e47526b5a5331685a44646c4c544d7a4e7a45354e44686a5a5751344e794a39

Running that output back through Hex to Base64, I then get this:


[Attachment 74128 - Click to enlarge]

Code:

AAAAgnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAGIIARIQkwJhp4HnPpyEaSG1UrNNlyJMZXlKaGMzTmxkRWxrSWpvaVVrVlFURUZaTFdOa1lXSm1NVEJsTFdSbFlUY3ROR1JrWlMxaFpEZGxMVE16TnpFNU5EaGpaV1E0TnlKOQ==

Which also doesn't seem to work running through keysdb.net.


[Attachment 74129 - Click to enlarge]

So clearly I'm doing something wrong in this process, but I'm not sure what. Any pointers would be appreciated!

[iamghost]

geo lock maybe, you will need add proxy

Code:

import json
import random
import uuid
import time
import httpx
from lxml import html


class Settings:
    def __init__(self, userCountry: str = None, randomProxy: bool = False) -> None:
        self.randomProxy = randomProxy
        self.userCountry = userCountry
        self.ccgi_url = "https://client.hola.org/client_cgi/"
        self.ext_ver = self.get_ext_ver()
        self.ext_browser = "chrome"
        self.user_uuid = uuid.uuid4().hex
        self.user_agent = "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
        self.product = "cws"
        self.port_type_choice: str
        self.zoneAvailable = ["AR", "AT", "AU", "BE", "BG", "BR", "CA", "CH", "CL", "CO", "CZ", "DE", "DK", "ES", "FI",
                              "FR", "GR", "HK", "HR", "HU", "ID", "IE", "IL", "IN", "IS", "IT", "JP", "KR", "MX", "NL",
                              "NO", "NZ", "PL", "RO", "RU", "SE", "SG", "SK", "TR", "UK", "US", "GB"]

    def get_ext_ver(self) -> str:
        about = httpx.get("https://hola.org/access/my/settings#/about").text
        if 'window.pub_config.init({"ver":"' in about:
            version = about.split('window.pub_config.init({"ver":"')[1].split('"')[0]
            return version

        # last know working version
        return "1.199.485"


class Engine:
    def __init__(self, Settings) -> None:
        self.settings = Settings

    def get_proxy(self, tunnels, tls=False) -> str:
        login = f"user-uuid-{self.settings.user_uuid}"
        proxies = dict(tunnels)
        protocol = "https" if tls else "http"
        for k, v in proxies["ip_list"].items():
            return "%s://%s:%s@%s:%d" % (
                protocol,
                login,
                proxies["agent_key"],
                k if tls else v,
                proxies["port"][self.settings.port_type_choice],
            )

    def generate_session_key(self, timeout: float = 10.0) -> json:
        post_data = {"login": "1", "ver": self.settings.ext_ver}
        return httpx.post(
            f"{self.settings.ccgi_url}background_init?uuid={self.settings.user_uuid}",
            json=post_data,
            headers={"User-Agent": self.settings.user_agent},
            timeout=timeout,
        ).json()["key"]

    def zgettunnels(
        self, session_key: str, country: str, timeout: float = 10.0
    ) -> json:

        qs = {
            "country": country.lower(),
            "limit": 1,
            "ping_id": random.random(),
            "ext_ver": self.settings.ext_ver,
            "browser": self.settings.ext_browser,
            "uuid": self.settings.user_uuid,
            "session_key": session_key,
        }

        #print(qs)
        return httpx.post(
            f"{self.settings.ccgi_url}zgettunnels", params=qs, timeout=timeout
        ).json()
        
    @staticmethod
    def sleep() -> None:
        min_tunnels_pause = 10
        max_tunnels_pause = 25

        def rand_range(low: int, hi: int) -> float:
            if low >= hi:
                raise Exception("RandRange: low boundary is greater or equal to high boundary")
            delta = hi - low
            return low + random.random() * delta
        
        sleep_duration = int(rand_range(min_tunnels_pause, max_tunnels_pause))
        # sleep_duration = 10 # seems 10 is enough
        print("Please wait for "+str(sleep_duration)+" seconds.")
        time.sleep(sleep_duration)


class Hola:
    def __init__(self, Settings) -> None:
        self.myipUri: str = "https://hola.org/myip.json"
        self.settings = Settings

    def get_country(self) -> str:

        if not self.settings.randomProxy and not self.settings.userCountry:
            self.settings.userCountry = httpx.get(self.myipUri).json()["country"]

        if (
            not self.settings.userCountry in self.settings.zoneAvailable
            or self.settings.randomProxy
        ):
            self.settings.userCountry = random.choice(self.settings.zoneAvailable)

        return self.settings.userCountry


def init_proxy(data):
    settings = Settings(
        data["zone"]
    )  # True if you want random proxy each request / "DE" for a proxy with region of your choice (German here) / False if you wish to have a proxy localized to your IP address
    settings.port_type_choice = data[
        "port"
    ]  # direct return datacenter ipinfo, peer "residential" (can fail sometime)

    hola = Hola(settings)
    engine = Engine(settings)

    userCountry = hola.get_country()
    session_key = engine.generate_session_key()
    #engine.sleep()
    tunnels = engine.zgettunnels(session_key, userCountry)

    return engine.get_proxy(tunnels)


if __name__ == "__main__":
    CC = input("Input desired country code: ")
    test = init_proxy({"zone": CC, "port": "peer"})
    print(test)

save as proxy.py

[axemanozh]

Thanks, iamghost. It looks like you're onto something with the geolock. I refreshed my browser trying to pull the cURL values and noticed it was asking to allow to find my location.


[Attachment 74130 - Click to enlarge]

I allowed that and entered in the newly generated token and that seems to have worked, running through keysdb.net.


[Attachment 74131 - Click to enlarge]

Will that be enough with my local CDM, or would I need to add in your script somewhere into my l3.py workflow if I'm using that method to generate the keys?

[Stoc]

there is also this https://integration.widevine.com/diagnostics

I tried all my best but I swear that this tool always gives the wrong pssh, I also tried to get a correct PSSH knowing it already but I couldn't get any good result. I'm not sure what I'm doing wrong but I really miss the axinom tool that was working flawless.

[ridibunda]

there is also this https://integration.widevine.com/diagnostics

I tried all my best but I swear that this tool always gives the wrong pssh, I also tried to get a correct PSSH knowing it already but I couldn't get any good result. I'm not sure what I'm doing wrong but I really miss the axinom tool that was working flawless.

Same here.

That site is giving false PSSH values.

[axemanozh]

there is also this https://integration.widevine.com/diagnostics

I tried all my best but I swear that this tool always gives the wrong pssh, I also tried to get a correct PSSH knowing it already but I couldn't get any good result. I'm not sure what I'm doing wrong but I really miss the axinom tool that was working flawless.

Same here.

That site is giving false PSSH values.

Yeah, it ended up not working for me either. I've been using method 3 (the EME script logger and converting using the base64.guru site) from the "How to find PSSH" link in your signature, which works for me.

[pteque]

A possible alternative to the Axinom PSSH tools:

https://emarsden.github.io/pssh-box-wasm/generate/

and to decode a PSSH, https://emarsden.github.io/pssh-box-wasm/decode/

[axemanozh]

A possible alternative to the Axinom PSSH tools:

https://emarsden.github.io/pssh-box-wasm/generate/

and to decode a PSSH, https://emarsden.github.io/pssh-box-wasm/decode/

That looks interesting. I'll definitely give that a try.

[ElCap]

A possible alternative to the Axinom PSSH tools:

https://emarsden.github.io/pssh-box-wasm/generate/

and to decode a PSSH, https://emarsden.github.io/pssh-box-wasm/decode/

that looked promising but it generates a v1 pssh not a v0 pssh which causes issues in some cases.
the decode function works well though

this python script works to generate the pssh using different inputs including kid
https://github.com/shaka-project/shaka-packager/blob/main/packager/tools/pssh/pssh-box.py

Code:

>python pssh-box.py --base64 --widevine-system-id --key-id c0852e3c058fd98c808256f63e85b110
AAAAMnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABISEMCFLjwFj9mMgIJW9j6FsRA=

an alternative simple method to convert kid to pssh is to use this formula and replace <kid> with the kid and then convert from hex to base64

Code:

hex formula: 000000327073736800000000edef8ba979d64acea3c827dcd51d21ed000000121210<kid>

example:

Code:

kid: c0852e3c058fd98c808256f63e85b110
hex: 000000327073736800000000edef8ba979d64acea3c827dcd51d21ed000000121210c0852e3c058fd98c808256f63e85b110
base64 (pssh): AAAAMnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABISEMCFLjwFj9mMgIJW9j6FsRA=

note: this only works for 1 kid and no other inputs like content id, protection etc.

[ridibunda]

Yeah, it ended up not working for me either. I've been using method 3 (the EME script logger and converting using the base64.guru site) from the "How to find PSSH" link in your signature, which works for me.

Glad to see someone taking advantage of that mini-guide.

On a site, EME Logger didn't give me any "init data", and there was only KID in the MPD, and that site gave me false PSSHs in each attempt. How do I know, because WKS always gave me that annoying error "not all data was converted".

After fixing EME-Logger, I got a long init data this time and used the other method. It worked of course.

So I don't need any "KID to PSSH converter tool" for now.

As long as EME Logger and that "converter site" work, I won't beg to Axinom.

[ridibunda]

A possible alternative to the Axinom PSSH tools:

https://emarsden.github.io/pssh-box-wasm/generate/

and to decode a PSSH, https://emarsden.github.io/pssh-box-wasm/decode/

Thanks but needing some clear info.

That tool wants both Key ID and content ID.

As far as I know, KID = Key ID... But what is content ID? And why "Content provider name"?

Protection scheme: cenc (AES-CTR)... Okay, how to fill the rest?

[pteque]

[QUOTE=ridibunda;2725487]

That tool wants both Key ID and content ID.

As far as I know, KID = Key ID... But what is content ID? And why "Content provider name"?

Protection scheme: cenc (AES-CTR)... Okay, how to fill the rest?

Yes, Key ID is the same as KID. The content ID and other fields like Content provider name are all optional (as stated up the top), you can leave them empty in the PSSH generation tool, unless of course the license server checks for special values.

[ridibunda]

That site also gives false PSSH, because WKS says:

unable to parse, unsupported init data format
unable to parse init data
session ID does not exist

I didn't have such errors after using Axinom's tool.

And when I use Eme Logger's data to find PSSH, no error in WKS.

[axemanozh]

A possible alternative to the Axinom PSSH tools:

https://emarsden.github.io/pssh-box-wasm/generate/

and to decode a PSSH, https://emarsden.github.io/pssh-box-wasm/decode/

that looked promising but it generates a v1 pssh not a v0 pssh which causes issues in some cases.
the decode function works well though

this python script works to generate the pssh using different inputs including kid
https://github.com/shaka-project/shaka-packager/blob/main/packager/tools/pssh/pssh-box.py

Code:

>python pssh-box.py --base64 --widevine-system-id --key-id c0852e3c058fd98c808256f63e85b110
AAAAMnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABISEMCFLjwFj9mMgIJW9j6FsRA=

an alternative simple method to convert kid to pssh is to use this formula and replace <kid> with the kid and then convert from hex to base64

Code:

hex formula: 000000327073736800000000edef8ba979d64acea3c827dcd51d21ed000000121210<kid>

example:

Code:

kid: c0852e3c058fd98c808256f63e85b110
hex: 000000327073736800000000edef8ba979d64acea3c827dcd51d21ed000000121210c0852e3c058fd98c808256f63e85b110
base64 (pssh): AAAAMnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABISEMCFLjwFj9mMgIJW9j6FsRA=

note: this only works for 1 kid and no other inputs like content id, protection etc.

I don't know enough about the technical side of it to say it's because of being a v1 vs v0 pssh, but the site does not generate a PSSH that works for me, versus using the EME logger script method.

With the EME logger I get:

Code:

AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADIIARIQx85NsMgUNgmbzhTh9nNqUCIcZXlKaGMzTmxkRWxrSWpvaVRFbFdSVXRGV1NKOQ==

But with the https://emarsden.github.io/ PSSH box generator, I get:

Code:

AAAASHBzc2gBAAAA7e+LqXnWSs6jyCfc1R0h7QAAAAHHzk2wyBQ2CZvOFOH2c2pQAAAAFBIQx85NsMgUNgmbzhTh9nNqUDIA

which does not work in my use case.


[Attachment 77241 - Click to enlarge]

[ElCap]

I don't know enough about the technical side of it to say it's because of being a v1 vs v0 pssh, but the site does not generate a PSSH that works for me, versus using the EME logger script method.

With the EME logger I get:

Code:

AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADIIARIQx85NsMgUNgmbzhTh9nNqUCIcZXlKaGMzTmxkRWxrSWpvaVRFbFdSVXRGV1NKOQ==

But with the https://emarsden.github.io/ PSSH box generator, I get:

Code:

AAAASHBzc2gBAAAA7e+LqXnWSs6jyCfc1R0h7QAAAAHHzk2wyBQ2CZvOFOH2c2pQAAAAFBIQx85NsMgUNgmbzhTh9nNqUDIA

which does not work in my use case.


[Attachment 77241 - Click to enlarge]

your pssh from eme logger is a version 0 pssh which contains both a kid and a content id (use the decoder) so you would need to generate the pssh with the same info to compare.

eg. your pssh

Code:

your pssh: AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADIIARIQx85NsMgUNgmbzhTh9nNqUCIcZXlKaGMzTmxkRWxrSWpvaVRFbFdSVXRGV1NKOQ==

contains

Code:

PSSH data	
WidevinePsshData<
   Aesctr,
   keyid: c7ce4db0c81436099bce14e1f6736a50,
   content_id: 65794a6863334e6c64456c6b496a6f6954456c575255744657534a39
>

unless im doing something wrong, the generator here doesnt seem to work properly when you input a content id.
it requires the content id input as a hex value but then when it generates the pssh, it uses the content id as a text value and converts it to hex again.

so you cant properly test v0 vs v1 with that generator.

with the testing that ive done, the version 1 pssh never works with wks-keys, but im not sure if it works with the pywidevine python module.

You should be trying to get the pssh from the mpd/m3u8/manifest or init data or eme logger first.
Generating the pssh from the key_id should be your last option as lots of streaming sites use more than just the key_id in the pssh - as your example shows

[pteque]

There was a bug in the encoding of the content_id in that browser-based generator, now fixed. It can also now generate v0 PSSH boxes.

Testing with the Bitmovin Art of Motion DRM demo, the PSSH generated when specifying the same key_id, same content_id and Aesctr encryption algorithm leads to the same keys (using pywidevine) as the PSSH included in the manifest. (The base64 encoding of the PSSH boxes are different, probably because the order of fields inside the protobuf-encoded PSSHData is different.)

As ElCap says, the license server may check various fields inside the PSSH, and not only the key_id, so it's good to have a PSSH that is actually used by the service to see which fields are used.

https://emarsden.github.io/pssh-box-wasm/generate/

[ElCap]

There was a bug in the encoding of the content_id in that browser-based generator, now fixed. It can also now generate v0 PSSH boxes.

Testing with the Bitmovin Art of Motion DRM demo, the PSSH generated when specifying the same key_id, same content_id and Aesctr encryption algorithm leads to the same keys (using pywidevine) as the PSSH included in the manifest. (The base64 encoding of the PSSH boxes are different, probably because the order of fields inside the protobuf-encoded PSSHData is different.)

As ElCap says, the license server may check various fields inside the PSSH, and not only the key_id, so it's good to have a PSSH that is actually used by the service to see which fields are used.

https://emarsden.github.io/pssh-box-wasm/generate/

great work, that will be a nice replacement to the axinom tools!

ive been testing the new updates and the hex value "3200" gets appended to the pssh after the key_id or content_id, when the policy field is empty. i think this should be removed if theres no policy.

oh and i dont know if its something thats easy to fix but the generated pssh output box is hard to see when the windows theme is set to dark.

[Attachment 77257 - Click to enlarge]

[pteque]

Hopefully these two problems are now fixed, thanks.

[ElCap]

Hopefully these two problems are now fixed, thanks.

the output box is much better now but it looks like the "3200" is still being appended

[axemanozh]

Just as an update with my test for any who might be interested.

I used the Fetch PSSH Data tool to retrieve information from the init I find in developer tools:


[Attachment 77284 - Click to enlarge]

Then use the keyid and contentid from there in the PSSH Box Generator (leaving all other fields default), to get a PSSH.

Code:

AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADISEMfOTbDIFDYJm84U4fZzalAiHGV5SmhjM05sZEVsa0lqb2lURWxXUlV0RldTSjkyAA==

This is a different PSSH I get then by using the EME script logger method, which is:

Code:

AAAAUnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADIIARIQx85NsMgUNgmbzhTh9nNqUCIcZXlKaGMzTmxkRWxrSWpvaVRFbFdSVXRGV1NKOQ==

However, running both PSSHs through a CDM does yield a decryption key. Not sure why the methods generate different PSSHs, but they both worked for me, nothing that they both did pull up a previously cached key.


[Attachment 77285 - Click to enlarge]

[Attachment 77286 - Click to enlarge]

I'll try another file later tonight or tomorrow and note if I find anything different.