M6+ / 6play - WV Error 400 - What am i doing wrong ?

[Sowsix]

Hello everyone,

I've read multiple posts on this forum about downloading M6+ (6play) content, but I can't get my Widevine keys.

PSSH :

Code:

AAAAWnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADoIARIQFF6ocSj9Z2CwEOVVrZR67iIkZXlKaGMzTmxkRWxrSWpvaVkyeHBjRjh4TXpBNU56RTNPU0o5

[Attachment 83168 - Click to enlarge]

License URL (tried adding '?specConform=true' at the end):

Code:

https://lic.drmtoday.com/license-proxy-widevine/cenc/

Headers :

Code:

x-dt-auth-token:
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJvcHREYXRhIjoie1wibWVyY2hhbnRcIjpcIm02XCIsXCJzZXNzaW9uSWRcIjpcIm02cmVwbGF5XCIsXCJ1c2VySWRcIjpcImExY2FiNDgxMDUwNzRmNmNiY2QwYTgyY2VmZjc3YzdkXCJ9IiwiY3J0IjoiW3tcImFjY291bnRpbmdJZFwiOlwiXCIsXCJhc3NldElkXCI6XCJjbGlwXzEzMDk3MTc5XCIsXCJvcFwiOntcImNvbmZpZ1wiOntcIkhEXCI6e1wiUGxheVJlYWR5XCI6e1wiYW5hbG9nVmlkZW9PUExcIjoxNTAsXCJjb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6NTAwLFwibWluU0xcIjozMDAwLFwidW5jb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6MzAwfSxcIldpZGV2aW5lTVwiOntcIm1pblNMXCI6NSxcInJlcXVpcmVIRENQXCI6XCJIRENQX1YxXCJ9fSxcIlNEXCI6e1wiUGxheVJlYWR5XCI6e1wiYW5hbG9nVmlkZW9PUExcIjoxMDAsXCJjb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6NTAwLFwibWluU0xcIjoyMDAwLFwidW5jb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6MjUwfSxcIldpZGV2aW5lTVwiOntcIm1pblNMXCI6MSxcInJlcXVpcmVIRENQXCI6XCJIRENQX05PTkVcIn19LFwiVklERU9fQVVESU9cIjp7XCJQbGF5UmVhZHlcIjp7XCJhbmFsb2dWaWRlb09QTFwiOjEwMCxcImNvbXByZXNzZWREaWdpdGFsVmlkZW9PUExcIjo1MDAsXCJtaW5TTFwiOjIwMDAsXCJ1bmNvbXByZXNzZWREaWdpdGFsVmlkZW9PUExcIjoyNTB9LFwiV2lkZXZpbmVNXCI6e1wibWluU0xcIjoxLFwicmVxdWlyZUhEQ1BcIjpcIkhEQ1BfTk9ORVwifX19fSxcIm91dHB1dFByb3RlY3Rpb25cIjp7XCJhbmFsb2d1ZVwiOmZhbHNlLFwiZGlnaXRhbFwiOmZhbHNlLFwiZW5mb3JjZVwiOmZhbHNlfSxcInByb2ZpbGVcIjp7XCJwdXJjaGFzZVwiOnt9fX1dIiwiaWF0IjoxNzMwMTQ0OTcxLCJqdGkiOiJYMmVBRWNZVkhNdityNnhmbVN5RjZnPT0ifQ.5joXp7TRqlGY30V_ItVshVNdhaRvgteeyv8I8ehj36F36Ljj-KxZyBk6nugeeUU6RhbypRCnAKqdQK3DpTXxAw

[Attachment 83169 - Click to enlarge]

But every time I get Error 400:

{"code":400,"error"
,"message":"Wrong headers: while scanning a simple key\n in "", line 2, column 1:\n eyJhbGciOiJIUzUxMiIsInR5cCI6IkpX ... \n ^\ncould not find expected ':'\n in "", line 2, column 1371:\n ... k6nugeeUU6RhbypRCnAKqdQK3DpTXxAw\n ^"}

[Attachment 83172 - Click to enlarge]

I've tried multiple times... what am I doing wrong?
Here's the link : https://www.6play.fr/le-meilleur-patissier-qui-reintegrera-la-tent-p_18057/emission-3-c_13097179

Thanks in advance for your help!

[lomero]

Code:

145ea87128fd6760b010e555ad947aee:efb3033a60e73a21c9b5000b1314f6f8

[aqzs]

I've tried multiple times... what am I doing wrong?
Here's the link : https://www.6play.fr/le-meilleur-patissier-qui-reintegrera-la-tent-p_18057/emission-3-c_13097179

Thanks in advance for your help!

If you don't want to use python script use https://cdrm-project.com/ or WidevineProxy2

Code:

Video url: https://www.6play.fr/le-meilleur-patissier-qui-reintegrera-la-tent-p_18057/emission-3-c_13097179
VIDID:  13097179
mpd_url:  https://lbcdn.6cloud.fr/resource/m6web/s/m6web/output/5/d/5/5d5ea9ed0fc287ed6e1c1fc967f2abcb7c6a236a/static/13097179_af5a4d47a7c03e0990adc8750bc24a9a_web_dash_upTo1080p_1080p_vbr_cae_drm_software.mpd?expiration=1730185271&scheme=https&groups%5B0%5D=m6web&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MzAxNDkyNzAsIm5iZiI6MTczMDE0OTI3MCwiZXhwIjoxNzMwMTg1MjcxLCJyX2hhc2giOiI3NTBlZjg3M2NlNDFkODc2MDEyNTViYTE4Mzg0MTUxYTYyZjM5MzY2In0.WDBLqddbZaDNTbP1GKgvgqKAEeSbYqS-ifoecQc2Vs0
pssh:  AAAAWnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADoIARIQFF6ocSj9Z2CwEOVVrZR67iIkZXlKaGMzTmxkRWxrSWpvaVkyeHBjRjh4TXpBNU56RTNPU0o5
keys:  ['145ea87128fd6760b010e555ad947aee:efb3033a60e73a21c9b5000b1314f6f8']

N_m3u8DL-RE "https://lbcdn.6cloud.fr/resource/m6web/s/m6web/output/5/d/5/5d5ea9ed0fc287ed6e1c1fc967f2abcb7c6a236a/static/13097179_af5a4d47a7c03e0990adc8750bc24a9a_web_dash_upTo1080p_1080p_vbr_cae_drm_software.mpd?expiration=1730185271&scheme=https&groups%5B0%5D=m6web&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MzAxNDkyNzAsIm5iZiI6MTczMDE0OTI3MCwiZXhwIjoxNzMwMTg1MjcxLCJyX2hhc2giOiI3NTBlZjg3M2NlNDFkODc2MDEyNTViYTE4Mzg0MTUxYTYyZjM5MzY2In0.WDBLqddbZaDNTbP1GKgvgqKAEeSbYqS-ifoecQc2Vs0" --save-name "Le.meilleur.patissier.qui.reintegrera.la.tente.Episode.3" --select-video best --select-audio all --select-subtitle all -mt -M format=mkv  --log-level OFF --key 145ea87128fd6760b010e555ad947aee:efb3033a60e73a21c9b5000b1314f6f8

Download link : https://gofile.io/d/cInURg

[Sowsix]

I finally succeeded! Chrome was copying the headers with a newline that I replaced with a space (after x-dt-auth-token, and now it works...! Sorry for the unnecessary post!

[YoBruce45]

Sorry folks but I am afraid i have to raise the same question, getting nuts here..

I want to download:
https://www.m6.fr/pokemon-p_17017/le-match-tant-attendu-c_13079898 (as an exemple)

Fetched the PSSH from the .mpd:
AAAAWnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADoIARIQMC Umzy9beLFafAnmT4zARyIkZXlKaGMzTmxkRWxrSWpvaVkyeHBj Rjh4TXpBM09UZzVPQ0o5

Fetched the Token from the headers of the lic-url:

[Attachment 84722 - Click to enlarge]

which i then paste in the following script, after having obtained the headers+requests from curlconverter:

Code:

from pywidevine.pssh import PSSH
import requests, xmltodict, json, re

TOKEN  = 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJvcHREYXRhIjoie1wibWVyY2hhbnRcIj[.....]kfwr-UKFotbEAQMtj1tGUisfBIgVo6mxdutv-8i8U9isCP9uwOHMYDRrzw8hX-ca70dgg'
pssh = "AAAAWnBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADoIARIQMCUmzy9beLFafAnmT4zARyIkZXlKaGMzTmxkRWxrSWpvaVkyeHBjRjh4TXpBM09UZzVPQ0o5"

def getkeys(pssh):
    pssh = PSSH(pssh)
    device = Device.load("1932234498.wvd")
    cdm = Cdm.from_device(device)
    session_id = cdm.open()
    challenge = cdm.get_license_challenge(session_id, pssh)

    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0',
        'Accept': '*/*',
        'Accept-Language': 'en-US,en;q=0.5',
        # 'Accept-Encoding': 'gzip, deflate, br, zstd',
        'Referer': 'https://www.m6.fr/',
        'x-dt-auth-token':TOKEN,
        'Origin': 'https://www.m6.fr',
        'DNT': '1',
        'Sec-GPC': '1',
        'Connection': 'keep-alive',
        'Sec-Fetch-Dest': 'empty',
        'Sec-Fetch-Mode': 'cors',
        'Sec-Fetch-Site': 'cross-site',
        'Priority': 'u=4',
        'Content-Type': 'application/x-www-form-urlencoded',
    }

    licence = requests.post('https://lic.drmtoday.com/license-proxy-widevine/cenc/', headers=headers, data=challenge)

    licence.raise_for_status()
    cdm.parse_license(session_id, licence.content)
    keys = []
    for key in cdm.get_keys(session_id):
        if key.type == 'CONTENT':
            keys.append(f"{key.kid.hex}:{key.key.hex()}")
    cdm.close(session_id)

    keyString = ""
    for key in keys:
        keyString += "--key " + str(key) + " "
    return keyString

getkeys(pssh)

Unfortunately always the same result:

raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: for url: https://lic.drmtoday.com/license-proxy-widevine/cenc/


I have tried following, after having read some posts:
- getting a very fresh token (since it seems to expire very quick) ->no help
- tried adding '?specConform=true' at the end of the URL -> no help
- try with https://cdrm-project.com/ : also there I am getting an error
- try to comment out everything in the headers (except the Token of course) -> no help

What am i doing wrong??

I would really appreciate any hint ^^

[Obo]

Did you deliberately shorten the token with [.....] or is it an oversight/copy-past error?

[YoBruce45]

yes deliberately
I paste it either from Firefox DevTool directly, or got the whole header with curlconverter..
Same results..
Thx in advance !

[shellcmd]

where you got the CDM? maybe it blacklist by DRM today. try change to another one. and you don't need all headers from browser, just keep 'x-dt-auth-token': TOKEN, part and drop other headers.

if still not work, try browser extension likes widevine proxy2

[YoBruce45]

I've got my CDM from https://forum.videohelp.com/threads/413719-Ready-to-use-CDMs-available-here%21 and it works on other DRM protected websites..

When i comment everything out (except the Token), same result..

Please note that i use this script to get keys for TF1 and Audio and it works ..

[shellcmd]

it works on other sites not 100% works on drm today. and you can print licence.text to see the error response details.

[YoBruce45]

license.text gives:
!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 – Bad Request</h1></body></html>


not really helpful?

[shellcmd]

I believe you copy and paste x-dt-auth-token correct and fast enough, so I think it most probably CDM issue.

try search some real device CDM on the forum.

[Obo]

What does the payload of the license request look like? Pure binary data or JSON object or form request? The Content-Type header in your script makes me guess the latter - if that's the case you might have to change the script a little bit. (You might want to look at A_n_g_e_l_a's AllHellGui how she does it.)

You probably need to change the license request to something like (copied from my own code, so variables might not match your code; license_context_data is the "--data-raw" payload from curl converter):

Code:

    challenge = cdm.get_license_challenge(session_id, pssh)
    if license_context_data:
        # rte.ie sends license challenge as JSON object
        if match := re.search(r'"(CAES.*?)"', license_context_data):
            challenge = license_context_data.replace(match.group(1), base64.b64encode(challenge).decode())
        elif match := re.search(r'=(CAES.*?)(&.*)?$', license_context_data):
            b64challenge = base64.b64encode(challenge).decode()
            quoted = urllib.parse.quote_plus(b64challenge)
            challenge = license_context_data.replace(match.group(1), quoted)

    # send license challenge (assuming a generic license server SDK with no API front)
    license = requests.post(url=license_url, data=challenge, headers=license_headers)

[ddll2]

Code:

--key 302526cf2f5b78b15a7c09e64f8cc047:1a8457e22ba53c34d75ce35aa6b6422d

use Firefox and WidevineProxy2 and you can sleep peacefully

[YoBruce45]

thx but I'd like to manage it on my own

Aqzs posted a similar code here https://forum.videohelp.com/threads/414459-Help-me-to-download-drm-video-on-6play#post2734846

and the license request looks straight ahead (= without license_context_data check...)

are you sure this cannot work with the CDM found on the forum ?

[Obo]

Post the complete license request in curl syntax; you can shorten the token for privacy, then we'll know. If WidevineProxy2 does the job, your script can do as well.

@aqzs has the additional "?specConform=true" in the license url. This might as well make a difference.

[YoBruce45]

This is the POSIX curl request i get after copy from DevTop in POSIX and pasting in curlconverter.
I deleted data, since i replaced it by data=challenge in my script, and shorten my token for privacy.
THe rest is identical.
ps: tried also "?specConform=true" but did not change anything ..
Thanks for your time !

Code:

headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0',
    'Accept': '*/*',
    'Accept-Language': 'en-US,en;q=0.5',
    # 'Accept-Encoding': 'gzip, deflate, br, zstd',
    'Referer': 'https://www.m6.fr/',
    'x-dt-auth-token': 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJvc[.....]pbmdJZFwiOlwiXCIsXCJhc3NldElkXCI6XCJjbGlwXzEzMDY0MTQ1XCIsXCJvcFwiOntcImNvbmZpZ1wiOntcIkhEXCI6e1wiUGxheVJlYWR5XCI6e1wiYW5hbG9nVmlkZW9PUExcIjoxNTAsXCJjb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6NTAwLFwibWluU0xcIjozMDAwLFwidW5jb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6MzAwfSxcIldpZGV2aW5lTVwiOntcIm1pblNMXCI6NSxcInJlcXVpcmVIRENQXCI6XCJIRENQX1YxXCJ9fSxcIlNEXCI6e1wiUGxheVJlYWR5XCI6e1wiYW5hbG9nVmlkZW9PUExcIjoxMDAsXCJjb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6NTAwLFwibWluU0xcIjoyMDAwLFwidW5jb21wcmVzc2VkRGlnaXRhbFZpZGVvT1BMXCI6MjUwfSxcIldpZGV2aW5lTVwiOntcIm1pblNMXCI6MSxcInJlcXVpcmVIRENQXCI6XCJIRENQX05PTkVcIn19LFwiVklERU9fQVVESU9cIjp7XCJQbGF5UmVhZHlcIjp7XCJhbmFsb2dWaWRlb09QTFwiOjEwMCxcImNvbXByZXNzZWREaWdpdGFsVmlkZW9PUExcIjo1MDAsXCJtaW5TTFwiOjIwMDAsXCJ1bmNvbXByZXNzZWREaWdpdGFsVmlkZW9PUExcIjoyNTB9LFwiV2lkZXZpbmVNXCI6e1wibWluU0xcIjoxLFwicmVxdWlyZUhEQ1BcIjpcIkhEQ1BfTk9ORVwifX19fSxcIm91dHB1dFByb3RlY3Rpb25cIjp7XCJhbmFsb2d1ZVwiOmZhbHNlLFwiZGlnaXRhbFwiOmZhbHNlLFwiZW5mb3JjZVwiOmZhbHNlfSxcInByb2ZpbGVcIjp7XCJwdXJjaGFzZVwiOnt9fX1dIiwiaWF0IjoxNzM2NTI3NTQ5LCJqdGkiOiJyemQ5R1JUemg4L0FiQm9nQzNxclZnPT0ifQ.u0gr_FRlhDCtma7mutjt0hQfTaDJ65rQkAWn3b9D_inzR_575TEbazgRvkc1wTBASXTxVUEtx_qbjzlSp1U_7w',
    'Origin': 'https://www.m6.fr',
    'DNT': '1',
    'Sec-GPC': '1',
    'Connection': 'keep-alive',
    'Sec-Fetch-Dest': 'empty',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Site': 'cross-site',
    'Priority': 'u=4',
    'Content-Type': 'application/x-www-form-urlencoded',
}

data = '\b\x01\x12\x9c,\......

response = requests.post('https://lic.drmtoday.com/license-proxy-widevine/cenc/', headers=headers, data=data)

[Obo]

Your script should work. x-dt-token expire quite quickly, you have to be fast to copy-paste it to your code an run the script.

[YoBruce45]

what does quite quickly means exactly ^^

I make it within 15s

Good to know in general that my script looks good

[Obo]

That's probably fast enough

[YoBruce45]

I guess i found the root cause.. it was a combination of two problems apparently:
1) Indeed, i needed "?specConform=true" at the end of my request
2) it turns out that the DevTool of Firefox truncates the token, whereas Chromes displays it integrally (crazy isnt it?)
Left: Chrome, right: Firefox:

[Attachment 84742 - Click to enlarge]

[Obo]

In Firefox copy the request as curl command, that will copy everything including the whole token.