
Security researcher cracks Google's Widevine DRM (L3 only) - jmsflknr
https://www.zdnet.com/article/security-researcher-cracks-googles-widevine-drm-l3-only/
======
jhalstead
The title of this article is "Security researcher cracks Google's Widevine DRM
(L3 only)". That it affects only their L3 streams is an important distinction
I think. The article goes on to explain that, "the hack works only against
Widevine L3 streams, and not L2 and L1, which are the ones that carry high-
quality audio and video data.

Any user who cracks a Widevine L3 stream would only gain access to grainy low-
quality video and lo-fi audio."

~~~
keyme
L3 is the only thing used on desktops.

L1 on desktops requires Intel SGX, however, I haven't ever seen this
implemented in reality. If anyone has seen it, please share.

Otherwise, L1 exists only on Android and iOS, AFAIK.

The article claims that you can't record HD content from Netflix with L3 DRM.
IIRC, that's false. They require L1 only for 4k content.

~~~
Freak_NL
> They require L1 only for 4k content.

Doesn't Netflix support 4k on personal computers exclusively on Windows with
Edge? Does that use L1?

~~~
zamadatix
Netflix on Edge uses Microsoft's own PlayReady 3.0 not Widevine. It does offer
the same DRM level as Widevine L1 though.

------
zb3
In 2017 I was able to decrypt the video (for test only) too, but without
breaking Arxan's whitebox implementation. I was able to retrieve all the state
needeed to regenerate the keystream, then patched google's shaka packager to
use this keystream instead of the one derived from the original key (which I
didn't have) and the decryption was successful. But that was a manual process
just for test - you'd need to load a special kernel module, launch chromium,
then start the video, and so on... But that was in 2017, I guess it'd be
harder to do now

------
Tsubasachan
Widevine hasn't stopped piracy. No DRM ever does. It only inconveniences the
people who want to pay. Trying to watch Netflix on a phone or desktop is
needlessly complicated. Grabbing a torrent is easy.

~~~
Jonnax
Needlessly complicated?

Download the app, sign in and it works.

Piracy has significantly reduced because it's more convenient than torrents.

Don't know what you're talking about.

~~~
Freak_NL
On my Linux desktops, laptops, and HTPC, Netflix refuses to give me anything
better than 720p by design (DRM not good enough to be trusted with better
quality). Netflix is 'good enough' for some light viewing, but any quality
film I'll (hypothetically) download from a source that doesn't bother with
DRM. With a fibreglass connection at home this takes a couple of minutes.

~~~
krzyk
Use [https://addons.mozilla.org/en-
US/firefox/addon/force-1080p-n...](https://addons.mozilla.org/en-
US/firefox/addon/force-1080p-netflix/) and everything is back to normal :) But
still you won't get 4k, for that you need torrents.

------
iofiiiiiiiii
Funny story. On old Samsung devices there was Microsoft PlayReady DRM.
However, it was a random .so library file, with exports defined clear as day
and a completely unguarded API. So you could take a Samsung Note 2, for
example, and if you know the right parameters to give to this API, you could
simply use its DecryptBytes() call to decrypt your movie into any file you
wanted.

Maybe you still can!

------
KoenDG
Google has DRM? Called Widevine?

~~~
zamadatix
Yep, more details in the article if you're curious.

------
A2017U1
Buchanan tweeted he cracked something. It's been hinted that pirates have
cracked widevine for Netflix already. Why is there half a dozen articles on
it? Anyone can tweet claims, show some proof.

POC || gtfo

~~~
keyme
I actually looked at the widevine DLL at some point out of curiosity. It
didn't seem obfuscated in any way. Honestly I think getting the keys to the
encrypted streams out of there is at the difficulty level of an average CTF
challenge. The reason you don't see PoCs, is because it's strictly illegal to
distribute such code. Even the act of reversing this DLL is illegal.

~~~
zb3
In 2017 it was obfuscated using Arxan's "ProtectIT" (you can view the patent)
and did use whitebox cryptography. I didn't look at the dll, but at the .so
file for linux (for fun). I guess it should be harder now

EDIT: If reversing this DLL/so is illegal, how I am supposed to be able to
test for a potential security vulnerability? Not that I can do this, just
wondering...

~~~
bubblethink
>how I am supposed to be able to test for a potential security vulnerability?

You aren't. There were some amendments made to DMCA recently that added a few
more narrow provisions (mainly repairing tractors and such), but I don't think
reverse engineering closed libraries was one of them. In particular, things
close to DRM were not granted. For example, request for exemptions for
tinkering with HDCP or optical drives were denied.

