
Widevine L3 DRM Vulnerable to DFA - zkitx
https://twitter.com/David3141593/status/1080606827384131590
======
phh
Can someone check if I'm understanding the consequences of this correctly?

It seems to me there are close to none (it's still very interesting
nonetheless. I wasn't aware of DFA): \- You still need to have the right to
view the video \- You still need to run proprietary widevine blob once per
file to extract AES key \- You already could extract the encrypted file
before, by simply looking like an hardware codec, in which case this fake
codec

So for "pirates", who shares the files, it doesn't change anything, because
they already extracted the files For standard users, they still need the
proprietary blob anyway.

It could be a little bit interesting for foreign architectures (like RISC-V)
with no widevine L3 proprietary blobs, which would be able to run the AES key
extractor in qemu, then decipher using native instructions.

~~~
Ambroos
If it becomes possible to get the key and decrypt content in a user-friendly
package, it enables downloading of content from smaller providers that
currently isn't pirated widely.

I used to work for a commercial Belgian broadcaster that puts almost
everything they broadcast online for 7 to 30 days after broadcast, and heavily
uses Widevine L3 (along with PlayReady and FairPlay). Their content isn't
popular enough to be widely pirated, but before only offering DRM'ed streams
episodes would often hit YouTube as soon as they were put online. The
broadcaster isn't big enough to be targeted by 'professional' pirates.

If users once again get the opportunity to use simple downloader
apps/extensions to get unencrypted video files, it's going to mean either a
revenue loss for the broadcaster (as people will go to YouTube to watch ad-
free variants), or users will lose access to content on devices that don't
support Widevine L1 (which is unlikely to happen as it'd exclude Chrome, for
example).

------
huxflux
@David3141593 Soooo, after a few evenings of work, I've 100% broken Widevine
L3 DRM. Their Whitebox AES-128 implementation is vulnerable to the well-
studied DFA attack, which can be used to recover the original key. Then you
can decrypt the MPEG-CENC streams with plain old ffmpeg...

